diff options
Diffstat (limited to 'app/src/main/java/org/pacien/tincapp/utils/PemUtils.kt')
-rw-r--r-- | app/src/main/java/org/pacien/tincapp/utils/PemUtils.kt | 94 |
1 files changed, 94 insertions, 0 deletions
diff --git a/app/src/main/java/org/pacien/tincapp/utils/PemUtils.kt b/app/src/main/java/org/pacien/tincapp/utils/PemUtils.kt new file mode 100644 index 0000000..e7bac9e --- /dev/null +++ b/app/src/main/java/org/pacien/tincapp/utils/PemUtils.kt | |||
@@ -0,0 +1,94 @@ | |||
1 | /* | ||
2 | * Tinc App, an Android binding and user interface for the tinc mesh VPN daemon | ||
3 | * Copyright (C) 2017-2018 Pacien TRAN-GIRARD | ||
4 | * | ||
5 | * This program is free software: you can redistribute it and/or modify | ||
6 | * it under the terms of the GNU General Public License as published by | ||
7 | * the Free Software Foundation, either version 3 of the License, or | ||
8 | * (at your option) any later version. | ||
9 | * | ||
10 | * This program is distributed in the hope that it will be useful, | ||
11 | * but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
12 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
13 | * GNU General Public License for more details. | ||
14 | * | ||
15 | * You should have received a copy of the GNU General Public License | ||
16 | * along with this program. If not, see <https://www.gnu.org/licenses/>. | ||
17 | */ | ||
18 | |||
19 | package org.pacien.tincapp.utils | ||
20 | |||
21 | import org.bouncycastle.openssl.PEMException | ||
22 | import org.bouncycastle.openssl.PEMParser | ||
23 | import org.bouncycastle.openssl.jcajce.JcaPEMWriter | ||
24 | import org.bouncycastle.openssl.jcajce.JcePEMDecryptorProviderBuilder | ||
25 | import org.bouncycastle.openssl.jcajce.JcePEMEncryptorBuilder | ||
26 | import org.bouncycastle.util.encoders.Hex | ||
27 | import org.bouncycastle.util.io.pem.PemHeader | ||
28 | import org.bouncycastle.util.io.pem.PemObject | ||
29 | import java.io.File | ||
30 | import java.io.FileReader | ||
31 | import java.io.Writer | ||
32 | |||
33 | /** | ||
34 | * @author pacien | ||
35 | */ | ||
36 | object PemUtils { | ||
37 | private const val DEK_INFO_HEADER_KEY = "DEK-Info" | ||
38 | private const val ALGORITHM = "AES-256-CBC" | ||
39 | private val PROVIDER = org.bouncycastle.jce.provider.BouncyCastleProvider() | ||
40 | private val ENCRYPTED_PROC_TYPE_HEADER = PemHeader("Proc-Type", "4,ENCRYPTED") | ||
41 | |||
42 | private class DekInfo(val algName: String, val iv: ByteArray) | ||
43 | |||
44 | private fun dekInfoHeader(iv: ByteArray) = PemHeader(DEK_INFO_HEADER_KEY, "$ALGORITHM,${Hex.toHexString(iv)}") | ||
45 | |||
46 | private fun PemObject.getPemHeaders() = headers.map { headerObj -> headerObj as PemHeader } | ||
47 | |||
48 | private fun PemObject.dekInfo() = try { | ||
49 | getPemHeaders() | ||
50 | .find { header -> header.name == DEK_INFO_HEADER_KEY }!! | ||
51 | .value!! | ||
52 | .split(',') | ||
53 | .let { headerParts -> DekInfo(headerParts[0], Hex.decode(headerParts[1])) } | ||
54 | } catch (e: Exception) { | ||
55 | throw PEMException("Malformed DEK-Info header.", e) | ||
56 | } | ||
57 | |||
58 | private fun encryptor(passPhrase: String) = | ||
59 | JcePEMEncryptorBuilder(ALGORITHM) | ||
60 | .setProvider(PROVIDER) | ||
61 | .build(passPhrase.toCharArray())!! | ||
62 | |||
63 | private fun decryptor(algName: String, passPhrase: String?) = | ||
64 | JcePEMDecryptorProviderBuilder() | ||
65 | .setProvider(PROVIDER) | ||
66 | .build(passPhrase?.toCharArray()) | ||
67 | .get(algName)!! | ||
68 | |||
69 | fun read(f: File) = PEMParser(FileReader(f)).readPemObject()!! | ||
70 | |||
71 | fun write(obj: PemObject, out: Writer) = | ||
72 | JcaPEMWriter(out) | ||
73 | .apply { writeObject(obj) } | ||
74 | .apply { close() } | ||
75 | |||
76 | fun isEncrypted(obj: PemObject) = obj.headers.contains(ENCRYPTED_PROC_TYPE_HEADER) | ||
77 | |||
78 | fun encrypt(obj: PemObject, passPhrase: String): PemObject { | ||
79 | val encryptor = encryptor(passPhrase) | ||
80 | val headers = listOf(ENCRYPTED_PROC_TYPE_HEADER, dekInfoHeader(encryptor.iv)) | ||
81 | val body = encryptor.encrypt(obj.content) | ||
82 | return PemObject(obj.type, headers, body) | ||
83 | } | ||
84 | |||
85 | fun decrypt(obj: PemObject, passPhrase: String?): PemObject = | ||
86 | if (isEncrypted(obj)) { | ||
87 | val dekInfo = obj.dekInfo() | ||
88 | val decryptor = decryptor(dekInfo.algName, passPhrase) | ||
89 | val body = decryptor.decrypt(obj.content, dekInfo.iv) | ||
90 | PemObject(obj.type, body) | ||
91 | } else { | ||
92 | obj | ||
93 | } | ||
94 | } | ||