mirror of
https://github.com/vanitasvitae/Smack.git
synced 2024-10-04 21:49:33 +02:00
XEP-0373, XEP-0374: OpenPGP for XMPP: Instant Messaging
Fixes SMACK-826
This commit is contained in:
parent
f3262c9d58
commit
f0af00ee43
|
@ -79,6 +79,7 @@ allprojects {
|
|||
':smack-experimental',
|
||||
':smack-omemo',
|
||||
':smack-omemo-signal',
|
||||
':smack-openpgp',
|
||||
].collect{ project(it) }
|
||||
androidBootClasspathProjects = [
|
||||
':smack-android',
|
||||
|
|
|
@ -96,6 +96,8 @@ Experimental Smack Extensions and currently supported XEPs of smack-experimental
|
|||
| Stable and Unique Stanza IDs | [XEP-0359](https://xmpp.org/extensions/xep-0359.html) | 0.5.0 | This specification describes unique and stable IDs for messages. |
|
||||
| HTTP File Upload | [XEP-0363](https://xmpp.org/extensions/xep-0363.html) | 0.3.1 | Protocol to request permissions to upload a file to an HTTP server and get a shareable URL. |
|
||||
| References | [XEP-0372](https://xmpp.org/extensions/xep-0363.html) | 0.2.0 | Add references like mentions or external data to stanzas. |
|
||||
| [OpenPGP for XMPP](ox.md) | [XEP-0373](https://xmpp.org/extensions/xep-0373.html) | 0.3.2 | Utilize OpenPGP to exchange encrypted and signed content. |
|
||||
| [OpenPGP for XMPP: Instant Messaging](ox-im.md) | [XEP-0374](https://xmpp.org/extensions/xep-0374.html) | 0.2.0 | OpenPGP encrypted Instant Messaging. |
|
||||
| [Spoiler Messages](spoiler.md) | [XEP-0382](https://xmpp.org/extensions/xep-0382.html) | 0.2.0 | Indicate that the body of a message should be treated as a spoiler. |
|
||||
| [OMEMO Multi End Message and Object Encryption](omemo.md) | [XEP-0384](https://xmpp.org/extensions/xep-0384.html) | n/a | Encrypt messages using OMEMO encryption (currently only with smack-omemo-signal -> GPLv3). |
|
||||
| [Consistent Color Generation](consistent_colors.md) | [XEP-0392](https://xmpp.org/extensions/xep-0392.html) | 0.4.0 | Generate consistent colors for identifiers like usernames to provide a consistent user experience. |
|
||||
|
|
6
documentation/extensions/ox-im.md
Normal file
6
documentation/extensions/ox-im.md
Normal file
|
@ -0,0 +1,6 @@
|
|||
OpenPGP for XMPP: Instant Messaging
|
||||
===================================
|
||||
|
||||
[Back](index.md)
|
||||
|
||||
See the javadoc of `OpenPgpManager` and `OXInstantMessagingManager` for details.
|
6
documentation/extensions/ox.md
Normal file
6
documentation/extensions/ox.md
Normal file
|
@ -0,0 +1,6 @@
|
|||
OpenPGP for XMPP
|
||||
================
|
||||
|
||||
[Back](index.md)
|
||||
|
||||
See the javadoc of `OpenPgpManager` for details.
|
|
@ -26,4 +26,5 @@ include 'smack-core',
|
|||
'smack-omemo',
|
||||
'smack-omemo-signal',
|
||||
'smack-omemo-signal-integration-test',
|
||||
'smack-repl'
|
||||
'smack-repl',
|
||||
'smack-openpgp'
|
||||
|
|
|
@ -158,6 +158,9 @@ public final class FileUtils {
|
|||
}
|
||||
|
||||
public static void deleteDirectory(File root) {
|
||||
if (!root.exists()) {
|
||||
return;
|
||||
}
|
||||
File[] currList;
|
||||
Stack<File> stack = new Stack<>();
|
||||
stack.push(root);
|
||||
|
@ -176,4 +179,25 @@ public final class FileUtils {
|
|||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns a {@link File} pointing to a temporary directory. On unix like systems this might be {@code /tmp}
|
||||
* for example.
|
||||
* If {@code suffix} is not null, the returned file points to {@code <temp>/suffix}.
|
||||
*
|
||||
* @param suffix optional path suffix
|
||||
* @return temp directory
|
||||
*/
|
||||
public static File getTempDir(String suffix) {
|
||||
String temp = System.getProperty("java.io.tmpdir");
|
||||
if (temp == null) {
|
||||
temp = "tmp";
|
||||
}
|
||||
|
||||
if (suffix == null) {
|
||||
return new File(temp);
|
||||
} else {
|
||||
return new File(temp, suffix);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
@ -21,5 +21,6 @@
|
|||
<className>org.jivesoftware.smack.java7.Java7SmackInitializer</className>
|
||||
<className>org.jivesoftware.smack.im.SmackImInitializer</className>
|
||||
<className>org.jivesoftware.smackx.omemo.OmemoInitializer</className>
|
||||
<className>org.jivesoftware.smackx.ox.util.OpenPgpInitializer</className>
|
||||
</optionalStartupClasses>
|
||||
</smack>
|
||||
|
|
|
@ -12,6 +12,7 @@ dependencies {
|
|||
compile project(':smack-extensions')
|
||||
compile project(':smack-experimental')
|
||||
compile project(':smack-omemo')
|
||||
compile project(':smack-openpgp')
|
||||
compile project(':smack-debug')
|
||||
compile project(path: ":smack-omemo", configuration: "testRuntime")
|
||||
compile 'org.reflections:reflections:0.9.9-RC1'
|
||||
|
|
|
@ -0,0 +1,70 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2018 Paul Schaub.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.jivesoftware.smackx.ox;
|
||||
|
||||
import org.jivesoftware.smack.SmackException;
|
||||
import org.jivesoftware.smack.XMPPConnection;
|
||||
import org.jivesoftware.smack.XMPPException;
|
||||
import org.jivesoftware.smackx.ox.util.OpenPgpPubSubUtil;
|
||||
import org.jivesoftware.smackx.pep.PEPManager;
|
||||
|
||||
import org.igniterealtime.smack.inttest.AbstractSmackIntegrationTest;
|
||||
import org.igniterealtime.smack.inttest.SmackIntegrationTestEnvironment;
|
||||
import org.igniterealtime.smack.inttest.TestNotPossibleException;
|
||||
import org.jxmpp.jid.BareJid;
|
||||
|
||||
public abstract class AbstractOpenPgpIntegrationTest extends AbstractSmackIntegrationTest {
|
||||
|
||||
protected final XMPPConnection aliceConnection;
|
||||
protected final XMPPConnection bobConnection;
|
||||
protected final XMPPConnection chloeConnection;
|
||||
|
||||
protected final BareJid alice;
|
||||
protected final BareJid bob;
|
||||
protected final BareJid chloe;
|
||||
|
||||
protected AbstractOpenPgpIntegrationTest(SmackIntegrationTestEnvironment environment)
|
||||
throws XMPPException.XMPPErrorException, TestNotPossibleException, SmackException.NotConnectedException,
|
||||
InterruptedException, SmackException.NoResponseException {
|
||||
super(environment);
|
||||
|
||||
throwIfPubSubNotSupported(conOne);
|
||||
throwIfPubSubNotSupported(conTwo);
|
||||
throwIfPubSubNotSupported(conThree);
|
||||
|
||||
this.aliceConnection = conOne;
|
||||
this.bobConnection = conTwo;
|
||||
this.chloeConnection = conThree;
|
||||
|
||||
this.alice = aliceConnection.getUser().asBareJid();
|
||||
this.bob = bobConnection.getUser().asBareJid();
|
||||
this.chloe = chloeConnection.getUser().asBareJid();
|
||||
|
||||
OpenPgpPubSubUtil.deletePubkeysListNode(aliceConnection);
|
||||
OpenPgpPubSubUtil.deletePubkeysListNode(bobConnection);
|
||||
OpenPgpPubSubUtil.deletePubkeysListNode(chloeConnection);
|
||||
}
|
||||
|
||||
private static void throwIfPubSubNotSupported(XMPPConnection connection)
|
||||
throws XMPPException.XMPPErrorException, SmackException.NotConnectedException, InterruptedException,
|
||||
SmackException.NoResponseException, TestNotPossibleException {
|
||||
if (!PEPManager.getInstanceFor(connection).isSupported()) {
|
||||
throw new TestNotPossibleException("Server " + connection.getXMPPServiceDomain().toString() +
|
||||
" does not support PEP.");
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,196 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2018 Paul Schaub.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.jivesoftware.smackx.ox;
|
||||
|
||||
import static junit.framework.TestCase.assertEquals;
|
||||
import static junit.framework.TestCase.assertNotNull;
|
||||
import static junit.framework.TestCase.assertNull;
|
||||
import static junit.framework.TestCase.assertTrue;
|
||||
|
||||
import java.io.File;
|
||||
import java.io.IOException;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Set;
|
||||
import java.util.logging.Level;
|
||||
|
||||
import org.jivesoftware.smack.SmackException;
|
||||
import org.jivesoftware.smack.XMPPException;
|
||||
import org.jivesoftware.smack.util.FileUtils;
|
||||
import org.jivesoftware.smack.util.StringUtils;
|
||||
import org.jivesoftware.smackx.ox.callback.backup.AskForBackupCodeCallback;
|
||||
import org.jivesoftware.smackx.ox.callback.backup.DisplayBackupCodeCallback;
|
||||
import org.jivesoftware.smackx.ox.callback.backup.SecretKeyBackupSelectionCallback;
|
||||
import org.jivesoftware.smackx.ox.crypto.PainlessOpenPgpProvider;
|
||||
import org.jivesoftware.smackx.ox.exception.InvalidBackupCodeException;
|
||||
import org.jivesoftware.smackx.ox.exception.MissingOpenPgpKeyException;
|
||||
import org.jivesoftware.smackx.ox.exception.MissingUserIdOnKeyException;
|
||||
import org.jivesoftware.smackx.ox.exception.NoBackupFoundException;
|
||||
import org.jivesoftware.smackx.ox.store.definition.OpenPgpStore;
|
||||
import org.jivesoftware.smackx.ox.store.filebased.FileBasedOpenPgpStore;
|
||||
import org.jivesoftware.smackx.ox.util.OpenPgpPubSubUtil;
|
||||
import org.jivesoftware.smackx.pubsub.PubSubException;
|
||||
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.igniterealtime.smack.inttest.SmackIntegrationTest;
|
||||
import org.igniterealtime.smack.inttest.SmackIntegrationTestEnvironment;
|
||||
import org.igniterealtime.smack.inttest.TestNotPossibleException;
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.Before;
|
||||
import org.junit.BeforeClass;
|
||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||
import org.pgpainless.key.protection.UnprotectedKeysProtector;
|
||||
|
||||
public class OXSecretKeyBackupIntegrationTest extends AbstractOpenPgpIntegrationTest {
|
||||
|
||||
private static final String sessionId = StringUtils.randomString(10);
|
||||
private static final File beforePath = FileUtils.getTempDir("ox_backup_" + sessionId);
|
||||
private static final File afterPath = FileUtils.getTempDir("ox_restore_" + sessionId);
|
||||
|
||||
private String backupCode = null;
|
||||
|
||||
private OpenPgpManager openPgpManager;
|
||||
|
||||
/**
|
||||
* This integration test tests the basic secret key backup and restore functionality as described
|
||||
* in XEP-0373 §5.
|
||||
*
|
||||
* In order to simulate two different devices, we are using two {@link FileBasedOpenPgpStore} implementations
|
||||
* which point to different directories.
|
||||
*
|
||||
* First, Alice generates a fresh OpenPGP key pair.
|
||||
*
|
||||
* She then creates a backup of the key in her private PEP node.
|
||||
*
|
||||
* Now the {@link OpenPgpStore} implementation is replaced by another instance to simulate a different device.
|
||||
*
|
||||
* Then the secret key backup is restored from PubSub and the imported secret key is compared to the one in
|
||||
* the original store.
|
||||
*
|
||||
* Afterwards the private PEP node is deleted from PubSub and the storage directories are emptied.
|
||||
*
|
||||
* @see <a href="https://xmpp.org/extensions/xep-0373.html#synchro-pep">
|
||||
* XEP-0373 §5: Synchronizing the Secret Key with a Private PEP Node</a>
|
||||
* @param environment
|
||||
* @throws XMPPException.XMPPErrorException
|
||||
* @throws TestNotPossibleException
|
||||
* @throws SmackException.NotConnectedException
|
||||
* @throws InterruptedException
|
||||
* @throws SmackException.NoResponseException
|
||||
*/
|
||||
public OXSecretKeyBackupIntegrationTest(SmackIntegrationTestEnvironment environment)
|
||||
throws XMPPException.XMPPErrorException, TestNotPossibleException, SmackException.NotConnectedException,
|
||||
InterruptedException, SmackException.NoResponseException {
|
||||
super(environment);
|
||||
if (!OpenPgpManager.serverSupportsSecretKeyBackups(aliceConnection)) {
|
||||
throw new TestNotPossibleException("Server does not support the 'whitelist' PubSub access model.");
|
||||
}
|
||||
}
|
||||
|
||||
@AfterClass
|
||||
@BeforeClass
|
||||
public static void cleanStore() {
|
||||
LOGGER.log(Level.INFO, "Delete store directories...");
|
||||
FileUtils.deleteDirectory(afterPath);
|
||||
FileUtils.deleteDirectory(beforePath);
|
||||
}
|
||||
|
||||
@After
|
||||
@Before
|
||||
public void cleanUp()
|
||||
throws XMPPException.XMPPErrorException, SmackException.NotConnectedException, InterruptedException,
|
||||
SmackException.NoResponseException {
|
||||
OpenPgpPubSubUtil.deleteSecretKeyNode(aliceConnection);
|
||||
|
||||
if (openPgpManager != null) {
|
||||
openPgpManager.stopMetadataListener();
|
||||
}
|
||||
}
|
||||
|
||||
@SmackIntegrationTest
|
||||
public void test() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException,
|
||||
NoSuchProviderException, IOException, InterruptedException, PubSubException.NotALeafNodeException,
|
||||
SmackException.NoResponseException, SmackException.NotConnectedException, XMPPException.XMPPErrorException,
|
||||
SmackException.NotLoggedInException, SmackException.FeatureNotSupportedException,
|
||||
MissingUserIdOnKeyException, NoBackupFoundException, InvalidBackupCodeException, PGPException,
|
||||
MissingOpenPgpKeyException {
|
||||
|
||||
OpenPgpStore beforeStore = new FileBasedOpenPgpStore(beforePath);
|
||||
beforeStore.setKeyRingProtector(new UnprotectedKeysProtector());
|
||||
PainlessOpenPgpProvider beforeProvider = new PainlessOpenPgpProvider(aliceConnection, beforeStore);
|
||||
openPgpManager = OpenPgpManager.getInstanceFor(aliceConnection);
|
||||
openPgpManager.setOpenPgpProvider(beforeProvider);
|
||||
|
||||
OpenPgpSelf self = openPgpManager.getOpenPgpSelf();
|
||||
|
||||
assertNull(self.getSigningKeyFingerprint());
|
||||
|
||||
OpenPgpV4Fingerprint keyFingerprint = openPgpManager.generateAndImportKeyPair(alice);
|
||||
assertEquals(keyFingerprint, self.getSigningKeyFingerprint());
|
||||
|
||||
assertTrue(self.getSecretKeys().contains(keyFingerprint.getKeyId()));
|
||||
|
||||
PGPSecretKeyRing beforeSec = beforeStore.getSecretKeyRing(alice, keyFingerprint);
|
||||
assertNotNull(beforeSec);
|
||||
|
||||
PGPPublicKeyRing beforePub = beforeStore.getPublicKeyRing(alice, keyFingerprint);
|
||||
assertNotNull(beforePub);
|
||||
|
||||
openPgpManager.backupSecretKeyToServer(new DisplayBackupCodeCallback() {
|
||||
@Override
|
||||
public void displayBackupCode(String backupCode) {
|
||||
OXSecretKeyBackupIntegrationTest.this.backupCode = backupCode;
|
||||
}
|
||||
}, new SecretKeyBackupSelectionCallback() {
|
||||
@Override
|
||||
public Set<OpenPgpV4Fingerprint> selectKeysToBackup(Set<OpenPgpV4Fingerprint> availableSecretKeys) {
|
||||
return availableSecretKeys;
|
||||
}
|
||||
});
|
||||
|
||||
FileBasedOpenPgpStore afterStore = new FileBasedOpenPgpStore(afterPath);
|
||||
afterStore.setKeyRingProtector(new UnprotectedKeysProtector());
|
||||
PainlessOpenPgpProvider afterProvider = new PainlessOpenPgpProvider(aliceConnection, afterStore);
|
||||
openPgpManager.setOpenPgpProvider(afterProvider);
|
||||
|
||||
OpenPgpV4Fingerprint fingerprint = openPgpManager.restoreSecretKeyServerBackup(new AskForBackupCodeCallback() {
|
||||
@Override
|
||||
public String askForBackupCode() {
|
||||
return backupCode;
|
||||
}
|
||||
});
|
||||
|
||||
assertEquals(keyFingerprint, fingerprint);
|
||||
|
||||
assertTrue(self.getSecretKeys().contains(keyFingerprint.getKeyId()));
|
||||
|
||||
assertEquals(keyFingerprint, self.getSigningKeyFingerprint());
|
||||
|
||||
PGPSecretKeyRing afterSec = afterStore.getSecretKeyRing(alice, keyFingerprint);
|
||||
assertNotNull(afterSec);
|
||||
assertTrue(Arrays.equals(beforeSec.getEncoded(), afterSec.getEncoded()));
|
||||
|
||||
PGPPublicKeyRing afterPub = afterStore.getPublicKeyRing(alice, keyFingerprint);
|
||||
assertNotNull(afterPub);
|
||||
assertTrue(Arrays.equals(beforePub.getEncoded(), afterPub.getEncoded()));
|
||||
}
|
||||
}
|
|
@ -0,0 +1,23 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2018 Paul Schaub
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
/**
|
||||
* Integration Tests for Smacks support for XEP-0373: OpenPGP for XMPP.
|
||||
*
|
||||
* @see <a href="https://xmpp.org/extensions/xep-0373.html">
|
||||
* XEP-0373: OpenPGP for XMPP</a>
|
||||
*/
|
||||
package org.jivesoftware.smackx.ox;
|
|
@ -0,0 +1,188 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2018 Paul Schaub.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.jivesoftware.smackx.ox_im;
|
||||
|
||||
import static junit.framework.TestCase.assertFalse;
|
||||
import static junit.framework.TestCase.assertTrue;
|
||||
|
||||
import java.io.File;
|
||||
import java.util.logging.Level;
|
||||
|
||||
import org.jivesoftware.smack.SmackException;
|
||||
import org.jivesoftware.smack.XMPPException;
|
||||
import org.jivesoftware.smack.packet.Message;
|
||||
import org.jivesoftware.smack.util.FileUtils;
|
||||
import org.jivesoftware.smack.util.StringUtils;
|
||||
import org.jivesoftware.smackx.ox.AbstractOpenPgpIntegrationTest;
|
||||
import org.jivesoftware.smackx.ox.OpenPgpContact;
|
||||
import org.jivesoftware.smackx.ox.OpenPgpManager;
|
||||
import org.jivesoftware.smackx.ox.crypto.PainlessOpenPgpProvider;
|
||||
import org.jivesoftware.smackx.ox.element.SigncryptElement;
|
||||
import org.jivesoftware.smackx.ox.store.filebased.FileBasedOpenPgpStore;
|
||||
import org.jivesoftware.smackx.ox.util.OpenPgpPubSubUtil;
|
||||
|
||||
import org.igniterealtime.smack.inttest.SmackIntegrationTest;
|
||||
import org.igniterealtime.smack.inttest.SmackIntegrationTestEnvironment;
|
||||
import org.igniterealtime.smack.inttest.TestNotPossibleException;
|
||||
import org.igniterealtime.smack.inttest.util.SimpleResultSyncPoint;
|
||||
import org.junit.After;
|
||||
import org.junit.AfterClass;
|
||||
import org.junit.BeforeClass;
|
||||
import org.pgpainless.decryption_verification.OpenPgpMetadata;
|
||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||
import org.pgpainless.key.protection.UnprotectedKeysProtector;
|
||||
|
||||
public class OXInstantMessagingIntegrationTest extends AbstractOpenPgpIntegrationTest {
|
||||
|
||||
private static final String sessionId = StringUtils.randomString(10);
|
||||
private static final File aliceStorePath = FileUtils.getTempDir("basic_ox_messaging_test_alice_" + sessionId);
|
||||
private static final File bobStorePath = FileUtils.getTempDir("basic_ox_messaging_test_bob_" + sessionId);
|
||||
|
||||
private OpenPgpV4Fingerprint aliceFingerprint = null;
|
||||
private OpenPgpV4Fingerprint bobFingerprint = null;
|
||||
|
||||
private OpenPgpManager aliceOpenPgp;
|
||||
private OpenPgpManager bobOpenPgp;
|
||||
|
||||
/**
|
||||
* This integration test tests basic OX message exchange.
|
||||
* In this scenario, Alice and Bob are strangers, as they do not have subscribed to one another.
|
||||
*
|
||||
* Alice (conOne) creates keys and publishes them to the server.
|
||||
* Bob (conTwo) creates keys and publishes them to the server.
|
||||
*
|
||||
* Alice then manually fetches Bobs metadata node and all announced keys.
|
||||
*
|
||||
* Alice trusts Bobs keys and vice versa (even though Bob does not have copies of Alice' keys yet).
|
||||
*
|
||||
* She proceeds to create an OX encrypted message, which is encrypted to Bob and herself and signed by her.
|
||||
*
|
||||
* She sends the message.
|
||||
*
|
||||
* Bob receives the message, which - due to missing keys - triggers him to update Alice' keys.
|
||||
*
|
||||
* After the update Bob proceeds to decrypt and verify the message.
|
||||
*
|
||||
* After the test, the keys are deleted from local storage and from PubSub.
|
||||
*
|
||||
* @param environment test environment
|
||||
*
|
||||
* @throws XMPPException.XMPPErrorException
|
||||
* @throws InterruptedException
|
||||
* @throws SmackException.NotConnectedException
|
||||
* @throws TestNotPossibleException if the test is not possible due to lacking server support for PEP.
|
||||
* @throws SmackException.NoResponseException
|
||||
*/
|
||||
public OXInstantMessagingIntegrationTest(SmackIntegrationTestEnvironment environment)
|
||||
throws XMPPException.XMPPErrorException, InterruptedException, SmackException.NotConnectedException,
|
||||
TestNotPossibleException, SmackException.NoResponseException {
|
||||
super(environment);
|
||||
}
|
||||
|
||||
@BeforeClass
|
||||
@AfterClass
|
||||
public static void deleteStore() {
|
||||
LOGGER.log(Level.INFO, "Deleting storage directories...");
|
||||
FileUtils.deleteDirectory(aliceStorePath);
|
||||
FileUtils.deleteDirectory(bobStorePath);
|
||||
}
|
||||
|
||||
@SmackIntegrationTest
|
||||
public void basicInstantMessagingTest()
|
||||
throws Exception {
|
||||
|
||||
LOGGER.log(Level.INFO, aliceStorePath.getAbsolutePath() + " " + bobStorePath.getAbsolutePath());
|
||||
|
||||
final SimpleResultSyncPoint bobReceivedMessage = new SimpleResultSyncPoint();
|
||||
final String body = "Writing integration tests is an annoying task, but it has to be done, so lets do it!!!";
|
||||
|
||||
FileBasedOpenPgpStore aliceStore = new FileBasedOpenPgpStore(aliceStorePath);
|
||||
aliceStore.setKeyRingProtector(new UnprotectedKeysProtector());
|
||||
FileBasedOpenPgpStore bobStore = new FileBasedOpenPgpStore(bobStorePath);
|
||||
bobStore.setKeyRingProtector(new UnprotectedKeysProtector());
|
||||
|
||||
PainlessOpenPgpProvider aliceProvider = new PainlessOpenPgpProvider(aliceConnection, aliceStore);
|
||||
PainlessOpenPgpProvider bobProvider = new PainlessOpenPgpProvider(bobConnection, bobStore);
|
||||
|
||||
aliceOpenPgp = OpenPgpManager.getInstanceFor(aliceConnection);
|
||||
bobOpenPgp = OpenPgpManager.getInstanceFor(bobConnection);
|
||||
|
||||
OXInstantMessagingManager aliceInstantMessaging = OXInstantMessagingManager.getInstanceFor(aliceConnection);
|
||||
OXInstantMessagingManager bobInstantMessaging = OXInstantMessagingManager.getInstanceFor(bobConnection);
|
||||
|
||||
bobInstantMessaging.addOxMessageListener(new OxMessageListener() {
|
||||
@Override
|
||||
public void newIncomingOxMessage(OpenPgpContact contact, Message originalMessage, SigncryptElement decryptedPayload, OpenPgpMetadata metadata) {
|
||||
if (((Message.Body) decryptedPayload.getExtension(Message.Body.NAMESPACE)).getMessage().equals(body)) {
|
||||
bobReceivedMessage.signal();
|
||||
} else {
|
||||
bobReceivedMessage.signalFailure();
|
||||
}
|
||||
}
|
||||
});
|
||||
|
||||
aliceOpenPgp.setOpenPgpProvider(aliceProvider);
|
||||
bobOpenPgp.setOpenPgpProvider(bobProvider);
|
||||
|
||||
aliceFingerprint = aliceOpenPgp.generateAndImportKeyPair(alice);
|
||||
bobFingerprint = bobOpenPgp.generateAndImportKeyPair(bob);
|
||||
|
||||
aliceOpenPgp.announceSupportAndPublish();
|
||||
bobOpenPgp.announceSupportAndPublish();
|
||||
|
||||
OpenPgpContact bobForAlice = aliceOpenPgp.getOpenPgpContact(bob.asEntityBareJidIfPossible());
|
||||
OpenPgpContact aliceForBob = bobOpenPgp.getOpenPgpContact(alice.asEntityBareJidIfPossible());
|
||||
|
||||
bobForAlice.updateKeys(aliceConnection);
|
||||
|
||||
assertFalse(bobForAlice.isTrusted(bobFingerprint));
|
||||
assertFalse(aliceForBob.isTrusted(aliceFingerprint));
|
||||
|
||||
bobForAlice.trust(bobFingerprint);
|
||||
aliceForBob.trust(aliceFingerprint);
|
||||
|
||||
assertTrue(bobForAlice.isTrusted(bobFingerprint));
|
||||
assertTrue(aliceForBob.isTrusted(aliceFingerprint));
|
||||
|
||||
aliceInstantMessaging.sendOxMessage(bobForAlice, body);
|
||||
|
||||
bobReceivedMessage.waitForResult(timeout);
|
||||
}
|
||||
|
||||
@After
|
||||
public void deleteKeyMetadata()
|
||||
throws XMPPException.XMPPErrorException, SmackException.NotConnectedException, InterruptedException,
|
||||
SmackException.NoResponseException {
|
||||
OpenPgpPubSubUtil.deletePubkeysListNode(aliceConnection);
|
||||
OpenPgpPubSubUtil.deletePubkeysListNode(bobConnection);
|
||||
|
||||
if (aliceFingerprint != null) {
|
||||
OpenPgpPubSubUtil.deletePublicKeyNode(aliceConnection, aliceFingerprint);
|
||||
}
|
||||
if (bobFingerprint != null) {
|
||||
OpenPgpPubSubUtil.deletePublicKeyNode(bobConnection, bobFingerprint);
|
||||
}
|
||||
|
||||
if (aliceOpenPgp != null) {
|
||||
aliceOpenPgp.stopMetadataListener();
|
||||
}
|
||||
|
||||
if (bobOpenPgp != null) {
|
||||
bobOpenPgp.stopMetadataListener();
|
||||
}
|
||||
}
|
||||
}
|
|
@ -0,0 +1,23 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2018 Paul Schaub
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
/**
|
||||
* Integration Tests for Smacks support for XEP-0374: OpenPGP for XMPP: Instant Messaging.
|
||||
*
|
||||
* @see <a href="https://xmpp.org/extensions/xep-0374.html">
|
||||
* XEP-0374: OpenPGP for XMPP: Instant Messaging</a>
|
||||
*/
|
||||
package org.jivesoftware.smackx.ox_im;
|
19
smack-openpgp/build.gradle
Normal file
19
smack-openpgp/build.gradle
Normal file
|
@ -0,0 +1,19 @@
|
|||
description = """\
|
||||
Smack API for XEP-0373: OpenPGP for XMPP."""
|
||||
|
||||
repositories {
|
||||
mavenCentral()
|
||||
}
|
||||
|
||||
// Note that the test dependencies (junit, …) are inferred from the
|
||||
// sourceSet.test of the core subproject
|
||||
dependencies {
|
||||
compile project(':smack-core')
|
||||
compile project(':smack-extensions')
|
||||
compile project(':smack-experimental')
|
||||
|
||||
compile 'org.pgpainless:pgpainless-core:0.0.1-alpha2'
|
||||
|
||||
testCompile project(path: ":smack-core", configuration: "testRuntime")
|
||||
testCompile project(path: ":smack-core", configuration: "archives")
|
||||
}
|
|
@ -0,0 +1,417 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2018 Paul Schaub.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.jivesoftware.smackx.ox;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collections;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.HashSet;
|
||||
import java.util.Iterator;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
|
||||
import org.jivesoftware.smack.SmackException;
|
||||
import org.jivesoftware.smack.XMPPConnection;
|
||||
import org.jivesoftware.smack.XMPPException;
|
||||
import org.jivesoftware.smack.util.stringencoder.Base64;
|
||||
import org.jivesoftware.smackx.ox.element.PubkeyElement;
|
||||
import org.jivesoftware.smackx.ox.element.PublicKeysListElement;
|
||||
import org.jivesoftware.smackx.ox.exception.MissingUserIdOnKeyException;
|
||||
import org.jivesoftware.smackx.ox.selection_strategy.BareJidUserId;
|
||||
import org.jivesoftware.smackx.ox.store.definition.OpenPgpStore;
|
||||
import org.jivesoftware.smackx.ox.store.definition.OpenPgpTrustStore;
|
||||
import org.jivesoftware.smackx.ox.util.OpenPgpPubSubUtil;
|
||||
import org.jivesoftware.smackx.pubsub.LeafNode;
|
||||
import org.jivesoftware.smackx.pubsub.PubSubException;
|
||||
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
|
||||
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
|
||||
import org.jxmpp.jid.BareJid;
|
||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||
import org.pgpainless.util.BCUtil;
|
||||
|
||||
/**
|
||||
* The OpenPgpContact is sort of a specialized view on the OpenPgpStore, which gives you access to the information
|
||||
* about the user. It also allows contact-specific actions like fetching the contacts keys from PubSub etc.
|
||||
*/
|
||||
public class OpenPgpContact {
|
||||
|
||||
private final Logger LOGGER;
|
||||
|
||||
protected final BareJid jid;
|
||||
protected final OpenPgpStore store;
|
||||
protected final Map<OpenPgpV4Fingerprint, Throwable> unfetchableKeys = new HashMap<>();
|
||||
|
||||
/**
|
||||
* Create a new OpenPgpContact.
|
||||
*
|
||||
* @param jid {@link BareJid} of the contact.
|
||||
* @param store {@link OpenPgpStore}.
|
||||
*/
|
||||
public OpenPgpContact(BareJid jid, OpenPgpStore store) {
|
||||
this.jid = jid;
|
||||
this.store = store;
|
||||
LOGGER = Logger.getLogger(OpenPgpContact.class.getName() + ":" + jid.toString());
|
||||
}
|
||||
|
||||
/**
|
||||
* Return the jid of the contact.
|
||||
*
|
||||
* @return jid
|
||||
*/
|
||||
public BareJid getJid() {
|
||||
return jid;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return any available public keys of the user. The result might also contain outdated or invalid keys.
|
||||
*
|
||||
* @return any keys of the contact.
|
||||
*
|
||||
* @throws IOException IO is dangerous
|
||||
* @throws PGPException PGP is brittle
|
||||
*/
|
||||
public PGPPublicKeyRingCollection getAnyPublicKeys() throws IOException, PGPException {
|
||||
return store.getPublicKeysOf(jid);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return any announced public keys. This is the set returned by {@link #getAnyPublicKeys()} with non-announced
|
||||
* keys and keys which lack a user-id with the contacts jid removed.
|
||||
*
|
||||
* @return announced keys of the contact
|
||||
*
|
||||
* @throws IOException IO is dangerous
|
||||
* @throws PGPException PGP is brittle
|
||||
*/
|
||||
public PGPPublicKeyRingCollection getAnnouncedPublicKeys() throws IOException, PGPException {
|
||||
PGPPublicKeyRingCollection anyKeys = getAnyPublicKeys();
|
||||
Map<OpenPgpV4Fingerprint, Date> announced = store.getAnnouncedFingerprintsOf(jid);
|
||||
|
||||
BareJidUserId.PubRingSelectionStrategy userIdFilter = new BareJidUserId.PubRingSelectionStrategy();
|
||||
|
||||
PGPPublicKeyRingCollection announcedKeysCollection = null;
|
||||
for (OpenPgpV4Fingerprint announcedFingerprint : announced.keySet()) {
|
||||
PGPPublicKeyRing ring = anyKeys.getPublicKeyRing(announcedFingerprint.getKeyId());
|
||||
|
||||
if (ring == null) continue;
|
||||
|
||||
ring = BCUtil.removeUnassociatedKeysFromKeyRing(ring, ring.getPublicKey(announcedFingerprint.getKeyId()));
|
||||
|
||||
if (!userIdFilter.accept(getJid(), ring)) {
|
||||
LOGGER.log(Level.WARNING, "Ignore key " + Long.toHexString(ring.getPublicKey().getKeyID()) +
|
||||
" as it lacks the user-id \"xmpp" + getJid().toString() + "\"");
|
||||
continue;
|
||||
}
|
||||
|
||||
if (announcedKeysCollection == null) {
|
||||
announcedKeysCollection = new PGPPublicKeyRingCollection(Collections.singleton(ring));
|
||||
} else {
|
||||
announcedKeysCollection = PGPPublicKeyRingCollection.addPublicKeyRing(announcedKeysCollection, ring);
|
||||
}
|
||||
}
|
||||
|
||||
return announcedKeysCollection;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a {@link PGPPublicKeyRingCollection}, which contains all keys from {@code keys}, which are marked with the
|
||||
* {@link OpenPgpTrustStore.Trust} state of {@code trust}.
|
||||
*
|
||||
* @param keys {@link PGPPublicKeyRingCollection}
|
||||
* @param trust {@link OpenPgpTrustStore.Trust}
|
||||
*
|
||||
* @return all keys from {@code keys} with trust state {@code trust}.
|
||||
*
|
||||
* @throws IOException IO error
|
||||
*/
|
||||
protected PGPPublicKeyRingCollection getPublicKeysOfTrustState(PGPPublicKeyRingCollection keys,
|
||||
OpenPgpTrustStore.Trust trust)
|
||||
throws IOException {
|
||||
|
||||
if (keys == null) {
|
||||
return null;
|
||||
}
|
||||
|
||||
Set<PGPPublicKeyRing> toRemove = new HashSet<>();
|
||||
Iterator<PGPPublicKeyRing> iterator = keys.iterator();
|
||||
while (iterator.hasNext()) {
|
||||
PGPPublicKeyRing ring = iterator.next();
|
||||
OpenPgpV4Fingerprint fingerprint = new OpenPgpV4Fingerprint(ring);
|
||||
if (store.getTrust(getJid(), fingerprint) != trust) {
|
||||
toRemove.add(ring);
|
||||
}
|
||||
}
|
||||
|
||||
for (PGPPublicKeyRing ring : toRemove) {
|
||||
keys = PGPPublicKeyRingCollection.removePublicKeyRing(keys, ring);
|
||||
}
|
||||
|
||||
if (!keys.iterator().hasNext()) {
|
||||
return null;
|
||||
}
|
||||
|
||||
return keys;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a {@link PGPPublicKeyRingCollection} which contains all public keys of the contact, which are announced,
|
||||
* as well as marked as {@link OpenPgpStore.Trust#trusted}.
|
||||
*
|
||||
* @return announced, trusted keys.
|
||||
*
|
||||
* @throws IOException IO error
|
||||
* @throws PGPException PGP error
|
||||
*/
|
||||
public PGPPublicKeyRingCollection getTrustedAnnouncedKeys()
|
||||
throws IOException, PGPException {
|
||||
PGPPublicKeyRingCollection announced = getAnnouncedPublicKeys();
|
||||
PGPPublicKeyRingCollection trusted = getPublicKeysOfTrustState(announced, OpenPgpTrustStore.Trust.trusted);
|
||||
return trusted;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a {@link Set} of {@link OpenPgpV4Fingerprint}s of all keys of the contact, which have the trust state
|
||||
* {@link OpenPgpStore.Trust#trusted}.
|
||||
*
|
||||
* @return trusted fingerprints
|
||||
*
|
||||
* @throws IOException IO error
|
||||
* @throws PGPException PGP error
|
||||
*/
|
||||
public Set<OpenPgpV4Fingerprint> getTrustedFingerprints()
|
||||
throws IOException, PGPException {
|
||||
return getFingerprintsOfKeysWithState(getAnyPublicKeys(), OpenPgpTrustStore.Trust.trusted);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a {@link Set} of {@link OpenPgpV4Fingerprint}s of all keys of the contact, which have the trust state
|
||||
* {@link OpenPgpStore.Trust#untrusted}.
|
||||
*
|
||||
* @return untrusted fingerprints
|
||||
*
|
||||
* @throws IOException IO error
|
||||
* @throws PGPException PGP error
|
||||
*/
|
||||
public Set<OpenPgpV4Fingerprint> getUntrustedFingerprints()
|
||||
throws IOException, PGPException {
|
||||
return getFingerprintsOfKeysWithState(getAnyPublicKeys(), OpenPgpTrustStore.Trust.untrusted);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a {@link Set} of {@link OpenPgpV4Fingerprint}s of all keys of the contact, which have the trust state
|
||||
* {@link OpenPgpStore.Trust#undecided}.
|
||||
*
|
||||
* @return undecided fingerprints
|
||||
*
|
||||
* @throws IOException IO error
|
||||
* @throws PGPException PGP error
|
||||
*/
|
||||
public Set<OpenPgpV4Fingerprint> getUndecidedFingerprints()
|
||||
throws IOException, PGPException {
|
||||
return getFingerprintsOfKeysWithState(getAnyPublicKeys(), OpenPgpTrustStore.Trust.undecided);
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a {@link Set} of {@link OpenPgpV4Fingerprint}s of all keys in {@code publicKeys}, which are marked with the
|
||||
* {@link OpenPgpTrustStore.Trust} of {@code trust}.
|
||||
*
|
||||
* @param publicKeys {@link PGPPublicKeyRingCollection} of keys which are iterated.
|
||||
* @param trust {@link OpenPgpTrustStore.Trust} state.
|
||||
* @return {@link Set} of fingerprints
|
||||
*
|
||||
* @throws IOException IO error
|
||||
*/
|
||||
public Set<OpenPgpV4Fingerprint> getFingerprintsOfKeysWithState(PGPPublicKeyRingCollection publicKeys,
|
||||
OpenPgpTrustStore.Trust trust)
|
||||
throws IOException {
|
||||
PGPPublicKeyRingCollection keys = getPublicKeysOfTrustState(publicKeys, trust);
|
||||
Set<OpenPgpV4Fingerprint> fingerprints = new HashSet<>();
|
||||
|
||||
if (keys == null) {
|
||||
return fingerprints;
|
||||
}
|
||||
|
||||
for (PGPPublicKeyRing ring : keys) {
|
||||
fingerprints.add(new OpenPgpV4Fingerprint(ring));
|
||||
}
|
||||
|
||||
return fingerprints;
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine the {@link OpenPgpTrustStore.Trust} state of the key identified by the {@code fingerprint}.
|
||||
*
|
||||
* @param fingerprint {@link OpenPgpV4Fingerprint} of the key
|
||||
* @return trust record
|
||||
*
|
||||
* @throws IOException IO error
|
||||
*/
|
||||
public OpenPgpTrustStore.Trust getTrust(OpenPgpV4Fingerprint fingerprint)
|
||||
throws IOException {
|
||||
return store.getTrust(getJid(), fingerprint);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine, whether the key identified by the {@code fingerprint} is marked as
|
||||
* {@link OpenPgpTrustStore.Trust#trusted} or not.
|
||||
*
|
||||
* @param fingerprint {@link OpenPgpV4Fingerprint} of the key
|
||||
* @return true, if the key is marked as trusted, false otherwise
|
||||
*
|
||||
* @throws IOException IO error
|
||||
*/
|
||||
public boolean isTrusted(OpenPgpV4Fingerprint fingerprint)
|
||||
throws IOException {
|
||||
return getTrust(fingerprint) == OpenPgpTrustStore.Trust.trusted;
|
||||
}
|
||||
|
||||
/**
|
||||
* Mark a key as {@link OpenPgpStore.Trust#trusted}.
|
||||
*
|
||||
* @param fingerprint {@link OpenPgpV4Fingerprint} of the key to mark as trusted.
|
||||
*
|
||||
* @throws IOException IO error
|
||||
*/
|
||||
public void trust(OpenPgpV4Fingerprint fingerprint)
|
||||
throws IOException {
|
||||
store.setTrust(getJid(), fingerprint, OpenPgpTrustStore.Trust.trusted);
|
||||
}
|
||||
|
||||
/**
|
||||
* Mark a key as {@link OpenPgpStore.Trust#untrusted}.
|
||||
*
|
||||
* @param fingerprint {@link OpenPgpV4Fingerprint} of the key to mark as untrusted.
|
||||
*
|
||||
* @throws IOException IO error
|
||||
*/
|
||||
public void distrust(OpenPgpV4Fingerprint fingerprint)
|
||||
throws IOException {
|
||||
store.setTrust(getJid(), fingerprint, OpenPgpTrustStore.Trust.untrusted);
|
||||
}
|
||||
|
||||
/**
|
||||
* Determine, whether there are keys available, for which we did not yet decided whether to trust them or not.
|
||||
*
|
||||
* @return more than 0 keys with trust state {@link OpenPgpTrustStore.Trust#undecided}.
|
||||
*
|
||||
* @throws IOException I/O error reading the keys or trust records.
|
||||
* @throws PGPException PGP error reading the keys.
|
||||
*/
|
||||
public boolean hasUndecidedKeys()
|
||||
throws IOException, PGPException {
|
||||
return getUndecidedFingerprints().size() != 0;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return a {@link Map} of any unfetchable keys fingerprints and the cause of them not being fetched.
|
||||
*
|
||||
* @return unfetchable keys
|
||||
*/
|
||||
public Map<OpenPgpV4Fingerprint, Throwable> getUnfetchableKeys() {
|
||||
return new HashMap<>(unfetchableKeys);
|
||||
}
|
||||
|
||||
/**
|
||||
* Update the contacts keys by consulting the users PubSub nodes.
|
||||
* This method fetches the users metadata node and then tries to fetch any announced keys.
|
||||
*
|
||||
* @param connection our {@link XMPPConnection}.
|
||||
*
|
||||
* @throws InterruptedException In case the thread gets interrupted.
|
||||
* @throws SmackException.NotConnectedException in case the connection is not connected.
|
||||
* @throws SmackException.NoResponseException in case the server doesn't respond.
|
||||
* @throws XMPPException.XMPPErrorException in case of an XMPP protocol error.
|
||||
* @throws PubSubException.NotALeafNodeException in case the metadata node is not a {@link LeafNode}.
|
||||
* @throws PubSubException.NotAPubSubNodeException in case the metadata node is not a PubSub node.
|
||||
* @throws IOException IO is brittle.
|
||||
*/
|
||||
public void updateKeys(XMPPConnection connection) throws InterruptedException, SmackException.NotConnectedException,
|
||||
SmackException.NoResponseException, XMPPException.XMPPErrorException, PubSubException.NotALeafNodeException,
|
||||
PubSubException.NotAPubSubNodeException, IOException {
|
||||
PublicKeysListElement metadata = OpenPgpPubSubUtil.fetchPubkeysList(connection, getJid());
|
||||
if (metadata == null) {
|
||||
return;
|
||||
}
|
||||
|
||||
updateKeys(connection, metadata);
|
||||
}
|
||||
|
||||
/**
|
||||
* Update the contacts keys using a prefetched {@link PublicKeysListElement}.
|
||||
*
|
||||
* @param connection our {@link XMPPConnection}.
|
||||
* @param metadata pre-fetched OX metadata node of the contact.
|
||||
*
|
||||
* @throws InterruptedException in case the thread gets interrupted.
|
||||
* @throws SmackException.NotConnectedException in case the connection is not connected.
|
||||
* @throws SmackException.NoResponseException in case the server doesn't respond.
|
||||
* @throws IOException IO is dangerous.
|
||||
*/
|
||||
public void updateKeys(XMPPConnection connection, PublicKeysListElement metadata)
|
||||
throws InterruptedException, SmackException.NotConnectedException, SmackException.NoResponseException,
|
||||
IOException {
|
||||
|
||||
Map<OpenPgpV4Fingerprint, Date> fingerprintsAndDates = new HashMap<>();
|
||||
for (OpenPgpV4Fingerprint fingerprint : metadata.getMetadata().keySet()) {
|
||||
fingerprintsAndDates.put(fingerprint, metadata.getMetadata().get(fingerprint).getDate());
|
||||
}
|
||||
|
||||
store.setAnnouncedFingerprintsOf(getJid(), fingerprintsAndDates);
|
||||
Map<OpenPgpV4Fingerprint, Date> fetchDates = store.getPublicKeyFetchDates(getJid());
|
||||
|
||||
for (OpenPgpV4Fingerprint fingerprint : metadata.getMetadata().keySet()) {
|
||||
Date fetchDate = fetchDates.get(fingerprint);
|
||||
if (fetchDate != null && fingerprintsAndDates.get(fingerprint) != null && fetchDate.after(fingerprintsAndDates.get(fingerprint))) {
|
||||
LOGGER.log(Level.FINE, "Skip key " + Long.toHexString(fingerprint.getKeyId()) + " as we already have the most recent version. " +
|
||||
"Last announced: " + fingerprintsAndDates.get(fingerprint).toString() + " Last fetched: " + fetchDate.toString());
|
||||
continue;
|
||||
}
|
||||
try {
|
||||
PubkeyElement key = OpenPgpPubSubUtil.fetchPubkey(connection, getJid(), fingerprint);
|
||||
unfetchableKeys.remove(fingerprint);
|
||||
fetchDates.put(fingerprint, new Date());
|
||||
if (key == null) {
|
||||
LOGGER.log(Level.WARNING, "Public key " + Long.toHexString(fingerprint.getKeyId()) +
|
||||
" can not be imported: Is null");
|
||||
unfetchableKeys.put(fingerprint, new NullPointerException("Public key is null."));
|
||||
continue;
|
||||
}
|
||||
PGPPublicKeyRing keyRing = new PGPPublicKeyRing(Base64.decode(key.getDataElement().getB64Data()), new BcKeyFingerprintCalculator());
|
||||
store.importPublicKey(getJid(), keyRing);
|
||||
} catch (PubSubException.NotAPubSubNodeException | PubSubException.NotALeafNodeException |
|
||||
XMPPException.XMPPErrorException e) {
|
||||
LOGGER.log(Level.WARNING, "Error fetching public key " + Long.toHexString(fingerprint.getKeyId()), e);
|
||||
unfetchableKeys.put(fingerprint, e);
|
||||
} catch (PGPException | IOException e) {
|
||||
LOGGER.log(Level.WARNING, "Public key " + Long.toHexString(fingerprint.getKeyId()) +
|
||||
" can not be imported.", e);
|
||||
unfetchableKeys.put(fingerprint, e);
|
||||
} catch (MissingUserIdOnKeyException e) {
|
||||
LOGGER.log(Level.WARNING, "Public key " + Long.toHexString(fingerprint.getKeyId()) +
|
||||
" is missing the user-id \"xmpp:" + getJid() + "\". Refuse to import it.", e);
|
||||
unfetchableKeys.put(fingerprint, e);
|
||||
}
|
||||
}
|
||||
store.setPublicKeyFetchDates(getJid(), fetchDates);
|
||||
}
|
||||
}
|
|
@ -0,0 +1,709 @@
|
|||
/**
|
||||
*
|
||||
* Copyright 2017 Florian Schmaus, 2018 Paul Schaub.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.jivesoftware.smackx.ox;
|
||||
|
||||
import static org.jivesoftware.smackx.ox.util.OpenPgpPubSubUtil.PEP_NODE_PUBLIC_KEYS;
|
||||
import static org.jivesoftware.smackx.ox.util.OpenPgpPubSubUtil.PEP_NODE_PUBLIC_KEYS_NOTIFY;
|
||||
import static org.jivesoftware.smackx.ox.util.OpenPgpPubSubUtil.publishPublicKey;
|
||||
|
||||
import java.io.ByteArrayOutputStream;
|
||||
import java.io.IOException;
|
||||
import java.security.InvalidAlgorithmParameterException;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.NoSuchProviderException;
|
||||
import java.util.Date;
|
||||
import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.WeakHashMap;
|
||||
import java.util.logging.Level;
|
||||
import java.util.logging.Logger;
|
||||
|
||||
import org.jivesoftware.smack.Manager;
|
||||
import org.jivesoftware.smack.SmackException;
|
||||
import org.jivesoftware.smack.XMPPConnection;
|
||||
import org.jivesoftware.smack.XMPPException;
|
||||
import org.jivesoftware.smack.chat2.Chat;
|
||||
import org.jivesoftware.smack.chat2.ChatManager;
|
||||
import org.jivesoftware.smack.chat2.IncomingChatMessageListener;
|
||||
import org.jivesoftware.smack.packet.Message;
|
||||
import org.jivesoftware.smack.util.Async;
|
||||
import org.jivesoftware.smack.util.stringencoder.Base64;
|
||||
import org.jivesoftware.smackx.disco.ServiceDiscoveryManager;
|
||||
import org.jivesoftware.smackx.ox.callback.backup.AskForBackupCodeCallback;
|
||||
import org.jivesoftware.smackx.ox.callback.backup.DisplayBackupCodeCallback;
|
||||
import org.jivesoftware.smackx.ox.callback.backup.SecretKeyBackupSelectionCallback;
|
||||
import org.jivesoftware.smackx.ox.crypto.OpenPgpProvider;
|
||||
import org.jivesoftware.smackx.ox.element.CryptElement;
|
||||
import org.jivesoftware.smackx.ox.element.OpenPgpContentElement;
|
||||
import org.jivesoftware.smackx.ox.element.OpenPgpElement;
|
||||
import org.jivesoftware.smackx.ox.element.PubkeyElement;
|
||||
import org.jivesoftware.smackx.ox.element.PublicKeysListElement;
|
||||
import org.jivesoftware.smackx.ox.element.SecretkeyElement;
|
||||
import org.jivesoftware.smackx.ox.element.SignElement;
|
||||
import org.jivesoftware.smackx.ox.element.SigncryptElement;
|
||||
import org.jivesoftware.smackx.ox.exception.InvalidBackupCodeException;
|
||||
import org.jivesoftware.smackx.ox.exception.MissingOpenPgpKeyException;
|
||||
import org.jivesoftware.smackx.ox.exception.MissingUserIdOnKeyException;
|
||||
import org.jivesoftware.smackx.ox.exception.NoBackupFoundException;
|
||||
import org.jivesoftware.smackx.ox.listener.CryptElementReceivedListener;
|
||||
import org.jivesoftware.smackx.ox.listener.SignElementReceivedListener;
|
||||
import org.jivesoftware.smackx.ox.listener.SigncryptElementReceivedListener;
|
||||
import org.jivesoftware.smackx.ox.store.definition.OpenPgpStore;
|
||||
import org.jivesoftware.smackx.ox.store.definition.OpenPgpTrustStore;
|
||||
import org.jivesoftware.smackx.ox.util.OpenPgpPubSubUtil;
|
||||
import org.jivesoftware.smackx.ox.util.SecretKeyBackupHelper;
|
||||
import org.jivesoftware.smackx.pep.PEPListener;
|
||||
import org.jivesoftware.smackx.pep.PEPManager;
|
||||
import org.jivesoftware.smackx.pubsub.EventElement;
|
||||
import org.jivesoftware.smackx.pubsub.ItemsExtension;
|
||||
import org.jivesoftware.smackx.pubsub.LeafNode;
|
||||
import org.jivesoftware.smackx.pubsub.PayloadItem;
|
||||
import org.jivesoftware.smackx.pubsub.PubSubException;
|
||||
import org.jivesoftware.smackx.pubsub.PubSubFeature;
|
||||
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSecretKey;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRing;
|
||||
import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
|
||||
import org.bouncycastle.openpgp.operator.bc.BcKeyFingerprintCalculator;
|
||||
import org.jxmpp.jid.BareJid;
|
||||
import org.jxmpp.jid.EntityBareJid;
|
||||
import org.pgpainless.key.OpenPgpV4Fingerprint;
|
||||
import org.pgpainless.key.collection.PGPKeyRing;
|
||||
import org.pgpainless.key.protection.SecretKeyRingProtector;
|
||||
import org.pgpainless.util.BCUtil;
|
||||
import org.xmlpull.v1.XmlPullParserException;
|
||||
|
||||
/**
|
||||
* Entry point for Smacks API for OpenPGP for XMPP.
|
||||
*
|
||||
* <h2>Setup</h2>
|
||||
*
|
||||
* In order to use OpenPGP for XMPP in Smack, just follow the following procedure.<br>
|
||||
* <br>
|
||||
* First, acquire an instance of the {@link OpenPgpManager} for your {@link XMPPConnection} using
|
||||
* {@link #getInstanceFor(XMPPConnection)}.
|
||||
*
|
||||
* <pre>
|
||||
* {@code
|
||||
* OpenPgpManager openPgpManager = OpenPgpManager.getInstanceFor(connection);
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* You also need an {@link OpenPgpProvider}, as well as an {@link OpenPgpStore}.
|
||||
* The provider must be registered using {@link #setOpenPgpProvider(OpenPgpProvider)}.
|
||||
*
|
||||
* <pre>
|
||||
* {@code
|
||||
* OpenPgpStore store = new FileBasedOpenPgpStore(storePath);
|
||||
* OpenPgpProvider provider = new PainlessOpenPgpProvider(connection, store);
|
||||
* openPgpManager.setOpenPgpProvider(provider);
|
||||
* }
|
||||
* </pre>
|
||||
*
|
||||
* It is also advised to register a custom {@link SecretKeyRingProtector} using
|
||||
* {@link OpenPgpStore#setKeyRingProtector(SecretKeyRingProtector)} in order to be able to handle password protected
|
||||
* secret keys.<br>
|
||||
* <br>
|
||||
* Speaking of keys, you can now check, if you have any keys available in your {@link OpenPgpStore} by doing
|
||||
* {@link #hasSecretKeysAvailable()}.<br>
|
||||
* <br>
|
||||
* If you do, you can now announce support for OX and publish those keys using {@link #announceSupportAndPublish()}.<br>
|
||||
* <br>
|
||||
* Otherwise, you can either generate fresh keys using {@link #generateAndImportKeyPair(BareJid)},
|
||||
* or try to restore a secret key backup from your private PubSub node by doing
|
||||
* {@link #restoreSecretKeyServerBackup(AskForBackupCodeCallback)}.<br>
|
||||
* <br>
|
||||
* In any case you should still do an {@link #announceSupportAndPublish()} afterwards.
|
||||
* <br>
|
||||
* <br>
|
||||
* Contacts are represented by {@link OpenPgpContact}s in the context of OpenPGP for XMPP. You can get those by using
|
||||
* {@link #getOpenPgpContact(EntityBareJid)}. The main function of {@link OpenPgpContact}s is to bundle information
|
||||
* about the OpenPGP capabilities of a contact in one spot. The pendant to the {@link OpenPgpContact} is the
|
||||
* {@link OpenPgpSelf}, which encapsulates your own OpenPGP identity. Both classes can be used to acquire information
|
||||
* about the OpenPGP keys of a user.
|
||||
*
|
||||
* @see <a href="https://xmpp.org/extensions/xep-0373.html">
|
||||
* XEP-0373: OpenPGP for XMPP</a>
|
||||
*/
|
||||
public final class OpenPgpManager extends Manager {
|
||||
|
||||
private static final Logger LOGGER = Logger.getLogger(OpenPgpManager.class.getName());
|
||||
|
||||
/**
|
||||
* Map of instances.
|
||||
*/
|
||||
private static final Map<XMPPConnection, OpenPgpManager> INSTANCES = new WeakHashMap<>();
|
||||
|
||||
/**
|
||||
* {@link OpenPgpProvider} responsible for processing keys, encrypting and decrypting messages and so on.
|
||||
*/
|
||||
private OpenPgpProvider provider;
|
||||
|
||||
private final Set<SigncryptElementReceivedListener> signcryptElementReceivedListeners = new HashSet<>();
|
||||
private final Set<SignElementReceivedListener> signElementReceivedListeners = new HashSet<>();
|
||||
private final Set<CryptElementReceivedListener> cryptElementReceivedListeners = new HashSet<>();
|
||||
|
||||
/**
|
||||
* Private constructor to avoid instantiation without putting the object into {@code INSTANCES}.
|
||||
*
|
||||
* @param connection xmpp connection.
|
||||
*/
|
||||
private OpenPgpManager(XMPPConnection connection) {
|
||||
super(connection);
|
||||
ChatManager.getInstanceFor(connection).addIncomingListener(incomingOpenPgpMessageListener);
|
||||
}
|
||||
|
||||
/**
|
||||
* Get the instance of the {@link OpenPgpManager} which belongs to the {@code connection}.
|
||||
*
|
||||
* @param connection xmpp connection.
|
||||
* @return instance of the manager.
|
||||
*/
|
||||
public static OpenPgpManager getInstanceFor(XMPPConnection connection) {
|
||||
OpenPgpManager manager = INSTANCES.get(connection);
|
||||
if (manager == null) {
|
||||
manager = new OpenPgpManager(connection);
|
||||
INSTANCES.put(connection, manager);
|
||||
}
|
||||
return manager;
|
||||
}
|
||||
|
||||
/**
|
||||
* Return our own {@link BareJid}.
|
||||
*
|
||||
* @return our bareJid
|
||||
*
|
||||
* @throws SmackException.NotLoggedInException in case < |