XEP-0373, XEP-0374: OpenPGP for XMPP: Instant Messaging

Fixes SMACK-826

smack-integration-test/build.gradle

@@ -12,6 +12,7 @@ dependencies {
 	compile project(':smack-extensions')
 	compile project(':smack-experimental')
 	compile project(':smack-omemo')
+	compile project(':smack-openpgp')
 	compile project(':smack-debug')
 	compile project(path: ":smack-omemo", configuration: "testRuntime")
 	compile 'org.reflections:reflections:0.9.9-RC1'

smack-integration-test/src/main/java/org/jivesoftware/smackx/ox/AbstractOpenPgpIntegrationTest.java

@@ -0,0 +1,70 @@
+/**
+ *
+ * Copyright 2018 Paul Schaub.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jivesoftware.smackx.ox;
+
+import org.jivesoftware.smack.SmackException;
+import org.jivesoftware.smack.XMPPConnection;
+import org.jivesoftware.smack.XMPPException;
+import org.jivesoftware.smackx.ox.util.OpenPgpPubSubUtil;
+import org.jivesoftware.smackx.pep.PEPManager;
+
+import org.igniterealtime.smack.inttest.AbstractSmackIntegrationTest;
+import org.igniterealtime.smack.inttest.SmackIntegrationTestEnvironment;
+import org.igniterealtime.smack.inttest.TestNotPossibleException;
+import org.jxmpp.jid.BareJid;
+
+public abstract class AbstractOpenPgpIntegrationTest extends AbstractSmackIntegrationTest {
+
+    protected final XMPPConnection aliceConnection;
+    protected final XMPPConnection bobConnection;
+    protected final XMPPConnection chloeConnection;
+
+    protected final BareJid alice;
+    protected final BareJid bob;
+    protected final BareJid chloe;
+
+    protected AbstractOpenPgpIntegrationTest(SmackIntegrationTestEnvironment environment)
+            throws XMPPException.XMPPErrorException, TestNotPossibleException, SmackException.NotConnectedException,
+            InterruptedException, SmackException.NoResponseException {
+        super(environment);
+
+        throwIfPubSubNotSupported(conOne);
+        throwIfPubSubNotSupported(conTwo);
+        throwIfPubSubNotSupported(conThree);
+
+        this.aliceConnection = conOne;
+        this.bobConnection = conTwo;
+        this.chloeConnection = conThree;
+
+        this.alice = aliceConnection.getUser().asBareJid();
+        this.bob = bobConnection.getUser().asBareJid();
+        this.chloe = chloeConnection.getUser().asBareJid();
+
+        OpenPgpPubSubUtil.deletePubkeysListNode(aliceConnection);
+        OpenPgpPubSubUtil.deletePubkeysListNode(bobConnection);
+        OpenPgpPubSubUtil.deletePubkeysListNode(chloeConnection);
+    }
+
+    private static void throwIfPubSubNotSupported(XMPPConnection connection)
+            throws XMPPException.XMPPErrorException, SmackException.NotConnectedException, InterruptedException,
+            SmackException.NoResponseException, TestNotPossibleException {
+        if (!PEPManager.getInstanceFor(connection).isSupported()) {
+            throw new TestNotPossibleException("Server " + connection.getXMPPServiceDomain().toString() +
+                    " does not support PEP.");
+        }
+    }
+}

smack-integration-test/src/main/java/org/jivesoftware/smackx/ox/OXSecretKeyBackupIntegrationTest.java

@@ -0,0 +1,196 @@
+/**
+ *
+ * Copyright 2018 Paul Schaub.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jivesoftware.smackx.ox;
+
+import static junit.framework.TestCase.assertEquals;
+import static junit.framework.TestCase.assertNotNull;
+import static junit.framework.TestCase.assertNull;
+import static junit.framework.TestCase.assertTrue;
+
+import java.io.File;
+import java.io.IOException;
+import java.security.InvalidAlgorithmParameterException;
+import java.security.NoSuchAlgorithmException;
+import java.security.NoSuchProviderException;
+import java.util.Arrays;
+import java.util.Set;
+import java.util.logging.Level;
+
+import org.jivesoftware.smack.SmackException;
+import org.jivesoftware.smack.XMPPException;
+import org.jivesoftware.smack.util.FileUtils;
+import org.jivesoftware.smack.util.StringUtils;
+import org.jivesoftware.smackx.ox.callback.backup.AskForBackupCodeCallback;
+import org.jivesoftware.smackx.ox.callback.backup.DisplayBackupCodeCallback;
+import org.jivesoftware.smackx.ox.callback.backup.SecretKeyBackupSelectionCallback;
+import org.jivesoftware.smackx.ox.crypto.PainlessOpenPgpProvider;
+import org.jivesoftware.smackx.ox.exception.InvalidBackupCodeException;
+import org.jivesoftware.smackx.ox.exception.MissingOpenPgpKeyException;
+import org.jivesoftware.smackx.ox.exception.MissingUserIdOnKeyException;
+import org.jivesoftware.smackx.ox.exception.NoBackupFoundException;
+import org.jivesoftware.smackx.ox.store.definition.OpenPgpStore;
+import org.jivesoftware.smackx.ox.store.filebased.FileBasedOpenPgpStore;
+import org.jivesoftware.smackx.ox.util.OpenPgpPubSubUtil;
+import org.jivesoftware.smackx.pubsub.PubSubException;
+
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPPublicKeyRing;
+import org.bouncycastle.openpgp.PGPSecretKeyRing;
+import org.igniterealtime.smack.inttest.SmackIntegrationTest;
+import org.igniterealtime.smack.inttest.SmackIntegrationTestEnvironment;
+import org.igniterealtime.smack.inttest.TestNotPossibleException;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.Before;
+import org.junit.BeforeClass;
+import org.pgpainless.key.OpenPgpV4Fingerprint;
+import org.pgpainless.key.protection.UnprotectedKeysProtector;
+
+public class OXSecretKeyBackupIntegrationTest extends AbstractOpenPgpIntegrationTest {
+
+    private static final String sessionId = StringUtils.randomString(10);
+    private static final File beforePath = FileUtils.getTempDir("ox_backup_" + sessionId);
+    private static final File afterPath = FileUtils.getTempDir("ox_restore_" + sessionId);
+
+    private String backupCode = null;
+
+    private OpenPgpManager openPgpManager;
+
+    /**
+     * This integration test tests the basic secret key backup and restore functionality as described
+     * in XEP-0373 §5.
+     *
+     * In order to simulate two different devices, we are using two {@link FileBasedOpenPgpStore} implementations
+     * which point to different directories.
+     *
+     * First, Alice generates a fresh OpenPGP key pair.
+     *
+     * She then creates a backup of the key in her private PEP node.
+     *
+     * Now the {@link OpenPgpStore} implementation is replaced by another instance to simulate a different device.
+     *
+     * Then the secret key backup is restored from PubSub and the imported secret key is compared to the one in
+     * the original store.
+     *
+     * Afterwards the private PEP node is deleted from PubSub and the storage directories are emptied.
+     *
+     * @see <a href="https://xmpp.org/extensions/xep-0373.html#synchro-pep">
+     *     XEP-0373 §5: Synchronizing the Secret Key with a Private PEP Node</a>
+     * @param environment
+     * @throws XMPPException.XMPPErrorException
+     * @throws TestNotPossibleException
+     * @throws SmackException.NotConnectedException
+     * @throws InterruptedException
+     * @throws SmackException.NoResponseException
+     */
+    public OXSecretKeyBackupIntegrationTest(SmackIntegrationTestEnvironment environment)
+            throws XMPPException.XMPPErrorException, TestNotPossibleException, SmackException.NotConnectedException,
+            InterruptedException, SmackException.NoResponseException {
+        super(environment);
+        if (!OpenPgpManager.serverSupportsSecretKeyBackups(aliceConnection)) {
+            throw new TestNotPossibleException("Server does not support the 'whitelist' PubSub access model.");
+        }
+    }
+
+    @AfterClass
+    @BeforeClass
+    public static void cleanStore() {
+        LOGGER.log(Level.INFO, "Delete store directories...");
+        FileUtils.deleteDirectory(afterPath);
+        FileUtils.deleteDirectory(beforePath);
+    }
+
+    @After
+    @Before
+    public void cleanUp()
+            throws XMPPException.XMPPErrorException, SmackException.NotConnectedException, InterruptedException,
+            SmackException.NoResponseException {
+        OpenPgpPubSubUtil.deleteSecretKeyNode(aliceConnection);
+
+        if (openPgpManager != null) {
+            openPgpManager.stopMetadataListener();
+        }
+    }
+
+    @SmackIntegrationTest
+    public void test() throws InvalidAlgorithmParameterException, NoSuchAlgorithmException,
+            NoSuchProviderException, IOException, InterruptedException, PubSubException.NotALeafNodeException,
+            SmackException.NoResponseException, SmackException.NotConnectedException, XMPPException.XMPPErrorException,
+            SmackException.NotLoggedInException, SmackException.FeatureNotSupportedException,
+            MissingUserIdOnKeyException, NoBackupFoundException, InvalidBackupCodeException, PGPException,
+            MissingOpenPgpKeyException {
+
+        OpenPgpStore beforeStore = new FileBasedOpenPgpStore(beforePath);
+        beforeStore.setKeyRingProtector(new UnprotectedKeysProtector());
+        PainlessOpenPgpProvider beforeProvider = new PainlessOpenPgpProvider(aliceConnection, beforeStore);
+        openPgpManager = OpenPgpManager.getInstanceFor(aliceConnection);
+        openPgpManager.setOpenPgpProvider(beforeProvider);
+
+        OpenPgpSelf self = openPgpManager.getOpenPgpSelf();
+
+        assertNull(self.getSigningKeyFingerprint());
+
+        OpenPgpV4Fingerprint keyFingerprint = openPgpManager.generateAndImportKeyPair(alice);
+        assertEquals(keyFingerprint, self.getSigningKeyFingerprint());
+
+        assertTrue(self.getSecretKeys().contains(keyFingerprint.getKeyId()));
+
+        PGPSecretKeyRing beforeSec = beforeStore.getSecretKeyRing(alice, keyFingerprint);
+        assertNotNull(beforeSec);
+
+        PGPPublicKeyRing beforePub = beforeStore.getPublicKeyRing(alice, keyFingerprint);
+        assertNotNull(beforePub);
+
+        openPgpManager.backupSecretKeyToServer(new DisplayBackupCodeCallback() {
+            @Override
+            public void displayBackupCode(String backupCode) {
+                OXSecretKeyBackupIntegrationTest.this.backupCode = backupCode;
+            }
+        }, new SecretKeyBackupSelectionCallback() {
+            @Override
+            public Set<OpenPgpV4Fingerprint> selectKeysToBackup(Set<OpenPgpV4Fingerprint> availableSecretKeys) {
+                return availableSecretKeys;
+            }
+        });
+
+        FileBasedOpenPgpStore afterStore = new FileBasedOpenPgpStore(afterPath);
+        afterStore.setKeyRingProtector(new UnprotectedKeysProtector());
+        PainlessOpenPgpProvider afterProvider = new PainlessOpenPgpProvider(aliceConnection, afterStore);
+        openPgpManager.setOpenPgpProvider(afterProvider);
+
+        OpenPgpV4Fingerprint fingerprint = openPgpManager.restoreSecretKeyServerBackup(new AskForBackupCodeCallback() {
+            @Override
+            public String askForBackupCode() {
+                return backupCode;
+            }
+        });
+
+        assertEquals(keyFingerprint, fingerprint);
+
+        assertTrue(self.getSecretKeys().contains(keyFingerprint.getKeyId()));
+
+        assertEquals(keyFingerprint, self.getSigningKeyFingerprint());
+
+        PGPSecretKeyRing afterSec = afterStore.getSecretKeyRing(alice, keyFingerprint);
+        assertNotNull(afterSec);
+        assertTrue(Arrays.equals(beforeSec.getEncoded(), afterSec.getEncoded()));
+
+        PGPPublicKeyRing afterPub = afterStore.getPublicKeyRing(alice, keyFingerprint);
+        assertNotNull(afterPub);
+        assertTrue(Arrays.equals(beforePub.getEncoded(), afterPub.getEncoded()));
+    }
+}

smack-integration-test/src/main/java/org/jivesoftware/smackx/ox/package-info.java

@@ -0,0 +1,23 @@
+/**
+ *
+ * Copyright 2018 Paul Schaub
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Integration Tests for Smacks support for XEP-0373: OpenPGP for XMPP.
+ *
+ * @see <a href="https://xmpp.org/extensions/xep-0373.html">
+ *     XEP-0373: OpenPGP for XMPP</a>
+ */
+package org.jivesoftware.smackx.ox;

smack-integration-test/src/main/java/org/jivesoftware/smackx/ox_im/OXInstantMessagingIntegrationTest.java

@@ -0,0 +1,188 @@
+/**
+ *
+ * Copyright 2018 Paul Schaub.
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.jivesoftware.smackx.ox_im;
+
+import static junit.framework.TestCase.assertFalse;
+import static junit.framework.TestCase.assertTrue;
+
+import java.io.File;
+import java.util.logging.Level;
+
+import org.jivesoftware.smack.SmackException;
+import org.jivesoftware.smack.XMPPException;
+import org.jivesoftware.smack.packet.Message;
+import org.jivesoftware.smack.util.FileUtils;
+import org.jivesoftware.smack.util.StringUtils;
+import org.jivesoftware.smackx.ox.AbstractOpenPgpIntegrationTest;
+import org.jivesoftware.smackx.ox.OpenPgpContact;
+import org.jivesoftware.smackx.ox.OpenPgpManager;
+import org.jivesoftware.smackx.ox.crypto.PainlessOpenPgpProvider;
+import org.jivesoftware.smackx.ox.element.SigncryptElement;
+import org.jivesoftware.smackx.ox.store.filebased.FileBasedOpenPgpStore;
+import org.jivesoftware.smackx.ox.util.OpenPgpPubSubUtil;
+
+import org.igniterealtime.smack.inttest.SmackIntegrationTest;
+import org.igniterealtime.smack.inttest.SmackIntegrationTestEnvironment;
+import org.igniterealtime.smack.inttest.TestNotPossibleException;
+import org.igniterealtime.smack.inttest.util.SimpleResultSyncPoint;
+import org.junit.After;
+import org.junit.AfterClass;
+import org.junit.BeforeClass;
+import org.pgpainless.decryption_verification.OpenPgpMetadata;
+import org.pgpainless.key.OpenPgpV4Fingerprint;
+import org.pgpainless.key.protection.UnprotectedKeysProtector;
+
+public class OXInstantMessagingIntegrationTest extends AbstractOpenPgpIntegrationTest {
+
+    private static final String sessionId = StringUtils.randomString(10);
+    private static final File aliceStorePath = FileUtils.getTempDir("basic_ox_messaging_test_alice_" + sessionId);
+    private static final File bobStorePath = FileUtils.getTempDir("basic_ox_messaging_test_bob_" + sessionId);
+
+    private OpenPgpV4Fingerprint aliceFingerprint = null;
+    private OpenPgpV4Fingerprint bobFingerprint = null;
+
+    private OpenPgpManager aliceOpenPgp;
+    private OpenPgpManager bobOpenPgp;
+
+    /**
+     * This integration test tests basic OX message exchange.
+     * In this scenario, Alice and Bob are strangers, as they do not have subscribed to one another.
+     *
+     * Alice (conOne) creates keys and publishes them to the server.
+     * Bob (conTwo) creates keys and publishes them to the server.
+     *
+     * Alice then manually fetches Bobs metadata node and all announced keys.
+     *
+     * Alice trusts Bobs keys and vice versa (even though Bob does not have copies of Alice' keys yet).
+     *
+     * She proceeds to create an OX encrypted message, which is encrypted to Bob and herself and signed by her.
+     *
+     * She sends the message.
+     *
+     * Bob receives the message, which - due to missing keys - triggers him to update Alice' keys.
+     *
+     * After the update Bob proceeds to decrypt and verify the message.
+     *
+     * After the test, the keys are deleted from local storage and from PubSub.
+     *
+     * @param environment test environment
+     *
+     * @throws XMPPException.XMPPErrorException
+     * @throws InterruptedException
+     * @throws SmackException.NotConnectedException
+     * @throws TestNotPossibleException if the test is not possible due to lacking server support for PEP.
+     * @throws SmackException.NoResponseException
+     */
+    public OXInstantMessagingIntegrationTest(SmackIntegrationTestEnvironment environment)
+            throws XMPPException.XMPPErrorException, InterruptedException, SmackException.NotConnectedException,
+            TestNotPossibleException, SmackException.NoResponseException {
+        super(environment);
+    }
+
+    @BeforeClass
+    @AfterClass
+    public static void deleteStore() {
+        LOGGER.log(Level.INFO, "Deleting storage directories...");
+        FileUtils.deleteDirectory(aliceStorePath);
+        FileUtils.deleteDirectory(bobStorePath);
+    }
+
+    @SmackIntegrationTest
+    public void basicInstantMessagingTest()
+            throws Exception {
+
+        LOGGER.log(Level.INFO, aliceStorePath.getAbsolutePath() + " " + bobStorePath.getAbsolutePath());
+
+        final SimpleResultSyncPoint bobReceivedMessage = new SimpleResultSyncPoint();
+        final String body = "Writing integration tests is an annoying task, but it has to be done, so lets do it!!!";
+
+        FileBasedOpenPgpStore aliceStore = new FileBasedOpenPgpStore(aliceStorePath);
+        aliceStore.setKeyRingProtector(new UnprotectedKeysProtector());
+        FileBasedOpenPgpStore bobStore = new FileBasedOpenPgpStore(bobStorePath);
+        bobStore.setKeyRingProtector(new UnprotectedKeysProtector());
+
+        PainlessOpenPgpProvider aliceProvider = new PainlessOpenPgpProvider(aliceConnection, aliceStore);
+        PainlessOpenPgpProvider bobProvider = new PainlessOpenPgpProvider(bobConnection, bobStore);
+
+        aliceOpenPgp = OpenPgpManager.getInstanceFor(aliceConnection);
+        bobOpenPgp = OpenPgpManager.getInstanceFor(bobConnection);
+
+        OXInstantMessagingManager aliceInstantMessaging = OXInstantMessagingManager.getInstanceFor(aliceConnection);
+        OXInstantMessagingManager bobInstantMessaging = OXInstantMessagingManager.getInstanceFor(bobConnection);
+
+        bobInstantMessaging.addOxMessageListener(new OxMessageListener() {
+            @Override
+            public void newIncomingOxMessage(OpenPgpContact contact, Message originalMessage, SigncryptElement decryptedPayload, OpenPgpMetadata metadata) {
+                if (((Message.Body) decryptedPayload.getExtension(Message.Body.NAMESPACE)).getMessage().equals(body)) {
+                    bobReceivedMessage.signal();
+                } else {
+                    bobReceivedMessage.signalFailure();
+                }
+            }
+        });
+
+        aliceOpenPgp.setOpenPgpProvider(aliceProvider);
+        bobOpenPgp.setOpenPgpProvider(bobProvider);
+
+        aliceFingerprint = aliceOpenPgp.generateAndImportKeyPair(alice);
+        bobFingerprint = bobOpenPgp.generateAndImportKeyPair(bob);
+
+        aliceOpenPgp.announceSupportAndPublish();
+        bobOpenPgp.announceSupportAndPublish();
+
+        OpenPgpContact bobForAlice = aliceOpenPgp.getOpenPgpContact(bob.asEntityBareJidIfPossible());
+        OpenPgpContact aliceForBob = bobOpenPgp.getOpenPgpContact(alice.asEntityBareJidIfPossible());
+
+        bobForAlice.updateKeys(aliceConnection);
+
+        assertFalse(bobForAlice.isTrusted(bobFingerprint));
+        assertFalse(aliceForBob.isTrusted(aliceFingerprint));
+
+        bobForAlice.trust(bobFingerprint);
+        aliceForBob.trust(aliceFingerprint);
+
+        assertTrue(bobForAlice.isTrusted(bobFingerprint));
+        assertTrue(aliceForBob.isTrusted(aliceFingerprint));
+
+        aliceInstantMessaging.sendOxMessage(bobForAlice, body);
+
+        bobReceivedMessage.waitForResult(timeout);
+    }
+
+    @After
+    public void deleteKeyMetadata()
+            throws XMPPException.XMPPErrorException, SmackException.NotConnectedException, InterruptedException,
+            SmackException.NoResponseException {
+        OpenPgpPubSubUtil.deletePubkeysListNode(aliceConnection);
+        OpenPgpPubSubUtil.deletePubkeysListNode(bobConnection);
+
+        if (aliceFingerprint != null) {
+            OpenPgpPubSubUtil.deletePublicKeyNode(aliceConnection, aliceFingerprint);
+        }
+        if (bobFingerprint != null) {
+            OpenPgpPubSubUtil.deletePublicKeyNode(bobConnection, bobFingerprint);
+        }
+
+        if (aliceOpenPgp != null) {
+            aliceOpenPgp.stopMetadataListener();
+        }
+
+        if (bobOpenPgp != null) {
+            bobOpenPgp.stopMetadataListener();
+        }
+    }
+}

smack-integration-test/src/main/java/org/jivesoftware/smackx/ox_im/package-info.java

@@ -0,0 +1,23 @@
+/**
+ *
+ * Copyright 2018 Paul Schaub
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+/**
+ * Integration Tests for Smacks support for XEP-0374: OpenPGP for XMPP: Instant Messaging.
+ *
+ * @see <a href="https://xmpp.org/extensions/xep-0374.html">
+ *     XEP-0374: OpenPGP for XMPP: Instant Messaging</a>
+ */
+package org.jivesoftware.smackx.ox_im;