From ce6739a9fd4b9b48020dc41d24d9f37b35cb3048 Mon Sep 17 00:00:00 2001 From: akwizgran Date: Tue, 30 May 2023 22:00:24 +0100 Subject: [PATCH 1/2] Use US locale for lowercasing onion hostname. --- .../bramble/crypto/CryptoComponentImpl.java | 3 +- .../bramble/crypto/OnionEncodingTest.java | 30 +++++++++++++++++++ 2 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 bramble-core/src/test/java/org/briarproject/bramble/crypto/OnionEncodingTest.java diff --git a/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java b/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java index 1bb7fe9f8..5dd24a5f7 100644 --- a/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java +++ b/bramble-core/src/main/java/org/briarproject/bramble/crypto/CryptoComponentImpl.java @@ -34,6 +34,7 @@ import java.security.NoSuchAlgorithmException; import java.security.Provider; import java.security.SecureRandom; import java.security.Security; +import java.util.Locale; import java.util.logging.Logger; import javax.annotation.Nullable; @@ -500,7 +501,7 @@ class CryptoComponentImpl implements CryptoComponent { arraycopy(publicKey, 0, address, 0, publicKey.length); arraycopy(checksum, 0, address, publicKey.length, ONION_CHECKSUM_BYTES); address[address.length - 1] = ONION_HS_PROTOCOL_VERSION; - return Base32.encode(address).toLowerCase(); + return Base32.encode(address).toLowerCase(Locale.US); } } diff --git a/bramble-core/src/test/java/org/briarproject/bramble/crypto/OnionEncodingTest.java b/bramble-core/src/test/java/org/briarproject/bramble/crypto/OnionEncodingTest.java new file mode 100644 index 000000000..2574b7f53 --- /dev/null +++ b/bramble-core/src/test/java/org/briarproject/bramble/crypto/OnionEncodingTest.java @@ -0,0 +1,30 @@ +package org.briarproject.bramble.crypto; + +import org.briarproject.bramble.api.crypto.CryptoComponent; +import org.briarproject.bramble.test.BrambleTestCase; +import org.briarproject.bramble.test.TestSecureRandomProvider; +import org.junit.Test; + +import java.security.SecureRandom; +import java.util.regex.Pattern; + +import static org.junit.Assert.assertTrue; + +public class OnionEncodingTest extends BrambleTestCase { + + private static final Pattern ONION_V3 = Pattern.compile("[a-z2-7]{56}"); + + private final CryptoComponent crypto = + new CryptoComponentImpl(new TestSecureRandomProvider(), null); + private final SecureRandom secureRandom = new SecureRandom(); + + @Test + public void testHostnameIsValid() { + byte[] publicKey = new byte[32]; + for (int i = 0; i < 100; i++) { + secureRandom.nextBytes(publicKey); + String onion = crypto.encodeOnion(publicKey); + assertTrue(onion, ONION_V3.matcher(onion).matches()); + } + } +} From 9291613175ab435c7a1011c2c766638be9590a66 Mon Sep 17 00:00:00 2001 From: akwizgran Date: Tue, 30 May 2023 22:06:18 +0100 Subject: [PATCH 2/2] Fix some other uses of toLowerCase() without a locale. --- .../main/java/org/briarproject/bramble/util/PrivacyUtils.java | 3 ++- .../bramble/contact/PendingContactFactoryImplTest.java | 3 ++- .../test/java/org/briarproject/briar/test/BriarTestUtils.java | 4 +++- .../java/org/briarproject/bramble/identity/OutputAuthor.kt | 3 ++- .../org/briarproject/briar/headless/blogs/OutputBlogPost.kt | 3 ++- 5 files changed, 11 insertions(+), 5 deletions(-) diff --git a/bramble-api/src/main/java/org/briarproject/bramble/util/PrivacyUtils.java b/bramble-api/src/main/java/org/briarproject/bramble/util/PrivacyUtils.java index c39fc5e86..25d23c2ae 100644 --- a/bramble-api/src/main/java/org/briarproject/bramble/util/PrivacyUtils.java +++ b/bramble-api/src/main/java/org/briarproject/bramble/util/PrivacyUtils.java @@ -6,6 +6,7 @@ import java.net.Inet4Address; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.SocketAddress; +import java.util.Locale; import javax.annotation.Nullable; @@ -51,7 +52,7 @@ public class PrivacyUtils { } private static String scrubIpv6Address(byte[] ipv6) { - String hex = toHexString(ipv6).toLowerCase(); + String hex = toHexString(ipv6).toLowerCase(Locale.US); return hex.substring(0, 2) + "[scrubbed]" + hex.substring(30); } diff --git a/bramble-core/src/test/java/org/briarproject/bramble/contact/PendingContactFactoryImplTest.java b/bramble-core/src/test/java/org/briarproject/bramble/contact/PendingContactFactoryImplTest.java index 879bd5db1..4f4747300 100644 --- a/bramble-core/src/test/java/org/briarproject/bramble/contact/PendingContactFactoryImplTest.java +++ b/bramble-core/src/test/java/org/briarproject/bramble/contact/PendingContactFactoryImplTest.java @@ -13,6 +13,7 @@ import org.jmock.Expectations; import org.junit.Test; import java.security.GeneralSecurityException; +import java.util.Locale; import static java.lang.System.arraycopy; import static org.briarproject.bramble.api.contact.HandshakeLinkConstants.BASE32_LINK_BYTES; @@ -174,7 +175,7 @@ public class PendingContactFactoryImplTest extends BrambleMockTestCase { rawLink[0] = (byte) formatVersion; byte[] publicKeyBytes = publicKey.getEncoded(); arraycopy(publicKeyBytes, 0, rawLink, 1, publicKeyBytes.length); - String base32 = Base32.encode(rawLink).toLowerCase(); + String base32 = Base32.encode(rawLink).toLowerCase(Locale.US); assertEquals(BASE32_LINK_BYTES, base32.length()); return base32; } diff --git a/briar-core/src/test/java/org/briarproject/briar/test/BriarTestUtils.java b/briar-core/src/test/java/org/briarproject/briar/test/BriarTestUtils.java index 6d50b08ac..cd1b7c20c 100644 --- a/briar-core/src/test/java/org/briarproject/briar/test/BriarTestUtils.java +++ b/briar-core/src/test/java/org/briarproject/briar/test/BriarTestUtils.java @@ -11,6 +11,8 @@ import org.briarproject.bramble.util.Base32; import org.briarproject.briar.api.client.MessageTracker; import org.briarproject.briar.api.client.MessageTracker.GroupCount; +import java.util.Locale; + import static java.lang.System.arraycopy; import static org.briarproject.bramble.api.contact.HandshakeLinkConstants.FORMAT_VERSION; import static org.briarproject.bramble.api.contact.HandshakeLinkConstants.RAW_LINK_BYTES; @@ -52,7 +54,7 @@ public class BriarTestUtils { byte[] publicKey = keyPair.getPublic().getEncoded(); linkBytes[0] = FORMAT_VERSION; arraycopy(publicKey, 0, linkBytes, 1, RAW_LINK_BYTES - 1); - return ("briar://" + Base32.encode(linkBytes)).toLowerCase(); + return ("briar://" + Base32.encode(linkBytes)).toLowerCase(Locale.US); } } diff --git a/briar-headless/src/main/java/org/briarproject/bramble/identity/OutputAuthor.kt b/briar-headless/src/main/java/org/briarproject/bramble/identity/OutputAuthor.kt index baff61c9a..0d82b24a0 100644 --- a/briar-headless/src/main/java/org/briarproject/bramble/identity/OutputAuthor.kt +++ b/briar-headless/src/main/java/org/briarproject/bramble/identity/OutputAuthor.kt @@ -3,6 +3,7 @@ package org.briarproject.bramble.identity import org.briarproject.bramble.api.identity.Author import org.briarproject.briar.api.identity.AuthorInfo import org.briarproject.briar.headless.json.JsonDict +import java.util.Locale fun Author.output() = JsonDict( "formatVersion" to formatVersion, @@ -11,4 +12,4 @@ fun Author.output() = JsonDict( "publicKey" to publicKey.encoded ) -fun AuthorInfo.Status.output() = name.toLowerCase() +fun AuthorInfo.Status.output() = name.lowercase(Locale.US) diff --git a/briar-headless/src/main/java/org/briarproject/briar/headless/blogs/OutputBlogPost.kt b/briar-headless/src/main/java/org/briarproject/briar/headless/blogs/OutputBlogPost.kt index 9f6e22b0c..7283174eb 100644 --- a/briar-headless/src/main/java/org/briarproject/briar/headless/blogs/OutputBlogPost.kt +++ b/briar-headless/src/main/java/org/briarproject/briar/headless/blogs/OutputBlogPost.kt @@ -4,6 +4,7 @@ import org.briarproject.bramble.identity.output import org.briarproject.briar.api.blog.BlogPostHeader import org.briarproject.briar.api.blog.MessageType import org.briarproject.briar.headless.json.JsonDict +import java.util.Locale internal fun BlogPostHeader.output(text: String) = JsonDict( "text" to text, @@ -18,4 +19,4 @@ internal fun BlogPostHeader.output(text: String) = JsonDict( "timestampReceived" to timeReceived ) -internal fun MessageType.output() = name.toLowerCase() +internal fun MessageType.output() = name.lowercase(Locale.US)