public static NSDictionary records(HttpClient httpClient, EscrowProxyRequestFactory requests) throws IOException { /* EscrowService SRP-6a exchanges: GETRECORDS */ HttpUriRequest recordsRequest = requests.getRecords(); NSDictionary dictionary = httpClient.execute(recordsRequest, RESPONSE_HANDLER); logger.debug("-- records() - GETRECORDS: {}", dictionary.toXMLPropertyList()); return dictionary; } }
static NSDictionary srpInit(HttpClient httpClient, EscrowProxyRequestFactory requests, SRPClient srpClient) throws IOException { /* SRP-6a SRP_INIT Randomly generated ephemeral key A presented to escrow server along with id (mmeAuthToken header). Server returns amongst other things a salt and an ephemeral key B. */ byte[] ephemeralKeyA = srpClient.generateClientCredentials(); HttpUriRequest srpInitRequest = requests.srpInit(ephemeralKeyA); NSDictionary dictionary = httpClient.execute(srpInitRequest, RESPONSE_HANDLER); logger.debug("-- srpInit() - SRP_INIT: {}", dictionary.toXMLPropertyList()); return dictionary; }
public static NSDictionary recover(HttpClient httpClient, EscrowProxyRequestFactory requests) throws IOException { SRPClient srpClient = SRPFactory.rfc5054(new SecureRandom()); NSDictionary srpInitResponse = srpInit(httpClient, requests, srpClient); NSDictionary recover = recover(httpClient, requests, srpClient, srpInitResponse); NSDictionary decrypt = decrypt(srpClient, recover); logger.debug("-- recover() - escrowed data: {}", decrypt.toXMLPropertyList()); return decrypt; }
static NSDictionary recover(HttpClient httpClient, EscrowProxyRequestFactory requests, byte[] uid, byte[] tag, byte[] m1) throws IOException { logger.debug("-- recover() - uid: 0x{} tag: 0x{} m1: 0x{}", Hex.toHexString(uid), Hex.toHexString(tag), Hex.toHexString(m1)); /* SRP-6a RECOVER Failures will deplete attempts (we have 10 attempts max). Server will abort on an invalid M1 or present us with, amongst other things, M2 which we can verify (or not). */ HttpUriRequest recoverRequest = requests.recover(m1, uid, tag); NSDictionary response = httpClient.execute(recoverRequest, RESPONSE_HANDLER); logger.debug("-- recover() - response: {}", response.toXMLPropertyList()); return response; }
@Override public void write(final S item, final Local file) throws AccessDeniedException { final String content = item.<NSDictionary>serialize(SerializerFactory.get()).toXMLPropertyList(); final OutputStream out = file.getOutputStream(false); try { IOUtils.write(content, out, Charset.forName("UTF-8")); } catch(IOException e) { throw new AccessDeniedException(String.format("Cannot create file %s", file.getAbsolute()), e); } finally { IOUtils.closeQuietly(out); } } }
public static AssetEncryptedAttributes fromDictionary(NSDictionary data, String domain) { logger.trace("<< fromDictionary() - data:{} domain: {}", data.toXMLPropertyList(), domain); NSDictionaries.as(data, "domain", NSString.class) .map(NSString::getContent)
static NSDictionary decrypt(BlobA6 blob, byte[] key) { logger.debug("-- decrypt() - response blob: {}", blob); byte[] pcsData = AESCBC.decryptAESCBC(key, blob.iv(), blob.data()); logger.debug("-- decrypt() - pcs data: 0x{}", Hex.toHexString(pcsData)); BlobA0 pcsBlob = new BlobA0(ByteBuffer.wrap(pcsData)); logger.debug("-- decrypt() - pcs blob: {}", pcsBlob); byte[] derivedKey = PBKDF2.generate(new SHA256Digest(), pcsBlob.dsid(), pcsBlob.salt(), pcsBlob.iterations(), 16 * 8); logger.debug("-- decrypt() - derived key: 0x{}", Hex.toHexString(derivedKey)); byte[] saltIV = Arrays.copyOf(pcsBlob.salt(), 0x10); logger.debug("-- decrypt() - salt/ iv: 0x{}", Hex.toHexString(saltIV)); byte[] dictionaryData = AESCBC.decryptAESCBC(derivedKey, saltIV, pcsBlob.data()); logger.debug("-- decrypt() - dictionary data: 0x{}", Hex.toHexString(dictionaryData)); NSDictionary dictionary = PListsLegacy.parseDictionary(dictionaryData); logger.debug("-- decrypt() - dictionary: {}", dictionary.toXMLPropertyList()); return dictionary; }
static void diagnostic(byte[] metadata) { NSDictionary dictionary = PListsLegacy.parseDictionary(metadata); logger.debug("-- diagnostic() - dictionary: {}", dictionary.toXMLPropertyList()); byte[] backupKeybagDigest = PListsLegacy.getAs(dictionary, "BackupKeybagDigest", NSData.class).bytes(); logger.debug("-- diagnostic() - BackupKeybagDigest: 0x{}", Hex.toHexString(backupKeybagDigest)); Optional<NSString> timestamp = PListsLegacy.optionalAs(dictionary, "com.apple.securebackup.timestamp", NSString.class); logger.debug("-- diagnostic() - com.apple.securebackup.timestamp: {}", timestamp.map(NSString::getContent)); NSDictionary clientMetadata = PListsLegacy.getAs(dictionary, "ClientMetadata", NSDictionary.class); NSDictionary secureBackupiCloudDataProtection = PListsLegacy.getAs(clientMetadata, "SecureBackupiCloudDataProtection", NSDictionary.class); byte[] secureBackupiCloudIdentityPublicData = PListsLegacy.getAs(clientMetadata, "SecureBackupiCloudIdentityPublicData", NSData.class).bytes(); Optional<PublicKeyInfo> optionalPublicKeyInfo = DERUtils.parse(secureBackupiCloudIdentityPublicData, PublicKeyInfo::new); logger.debug("-- diagnostic() - publicKeyInfo: {}", optionalPublicKeyInfo); byte[] kPCSMetadataEscrowedKeys = PListsLegacy.getAs(secureBackupiCloudDataProtection, "kPCSMetadataEscrowedKeys", NSData.class).bytes(); logger.debug("-- diagnostic() - kPCSMetadataEscrowedKeys: 0x{}", Hex.toHexString(kPCSMetadataEscrowedKeys)); } }