The Tor Browser / annotate

mobile/android/base/fxa/login/StateFactory.java@fc2d59ddac77 (annotated)

mobile/android/base/fxa/login/StateFactory.java

Wed, 31 Dec 2014 07:22:50 +0100

author
Michael Schloh von Bennewitz <michael@schloh.com>
date
Wed, 31 Dec 2014 07:22:50 +0100
branch
TOR_BUG_3246
changeset 4
fc2d59ddac77
permissions
-rw-r--r--

Correct previous dual key logic pending first delivery installment.

michael@0 1 /* This Source Code Form is subject to the terms of the Mozilla Public
michael@0 2 * License, v. 2.0. If a copy of the MPL was not distributed with this
michael@0 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */
michael@0 4
michael@0 5 package org.mozilla.gecko.fxa.login;
michael@0 6
michael@0 7 import java.security.NoSuchAlgorithmException;
michael@0 8 import java.security.spec.InvalidKeySpecException;
michael@0 9
michael@0 10 import org.mozilla.gecko.background.common.log.Logger;
michael@0 11 import org.mozilla.gecko.browserid.BrowserIDKeyPair;
michael@0 12 import org.mozilla.gecko.browserid.DSACryptoImplementation;
michael@0 13 import org.mozilla.gecko.browserid.RSACryptoImplementation;
michael@0 14 import org.mozilla.gecko.fxa.FxAccountConstants;
michael@0 15 import org.mozilla.gecko.fxa.login.State.StateLabel;
michael@0 16 import org.mozilla.gecko.sync.ExtendedJSONObject;
michael@0 17 import org.mozilla.gecko.sync.NonObjectJSONException;
michael@0 18 import org.mozilla.gecko.sync.Utils;
michael@0 19
michael@0 20 /**
michael@0 21 * Create {@link State} instances from serialized representations.
michael@0 22 * <p>
michael@0 23 * Version 1 recognizes 5 state labels (Engaged, Cohabiting, Married, Separated,
michael@0 24 * Doghouse). In the Cohabiting and Married states, the associated key pairs are
michael@0 25 * always RSA key pairs.
michael@0 26 * <p>
michael@0 27 * Version 2 is identical to version 1, except that in the Cohabiting and
michael@0 28 * Married states, the associated keypairs are always DSA key pairs.
michael@0 29 */
michael@0 30 public class StateFactory {
michael@0 31 private static final String LOG_TAG = StateFactory.class.getSimpleName();
michael@0 32
michael@0 33 private static final int KEY_PAIR_SIZE_IN_BITS_V1 = 1024;
michael@0 34
michael@0 35 public static BrowserIDKeyPair generateKeyPair() throws NoSuchAlgorithmException {
michael@0 36 // New key pairs are always DSA.
michael@0 37 return DSACryptoImplementation.generateKeyPair(KEY_PAIR_SIZE_IN_BITS_V1);
michael@0 38 }
michael@0 39
michael@0 40 protected static BrowserIDKeyPair keyPairFromJSONObjectV1(ExtendedJSONObject o) throws InvalidKeySpecException, NoSuchAlgorithmException {
michael@0 41 // V1 key pairs are RSA.
michael@0 42 return RSACryptoImplementation.fromJSONObject(o);
michael@0 43 }
michael@0 44
michael@0 45 protected static BrowserIDKeyPair keyPairFromJSONObjectV2(ExtendedJSONObject o) throws InvalidKeySpecException, NoSuchAlgorithmException {
michael@0 46 // V2 key pairs are DSA.
michael@0 47 return DSACryptoImplementation.fromJSONObject(o);
michael@0 48 }
michael@0 49
michael@0 50 public static State fromJSONObject(StateLabel stateLabel, ExtendedJSONObject o) throws InvalidKeySpecException, NoSuchAlgorithmException, NonObjectJSONException {
michael@0 51 Long version = o.getLong("version");
michael@0 52 if (version == null) {
michael@0 53 throw new IllegalStateException("version must not be null");
michael@0 54 }
michael@0 55
michael@0 56 final int v = version.intValue();
michael@0 57 if (v == 2) {
michael@0 58 // The most common case is the most recent version.
michael@0 59 return fromJSONObjectV2(stateLabel, o);
michael@0 60 }
michael@0 61 if (v == 1) {
michael@0 62 final State state = fromJSONObjectV1(stateLabel, o);
michael@0 63 return migrateV1toV2(stateLabel, state);
michael@0 64 }
michael@0 65 throw new IllegalStateException("version must be in {1, 2}");
michael@0 66 }
michael@0 67
michael@0 68 protected static State fromJSONObjectV1(StateLabel stateLabel, ExtendedJSONObject o) throws InvalidKeySpecException, NoSuchAlgorithmException, NonObjectJSONException {
michael@0 69 switch (stateLabel) {
michael@0 70 case Engaged:
michael@0 71 return new Engaged(
michael@0 72 o.getString("email"),
michael@0 73 o.getString("uid"),
michael@0 74 o.getBoolean("verified"),
michael@0 75 Utils.hex2Byte(o.getString("unwrapkB")),
michael@0 76 Utils.hex2Byte(o.getString("sessionToken")),
michael@0 77 Utils.hex2Byte(o.getString("keyFetchToken")));
michael@0 78 case Cohabiting:
michael@0 79 return new Cohabiting(
michael@0 80 o.getString("email"),
michael@0 81 o.getString("uid"),
michael@0 82 Utils.hex2Byte(o.getString("sessionToken")),
michael@0 83 Utils.hex2Byte(o.getString("kA")),
michael@0 84 Utils.hex2Byte(o.getString("kB")),
michael@0 85 keyPairFromJSONObjectV1(o.getObject("keyPair")));
michael@0 86 case Married:
michael@0 87 return new Married(
michael@0 88 o.getString("email"),
michael@0 89 o.getString("uid"),
michael@0 90 Utils.hex2Byte(o.getString("sessionToken")),
michael@0 91 Utils.hex2Byte(o.getString("kA")),
michael@0 92 Utils.hex2Byte(o.getString("kB")),
michael@0 93 keyPairFromJSONObjectV1(o.getObject("keyPair")),
michael@0 94 o.getString("certificate"));
michael@0 95 case Separated:
michael@0 96 return new Separated(
michael@0 97 o.getString("email"),
michael@0 98 o.getString("uid"),
michael@0 99 o.getBoolean("verified"));
michael@0 100 case Doghouse:
michael@0 101 return new Doghouse(
michael@0 102 o.getString("email"),
michael@0 103 o.getString("uid"),
michael@0 104 o.getBoolean("verified"));
michael@0 105 default:
michael@0 106 throw new IllegalStateException("unrecognized state label: " + stateLabel);
michael@0 107 }
michael@0 108 }
michael@0 109
michael@0 110 /**
michael@0 111 * Exactly the same as {@link fromJSONObjectV1}, except that all key pairs are DSA key pairs.
michael@0 112 */
michael@0 113 protected static State fromJSONObjectV2(StateLabel stateLabel, ExtendedJSONObject o) throws InvalidKeySpecException, NoSuchAlgorithmException, NonObjectJSONException {
michael@0 114 switch (stateLabel) {
michael@0 115 case Cohabiting:
michael@0 116 return new Cohabiting(
michael@0 117 o.getString("email"),
michael@0 118 o.getString("uid"),
michael@0 119 Utils.hex2Byte(o.getString("sessionToken")),
michael@0 120 Utils.hex2Byte(o.getString("kA")),
michael@0 121 Utils.hex2Byte(o.getString("kB")),
michael@0 122 keyPairFromJSONObjectV2(o.getObject("keyPair")));
michael@0 123 case Married:
michael@0 124 return new Married(
michael@0 125 o.getString("email"),
michael@0 126 o.getString("uid"),
michael@0 127 Utils.hex2Byte(o.getString("sessionToken")),
michael@0 128 Utils.hex2Byte(o.getString("kA")),
michael@0 129 Utils.hex2Byte(o.getString("kB")),
michael@0 130 keyPairFromJSONObjectV2(o.getObject("keyPair")),
michael@0 131 o.getString("certificate"));
michael@0 132 default:
michael@0 133 return fromJSONObjectV1(stateLabel, o);
michael@0 134 }
michael@0 135 }
michael@0 136
michael@0 137 protected static void logMigration(State from, State to) {
michael@0 138 if (!FxAccountConstants.LOG_PERSONAL_INFORMATION) {
michael@0 139 return;
michael@0 140 }
michael@0 141 try {
michael@0 142 FxAccountConstants.pii(LOG_TAG, "V1 persisted state is: " + from.toJSONObject().toJSONString());
michael@0 143 } catch (Exception e) {
michael@0 144 Logger.warn(LOG_TAG, "Error producing JSON representation of V1 state.", e);
michael@0 145 }
michael@0 146 FxAccountConstants.pii(LOG_TAG, "Generated new V2 state: " + to.toJSONObject().toJSONString());
michael@0 147 }
michael@0 148
michael@0 149 protected static State migrateV1toV2(StateLabel stateLabel, State state) throws NoSuchAlgorithmException {
michael@0 150 if (state == null) {
michael@0 151 // This should never happen, but let's be careful.
michael@0 152 Logger.error(LOG_TAG, "Got null state in migrateV1toV2; returning null.");
michael@0 153 return state;
michael@0 154 }
michael@0 155
michael@0 156 Logger.info(LOG_TAG, "Migrating V1 persisted State to V2; stateLabel: " + stateLabel);
michael@0 157
michael@0 158 // In V1, we use an RSA keyPair. In V2, we use a DSA keyPair. Only
michael@0 159 // Cohabiting and Married states have a persisted keyPair at all; all
michael@0 160 // other states need no conversion at all.
michael@0 161 switch (stateLabel) {
michael@0 162 case Cohabiting: {
michael@0 163 // In the Cohabiting state, we can just generate a new key pair and move on.
michael@0 164 final Cohabiting cohabiting = (Cohabiting) state;
michael@0 165 final BrowserIDKeyPair keyPair = generateKeyPair();
michael@0 166 final State migrated = new Cohabiting(cohabiting.email, cohabiting.uid, cohabiting.sessionToken, cohabiting.kA, cohabiting.kB, keyPair);
michael@0 167 logMigration(cohabiting, migrated);
michael@0 168 return migrated;
michael@0 169 }
michael@0 170 case Married: {
michael@0 171 // In the Married state, we cannot only change the key pair: the stored
michael@0 172 // certificate signs the public key of the now obsolete key pair. We
michael@0 173 // regress to the Cohabiting state; the next time we sync, we should
michael@0 174 // advance back to Married.
michael@0 175 final Married married = (Married) state;
michael@0 176 final BrowserIDKeyPair keyPair = generateKeyPair();
michael@0 177 final State migrated = new Cohabiting(married.email, married.uid, married.sessionToken, married.kA, married.kB, keyPair);
michael@0 178 logMigration(married, migrated);
michael@0 179 return migrated;
michael@0 180 }
michael@0 181 default:
michael@0 182 // Otherwise, V1 and V2 states are identical.
michael@0 183 return state;
michael@0 184 }
michael@0 185 }
michael@0 186 }

Mercurial Repository: The Tor Browser

Europalab SCM Repository Server

mercurial