From 62c9f8bdcfca73632839aaa73bd100b4b6f3e377 Mon Sep 17 00:00:00 2001 From: StevenWdV Date: Wed, 9 Feb 2022 00:40:38 +0100 Subject: Fix Android wrapper --- .../src/main/java/org/eduvpn/common/Discovery.java | 80 +++++++++++++++++++++ .../eduvpn/common/InvalidSignatureException.java | 8 +++ .../InvalidSignatureUnknownKeyException.java | 8 +++ .../eduvpn/common/SignatureTooOldException.java | 8 +++ .../org/eduvpn/common/UnknownVerifyException.java | 9 +++ .../java/org/eduvpn/common/VerifyException.java | 8 +++ .../src/main/java/nl/eduvpn/common/Discovery.java | 81 ---------------------- .../eduvpn/common/InvalidSignatureException.java | 8 --- .../InvalidSignatureUnknownKeyException.java | 8 --- .../nl/eduvpn/common/SignatureTooOldException.java | 8 --- .../nl/eduvpn/common/UnknownVerifyException.java | 9 --- .../java/nl/eduvpn/common/VerifyException.java | 8 --- 12 files changed, 121 insertions(+), 122 deletions(-) create mode 100644 wrappers/java-android/lib/src/main/java/org/eduvpn/common/Discovery.java create mode 100644 wrappers/java-android/lib/src/main/java/org/eduvpn/common/InvalidSignatureException.java create mode 100644 wrappers/java-android/lib/src/main/java/org/eduvpn/common/InvalidSignatureUnknownKeyException.java create mode 100644 wrappers/java-android/lib/src/main/java/org/eduvpn/common/SignatureTooOldException.java create mode 100644 wrappers/java-android/lib/src/main/java/org/eduvpn/common/UnknownVerifyException.java create mode 100644 wrappers/java-android/lib/src/main/java/org/eduvpn/common/VerifyException.java delete mode 100644 wrappers/java/src/main/java/nl/eduvpn/common/Discovery.java delete mode 100644 wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureException.java delete mode 100644 wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureUnknownKeyException.java delete mode 100644 wrappers/java/src/main/java/nl/eduvpn/common/SignatureTooOldException.java delete mode 100644 wrappers/java/src/main/java/nl/eduvpn/common/UnknownVerifyException.java delete mode 100644 wrappers/java/src/main/java/nl/eduvpn/common/VerifyException.java diff --git a/wrappers/java-android/lib/src/main/java/org/eduvpn/common/Discovery.java b/wrappers/java-android/lib/src/main/java/org/eduvpn/common/Discovery.java new file mode 100644 index 0000000..dfeef71 --- /dev/null +++ b/wrappers/java-android/lib/src/main/java/org/eduvpn/common/Discovery.java @@ -0,0 +1,80 @@ +package org.eduvpn.common; + +import com.sun.jna.*; + +import java.nio.charset.StandardCharsets; + +public final class Discovery { + private static final String LIB_NAME = "eduvpn_common"; + private static final NativeApi discovery = Native.load(LIB_NAME, NativeApi.class); + + /** + * Verifies the signature on the JSON server_list.json/organization_list.json file. + * If the function returns, the signature is valid for the given file type. + * + * @param signature .minisig signature file contents. + * @param signedJson Signed .json file contents. + * @param expectedFileName The file type to be verified, one of {@code "server_list.json"} or {@code "organization_list.json"}. + * @param minSignTime Minimum time for signature (UNIX timestamp, seconds). Should be set to at least the time of the previous signature. + * @throws IllegalArgumentException If {@code expectedFileName} is not one of the allowed values or one of the parameters is empty. + * @throws VerifyException If signature verification fails. + */ + public static void verify(byte[] signature, byte[] signedJson, String expectedFileName, long minSignTime) throws VerifyException { + byte err = discovery.Verify(NativeApi.GoSlice.fromArray(signature), NativeApi.GoSlice.fromArray(signedJson), + NativeApi.GoSlice.fromString(expectedFileName), minSignTime); + + switch (err) { + case 0: + return; + case 1: + throw new IllegalArgumentException("unknown expected file name"); + case 2: + throw new InvalidSignatureException(); + case 3: + throw new InvalidSignatureUnknownKeyException(); + case 4: + throw new SignatureTooOldException(); + default: + throw new UnknownVerifyException(err); + } + } + + /** Use for testing only, see Go documentation. */ + /*package-private*/ + static void insecureTestingSetExtraKey(String keyString) { + discovery.InsecureTestingSetExtraKey(NativeApi.GoSlice.fromArray(keyString.getBytes(StandardCharsets.UTF_8))); + } + + private interface NativeApi extends Library { + // C-compatible structure + @Structure.FieldOrder({"data", "len", "cap"}) + class GoSlice extends Structure implements Structure.ByValue { + public Pointer data; + public long len, cap; + + public GoSlice(Pointer data, long len, long cap) { + this.data = data; + this.len = len; + this.cap = cap; + } + + public static GoSlice fromArray(byte[] bytes) { + Memory memory = new Memory(bytes.length); + memory.write(0, bytes, 0, bytes.length); + return new GoSlice(memory, bytes.length, bytes.length); + } + + /** From string as UTF-8. */ + public static GoSlice fromString(String str) { + return fromArray(str.getBytes(StandardCharsets.UTF_8)); + } + } + + byte Verify(GoSlice signatureFileContent, GoSlice signedJson, GoSlice expectedFileName, long minSignTime); + + void InsecureTestingSetExtraKey(GoSlice keyString); + } + + private Discovery() { + } +} diff --git a/wrappers/java-android/lib/src/main/java/org/eduvpn/common/InvalidSignatureException.java b/wrappers/java-android/lib/src/main/java/org/eduvpn/common/InvalidSignatureException.java new file mode 100644 index 0000000..b739dd7 --- /dev/null +++ b/wrappers/java-android/lib/src/main/java/org/eduvpn/common/InvalidSignatureException.java @@ -0,0 +1,8 @@ +package org.eduvpn.common; + +/** Signature is invalid (for the expected file type). */ +public final class InvalidSignatureException extends VerifyException { + public InvalidSignatureException() { + super("invalid signature"); + } +} diff --git a/wrappers/java-android/lib/src/main/java/org/eduvpn/common/InvalidSignatureUnknownKeyException.java b/wrappers/java-android/lib/src/main/java/org/eduvpn/common/InvalidSignatureUnknownKeyException.java new file mode 100644 index 0000000..6d651e5 --- /dev/null +++ b/wrappers/java-android/lib/src/main/java/org/eduvpn/common/InvalidSignatureUnknownKeyException.java @@ -0,0 +1,8 @@ +package org.eduvpn.common; + +/** Signature was created with an unknown key and has not been verified. */ +public final class InvalidSignatureUnknownKeyException extends VerifyException { + public InvalidSignatureUnknownKeyException() { + super("invalid signature (unknown key)"); + } +} diff --git a/wrappers/java-android/lib/src/main/java/org/eduvpn/common/SignatureTooOldException.java b/wrappers/java-android/lib/src/main/java/org/eduvpn/common/SignatureTooOldException.java new file mode 100644 index 0000000..c89136f --- /dev/null +++ b/wrappers/java-android/lib/src/main/java/org/eduvpn/common/SignatureTooOldException.java @@ -0,0 +1,8 @@ +package org.eduvpn.common; + +/** Signature timestamp smaller than specified minimum signing time (rollback). */ +public final class SignatureTooOldException extends VerifyException { + public SignatureTooOldException() { + super("replay of previous signature (rollback)"); + } +} diff --git a/wrappers/java-android/lib/src/main/java/org/eduvpn/common/UnknownVerifyException.java b/wrappers/java-android/lib/src/main/java/org/eduvpn/common/UnknownVerifyException.java new file mode 100644 index 0000000..80b74ea --- /dev/null +++ b/wrappers/java-android/lib/src/main/java/org/eduvpn/common/UnknownVerifyException.java @@ -0,0 +1,9 @@ +package org.eduvpn.common; + +/** Other unknown error. */ +public final class UnknownVerifyException extends VerifyException { + public UnknownVerifyException(byte code) { + super(String.format("unknown verify error (%d)", code)); + assert code != 0; + } +} diff --git a/wrappers/java-android/lib/src/main/java/org/eduvpn/common/VerifyException.java b/wrappers/java-android/lib/src/main/java/org/eduvpn/common/VerifyException.java new file mode 100644 index 0000000..686ea41 --- /dev/null +++ b/wrappers/java-android/lib/src/main/java/org/eduvpn/common/VerifyException.java @@ -0,0 +1,8 @@ +package org.eduvpn.common; + +/** Verification failed, do not trust the file. */ +public abstract class VerifyException extends Exception { + protected VerifyException(String message) { + super(message); + } +} diff --git a/wrappers/java/src/main/java/nl/eduvpn/common/Discovery.java b/wrappers/java/src/main/java/nl/eduvpn/common/Discovery.java deleted file mode 100644 index 69308c8..0000000 --- a/wrappers/java/src/main/java/nl/eduvpn/common/Discovery.java +++ /dev/null @@ -1,81 +0,0 @@ -package nl.eduvpn.common; - -import com.sun.jna.*; - -import java.nio.charset.StandardCharsets; -import java.time.Instant; - -public final class Discovery { - private static final String LIB_NAME = "eduvpn_common"; - private static final NativeApi discovery = Native.load(LIB_NAME, NativeApi.class); - - /** - * Verifies the signature on the JSON server_list.json/organization_list.json file. - * If the function returns, the signature is valid for the given file type. - * - * @param signature .minisig signature file contents. - * @param signedJson Signed .json file contents. - * @param expectedFileName The file type to be verified, one of {@code "server_list.json"} or {@code "organization_list.json"}. - * @param minSignTime Minimum time for signature. Should be set to at least the time of the previous signature. - * @throws IllegalArgumentException If {@code expectedFileName} is not one of the allowed values or one of the parameters is empty. - * @throws VerifyException If signature verification fails. - */ - public static void verify(byte[] signature, byte[] signedJson, String expectedFileName, Instant minSignTime) throws VerifyException { - byte err = discovery.Verify(NativeApi.GoSlice.fromArray(signature), NativeApi.GoSlice.fromArray(signedJson), - NativeApi.GoSlice.fromString(expectedFileName), minSignTime.getEpochSecond()); - - switch (err) { - case 0: - return; - case 1: - throw new IllegalArgumentException("unknown expected file name"); - case 2: - throw new InvalidSignatureException(); - case 3: - throw new InvalidSignatureUnknownKeyException(); - case 4: - throw new SignatureTooOldException(); - default: - throw new UnknownVerifyException(err); - } - } - - /** Use for testing only, see Go documentation. */ - /*package-private*/ - static void insecureTestingSetExtraKey(String keyString) { - discovery.InsecureTestingSetExtraKey(NativeApi.GoSlice.fromArray(keyString.getBytes(StandardCharsets.UTF_8))); - } - - private interface NativeApi extends Library { - // C-compatible structure - @Structure.FieldOrder({"data", "len", "cap"}) - class GoSlice extends Structure implements Structure.ByValue { - public Pointer data; - public long len, cap; - - public GoSlice(Pointer data, long len, long cap) { - this.data = data; - this.len = len; - this.cap = cap; - } - - public static GoSlice fromArray(byte[] bytes) { - Memory memory = new Memory(bytes.length); - memory.write(0, bytes, 0, bytes.length); - return new GoSlice(memory, bytes.length, bytes.length); - } - - /** From string as UTF-8. */ - public static GoSlice fromString(String str) { - return fromArray(str.getBytes(StandardCharsets.UTF_8)); - } - } - - byte Verify(GoSlice signatureFileContent, GoSlice signedJson, GoSlice expectedFileName, long minSignTime); - - void InsecureTestingSetExtraKey(GoSlice keyString); - } - - private Discovery() { - } -} diff --git a/wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureException.java b/wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureException.java deleted file mode 100644 index e531206..0000000 --- a/wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureException.java +++ /dev/null @@ -1,8 +0,0 @@ -package nl.eduvpn.common; - -/** Signature is invalid (for the expected file type). */ -public final class InvalidSignatureException extends VerifyException { - public InvalidSignatureException() { - super("invalid signature"); - } -} diff --git a/wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureUnknownKeyException.java b/wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureUnknownKeyException.java deleted file mode 100644 index 8eaf661..0000000 --- a/wrappers/java/src/main/java/nl/eduvpn/common/InvalidSignatureUnknownKeyException.java +++ /dev/null @@ -1,8 +0,0 @@ -package nl.eduvpn.common; - -/** Signature was created with an unknown key and has not been verified. */ -public final class InvalidSignatureUnknownKeyException extends VerifyException { - public InvalidSignatureUnknownKeyException() { - super("invalid signature (unknown key)"); - } -} diff --git a/wrappers/java/src/main/java/nl/eduvpn/common/SignatureTooOldException.java b/wrappers/java/src/main/java/nl/eduvpn/common/SignatureTooOldException.java deleted file mode 100644 index c40c718..0000000 --- a/wrappers/java/src/main/java/nl/eduvpn/common/SignatureTooOldException.java +++ /dev/null @@ -1,8 +0,0 @@ -package nl.eduvpn.common; - -/** Signature timestamp smaller than specified minimum signing time (rollback). */ -public final class SignatureTooOldException extends VerifyException { - public SignatureTooOldException() { - super("replay of previous signature (rollback)"); - } -} diff --git a/wrappers/java/src/main/java/nl/eduvpn/common/UnknownVerifyException.java b/wrappers/java/src/main/java/nl/eduvpn/common/UnknownVerifyException.java deleted file mode 100644 index fa76a44..0000000 --- a/wrappers/java/src/main/java/nl/eduvpn/common/UnknownVerifyException.java +++ /dev/null @@ -1,9 +0,0 @@ -package nl.eduvpn.common; - -/** Other unknown error. */ -public final class UnknownVerifyException extends VerifyException { - public UnknownVerifyException(byte code) { - super(String.format("unknown verify error (%d)", code)); - assert code != 0; - } -} diff --git a/wrappers/java/src/main/java/nl/eduvpn/common/VerifyException.java b/wrappers/java/src/main/java/nl/eduvpn/common/VerifyException.java deleted file mode 100644 index 71ea290..0000000 --- a/wrappers/java/src/main/java/nl/eduvpn/common/VerifyException.java +++ /dev/null @@ -1,8 +0,0 @@ -package nl.eduvpn.common; - -/** Verification failed, do not trust the file. */ -public abstract class VerifyException extends Exception { - protected VerifyException(String message) { - super(message); - } -} -- cgit v1.2.3