TrueCloudLab/frostfs-sdk-java
19
1
Fork 3
Code Issues 8 Pull requests Releases Packages 6 Activity Actions

[#1] Add additional security
All checks were successful
DCO / DCO (pull_request) Successful in 28s
Details

Browse source 
Signed-off-by: Ori Bruk <o.bruk@yadro.com>
This commit is contained in:
Ori Bruk 2024-07-24 14:41:42 +03:00
parent bf2f19f08d
commit 1be65c63ae
62 changed files with 670 additions and 281 deletions
Download patch file Download diff file Expand all files Collapse all files

5
cryptography/pom.xml
View file

@ -29,6 +29,11 @@
<artifactId>bcprov-jdk18on</artifactId>
<version>1.78.1</version>
</dependency>
<dependency>
<groupId>org.apache.commons</groupId>
<artifactId>commons-lang3</artifactId>
<version>3.14.0</version>
</dependency>
</dependencies>
</project>

2
cryptography/src/main/java/info/frostfs/sdk/ArrayHelper.java
View file

@ -1,6 +1,8 @@
package info.frostfs.sdk;
public class ArrayHelper {
private ArrayHelper() {
}
public static byte[] concat(byte[] startArray, byte[] endArray) {
byte[] result = new byte[startArray.length + endArray.length];

18
cryptography/src/main/java/info/frostfs/sdk/Base58.java
View file

@ -1,5 +1,7 @@
package info.frostfs.sdk;
import org.apache.commons.lang3.StringUtils;
import java.util.Arrays;
import static info.frostfs.sdk.ArrayHelper.concat;
@ -18,8 +20,11 @@ public class Base58 {
}
}
private Base58() {
}
public static byte[] base58CheckDecode(String input) {
if (isNull(input) || input.isEmpty()) {
if (StringUtils.isEmpty(input)) {
throw new IllegalArgumentException("Input value is missing");
}
@ -30,10 +35,9 @@ public class Base58 {
byte[] decode = Arrays.copyOfRange(buffer, 0, buffer.length - 4);
byte[] checksum = getSha256(getSha256(decode));
if (!Arrays.equals(
Arrays.copyOfRange(buffer, buffer.length - 4, buffer.length),
Arrays.copyOfRange(checksum, 0, 4)
)) {
var bufferEnd = Arrays.copyOfRange(buffer, buffer.length - 4, buffer.length);
var checksumStart = Arrays.copyOfRange(checksum, 0, 4);
if (!Arrays.equals(bufferEnd, checksumStart)) {
throw new IllegalArgumentException();
}
@ -41,6 +45,10 @@ public class Base58 {
}
public static String base58CheckEncode(byte[] data) {
if (isNull(data)) {
throw new IllegalArgumentException("Input value is missing");
}
byte[] checksum = getSha256(getSha256(data));
var buffer = concat(data, Arrays.copyOfRange(checksum, 0, 4));
var ret = encode(buffer);

24
cryptography/src/main/java/info/frostfs/sdk/Helper.java
View file

@ -8,9 +8,17 @@ import java.math.BigInteger;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import static java.util.Objects.isNull;
public class Helper {
private Helper() {
}
public static byte[] getRIPEMD160(byte[] value) {
if (isNull(value)) {
throw new IllegalArgumentException("Input value is missing");
}
var hash = new byte[20];
var digest = new RIPEMD160Digest();
digest.update(value, 0, value.length);
@ -27,14 +35,26 @@ public class Helper {
}
public static byte[] getSha256(byte[] value) {
if (isNull(value)) {
throw new IllegalArgumentException("Input value is missing");
}
return getSha256Instance().digest(value);
}
public static ByteString getSha256(Message value) {
if (isNull(value)) {
throw new IllegalArgumentException("Input value is missing");
}
return ByteString.copyFrom(getSha256(value.toByteArray()));
}
public static String getHexString(byte[] array) {
return String.format("%0" + (array.length << 1) + "x", new BigInteger(1, array));
public static String getHexString(byte[] value) {
if (isNull(value)) {
throw new IllegalArgumentException("Input value is missing");
}
return String.format("%0" + (value.length << 1) + "x", new BigInteger(1, value));
}
}

31
cryptography/src/main/java/info/frostfs/sdk/KeyExtension.java
View file

@ -1,5 +1,6 @@
package info.frostfs.sdk;
import org.apache.commons.lang3.StringUtils;
import org.bouncycastle.asn1.sec.SECNamedCurves;
import org.bouncycastle.asn1.sec.SECObjectIdentifiers;
import org.bouncycastle.asn1.x9.X9ECParameters;
@ -25,19 +26,23 @@ import java.util.Arrays;
import static info.frostfs.sdk.Helper.getRIPEMD160;
import static info.frostfs.sdk.Helper.getSha256;
import static java.util.Objects.isNull;
import static org.bouncycastle.util.BigIntegers.fromUnsignedByteArray;
public class KeyExtension {
public static final byte NEO_ADDRESS_VERSION = 0x35;
private static final int DECODE_ADDRESS_LENGTH = 21;
private static final int COMPRESSED_PUBLIC_KEY_LENGTH = 33;
private static final int UNCOMPRESSED_PUBLIC_KEY_LENGTH = 65;
private static final int CHECK_SIG_DESCRIPTOR = ByteBuffer
.wrap(getSha256("System.Crypto.CheckSig".getBytes(StandardCharsets.US_ASCII)))
.order(ByteOrder.LITTLE_ENDIAN).getInt();
private KeyExtension() {
}
public static byte[] compress(byte[] publicKey) {
checkInputValue(publicKey);
if (publicKey.length != UNCOMPRESSED_PUBLIC_KEY_LENGTH) {
throw new IllegalArgumentException(
String.format("Compress argument isn't uncompressed public key. Expected length=%s, actual=%s",
@ -51,11 +56,17 @@ public class KeyExtension {
}
public static byte[] getPrivateKeyFromWIF(String wif) {
if (StringUtils.isEmpty(wif)) {
throw new IllegalArgumentException("Input value is missing");
}
var data = Base58.base58CheckDecode(wif);
return Arrays.copyOfRange(data, 1, data.length - 1);
}
public static byte[] loadPublicKey(byte[] privateKey) {
checkInputValue(privateKey);
X9ECParameters params = SECNamedCurves.getByOID(SECObjectIdentifiers.secp256r1);
ECDomainParameters domain = new ECDomainParameters(
params.getCurve(), params.getG(), params.getN(), params.getH()
@ -66,6 +77,8 @@ public class KeyExtension {
}
public static PrivateKey loadPrivateKey(byte[] privateKey) {
checkInputValue(privateKey);
X9ECParameters params = SECNamedCurves.getByOID(SECObjectIdentifiers.secp256r1);
ECDomainParameters domain = new ECDomainParameters(
params.getCurve(), params.getG(), params.getN(), params.getH()
@ -85,6 +98,8 @@ public class KeyExtension {
}
public static PublicKey getPublicKeyFromBytes(byte[] publicKey) {
checkInputValue(publicKey);
if (publicKey.length != COMPRESSED_PUBLIC_KEY_LENGTH) {
throw new IllegalArgumentException(
String.format("Decompress argument isn't compressed public key. Expected length=%s, actual=%s",
@ -116,12 +131,14 @@ public class KeyExtension {
}
public static byte[] getScriptHash(byte[] publicKey) {
var script = createSignatureRedeemScript(publicKey);
checkInputValue(publicKey);
var script = createSignatureRedeemScript(publicKey);
return getRIPEMD160(getSha256(script));
}
public static String publicKeyToAddress(byte[] publicKey) {
checkInputValue(publicKey);
if (publicKey.length != COMPRESSED_PUBLIC_KEY_LENGTH) {
throw new IllegalArgumentException(
String.format("PublicKey isn't encoded compressed public key. Expected length=%s, actual=%s",
@ -133,7 +150,8 @@ public class KeyExtension {
}
private static String toAddress(byte[] scriptHash, byte version) {
byte[] data = new byte[21];
checkInputValue(scriptHash);
byte[] data = new byte[DECODE_ADDRESS_LENGTH];
data[0] = version;
System.arraycopy(scriptHash, 0, data, 1, scriptHash.length);
return Base58.base58CheckEncode(data);
@ -150,6 +168,7 @@ public class KeyExtension {
}
private static byte[] createSignatureRedeemScript(byte[] publicKey) {
checkInputValue(publicKey);
if (publicKey.length != COMPRESSED_PUBLIC_KEY_LENGTH) {
throw new IllegalArgumentException(
String.format("PublicKey isn't encoded compressed public key. Expected length=%s, actual=%s",
@ -164,4 +183,10 @@ public class KeyExtension {
script = ArrayHelper.concat(script, getBytes(CHECK_SIG_DESCRIPTOR)); //Neo_Crypto_CheckSig
return script;
}
private static void checkInputValue(byte[] data) {
if (isNull(data)) {
throw new IllegalArgumentException("Input value is missing");
}
}
}