Example 1 with InvalidCertificateException
use of org.signal.libsignal.metadata.certificate.InvalidCertificateException in project Signal-Android by WhisperSystems.
the class UnidentifiedAccessUtil method getAccessForSync.
public static Optional<UnidentifiedAccessPair> getAccessForSync(@NonNull Context context) {
try {
byte[] ourUnidentifiedAccessKey = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
byte[] ourUnidentifiedAccessCertificate = getUnidentifiedAccessCertificate(Recipient.self());
if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
ourUnidentifiedAccessKey = UNRESTRICTED_KEY;
}
if (ourUnidentifiedAccessCertificate != null) {
return Optional.of(new UnidentifiedAccessPair(new UnidentifiedAccess(ourUnidentifiedAccessKey, ourUnidentifiedAccessCertificate), new UnidentifiedAccess(ourUnidentifiedAccessKey, ourUnidentifiedAccessCertificate)));
}
return Optional.absent();
} catch (InvalidCertificateException e) {
Log.w(TAG, e);
return Optional.absent();
}
}
Also used :
UnidentifiedAccessPair(org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair)
InvalidCertificateException(org.signal.libsignal.metadata.certificate.InvalidCertificateException)
UnidentifiedAccess(org.whispersystems.signalservice.api.crypto.UnidentifiedAccess)
Example 2 with InvalidCertificateException
use of org.signal.libsignal.metadata.certificate.InvalidCertificateException in project Signal-Android by WhisperSystems.
the class UnidentifiedAccessUtil method getAccessFor.
@WorkerThread
public static List<Optional<UnidentifiedAccessPair>> getAccessFor(@NonNull Context context, @NonNull List<Recipient> recipients, boolean log) {
byte[] ourUnidentifiedAccessKey = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
ourUnidentifiedAccessKey = UNRESTRICTED_KEY;
}
List<Optional<UnidentifiedAccessPair>> access = new ArrayList<>(recipients.size());
Map<CertificateType, Integer> typeCounts = new HashMap<>();
for (Recipient recipient : recipients) {
byte[] theirUnidentifiedAccessKey = getTargetUnidentifiedAccessKey(recipient);
CertificateType certificateType = getUnidentifiedAccessCertificateType(recipient);
byte[] ourUnidentifiedAccessCertificate = SignalStore.certificateValues().getUnidentifiedAccessCertificate(certificateType);
int typeCount = Util.getOrDefault(typeCounts, certificateType, 0);
typeCount++;
typeCounts.put(certificateType, typeCount);
if (theirUnidentifiedAccessKey != null && ourUnidentifiedAccessCertificate != null) {
try {
access.add(Optional.of(new UnidentifiedAccessPair(new UnidentifiedAccess(theirUnidentifiedAccessKey, ourUnidentifiedAccessCertificate), new UnidentifiedAccess(ourUnidentifiedAccessKey, ourUnidentifiedAccessCertificate))));
} catch (InvalidCertificateException e) {
Log.w(TAG, e);
access.add(Optional.absent());
}
} else {
access.add(Optional.absent());
}
}
int unidentifiedCount = Stream.of(access).filter(Optional::isPresent).toList().size();
int otherCount = access.size() - unidentifiedCount;
if (log) {
Log.i(TAG, "Unidentified: " + unidentifiedCount + ", Other: " + otherCount + ". Types: " + typeCounts);
}
return access;
}
Also used :
Optional(org.whispersystems.libsignal.util.guava.Optional)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Recipient(org.thoughtcrime.securesms.recipients.Recipient)
UnidentifiedAccessPair(org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair)
UnidentifiedAccess(org.whispersystems.signalservice.api.crypto.UnidentifiedAccess)
CertificateType(org.thoughtcrime.securesms.keyvalue.CertificateType)
InvalidCertificateException(org.signal.libsignal.metadata.certificate.InvalidCertificateException)
WorkerThread(androidx.annotation.WorkerThread)
Example 3 with InvalidCertificateException
use of org.signal.libsignal.metadata.certificate.InvalidCertificateException in project Signal-Android by signalapp.
the class UnidentifiedAccessUtil method getAccessForSync.
public static Optional<UnidentifiedAccessPair> getAccessForSync(@NonNull Context context) {
try {
byte[] ourUnidentifiedAccessKey = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
byte[] ourUnidentifiedAccessCertificate = getUnidentifiedAccessCertificate(Recipient.self());
if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
ourUnidentifiedAccessKey = UNRESTRICTED_KEY;
}
if (ourUnidentifiedAccessCertificate != null) {
return Optional.of(new UnidentifiedAccessPair(new UnidentifiedAccess(ourUnidentifiedAccessKey, ourUnidentifiedAccessCertificate), new UnidentifiedAccess(ourUnidentifiedAccessKey, ourUnidentifiedAccessCertificate)));
}
return Optional.absent();
} catch (InvalidCertificateException e) {
Log.w(TAG, e);
return Optional.absent();
}
}
Also used :
UnidentifiedAccessPair(org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair)
InvalidCertificateException(org.signal.libsignal.metadata.certificate.InvalidCertificateException)
UnidentifiedAccess(org.whispersystems.signalservice.api.crypto.UnidentifiedAccess)
Example 4 with InvalidCertificateException
use of org.signal.libsignal.metadata.certificate.InvalidCertificateException in project Signal-Android by WhisperSystems.
the class PushSendJob method rotateSenderCertificateIfNecessary.
protected void rotateSenderCertificateIfNecessary() throws IOException {
try {
Collection<CertificateType> requiredCertificateTypes = SignalStore.phoneNumberPrivacy().getRequiredCertificateTypes();
Log.i(TAG, "Ensuring we have these certificates " + requiredCertificateTypes);
for (CertificateType certificateType : requiredCertificateTypes) {
byte[] certificateBytes = SignalStore.certificateValues().getUnidentifiedAccessCertificate(certificateType);
if (certificateBytes == null) {
throw new InvalidCertificateException(String.format("No certificate %s was present.", certificateType));
}
SenderCertificate certificate = new SenderCertificate(certificateBytes);
if (System.currentTimeMillis() > (certificate.getExpiration() - CERTIFICATE_EXPIRATION_BUFFER)) {
throw new InvalidCertificateException(String.format(Locale.US, "Certificate %s is expired, or close to it. Expires on: %d, currently: %d", certificateType, certificate.getExpiration(), System.currentTimeMillis()));
}
Log.d(TAG, String.format("Certificate %s is valid", certificateType));
}
Log.d(TAG, "All certificates are valid.");
} catch (InvalidCertificateException e) {
Log.w(TAG, "A certificate was invalid at send time. Fetching new ones.", e);
if (!ApplicationDependencies.getJobManager().runSynchronously(new RotateCertificateJob(), 5000).isPresent()) {
throw new IOException("Timeout rotating certificate");
}
}
}
Also used :
CertificateType(org.thoughtcrime.securesms.keyvalue.CertificateType)
SenderCertificate(org.signal.libsignal.metadata.certificate.SenderCertificate)
IOException(java.io.IOException)
InvalidCertificateException(org.signal.libsignal.metadata.certificate.InvalidCertificateException)
Example 5 with InvalidCertificateException
use of org.signal.libsignal.metadata.certificate.InvalidCertificateException in project Signal-Android by signalapp.
the class UnidentifiedAccessUtil method getAccessFor.
@WorkerThread
public static List<Optional<UnidentifiedAccessPair>> getAccessFor(@NonNull Context context, @NonNull List<Recipient> recipients, boolean log) {
byte[] ourUnidentifiedAccessKey = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
ourUnidentifiedAccessKey = UNRESTRICTED_KEY;
}
List<Optional<UnidentifiedAccessPair>> access = new ArrayList<>(recipients.size());
Map<CertificateType, Integer> typeCounts = new HashMap<>();
for (Recipient recipient : recipients) {
byte[] theirUnidentifiedAccessKey = getTargetUnidentifiedAccessKey(recipient);
CertificateType certificateType = getUnidentifiedAccessCertificateType(recipient);
byte[] ourUnidentifiedAccessCertificate = SignalStore.certificateValues().getUnidentifiedAccessCertificate(certificateType);
int typeCount = Util.getOrDefault(typeCounts, certificateType, 0);
typeCount++;
typeCounts.put(certificateType, typeCount);
if (theirUnidentifiedAccessKey != null && ourUnidentifiedAccessCertificate != null) {
try {
access.add(Optional.of(new UnidentifiedAccessPair(new UnidentifiedAccess(theirUnidentifiedAccessKey, ourUnidentifiedAccessCertificate), new UnidentifiedAccess(ourUnidentifiedAccessKey, ourUnidentifiedAccessCertificate))));
} catch (InvalidCertificateException e) {
Log.w(TAG, e);
access.add(Optional.absent());
}
} else {
access.add(Optional.absent());
}
}
int unidentifiedCount = Stream.of(access).filter(Optional::isPresent).toList().size();
int otherCount = access.size() - unidentifiedCount;
if (log) {
Log.i(TAG, "Unidentified: " + unidentifiedCount + ", Other: " + otherCount + ". Types: " + typeCounts);
}
return access;
}
Also used :
Optional(org.whispersystems.libsignal.util.guava.Optional)
HashMap(java.util.HashMap)
ArrayList(java.util.ArrayList)
Recipient(org.thoughtcrime.securesms.recipients.Recipient)
UnidentifiedAccessPair(org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair)
UnidentifiedAccess(org.whispersystems.signalservice.api.crypto.UnidentifiedAccess)
CertificateType(org.thoughtcrime.securesms.keyvalue.CertificateType)
InvalidCertificateException(org.signal.libsignal.metadata.certificate.InvalidCertificateException)
WorkerThread(androidx.annotation.WorkerThread)
Aggregations
InvalidCertificateException (org.signal.libsignal.metadata.certificate.InvalidCertificateException)6
CertificateType (org.thoughtcrime.securesms.keyvalue.CertificateType)4
UnidentifiedAccess (org.whispersystems.signalservice.api.crypto.UnidentifiedAccess)4
UnidentifiedAccessPair (org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair)4
WorkerThread (androidx.annotation.WorkerThread)2
IOException (java.io.IOException)2
ArrayList (java.util.ArrayList)2
HashMap (java.util.HashMap)2
SenderCertificate (org.signal.libsignal.metadata.certificate.SenderCertificate)2
Recipient (org.thoughtcrime.securesms.recipients.Recipient)2
Optional (org.whispersystems.libsignal.util.guava.Optional)2
