kopia lustrzana https://github.com/ryukoposting/Signal-Android
Replace spongy with libsignal x509 generation for device transfer.
Cody Henthorne
GitHub
rodzic
6770d21cf7
commit
11df2bc51f
|
|
@ -378,18 +378,6 @@ dependencyVerification {
|
||||||
['com.klinkerapps:logger:1.0.3',
|
['com.klinkerapps:logger:1.0.3',
|
||||||
'177e325259a8b111ad6745ec10db5861723c99f402222b80629f576f49408541'],
|
'177e325259a8b111ad6745ec10db5861723c99f402222b80629f576f49408541'],
|
||||||
|
|
||||||
['com.madgag.spongycastle:core:1.58.0.0',
|
|
||||||
'199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728'],
|
|
||||||
|
|
||||||
['com.madgag.spongycastle:pg:1.54.0.0',
|
|
||||||
'3f1011ec280c51434dd94396ec25c8d7876d861c0fb1fa9ae70824eddcda2f8f'],
|
|
||||||
|
|
||||||
['com.madgag.spongycastle:pkix:1.54.0.0',
|
|
||||||
'721a302f5ce18bf6fff89d514ef224c37b5dd9ca67a16b56fafaea4b24a51482'],
|
|
||||||
|
|
||||||
['com.madgag.spongycastle:prov:1.58.0.0',
|
|
||||||
'092fd09e7006b0814980513b013d4c2b3ffd24a49a635ab4b2d204bb51af1727'],
|
|
||||||
|
|
||||||
['com.makeramen:roundedimageview:2.1.0',
|
['com.makeramen:roundedimageview:2.1.0',
|
||||||
'1f5a1865796b308c6cdd114acc6e78408b110f0a62fc63553278fbeacd489cd1'],
|
'1f5a1865796b308c6cdd114acc6e78408b110f0a62fc63553278fbeacd489cd1'],
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -13,7 +13,6 @@ android {
|
||||||
defaultConfig {
|
defaultConfig {
|
||||||
minSdkVersion MINIMUM_SDK
|
minSdkVersion MINIMUM_SDK
|
||||||
targetSdkVersion TARGET_SDK
|
targetSdkVersion TARGET_SDK
|
||||||
consumerProguardFiles 'lib-proguard-rules.pro'
|
|
||||||
}
|
}
|
||||||
|
|
||||||
compileOptions {
|
compileOptions {
|
||||||
|
|
@ -29,16 +28,7 @@ dependencyVerification {
|
||||||
dependencies {
|
dependencies {
|
||||||
implementation 'androidx.appcompat:appcompat:1.2.0'
|
implementation 'androidx.appcompat:appcompat:1.2.0'
|
||||||
implementation project(':core-util')
|
implementation project(':core-util')
|
||||||
implementation 'com.madgag.spongycastle:core:1.58.0.0'
|
implementation 'org.whispersystems:signal-client-java:0.5.1'
|
||||||
implementation('com.madgag.spongycastle:prov:1.58.0.0') {
|
|
||||||
exclude group: 'junit'
|
|
||||||
}
|
|
||||||
implementation('com.madgag.spongycastle:pkix:1.54.0.0') {
|
|
||||||
exclude group: 'junit'
|
|
||||||
}
|
|
||||||
implementation('com.madgag.spongycastle:pg:1.54.0.0') {
|
|
||||||
exclude group: 'junit'
|
|
||||||
}
|
|
||||||
api 'org.greenrobot:eventbus:3.0.0'
|
api 'org.greenrobot:eventbus:3.0.0'
|
||||||
|
|
||||||
testImplementation 'junit:junit:4.12'
|
testImplementation 'junit:junit:4.12'
|
||||||
|
|
|
||||||
|
|
@ -1,8 +0,0 @@
|
||||||
-keep class org.spongycastle.jcajce.provider.digest.SHA256** {*;}
|
|
||||||
-keepclassmembers class org.spongycastle.jcajce.provider.digest.SHA256** {*;}
|
|
||||||
|
|
||||||
-keep class org.spongycastle.jcajce.provider.asymmetric.RSA**
|
|
||||||
-keepclassmembers class org.spongycastle.jcajce.provider.asymmetric.RSA** {*;}
|
|
||||||
|
|
||||||
-keep class org.spongycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi** {*;}
|
|
||||||
-keepclassmembers class org.spongycastle.jcajce.provider.asymmetric.rsa.DigestSignatureSpi** {*;}
|
|
||||||
|
|
@ -3,32 +3,22 @@ package org.signal.devicetransfer;
|
||||||
import androidx.annotation.NonNull;
|
import androidx.annotation.NonNull;
|
||||||
import androidx.annotation.Nullable;
|
import androidx.annotation.Nullable;
|
||||||
|
|
||||||
import org.spongycastle.asn1.x500.X500Name;
|
import org.signal.libsignal.devicetransfer.DeviceTransferKey;
|
||||||
import org.spongycastle.asn1.x500.X500NameBuilder;
|
|
||||||
import org.spongycastle.asn1.x500.style.BCStyle;
|
|
||||||
import org.spongycastle.asn1.x509.SubjectPublicKeyInfo;
|
|
||||||
import org.spongycastle.cert.X509CertificateHolder;
|
|
||||||
import org.spongycastle.cert.X509v3CertificateBuilder;
|
|
||||||
import org.spongycastle.jce.provider.BouncyCastleProvider;
|
|
||||||
import org.spongycastle.operator.ContentSigner;
|
|
||||||
import org.spongycastle.operator.OperatorCreationException;
|
|
||||||
import org.spongycastle.operator.jcajce.JcaContentSignerBuilder;
|
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.math.BigInteger;
|
|
||||||
import java.security.GeneralSecurityException;
|
import java.security.GeneralSecurityException;
|
||||||
import java.security.KeyPair;
|
import java.security.KeyFactory;
|
||||||
import java.security.KeyPairGenerator;
|
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.security.PrivateKey;
|
import java.security.PrivateKey;
|
||||||
import java.security.SecureRandom;
|
import java.security.SecureRandom;
|
||||||
import java.security.Security;
|
|
||||||
import java.security.cert.Certificate;
|
import java.security.cert.Certificate;
|
||||||
import java.security.cert.CertificateException;
|
import java.security.cert.CertificateException;
|
||||||
import java.security.cert.CertificateFactory;
|
import java.security.cert.CertificateFactory;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.Date;
|
import java.security.spec.InvalidKeySpecException;
|
||||||
|
import java.security.spec.PKCS8EncodedKeySpec;
|
||||||
|
|
||||||
import javax.net.ssl.KeyManagerFactory;
|
import javax.net.ssl.KeyManagerFactory;
|
||||||
import javax.net.ssl.SSLContext;
|
import javax.net.ssl.SSLContext;
|
||||||
|
|
@ -43,24 +33,19 @@ import javax.net.ssl.X509TrustManager;
|
||||||
final class SelfSignedIdentity {
|
final class SelfSignedIdentity {
|
||||||
|
|
||||||
private static final String KEY_GENERATION_ALGORITHM = "RSA";
|
private static final String KEY_GENERATION_ALGORITHM = "RSA";
|
||||||
private static final int KEY_SIZE = 4096;
|
|
||||||
private static final String SSL_CONTEXT_PROTOCOL = "TLS";
|
private static final String SSL_CONTEXT_PROTOCOL = "TLS";
|
||||||
private static final String CERTIFICATE_TYPE = "X509";
|
private static final String CERTIFICATE_TYPE = "X509";
|
||||||
private static final String KEYSTORE_TYPE = "BKS";
|
private static final String KEYSTORE_TYPE = "BKS";
|
||||||
private static final String SIGNATURE_ALGORITHM = "SHA256WithRSAEncryption";
|
|
||||||
|
|
||||||
private SelfSignedIdentity() { }
|
private SelfSignedIdentity() { }
|
||||||
|
|
||||||
public static @NonNull SelfSignedKeys create() throws KeyGenerationFailedException {
|
public static @NonNull SelfSignedKeys create() throws KeyGenerationFailedException {
|
||||||
try {
|
try {
|
||||||
KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance(KEY_GENERATION_ALGORITHM);
|
DeviceTransferKey key = new DeviceTransferKey();
|
||||||
keyPairGenerator.initialize(KEY_SIZE);
|
byte[] x509 = key.generateCertificate("SignalTransfer", 1);
|
||||||
|
PrivateKey privateKey = KeyFactory.getInstance(KEY_GENERATION_ALGORITHM).generatePrivate(new PKCS8EncodedKeySpec(key.keyMaterial()));
|
||||||
KeyPair keyPair = keyPairGenerator.generateKeyPair();
|
return new SelfSignedKeys(x509, privateKey);
|
||||||
X509CertificateHolder x509 = createX509(keyPair);
|
} catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
|
||||||
|
|
||||||
return new SelfSignedKeys(x509.getEncoded(), keyPair.getPrivate());
|
|
||||||
} catch (GeneralSecurityException | OperatorCreationException | IOException e) {
|
|
||||||
throw new KeyGenerationFailedException(e);
|
throw new KeyGenerationFailedException(e);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
@ -73,7 +58,7 @@ final class SelfSignedIdentity {
|
||||||
|
|
||||||
KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
|
KeyStore keyStore = KeyStore.getInstance(KEYSTORE_TYPE);
|
||||||
keyStore.load(null);
|
keyStore.load(null);
|
||||||
keyStore.setKeyEntry("client", keys.getPrivateKey(), null, new Certificate[]{certificate});
|
keyStore.setKeyEntry("client", keys.getPrivateKey(), null, new Certificate[] { certificate });
|
||||||
|
|
||||||
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
KeyManagerFactory keyManagerFactory = KeyManagerFactory.getInstance(KeyManagerFactory.getDefaultAlgorithm());
|
||||||
keyManagerFactory.init(keyStore, null);
|
keyManagerFactory.init(keyStore, null);
|
||||||
|
|
@ -88,40 +73,10 @@ final class SelfSignedIdentity {
|
||||||
throws GeneralSecurityException
|
throws GeneralSecurityException
|
||||||
{
|
{
|
||||||
SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_PROTOCOL);
|
SSLContext sslContext = SSLContext.getInstance(SSL_CONTEXT_PROTOCOL);
|
||||||
sslContext.init(null, new TrustManager[]{trustManager}, new SecureRandom());
|
sslContext.init(null, new TrustManager[] { trustManager }, new SecureRandom());
|
||||||
return sslContext.getSocketFactory();
|
return sslContext.getSocketFactory();
|
||||||
}
|
}
|
||||||
|
|
||||||
private static @NonNull X509CertificateHolder createX509(@NonNull KeyPair keyPair) throws OperatorCreationException {
|
|
||||||
Date startDate = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000);
|
|
||||||
Date endDate = new Date(System.currentTimeMillis() + 24 * 60 * 60 * 1000);
|
|
||||||
|
|
||||||
X500NameBuilder nameBuilder = new X500NameBuilder(BCStyle.INSTANCE);
|
|
||||||
nameBuilder.addRDN(BCStyle.C, "United States");
|
|
||||||
nameBuilder.addRDN(BCStyle.ST, "California");
|
|
||||||
nameBuilder.addRDN(BCStyle.L, "San Francisco");
|
|
||||||
nameBuilder.addRDN(BCStyle.O, "Signal Foundation");
|
|
||||||
nameBuilder.addRDN(BCStyle.CN, "SignalTransfer");
|
|
||||||
|
|
||||||
X500Name x500Name = nameBuilder.build();
|
|
||||||
BigInteger serialNumber = BigInteger.valueOf(new SecureRandom().nextLong()).abs();
|
|
||||||
SubjectPublicKeyInfo subjectPublicKeyInfo = SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
|
|
||||||
|
|
||||||
X509v3CertificateBuilder certificateBuilder = new X509v3CertificateBuilder(x500Name,
|
|
||||||
serialNumber,
|
|
||||||
startDate,
|
|
||||||
endDate,
|
|
||||||
x500Name,
|
|
||||||
subjectPublicKeyInfo);
|
|
||||||
|
|
||||||
Security.addProvider(new BouncyCastleProvider());
|
|
||||||
ContentSigner signer = new JcaContentSignerBuilder(SIGNATURE_ALGORITHM).setProvider(BouncyCastleProvider.PROVIDER_NAME)
|
|
||||||
.build(keyPair.getPrivate());
|
|
||||||
Security.removeProvider(BouncyCastleProvider.PROVIDER_NAME);
|
|
||||||
|
|
||||||
return certificateBuilder.build(signer);
|
|
||||||
}
|
|
||||||
|
|
||||||
static final class SelfSignedKeys {
|
static final class SelfSignedKeys {
|
||||||
private final byte[] x509Encoded;
|
private final byte[] x509Encoded;
|
||||||
private final PrivateKey privateKey;
|
private final PrivateKey privateKey;
|
||||||
|
|
|
||||||
|
|
@ -78,19 +78,10 @@ dependencyVerification {
|
||||||
['com.google.protobuf:protobuf-javalite:3.10.0',
|
['com.google.protobuf:protobuf-javalite:3.10.0',
|
||||||
'215a94dbe100130295906b531bb72a26965c7ac8fcd9a75bf8054a8ac2abf4b4'],
|
'215a94dbe100130295906b531bb72a26965c7ac8fcd9a75bf8054a8ac2abf4b4'],
|
||||||
|
|
||||||
['com.madgag.spongycastle:core:1.58.0.0',
|
|
||||||
'199617dd5698c5a9312b898c0a4cec7ce9dd8649d07f65d91629f58229d72728'],
|
|
||||||
|
|
||||||
['com.madgag.spongycastle:pg:1.54.0.0',
|
|
||||||
'3f1011ec280c51434dd94396ec25c8d7876d861c0fb1fa9ae70824eddcda2f8f'],
|
|
||||||
|
|
||||||
['com.madgag.spongycastle:pkix:1.54.0.0',
|
|
||||||
'721a302f5ce18bf6fff89d514ef224c37b5dd9ca67a16b56fafaea4b24a51482'],
|
|
||||||
|
|
||||||
['com.madgag.spongycastle:prov:1.58.0.0',
|
|
||||||
'092fd09e7006b0814980513b013d4c2b3ffd24a49a635ab4b2d204bb51af1727'],
|
|
||||||
|
|
||||||
['org.greenrobot:eventbus:3.0.0',
|
['org.greenrobot:eventbus:3.0.0',
|
||||||
'180d4212467df06f2fbc9c8d8a2984533ac79c87769ad883bc421612f0b4e17c'],
|
'180d4212467df06f2fbc9c8d8a2984533ac79c87769ad883bc421612f0b4e17c'],
|
||||||
|
|
||||||
|
['org.whispersystems:signal-client-java:0.5.1',
|
||||||
|
'682a8094d38a91c8759071b77177ed8196a7137314fdfbb17e819c9ca57a0397'],
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Ładowanie…
Reference in New Issue