mobile/android/services/src/main/java/org/mozilla/gecko/sync/CryptoRecord.java


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255

/* This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */

package org.mozilla.gecko.sync;

import java.io.IOException;
import java.io.UnsupportedEncodingException;

import org.json.simple.JSONObject;
import org.mozilla.apache.commons.codec.binary.Base64;
import org.mozilla.gecko.sync.crypto.CryptoException;
import org.mozilla.gecko.sync.crypto.CryptoInfo;
import org.mozilla.gecko.sync.crypto.KeyBundle;
import org.mozilla.gecko.sync.crypto.MissingCryptoInputException;
import org.mozilla.gecko.sync.crypto.NoKeyBundleException;
import org.mozilla.gecko.sync.repositories.domain.Record;
import org.mozilla.gecko.sync.repositories.domain.RecordParseException;

/**
 * A Sync crypto record has:
 *
 * <ul>
 * <li>a collection of fields which are not encrypted (id and collection);</il>
 * <li>a set of metadata fields (index, modified, ttl);</il>
 * <li>a payload, which is encrypted and decrypted on request.</il>
 * </ul>
 *
 * The payload flips between being a blob of JSON with hmac/IV/ciphertext
 * attributes and the cleartext itself.
 *
 * Until there's some benefit to the abstraction, we're simply going to call
 * this <code>CryptoRecord</code>.
 *
 * <code>CryptoRecord</code> uses <code>CryptoInfo</code> to do the actual
 * encryption and decryption.
 */
public class CryptoRecord extends Record {

  // JSON related constants.
  private static final String KEY_ID         = "id";
  private static final String KEY_COLLECTION = "collection";
  private static final String KEY_PAYLOAD    = "payload";
  private static final String KEY_MODIFIED   = "modified";
  private static final String KEY_SORTINDEX  = "sortindex";
  private static final String KEY_TTL        = "ttl";
  private static final String KEY_CIPHERTEXT = "ciphertext";
  private static final String KEY_HMAC       = "hmac";
  private static final String KEY_IV         = "IV";

  /**
   * Helper method for doing actual decryption.
   *
   * Input: JSONObject containing a valid payload (cipherText, IV, HMAC),
   * KeyBundle with keys for decryption. Output: byte[] clearText
   * @throws CryptoException
   * @throws UnsupportedEncodingException
   */
  private static byte[] decryptPayload(ExtendedJSONObject payload, KeyBundle keybundle) throws CryptoException, UnsupportedEncodingException {
    byte[] ciphertext = Base64.decodeBase64(((String) payload.get(KEY_CIPHERTEXT)).getBytes("UTF-8"));
    byte[] iv         = Base64.decodeBase64(((String) payload.get(KEY_IV)).getBytes("UTF-8"));
    byte[] hmac       = Utils.hex2Byte((String) payload.get(KEY_HMAC));

    return CryptoInfo.decrypt(ciphertext, iv, hmac, keybundle).getMessage();
  }

  // The encrypted JSON body object.
  // The decrypted JSON body object. Fields are copied from `body`.

  public ExtendedJSONObject payload;
  public KeyBundle   keyBundle;

  /**
   * Don't forget to set cleartext or body!
   */
  public CryptoRecord() {
    super(null, null, 0, false);
  }

  public CryptoRecord(ExtendedJSONObject payload) {
    super(null, null, 0, false);
    if (payload == null) {
      throw new IllegalArgumentException(
          "No payload provided to CryptoRecord constructor.");
    }
    this.payload = payload;
  }

  public CryptoRecord(String jsonString) throws IOException, NonObjectJSONException {

    this(new ExtendedJSONObject(jsonString));
  }

  /**
   * Create a new CryptoRecord with the same metadata as an existing record.
   *
   * @param source
   */
  public CryptoRecord(Record source) {
    super(source.guid, source.collection, source.lastModified, source.deleted);
    this.ttl = source.ttl;
  }

  @Override
  public Record copyWithIDs(String guid, long androidID) {
    CryptoRecord out = new CryptoRecord(this);
    out.guid         = guid;
    out.androidID    = androidID;
    out.sortIndex    = this.sortIndex;
    out.ttl          = this.ttl;
    out.payload      = (this.payload == null) ? null : new ExtendedJSONObject(this.payload.object);
    out.keyBundle    = this.keyBundle;    // TODO: copy me?
    return out;
  }

  /**
   * Take a whole record as JSON -- i.e., something like
   *
   *   {"payload": "{...}", "id":"foobarbaz"}
   *
   * and turn it into a CryptoRecord object.
   *
   * @param jsonRecord
   * @return
   *        A CryptoRecord that encapsulates the provided record.
   *
   * @throws NonObjectJSONException
   * @throws IOException
   */
  public static CryptoRecord fromJSONRecord(String jsonRecord)
      throws NonObjectJSONException, IOException, RecordParseException {
    byte[] bytes = jsonRecord.getBytes("UTF-8");
    ExtendedJSONObject object = ExtendedJSONObject.parseUTF8AsJSONObject(bytes);

    return CryptoRecord.fromJSONRecord(object);
  }

  // TODO: defensive programming.
  public static CryptoRecord fromJSONRecord(ExtendedJSONObject jsonRecord)
      throws IOException, NonObjectJSONException, RecordParseException {
    String id                  = (String) jsonRecord.get(KEY_ID);
    String collection          = (String) jsonRecord.get(KEY_COLLECTION);
    String jsonEncodedPayload  = (String) jsonRecord.get(KEY_PAYLOAD);

    ExtendedJSONObject payload = new ExtendedJSONObject(jsonEncodedPayload);

    CryptoRecord record = new CryptoRecord(payload);
    record.guid         = id;
    record.collection   = collection;
    if (jsonRecord.containsKey(KEY_MODIFIED)) {
      Long timestamp = jsonRecord.getTimestamp(KEY_MODIFIED);
      if (timestamp == null) {
        throw new RecordParseException("timestamp could not be parsed");
      }
      record.lastModified = timestamp;
    }
    if (jsonRecord.containsKey(KEY_SORTINDEX)) {
      // getLong tries to cast to Long, and might return null. We catch all
      // exceptions, just to be safe.
      try {
        record.sortIndex = jsonRecord.getLong(KEY_SORTINDEX);
      } catch (Exception e) {
        throw new RecordParseException("timestamp could not be parsed");
      }
    }
    if (jsonRecord.containsKey(KEY_TTL)) {
      // TTLs are never returned by the sync server, so should never be true if
      // the record was fetched.
      try {
        record.ttl = jsonRecord.getLong(KEY_TTL);
      } catch (Exception e) {
        throw new RecordParseException("TTL could not be parsed");
      }
    }
    // TODO: deleted?
    return record;
  }

  public void setKeyBundle(KeyBundle bundle) {
    this.keyBundle = bundle;
  }

  public CryptoRecord decrypt() throws CryptoException, IOException, NonObjectJSONException {
    if (keyBundle == null) {
      throw new NoKeyBundleException();
    }

    // Check that payload contains all pieces for crypto.
    if (!payload.containsKey(KEY_CIPHERTEXT) ||
        !payload.containsKey(KEY_IV) ||
        !payload.containsKey(KEY_HMAC)) {
      throw new MissingCryptoInputException();
    }

    // There's no difference between handling the crypto/keys object and
    // anything else; we just get this.keyBundle from a different source.
    byte[] cleartext = decryptPayload(payload, keyBundle);
    payload = ExtendedJSONObject.parseUTF8AsJSONObject(cleartext);
    return this;
  }

  public CryptoRecord encrypt() throws CryptoException, UnsupportedEncodingException {
    if (this.keyBundle == null) {
      throw new NoKeyBundleException();
    }
    String cleartext = payload.toJSONString();
    byte[] cleartextBytes = cleartext.getBytes("UTF-8");
    CryptoInfo info = CryptoInfo.encrypt(cleartextBytes, keyBundle);
    String message = new String(Base64.encodeBase64(info.getMessage()));
    String iv      = new String(Base64.encodeBase64(info.getIV()));
    String hmac    = Utils.byte2Hex(info.getHMAC());
    ExtendedJSONObject ciphertext = new ExtendedJSONObject();
    ciphertext.put(KEY_CIPHERTEXT, message);
    ciphertext.put(KEY_HMAC, hmac);
    ciphertext.put(KEY_IV, iv);
    this.payload = ciphertext;
    return this;
  }

  @Override
  public void initFromEnvelope(CryptoRecord payload) {
    throw new IllegalStateException("Can't do this with a CryptoRecord.");
  }

  @Override
  public CryptoRecord getEnvelope() {
    throw new IllegalStateException("Can't do this with a CryptoRecord.");
  }

  @Override
  protected void populatePayload(ExtendedJSONObject payload) {
    throw new IllegalStateException("Can't do this with a CryptoRecord.");
  }

  @Override
  protected void initFromPayload(ExtendedJSONObject payload) {
    throw new IllegalStateException("Can't do this with a CryptoRecord.");
  }

  // TODO: this only works with encrypted object, and has other limitations.
  public JSONObject toJSONObject() {
    ExtendedJSONObject o = new ExtendedJSONObject();
    o.put(KEY_PAYLOAD, payload.toJSONString());
    o.put(KEY_ID,      this.guid);
    if (this.ttl > 0) {
      o.put(KEY_TTL, this.ttl);
    }
    return o.object;
  }

  @Override
  public String toJSONString() {
    return toJSONObject().toJSONString();
  }
}