From 6feef15a3be4e77eefd60a188c36de184135740b Mon Sep 17 00:00:00 2001 From: marcin-cebo <102806110+marcin-cebo@users.noreply.github.com> Date: Mon, 16 Oct 2023 12:53:53 +0200 Subject: [PATCH] Used new CryptoModule from kotlin SDK. (#280) fix: Improve security of crypto implementation. Improved security of crypto implementation by adding enhanced AES-CBC cryptor feat: Add crypto module Add crypto module that allows configure SDK to encrypt and decrypt messages. --------- Co-authored-by: PubNub Release Bot <120067856+pubnub-release-bot@users.noreply.github.com> --- .pubnub.yml | 19 +- CHANGELOG.md | 9 + LICENSE | 48 +-- README.md | 4 +- build.gradle | 2 +- gradle.properties | 2 +- .../integration/HistoryIntegrationTest.java | 14 +- .../java/com/pubnub/api/PNConfiguration.java | 39 +- src/main/java/com/pubnub/api/PubNub.java | 49 ++- .../com/pubnub/api/crypto/CryptoModule.kt | 201 ++++++++++ .../api/crypto/cryptor/AesCbcCryptor.kt | 126 +++++++ .../com/pubnub/api/crypto/cryptor/Cryptor.kt | 13 + .../api/crypto/cryptor/CryptorHeader.kt | 38 ++ .../crypto/cryptor/CryptorHeaderVersion.kt | 11 + .../pubnub/api/crypto/cryptor/HeaderParser.kt | 189 ++++++++++ .../crypto/cryptor/InputStreamSeparator.kt | 41 ++ .../api/crypto/cryptor/LegacyCryptor.kt | 216 +++++++++++ .../pubnub/api/crypto/data/EncryptedData.kt | 6 + .../api/crypto/data/EncryptedStreamData.kt | 8 + .../api/crypto/exception/PubNubError.kt | 234 ++++++++++++ .../api/crypto/exception/PubNubException.kt | 26 ++ .../api/crypto/util/FileEncryptionUtilKT.kt | 148 ++++++++ .../pubnub/api/endpoints/FetchMessages.java | 12 +- .../com/pubnub/api/endpoints/History.java | 11 +- .../api/endpoints/files/DownloadFile.java | 15 +- .../endpoints/files/PublishFileMessage.java | 14 +- .../pubnub/api/endpoints/files/SendFile.java | 17 +- .../api/endpoints/files/UploadFile.java | 24 +- .../pubnub/api/endpoints/pubsub/Publish.java | 13 +- .../java/com/pubnub/api/vendor/Crypto.java | 29 -- .../pubnub/api/vendor/FileEncryptionUtil.java | 127 +------ .../workers/SubscribeMessageProcessor.java | 18 +- src/test/java/com/pubnub/api/PubNubTest.java | 2 +- .../api/endpoints/files/SendFileTest.java | 4 +- .../com/pubnub/api/vendor/CryptoTest.java | 50 --- .../com/pubnub/contract/ContractTestConfig.kt | 4 + src/test/java/com/pubnub/contract/Utils.kt | 9 + .../contract/crypto/CryptoModuleState.kt | 16 + .../contract/crypto/CryptoModuleSteps.kt | 212 +++++++++++ .../com/pubnub/api/crypto/CryptoModuleTest.kt | 355 ++++++++++++++++++ .../api/crypto/algorithm/AesCBCCryptorTest.kt | 142 +++++++ .../api/crypto/algorithm/LegacyCryptorTest.kt | 186 +++++++++ .../api/crypto/cryptor/HeaderParserTest.kt | 98 +++++ 43 files changed, 2486 insertions(+), 315 deletions(-) create mode 100644 src/main/java/com/pubnub/api/crypto/CryptoModule.kt create mode 100644 src/main/java/com/pubnub/api/crypto/cryptor/AesCbcCryptor.kt create mode 100644 src/main/java/com/pubnub/api/crypto/cryptor/Cryptor.kt create mode 100644 src/main/java/com/pubnub/api/crypto/cryptor/CryptorHeader.kt create mode 100644 src/main/java/com/pubnub/api/crypto/cryptor/CryptorHeaderVersion.kt create mode 100644 src/main/java/com/pubnub/api/crypto/cryptor/HeaderParser.kt create mode 100644 src/main/java/com/pubnub/api/crypto/cryptor/InputStreamSeparator.kt create mode 100644 src/main/java/com/pubnub/api/crypto/cryptor/LegacyCryptor.kt create mode 100644 src/main/java/com/pubnub/api/crypto/data/EncryptedData.kt create mode 100644 src/main/java/com/pubnub/api/crypto/data/EncryptedStreamData.kt create mode 100644 src/main/java/com/pubnub/api/crypto/exception/PubNubError.kt create mode 100644 src/main/java/com/pubnub/api/crypto/exception/PubNubException.kt create mode 100644 src/main/java/com/pubnub/api/crypto/util/FileEncryptionUtilKT.kt delete mode 100644 src/test/java/com/pubnub/api/vendor/CryptoTest.java create mode 100644 src/test/java/com/pubnub/contract/Utils.kt create mode 100644 src/test/java/com/pubnub/contract/crypto/CryptoModuleState.kt create mode 100644 src/test/java/com/pubnub/contract/crypto/CryptoModuleSteps.kt create mode 100644 src/test/kotlin/com/pubnub/api/crypto/CryptoModuleTest.kt create mode 100644 src/test/kotlin/com/pubnub/api/crypto/algorithm/AesCBCCryptorTest.kt create mode 100644 src/test/kotlin/com/pubnub/api/crypto/algorithm/LegacyCryptorTest.kt create mode 100644 src/test/kotlin/com/pubnub/api/crypto/cryptor/HeaderParserTest.kt diff --git a/.pubnub.yml b/.pubnub.yml index 158b04836..c484d55fe 100644 --- a/.pubnub.yml +++ b/.pubnub.yml @@ -1,9 +1,9 @@ name: java -version: 6.3.6 +version: 6.4.0 schema: 1 scm: github.com/pubnub/java files: - - build/libs/pubnub-gson-6.3.6-all.jar + - build/libs/pubnub-gson-6.4.0-all.jar sdks: - type: library @@ -23,8 +23,8 @@ sdks: - distribution-type: library distribution-repository: GitHub - package-name: pubnub-gson-6.3.6 - location: https://github.com/pubnub/java/releases/download/v6.3.6/pubnub-gson-6.3.6-all.jar + package-name: pubnub-gson-6.4.0 + location: https://github.com/pubnub/java/releases/download/v6.4.0/pubnub-gson-6.4.0-all.jar supported-platforms: supported-operating-systems: Android: @@ -135,8 +135,8 @@ sdks: - distribution-type: library distribution-repository: maven - package-name: pubnub-gson-6.3.6 - location: https://repo.maven.apache.org/maven2/com/pubnub/pubnub-gson/6.3.6/pubnub-gson-6.3.6.jar + package-name: pubnub-gson-6.4.0 + location: https://repo.maven.apache.org/maven2/com/pubnub/pubnub-gson/6.4.0/pubnub-gson-6.4.0.jar supported-platforms: supported-operating-systems: Android: @@ -234,6 +234,13 @@ sdks: is-required: Required changelog: + - date: 2023-10-16 + version: v6.4.0 + changes: + - type: feature + text: "Add crypto module that allows configure SDK to encrypt and decrypt messages." + - type: bug + text: "Improved security of crypto implementation by adding enhanced AES-CBC cryptor." - date: 2023-06-19 version: v6.3.6 changes: diff --git a/CHANGELOG.md b/CHANGELOG.md index 8d50ca36f..c82312dce 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,12 @@ +## v6.4.0 +October 16 2023 + +#### Added +- Add crypto module that allows configure SDK to encrypt and decrypt messages. + +#### Fixed +- Improved security of crypto implementation by adding enhanced AES-CBC cryptor. + ## v6.3.6 June 19 2023 diff --git a/LICENSE b/LICENSE index 3efa3922e..5e1ef1880 100644 --- a/LICENSE +++ b/LICENSE @@ -1,27 +1,29 @@ -PubNub Real-time Cloud-Hosted Push API and Push Notification Client Frameworks -Copyright (c) 2013 PubNub Inc. -http://www.pubnub.com/ -http://www.pubnub.com/terms +PubNub Software Development Kit License Agreement +Copyright © 2023 PubNub Inc. All rights reserved. -Permission is hereby granted, free of charge, to any person obtaining a copy -of this software and associated documentation files (the "Software"), to deal -in the Software without restriction, including without limitation the rights -to use, copy, modify, merge, publish, distribute, sublicense, and/or sell -copies of the Software, and to permit persons to whom the Software is -furnished to do so, subject to the following conditions: +Subject to the terms and conditions of the license, you are hereby granted +a non-exclusive, worldwide, royalty-free license to (a) copy and modify +the software in source code or binary form for use with the software services +and interfaces provided by PubNub, and (b) redistribute unmodified copies +of the software to third parties. The software may not be incorporated in +or used to provide any product or service competitive with the products +and services of PubNub. -The above copyright notice and this permission notice shall be included in -all copies or substantial portions of the Software. +The above copyright notice and this license shall be included +in or with all copies or substantial portions of the software. -THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR -IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, -FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE -AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER -LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, -OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN -THE SOFTWARE. +This license does not grant you permission to use the trade names, trademarks, +service marks, or product names of PubNub, except as required for reasonable +and customary use in describing the origin of the software and reproducing +the content of this license. -PubNub Real-time Cloud-Hosted Push API and Push Notification Client Frameworks -Copyright (c) 2013 PubNub Inc. -http://www.pubnub.com/ -http://www.pubnub.com/terms +THE SOFTWARE IS PROVIDED “AS IS”, WITHOUT WARRANTY OF +ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO +EVENT SHALL PUBNUB OR THE AUTHORS OR COPYRIGHT HOLDERS OF THE SOFTWARE BE +LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF +CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE +SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +https://www.pubnub.com/ +https://www.pubnub.com/terms diff --git a/README.md b/README.md index dea3681b2..352245b22 100644 --- a/README.md +++ b/README.md @@ -22,13 +22,13 @@ You will need the publish and subscribe keys to authenticate your app. Get your com.pubnub pubnub-gson - 6.3.6 + 6.4.0 ``` * for Gradle, add the following dependency in your `gradle.build`: ```groovy - implementation 'com.pubnub:pubnub-gson:6.3.6' + implementation 'com.pubnub:pubnub-gson:6.4.0' ``` 2. Configure your keys: diff --git a/build.gradle b/build.gradle index 8bb6f7634..4872f9a38 100644 --- a/build.gradle +++ b/build.gradle @@ -10,7 +10,7 @@ plugins { } group = 'com.pubnub' -version = '6.3.6' +version = '6.4.0' description = """""" diff --git a/gradle.properties b/gradle.properties index d79d94d5f..8de554250 100644 --- a/gradle.properties +++ b/gradle.properties @@ -3,7 +3,7 @@ SONATYPE_HOST=DEFAULT SONATYPE_AUTOMATIC_RELEASE=true GROUP=com.pubnub POM_ARTIFACT_ID=pubnub-gson -VERSION_NAME=6.3.6 +VERSION_NAME=6.4.0 POM_PACKAGING=jar POM_NAME=PubNub Java SDK diff --git a/src/integrationTest/java/com/pubnub/api/integration/HistoryIntegrationTest.java b/src/integrationTest/java/com/pubnub/api/integration/HistoryIntegrationTest.java index f845d9c17..82f68eebd 100644 --- a/src/integrationTest/java/com/pubnub/api/integration/HistoryIntegrationTest.java +++ b/src/integrationTest/java/com/pubnub/api/integration/HistoryIntegrationTest.java @@ -2,6 +2,7 @@ import com.pubnub.api.PubNub; import com.pubnub.api.PubNubException; +import com.pubnub.api.crypto.CryptoModule; import com.pubnub.api.integration.util.BaseIntegrationTest; import com.pubnub.api.integration.util.RandomGenerator; import com.pubnub.api.models.consumer.PNPublishResult; @@ -312,12 +313,10 @@ public void testFetchSingleChannel_OverflowLimit() throws PubNubException { @Test public void testHistorySingleChannel_IncludeAll_Crypto() throws PubNubException { final String expectedCipherKey = random(); - pubNub.getConfiguration().setCipherKey(expectedCipherKey); + pubNub.getConfiguration().setCryptoModule(CryptoModule.createLegacyCryptoModule(expectedCipherKey, true)); final PubNub observer = getPubNub(); - observer.getConfiguration().setCipherKey(expectedCipherKey); - - assertEquals(pubNub.getConfiguration().getCipherKey(), observer.getConfiguration().getCipherKey()); + observer.getConfiguration().setCryptoModule(CryptoModule.createLegacyCryptoModule(expectedCipherKey, true)); final String expectedChannelName = random(); final int expectedMessageCount = 10; @@ -343,12 +342,11 @@ public void testHistorySingleChannel_IncludeAll_Crypto() throws PubNubException @Test public void testFetchSingleChannel_IncludeAll_Crypto() throws PubNubException { final String expectedCipherKey = random(); - pubNub.getConfiguration().setCipherKey(expectedCipherKey); + pubNub.getConfiguration().setCryptoModule(CryptoModule.createLegacyCryptoModule(expectedCipherKey, false)); final PubNub observer = getPubNub(); - observer.getConfiguration().setCipherKey(expectedCipherKey); + observer.getConfiguration().setCryptoModule(CryptoModule.createLegacyCryptoModule(expectedCipherKey, false)); - assertEquals(pubNub.getConfiguration().getCipherKey(), observer.getConfiguration().getCipherKey()); final String expectedChannelName = random(); final int expectedMessageCount = 10; @@ -379,7 +377,7 @@ public void testFetchSingleChannel_WithActions_IncludeAll_Crypto() throws PubNub final PubNub observer = getPubNub(); observer.getConfiguration().setCipherKey(expectedCipherKey); - assertEquals(pubNub.getConfiguration().getCipherKey(), observer.getConfiguration().getCipherKey()); + assertEquals(pubNub.getConfiguration().getCipherKey(), observer.getConfiguration().getCipherKey()); //todo final String expectedChannelName = random(); final int expectedMessageCount = 10; diff --git a/src/main/java/com/pubnub/api/PNConfiguration.java b/src/main/java/com/pubnub/api/PNConfiguration.java index 825de0a4d..e646c07d6 100644 --- a/src/main/java/com/pubnub/api/PNConfiguration.java +++ b/src/main/java/com/pubnub/api/PNConfiguration.java @@ -1,6 +1,7 @@ package com.pubnub.api; +import com.pubnub.api.crypto.CryptoModule; import com.pubnub.api.enums.PNHeartbeatNotificationOptions; import com.pubnub.api.enums.PNLogVerbosity; import com.pubnub.api.enums.PNReconnectionPolicy; @@ -94,9 +95,40 @@ public class PNConfiguration { */ private String publishKey; private String secretKey; - private String cipherKey; private String authKey; + + /** + * @deprecated Use {@link #cryptoModule} instead. + */ + @Deprecated + private String cipherKey; + + /** + * @deprecated Use {@link #cryptoModule} instead. + */ + @Deprecated + private boolean useRandomInitializationVector; + + /** + * CryptoModule is responsible for handling encryption and decryption. + * If set, all communications to and from PubNub will be encrypted. + */ + private CryptoModule cryptoModule; + + public CryptoModule getCryptoModule() { + if (cryptoModule != null) { + return cryptoModule; + } else { + if (cipherKey != null && !cipherKey.isEmpty()) { + log.warning("cipherKey is deprecated. Use CryptoModule instead"); + return CryptoModule.createLegacyCryptoModule(cipherKey, useRandomInitializationVector); + } else { + return null; + } + } + } + /** * @deprecated Use {@link #getUserId()} instead. */ @@ -110,7 +142,7 @@ public void setUuid(@NotNull String uuid) { this.uuid = uuid; } - public UserId getUserId() { + public UserId getUserId() { return new UserId(this.uuid); } @@ -210,9 +242,6 @@ public void setUserId(@NotNull UserId userId) { private boolean dedupOnSubscribe; @Setter private Integer maximumMessagesCacheSize; - @Setter - private boolean useRandomInitializationVector; - @Setter private int fileMessagePublishRetryLimit; diff --git a/src/main/java/com/pubnub/api/PubNub.java b/src/main/java/com/pubnub/api/PubNub.java index af74b7939..da8c689b7 100644 --- a/src/main/java/com/pubnub/api/PubNub.java +++ b/src/main/java/com/pubnub/api/PubNub.java @@ -5,6 +5,8 @@ import com.pubnub.api.builder.SubscribeBuilder; import com.pubnub.api.builder.UnsubscribeBuilder; import com.pubnub.api.callbacks.SubscribeCallback; +import com.pubnub.api.crypto.CryptoModule; +import com.pubnub.api.crypto.CryptoModuleKt; import com.pubnub.api.endpoints.DeleteMessages; import com.pubnub.api.endpoints.FetchMessages; import com.pubnub.api.endpoints.History; @@ -68,8 +70,6 @@ import com.pubnub.api.managers.token_manager.TokenManager; import com.pubnub.api.managers.token_manager.TokenParser; import com.pubnub.api.models.consumer.access_manager.v3.PNToken; -import com.pubnub.api.vendor.Crypto; -import com.pubnub.api.vendor.FileEncryptionUtil; import lombok.Getter; import org.jetbrains.annotations.NotNull; import org.jetbrains.annotations.Nullable; @@ -105,12 +105,16 @@ public class PubNub { private static final int TIMESTAMP_DIVIDER = 1000; private static final int MAX_SEQUENCE = 65535; - private static final String SDK_VERSION = "6.3.6"; + private static final String SDK_VERSION = "6.4.0"; private final ListenerManager listenerManager; private final StateManager stateManager; private final TokenManager tokenManager; + public CryptoModule getCryptoModule() { + return configuration.getCryptoModule(); + } + public PubNub(@NotNull PNConfiguration initialConfig) { this.configuration = initialConfig; this.mapper = new MapperManager(); @@ -456,8 +460,7 @@ public String decrypt(String inputString) throws PubNubException { if (inputString == null) { throw PubNubException.builder().pubnubError(PubNubErrorBuilder.PNERROBJ_INVALID_ARGUMENTS).build(); } - - return decrypt(inputString, this.getConfiguration().getCipherKey()); + return decrypt(inputString, null); } /** @@ -473,16 +476,33 @@ public String decrypt(String inputString, String cipherKey) throws PubNubExcepti if (inputString == null) { throw PubNubException.builder().pubnubError(PubNubErrorBuilder.PNERROBJ_INVALID_ARGUMENTS).build(); } - boolean dynamicIV = this.getConfiguration().isUseRandomInitializationVector(); - return new Crypto(cipherKey, dynamicIV).decrypt(inputString); + CryptoModule cryptoModule = getCryptoModuleOrThrow(cipherKey); + + return CryptoModuleKt.decryptString(cryptoModule, inputString); + } + + private CryptoModule getCryptoModuleOrThrow(String cipherKey) throws PubNubException { + CryptoModule effectiveCryptoModule; + if (cipherKey != null) { + effectiveCryptoModule = CryptoModule.createLegacyCryptoModule(cipherKey, this.getConfiguration().isUseRandomInitializationVector()); + } else { + CryptoModule cryptoModule = getCryptoModule(); + if (cryptoModule != null) { + effectiveCryptoModule = cryptoModule; + } else { + throw PubNubException.builder().errormsg("Crypto module is not initialized").build(); + } + } + return effectiveCryptoModule; } public InputStream decryptInputStream(InputStream inputStream) throws PubNubException { - return decryptInputStream(inputStream, this.getConfiguration().getCipherKey()); + return decryptInputStream(inputStream, null); } public InputStream decryptInputStream(InputStream inputStream, String cipherKey) throws PubNubException { - return FileEncryptionUtil.decrypt(cipherKey, inputStream); + CryptoModule cryptoModule = getCryptoModuleOrThrow(cipherKey); + return cryptoModule.decryptStream(inputStream); } /** @@ -497,7 +517,7 @@ public String encrypt(String inputString) throws PubNubException { throw PubNubException.builder().pubnubError(PubNubErrorBuilder.PNERROBJ_INVALID_ARGUMENTS).build(); } - return encrypt(inputString, this.getConfiguration().getCipherKey()); + return encrypt(inputString, null); } /** @@ -514,16 +534,17 @@ public String encrypt(String inputString, String cipherKey) throws PubNubExcepti throw PubNubException.builder().pubnubError(PubNubErrorBuilder.PNERROBJ_INVALID_ARGUMENTS).build(); } - boolean dynamicIV = this.getConfiguration().isUseRandomInitializationVector(); - return new Crypto(cipherKey, dynamicIV).encrypt(inputString); + CryptoModule cryptoModule = getCryptoModuleOrThrow(cipherKey); + return CryptoModuleKt.encryptString(cryptoModule, inputString); } public InputStream encryptInputStream(InputStream inputStream) throws PubNubException { - return encryptInputStream(inputStream, this.getConfiguration().getCipherKey()); + return encryptInputStream(inputStream, null); } public InputStream encryptInputStream(InputStream inputStream, String cipherKey) throws PubNubException { - return FileEncryptionUtil.encrypt(cipherKey, inputStream); + CryptoModule cryptoModule = getCryptoModuleOrThrow(cipherKey); + return cryptoModule.encryptStream(inputStream); } public int getTimestamp() { diff --git a/src/main/java/com/pubnub/api/crypto/CryptoModule.kt b/src/main/java/com/pubnub/api/crypto/CryptoModule.kt new file mode 100644 index 000000000..df2f6c834 --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/CryptoModule.kt @@ -0,0 +1,201 @@ +package com.pubnub.api.crypto + +import com.pubnub.api.crypto.cryptor.AesCbcCryptor +import com.pubnub.api.crypto.cryptor.Cryptor +import com.pubnub.api.crypto.cryptor.HeaderParser +import com.pubnub.api.crypto.cryptor.LEGACY_CRYPTOR_ID +import com.pubnub.api.crypto.cryptor.LegacyCryptor +import com.pubnub.api.crypto.cryptor.ParseResult +import com.pubnub.api.crypto.data.EncryptedData +import com.pubnub.api.crypto.data.EncryptedStreamData +import com.pubnub.api.crypto.exception.PubNubError +import com.pubnub.api.crypto.exception.PubNubException +import com.pubnub.api.vendor.Base64 +import java.io.BufferedInputStream +import java.io.InputStream +import java.io.SequenceInputStream +import java.lang.Integer.min + +class CryptoModule internal constructor( + internal val primaryCryptor: Cryptor, + internal val cryptorsForDecryptionOnly: List = listOf(), + internal val headerParser: HeaderParser = HeaderParser() +) { + + companion object { + @JvmStatic + fun createLegacyCryptoModule(cipherKey: String, randomIv: Boolean = true): CryptoModule { + return CryptoModule( + primaryCryptor = LegacyCryptor(cipherKey, randomIv), + cryptorsForDecryptionOnly = listOf(LegacyCryptor(cipherKey, randomIv), AesCbcCryptor(cipherKey)) + ) + } + + @JvmStatic + fun createAesCbcCryptoModule(cipherKey: String, randomIv: Boolean = true): CryptoModule { + return CryptoModule( + primaryCryptor = AesCbcCryptor(cipherKey), + cryptorsForDecryptionOnly = listOf(AesCbcCryptor(cipherKey), LegacyCryptor(cipherKey, randomIv)) + ) + } + + @JvmStatic + fun createNewCryptoModule( + defaultCryptor: Cryptor, + cryptorsForDecryptionOnly: List = listOf() + ): CryptoModule { + return CryptoModule( + primaryCryptor = defaultCryptor, + cryptorsForDecryptionOnly = listOf(defaultCryptor) + cryptorsForDecryptionOnly + ) + } + } + + fun encrypt(data: ByteArray): ByteArray { + validateData(data) + val (metadata, encryptedData) = primaryCryptor.encrypt(data) + + return if (primaryCryptor.id().contentEquals(LEGACY_CRYPTOR_ID)) { + encryptedData + } else { + val cryptorHeader = headerParser.createCryptorHeader(primaryCryptor.id(), metadata) + cryptorHeader + encryptedData + } + } + + fun decrypt(encryptedData: ByteArray): ByteArray { + validateData(encryptedData) + val parsedData: ParseResult = headerParser.parseDataWithHeader(encryptedData) + val decryptedData: ByteArray = when (parsedData) { + is ParseResult.NoHeader -> { + getDecryptedDataForLegacyCryptor(encryptedData) + } + is ParseResult.Success -> { + getDecryptedDataForCryptorWithHeader(parsedData) + } + } + return decryptedData + } + + fun encryptStream(stream: InputStream): InputStream { + val bufferedInputStream = validateStreamAndReturnBuffered(stream) + val (metadata, encryptedData) = primaryCryptor.encryptStream(bufferedInputStream) + return if (primaryCryptor.id().contentEquals(LEGACY_CRYPTOR_ID)) { + encryptedData + } else { + val cryptorHeader: ByteArray = headerParser.createCryptorHeader(primaryCryptor.id(), metadata) + SequenceInputStream(cryptorHeader.inputStream(), encryptedData) + } + } + + fun decryptStream(encryptedData: InputStream): InputStream { + val bufferedInputStream = validateStreamAndReturnBuffered(encryptedData) + return when (val parsedHeader = headerParser.parseDataWithHeader(bufferedInputStream)) { + ParseResult.NoHeader -> { + val decryptor = cryptorsForDecryptionOnly.firstOrNull { it.id().contentEquals(LEGACY_CRYPTOR_ID) } + decryptor?.decryptStream(EncryptedStreamData(stream = bufferedInputStream)) ?: throw PubNubException( + errorMessage = "LegacyCryptor not registered", + pubnubError = PubNubError.UNKNOWN_CRYPTOR + ) + } + + is ParseResult.Success -> { + val decryptor = cryptorsForDecryptionOnly.first { + it.id().contentEquals(parsedHeader.cryptoId) + } + decryptor.decryptStream( + EncryptedStreamData( + metadata = parsedHeader.cryptorData, + stream = parsedHeader.encryptedData + ) + ) + } + } + } + + private fun getDecryptedDataForLegacyCryptor(encryptedData: ByteArray): ByteArray { + return getLegacyCryptor()?.decrypt(EncryptedData(data = encryptedData)) ?: throw PubNubException( + errorMessage = "LegacyCryptor not available", + pubnubError = PubNubError.UNKNOWN_CRYPTOR + ) + } + + private fun getDecryptedDataForCryptorWithHeader(parsedHeader: ParseResult.Success): ByteArray { + val decryptedData: ByteArray + val cryptorId = parsedHeader.cryptoId + val cryptorData = parsedHeader.cryptorData + val pureEncryptedData = parsedHeader.encryptedData + val cryptor = getCryptorById(cryptorId) + decryptedData = + cryptor?.decrypt(EncryptedData(cryptorData, pureEncryptedData)) + ?: throw PubNubException(errorMessage = "No cryptor found", pubnubError = PubNubError.UNKNOWN_CRYPTOR) + return decryptedData + } + + private fun getLegacyCryptor(): Cryptor? { + val idOfLegacyCryptor = ByteArray(4) { 0.toByte() } + return getCryptorById(idOfLegacyCryptor) + } + + private fun getCryptorById(cryptorId: ByteArray): Cryptor? { + return cryptorsForDecryptionOnly.firstOrNull { it.id().contentEquals(cryptorId) } + } + + private fun validateData(data: ByteArray) { + if (data.isEmpty()) { + throw PubNubException( + errorMessage = "Encryption/Decryption of empty data not allowed.", + pubnubError = PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED + ) + } + } + + private fun validateStreamAndReturnBuffered(stream: InputStream): BufferedInputStream { + val bufferedInputStream = stream.buffered() + bufferedInputStream.checkMinSize(1) { + throw PubNubException( + errorMessage = "Encryption/Decryption of empty data not allowed.", + pubnubError = PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED + ) + } + return bufferedInputStream + } +} + +internal fun CryptoModule.encryptString(inputString: String): String = + String(Base64.encode(encrypt(inputString.toByteArray()), Base64.NO_WRAP)) + +internal fun CryptoModule.decryptString(inputString: String): String = + decrypt(Base64.decode(inputString, Base64.NO_WRAP)).toString(Charsets.UTF_8) + +// this method read data from stream and allows to read them again in subsequent reads without manual reset or repositioning +internal fun BufferedInputStream.checkMinSize(size: Int, exceptionBlock: (Int) -> Unit) { + mark(size + 1) + + val readBytes = readNBytez(size) + reset() + if (readBytes.size < size) { + exceptionBlock(size) + } +} + +internal fun BufferedInputStream.readExactlyNBytez(size: Int, exceptionBlock: (Int) -> Unit): ByteArray { + val readBytes = readNBytez(size) + if (readBytes.size < size) { + exceptionBlock(size) + } + return readBytes +} + +internal fun InputStream.readNBytez(len: Int): ByteArray { + var remaining: Int = len + var n: Int + val originalArray = ByteArray(remaining) + var nread = 0 + + while (read(originalArray, nread, min(originalArray.size - nread, remaining)).also { n = it } > 0) { + nread += n + remaining -= n + } + return originalArray.copyOf(nread) +} diff --git a/src/main/java/com/pubnub/api/crypto/cryptor/AesCbcCryptor.kt b/src/main/java/com/pubnub/api/crypto/cryptor/AesCbcCryptor.kt new file mode 100644 index 000000000..d9f38b907 --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/cryptor/AesCbcCryptor.kt @@ -0,0 +1,126 @@ +package com.pubnub.api.crypto.cryptor + +import com.pubnub.api.crypto.checkMinSize +import com.pubnub.api.crypto.data.EncryptedData +import com.pubnub.api.crypto.data.EncryptedStreamData +import com.pubnub.api.crypto.exception.PubNubError +import com.pubnub.api.crypto.exception.PubNubException +import java.io.BufferedInputStream +import java.io.InputStream +import java.security.MessageDigest +import java.security.SecureRandom +import javax.crypto.Cipher +import javax.crypto.CipherInputStream +import javax.crypto.spec.IvParameterSpec +import javax.crypto.spec.SecretKeySpec + +private const val CIPHER_TRANSFORMATION = "AES/CBC/PKCS5Padding" +private const val RANDOM_IV_SIZE = 16 + +class AesCbcCryptor(val cipherKey: String) : Cryptor { + private val newKey: SecretKeySpec = createNewKey() + + override fun id(): ByteArray { + return byteArrayOf('A'.code.toByte(), 'C'.code.toByte(), 'R'.code.toByte(), 'H'.code.toByte()) + } + + override fun encrypt(data: ByteArray): EncryptedData { + validateData(data) + return try { + val ivBytes: ByteArray = createRandomIv() + val cipher = createInitializedCipher(ivBytes, Cipher.ENCRYPT_MODE) + val encryptedData: ByteArray = cipher.doFinal(data) + EncryptedData(metadata = ivBytes, data = encryptedData) + } catch (e: Exception) { + throw PubNubException(errorMessage = e.message, pubnubError = PubNubError.CRYPTO_ERROR) + } + } + + override fun decrypt(encryptedData: EncryptedData): ByteArray { + validateData(encryptedData.data) + return try { + val ivBytes: ByteArray = encryptedData.metadata?.takeIf { it.size == RANDOM_IV_SIZE } + ?: throw PubNubException(errorMessage = "Invalid random IV", pubnubError = PubNubError.CRYPTO_ERROR) + val cipher = createInitializedCipher(ivBytes, Cipher.DECRYPT_MODE) + val decryptedData = cipher.doFinal(encryptedData.data) + decryptedData + } catch (e: Exception) { + throw PubNubException(errorMessage = e.message, pubnubError = PubNubError.CRYPTO_ERROR) + } + } + + override fun encryptStream(stream: InputStream): EncryptedStreamData { + val bufferedInputStream = validateInputStreamAndReturnBuffered(stream) + try { + val ivBytes: ByteArray = createRandomIv() + val cipher = createInitializedCipher(ivBytes, Cipher.ENCRYPT_MODE) + val cipheredStream = CipherInputStream(bufferedInputStream, cipher) + + return EncryptedStreamData( + metadata = ivBytes, + stream = cipheredStream + ) + } catch (e: Exception) { + throw PubNubException(e.message, PubNubError.CRYPTO_ERROR) + } + } + + override fun decryptStream(encryptedData: EncryptedStreamData): InputStream { + val bufferedInputStream = validateInputStreamAndReturnBuffered(encryptedData.stream) + try { + val ivBytes: ByteArray = encryptedData.metadata?.takeIf { it.size == RANDOM_IV_SIZE } + ?: throw PubNubException(errorMessage = "Invalid random IV", pubnubError = PubNubError.CRYPTO_ERROR) + val cipher = createInitializedCipher(ivBytes, Cipher.DECRYPT_MODE) + return CipherInputStream(bufferedInputStream, cipher) + } catch (e: Exception) { + throw PubNubException(errorMessage = e.message, pubnubError = PubNubError.CRYPTO_ERROR) + } + } + + private fun validateData(data: ByteArray) { + if (data.isEmpty()) { + throw PubNubException( + errorMessage = "Encryption/Decryption of empty data not allowed.", + pubnubError = PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED + ) + } + } + + private fun createInitializedCipher(iv: ByteArray, mode: Int): Cipher { + return Cipher.getInstance(CIPHER_TRANSFORMATION).also { + it.init(mode, newKey, IvParameterSpec(iv)) + } + } + + private fun createNewKey(): SecretKeySpec { + val keyBytes = sha256(cipherKey.toByteArray(Charsets.UTF_8)) + return SecretKeySpec(keyBytes, "AES") + } + + private fun createRandomIv(): ByteArray { + val ivBytes = ByteArray(RANDOM_IV_SIZE) + SecureRandom().nextBytes(ivBytes) + return ivBytes + } + + private fun sha256(input: ByteArray): ByteArray { + val digest: MessageDigest + return try { + digest = MessageDigest.getInstance("SHA-256") + digest.digest(input) + } catch (e: java.lang.Exception) { + throw PubNubException(errorMessage = e.message, pubnubError = PubNubError.CRYPTO_ERROR) + } + } + + private fun validateInputStreamAndReturnBuffered(stream: InputStream): BufferedInputStream { + val bufferedInputStream = stream.buffered() + bufferedInputStream.checkMinSize(1) { + throw PubNubException( + errorMessage = "Encryption/Decryption of empty data not allowed.", + pubnubError = PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED + ) + } + return bufferedInputStream + } +} diff --git a/src/main/java/com/pubnub/api/crypto/cryptor/Cryptor.kt b/src/main/java/com/pubnub/api/crypto/cryptor/Cryptor.kt new file mode 100644 index 000000000..f21ea51cd --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/cryptor/Cryptor.kt @@ -0,0 +1,13 @@ +package com.pubnub.api.crypto.cryptor + +import com.pubnub.api.crypto.data.EncryptedData +import com.pubnub.api.crypto.data.EncryptedStreamData +import java.io.InputStream + +interface Cryptor { + fun id(): ByteArray // Assuming 4 bytes, + fun encrypt(data: ByteArray): EncryptedData + fun decrypt(encryptedData: EncryptedData): ByteArray + fun encryptStream(stream: InputStream): EncryptedStreamData + fun decryptStream(encryptedData: EncryptedStreamData): InputStream +} diff --git a/src/main/java/com/pubnub/api/crypto/cryptor/CryptorHeader.kt b/src/main/java/com/pubnub/api/crypto/cryptor/CryptorHeader.kt new file mode 100644 index 000000000..99e3d02d3 --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/cryptor/CryptorHeader.kt @@ -0,0 +1,38 @@ +package com.pubnub.api.crypto.cryptor + +class CryptorHeader( + val sentinel: ByteArray, // 4 bytes + val version: Byte, // 1 byte + val cryptorId: ByteArray, // 4 bytes + val cryptorDataSize: ByteArray, // 1 or 3 bytes + val cryptorData: ByteArray // 0-65535 bytes +) { + + fun toByteArray(): ByteArray { + return sentinel + version + cryptorId + cryptorDataSize + cryptorData + } + + override fun equals(other: Any?): Boolean { + if (this === other) return true + if (javaClass != other?.javaClass) return false + + other as CryptorHeader + + if (!sentinel.contentEquals(other.sentinel)) return false + if (version != other.version) return false + if (!cryptorId.contentEquals(other.cryptorId)) return false + if (!cryptorDataSize.contentEquals(other.cryptorDataSize)) return false + if (!cryptorData.contentEquals(other.cryptorData)) return false + + return true + } + + override fun hashCode(): Int { + var result = sentinel.contentHashCode() + result = 31 * result + version + result = 31 * result + cryptorId.contentHashCode() + result = 31 * result + cryptorDataSize.contentHashCode() + result = 31 * result + cryptorData.contentHashCode() + return result + } +} diff --git a/src/main/java/com/pubnub/api/crypto/cryptor/CryptorHeaderVersion.kt b/src/main/java/com/pubnub/api/crypto/cryptor/CryptorHeaderVersion.kt new file mode 100644 index 000000000..d7e0d8d6d --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/cryptor/CryptorHeaderVersion.kt @@ -0,0 +1,11 @@ +package com.pubnub.api.crypto.cryptor + +enum class CryptorHeaderVersion(val value: Int) { + One(1); + + companion object { + fun fromValue(value: Int): CryptorHeaderVersion? { + return values().find { it.value == value } + } + } +} diff --git a/src/main/java/com/pubnub/api/crypto/cryptor/HeaderParser.kt b/src/main/java/com/pubnub/api/crypto/cryptor/HeaderParser.kt new file mode 100644 index 000000000..2166ec2f5 --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/cryptor/HeaderParser.kt @@ -0,0 +1,189 @@ +package com.pubnub.api.crypto.cryptor + +import com.pubnub.api.crypto.exception.PubNubError +import com.pubnub.api.crypto.exception.PubNubException +import com.pubnub.api.crypto.readExactlyNBytez +import org.slf4j.LoggerFactory +import java.io.BufferedInputStream +import java.io.InputStream + +private val SENTINEL = "PNED".toByteArray() +private const val STARTING_INDEX_OF_ONE_BYTE_CRYPTOR_DATA_SIZE = 10 +private const val STARTING_INDEX_OF_THREE_BYTES_CRYPTOR_DATA_SIZE = 12 +private const val MINIMAL_SIZE_OF_DATA_HAVING_CRYPTOR_HEADER = 10 +private const val THREE_BYTES_SIZE_CRYPTOR_DATA_INDICATOR: UByte = 255U + +private const val SENTINEL_STARTING_INDEX = 0 +private const val SENTINEL_ENDING_INDEX = 3 +private const val VERSION_INDEX = 4 +private const val CRYPTOR_ID_STARTING_INDEX = 5 +private const val CRYPTOR_ID_ENDING_INDEX = 8 +private const val CRYPTOR_DATA_SIZE_STARTING_INDEX = 9 +private const val THREE_BYTES_CRYPTOR_DATA_SIZE_STARTING_INDEX = 10 +private const val THREE_BYTES_CRYPTOR_DATA_SIZE_ENDING_INDEX = 11 +private const val MAX_VALUE_THAT_CAN_BE_STORED_ON_TWO_BYTES = 65535 +private const val MINIMAL_SIZE_OF_CRYPTO_HEADER = 10 + +class HeaderParser { + private val log = LoggerFactory.getLogger(HeaderParser::class.java) + + fun parseDataWithHeader(stream: BufferedInputStream): ParseResult { + val bufferedInputStream = stream.buffered() + bufferedInputStream.mark(Int.MAX_VALUE) // TODO Can be calculated from spec + val possibleInitialHeader = ByteArray(MINIMAL_SIZE_OF_CRYPTO_HEADER) + val initiallyRead = bufferedInputStream.read(possibleInitialHeader) + if (!possibleInitialHeader.sliceArray(SENTINEL_STARTING_INDEX..SENTINEL_ENDING_INDEX).contentEquals(SENTINEL)) { + bufferedInputStream.reset() + return ParseResult.NoHeader + } + + if (initiallyRead < MINIMAL_SIZE_OF_DATA_HAVING_CRYPTOR_HEADER) { + throw PubNubException( + errorMessage = "Minimal size of Cryptor Data Header is: $MINIMAL_SIZE_OF_DATA_HAVING_CRYPTOR_HEADER", + pubnubError = PubNubError.CRYPTOR_HEADER_PARSE_ERROR + ) + } + + validateCryptorHeaderVersion(possibleInitialHeader) + val cryptorId = possibleInitialHeader.sliceArray(CRYPTOR_ID_STARTING_INDEX..CRYPTOR_ID_ENDING_INDEX) + val cryptorDataSizeFirstByte = possibleInitialHeader[CRYPTOR_DATA_SIZE_STARTING_INDEX].toUByte() + + val cryptorData: ByteArray = if (cryptorDataSizeFirstByte == THREE_BYTES_SIZE_CRYPTOR_DATA_INDICATOR) { + val cryptorDataSizeBytes = readExactlyNBytez(bufferedInputStream, 2) + val cryptorDataSize = convertTwoBytesToIntBigEndian(cryptorDataSizeBytes[0], cryptorDataSizeBytes[1]) + readExactlyNBytez(bufferedInputStream, cryptorDataSize) + } else { + if (cryptorDataSizeFirstByte == UByte.MIN_VALUE) { + byteArrayOf() + } else { + readExactlyNBytez(bufferedInputStream, cryptorDataSizeFirstByte.toInt()) + } + } + return ParseResult.Success(cryptorId, cryptorData, bufferedInputStream) + } + + private fun readExactlyNBytez( + bufferedInputStream: BufferedInputStream, + numberOfBytesToRead: Int + ) = bufferedInputStream.readExactlyNBytez(numberOfBytesToRead) { n -> + throw PubNubException(errorMessage = "Couldn't read $n bytes") + } + + fun parseDataWithHeader(data: ByteArray): ParseResult { + if (data.size < SENTINEL.size) { + return ParseResult.NoHeader + } + val sentinel = data.sliceArray(SENTINEL_STARTING_INDEX..SENTINEL_ENDING_INDEX) + if (!SENTINEL.contentEquals(sentinel)) { + return ParseResult.NoHeader + } + + if (data.size < MINIMAL_SIZE_OF_DATA_HAVING_CRYPTOR_HEADER) { + throw PubNubException( + errorMessage = + "Minimal size of encrypted data having Cryptor Data Header is: $MINIMAL_SIZE_OF_DATA_HAVING_CRYPTOR_HEADER", + pubnubError = PubNubError.CRYPTOR_DATA_HEADER_SIZE_TO_SMALL + ) + } + + validateCryptorHeaderVersion(data) + + val cryptorId = data.sliceArray(CRYPTOR_ID_STARTING_INDEX..CRYPTOR_ID_ENDING_INDEX) + log.trace("CryptoId: ${String(cryptorId, Charsets.UTF_8)}") + + val cryptorDataSizeFirstByte: Byte = data[CRYPTOR_DATA_SIZE_STARTING_INDEX] + val (startingIndexOfCryptorData, cryptorDataSize) = getCryptorDataSizeAndStartingIndex( + data, + cryptorDataSizeFirstByte + ) + + if (startingIndexOfCryptorData + cryptorDataSize > data.size) { + throw PubNubException( + errorMessage = "Input data size: ${data.size} is to small to fit header of size $startingIndexOfCryptorData and cryptorData of size: $cryptorDataSize", + pubnubError = PubNubError.CRYPTOR_HEADER_PARSE_ERROR + ) + } + val cryptorData = + data.sliceArray(startingIndexOfCryptorData until (startingIndexOfCryptorData + cryptorDataSize)) + val sizeOfCryptorHeader = startingIndexOfCryptorData + cryptorDataSize + val encryptedData = data.sliceArray(sizeOfCryptorHeader until data.size) + + return ParseResult.Success(cryptorId, cryptorData, encryptedData) + } + + fun createCryptorHeader(cryptorId: ByteArray, cryptorData: ByteArray?): ByteArray { + val sentinel: ByteArray = SENTINEL + val cryptorHeaderVersion: Byte = getCurrentCryptoHeaderVersion() + val cryptorDataSize: Int = cryptorData?.size ?: 0 + val finalCryptorDataSize: ByteArray = + if (cryptorDataSize < THREE_BYTES_SIZE_CRYPTOR_DATA_INDICATOR.toInt()) { + byteArrayOf(cryptorDataSize.toByte()) // cryptorDataSize will be stored on 1 byte + } else if (cryptorDataSize < MAX_VALUE_THAT_CAN_BE_STORED_ON_TWO_BYTES) { + byteArrayOf(cryptorDataSize.toByte()) + writeNumberOnTwoBytes(cryptorDataSize) // cryptorDataSize will be stored on 3 byte + } else { + throw PubNubException( + errorMessage = "Cryptor Data Size is: $cryptorDataSize whereas max cryptor data size is: $MAX_VALUE_THAT_CAN_BE_STORED_ON_TWO_BYTES", + pubnubError = PubNubError.CRYPTOR_HEADER_PARSE_ERROR + ) + } + + val cryptorHeader = + CryptorHeader(sentinel, cryptorHeaderVersion, cryptorId, finalCryptorDataSize, cryptorData ?: byteArrayOf()) + return cryptorHeader.toByteArray() + } + + private fun getCurrentCryptoHeaderVersion(): Byte { + return CryptorHeaderVersion.One.value.toByte() + } + + private fun getCryptorDataSizeAndStartingIndex(data: ByteArray, cryptorDataSizeFirstByte: Byte): Pair { + val startingIndexOfCryptorData: Int + val cryptorDataSize: Int + val cryptoDataFirstByteAsUByte: UByte = cryptorDataSizeFirstByte.toUByte() + + if (cryptoDataFirstByteAsUByte == THREE_BYTES_SIZE_CRYPTOR_DATA_INDICATOR) { + startingIndexOfCryptorData = STARTING_INDEX_OF_THREE_BYTES_CRYPTOR_DATA_SIZE + log.trace("\"Cryptor data size\" first byte's value is 255 that mean that size is stored on two next bytes") + val cryptorDataSizeSecondByte = data[THREE_BYTES_CRYPTOR_DATA_SIZE_STARTING_INDEX] + val cryptorDataSizeThirdByte = data[THREE_BYTES_CRYPTOR_DATA_SIZE_ENDING_INDEX] + cryptorDataSize = convertTwoBytesToIntBigEndian(cryptorDataSizeSecondByte, cryptorDataSizeThirdByte) + } else { + startingIndexOfCryptorData = STARTING_INDEX_OF_ONE_BYTE_CRYPTOR_DATA_SIZE + cryptorDataSize = cryptoDataFirstByteAsUByte.toInt() + log.trace("\"Cryptor data size\" is 1 byte long and its value is: $cryptorDataSize") + } + return Pair(startingIndexOfCryptorData, cryptorDataSize) + } + + private fun validateCryptorHeaderVersion(data: ByteArray) { + val version: UByte = data[VERSION_INDEX].toUByte() // 5th byte + val versionAsInt = version.toInt() + log.trace("Cryptor header version is: $versionAsInt") + // check if version exist in this SDK version + CryptorHeaderVersion.fromValue(versionAsInt) + ?: throw PubNubException( + errorMessage = "Cryptor header version unknown. Please, update SDK", + pubnubError = PubNubError.CRYPTOR_HEADER_VERSION_UNKNOWN + ) + } + + private fun convertTwoBytesToIntBigEndian(byte1: Byte, byte2: Byte): Int { + return ((byte1.toInt() and 0xFF) shl 8) or (byte2.toInt() and 0xFF) + } + + private fun writeNumberOnTwoBytes(number: Int): ByteArray { + val result = ByteArray(2) + + result[0] = (number shr 8).toByte() + result[1] = number.toByte() + + return result + } +} + +sealed class ParseResult { + data class Success(val cryptoId: ByteArray, val cryptorData: ByteArray, val encryptedData: T) : + ParseResult() + + object NoHeader : ParseResult() +} diff --git a/src/main/java/com/pubnub/api/crypto/cryptor/InputStreamSeparator.kt b/src/main/java/com/pubnub/api/crypto/cryptor/InputStreamSeparator.kt new file mode 100644 index 000000000..9a7a6f678 --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/cryptor/InputStreamSeparator.kt @@ -0,0 +1,41 @@ +package com.pubnub.api.crypto.cryptor + +import java.io.InputStream + +/** This class is used to separate the inputStream from the CipherInputStream. + * We might want to separate the inputStream from the CipherInputStream because we want to be able to close the + * CipherInputStream without closing the inputStream. + * */ +internal class InputStreamSeparator(private val inputStream: InputStream) : InputStream() { + override fun read(): Int { + return inputStream.read() + } + + override fun read(b: ByteArray): Int { + return inputStream.read(b) + } + + override fun read(b: ByteArray, off: Int, len: Int): Int { + return inputStream.read(b, off, len) + } + + override fun skip(n: Long): Long { + return inputStream.skip(n) + } + + override fun available(): Int { + return inputStream.available() + } + + override fun mark(readlimit: Int) { + inputStream.mark(readlimit) + } + + override fun reset() { + inputStream.reset() + } + + override fun markSupported(): Boolean { + return inputStream.markSupported() + } +} diff --git a/src/main/java/com/pubnub/api/crypto/cryptor/LegacyCryptor.kt b/src/main/java/com/pubnub/api/crypto/cryptor/LegacyCryptor.kt new file mode 100644 index 000000000..401d58c5b --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/cryptor/LegacyCryptor.kt @@ -0,0 +1,216 @@ +package com.pubnub.api.crypto.cryptor + +import com.pubnub.api.crypto.checkMinSize +import com.pubnub.api.crypto.data.EncryptedData +import com.pubnub.api.crypto.data.EncryptedStreamData +import com.pubnub.api.crypto.exception.PubNubError +import com.pubnub.api.crypto.exception.PubNubException +import java.io.BufferedInputStream +import java.io.InputStream +import java.io.SequenceInputStream +import java.io.UnsupportedEncodingException +import java.security.MessageDigest +import java.security.SecureRandom +import java.util.* +import javax.crypto.Cipher +import javax.crypto.CipherInputStream +import javax.crypto.spec.IvParameterSpec +import javax.crypto.spec.SecretKeySpec + +private const val STATIC_IV = "0123456789012345" +private const val CIPHER_TRANSFORMATION = "AES/CBC/PKCS5Padding" +internal val LEGACY_CRYPTOR_ID = ByteArray(4) { 0.toByte() } + +private const val IV_SIZE = 16 +private const val SIZE_OF_ONE_BLOCK_OF_ENCRYPTED_DATA = 16 +private const val RANDOM_IV_STARTING_INDEX = 0 +private const val RANDOM_IV_ENDING_INDEX = 15 +private const val ENCRYPTED_DATA_STARTING_INDEX = 16 // this is when useRandomIv = true + +class LegacyCryptor(val cipherKey: String, val useRandomIv: Boolean = true) : Cryptor { + private val newKey: SecretKeySpec = createNewKey() + + override fun id(): ByteArray { + return LEGACY_CRYPTOR_ID // it was agreed that legacy PN Cryptor will have 0 as ID + } + + override fun encrypt(data: ByteArray): EncryptedData { + validateData(data) + return try { + val ivBytes: ByteArray = getIvBytesForEncryption() + val cipher = createInitializedCipher(ivBytes, Cipher.ENCRYPT_MODE) + val encrypted: ByteArray = cipher.doFinal(data) + if (useRandomIv) { + EncryptedData( + data = ivBytes + encrypted + ) + } else { + EncryptedData( + data = encrypted + ) + } + } catch (e: Exception) { + throw PubNubException(errorMessage = e.message, pubnubError = PubNubError.CRYPTO_ERROR) + } + } + + override fun decrypt(encryptedData: EncryptedData): ByteArray { + validateData(encryptedData) + return try { + val ivBytes: ByteArray = getIvBytesForDecryption(encryptedData) + val cipher = createInitializedCipher(ivBytes, Cipher.DECRYPT_MODE) + val encryptedDataForProcessing = getEncryptedDataForProcessing(encryptedData) + val decryptedData = cipher.doFinal(encryptedDataForProcessing) + decryptedData + } catch (e: Exception) { + throw PubNubException(errorMessage = e.message, pubnubError = PubNubError.CRYPTO_ERROR) + } + } + + override fun encryptStream(stream: InputStream): EncryptedStreamData { + val bufferedInputStream = validateStreamAndReturnBuffered(stream) + try { + val ivBytes: ByteArray = createRandomIv() + val cipher = createInitializedCipher(ivBytes, Cipher.ENCRYPT_MODE) + val cipheredStream = CipherInputStream(bufferedInputStream, cipher) + return EncryptedStreamData(stream = SequenceInputStream(ivBytes.inputStream(), cipheredStream)) + } catch (e: Exception) { + throw PubNubException(errorMessage = e.message, pubnubError = PubNubError.CRYPTO_ERROR) + } + } + + override fun decryptStream(encryptedData: EncryptedStreamData): InputStream { + val bufferedInputStream = validateEncryptedInputStreamAndReturnBuffered(encryptedData.stream) + try { + val ivBytes = ByteArray(IV_SIZE) + val numberOfReadBytes = bufferedInputStream.read(ivBytes) + if (numberOfReadBytes != IV_SIZE) { + throw PubNubException( + errorMessage = "Could not read IV from encrypted stream", + pubnubError = PubNubError.CRYPTO_ERROR + ) + } + val cipher = createInitializedCipher(ivBytes, Cipher.DECRYPT_MODE) + return CipherInputStream(bufferedInputStream, cipher) + } catch (e: Exception) { + throw PubNubException(errorMessage = e.message, pubnubError = PubNubError.CRYPTO_ERROR) + } + } + + private fun validateEncryptedInputStreamAndReturnBuffered(stream: InputStream): BufferedInputStream { + val bufferedInputStream = stream.buffered() + bufferedInputStream.checkMinSize(IV_SIZE + SIZE_OF_ONE_BLOCK_OF_ENCRYPTED_DATA) { + throw PubNubException( + errorMessage = "Encryption/Decryption of empty data not allowed.", + pubnubError = PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED + ) + } + return bufferedInputStream + } + + private fun validateStreamAndReturnBuffered(stream: InputStream): BufferedInputStream { + val bufferedInputStream = stream.buffered() + bufferedInputStream.checkMinSize(1) { + throw PubNubException( + errorMessage = "Encryption/Decryption of empty data not allowed.", + pubnubError = PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED + ) + } + return bufferedInputStream + } + + private fun createNewKey(): SecretKeySpec { + val keyBytes = String(hexEncode(sha256(cipherKey.toByteArray())), Charsets.UTF_8) + .substring(0, 32) + .lowercase(Locale.getDefault()).toByteArray() + return SecretKeySpec(keyBytes, "AES") + } + + private fun sha256(input: ByteArray): ByteArray { + val digest: MessageDigest + return try { + digest = MessageDigest.getInstance("SHA-256") + digest.digest(input) + } catch (e: java.lang.Exception) { + throw PubNubException(errorMessage = e.message, pubnubError = PubNubError.CRYPTO_ERROR) + } + } + + private fun hexEncode(input: ByteArray): ByteArray { + val result = StringBuilder() + for (byt in input) { + result.append(Integer.toString((byt.toInt() and 0xff) + 0x100, 16).substring(1)) + } + try { + return result.toString().toByteArray() + } catch (e: UnsupportedEncodingException) { + throw PubNubException(errorMessage = e.message, pubnubError = PubNubError.CRYPTO_ERROR) + } + } + + private fun validateData(data: ByteArray) { + if (data.isEmpty()) { + throw PubNubException( + errorMessage = "Encryption/Decryption of empty data not allowed.", + pubnubError = PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED + ) + } + } + + private fun getIvBytesForEncryption(): ByteArray { + return if (useRandomIv) { + createRandomIv() + } else { + STATIC_IV.toByteArray() + } + } + + private fun createRandomIv(): ByteArray { + val ivBytes = ByteArray(IV_SIZE) + SecureRandom().nextBytes(ivBytes) + return ivBytes + } + + private fun validateData(encryptedData: EncryptedData) { + val encryptedDatSize = encryptedData.data.size + if (useRandomIv) { + if (encryptedDatSize <= IV_SIZE) { + throw PubNubException( + errorMessage = "Encryption/Decryption of empty data not allowed.", + pubnubError = PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED + ) + } + } else { + if (encryptedDatSize == 0) { + throw PubNubException( + errorMessage = "Encryption/Decryption of empty data not allowed.", + pubnubError = PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED + ) + } + } + } + + private fun getIvBytesForDecryption(encryptedData: EncryptedData): ByteArray { + return if (useRandomIv) { + encryptedData.data.sliceArray(RANDOM_IV_STARTING_INDEX..RANDOM_IV_ENDING_INDEX) + } else { + STATIC_IV.toByteArray() + } + } + + private fun createInitializedCipher(iv: ByteArray, mode: Int): Cipher { + return Cipher.getInstance(CIPHER_TRANSFORMATION).also { + it.init(mode, newKey, IvParameterSpec(iv)) + } + } + + private fun getEncryptedDataForProcessing(encryptedData: EncryptedData): ByteArray { + val encryptedDataForProcessing: ByteArray = if (useRandomIv) { + encryptedData.data.sliceArray(ENCRYPTED_DATA_STARTING_INDEX until encryptedData.data.size) + } else { + // when there is useRandomIv = false then there is no IV in message + encryptedData.data + } + return encryptedDataForProcessing + } +} diff --git a/src/main/java/com/pubnub/api/crypto/data/EncryptedData.kt b/src/main/java/com/pubnub/api/crypto/data/EncryptedData.kt new file mode 100644 index 000000000..06cbdf3c8 --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/data/EncryptedData.kt @@ -0,0 +1,6 @@ +package com.pubnub.api.crypto.data + +data class EncryptedData( + val metadata: ByteArray? = null, + val data: ByteArray +) diff --git a/src/main/java/com/pubnub/api/crypto/data/EncryptedStreamData.kt b/src/main/java/com/pubnub/api/crypto/data/EncryptedStreamData.kt new file mode 100644 index 000000000..237992689 --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/data/EncryptedStreamData.kt @@ -0,0 +1,8 @@ +package com.pubnub.api.crypto.data + +import java.io.InputStream + +data class EncryptedStreamData( + val metadata: ByteArray? = null, + val stream: InputStream +) diff --git a/src/main/java/com/pubnub/api/crypto/exception/PubNubError.kt b/src/main/java/com/pubnub/api/crypto/exception/PubNubError.kt new file mode 100644 index 000000000..04c1df005 --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/exception/PubNubError.kt @@ -0,0 +1,234 @@ +package com.pubnub.api.crypto.exception + +import com.pubnub.api.models.consumer.PNStatus + +/** + * List of known PubNub errors. Observe them in [PubNubException.pubnubError] in [PNStatus.exception]. + * + * @property code The error code. + * @property message The error message. + */ +enum class PubNubError(private val code: Int, val message: String) { + + TIMEOUT( + 100, + "Timeout Occurred" + ), + + CONNECT_EXCEPTION( + 102, + "Connect Exception. Please verify if network is reachable" + ), + + SECRET_KEY_MISSING( + 114, + "ULS configuration failed. Secret Key not configured" + ), + + JSON_ERROR( + 121, + "JSON Error while processing API response" + ), + INTERNAL_ERROR( + 125, + "Internal Error" + ), + PARSING_ERROR( + 126, + "Parsing Error" + ), + INVALID_ARGUMENTS( + 131, + "Invalid arguments" + ), + CONNECTION_NOT_SET( + 133, + "PubNub Connection not set" + ), + + GROUP_MISSING( + 136, + "Group Missing" + ), + + SUBSCRIBE_KEY_MISSING( + 138, + "ULS configuration failed. Subscribe Key not configured." + ), + + PUBLISH_KEY_MISSING( + 139, + "ULS configuration failed. Publish Key not configured." + ), + + SUBSCRIBE_TIMEOUT( + 130, + "Subscribe Timeout" + ), + + HTTP_ERROR( + 103, + "HTTP Error. Please check network connectivity. Please contact support with error details if the issue persists." + ), + + MESSAGE_MISSING( + 142, + "Message Missing" + ), + + CHANNEL_MISSING( + 132, + "Channel Missing" + ), + + CRYPTO_ERROR( + 135, + "Error while encrypting/decrypting message. Please contact support with error details." + ), + + STATE_MISSING( + 140, + "State Missing." + ), + + CHANNEL_AND_GROUP_MISSING( + 141, + "Channel and Group Missing." + ), + + PUSH_TYPE_MISSING( + 143, + "Push Type Missing." + ), + + DEVICE_ID_MISSING( + 144, + "Device ID Missing" + ), + + TIMETOKEN_MISSING( + 145, + "Timetoken Missing." + ), + + CHANNELS_TIMETOKEN_MISMATCH( + 146, + "Channels and timetokens are not equal in size." + ), + + USER_MISSING( + 147, + "User is missing" + ), + + USER_ID_MISSING( + 148, + "User ID is missing" + ), + + USER_NAME_MISSING( + 149, + "User name is missing" + ), + + RESOURCES_MISSING( + 153, + "Resources missing" + ), + + PERMISSION_MISSING( + 156, + "Permission missing" + ), + + INVALID_ACCESS_TOKEN( + 157, + "Invalid access token" + ), + + MESSAGE_ACTION_MISSING( + 158, + "Message action is missing." + ), + + MESSAGE_ACTION_TYPE_MISSING( + 159, + "Message action type is missing." + ), + + MESSAGE_ACTION_VALUE_MISSING( + 160, + "Message action value is missing." + ), + + MESSAGE_TIMETOKEN_MISSING( + 161, + "Message timetoken is missing." + ), + + MESSAGE_ACTION_TIMETOKEN_MISSING( + 162, + "Message action timetoken is missing." + ), + + HISTORY_MESSAGE_ACTIONS_MULTIPLE_CHANNELS( + 163, + "History can return message action data for a single channel only. Either pass a single channel or disable the includeMessageActions flag." + ), + + PUSH_TOPIC_MISSING( + 164, + "Push notification topic is missing. Required only if push type is APNS2." + ), + + TOKEN_MISSING( + 168, + "Token missing" + ), + + UUID_NULL_OR_EMPTY( + 169, + "Uuid can't be null nor empty" + ), + + USERID_NULL_OR_EMPTY( + 170, + "UserId can't have empty value" + ), + + CHANNEL_OR_CHANNEL_GROUP_MISSING( + 171, + "Please, provide channel or channelGroup" + ), + + UNKNOWN_CRYPTOR( + 172, + "Cryptor not found." + ), + + CRYPTOR_DATA_HEADER_SIZE_TO_SMALL( + 173, + "Cryptor data size is to small." + ), + + CRYPTOR_HEADER_VERSION_UNKNOWN( + 174, + "Cryptor header version unknown. Please, update SDK." + ), + + CRYPTOR_HEADER_PARSE_ERROR( + 175, + "Cryptor header parse error." + ), + + ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED( + 176, + "Encryption of empty data not allowed." + ), + + ; + + override fun toString(): String { + return "PubNubError(name=$name, code=$code, message='$message')" + } +} diff --git a/src/main/java/com/pubnub/api/crypto/exception/PubNubException.kt b/src/main/java/com/pubnub/api/crypto/exception/PubNubException.kt new file mode 100644 index 000000000..0bc6e320b --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/exception/PubNubException.kt @@ -0,0 +1,26 @@ +package com.pubnub.api.crypto.exception + +import retrofit2.Call + +/** + * Custom exception wrapper for errors occurred during execution or processing of a PubNub API operation. + * + * @property errorMessage The error message received from the server, if any. + * @property pubnubError The appropriate matching PubNub error. + * @property jso The error json received from the server, if any. + * @property statusCode HTTP status code. + * @property affectedCall A reference to the affected call. Useful for calling [retry][Endpoint.retry]. + */ +data class PubNubException( + val errorMessage: String? = null, + val pubnubError: PubNubError? = null, + val jso: String? = null, + val statusCode: Int = 0, + val affectedCall: Call<*>? = null +) : Exception(errorMessage) { + + internal constructor(pubnubError: PubNubError) : this( + errorMessage = pubnubError.message, + pubnubError = pubnubError + ) +} diff --git a/src/main/java/com/pubnub/api/crypto/util/FileEncryptionUtilKT.kt b/src/main/java/com/pubnub/api/crypto/util/FileEncryptionUtilKT.kt new file mode 100644 index 000000000..a203423f8 --- /dev/null +++ b/src/main/java/com/pubnub/api/crypto/util/FileEncryptionUtilKT.kt @@ -0,0 +1,148 @@ +package com.pubnub.api.vendor + +import com.pubnub.api.PubNub +import com.pubnub.api.crypto.exception.PubNubException +import java.io.ByteArrayInputStream +import java.io.ByteArrayOutputStream +import java.io.IOException +import java.io.InputStream +import java.io.UnsupportedEncodingException +import java.security.InvalidAlgorithmParameterException +import java.security.InvalidKeyException +import java.security.NoSuchAlgorithmException +import java.security.SecureRandom +import java.security.spec.AlgorithmParameterSpec +import java.util.* +import javax.crypto.BadPaddingException +import javax.crypto.Cipher +import javax.crypto.IllegalBlockSizeException +import javax.crypto.NoSuchPaddingException +import javax.crypto.spec.IvParameterSpec +import javax.crypto.spec.SecretKeySpec + +object FileEncryptionUtilKT { + private const val IV_SIZE_BYTES = 16 + const val ENCODING_UTF_8 = "UTF-8" + const val CIPHER_TRANSFORMATION = "AES/CBC/PKCS5Padding" + + /** + * @see [PubNub.encryptInputStream] + */ + @Throws(PubNubException::class) + fun encrypt(inputStream: InputStream, cipherKey: String): InputStream { + return encryptToBytes(inputStream.readBytes(), cipherKey).inputStream() + } + + /** + * @see [PubNub.decryptInputStream] + */ + @Throws(PubNubException::class) + fun decrypt(inputStream: InputStream, cipherKey: String): InputStream { + return try { + val keyBytes = keyBytes(cipherKey) + val (ivBytes, dataToDecrypt) = loadIvAndDataFromInputStream(inputStream) + val decryptionCipher = decryptionCipher(keyBytes, ivBytes) + val decryptedBytes = decryptionCipher.doFinal(dataToDecrypt) + ByteArrayInputStream(decryptedBytes) + } catch (e: Exception) { + when (e) { + is NoSuchAlgorithmException, + is InvalidAlgorithmParameterException, + is NoSuchPaddingException, + is InvalidKeyException, + is IOException, + is IllegalBlockSizeException, + is BadPaddingException -> { + throw PubNubException(errorMessage = e.message) + } + else -> throw e + } + } + } + + @Throws(PubNubException::class) + internal fun encryptToBytes(bytesToEncrypt: ByteArray, cipherKey: String): ByteArray { + try { + ByteArrayOutputStream().use { byteArrayOutputStream -> + val randomIvBytes = randomIv() + byteArrayOutputStream.write(randomIvBytes) + + val keyBytes = keyBytes(cipherKey) + val encryptionCipher = encryptionCipher(keyBytes, randomIvBytes) + byteArrayOutputStream.write(encryptionCipher.doFinal(bytesToEncrypt)) + return byteArrayOutputStream.toByteArray() + } + } catch (e: Exception) { + when (e) { + is NoSuchAlgorithmException, + is InvalidAlgorithmParameterException, + is NoSuchPaddingException, + is InvalidKeyException, + is IOException, + is BadPaddingException, + is IllegalBlockSizeException -> { + throw PubNubException(errorMessage = e.message) + } + else -> throw e + } + } + } + + @Throws(IOException::class) + private fun loadIvAndDataFromInputStream(inputStreamToEncrypt: InputStream): Pair { + val ivBytes = ByteArray(IV_SIZE_BYTES) + inputStreamToEncrypt.read(ivBytes, 0, IV_SIZE_BYTES) + return ivBytes to inputStreamToEncrypt.readBytes() + } + + @Throws( + NoSuchAlgorithmException::class, + NoSuchPaddingException::class, + InvalidKeyException::class, + InvalidAlgorithmParameterException::class + ) + private fun encryptionCipher(keyBytes: ByteArray, ivBytes: ByteArray): Cipher { + return cipher(keyBytes, ivBytes, Cipher.ENCRYPT_MODE) + } + + @Throws( + NoSuchAlgorithmException::class, + NoSuchPaddingException::class, + InvalidKeyException::class, + InvalidAlgorithmParameterException::class + ) + private fun decryptionCipher(keyBytes: ByteArray, ivBytes: ByteArray): Cipher { + return cipher(keyBytes, ivBytes, Cipher.DECRYPT_MODE) + } + + @Throws( + NoSuchAlgorithmException::class, + NoSuchPaddingException::class, + InvalidKeyException::class, + InvalidAlgorithmParameterException::class + ) + private fun cipher(keyBytes: ByteArray, ivBytes: ByteArray, mode: Int): Cipher { + val cipher = Cipher.getInstance(CIPHER_TRANSFORMATION) + val iv: AlgorithmParameterSpec = IvParameterSpec(ivBytes) + val key = SecretKeySpec(keyBytes, "AES") + cipher.init(mode, key, iv) + return cipher + } + + @Throws(UnsupportedEncodingException::class, PubNubException::class) + private fun keyBytes(cipherKey: String): ByteArray { + return String( + Crypto.hexEncode(Crypto.sha256(cipherKey.toByteArray(charset(ENCODING_UTF_8)))), + charset(ENCODING_UTF_8) + ) + .substring(0, 32) + .lowercase(Locale.getDefault()).toByteArray(charset(ENCODING_UTF_8)) + } + + @Throws(NoSuchAlgorithmException::class) + private fun randomIv(): ByteArray { + val randomIv = ByteArray(IV_SIZE_BYTES) + SecureRandom.getInstance("SHA1PRNG").nextBytes(randomIv) + return randomIv + } +} diff --git a/src/main/java/com/pubnub/api/endpoints/FetchMessages.java b/src/main/java/com/pubnub/api/endpoints/FetchMessages.java index 2a6f5ef74..a6e1dd7eb 100644 --- a/src/main/java/com/pubnub/api/endpoints/FetchMessages.java +++ b/src/main/java/com/pubnub/api/endpoints/FetchMessages.java @@ -6,6 +6,8 @@ import com.pubnub.api.PubNubException; import com.pubnub.api.PubNubUtil; import com.pubnub.api.builder.PubNubErrorBuilder; +import com.pubnub.api.crypto.CryptoModule; +import com.pubnub.api.crypto.CryptoModuleKt; import com.pubnub.api.enums.PNOperationType; import com.pubnub.api.managers.MapperManager; import com.pubnub.api.managers.RetrofitManager; @@ -15,7 +17,6 @@ import com.pubnub.api.models.consumer.history.PNFetchMessageItem; import com.pubnub.api.models.consumer.history.PNFetchMessagesResult; import com.pubnub.api.models.server.FetchMessagesEnvelope; -import com.pubnub.api.vendor.Crypto; import lombok.Setter; import lombok.experimental.Accessors; import lombok.extern.slf4j.Slf4j; @@ -204,13 +205,12 @@ protected boolean isAuthRequired() { } private JsonElement processMessage(JsonElement message) throws PubNubException { - // if we do not have a crypto key, there is no way to process the node; let's return. - if (this.getPubnub().getConfiguration().getCipherKey() == null) { + // if we do not have a crypto module, there is no way to process the node; let's return. + CryptoModule cryptoModule = this.getPubnub().getCryptoModule(); + if (cryptoModule == null) { return message; } - Crypto crypto = new Crypto(this.getPubnub().getConfiguration().getCipherKey(), - this.getPubnub().getConfiguration().isUseRandomInitializationVector()); MapperManager mapper = this.getPubnub().getMapper(); String inputText; String outputText; @@ -222,7 +222,7 @@ private JsonElement processMessage(JsonElement message) throws PubNubException { inputText = mapper.elementToString(message); } - outputText = crypto.decrypt(inputText); + outputText = CryptoModuleKt.decryptString(cryptoModule, inputText); outputObject = mapper.fromJson(outputText, JsonElement.class); // inject the decoded response into the payload diff --git a/src/main/java/com/pubnub/api/endpoints/History.java b/src/main/java/com/pubnub/api/endpoints/History.java index 2a8df8438..de8bf2ce4 100644 --- a/src/main/java/com/pubnub/api/endpoints/History.java +++ b/src/main/java/com/pubnub/api/endpoints/History.java @@ -5,6 +5,8 @@ import com.pubnub.api.PubNub; import com.pubnub.api.PubNubException; import com.pubnub.api.builder.PubNubErrorBuilder; +import com.pubnub.api.crypto.CryptoModule; +import com.pubnub.api.crypto.CryptoModuleKt; import com.pubnub.api.enums.PNOperationType; import com.pubnub.api.managers.MapperManager; import com.pubnub.api.managers.RetrofitManager; @@ -12,7 +14,6 @@ import com.pubnub.api.managers.token_manager.TokenManager; import com.pubnub.api.models.consumer.history.PNHistoryItemResult; import com.pubnub.api.models.consumer.history.PNHistoryResult; -import com.pubnub.api.vendor.Crypto; import lombok.Setter; import lombok.experimental.Accessors; import retrofit2.Call; @@ -170,12 +171,12 @@ protected boolean isAuthRequired() { } private JsonElement processMessage(JsonElement message) throws PubNubException { - // if we do not have a crypto key, there is no way to process the node; let's return. - if (this.getPubnub().getConfiguration().getCipherKey() == null) { + // if we do not have a crypto module, there is no way to process the node; let's return. + CryptoModule cryptoModule = this.getPubnub().getCryptoModule(); + if (cryptoModule == null) { return message; } - Crypto crypto = new Crypto(this.getPubnub().getConfiguration().getCipherKey(), this.getPubnub().getConfiguration().isUseRandomInitializationVector()); MapperManager mapper = getPubnub().getMapper(); String inputText; String outputText; @@ -187,7 +188,7 @@ private JsonElement processMessage(JsonElement message) throws PubNubException { inputText = mapper.elementToString(message); } - outputText = crypto.decrypt(inputText); + outputText = CryptoModuleKt.decryptString(cryptoModule, inputText); outputObject = this.getPubnub().getMapper().fromJson(outputText, JsonElement.class); // inject the decoded response into the payload diff --git a/src/main/java/com/pubnub/api/endpoints/files/DownloadFile.java b/src/main/java/com/pubnub/api/endpoints/files/DownloadFile.java index ae8411f7e..21e8eacc0 100644 --- a/src/main/java/com/pubnub/api/endpoints/files/DownloadFile.java +++ b/src/main/java/com/pubnub/api/endpoints/files/DownloadFile.java @@ -3,9 +3,10 @@ import com.pubnub.api.PubNub; import com.pubnub.api.PubNubException; import com.pubnub.api.builder.PubNubErrorBuilder; +import com.pubnub.api.crypto.CryptoModule; +import com.pubnub.api.endpoints.BuilderSteps.ChannelStep; import com.pubnub.api.endpoints.Endpoint; import com.pubnub.api.endpoints.files.requiredparambuilder.ChannelFileNameFileIdBuilder; -import com.pubnub.api.endpoints.BuilderSteps.ChannelStep; import com.pubnub.api.endpoints.files.requiredparambuilder.FilesBuilderSteps.FileIdStep; import com.pubnub.api.endpoints.files.requiredparambuilder.FilesBuilderSteps.FileNameStep; import com.pubnub.api.enums.PNOperationType; @@ -13,7 +14,6 @@ import com.pubnub.api.managers.TelemetryManager; import com.pubnub.api.managers.token_manager.TokenManager; import com.pubnub.api.models.consumer.files.PNDownloadFileResult; -import com.pubnub.api.vendor.FileEncryptionUtil; import lombok.Setter; import lombok.experimental.Accessors; import okhttp3.ResponseBody; @@ -25,7 +25,7 @@ import java.util.List; import java.util.Map; -import static com.pubnub.api.vendor.FileEncryptionUtil.effectiveCipherKey; +import static com.pubnub.api.vendor.FileEncryptionUtil.effectiveCryptoModule; @Accessors(chain = true, fluent = true) public class DownloadFile extends Endpoint { @@ -87,11 +87,12 @@ protected PNDownloadFileResult createResponse(Response input) thro .pubnubError(PubNubErrorBuilder.PNERROBJ_INTERNAL_ERROR) .build(); } - String effectiveCipherKey = effectiveCipherKey(getPubnub(), cipherKey); - if (effectiveCipherKey == null) { - return new PNDownloadFileResult(fileName, input.body().byteStream()); + CryptoModule cryptoModule = effectiveCryptoModule(getPubnub(), cipherKey); + InputStream byteStream = input.body().byteStream(); + if (cryptoModule == null) { + return new PNDownloadFileResult(fileName, byteStream); } else { - InputStream decryptedByteStream = FileEncryptionUtil.decrypt(effectiveCipherKey, input.body().byteStream()); + InputStream decryptedByteStream = cryptoModule.decryptStream(byteStream); return new PNDownloadFileResult(fileName, decryptedByteStream); } } diff --git a/src/main/java/com/pubnub/api/endpoints/files/PublishFileMessage.java b/src/main/java/com/pubnub/api/endpoints/files/PublishFileMessage.java index 583d3f7aa..63c290817 100644 --- a/src/main/java/com/pubnub/api/endpoints/files/PublishFileMessage.java +++ b/src/main/java/com/pubnub/api/endpoints/files/PublishFileMessage.java @@ -5,11 +5,13 @@ import com.pubnub.api.PubNubException; import com.pubnub.api.PubNubUtil; import com.pubnub.api.builder.PubNubErrorBuilder; -import com.pubnub.api.endpoints.Endpoint; +import com.pubnub.api.crypto.CryptoModule; +import com.pubnub.api.crypto.CryptoModuleKt; import com.pubnub.api.endpoints.BuilderSteps.ChannelStep; +import com.pubnub.api.endpoints.Endpoint; +import com.pubnub.api.endpoints.files.requiredparambuilder.ChannelFileNameFileIdBuilder; import com.pubnub.api.endpoints.files.requiredparambuilder.FilesBuilderSteps.FileIdStep; import com.pubnub.api.endpoints.files.requiredparambuilder.FilesBuilderSteps.FileNameStep; -import com.pubnub.api.endpoints.files.requiredparambuilder.ChannelFileNameFileIdBuilder; import com.pubnub.api.enums.PNOperationType; import com.pubnub.api.managers.MapperManager; import com.pubnub.api.managers.RetrofitManager; @@ -19,7 +21,6 @@ import com.pubnub.api.models.consumer.files.PNPublishFileMessageResult; import com.pubnub.api.models.server.files.FileUploadNotification; import com.pubnub.api.services.FilesService; -import com.pubnub.api.vendor.Crypto; import lombok.Setter; import lombok.experimental.Accessors; import retrofit2.Call; @@ -87,9 +88,10 @@ protected void validateParams() throws PubNubException { protected Call> doWork(Map baseParams) throws PubNubException { String stringifiedMessage = mapper.toJsonUsinJackson(new FileUploadNotification(this.message, pnFile)); String messageAsString; - if (getPubnub().getConfiguration().getCipherKey() != null) { - Crypto crypto = new Crypto(getPubnub().getConfiguration().getCipherKey(), getPubnub().getConfiguration().isUseRandomInitializationVector()); - messageAsString = "\"".concat(crypto.encrypt(stringifiedMessage)).concat("\""); + CryptoModule cryptoModule = getPubnub().getCryptoModule(); + if (cryptoModule != null) { + String encryptString = CryptoModuleKt.encryptString(cryptoModule, stringifiedMessage); + messageAsString = "\"".concat(encryptString).concat("\""); } else { messageAsString = PubNubUtil.urlEncode(stringifiedMessage); } diff --git a/src/main/java/com/pubnub/api/endpoints/files/SendFile.java b/src/main/java/com/pubnub/api/endpoints/files/SendFile.java index ab4012698..69bcc8101 100644 --- a/src/main/java/com/pubnub/api/endpoints/files/SendFile.java +++ b/src/main/java/com/pubnub/api/endpoints/files/SendFile.java @@ -4,6 +4,7 @@ import com.pubnub.api.PubNubException; import com.pubnub.api.builder.PubNubErrorBuilder; import com.pubnub.api.callbacks.PNCallback; +import com.pubnub.api.crypto.CryptoModule; import com.pubnub.api.endpoints.BuilderSteps.ChannelStep; import com.pubnub.api.endpoints.files.requiredparambuilder.FilesBuilderSteps.FileIdStep; import com.pubnub.api.endpoints.files.requiredparambuilder.FilesBuilderSteps.FileNameStep; @@ -22,6 +23,7 @@ import com.pubnub.api.models.consumer.files.PNFileUploadResult; import com.pubnub.api.models.consumer.files.PNPublishFileMessageResult; import com.pubnub.api.models.server.files.FileUploadRequestDetails; +import com.pubnub.api.vendor.FileEncryptionUtil; import lombok.Data; import lombok.Setter; import lombok.experimental.Accessors; @@ -55,13 +57,16 @@ public class SendFile implements RemoteAction { private Boolean shouldStore; @Setter private String cipherKey; + private CryptoModule cryptoModule; SendFile(Builder.SendFileRequiredParams requiredParams, GenerateUploadUrl.Factory generateUploadUrlFactory, ChannelStep>> publishFileMessageBuilder, UploadFile.Factory sendFileToS3Factory, ExecutorService executorService, - int fileMessagePublishRetryLimit) { + int fileMessagePublishRetryLimit, + CryptoModule cryptoModule + ) { this.channel = requiredParams.channel(); this.fileName = requiredParams.fileName(); this.content = requiredParams.content(); @@ -72,6 +77,7 @@ public class SendFile implements RemoteAction { generateUploadUrlFactory, publishFileMessageBuilder, sendFileToS3Factory); + this.cryptoModule = FileEncryptionUtil.effectiveCryptoModule(cryptoModule, cipherKey); } public PNFileUploadResult sync() throws PubNubException { @@ -172,7 +178,7 @@ public void silentCancel() { private RemoteAction sendToS3(FileUploadRequestDetails result, UploadFile.Factory sendFileToS3Factory) { - return sendFileToS3Factory.create(fileName, content, cipherKey, result); + return sendFileToS3Factory.create(fileName, content, cryptoModule, result); } public static Builder builder(PubNub pubnub, @@ -251,7 +257,8 @@ public SendFile inputStream(InputStream inputStream) { publishFileMessageBuilder, uploadFileFactory, retrofit.getTransactionClientExecutorService(), - pubnub.getConfiguration().getFileMessagePublishRetryLimit()); + pubnub.getConfiguration().getFileMessagePublishRetryLimit(), + pubnub.getCryptoModule()); } catch (IOException e) { return new SendFile(new SendFileRequiredParams(channelValue, @@ -262,7 +269,9 @@ public SendFile inputStream(InputStream inputStream) { publishFileMessageBuilder, uploadFileFactory, retrofit.getTransactionClientExecutorService(), - pubnub.getConfiguration().getFileMessagePublishRetryLimit()); + pubnub.getConfiguration().getFileMessagePublishRetryLimit(), + pubnub.getCryptoModule() + ); } } } diff --git a/src/main/java/com/pubnub/api/endpoints/files/UploadFile.java b/src/main/java/com/pubnub/api/endpoints/files/UploadFile.java index 60a27e83c..58902868e 100644 --- a/src/main/java/com/pubnub/api/endpoints/files/UploadFile.java +++ b/src/main/java/com/pubnub/api/endpoints/files/UploadFile.java @@ -4,6 +4,7 @@ import com.pubnub.api.PubNubException; import com.pubnub.api.builder.PubNubErrorBuilder; import com.pubnub.api.callbacks.PNCallback; +import com.pubnub.api.crypto.CryptoModule; import com.pubnub.api.endpoints.remoteaction.RemoteAction; import com.pubnub.api.enums.PNOperationType; import com.pubnub.api.enums.PNStatusCategory; @@ -13,7 +14,6 @@ import com.pubnub.api.models.server.files.FileUploadRequestDetails; import com.pubnub.api.models.server.files.FormField; import com.pubnub.api.services.S3Service; -import com.pubnub.api.vendor.FileEncryptionUtil; import lombok.extern.slf4j.Slf4j; import okhttp3.MediaType; import okhttp3.MultipartBody; @@ -37,8 +37,6 @@ import java.net.UnknownHostException; import java.util.List; -import static com.pubnub.api.vendor.FileEncryptionUtil.effectiveCipherKey; - @Slf4j class UploadFile implements RemoteAction { private static final MediaType APPLICATION_OCTET_STREAM = MediaType.get("application/octet-stream"); @@ -47,7 +45,7 @@ class UploadFile implements RemoteAction { private final S3Service s3Service; private final String fileName; private final byte[] content; - private final String cipherKey; + private final CryptoModule cryptoModule; private final FormField key; private final List formParams; private final String baseUrl; @@ -56,14 +54,14 @@ class UploadFile implements RemoteAction { UploadFile(S3Service s3Service, String fileName, byte[] content, - String cipherKey, + CryptoModule cryptoModule, FormField key, List formParams, String baseUrl) { this.s3Service = s3Service; this.fileName = fileName; this.content = content; - this.cipherKey = cipherKey; + this.cryptoModule = cryptoModule; this.key = key; this.formParams = formParams; this.baseUrl = baseUrl; @@ -86,10 +84,10 @@ private Call prepareCall() throws PubNubException, IOException { MediaType mediaType = getMediaType(getContentType(formParams)); RequestBody requestBody; - if (cipherKey == null) { + if (cryptoModule == null) { requestBody = RequestBody.create(content, mediaType); } else { - requestBody = RequestBody.create(FileEncryptionUtil.encryptToBytes(cipherKey, content), mediaType); + requestBody = RequestBody.create(cryptoModule.encrypt(content), mediaType); } builder.addFormDataPart(FILE_PART_MULTIPART, fileName, requestBody); @@ -115,7 +113,7 @@ private MediaType getMediaType(@Nullable String contentType) { try { return MediaType.get(contentType); - } catch (Throwable t) { + } catch (Throwable t) { log.warn("Content-Type: " + contentType + " was not recognized by MediaType.get", t); return APPLICATION_OCTET_STREAM; } @@ -164,7 +162,7 @@ public void onResponse(@NotNull Call performedCall, @NotNull Response create(String fileName, byte[] content, - String cipherKey, + CryptoModule cryptoModule, FileUploadRequestDetails fileUploadRequestDetails) { - String effectiveCipherKey = effectiveCipherKey(pubNub, cipherKey); + return new UploadFile(retrofitManager.getS3Service(), fileName, content, - effectiveCipherKey, + cryptoModule, fileUploadRequestDetails.getKeyFormField(), fileUploadRequestDetails.getFormFields(), fileUploadRequestDetails.getUrl()); } diff --git a/src/main/java/com/pubnub/api/endpoints/pubsub/Publish.java b/src/main/java/com/pubnub/api/endpoints/pubsub/Publish.java index b37110f32..ebcd4d478 100644 --- a/src/main/java/com/pubnub/api/endpoints/pubsub/Publish.java +++ b/src/main/java/com/pubnub/api/endpoints/pubsub/Publish.java @@ -4,6 +4,8 @@ import com.pubnub.api.PubNubException; import com.pubnub.api.PubNubUtil; import com.pubnub.api.builder.PubNubErrorBuilder; +import com.pubnub.api.crypto.CryptoModule; +import com.pubnub.api.crypto.CryptoModuleKt; import com.pubnub.api.endpoints.Endpoint; import com.pubnub.api.enums.PNOperationType; import com.pubnub.api.managers.MapperManager; @@ -12,7 +14,6 @@ import com.pubnub.api.managers.TelemetryManager; import com.pubnub.api.managers.token_manager.TokenManager; import com.pubnub.api.models.consumer.PNPublishResult; -import com.pubnub.api.vendor.Crypto; import lombok.Setter; import lombok.experimental.Accessors; import retrofit2.Call; @@ -109,9 +110,9 @@ protected Call> doWork(Map params) throws PubNubExc params.put("norep", "true"); } - if (this.getPubnub().getConfiguration().getCipherKey() != null) { - Crypto crypto = new Crypto(this.getPubnub().getConfiguration().getCipherKey(), this.getPubnub().getConfiguration().isUseRandomInitializationVector()); - stringifiedMessage = crypto.encrypt(stringifiedMessage).replace("\n", ""); + CryptoModule cryptoModule = this.getPubnub().getCryptoModule(); + if (cryptoModule != null) { + stringifiedMessage = CryptoModuleKt.encryptString(cryptoModule, stringifiedMessage).replace("\n", ""); } params.putAll(encodeParams(params)); @@ -119,7 +120,7 @@ protected Call> doWork(Map params) throws PubNubExc if (usePOST != null && usePOST) { Object payloadToSend; - if (this.getPubnub().getConfiguration().getCipherKey() != null) { + if (cryptoModule != null) { payloadToSend = stringifiedMessage; } else { payloadToSend = message; @@ -130,7 +131,7 @@ protected Call> doWork(Map params) throws PubNubExc channel, payloadToSend, params); } else { - if (this.getPubnub().getConfiguration().getCipherKey() != null) { + if (cryptoModule != null) { stringifiedMessage = "\"".concat(stringifiedMessage).concat("\""); } diff --git a/src/main/java/com/pubnub/api/vendor/Crypto.java b/src/main/java/com/pubnub/api/vendor/Crypto.java index accbeb1ef..ae15e3b81 100644 --- a/src/main/java/com/pubnub/api/vendor/Crypto.java +++ b/src/main/java/com/pubnub/api/vendor/Crypto.java @@ -169,35 +169,6 @@ public String decrypt(String cipher_text) throws PubNubException { } } - public static byte[] hexStringToByteArray(String s) { - int len = s.length(); - byte[] data = new byte[len / 2]; - for (int i = 0; i < len; i += 2) { - data[i / 2] = (byte) ((Character.digit(s.charAt(i), 16) << 4) + Character.digit(s.charAt(i + 1), 16)); - } - return data; - } - - /** - * Get MD5 - * - * @param input - * @return byte[] - * @throws PubNubException - */ - public static byte[] md5(String input) throws PubNubException { - MessageDigest digest; - try { - digest = MessageDigest.getInstance("MD5"); - byte[] hashedBytes = digest.digest(input.getBytes(ENCODING_UTF_8)); - return hashedBytes; - } catch (NoSuchAlgorithmException e) { - throw PubNubException.builder().pubnubError(newCryptoError(118, e.toString())).errormsg(e.getMessage()).cause(e).build(); - } catch (UnsupportedEncodingException e) { - throw PubNubException.builder().pubnubError(newCryptoError(119, e.toString())).errormsg(e.getMessage()).cause(e).build(); - } - } - /** * Get SHA256 * diff --git a/src/main/java/com/pubnub/api/vendor/FileEncryptionUtil.java b/src/main/java/com/pubnub/api/vendor/FileEncryptionUtil.java index 1c4ff005f..e418242e6 100644 --- a/src/main/java/com/pubnub/api/vendor/FileEncryptionUtil.java +++ b/src/main/java/com/pubnub/api/vendor/FileEncryptionUtil.java @@ -1,26 +1,9 @@ package com.pubnub.api.vendor; import com.pubnub.api.PubNub; -import com.pubnub.api.PubNubException; +import com.pubnub.api.crypto.CryptoModule; import lombok.Data; -import javax.crypto.BadPaddingException; -import javax.crypto.Cipher; -import javax.crypto.IllegalBlockSizeException; -import javax.crypto.NoSuchPaddingException; -import javax.crypto.spec.IvParameterSpec; -import javax.crypto.spec.SecretKeySpec; -import java.io.*; -import java.security.InvalidAlgorithmParameterException; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; -import java.security.SecureRandom; -import java.security.spec.AlgorithmParameterSpec; - -import static com.pubnub.api.PubNubUtil.readBytes; -import static com.pubnub.api.vendor.Crypto.hexEncode; -import static com.pubnub.api.vendor.Crypto.sha256; - public final class FileEncryptionUtil { private static final int IV_SIZE_BYTES = 16; public static final int BUFFER_SIZE_BYTES = 8192; @@ -33,111 +16,15 @@ private static class IvAndData { final byte[] dataToDecrypt; } - private FileEncryptionUtil() {} + public static CryptoModule effectiveCryptoModule(PubNub pubNub, String cipherKey) { + return effectiveCryptoModule(pubNub.getCryptoModule(), cipherKey); + } - public static String effectiveCipherKey(PubNub pubNub, String cipherKey) { + public static CryptoModule effectiveCryptoModule(CryptoModule cryptoModule, String cipherKey) { if (cipherKey != null) { - return cipherKey; - } else if (pubNub.getConfiguration().getCipherKey() != null) { - return pubNub.getConfiguration().getCipherKey(); + return CryptoModule.createLegacyCryptoModule(cipherKey, true); } else { - return null; - } - } - - public static byte[] encryptToBytes(final String cipherKey, final byte[] bytesToEncrypt) - throws PubNubException { - try (ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) { - final byte[] keyBytes = keyBytes(cipherKey); - final byte[] randomIvBytes = randomIv(); - final Cipher encryptionCipher = encryptionCipher(keyBytes, randomIvBytes); - - byteArrayOutputStream.write(randomIvBytes); - byteArrayOutputStream.write(encryptionCipher.doFinal(bytesToEncrypt)); - return byteArrayOutputStream.toByteArray(); - } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | NoSuchPaddingException | - InvalidKeyException | IOException | BadPaddingException | IllegalBlockSizeException e) { - throw PubNubException.builder().errormsg(e.toString()).build(); - } - } - - public static InputStream encrypt(final String cipherKey, final InputStream inputStreamToEncrypt) - throws PubNubException { - - try { - return new ByteArrayInputStream(encryptToBytes(cipherKey, readBytes(inputStreamToEncrypt))); - } catch (IOException e) { - throw PubNubException.builder() - .errormsg(e.getMessage()) - .cause(e) - .build(); - } - } - - public static InputStream decrypt(final String cipherKey, final InputStream encryptedInputStream) - throws PubNubException { - try { - final byte[] keyBytes = keyBytes(cipherKey); - final IvAndData ivAndData = loadIvAndDataFromInputStream(encryptedInputStream); - final Cipher decryptionCipher = decryptionCipher(keyBytes, ivAndData.ivBytes); - byte[] decryptedBytes = decryptionCipher.doFinal(ivAndData.dataToDecrypt); - return new ByteArrayInputStream(decryptedBytes); - } catch (NoSuchAlgorithmException | InvalidAlgorithmParameterException | NoSuchPaddingException - | InvalidKeyException | IOException | IllegalBlockSizeException | BadPaddingException e) { - throw PubNubException.builder().errormsg(e.toString()).cause(e).build(); + return cryptoModule; } } - - private static IvAndData loadIvAndDataFromInputStream(final InputStream inputStreamToEncrypt) throws IOException { - final byte[] ivBytes = new byte[IV_SIZE_BYTES]; - { - int read; - int readSoFar = 0; - do { - read = inputStreamToEncrypt.read(ivBytes, readSoFar, IV_SIZE_BYTES - readSoFar); - if (read != -1) { - readSoFar += read; - } - } while (read != -1 && readSoFar < IV_SIZE_BYTES); - if (read == -1) { - throw new IOException("EOF before IV fully read"); - } - } - - return new IvAndData(ivBytes, readBytes(inputStreamToEncrypt)); - } - - private static Cipher encryptionCipher(final byte[] keyBytes, final byte[] ivBytes) - throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, - InvalidAlgorithmParameterException { - return cipher(keyBytes, ivBytes, Cipher.ENCRYPT_MODE); - } - - private static Cipher decryptionCipher(final byte[] keyBytes, final byte[] ivBytes) - throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, - InvalidAlgorithmParameterException { - return cipher(keyBytes, ivBytes, Cipher.DECRYPT_MODE); - } - - private static Cipher cipher(final byte[] keyBytes, final byte[] ivBytes, final int mode) - throws NoSuchAlgorithmException, NoSuchPaddingException, InvalidKeyException, - InvalidAlgorithmParameterException { - Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORMATION); - AlgorithmParameterSpec iv = new IvParameterSpec(ivBytes); - SecretKeySpec key = new SecretKeySpec(keyBytes, "AES"); - cipher.init(mode, key, iv); - return cipher; - } - - private static byte[] keyBytes(final String cipherKey) throws UnsupportedEncodingException, PubNubException { - return new String(hexEncode(sha256(cipherKey.getBytes(ENCODING_UTF_8))), ENCODING_UTF_8) - .substring(0, 32) - .toLowerCase().getBytes(ENCODING_UTF_8); - } - - private static byte[] randomIv() throws NoSuchAlgorithmException { - byte[] randomIv = new byte[IV_SIZE_BYTES]; - SecureRandom.getInstance("SHA1PRNG").nextBytes(randomIv); - return randomIv; - } } diff --git a/src/main/java/com/pubnub/api/workers/SubscribeMessageProcessor.java b/src/main/java/com/pubnub/api/workers/SubscribeMessageProcessor.java index 2cc823653..135f3d1b3 100644 --- a/src/main/java/com/pubnub/api/workers/SubscribeMessageProcessor.java +++ b/src/main/java/com/pubnub/api/workers/SubscribeMessageProcessor.java @@ -8,6 +8,8 @@ import com.pubnub.api.PubNub; import com.pubnub.api.PubNubException; import com.pubnub.api.PubNubUtil; +import com.pubnub.api.crypto.CryptoModule; +import com.pubnub.api.crypto.CryptoModuleKt; import com.pubnub.api.managers.DuplicationManager; import com.pubnub.api.managers.MapperManager; import com.pubnub.api.models.consumer.files.PNDownloadableFile; @@ -18,7 +20,11 @@ import com.pubnub.api.models.consumer.objects_api.membership.PNMembershipResult; import com.pubnub.api.models.consumer.objects_api.uuid.PNUUIDMetadata; import com.pubnub.api.models.consumer.objects_api.uuid.PNUUIDMetadataResult; -import com.pubnub.api.models.consumer.pubsub.*; +import com.pubnub.api.models.consumer.pubsub.BasePubSubResult; +import com.pubnub.api.models.consumer.pubsub.PNEvent; +import com.pubnub.api.models.consumer.pubsub.PNMessageResult; +import com.pubnub.api.models.consumer.pubsub.PNPresenceEventResult; +import com.pubnub.api.models.consumer.pubsub.PNSignalResult; import com.pubnub.api.models.consumer.pubsub.files.PNFileEventResult; import com.pubnub.api.models.consumer.pubsub.message_actions.PNMessageActionResult; import com.pubnub.api.models.consumer.pubsub.objects.ObjectPayload; @@ -27,7 +33,6 @@ import com.pubnub.api.models.server.SubscribeMessage; import com.pubnub.api.models.server.files.FileUploadNotification; import com.pubnub.api.services.FilesService; -import com.pubnub.api.vendor.Crypto; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; @@ -191,8 +196,9 @@ PNEvent processIncomingPayload(SubscribeMessage message) throws PubNubException private JsonElement processMessage(SubscribeMessage subscribeMessage) throws PubNubException { JsonElement input = subscribeMessage.getPayload(); - // if we do not have a crypto key, there is no way to process the node; let's return. - if (pubnub.getConfiguration().getCipherKey() == null) { + // if we do not have a crypto module, there is no way to process the node; let's return. + CryptoModule cryptoModule = pubnub.getCryptoModule(); + if (cryptoModule == null) { return input; } @@ -202,8 +208,6 @@ private JsonElement processMessage(SubscribeMessage subscribeMessage) throws Pub return input; } - Crypto crypto = new Crypto(pubnub.getConfiguration().getCipherKey(), - pubnub.getConfiguration().isUseRandomInitializationVector()); MapperManager mapper = this.pubnub.getMapper(); String inputText; String outputText; @@ -215,7 +219,7 @@ private JsonElement processMessage(SubscribeMessage subscribeMessage) throws Pub inputText = mapper.elementToString(input); } - outputText = crypto.decrypt(inputText); + outputText = CryptoModuleKt.decryptString(cryptoModule, inputText); outputObject = mapper.fromJson(outputText, JsonElement.class); diff --git a/src/test/java/com/pubnub/api/PubNubTest.java b/src/test/java/com/pubnub/api/PubNubTest.java index d68d0a089..109256c2d 100644 --- a/src/test/java/com/pubnub/api/PubNubTest.java +++ b/src/test/java/com/pubnub/api/PubNubTest.java @@ -100,7 +100,7 @@ public void getVersionAndTimeStamp() { pubnub = new PubNub(pnConfiguration); String version = pubnub.getVersion(); int timeStamp = pubnub.getTimestamp(); - Assert.assertEquals("6.3.6", version); + Assert.assertEquals("6.4.0", version); Assert.assertTrue(timeStamp > 0); } diff --git a/src/test/java/com/pubnub/api/endpoints/files/SendFileTest.java b/src/test/java/com/pubnub/api/endpoints/files/SendFileTest.java index ff187137c..82e473e73 100644 --- a/src/test/java/com/pubnub/api/endpoints/files/SendFileTest.java +++ b/src/test/java/com/pubnub/api/endpoints/files/SendFileTest.java @@ -3,6 +3,7 @@ import com.pubnub.api.PubNub; import com.pubnub.api.PubNubException; import com.pubnub.api.callbacks.PNCallback; +import com.pubnub.api.crypto.CryptoModule; import com.pubnub.api.endpoints.remoteaction.TestRemoteAction; import com.pubnub.api.managers.RetrofitManager; import com.pubnub.api.managers.token_manager.TokenManager; @@ -190,7 +191,8 @@ private SendFile sendFile(String channel, String fileName, InputStream inputStre publishFileMessageBuilder, sendFileToS3Factory, Executors.newSingleThreadExecutor(), - numberOfRetries + numberOfRetries, + CryptoModule.createLegacyCryptoModule("enigma", true) ); } diff --git a/src/test/java/com/pubnub/api/vendor/CryptoTest.java b/src/test/java/com/pubnub/api/vendor/CryptoTest.java deleted file mode 100644 index 56d7395c9..000000000 --- a/src/test/java/com/pubnub/api/vendor/CryptoTest.java +++ /dev/null @@ -1,50 +0,0 @@ -package com.pubnub.api.vendor; - -import com.pubnub.api.PubNubException; -import org.apache.commons.io.IOUtils; -import org.junit.Test; - -import java.io.ByteArrayInputStream; -import java.io.ByteArrayOutputStream; -import java.io.IOException; -import java.io.InputStream; -import java.util.Random; - -import static org.hamcrest.Matchers.*; -import static org.hamcrest.MatcherAssert.assertThat; - -public class CryptoTest { - private static final int MAX_FILE_SIZE_IN_BYTES = 1024 * 1024 * 5; - - @Test - public void canDecryptWhatIsEncrypted() throws IOException, PubNubException { - //given - final String cipherKey = "enigma"; - final byte[] byteArrayToEncrypt = byteArrayToEncrypt(); - byte[] decryptedByteArray; - - //when - final byte[] encryptedByteArray = FileEncryptionUtil.encryptToBytes(cipherKey, - byteArrayToEncrypt); - try (InputStream decryptedInputStream = FileEncryptionUtil.decrypt(cipherKey, - new ByteArrayInputStream(encryptedByteArray))) { - try (final ByteArrayOutputStream byteArrayOutputStream = new ByteArrayOutputStream()) { - IOUtils.copy(decryptedInputStream, byteArrayOutputStream); - decryptedByteArray = byteArrayOutputStream.toByteArray(); - } - } - - //then - assertThat(decryptedByteArray, allOf( - equalTo(byteArrayToEncrypt), - not(equalTo(encryptedByteArray)))); - } - - private byte[] byteArrayToEncrypt() { - final Random random = new Random(); - final int fileSize = random.nextInt(MAX_FILE_SIZE_IN_BYTES); - byte[] fileContents = new byte[fileSize]; - random.nextBytes(fileContents); - return fileContents; - } -} \ No newline at end of file diff --git a/src/test/java/com/pubnub/contract/ContractTestConfig.kt b/src/test/java/com/pubnub/contract/ContractTestConfig.kt index 96a26dde7..b5404ecae 100644 --- a/src/test/java/com/pubnub/contract/ContractTestConfig.kt +++ b/src/test/java/com/pubnub/contract/ContractTestConfig.kt @@ -30,6 +30,10 @@ interface ContractTestConfig : Config { @Config.Key("dataFileLocation") @Config.DefaultValue("src/test/resources/sdk-specifications/features/data") fun dataFileLocation(): String + + @Config.Key("cryptoFilesLocation") + @Config.DefaultValue("src/test/resources/sdk-specifications/features/encryption/assets") + fun cryptoFilesLocation(): String } val CONTRACT_TEST_CONFIG: ContractTestConfig = ConfigFactory.create(ContractTestConfig::class.java, System.getenv()) diff --git a/src/test/java/com/pubnub/contract/Utils.kt b/src/test/java/com/pubnub/contract/Utils.kt new file mode 100644 index 000000000..fd1cf767b --- /dev/null +++ b/src/test/java/com/pubnub/contract/Utils.kt @@ -0,0 +1,9 @@ +package com.pubnub.contract + +import java.nio.file.Files +import java.nio.file.Paths + +fun getFileContentAsByteArray(fileName: String): ByteArray { + val cryptoFileLocation = CONTRACT_TEST_CONFIG.cryptoFilesLocation() + return Files.readAllBytes(Paths.get(cryptoFileLocation, fileName)) +} diff --git a/src/test/java/com/pubnub/contract/crypto/CryptoModuleState.kt b/src/test/java/com/pubnub/contract/crypto/CryptoModuleState.kt new file mode 100644 index 000000000..da8cb0f14 --- /dev/null +++ b/src/test/java/com/pubnub/contract/crypto/CryptoModuleState.kt @@ -0,0 +1,16 @@ +package com.pubnub.contract.crypto + +import com.pubnub.api.crypto.exception.PubNubError + +class CryptoModuleState { + var defaultCryptorType: String? = null + var decryptionOnlyCryptorType: String? = null + var cryptorCipherKey: String? = null + var initializationVectorType: String? = null + var decryptionError: PubNubError? = null + var encryptionError: PubNubError? = null + var encryptedData: ByteArray? = null + var decryptedData: ByteArray? = null + var fileContent: ByteArray? = null + var encryptionType: String? = null +} diff --git a/src/test/java/com/pubnub/contract/crypto/CryptoModuleSteps.kt b/src/test/java/com/pubnub/contract/crypto/CryptoModuleSteps.kt new file mode 100644 index 000000000..ae277175b --- /dev/null +++ b/src/test/java/com/pubnub/contract/crypto/CryptoModuleSteps.kt @@ -0,0 +1,212 @@ +package com.pubnub.contract.crypto + +import com.pubnub.api.crypto.CryptoModule +import com.pubnub.api.crypto.cryptor.AesCbcCryptor +import com.pubnub.api.crypto.cryptor.Cryptor +import com.pubnub.api.crypto.cryptor.LegacyCryptor +import com.pubnub.api.crypto.exception.PubNubError +import com.pubnub.api.crypto.exception.PubNubException +import com.pubnub.api.vendor.Base64 +import com.pubnub.api.vendor.Crypto +import com.pubnub.api.vendor.FileEncryptionUtilKT +import com.pubnub.contract.getFileContentAsByteArray +import io.cucumber.java.en.Given +import io.cucumber.java.en.Then +import io.cucumber.java.en.When +import org.junit.jupiter.api.Assertions.assertArrayEquals +import org.junit.jupiter.api.Assertions.assertEquals +import org.junit.jupiter.api.Assertions.assertNull +import org.junit.jupiter.api.Assertions.assertTrue +import java.io.ByteArrayInputStream + +private const val LEGACY_NEW = "legacy" +private const val AES_CBC = "acrh" +private const val RANDOM_IV = "random" +private const val CRYPTION_TYPE_BINARY = "binary" // not a stream +private const val CRYPTION_TYPE_STREAM = "stream" + +class CryptoModuleSteps( + private val cryptoModuleState: CryptoModuleState, +) { + + @Given("Crypto module with {string} cryptor") + fun crypto_module_with_cryptor(cryptorType: String) { + cryptoModuleState.defaultCryptorType = cryptorType + } + + @Given("with {string} cipher key") + fun cryptor_with_cipher_key(cipherKey: String) { + cryptoModuleState.cryptorCipherKey = cipherKey + } + + @Given("with {string} vector") + fun cryptor_with_initialization_vector(initializationVectorType: String) { + cryptoModuleState.initializationVectorType = initializationVectorType + } + + @Suppress("UNUSED_PARAMETER") + @Given("Legacy code with {string} cipher key and {string} vector") + fun legacy_code_with_cipher_key_and_vector(cipherKey: String, initializationVectorType: String) { + // this is fine, nothing here + } + + @Given("Crypto module with default {string} and additional {string} cryptors") + fun crypto_module_with_default_cryptor_and_additional_cryptor( + defaultCryptorType: String, + decryptionCryptorType: String + ) { + cryptoModuleState.defaultCryptorType = defaultCryptorType + cryptoModuleState.decryptionOnlyCryptorType = decryptionCryptorType + } + + @When("I decrypt {string} file") + fun I_decrypt_file(fileName: String) { + val encryptedFileContent = getFileContentAsByteArray(fileName) + var cryptoModule: CryptoModule? = null + if (cryptoModuleState.defaultCryptorType == AES_CBC) { + cryptoModule = CryptoModule.createNewCryptoModule(AesCbcCryptor(cryptoModuleState.cryptorCipherKey!!)) + } else if (cryptoModuleState.defaultCryptorType == LEGACY_NEW) { + cryptoModule = CryptoModule.createNewCryptoModule(LegacyCryptor(cryptoModuleState.cryptorCipherKey!!)) + } + + try { + cryptoModule?.decrypt(encryptedData = encryptedFileContent) + } catch (e: PubNubException) { + cryptoModuleState.decryptionError = e.pubnubError + } + } + + @When("I encrypt {string} file as {string}") + fun I_encrypt_file(fileName: String, encryptionType: String) { + val notEncryptedFileContent = getFileContentAsByteArray(fileName) + cryptoModuleState.fileContent = notEncryptedFileContent + cryptoModuleState.encryptionType = encryptionType + val cryptoModule = createCryptoModuleForEncryption() + var encryptedData: ByteArray = byteArrayOf() + try { + encryptedData = when (encryptionType) { + CRYPTION_TYPE_BINARY -> cryptoModule.encrypt(notEncryptedFileContent) + CRYPTION_TYPE_STREAM -> cryptoModule.encryptStream(notEncryptedFileContent.inputStream()).readBytes() + else -> throw PubNubException("Invalid encryptionType type. Should be binary or stream") + } + } catch (e: PubNubException) { + cryptoModuleState.encryptionError = e.pubnubError + } + cryptoModuleState.encryptedData = encryptedData + } + + private fun createCryptoModuleForEncryption(): CryptoModule { + val randoIv: Boolean = cryptoModuleState.initializationVectorType == RANDOM_IV + + val defaultCryptorType = cryptoModuleState.defaultCryptorType + val cryptor = createCryptor(defaultCryptorType!!, cryptoModuleState.cryptorCipherKey!!, randoIv) + val cryptoModule = CryptoModule.createNewCryptoModule(cryptor) + return cryptoModule + } + + @When("I decrypt {string} file as {string}") + fun I_decrypt_file_as_binary(encryptedFile: String, decryptionType: String) { + val cryptoModule: CryptoModule = createCryptoModuleForDecryption() + + val encryptedFileContent = getFileContentAsByteArray(encryptedFile) + var decryptedData = ByteArray(0) + try { + decryptedData = when (decryptionType) { + CRYPTION_TYPE_BINARY -> cryptoModule.decrypt(encryptedFileContent) + CRYPTION_TYPE_STREAM -> cryptoModule.decryptStream(encryptedFileContent.inputStream()).readBytes() + else -> throw PubNubException("Invalid decryptionType type. Should be binary or stream") + } + } catch (e: PubNubException) { + cryptoModuleState.decryptionError = e.pubnubError + } + cryptoModuleState.decryptedData = decryptedData + } + + private fun createCryptoModuleForDecryption(): CryptoModule { + val defaultCryptorType = cryptoModuleState.defaultCryptorType + val cipherKey = cryptoModuleState.cryptorCipherKey!! + val randoIv: Boolean = cryptoModuleState.initializationVectorType == RANDOM_IV + val cryptoModule: CryptoModule + if (cryptoModuleState.decryptionOnlyCryptorType == null) { + cryptoModule = when (defaultCryptorType) { + LEGACY_NEW -> { + CryptoModule.createNewCryptoModule(LegacyCryptor(cipherKey, randoIv)) + } + AES_CBC -> { + CryptoModule.createNewCryptoModule(AesCbcCryptor(cipherKey)) + } + else -> throw PubNubException("Invalid cryptor type") + } + } else { + val decryptionOnlyCryptorType = cryptoModuleState.decryptionOnlyCryptorType + val defaultCryptor = createCryptor(defaultCryptorType!!, cipherKey, randoIv) + val decryptionOnlyCryptor = createCryptor(decryptionOnlyCryptorType!!, cipherKey, randoIv) + cryptoModule = CryptoModule.createNewCryptoModule(defaultCryptor, listOf(decryptionOnlyCryptor)) + } + return cryptoModule + } + + private fun createCryptor(cryptorType: String, cipherKey: String, useRandomIv: Boolean): Cryptor { + return when (cryptorType) { + LEGACY_NEW -> { + LegacyCryptor(cipherKey, useRandomIv) + } + AES_CBC -> { + AesCbcCryptor(cipherKey) + } + else -> { + throw PubNubException("Invalid cryptor type") + } + } + } + + @Then("I receive {string}") + fun I_receive_outcome(outcome: String) { + when (outcome) { + "unknown cryptor error" -> { + assertTrue(cryptoModuleState.decryptionError == PubNubError.UNKNOWN_CRYPTOR || cryptoModuleState.decryptionError == PubNubError.CRYPTOR_HEADER_VERSION_UNKNOWN) + } + "decryption error" -> { + val isDecryptionError01 = PubNubError.CRYPTOR_DATA_HEADER_SIZE_TO_SMALL == cryptoModuleState.decryptionError + val isDecryptionError02 = PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED == cryptoModuleState.decryptionError + val isDecryptionError03 = PubNubError.UNKNOWN_CRYPTOR == cryptoModuleState.decryptionError + assertTrue(isDecryptionError01 || isDecryptionError02 || isDecryptionError03) + } + "success" -> assertNull(cryptoModuleState.decryptionError) + "encryption error" -> assertEquals( + PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, + cryptoModuleState.encryptionError + ) + } + } + + @Then("Successfully decrypt an encrypted file with legacy code") + fun successfully_decrypt_an_encrypted_file_with_legacy_code() { + val encryptedData = cryptoModuleState.encryptedData + val encryptedDataAsStringBase64 = String(Base64.encode(encryptedData, Base64.NO_WRAP)) + val randoIv: Boolean = cryptoModuleState.initializationVectorType == RANDOM_IV + val cipherKey = cryptoModuleState.cryptorCipherKey + + val encryptionType = cryptoModuleState.encryptionType + val decryptedDataAsString: String = when (encryptionType) { + CRYPTION_TYPE_BINARY -> { + val crypto = Crypto(cipherKey, randoIv) + crypto.decrypt(encryptedDataAsStringBase64) + } + CRYPTION_TYPE_STREAM -> { + val byteArrayInputStream = ByteArrayInputStream(encryptedData) + val decryptedStreamAsByteArray = FileEncryptionUtilKT.decrypt(byteArrayInputStream, cipherKey!!).readBytes() + String(decryptedStreamAsByteArray) + } + else -> { throw PubNubException("Invalid cryptor type") } + } + + assertEquals(String(cryptoModuleState.fileContent!!), decryptedDataAsString) + } + + @Then("Decrypted file content equal to the {string} file content") + fun decrypted_file_content_equal_to_the_source_file_content(sourceFileName: String) { + val sourceFileContent = getFileContentAsByteArray(sourceFileName) + assertArrayEquals(sourceFileContent, cryptoModuleState.decryptedData) + } +} diff --git a/src/test/kotlin/com/pubnub/api/crypto/CryptoModuleTest.kt b/src/test/kotlin/com/pubnub/api/crypto/CryptoModuleTest.kt new file mode 100644 index 000000000..5b3c26db6 --- /dev/null +++ b/src/test/kotlin/com/pubnub/api/crypto/CryptoModuleTest.kt @@ -0,0 +1,355 @@ +package com.pubnub.api.crypto + +import com.pubnub.api.crypto.cryptor.AesCbcCryptor +import com.pubnub.api.crypto.cryptor.Cryptor +import com.pubnub.api.crypto.cryptor.LegacyCryptor +import com.pubnub.api.crypto.data.EncryptedData +import com.pubnub.api.crypto.data.EncryptedStreamData +import com.pubnub.api.crypto.exception.PubNubError +import com.pubnub.api.crypto.exception.PubNubException +import org.hamcrest.CoreMatchers +import org.hamcrest.MatcherAssert.assertThat +import org.hamcrest.Matchers.containsInAnyOrder +import org.hamcrest.Matchers.hasSize +import org.junit.jupiter.api.Assertions.assertArrayEquals +import org.junit.jupiter.api.Assertions.assertEquals +import org.junit.jupiter.api.Assertions.assertThrows +import org.junit.jupiter.api.Assertions.assertTrue +import org.junit.jupiter.api.Test +import org.junit.jupiter.params.ParameterizedTest +import org.junit.jupiter.params.provider.Arguments +import org.junit.jupiter.params.provider.MethodSource +import java.io.ByteArrayInputStream +import java.io.InputStream +import java.util.* +import org.hamcrest.Matchers.`is` as iz + +class CryptoModuleTest { + + @Test + fun `can createLegacyCryptoModule`() { + // given + val cipherKey = "enigma" + + // when + val legacyCryptoModule = CryptoModule.createLegacyCryptoModule(cipherKey) + + // then + assertTrue(legacyCryptoModule.primaryCryptor is LegacyCryptor) + assertThat(legacyCryptoModule.cryptorsForDecryptionOnly, hasSize(2)) + assertThat( + legacyCryptoModule.cryptorsForDecryptionOnly, + containsInAnyOrder( + listOf( + iz(CoreMatchers.instanceOf(AesCbcCryptor::class.java)), + iz(CoreMatchers.instanceOf(LegacyCryptor::class.java)) + ) + ) + ) + } + + @Test + fun `can createAesCbcCryptoModule`() { + // given + val cipherKey = "enigma" + + // when + val aesCbcCryptoModule = CryptoModule.createAesCbcCryptoModule(cipherKey) + + // then + assertTrue(aesCbcCryptoModule.primaryCryptor is AesCbcCryptor) + assertThat(aesCbcCryptoModule.cryptorsForDecryptionOnly, hasSize(2)) + assertThat( + aesCbcCryptoModule.cryptorsForDecryptionOnly, + containsInAnyOrder( + listOf( + iz(CoreMatchers.instanceOf(AesCbcCryptor::class.java)), + iz(CoreMatchers.instanceOf(LegacyCryptor::class.java)) + ) + ) + ) + } + + @Test + fun `can createNewCryptoModule`() { + // given + val cipherKey = "enigma" + + // when + val newCryptoModule = CryptoModule.createNewCryptoModule(defaultCryptor = AesCbcCryptor(cipherKey)) + + // then + assertTrue(newCryptoModule.primaryCryptor is AesCbcCryptor) + assertThat(newCryptoModule.cryptorsForDecryptionOnly, hasSize(1)) + assertThat( + newCryptoModule.cryptorsForDecryptionOnly.first(), + iz(CoreMatchers.instanceOf(AesCbcCryptor::class.java)) + ) + } + + @Test + fun `can decrypt encrypted message using LegacyCryptoModule with randomIV`() { + // given + val cipherKey = "enigma" + val legacyCryptoModuleWithRandomIv = CryptoModule.createLegacyCryptoModule(cipherKey) + val msgToEncrypt = "Hello world".toByteArray() + + // when + val encryptedMsg = legacyCryptoModuleWithRandomIv.encrypt(msgToEncrypt) + val decryptedMsg = legacyCryptoModuleWithRandomIv.decrypt(encryptedMsg) + + // then + assertArrayEquals(msgToEncrypt, decryptedMsg) + } + + @Test + fun `can decrypt encrypted message using LegacyCryptoModule with staticIV`() { + // given + val cipherKey = "enigma" + val legacyCryptoModuleWithStaticIv = CryptoModule.createLegacyCryptoModule(cipherKey, false) + val msgToEncrypt = "Hello world".toByteArray() + + // when + val encryptedMsg = legacyCryptoModuleWithStaticIv.encrypt(msgToEncrypt) + val decryptedMsg = legacyCryptoModuleWithStaticIv.decrypt(encryptedMsg) + + // then + assertArrayEquals(msgToEncrypt, decryptedMsg) + } + + @Test + fun `using LegacyCryptoModule can decrypt message that was encrypted with AesCbcCryptor`() { + // given + val cipherKey = "enigma" + val moduleWithAesCbcCryptorOnly = CryptoModule.createNewCryptoModule(defaultCryptor = AesCbcCryptor(cipherKey)) + val legacyCryptoModule = CryptoModule.createLegacyCryptoModule(cipherKey) + val msgToEncrypt = "Hello world".toByteArray() + + // when + val encryptedMsg = moduleWithAesCbcCryptorOnly.encrypt(msgToEncrypt) + val decryptedMsg = legacyCryptoModule.decrypt(encryptedMsg) + + // then + assertArrayEquals(msgToEncrypt, decryptedMsg) + } + + @Test + fun `using AesCbcCryptoModule can decrypt message that was encrypted with LegacyCryptor with randomIV `() { + // given + val cipherKey = "enigma" + val moduleWithLegacyCryptorOnlyWithRandomIV = + CryptoModule.createNewCryptoModule(defaultCryptor = LegacyCryptor(cipherKey)) + val aesCbcCryptoModule = CryptoModule.createAesCbcCryptoModule(cipherKey) + val msgToEncrypt = "Hello world".toByteArray() + + // when + val encryptedMsg = moduleWithLegacyCryptorOnlyWithRandomIV.encrypt(msgToEncrypt) + val decryptedMsg = aesCbcCryptoModule.decrypt(encryptedMsg) + + // then + assertArrayEquals(msgToEncrypt, decryptedMsg) + } + + @Test + fun `using AesCbcCryptoModule can decrypt message that was encrypted with LegacyCryptor with staticIV `() { + // given + val cipherKey = "enigma" + val moduleWithLegacyCryptorOnlyWithStaticIV = + CryptoModule.createNewCryptoModule(defaultCryptor = LegacyCryptor(cipherKey, false)) + val aesCbcCryptoModule = CryptoModule.createAesCbcCryptoModule(cipherKey, false) + val msgToEncrypt = "Hello world".toByteArray() + + // when + val encryptedMsg = moduleWithLegacyCryptorOnlyWithStaticIV.encrypt(msgToEncrypt) + val decryptedMsg = aesCbcCryptoModule.decrypt(encryptedMsg) + + // then + assertArrayEquals(msgToEncrypt, decryptedMsg) + } + + @Test + fun `can decrypt encrypted message using module with only AesCbcCryptor`() { + // given + val cipherKey = "enigma" + val aesCbcCryptoModule = CryptoModule.createAesCbcCryptoModule(cipherKey) + val msgToEncrypt = "Hello world".toByteArray() + + // when + val encryptedMsg = aesCbcCryptoModule.encrypt(msgToEncrypt) + val decryptedMsg = aesCbcCryptoModule.decrypt(encryptedMsg) + + // then + assertArrayEquals(msgToEncrypt, decryptedMsg) + } + + @Test + fun `can add the same module as a defaultCryptor and cryptorsForDecryptionOnly and have decryption working properly`() { + // given + val cipherKey = "enigma" + val legacyCryptor = LegacyCryptor(cipherKey) + val cryptoModule = CryptoModule.createNewCryptoModule( + defaultCryptor = legacyCryptor, + cryptorsForDecryptionOnly = listOf(legacyCryptor, AesCbcCryptor(cipherKey)) + ) + val msgToEncrypt = "Hello world".toByteArray() + + // when + val encryptedMsg = cryptoModule.encrypt(msgToEncrypt) + val decryptedMsg = cryptoModule.decrypt(encryptedMsg) + + // then + assertArrayEquals(msgToEncrypt, decryptedMsg) + } + + @Test + fun `can decrypt encrypted message using custom cryptor `() { + // given + val customCryptor = myCustomCryptor() + val msgToEncrypt = "Hello world".toByteArray() + + // when + val encryptedMsg = customCryptor.encrypt(msgToEncrypt) + val decryptedMsg = customCryptor.decrypt(encryptedMsg) + + // then + assertArrayEquals(msgToEncrypt, decryptedMsg) + } + + @ParameterizedTest + @MethodSource("legacyAndAesCbcCryptors") + fun `should throw exception when encrypting empty data`(cryptoModule: CryptoModule) { + // given + val dataToBeEncrypted = ByteArray(0) + + // when + val exception = assertThrows(PubNubException::class.java) { + cryptoModule.encrypt(dataToBeEncrypted) + } + + // then + assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } + + @ParameterizedTest + @MethodSource("legacyAndAesCbcCryptors") + fun `should throw exception when decrypting empty data`(cryptoModule: CryptoModule) { + // given + val dataToBeDecrypted = ByteArray(0) + + // when + val exception = assertThrows(PubNubException::class.java) { + cryptoModule.decrypt(dataToBeDecrypted) + } + + // then + assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } + + @ParameterizedTest + @MethodSource("legacyAndAesCbcCryptors") + fun `should throw exception when encrypting empty stream`(cryptoModule: CryptoModule) { + // given + val dataToBeEncrypted = ByteArray(0) + val streamToBeEncrypted = ByteArrayInputStream(dataToBeEncrypted) + + // when + val exception = assertThrows(PubNubException::class.java) { + cryptoModule.encryptStream(streamToBeEncrypted) + } + + // then + assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } + + @ParameterizedTest + @MethodSource("legacyAndAesCbcCryptors") + fun `should throw exception when decrypting empty stream`(cryptoModule: CryptoModule) { + // given + val dataToBeDecrypted = ByteArray(0) + val streamToBeDecrypted = ByteArrayInputStream(dataToBeDecrypted) + + // when + val exception = assertThrows(PubNubException::class.java) { + cryptoModule.decryptStream(streamToBeDecrypted) + } + + // then + assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } + + private fun myCustomCryptor() = object : Cryptor { + override fun id(): ByteArray { + return byteArrayOf('C'.code.toByte(), 'U'.code.toByte(), 'S'.code.toByte(), 'T'.code.toByte()) + } + + override fun encrypt(data: ByteArray): EncryptedData { + return EncryptedData(metadata = null, data = data) + } + + override fun decrypt(encryptedData: EncryptedData): ByteArray { + return encryptedData.data + } + + override fun encryptStream(stream: InputStream): EncryptedStreamData { + throw NotImplementedError() + } + + override fun decryptStream(encryptedData: EncryptedStreamData): InputStream { + throw NotImplementedError() + } + } + + @ParameterizedTest + @MethodSource("decryptStreamSource") + fun decryptStreamEncryptedByGo(expected: String, encryptedBase64: String, cipherKey: String) { + val crypto = CryptoModule.createLegacyCryptoModule(cipherKey, true) + val decrypted = crypto.decryptStream(Base64.getDecoder().decode(encryptedBase64).inputStream()) + assertEquals(expected, String(decrypted.readBytes())) + } + + @ParameterizedTest + @MethodSource("encryptStreamDecryptStreamSource") + fun encryptStreamDecryptStream(input: String, cryptoModule: CryptoModule) { + val encrypted = cryptoModule.encryptStream(input.byteInputStream()) + val decrypted = cryptoModule.decryptStream(encrypted) + assertEquals(input, String(decrypted.readBytes())) + } + + companion object { + @JvmStatic + fun decryptStreamSource(): List = listOf( + Arguments.of( + "Hello world encrypted with legacyModuleRandomIv", + "T3J9iXI87PG9YY/lhuwmGRZsJgA5y8sFLtUpdFmNgrU1IAitgAkVok6YP7lacBiVhBJSJw39lXCHOLxl2d98Bg==", + "myCipherKey", + + ), + Arguments.of( + "Hello world encrypted with aesCbcModule", + "UE5FRAFBQ1JIEKzlyoyC/jB1hrjCPY7zm+X2f7skPd0LBocV74cRYdrkRQ2BPKeA22gX/98pMqvcZtFB6TCGp3Zf1M8F730nlfk=", + "myCipherKey" + + ), + ) + + @JvmStatic + fun encryptStreamDecryptStreamSource(): List = listOf( + Arguments.of("Hello world1", CryptoModule.createLegacyCryptoModule("myCipherKey", true)), + Arguments.of("Hello world2", CryptoModule.createLegacyCryptoModule("myCipherKey", false)), + Arguments.of("Hello world3", CryptoModule.createAesCbcCryptoModule("myCipherKey", true)), + Arguments.of("Hello world4", CryptoModule.createAesCbcCryptoModule("myCipherKey", false)), + ) + + @JvmStatic + fun legacyAndAesCbcCryptors(): List = listOf( + Arguments.of(CryptoModule.createLegacyCryptoModule("myCipherKey", true)), + Arguments.of(CryptoModule.createLegacyCryptoModule("myCipherKey", false)), + Arguments.of(CryptoModule.createAesCbcCryptoModule("myCipherKey", true)), + Arguments.of(CryptoModule.createAesCbcCryptoModule("myCipherKey", false)), + ) + } +} diff --git a/src/test/kotlin/com/pubnub/api/crypto/algorithm/AesCBCCryptorTest.kt b/src/test/kotlin/com/pubnub/api/crypto/algorithm/AesCBCCryptorTest.kt new file mode 100644 index 000000000..f79a01220 --- /dev/null +++ b/src/test/kotlin/com/pubnub/api/crypto/algorithm/AesCBCCryptorTest.kt @@ -0,0 +1,142 @@ +package com.pubnub.api.crypto.algorithm + +import com.pubnub.api.crypto.cryptor.AesCbcCryptor +import com.pubnub.api.crypto.data.EncryptedData +import com.pubnub.api.crypto.data.EncryptedStreamData +import com.pubnub.api.crypto.exception.PubNubError +import com.pubnub.api.crypto.exception.PubNubException +import org.junit.jupiter.api.Assertions +import org.junit.jupiter.api.Assertions.assertArrayEquals +import org.junit.jupiter.api.Assertions.assertEquals +import org.junit.jupiter.api.BeforeEach +import org.junit.jupiter.api.Test +import org.junit.jupiter.params.ParameterizedTest +import org.junit.jupiter.params.provider.Arguments +import org.junit.jupiter.params.provider.MethodSource + +class AesCBCCryptorTest { + private lateinit var objectUnderTest: AesCbcCryptor + + companion object { + @JvmStatic + fun messageToBeEncrypted(): List = listOf( + Arguments.of("Hello world"), + Arguments.of("Zażółć gęślą jaźń"), // Polish + Arguments.of("हैलो वर्ल्ड"), // Hindi + Arguments.of("こんにちは世界"), // Japan + Arguments.of("你好世界"), // Chinese + ) + } + + @BeforeEach + fun setUp() { + objectUnderTest = AesCbcCryptor("enigma") + } + + @ParameterizedTest + @MethodSource("messageToBeEncrypted") + fun canDecryptTextWhatIsEncrypted(msgToBeEncrypted: String) { + // given + val msgToEncrypt = msgToBeEncrypted.toByteArray() + + // when + val encryptedMsg = objectUnderTest.encrypt(msgToEncrypt) + val decryptedMsg = objectUnderTest.decrypt(encryptedMsg) + + // then + assertArrayEquals(msgToEncrypt, decryptedMsg) + } + + @ParameterizedTest + @MethodSource("messageToBeEncrypted") + fun encryptingTwoTimesTheSameMessageProducesDifferentOutput(msgToBeEncrypted: String) { + // given + val msgToEncrypt = msgToBeEncrypted.toByteArray() + + // when + val encrypted1: EncryptedData = objectUnderTest.encrypt(msgToEncrypt) + val encrypted2: EncryptedData = objectUnderTest.encrypt(msgToEncrypt) + + // then + Assertions.assertFalse(encrypted1.data.contentEquals(encrypted2.data)) + } + + @ParameterizedTest + @MethodSource("messageToBeEncrypted") + fun encryptingTwoTimesDecryptedMsgIsTheSame(msgToBeEncrypted: String) { + // given + val msgToEncrypt = msgToBeEncrypted.toByteArray() + + // when + val encrypted1 = objectUnderTest.encrypt(msgToEncrypt) + val encrypted2 = objectUnderTest.encrypt(msgToEncrypt) + + // then + assertArrayEquals(msgToEncrypt, objectUnderTest.decrypt(encrypted1)) + assertArrayEquals(msgToEncrypt, objectUnderTest.decrypt(encrypted2)) + } + + @Test + fun `should throw exception when encrypting empty data`() { + // given + val msgToEncrypt = "".toByteArray() + + // when + val exception = Assertions.assertThrows(PubNubException::class.java) { + objectUnderTest.encrypt(msgToEncrypt) + } + + // then + assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } + + @Test + fun `should throw exception when decrypting empty data`() { + // given + val msgToDecrypt = "".toByteArray() + val encryptedData = EncryptedData(data = msgToDecrypt) + + // when + val exception = Assertions.assertThrows(PubNubException::class.java) { + objectUnderTest.decrypt(encryptedData) + } + + // then + assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } + + @Test + fun `should throw exception when encrypting empty stream`() { + // given + val msgToEncrypt = "" + val streamToEncrypt = msgToEncrypt.byteInputStream() + + // when + val exception = Assertions.assertThrows(PubNubException::class.java) { + objectUnderTest.encryptStream(streamToEncrypt) + } + + // then + assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } + + @Test + fun `should throw exception when decrypting empty stream`() { + // given + val msgToDecrypt = "" + val streamToEncrypt = msgToDecrypt.byteInputStream() + val encryptedStreamData = EncryptedStreamData(stream = streamToEncrypt) + + // when + val exception = Assertions.assertThrows(PubNubException::class.java) { + objectUnderTest.decryptStream(encryptedStreamData) + } + + // then + assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } +} diff --git a/src/test/kotlin/com/pubnub/api/crypto/algorithm/LegacyCryptorTest.kt b/src/test/kotlin/com/pubnub/api/crypto/algorithm/LegacyCryptorTest.kt new file mode 100644 index 000000000..a6e59efdf --- /dev/null +++ b/src/test/kotlin/com/pubnub/api/crypto/algorithm/LegacyCryptorTest.kt @@ -0,0 +1,186 @@ +package com.pubnub.api.crypto.algorithm + +import com.pubnub.api.crypto.cryptor.LegacyCryptor +import com.pubnub.api.crypto.data.EncryptedData +import com.pubnub.api.crypto.data.EncryptedStreamData +import com.pubnub.api.crypto.exception.PubNubError +import com.pubnub.api.crypto.exception.PubNubException +import org.junit.jupiter.api.Assertions +import org.junit.jupiter.api.Assertions.assertArrayEquals +import org.junit.jupiter.api.Assertions.assertFalse +import org.junit.jupiter.api.Test +import org.junit.jupiter.params.ParameterizedTest +import org.junit.jupiter.params.provider.Arguments +import org.junit.jupiter.params.provider.MethodSource +import org.junit.jupiter.params.provider.ValueSource +import java.io.ByteArrayInputStream + +class LegacyCryptorTest { + + companion object { + @JvmStatic + fun messageToBeEncrypted(): List = listOf( + Arguments.of("Hello world"), + Arguments.of("Zażółć gęślą jaźń"), // Polish + Arguments.of("हैलो वर्ल्ड"), // Hindi + Arguments.of("こんにちは世界"), // Japan + Arguments.of("你好世界"), // Chinese + ) + } + + @ParameterizedTest + @MethodSource("messageToBeEncrypted") + fun canDecryptTextWhatIsEncryptedWithStaticIV(messageToBeEncrypted: String) { + // given + val cipherKey = "enigma" + val msgToEncrypt = messageToBeEncrypted.toByteArray() + + // when + val cryptor = LegacyCryptor(cipherKey = cipherKey, useRandomIv = false) + val encryptedMsg = cryptor.encrypt(msgToEncrypt) + val decryptedMsg = cryptor.decrypt(encryptedMsg) + + // then + assertArrayEquals(msgToEncrypt, decryptedMsg) + } + + @ParameterizedTest + @MethodSource("messageToBeEncrypted") + fun canDecryptTextWhatIsEncryptedWithRandomIV(messageToBeEncrypted: String) { + // given + val cipherKey = "enigma" + val msgToEncrypt = messageToBeEncrypted.toByteArray() + + // when + val cryptor = LegacyCryptor(cipherKey = cipherKey) + val encryptedMsg = cryptor.encrypt(msgToEncrypt) + val decryptedMsg = cryptor.decrypt(encryptedMsg) + + // then + assertArrayEquals(msgToEncrypt, decryptedMsg) + } + + @ParameterizedTest + @MethodSource("messageToBeEncrypted") + fun encryptingWithRandomIVTwoTimesTheSameMessageProducesDifferentOutput(messageToBeEncrypted: String) { + // given + val cipherKey = "enigma" + val msgToEncrypt = messageToBeEncrypted.toByteArray() + + // when + val cryptor = LegacyCryptor(cipherKey = cipherKey) + val encrypted1: EncryptedData = cryptor.encrypt(msgToEncrypt) + val encrypted2: EncryptedData = cryptor.encrypt(msgToEncrypt) + + // then + assertFalse(encrypted1.data.contentEquals(encrypted2.data)) + } + + @ParameterizedTest + @MethodSource("messageToBeEncrypted") + fun encryptingWithRandomIVTwoTimesDecryptedMsgIsTheSame(messageToBeEncrypted: String) { + // given + val cipherKey = "enigma" + val msgToEncrypt = messageToBeEncrypted.toByteArray() + + // when + val cryptor = LegacyCryptor(cipherKey = cipherKey) + val encrypted1 = cryptor.encrypt(msgToEncrypt) + val encrypted2 = cryptor.encrypt(msgToEncrypt) + + // then + assertArrayEquals(msgToEncrypt, cryptor.decrypt(encrypted1)) + assertArrayEquals(msgToEncrypt, cryptor.decrypt(encrypted2)) + } + + @ParameterizedTest + @ValueSource(booleans = [true, false]) + fun `should throw exception when encrypting empty data`(useRandomIv: Boolean) { + // given + val msgToEncrypt = "".toByteArray() + val cipherKey = "enigma" + val cryptor = LegacyCryptor(cipherKey = cipherKey, useRandomIv = useRandomIv) + + // when + val exception = Assertions.assertThrows(PubNubException::class.java) { + cryptor.encrypt(msgToEncrypt) + } + + // then + Assertions.assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + Assertions.assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } + + @Test + fun `should throw exception when decrypting data containing only initialization vector and cryptor has randomIv`() { + // given + val msgToDecrypt = ByteArray(16) { it.toByte() } // IV has 16 bytes + val encryptedData = EncryptedData(data = msgToDecrypt) + val cipherKey = "enigma" + val cryptor = LegacyCryptor(cipherKey = cipherKey, useRandomIv = true) + + // when + val exception = Assertions.assertThrows(PubNubException::class.java) { + cryptor.decrypt(encryptedData) + } + + // then + Assertions.assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + Assertions.assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } + + @Test + fun `should throw exception when decrypting empty data and cryptor has staticIv`() { + // given + val msgToDecrypt = "".toByteArray() + val encryptedData = EncryptedData(data = msgToDecrypt) + val cipherKey = "enigma" + val cryptor = LegacyCryptor(cipherKey = cipherKey, useRandomIv = false) + + // when + val exception = Assertions.assertThrows(PubNubException::class.java) { + cryptor.decrypt(encryptedData) + } + + // then + Assertions.assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + Assertions.assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } + + @Test + fun `should throw exception when encrypting empty stream`() { + // given + val msgToEncrypt = "" + val streamToEncrypt = msgToEncrypt.byteInputStream() + val cipherKey = "enigma" + val cryptor = LegacyCryptor(cipherKey = cipherKey, useRandomIv = false) + + // when + val exception = Assertions.assertThrows(PubNubException::class.java) { + cryptor.encryptStream(streamToEncrypt) + } + + // then + Assertions.assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + Assertions.assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } + + @Test + fun `should throw exception when decrypting empty stream`() { + // given + val msgToDecrypt = ByteArray(16) { it.toByte() } // IV has 16 bytes + val streamToEncrypt = ByteArrayInputStream(msgToDecrypt) + val encryptedStreamData = EncryptedStreamData(stream = streamToEncrypt) + val cipherKey = "enigma" + val cryptor = LegacyCryptor(cipherKey = cipherKey, useRandomIv = false) + + // when + val exception = Assertions.assertThrows(PubNubException::class.java) { + cryptor.decryptStream(encryptedStreamData) + } + + // then + Assertions.assertEquals("Encryption/Decryption of empty data not allowed.", exception.errorMessage) + Assertions.assertEquals(PubNubError.ENCRYPTION_AND_DECRYPTION_OF_EMPTY_DATA_NOT_ALLOWED, exception.pubnubError) + } +} diff --git a/src/test/kotlin/com/pubnub/api/crypto/cryptor/HeaderParserTest.kt b/src/test/kotlin/com/pubnub/api/crypto/cryptor/HeaderParserTest.kt new file mode 100644 index 000000000..a491d11b7 --- /dev/null +++ b/src/test/kotlin/com/pubnub/api/crypto/cryptor/HeaderParserTest.kt @@ -0,0 +1,98 @@ +package com.pubnub.api.crypto.cryptor + +import com.pubnub.api.crypto.CryptoModule +import com.pubnub.api.crypto.exception.PubNubError +import com.pubnub.api.crypto.exception.PubNubException +import org.hamcrest.MatcherAssert.assertThat +import org.hamcrest.Matchers.`is` +import org.junit.jupiter.api.Assertions.assertEquals +import org.junit.jupiter.api.Assertions.assertThrows +import org.junit.jupiter.api.Assertions.assertTrue +import org.junit.jupiter.api.Assertions.fail +import org.junit.jupiter.api.BeforeEach +import org.junit.jupiter.api.Test + +class HeaderParserTest { + private lateinit var objectUnderTest: HeaderParser + + @BeforeEach + fun setUp() { + objectUnderTest = HeaderParser() + } + + @Test + fun `can create and parse data with header when cryptorDataSize is 1`() { + val cryptorId: ByteArray = + byteArrayOf('C'.code.toByte(), 'R'.code.toByte(), 'I'.code.toByte(), 'V'.code.toByte()) // "CRIV" + + val cipherKey = "enigma" + val cryptoModule = CryptoModule.createLegacyCryptoModule(cipherKey, false) + val cryptorData = byteArrayOf(0x50, 0x56, 0x56, 0x56, 0x56, 0x01, 0x43, 0x52, 0x49, 0x56, 0x10, 0x10, 0x56, 0x56, 0x56, 0x10) + val cryptorHeader = objectUnderTest.createCryptorHeader(cryptorId, cryptorData) + + val dataToBeEncrypted = byteArrayOf('D'.code.toByte(), 'A'.code.toByte()) + val encryptedData = cryptoModule.encrypt(dataToBeEncrypted) + val headerWithData: ByteArray = cryptorHeader + encryptedData + val parseResult = objectUnderTest.parseDataWithHeader(headerWithData) + + when (parseResult) { + is ParseResult.NoHeader -> fail("Expected header") + is ParseResult.Success -> { + assertTrue(cryptorId.contentEquals(parseResult.cryptoId)) + assertTrue(cryptorData.contentEquals(parseResult.cryptorData)) + assertTrue(encryptedData.contentEquals(parseResult.encryptedData)) + } + } + } + + @Test + fun `can create and parse data with header when cryptorDataSize is 3`() { + val cryptorId: ByteArray = + byteArrayOf('C'.code.toByte(), 'R'.code.toByte(), 'I'.code.toByte(), 'V'.code.toByte()) // "CRIV" + val cryptorData = createByteArrayThatHas255Elements() + val cryptorHeader = objectUnderTest.createCryptorHeader(cryptorId, cryptorData) + + val dataToBeEncrypted = byteArrayOf('D'.code.toByte(), 'A'.code.toByte()) + val headerWithData: ByteArray = cryptorHeader + dataToBeEncrypted + val parseResult = objectUnderTest.parseDataWithHeader(headerWithData) + + when (parseResult) { + is ParseResult.NoHeader -> fail("Expected header") + is ParseResult.Success -> { + assertTrue(cryptorId.contentEquals(parseResult.cryptoId)) + assertTrue(cryptorData.contentEquals(parseResult.cryptorData)) + assertTrue(dataToBeEncrypted.contentEquals(parseResult.encryptedData)) + } + } + } + + @Test + fun `should return NoHeader when there is no sentinel`() { + val cryptorHeaderWithInvalidSentinel = + byteArrayOf(0x56, 0x56, 0x56, 0x56, 0x01, 0x43, 0x52, 0x49, 0x56, 0x10, 0x10, 0x56, 0x56, 0x56, 0x56, 0x01, 0x43, 0x52, 0x49, 0x56, 0x10, 0x10) + val parseResult = objectUnderTest.parseDataWithHeader(cryptorHeaderWithInvalidSentinel) + + assertThat(parseResult, `is`(ParseResult.NoHeader)) + } + + @Test + fun `should throw exception when input data are to short`() { + val cryptorHeaderWithToShortData = + byteArrayOf(80, 78, 69, 68, 1, 43, 52, 49, 56) + + val exception: PubNubException = assertThrows(PubNubException::class.java) { + objectUnderTest.parseDataWithHeader(cryptorHeaderWithToShortData) + } + + assertEquals("Minimal size of encrypted data having Cryptor Data Header is: 10", exception.errorMessage) + assertEquals(PubNubError.CRYPTOR_DATA_HEADER_SIZE_TO_SMALL, exception.pubnubError) + } + + private fun createByteArrayThatHas255Elements(): ByteArray { + var byteArray: ByteArray = byteArrayOf() + for (i in 1..255) { + byteArray += byteArrayOf(i.toByte()) + } + return byteArray + } +}