PubNub SDK v4.33.2 release.

pubnub · Oct 8, 2020 · 49335b3 · 49335b3
1 parent 6354234
commit 49335b3
Show file tree

Hide file tree

Showing 14 changed files with 129 additions and 29 deletions.
diff --git a/.pubnub.yml b/.pubnub.yml
@@ -1,10 +1,15 @@
 name: java
-version: 4.33.1
+version: 4.33.2
 schema: 1
 scm: github.com/pubnub/java
 files:
-  - build/libs/pubnub-gson-4.33.1-all.jar
+  - build/libs/pubnub-gson-4.33.2-all.jar
 changelog:
+  - version: v4.33.2
+    date: 2020-10-08
+    changes:
+      - type: bug
+        text: "To improve security of messages, added support for random initialization vector to encrypt and decrypt messages."
   - version: v4.33.1
     date: 2020-09-24
     changes:
@@ -123,7 +128,7 @@ changelog:
       - type: bugfix
         text: Custom encode auth key where it's not encoded automatically
       - type: feature
-        text: Move state param from heartbeat to subcribe calls
+        text: Move state param from heartbeat to subscribe calls
   - version: v4.24.0
     date: 2019-05-21
     changes:
@@ -169,7 +174,7 @@ changelog:
     date: 2018-01-11
     changes:
       - type: improvement
-        text: lock down okHTTP version to support latest android version
+        text: lock down OkHttp version to support latest android version
   - version: v4.17.0
     date: 2017-12-19
     changes:
@@ -193,7 +198,7 @@ changelog:
     date: 2017-10-25
     changes:
       - type: improvement
-        text: add support to supress leave events
+        text: add support to suppress leave events
   - version: v4.13.0
     date: 2017-10-23
     changes:
@@ -275,7 +280,7 @@ changelog:
       - type: feature
         text: To distinguish UUID's that were generated by our SDK, we appended `pn-` before the UUID to signal that it's a randomly generated UUID.
       - type: feature
-        text: Allow the passing of okHttp connection spec via setConnectionSpec
+        text: Allow the passing of OkHttp connection spec via setConnectionSpec
       - type: improvement
         text: Bump retrofit to 2.2.0
   - version: v4.5.0
@@ -330,7 +335,7 @@ changelog:
     date:
     changes:
       - type: improvement
-        text: Swapping out logger for slf4japi and removing final methods
+        text: Swapping out logger for SLF4J API and removing final methods
   - version: v4.2.2
     date: 2016-12-09
     changes:
@@ -351,12 +356,12 @@ changelog:
       - type: improvement
         text: support for alerting of queue exceeded (PNRequestMessageCountExceededCategory)
       - type: improvement
-        text: signaling to okhttp to stop the queues on termination.
+        text: signaling to OkHttp to stop the queues on termination.
   - version: v4.1.0
     date: 2016-10-12
     changes:
       - type: improvement
-        text: destory now correctly forces the producer thread to shut down; stop is now deprecated for disconnect
+        text: destroy now correctly forces the producer thread to shut down; stop is now deprecated for disconnect
       - type: improvement
         text: support for sending instance id for presence detection (disabled by default)
       - type: improvement
@@ -377,7 +382,7 @@ changelog:
     date: 2016-09-13
     changes:
       - type: bug
-        text: fixing parsing of origination payload within the psv2 enevelope
+        text: fixing parsing of origination payload within the psv2 envelope
   - version: v4.0.11
     date: 2016-09-09
     changes:
@@ -428,7 +433,7 @@ changelog:
     date: 2016-06-15
     changes:
       - type: feature
-        text: fire() method and no-replicaton options.
+        text: fire() method and no-replication options.
   - version: v4.0.2
     date: 2016-06-15
     changes:

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,10 @@
+## [v4.33.2](https://github.com/pubnub/java/releases/tag/v4.33.2)
+October-08-2020
+
+[Full Changelog](https://github.com/pubnub/java/compare/v4.33.1...v4.33.2)
+
+- 🐛 To improve security of messages, added support for random initialization vector to encrypt and decrypt messages. 
+
 ## [v4.33.1](https://github.com/pubnub/java/releases/tag/v4.33.1)
 September-24-2020
 

diff --git a/README.md b/README.md
@@ -1,6 +1,6 @@
 
 
-### PubNub Java-based SDKs for Java / Android
+# PubNub Java-based SDKs for Java / Android
 
 [![Build Status](https://travis-ci.org/pubnub/java.svg?branch=master)](https://travis-ci.org/pubnub/java)
 [![Codacy Badge](https://api.codacy.com/project/badge/Grade/164fd518c314417e896b3de494ab75df)](https://www.codacy.com/app/PubNub/java?utm_source=github.com&amp;utm_medium=referral&amp;utm_content=pubnub/java&amp;utm_campaign=Badge_Grade)
@@ -12,4 +12,4 @@
 
 ## Communication
 
-- If you **need help** or have a **general question**, contact <support@pubnub.com>
+- If you **need any help** or have a **general question**, contact <support@pubnub.com>
diff --git a/build.gradle b/build.gradle
@@ -11,7 +11,7 @@ plugins {
 }
 group = 'com.pubnub'
 
-version = '4.33.1'
+version = '4.33.2'
 
 description = """"""
 

diff --git a/src/main/java/com/pubnub/api/PNConfiguration.java b/src/main/java/com/pubnub/api/PNConfiguration.java
@@ -187,6 +187,8 @@ public class PNConfiguration {
     private boolean dedupOnSubscribe;
     @Setter
     private Integer maximumMessagesCacheSize;
+    @Setter
+    private boolean useRandomInitializationVector;
 
     /**
      * Initialize the PNConfiguration with default values
@@ -218,6 +220,7 @@ public PNConfiguration() {
         dedupOnSubscribe = false;
         suppressLeaveEvents = false;
         maximumMessagesCacheSize = DEFAULT_DEDUPE_SIZE;
+        useRandomInitializationVector = false;
     }
 
     /**

diff --git a/src/main/java/com/pubnub/api/PubNub.java b/src/main/java/com/pubnub/api/PubNub.java
@@ -92,7 +92,7 @@ public class PubNub {
     private static final int TIMESTAMP_DIVIDER = 1000;
     private static final int MAX_SEQUENCE = 65535;
 
-    private static final String SDK_VERSION = "4.33.1";
+    private static final String SDK_VERSION = "4.33.2";
 
     public PubNub(@NotNull PNConfiguration initialConfig) {
         this.configuration = initialConfig;
@@ -410,8 +410,8 @@ public String decrypt(String inputString, String cipherKey) throws PubNubExcepti
         if (inputString == null) {
             throw PubNubException.builder().pubnubError(PubNubErrorBuilder.PNERROBJ_INVALID_ARGUMENTS).build();
         }
-
-        return new Crypto(cipherKey).decrypt(inputString);
+        boolean dynamicIV = this.getConfiguration().isUseRandomInitializationVector();
+        return new Crypto(cipherKey, dynamicIV).decrypt(inputString);
     }
 
     public InputStream decryptInputStream(InputStream inputStream) throws PubNubException {
@@ -451,7 +451,8 @@ public String encrypt(String inputString, String cipherKey) throws PubNubExcepti
             throw PubNubException.builder().pubnubError(PubNubErrorBuilder.PNERROBJ_INVALID_ARGUMENTS).build();
         }
 
-        return new Crypto(cipherKey).encrypt(inputString);
+        boolean dynamicIV = this.getConfiguration().isUseRandomInitializationVector();
+        return new Crypto(cipherKey, dynamicIV).encrypt(inputString);
     }
 
     public InputStream encryptInputStream(InputStream inputStream) throws PubNubException {

diff --git a/src/main/java/com/pubnub/api/endpoints/FetchMessages.java b/src/main/java/com/pubnub/api/endpoints/FetchMessages.java
@@ -186,7 +186,7 @@ private JsonElement processMessage(JsonElement message) throws PubNubException {
             return message;
         }
 
-        Crypto crypto = new Crypto(this.getPubnub().getConfiguration().getCipherKey());
+        Crypto crypto = new Crypto(this.getPubnub().getConfiguration().getCipherKey(), this.getPubnub().getConfiguration().isUseRandomInitializationVector());
         MapperManager mapper = this.getPubnub().getMapper();
         String inputText;
         String outputText;

diff --git a/src/main/java/com/pubnub/api/endpoints/History.java b/src/main/java/com/pubnub/api/endpoints/History.java
@@ -171,7 +171,7 @@ private JsonElement processMessage(JsonElement message) throws PubNubException {
             return message;
         }
 
-        Crypto crypto = new Crypto(this.getPubnub().getConfiguration().getCipherKey());
+        Crypto crypto = new Crypto(this.getPubnub().getConfiguration().getCipherKey(), this.getPubnub().getConfiguration().isUseRandomInitializationVector());
         MapperManager mapper = getPubnub().getMapper();
         String inputText;
         String outputText;

diff --git a/src/main/java/com/pubnub/api/endpoints/files/PublishFileMessage.java b/src/main/java/com/pubnub/api/endpoints/files/PublishFileMessage.java
@@ -87,7 +87,7 @@ protected Call<List<Object>> doWork(Map<String, String> baseParams) throws PubNu
         String stringifiedMessage = mapper.toJsonUsinJackson(new FileUploadNotification(this.message, pnFile));
         String messageAsString;
         if (getPubnub().getConfiguration().getCipherKey() != null) {
-            Crypto crypto = new Crypto(getPubnub().getConfiguration().getCipherKey());
+            Crypto crypto = new Crypto(getPubnub().getConfiguration().getCipherKey(), getPubnub().getConfiguration().isUseRandomInitializationVector());
             messageAsString = "\"".concat(crypto.encrypt(stringifiedMessage)).concat("\"");
         } else {
             messageAsString = PubNubUtil.urlEncode(stringifiedMessage);

diff --git a/src/main/java/com/pubnub/api/endpoints/pubsub/Publish.java b/src/main/java/com/pubnub/api/endpoints/pubsub/Publish.java
@@ -106,7 +106,7 @@ protected Call<List<Object>> doWork(Map<String, String> params) throws PubNubExc
         }
 
         if (this.getPubnub().getConfiguration().getCipherKey() != null) {
-            Crypto crypto = new Crypto(this.getPubnub().getConfiguration().getCipherKey());
+            Crypto crypto = new Crypto(this.getPubnub().getConfiguration().getCipherKey(), this.getPubnub().getConfiguration().isUseRandomInitializationVector());
             stringifiedMessage = crypto.encrypt(stringifiedMessage).replace("\n", "");
         }
 

diff --git a/src/main/java/com/pubnub/api/vendor/Crypto.java b/src/main/java/com/pubnub/api/vendor/Crypto.java
@@ -12,12 +12,14 @@
 import javax.crypto.spec.IvParameterSpec;
 import javax.crypto.spec.SecretKeySpec;
 import java.io.UnsupportedEncodingException;
+import java.nio.Buffer;
 import java.nio.charset.Charset;
 import java.security.InvalidAlgorithmParameterException;
 import java.security.InvalidKeyException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.AlgorithmParameterSpec;
+import java.util.Random;
 
 import static com.pubnub.api.vendor.FileEncryptionUtil.CIPHER_TRANSFORMATION;
 import static com.pubnub.api.vendor.FileEncryptionUtil.ENCODING_UTF_8;
@@ -31,9 +33,15 @@ public class Crypto {
     String initializationVector = "0123456789012345";
     String cipherKey;
     boolean INIT = false;
+    boolean dynamicIV = false;
 
     public Crypto(String cipherKey) {
+        this(cipherKey, false);
+    }
+
+    public Crypto(String cipherKey, boolean dynamicIV) {
         this.cipherKey = cipherKey;
+        this.dynamicIV = dynamicIV;
     }
 
     public Crypto(String cipherKey, String customInitializationVector) {
@@ -45,15 +53,21 @@ public Crypto(String cipherKey, String customInitializationVector) {
     }
 
     private void initCiphers() throws PubNubException {
-        if (INIT)
+        if (INIT && !dynamicIV)
             return;
         try {
 
             keyBytes = new String(hexEncode(sha256(this.cipherKey.getBytes(ENCODING_UTF_8))), ENCODING_UTF_8)
                     .substring(0, 32)
                     .toLowerCase().getBytes(ENCODING_UTF_8);
-            ivBytes = initializationVector.getBytes(ENCODING_UTF_8);
-            INIT = true;
+            if (dynamicIV){
+                ivBytes = new byte[16];
+                new Random().nextBytes(ivBytes);
+            }
+            else {
+                ivBytes = initializationVector.getBytes(ENCODING_UTF_8);
+                INIT = true;
+            }
         } catch (UnsupportedEncodingException e) {
             throw PubNubException.builder().pubnubError(newCryptoError(11, e.toString())).errormsg(e.getMessage()).build();
         }
@@ -83,7 +97,16 @@ public String encrypt(String input) throws PubNubException {
             Cipher cipher = null;
             cipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
             cipher.init(Cipher.ENCRYPT_MODE, newKey, ivSpec);
-            return new String(Base64.encode(cipher.doFinal(input.getBytes(ENCODING_UTF_8)), 0), Charset.forName(ENCODING_UTF_8));
+            if (dynamicIV){
+                byte[] outputBytes = input.getBytes(ENCODING_UTF_8);
+                byte[] newOutputBytes = new byte[ivBytes.length+ outputBytes.length];
+                System.arraycopy(ivBytes, 0, newOutputBytes, 0, ivBytes.length);
+                System.arraycopy(outputBytes, 0, newOutputBytes, ivBytes.length, outputBytes.length);
+                return new String(Base64.encode(cipher.doFinal(newOutputBytes), 0), Charset.forName(ENCODING_UTF_8));
+            }
+            else {
+                return new String(Base64.encode(cipher.doFinal(input.getBytes(ENCODING_UTF_8)), 0), Charset.forName(ENCODING_UTF_8));
+            }
         } catch (NoSuchAlgorithmException e) {
             throw PubNubException.builder().errormsg(e.toString()).build();
         } catch (NoSuchPaddingException e) {
@@ -111,12 +134,23 @@ public String encrypt(String input) throws PubNubException {
      */
     public String decrypt(String cipher_text) throws PubNubException {
         try {
+            byte[] dataBytes = null;
             initCiphers();
+            if (dynamicIV){
+                dataBytes = Base64.decode(cipher_text, 0);
+                System.arraycopy(dataBytes, 0, ivBytes, 0, 16);
+                byte[] receivedCipherBytes = new byte[dataBytes.length - 16];
+                System.arraycopy(dataBytes, 16, receivedCipherBytes, 0, dataBytes.length-16);
+                dataBytes = receivedCipherBytes;
+            }
+            else {
+                dataBytes = Base64.decode(cipher_text, 0);
+            }
             AlgorithmParameterSpec ivSpec = new IvParameterSpec(ivBytes);
             SecretKeySpec newKey = new SecretKeySpec(keyBytes, "AES");
             Cipher cipher = Cipher.getInstance(CIPHER_TRANSFORMATION);
             cipher.init(Cipher.DECRYPT_MODE, newKey, ivSpec);
-            return new String(cipher.doFinal(Base64.decode(cipher_text, 0)), ENCODING_UTF_8);
+            return new String(cipher.doFinal(dataBytes), ENCODING_UTF_8);
         } catch (IllegalArgumentException e) {
             throw PubNubException.builder().errormsg(e.toString()).build();
         } catch (UnsupportedEncodingException e) {

diff --git a/src/main/java/com/pubnub/api/workers/SubscribeMessageWorker.java b/src/main/java/com/pubnub/api/workers/SubscribeMessageWorker.java
@@ -100,7 +100,7 @@ private JsonElement processMessage(SubscribeMessage subscribeMessage) {
             return input;
         }
 
-        Crypto crypto = new Crypto(pubnub.getConfiguration().getCipherKey());
+        Crypto crypto = new Crypto(pubnub.getConfiguration().getCipherKey(), pubnub.getConfiguration().isUseRandomInitializationVector());
         MapperManager mapper = this.pubnub.getMapper();
         String inputText;
         String outputText;

diff --git a/src/test/java/com/pubnub/api/PubNubTest.java b/src/test/java/com/pubnub/api/PubNubTest.java
@@ -98,7 +98,7 @@ public void getVersionAndTimeStamp() {
         pubnub = new PubNub(pnConfiguration);
         String version = pubnub.getVersion();
         int timeStamp = pubnub.getTimestamp();
-        Assert.assertEquals("4.33.1", version);
+        Assert.assertEquals("4.33.2", version);
         Assert.assertTrue(timeStamp > 0);
     }
 

diff --git a/src/test/java/com/pubnub/api/vendor/EncryptDecryptTest.java b/src/test/java/com/pubnub/api/vendor/EncryptDecryptTest.java
@@ -0,0 +1,50 @@
+package com.pubnub.api.vendor;
+
+import com.pubnub.api.PubNubException;
+import org.apache.commons.io.IOUtils;
+import org.junit.Assert;
+import org.junit.Test;
+
+import java.io.ByteArrayInputStream;
+import java.io.ByteArrayOutputStream;
+import java.io.IOException;
+import java.io.InputStream;
+
+import static org.hamcrest.Matchers.*;
+import static org.hamcrest.Matchers.equalTo;
+import static org.junit.Assert.assertThat;
+
+public class EncryptDecryptTest {
+    @Test
+    public void canDecryptTextWhatIsEncryptedWithStaticIV() throws IOException, PubNubException {
+        //given
+        final String cipherKey = "enigma";
+        final String msgToEncrypt = "Hello world";
+
+
+        //when
+        Crypto crypto = new Crypto(cipherKey);
+        final String encryptedMsg = crypto.encrypt(msgToEncrypt);
+        String decryptedMsg = crypto.decrypt(encryptedMsg);
+
+        //then
+        Assert.assertEquals(msgToEncrypt, decryptedMsg);
+    }
+
+    @Test
+    public void canDecryptTextWhatIsEncryptedWithRandomIV() throws IOException, PubNubException {
+        //given
+        final String cipherKey = "enigma";
+        final String msgToEncrypt = "Hello world";
+
+
+        //when
+        Crypto crypto = new Crypto(cipherKey, true);
+        final String encryptedMsg = crypto.encrypt(msgToEncrypt);
+        String decryptedMsg = crypto.decrypt(encryptedMsg);
+
+        //then
+        Assert.assertEquals(msgToEncrypt, decryptedMsg);
+    }
+
+}