From 1008e9bc519684d6a21f9941cee15e979f0f0a6a Mon Sep 17 00:00:00 2001 From: Manfred Karrer Date: Wed, 17 Apr 2019 19:56:21 -0500 Subject: [PATCH] Add UTF8 for getBytes calls Fixes https://github.com/bisq-network/bisq/issues/2729 --- common/src/main/java/bisq/common/crypto/PGP.java | 4 +++- core/src/main/java/bisq/core/alert/AlertManager.java | 6 ++++-- .../java/bisq/core/alert/PrivateNotificationManager.java | 6 ++++-- .../bisq/core/notifications/MobileMessageEncryption.java | 8 +++++--- .../bisq/core/trade/protocol/ArbitratorSelectionRule.java | 4 +++- .../bisq/core/trade/protocol/MediatorSelectionRule.java | 4 +++- .../tasks/maker/MakerProcessPayDepositRequest.java | 4 +++- .../protocol/tasks/taker/TakerSendPayDepositRequest.java | 4 +++- .../java/bisq/core/trade/statistics/TradeStatistics2.java | 4 +++- .../main/java/bisq/desktop/components/PeerInfoIcon.java | 4 +++- .../main/overlays/editor/PeerInfoWithTagEditor.java | 5 ++++- .../main/java/bisq/monitor/reporter/GraphiteReporter.java | 8 ++++++-- p2p/src/main/java/bisq/network/DnsLookupTor.java | 4 +++- .../java/bisq/price/spot/providers/BitcoinAverage.java | 6 ++++-- 14 files changed, 51 insertions(+), 20 deletions(-) diff --git a/common/src/main/java/bisq/common/crypto/PGP.java b/common/src/main/java/bisq/common/crypto/PGP.java index 46b87b6f204..efccbc222bd 100644 --- a/common/src/main/java/bisq/common/crypto/PGP.java +++ b/common/src/main/java/bisq/common/crypto/PGP.java @@ -17,6 +17,8 @@ package bisq.common.crypto; +import com.google.common.base.Charsets; + import org.bouncycastle.bcpg.BCPGKey; import org.bouncycastle.bcpg.RSAPublicBCPGKey; import org.bouncycastle.openpgp.PGPException; @@ -54,7 +56,7 @@ public class PGP { @Nullable public static PGPPublicKey getPubKeyFromPem(@Nullable String pem) { if (pem != null) { - InputStream inputStream = new ByteArrayInputStream(pem.getBytes()); + InputStream inputStream = new ByteArrayInputStream(pem.getBytes(Charsets.UTF_8)); try { inputStream = PGPUtil.getDecoderStream(inputStream); try { diff --git a/core/src/main/java/bisq/core/alert/AlertManager.java b/core/src/main/java/bisq/core/alert/AlertManager.java index 3b8bbeb6847..05a3872a7ff 100644 --- a/core/src/main/java/bisq/core/alert/AlertManager.java +++ b/core/src/main/java/bisq/core/alert/AlertManager.java @@ -34,6 +34,8 @@ import com.google.inject.Inject; import com.google.inject.name.Named; +import com.google.common.base.Charsets; + import javafx.beans.property.ObjectProperty; import javafx.beans.property.ReadOnlyObjectProperty; import javafx.beans.property.SimpleObjectProperty; @@ -151,13 +153,13 @@ private boolean isKeyValid(String privKeyString) { } private void signAndAddSignatureToAlertMessage(Alert alert) { - String alertMessageAsHex = Utils.HEX.encode(alert.getMessage().getBytes()); + String alertMessageAsHex = Utils.HEX.encode(alert.getMessage().getBytes(Charsets.UTF_8)); String signatureAsBase64 = alertSigningKey.signMessage(alertMessageAsHex); alert.setSigAndPubKey(signatureAsBase64, keyRing.getSignatureKeyPair().getPublic()); } private boolean verifySignature(Alert alert) { - String alertMessageAsHex = Utils.HEX.encode(alert.getMessage().getBytes()); + String alertMessageAsHex = Utils.HEX.encode(alert.getMessage().getBytes(Charsets.UTF_8)); try { ECKey.fromPublicOnly(HEX.decode(pubKeyAsHex)).verifyMessage(alertMessageAsHex, alert.getSignatureAsBase64()); return true; diff --git a/core/src/main/java/bisq/core/alert/PrivateNotificationManager.java b/core/src/main/java/bisq/core/alert/PrivateNotificationManager.java index a10a275f56d..529f4b7ed55 100644 --- a/core/src/main/java/bisq/core/alert/PrivateNotificationManager.java +++ b/core/src/main/java/bisq/core/alert/PrivateNotificationManager.java @@ -35,6 +35,8 @@ import com.google.inject.Inject; import com.google.inject.name.Named; +import com.google.common.base.Charsets; + import javafx.beans.property.ObjectProperty; import javafx.beans.property.ReadOnlyObjectProperty; import javafx.beans.property.SimpleObjectProperty; @@ -145,13 +147,13 @@ private boolean isKeyValid(String privKeyString) { } private void signAndAddSignatureToPrivateNotificationMessage(PrivateNotificationPayload privateNotification) { - String privateNotificationMessageAsHex = Utils.HEX.encode(privateNotification.getMessage().getBytes()); + String privateNotificationMessageAsHex = Utils.HEX.encode(privateNotification.getMessage().getBytes(Charsets.UTF_8)); String signatureAsBase64 = privateNotificationSigningKey.signMessage(privateNotificationMessageAsHex); privateNotification.setSigAndPubKey(signatureAsBase64, keyRing.getSignatureKeyPair().getPublic()); } private boolean verifySignature(PrivateNotificationPayload privateNotification) { - String privateNotificationMessageAsHex = Utils.HEX.encode(privateNotification.getMessage().getBytes()); + String privateNotificationMessageAsHex = Utils.HEX.encode(privateNotification.getMessage().getBytes(Charsets.UTF_8)); try { ECKey.fromPublicOnly(HEX.decode(pubKeyAsHex)).verifyMessage(privateNotificationMessageAsHex, privateNotification.getSignatureAsBase64()); return true; diff --git a/core/src/main/java/bisq/core/notifications/MobileMessageEncryption.java b/core/src/main/java/bisq/core/notifications/MobileMessageEncryption.java index 042236432b9..0b6195872b7 100644 --- a/core/src/main/java/bisq/core/notifications/MobileMessageEncryption.java +++ b/core/src/main/java/bisq/core/notifications/MobileMessageEncryption.java @@ -19,6 +19,8 @@ import javax.inject.Inject; +import com.google.common.base.Charsets; + import org.apache.commons.codec.binary.Base64; import javax.crypto.Cipher; @@ -40,7 +42,7 @@ public MobileMessageEncryption() { } public void setKey(String key) { - keySpec = new SecretKeySpec(key.getBytes(), "AES"); + keySpec = new SecretKeySpec(key.getBytes(Charsets.UTF_8), "AES"); try { cipher = Cipher.getInstance("AES/CBC/NOPadding"); } catch (NoSuchAlgorithmException | NoSuchPaddingException e) { @@ -56,7 +58,7 @@ public String encrypt(String valueToEncrypt, String iv) throws Exception { if (iv.length() != 16) { throw new Exception("iv not 16 characters"); } - IvParameterSpec ivSpec = new IvParameterSpec(iv.getBytes()); + IvParameterSpec ivSpec = new IvParameterSpec(iv.getBytes(Charsets.UTF_8)); byte[] encryptedBytes = doEncrypt(valueToEncrypt, ivSpec); return Base64.encodeBase64String(encryptedBytes); } @@ -69,7 +71,7 @@ private byte[] doEncrypt(String text, IvParameterSpec ivSpec) throws Exception { byte[] encrypted; try { cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); - encrypted = cipher.doFinal(text.getBytes()); + encrypted = cipher.doFinal(text.getBytes(Charsets.UTF_8)); } catch (Exception e) { throw new Exception("[encrypt] " + e.getMessage()); } diff --git a/core/src/main/java/bisq/core/trade/protocol/ArbitratorSelectionRule.java b/core/src/main/java/bisq/core/trade/protocol/ArbitratorSelectionRule.java index 0dd1084bfce..d598e5f6c28 100644 --- a/core/src/main/java/bisq/core/trade/protocol/ArbitratorSelectionRule.java +++ b/core/src/main/java/bisq/core/trade/protocol/ArbitratorSelectionRule.java @@ -23,6 +23,8 @@ import bisq.common.crypto.Hash; +import com.google.common.base.Charsets; + import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -41,7 +43,7 @@ public static NodeAddress select(List acceptedArbitratorNodeAddress } checkArgument(candidates.size() > 0, "candidates.size() <= 0"); - int index = Math.abs(Arrays.hashCode(Hash.getSha256Hash(offer.getId().getBytes()))) % candidates.size(); + int index = Math.abs(Arrays.hashCode(Hash.getSha256Hash(offer.getId().getBytes(Charsets.UTF_8)))) % candidates.size(); NodeAddress selectedArbitrator = candidates.get(index); log.debug("selectedArbitrator " + selectedArbitrator); return selectedArbitrator; diff --git a/core/src/main/java/bisq/core/trade/protocol/MediatorSelectionRule.java b/core/src/main/java/bisq/core/trade/protocol/MediatorSelectionRule.java index 4df33207a4c..2aefb627d84 100644 --- a/core/src/main/java/bisq/core/trade/protocol/MediatorSelectionRule.java +++ b/core/src/main/java/bisq/core/trade/protocol/MediatorSelectionRule.java @@ -23,6 +23,8 @@ import bisq.common.crypto.Hash; +import com.google.common.base.Charsets; + import java.util.ArrayList; import java.util.Arrays; import java.util.List; @@ -43,7 +45,7 @@ public static NodeAddress select(List acceptedMediatorNodeAddresses } checkArgument(candidates.size() > 0, "candidates.size() <= 0"); - int index = Math.abs(Arrays.hashCode(Hash.getSha256Hash(offer.getId().getBytes()))) % candidates.size(); + int index = Math.abs(Arrays.hashCode(Hash.getSha256Hash(offer.getId().getBytes(Charsets.UTF_8)))) % candidates.size(); NodeAddress selectedMediator = candidates.get(index); log.debug("selectedMediator " + selectedMediator); return selectedMediator; diff --git a/core/src/main/java/bisq/core/trade/protocol/tasks/maker/MakerProcessPayDepositRequest.java b/core/src/main/java/bisq/core/trade/protocol/tasks/maker/MakerProcessPayDepositRequest.java index e599eefc622..ce72b924586 100644 --- a/core/src/main/java/bisq/core/trade/protocol/tasks/maker/MakerProcessPayDepositRequest.java +++ b/core/src/main/java/bisq/core/trade/protocol/tasks/maker/MakerProcessPayDepositRequest.java @@ -27,6 +27,8 @@ import org.bitcoinj.core.Coin; +import com.google.common.base.Charsets; + import lombok.extern.slf4j.Slf4j; import static bisq.core.util.Validator.checkTradeId; @@ -70,7 +72,7 @@ protected void run() { failed("acceptedArbitratorNodeAddresses must not be empty"); // Taker has to sign offerId (he cannot manipulate that - so we avoid to have a challenge protocol for passing the nonce we want to get signed) - tradingPeer.setAccountAgeWitnessNonce(trade.getOffer().getId().getBytes()); + tradingPeer.setAccountAgeWitnessNonce(trade.getOffer().getId().getBytes(Charsets.UTF_8)); tradingPeer.setAccountAgeWitnessSignature(payDepositRequest.getAccountAgeWitnessSignatureOfOfferId()); tradingPeer.setCurrentDate(payDepositRequest.getCurrentDate()); diff --git a/core/src/main/java/bisq/core/trade/protocol/tasks/taker/TakerSendPayDepositRequest.java b/core/src/main/java/bisq/core/trade/protocol/tasks/taker/TakerSendPayDepositRequest.java index 8db28d04908..6a35a728134 100644 --- a/core/src/main/java/bisq/core/trade/protocol/tasks/taker/TakerSendPayDepositRequest.java +++ b/core/src/main/java/bisq/core/trade/protocol/tasks/taker/TakerSendPayDepositRequest.java @@ -32,6 +32,8 @@ import bisq.common.crypto.Sig; import bisq.common.taskrunner.TaskRunner; +import com.google.common.base.Charsets; + import java.util.ArrayList; import java.util.Date; import java.util.List; @@ -82,7 +84,7 @@ protected void run() { // Taker has to use offerId as nonce (he cannot manipulate that - so we avoid to have a challenge protocol for passing the nonce we want to get signed) // He cannot manipulate the offerId - so we avoid to have a challenge protocol for passing the nonce we want to get signed. final PaymentAccountPayload paymentAccountPayload = checkNotNull(processModel.getPaymentAccountPayload(trade), "processModel.getPaymentAccountPayload(trade) must not be null"); - byte[] sig = Sig.sign(processModel.getKeyRing().getSignatureKeyPair().getPrivate(), offerId.getBytes()); + byte[] sig = Sig.sign(processModel.getKeyRing().getSignatureKeyPair().getPrivate(), offerId.getBytes(Charsets.UTF_8)); PayDepositRequest message = new PayDepositRequest( offerId, diff --git a/core/src/main/java/bisq/core/trade/statistics/TradeStatistics2.java b/core/src/main/java/bisq/core/trade/statistics/TradeStatistics2.java index ecd3b529371..9e57c8f2232 100644 --- a/core/src/main/java/bisq/core/trade/statistics/TradeStatistics2.java +++ b/core/src/main/java/bisq/core/trade/statistics/TradeStatistics2.java @@ -46,6 +46,8 @@ import org.springframework.util.CollectionUtils; +import com.google.common.base.Charsets; + import java.util.Date; import java.util.Map; import java.util.Optional; @@ -156,7 +158,7 @@ public TradeStatistics2(OfferPayload.Direction direction, if (hash == null) // We create hash from all fields excluding hash itself. We use json as simple data serialisation. // tradeDate is different for both peers so we ignore it for hash. - this.hash = Hash.getSha256Ripemd160hash(Utilities.objectToJson(this).getBytes()); + this.hash = Hash.getSha256Ripemd160hash(Utilities.objectToJson(this).getBytes(Charsets.UTF_8)); else this.hash = hash; } diff --git a/desktop/src/main/java/bisq/desktop/components/PeerInfoIcon.java b/desktop/src/main/java/bisq/desktop/components/PeerInfoIcon.java index cc857682eef..cd69acea2b8 100644 --- a/desktop/src/main/java/bisq/desktop/components/PeerInfoIcon.java +++ b/desktop/src/main/java/bisq/desktop/components/PeerInfoIcon.java @@ -29,6 +29,8 @@ import bisq.network.p2p.NodeAddress; +import com.google.common.base.Charsets; + import javafx.scene.Group; import javafx.scene.canvas.Canvas; import javafx.scene.canvas.GraphicsContext; @@ -121,7 +123,7 @@ public PeerInfoIcon(NodeAddress nodeAddress, int intValue = 0; try { MessageDigest md = MessageDigest.getInstance("SHA1"); - byte[] bytes = md.digest(fullAddress.getBytes()); + byte[] bytes = md.digest(fullAddress.getBytes(Charsets.UTF_8)); intValue = Math.abs(((bytes[0] & 0xFF) << 24) | ((bytes[1] & 0xFF) << 16) | ((bytes[2] & 0xFF) << 8) | (bytes[3] & 0xFF)); diff --git a/desktop/src/main/java/bisq/desktop/main/overlays/editor/PeerInfoWithTagEditor.java b/desktop/src/main/java/bisq/desktop/main/overlays/editor/PeerInfoWithTagEditor.java index 6f9c11f8f1a..32fe09f5786 100644 --- a/desktop/src/main/java/bisq/desktop/main/overlays/editor/PeerInfoWithTagEditor.java +++ b/desktop/src/main/java/bisq/desktop/main/overlays/editor/PeerInfoWithTagEditor.java @@ -28,6 +28,7 @@ import bisq.core.user.Preferences; import bisq.common.UserThread; +import bisq.common.crypto.PubKeyRing; import bisq.common.util.Tuple3; import bisq.common.util.Utilities; @@ -202,7 +203,9 @@ private void addContent() { // otherwise the text input handler does not work. doClose(); UserThread.runAfter(() -> { - new SendPrivateNotificationWindow(offer.getPubKeyRing(), offer.getMakerNodeAddress(), useDevPrivilegeKeys) + //TODO only taker could send msg as maker would use its own key from offer.... + PubKeyRing pubKeyRing = offer.getPubKeyRing(); + new SendPrivateNotificationWindow(pubKeyRing, offer.getMakerNodeAddress(), useDevPrivilegeKeys) .onAddAlertMessage(privateNotificationManager::sendPrivateNotificationMessageIfKeyIsValid) .show(); }, 100, TimeUnit.MILLISECONDS); diff --git a/monitor/src/main/java/bisq/monitor/reporter/GraphiteReporter.java b/monitor/src/main/java/bisq/monitor/reporter/GraphiteReporter.java index 8a9a55d9b54..466ca0801ab 100644 --- a/monitor/src/main/java/bisq/monitor/reporter/GraphiteReporter.java +++ b/monitor/src/main/java/bisq/monitor/reporter/GraphiteReporter.java @@ -28,8 +28,12 @@ import org.berndpruenster.netlayer.tor.TorSocket; -import java.io.IOException; +import com.google.common.base.Charsets; + import java.net.Socket; + +import java.io.IOException; + import java.util.HashMap; import java.util.Map; @@ -87,7 +91,7 @@ public void report(String key, String value, String timeInMilliseconds, String p else socket = new Socket(nodeAddress.getHostName(), nodeAddress.getPort()); - socket.getOutputStream().write(report.getBytes()); + socket.getOutputStream().write(report.getBytes(Charsets.UTF_8)); socket.close(); } catch (IOException e) { // TODO Auto-generated catch block diff --git a/p2p/src/main/java/bisq/network/DnsLookupTor.java b/p2p/src/main/java/bisq/network/DnsLookupTor.java index 4b457853652..c74b5ed6a73 100644 --- a/p2p/src/main/java/bisq/network/DnsLookupTor.java +++ b/p2p/src/main/java/bisq/network/DnsLookupTor.java @@ -19,6 +19,8 @@ import com.runjva.sourceforge.jsocks.protocol.Socks5Proxy; +import com.google.common.base.Charsets; + import java.net.InetAddress; import java.net.Socket; @@ -80,7 +82,7 @@ public static InetAddress lookup(Socks5Proxy proxy, String host) throws DnsLooku throw new DnsLookupException("Unrecognized Tor Auth Method"); } - byte[] hostBytes = host.getBytes(); + byte[] hostBytes = host.getBytes(Charsets.UTF_8); buf = new byte[7 + hostBytes.length]; buf[0] = b('\u0005'); buf[1] = b('\u00f0'); diff --git a/pricenode/src/main/java/bisq/price/spot/providers/BitcoinAverage.java b/pricenode/src/main/java/bisq/price/spot/providers/BitcoinAverage.java index de36b886ae5..6882ea3c7c9 100644 --- a/pricenode/src/main/java/bisq/price/spot/providers/BitcoinAverage.java +++ b/pricenode/src/main/java/bisq/price/spot/providers/BitcoinAverage.java @@ -30,6 +30,8 @@ import org.springframework.web.client.RestTemplate; import org.springframework.web.util.UriComponentsBuilder; +import com.google.common.base.Charsets; + import org.bouncycastle.util.encoders.Hex; import javax.crypto.Mac; @@ -118,12 +120,12 @@ private Map getTickersKeyedByCurrencyPair() { protected String getAuthSignature() { String payload = String.format("%s.%s", Instant.now().getEpochSecond(), pubKey); - return String.format("%s.%s", payload, Hex.toHexString(mac.doFinal(payload.getBytes()))); + return String.format("%s.%s", payload, Hex.toHexString(mac.doFinal(payload.getBytes(Charsets.UTF_8)))); } private static Mac initMac(String privKey) { String algorithm = "HmacSHA256"; - SecretKey secretKey = new SecretKeySpec(privKey.getBytes(), algorithm); + SecretKey secretKey = new SecretKeySpec(privKey.getBytes(Charsets.UTF_8), algorithm); try { Mac mac = Mac.getInstance(algorithm); mac.init(secretKey);