Examples with SenderCertificate - org.signal.libsignal.metadata.certificate.SenderCertificate

Example 1 with SenderCertificate

use of org.signal.libsignal.metadata.certificate.SenderCertificate in project Signal-Android by WhisperSystems.

the class SignalServiceMessageSender method sendGroupMessage.

/**
 * Will send a message using sender keys to all of the specified recipients. It is assumed that
 * all of the recipients have UUIDs.
 *
 * This method will handle sending out SenderKeyDistributionMessages as necessary.
 */
private List<SendMessageResult> sendGroupMessage(DistributionId distributionId, List<SignalServiceAddress> recipients, List<UnidentifiedAccess> unidentifiedAccess, long timestamp, Content content, ContentHint contentHint, byte[] groupId, boolean online, SenderKeyGroupEvents sendEvents) throws IOException, UntrustedIdentityException, NoSessionException, InvalidKeyException, InvalidRegistrationIdException {
    if (recipients.isEmpty()) {
        Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Empty recipient list!");
        return Collections.emptyList();
    }
    Preconditions.checkArgument(recipients.size() == unidentifiedAccess.size(), "[" + timestamp + "] Unidentified access mismatch!");
    Map<ServiceId, UnidentifiedAccess> accessBySid = new HashMap<>();
    Iterator<SignalServiceAddress> addressIterator = recipients.iterator();
    Iterator<UnidentifiedAccess> accessIterator = unidentifiedAccess.iterator();
    while (addressIterator.hasNext()) {
        accessBySid.put(addressIterator.next().getServiceId(), accessIterator.next());
    }
    for (int i = 0; i < RETRY_COUNT; i++) {
        GroupTargetInfo targetInfo = buildGroupTargetInfo(recipients);
        Set<SignalProtocolAddress> sharedWith = store.getSenderKeySharedWith(distributionId);
        List<SignalServiceAddress> needsSenderKey = targetInfo.destinations.stream().filter(a -> !sharedWith.contains(a)).map(a -> ServiceId.parseOrThrow(a.getName())).distinct().map(SignalServiceAddress::new).collect(Collectors.toList());
        if (needsSenderKey.size() > 0) {
            Log.i(TAG, "[sendGroupMessage][" + timestamp + "] Need to send the distribution message to " + needsSenderKey.size() + " addresses.");
            SenderKeyDistributionMessage message = getOrCreateNewGroupSession(distributionId);
            List<Optional<UnidentifiedAccessPair>> access = needsSenderKey.stream().map(r -> {
                UnidentifiedAccess targetAccess = accessBySid.get(r.getServiceId());
                return Optional.of(new UnidentifiedAccessPair(targetAccess, targetAccess));
            }).collect(Collectors.toList());
            List<SendMessageResult> results = sendSenderKeyDistributionMessage(distributionId, needsSenderKey, access, message, groupId);
            List<SignalServiceAddress> successes = results.stream().filter(SendMessageResult::isSuccess).map(SendMessageResult::getAddress).collect(Collectors.toList());
            Set<String> successSids = successes.stream().map(a -> a.getServiceId().toString()).collect(Collectors.toSet());
            Set<SignalProtocolAddress> successAddresses = targetInfo.destinations.stream().filter(a -> successSids.contains(a.getName())).collect(Collectors.toSet());
            store.markSenderKeySharedWith(distributionId, successAddresses);
            Log.i(TAG, "[sendGroupMessage][" + timestamp + "] Successfully sent sender keys to " + successes.size() + "/" + needsSenderKey.size() + " recipients.");
            int failureCount = results.size() - successes.size();
            if (failureCount > 0) {
                Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Failed to send sender keys to " + failureCount + " recipients. Sending back failed results now.");
                List<SendMessageResult> trueFailures = results.stream().filter(r -> !r.isSuccess()).collect(Collectors.toList());
                Set<ServiceId> failedAddresses = trueFailures.stream().map(result -> result.getAddress().getServiceId()).collect(Collectors.toSet());
                List<SendMessageResult> fakeNetworkFailures = recipients.stream().filter(r -> !failedAddresses.contains(r.getServiceId())).map(SendMessageResult::networkFailure).collect(Collectors.toList());
                List<SendMessageResult> modifiedResults = new LinkedList<>();
                modifiedResults.addAll(trueFailures);
                modifiedResults.addAll(fakeNetworkFailures);
                return modifiedResults;
            } else {
                targetInfo = buildGroupTargetInfo(recipients);
            }
        }
        sendEvents.onSenderKeyShared();
        SignalServiceCipher cipher = new SignalServiceCipher(localAddress, localDeviceId, store, sessionLock, null);
        SenderCertificate senderCertificate = unidentifiedAccess.get(0).getUnidentifiedCertificate();
        byte[] ciphertext;
        try {
            ciphertext = cipher.encryptForGroup(distributionId, targetInfo.destinations, senderCertificate, content.toByteArray(), contentHint, groupId);
        } catch (org.whispersystems.libsignal.UntrustedIdentityException e) {
            throw new UntrustedIdentityException("Untrusted during group encrypt", e.getName(), e.getUntrustedIdentity());
        }
        sendEvents.onMessageEncrypted();
        byte[] joinedUnidentifiedAccess = new byte[16];
        for (UnidentifiedAccess access : unidentifiedAccess) {
            joinedUnidentifiedAccess = ByteArrayUtil.xor(joinedUnidentifiedAccess, access.getUnidentifiedAccessKey());
        }
        try {
            try {
                SendGroupMessageResponse response = new MessagingService.SendResponseProcessor<>(messagingService.sendToGroup(ciphertext, joinedUnidentifiedAccess, timestamp, online).blockingGet()).getResultOrThrow();
                return transformGroupResponseToMessageResults(targetInfo.devices, response, content);
            } catch (InvalidUnidentifiedAccessHeaderException | NotFoundException | GroupMismatchedDevicesException | GroupStaleDevicesException e) {
                // Non-technical failures shouldn't be retried with socket
                throw e;
            } catch (WebSocketUnavailableException e) {
                Log.i(TAG, "[sendGroupMessage][" + timestamp + "] Pipe unavailable, falling back... (" + e.getClass().getSimpleName() + ": " + e.getMessage() + ")");
            } catch (IOException e) {
                Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Pipe failed, falling back... (" + e.getClass().getSimpleName() + ": " + e.getMessage() + ")");
            }
            SendGroupMessageResponse response = socket.sendGroupMessage(ciphertext, joinedUnidentifiedAccess, timestamp, online);
            return transformGroupResponseToMessageResults(targetInfo.devices, response, content);
        } catch (GroupMismatchedDevicesException e) {
            Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Handling mismatched devices. (" + e.getMessage() + ")");
            for (GroupMismatchedDevices mismatched : e.getMismatchedDevices()) {
                SignalServiceAddress address = new SignalServiceAddress(ACI.parseOrThrow(mismatched.getUuid()), Optional.absent());
                handleMismatchedDevices(socket, address, mismatched.getDevices());
            }
        } catch (GroupStaleDevicesException e) {
            Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Handling stale devices. (" + e.getMessage() + ")");
            for (GroupStaleDevices stale : e.getStaleDevices()) {
                SignalServiceAddress address = new SignalServiceAddress(ACI.parseOrThrow(stale.getUuid()), Optional.absent());
                handleStaleDevices(address, stale.getDevices());
            }
        }
        Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Attempt failed (i = " + i + ")");
    }
    throw new IOException("Failed to resolve conflicts after " + RETRY_COUNT + " attempts!");
}

Also used : ServerRejectedException(org.whispersystems.signalservice.api.push.exceptions.ServerRejectedException) GroupContext(org.whispersystems.signalservice.internal.push.SignalServiceProtos.GroupContext) CallingResponse(org.whispersystems.signalservice.api.messages.calls.CallingResponse) StickerPackOperationMessage(org.whispersystems.signalservice.api.messages.multidevice.StickerPackOperationMessage) TypingMessage(org.whispersystems.signalservice.internal.push.SignalServiceProtos.TypingMessage) PaddingInputStream(org.whispersystems.signalservice.internal.crypto.PaddingInputStream) DataMessage(org.whispersystems.signalservice.internal.push.SignalServiceProtos.DataMessage) ReceiptMessage(org.whispersystems.signalservice.internal.push.SignalServiceProtos.ReceiptMessage) SecureRandom(java.security.SecureRandom) Future(java.util.concurrent.Future) Preconditions(org.whispersystems.libsignal.util.guava.Preconditions) SignalGroupSessionBuilder(org.whispersystems.signalservice.api.crypto.SignalGroupSessionBuilder) GroupMismatchedDevicesException(org.whispersystems.signalservice.internal.push.exceptions.GroupMismatchedDevicesException) SenderCertificate(org.signal.libsignal.metadata.certificate.SenderCertificate) Map(java.util.Map) GroupStaleDevicesException(org.whispersystems.signalservice.internal.push.exceptions.GroupStaleDevicesException) AttachmentPointerUtil(org.whispersystems.signalservice.api.util.AttachmentPointerUtil) StaleDevicesException(org.whispersystems.signalservice.internal.push.exceptions.StaleDevicesException) SendMessageResponse(org.whispersystems.signalservice.internal.push.SendMessageResponse) ClientZkProfileOperations(org.signal.zkgroup.profiles.ClientZkProfileOperations) PartialSendCompleteListener(org.whispersystems.signalservice.internal.push.http.PartialSendCompleteListener) ACI(org.whispersystems.signalservice.api.push.ACI) SignalServiceAttachment(org.whispersystems.signalservice.api.messages.SignalServiceAttachment) InvalidUnidentifiedAccessHeaderException(org.whispersystems.signalservice.internal.push.exceptions.InvalidUnidentifiedAccessHeaderException) Set(java.util.Set) OutgoingPushMessageList(org.whispersystems.signalservice.internal.push.OutgoingPushMessageList) Executors(java.util.concurrent.Executors) CredentialsProvider(org.whispersystems.signalservice.api.util.CredentialsProvider) SignalServiceGroupContext(org.whispersystems.signalservice.api.messages.SignalServiceGroupContext) SignalServiceGroupV2(org.whispersystems.signalservice.api.messages.SignalServiceGroupV2) GroupSessionBuilder(org.whispersystems.libsignal.groups.GroupSessionBuilder) Base64(org.whispersystems.util.Base64) MismatchedDevices(org.whispersystems.signalservice.internal.push.MismatchedDevices) ContentHint(org.whispersystems.signalservice.api.crypto.ContentHint) SignalServiceTypingMessage(org.whispersystems.signalservice.api.messages.SignalServiceTypingMessage) MalformedResponseException(org.whispersystems.signalservice.api.push.exceptions.MalformedResponseException) InvalidKeyException(org.whispersystems.libsignal.InvalidKeyException) ArrayList(java.util.ArrayList) UnidentifiedAccess(org.whispersystems.signalservice.api.crypto.UnidentifiedAccess) Verified(org.whispersystems.signalservice.internal.push.SignalServiceProtos.Verified) BlockedListMessage(org.whispersystems.signalservice.api.messages.multidevice.BlockedListMessage) SignalServiceGroup(org.whispersystems.signalservice.api.messages.SignalServiceGroup) SignalServiceCallMessage(org.whispersystems.signalservice.api.messages.calls.SignalServiceCallMessage) SignalServiceAttachmentRemoteId(org.whispersystems.signalservice.api.messages.SignalServiceAttachmentRemoteId) ReadMessage(org.whispersystems.signalservice.api.messages.multidevice.ReadMessage) PreKeyBundle(org.whispersystems.libsignal.state.PreKeyBundle) ViewOnceOpenMessage(org.whispersystems.signalservice.api.messages.multidevice.ViewOnceOpenMessage) MessageRequestResponseMessage(org.whispersystems.signalservice.api.messages.multidevice.MessageRequestResponseMessage) GroupMismatchedDevices(org.whispersystems.signalservice.internal.push.GroupMismatchedDevices) KeysMessage(org.whispersystems.signalservice.api.messages.multidevice.KeysMessage) DistributionId(org.whispersystems.signalservice.api.push.DistributionId) CallMessage(org.whispersystems.signalservice.internal.push.SignalServiceProtos.CallMessage) PushNetworkException(org.whispersystems.signalservice.api.push.exceptions.PushNetworkException) IOException(java.io.IOException) Optional(org.whispersystems.libsignal.util.guava.Optional) ExecutionException(java.util.concurrent.ExecutionException) UntrustedIdentityException(org.whispersystems.signalservice.api.crypto.UntrustedIdentityException) AttachmentPointer(org.whispersystems.signalservice.internal.push.SignalServiceProtos.AttachmentPointer) ServiceId(org.whispersystems.signalservice.api.push.ServiceId) VerifiedMessage(org.whispersystems.signalservice.api.messages.multidevice.VerifiedMessage) Uint64Util(org.whispersystems.signalservice.api.util.Uint64Util) ResumableUploadSpec(org.whispersystems.signalservice.internal.push.http.ResumableUploadSpec) EnvelopeContent(org.whispersystems.signalservice.api.crypto.EnvelopeContent) SignalServiceDataMessage(org.whispersystems.signalservice.api.messages.SignalServiceDataMessage) SendMessageResult(org.whispersystems.signalservice.api.messages.SendMessageResult) Util(org.whispersystems.signalservice.internal.util.Util) SentTranscriptMessage(org.whispersystems.signalservice.api.messages.multidevice.SentTranscriptMessage) ProvisioningProtos(org.whispersystems.signalservice.internal.push.ProvisioningProtos) SyncMessage(org.whispersystems.signalservice.internal.push.SignalServiceProtos.SyncMessage) SignalServiceAddress(org.whispersystems.signalservice.api.push.SignalServiceAddress) NotFoundException(org.whispersystems.signalservice.api.push.exceptions.NotFoundException) AttachmentCipherOutputStream(org.whispersystems.signalservice.api.crypto.AttachmentCipherOutputStream) NonSuccessfulResponseCodeException(org.whispersystems.signalservice.api.push.exceptions.NonSuccessfulResponseCodeException) SignalProtocolAddress(org.whispersystems.libsignal.SignalProtocolAddress) PushAttachmentData(org.whispersystems.signalservice.internal.push.PushAttachmentData) PlaintextContent(org.whispersystems.libsignal.protocol.PlaintextContent) PushServiceSocket(org.whispersystems.signalservice.internal.push.PushServiceSocket) SenderKeyDistributionMessage(org.whispersystems.libsignal.protocol.SenderKeyDistributionMessage) MismatchedDevicesException(org.whispersystems.signalservice.internal.push.exceptions.MismatchedDevicesException) ByteArrayUtil(org.whispersystems.util.ByteArrayUtil) SignalServiceConfiguration(org.whispersystems.signalservice.internal.configuration.SignalServiceConfiguration) Collectors(java.util.stream.Collectors) ByteString(com.google.protobuf.ByteString) GroupContextV2(org.whispersystems.signalservice.internal.push.SignalServiceProtos.GroupContextV2) List(java.util.List) ViewedMessage(org.whispersystems.signalservice.api.messages.multidevice.ViewedMessage) WebSocketUnavailableException(org.whispersystems.signalservice.api.websocket.WebSocketUnavailableException) StaleDevices(org.whispersystems.signalservice.internal.push.StaleDevices) SendGroupMessageResponse(org.whispersystems.signalservice.internal.push.SendGroupMessageResponse) SharedContact(org.whispersystems.signalservice.api.messages.shared.SharedContact) AttachmentV2UploadAttributes(org.whispersystems.signalservice.internal.push.AttachmentV2UploadAttributes) NoSessionException(org.whispersystems.libsignal.NoSessionException) SignalServiceReceiptMessage(org.whispersystems.signalservice.api.messages.SignalServiceReceiptMessage) AnswerMessage(org.whispersystems.signalservice.api.messages.calls.AnswerMessage) ConfigurationMessage(org.whispersystems.signalservice.api.messages.multidevice.ConfigurationMessage) NullMessage(org.whispersystems.signalservice.internal.push.SignalServiceProtos.NullMessage) CancelationSignal(org.whispersystems.signalservice.internal.push.http.CancelationSignal) HashMap(java.util.HashMap) InvalidRegistrationIdException(org.whispersystems.libsignal.InvalidRegistrationIdException) OfferMessage(org.whispersystems.signalservice.api.messages.calls.OfferMessage) UnidentifiedAccessPair(org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair) AttachmentV3UploadAttributes(org.whispersystems.signalservice.internal.push.AttachmentV3UploadAttributes) AttachmentCipherOutputStreamFactory(org.whispersystems.signalservice.internal.push.http.AttachmentCipherOutputStreamFactory) SessionBuilder(org.whispersystems.libsignal.SessionBuilder) OpaqueMessage(org.whispersystems.signalservice.api.messages.calls.OpaqueMessage) Pair(org.whispersystems.libsignal.util.Pair) MessagingService(org.whispersystems.signalservice.api.services.MessagingService) AuthorizationFailedException(org.whispersystems.signalservice.api.push.exceptions.AuthorizationFailedException) Log(org.whispersystems.libsignal.logging.Log) AttachmentService(org.whispersystems.signalservice.api.services.AttachmentService) Uint64RangeException(org.whispersystems.signalservice.api.util.Uint64RangeException) LinkedList(java.util.LinkedList) ExecutorService(java.util.concurrent.ExecutorService) SignalServiceAttachmentPointer(org.whispersystems.signalservice.api.messages.SignalServiceAttachmentPointer) OutgoingPushMessage(org.whispersystems.signalservice.internal.push.OutgoingPushMessage) DecryptionErrorMessage(org.whispersystems.libsignal.protocol.DecryptionErrorMessage) Iterator(java.util.Iterator) OutgoingPaymentMessage(org.whispersystems.signalservice.api.messages.multidevice.OutgoingPaymentMessage) SignalSessionBuilder(org.whispersystems.signalservice.api.crypto.SignalSessionBuilder) UnregisteredUserException(org.whispersystems.signalservice.api.push.exceptions.UnregisteredUserException) ProofRequiredException(org.whispersystems.signalservice.api.push.exceptions.ProofRequiredException) GroupStaleDevices(org.whispersystems.signalservice.internal.push.GroupStaleDevices) IceUpdateMessage(org.whispersystems.signalservice.api.messages.calls.IceUpdateMessage) Content(org.whispersystems.signalservice.internal.push.SignalServiceProtos.Content) SignalServiceCipher(org.whispersystems.signalservice.api.crypto.SignalServiceCipher) SignalServiceSyncMessage(org.whispersystems.signalservice.api.messages.multidevice.SignalServiceSyncMessage) Collections(java.util.Collections) SignalServiceAttachmentStream(org.whispersystems.signalservice.api.messages.SignalServiceAttachmentStream) InputStream(java.io.InputStream) UntrustedIdentityException(org.whispersystems.signalservice.api.crypto.UntrustedIdentityException) GroupMismatchedDevicesException(org.whispersystems.signalservice.internal.push.exceptions.GroupMismatchedDevicesException) HashMap(java.util.HashMap) NotFoundException(org.whispersystems.signalservice.api.push.exceptions.NotFoundException) ByteString(com.google.protobuf.ByteString) ServiceId(org.whispersystems.signalservice.api.push.ServiceId) SignalServiceAddress(org.whispersystems.signalservice.api.push.SignalServiceAddress) GroupStaleDevices(org.whispersystems.signalservice.internal.push.GroupStaleDevices) SendGroupMessageResponse(org.whispersystems.signalservice.internal.push.SendGroupMessageResponse) SignalProtocolAddress(org.whispersystems.libsignal.SignalProtocolAddress) GroupMismatchedDevices(org.whispersystems.signalservice.internal.push.GroupMismatchedDevices) SenderCertificate(org.signal.libsignal.metadata.certificate.SenderCertificate) Optional(org.whispersystems.libsignal.util.guava.Optional) SignalServiceCipher(org.whispersystems.signalservice.api.crypto.SignalServiceCipher) UnidentifiedAccessPair(org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair) WebSocketUnavailableException(org.whispersystems.signalservice.api.websocket.WebSocketUnavailableException) IOException(java.io.IOException) ContentHint(org.whispersystems.signalservice.api.crypto.ContentHint) SendMessageResult(org.whispersystems.signalservice.api.messages.SendMessageResult) LinkedList(java.util.LinkedList) UnidentifiedAccess(org.whispersystems.signalservice.api.crypto.UnidentifiedAccess) MessagingService(org.whispersystems.signalservice.api.services.MessagingService) GroupStaleDevicesException(org.whispersystems.signalservice.internal.push.exceptions.GroupStaleDevicesException) SenderKeyDistributionMessage(org.whispersystems.libsignal.protocol.SenderKeyDistributionMessage) InvalidUnidentifiedAccessHeaderException(org.whispersystems.signalservice.internal.push.exceptions.InvalidUnidentifiedAccessHeaderException)

Example 2 with SenderCertificate

use of org.signal.libsignal.metadata.certificate.SenderCertificate in project Signal-Android by WhisperSystems.

the class PushSendJob method rotateSenderCertificateIfNecessary.

protected void rotateSenderCertificateIfNecessary() throws IOException {
    try {
        Collection<CertificateType> requiredCertificateTypes = SignalStore.phoneNumberPrivacy().getRequiredCertificateTypes();
        Log.i(TAG, "Ensuring we have these certificates " + requiredCertificateTypes);
        for (CertificateType certificateType : requiredCertificateTypes) {
            byte[] certificateBytes = SignalStore.certificateValues().getUnidentifiedAccessCertificate(certificateType);
            if (certificateBytes == null) {
                throw new InvalidCertificateException(String.format("No certificate %s was present.", certificateType));
            }
            SenderCertificate certificate = new SenderCertificate(certificateBytes);
            if (System.currentTimeMillis() > (certificate.getExpiration() - CERTIFICATE_EXPIRATION_BUFFER)) {
                throw new InvalidCertificateException(String.format(Locale.US, "Certificate %s is expired, or close to it. Expires on: %d, currently: %d", certificateType, certificate.getExpiration(), System.currentTimeMillis()));
            }
            Log.d(TAG, String.format("Certificate %s is valid", certificateType));
        }
        Log.d(TAG, "All certificates are valid.");
    } catch (InvalidCertificateException e) {
        Log.w(TAG, "A certificate was invalid at send time. Fetching new ones.", e);
        if (!ApplicationDependencies.getJobManager().runSynchronously(new RotateCertificateJob(), 5000).isPresent()) {
            throw new IOException("Timeout rotating certificate");
        }
    }
}

Also used : CertificateType(org.thoughtcrime.securesms.keyvalue.CertificateType) SenderCertificate(org.signal.libsignal.metadata.certificate.SenderCertificate) IOException(java.io.IOException) InvalidCertificateException(org.signal.libsignal.metadata.certificate.InvalidCertificateException)

Example 3 with SenderCertificate

use of org.signal.libsignal.metadata.certificate.SenderCertificate in project Signal-Android by signalapp.

the class SignalServiceMessageSender method sendGroupMessage.

/**
 * Will send a message using sender keys to all of the specified recipients. It is assumed that
 * all of the recipients have UUIDs.
 *
 * This method will handle sending out SenderKeyDistributionMessages as necessary.
 */
private List<SendMessageResult> sendGroupMessage(DistributionId distributionId, List<SignalServiceAddress> recipients, List<UnidentifiedAccess> unidentifiedAccess, long timestamp, Content content, ContentHint contentHint, byte[] groupId, boolean online, SenderKeyGroupEvents sendEvents) throws IOException, UntrustedIdentityException, NoSessionException, InvalidKeyException, InvalidRegistrationIdException {
    if (recipients.isEmpty()) {
        Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Empty recipient list!");
        return Collections.emptyList();
    }
    Preconditions.checkArgument(recipients.size() == unidentifiedAccess.size(), "[" + timestamp + "] Unidentified access mismatch!");
    Map<ServiceId, UnidentifiedAccess> accessBySid = new HashMap<>();
    Iterator<SignalServiceAddress> addressIterator = recipients.iterator();
    Iterator<UnidentifiedAccess> accessIterator = unidentifiedAccess.iterator();
    while (addressIterator.hasNext()) {
        accessBySid.put(addressIterator.next().getServiceId(), accessIterator.next());
    }
    for (int i = 0; i < RETRY_COUNT; i++) {
        GroupTargetInfo targetInfo = buildGroupTargetInfo(recipients);
        Set<SignalProtocolAddress> sharedWith = store.getSenderKeySharedWith(distributionId);
        List<SignalServiceAddress> needsSenderKey = targetInfo.destinations.stream().filter(a -> !sharedWith.contains(a)).map(a -> ServiceId.parseOrThrow(a.getName())).distinct().map(SignalServiceAddress::new).collect(Collectors.toList());
        if (needsSenderKey.size() > 0) {
            Log.i(TAG, "[sendGroupMessage][" + timestamp + "] Need to send the distribution message to " + needsSenderKey.size() + " addresses.");
            SenderKeyDistributionMessage message = getOrCreateNewGroupSession(distributionId);
            List<Optional<UnidentifiedAccessPair>> access = needsSenderKey.stream().map(r -> {
                UnidentifiedAccess targetAccess = accessBySid.get(r.getServiceId());
                return Optional.of(new UnidentifiedAccessPair(targetAccess, targetAccess));
            }).collect(Collectors.toList());
            List<SendMessageResult> results = sendSenderKeyDistributionMessage(distributionId, needsSenderKey, access, message, groupId);
            List<SignalServiceAddress> successes = results.stream().filter(SendMessageResult::isSuccess).map(SendMessageResult::getAddress).collect(Collectors.toList());
            Set<String> successSids = successes.stream().map(a -> a.getServiceId().toString()).collect(Collectors.toSet());
            Set<SignalProtocolAddress> successAddresses = targetInfo.destinations.stream().filter(a -> successSids.contains(a.getName())).collect(Collectors.toSet());
            store.markSenderKeySharedWith(distributionId, successAddresses);
            Log.i(TAG, "[sendGroupMessage][" + timestamp + "] Successfully sent sender keys to " + successes.size() + "/" + needsSenderKey.size() + " recipients.");
            int failureCount = results.size() - successes.size();
            if (failureCount > 0) {
                Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Failed to send sender keys to " + failureCount + " recipients. Sending back failed results now.");
                List<SendMessageResult> trueFailures = results.stream().filter(r -> !r.isSuccess()).collect(Collectors.toList());
                Set<ServiceId> failedAddresses = trueFailures.stream().map(result -> result.getAddress().getServiceId()).collect(Collectors.toSet());
                List<SendMessageResult> fakeNetworkFailures = recipients.stream().filter(r -> !failedAddresses.contains(r.getServiceId())).map(SendMessageResult::networkFailure).collect(Collectors.toList());
                List<SendMessageResult> modifiedResults = new LinkedList<>();
                modifiedResults.addAll(trueFailures);
                modifiedResults.addAll(fakeNetworkFailures);
                return modifiedResults;
            } else {
                targetInfo = buildGroupTargetInfo(recipients);
            }
        }
        sendEvents.onSenderKeyShared();
        SignalServiceCipher cipher = new SignalServiceCipher(localAddress, localDeviceId, store, sessionLock, null);
        SenderCertificate senderCertificate = unidentifiedAccess.get(0).getUnidentifiedCertificate();
        byte[] ciphertext;
        try {
            ciphertext = cipher.encryptForGroup(distributionId, targetInfo.destinations, senderCertificate, content.toByteArray(), contentHint, groupId);
        } catch (org.whispersystems.libsignal.UntrustedIdentityException e) {
            throw new UntrustedIdentityException("Untrusted during group encrypt", e.getName(), e.getUntrustedIdentity());
        }
        sendEvents.onMessageEncrypted();
        byte[] joinedUnidentifiedAccess = new byte[16];
        for (UnidentifiedAccess access : unidentifiedAccess) {
            joinedUnidentifiedAccess = ByteArrayUtil.xor(joinedUnidentifiedAccess, access.getUnidentifiedAccessKey());
        }
        try {
            try {
                SendGroupMessageResponse response = new MessagingService.SendResponseProcessor<>(messagingService.sendToGroup(ciphertext, joinedUnidentifiedAccess, timestamp, online).blockingGet()).getResultOrThrow();
                return transformGroupResponseToMessageResults(targetInfo.devices, response, content);
            } catch (InvalidUnidentifiedAccessHeaderException | NotFoundException | GroupMismatchedDevicesException | GroupStaleDevicesException e) {
                // Non-technical failures shouldn't be retried with socket
                throw e;
            } catch (WebSocketUnavailableException e) {
                Log.i(TAG, "[sendGroupMessage][" + timestamp + "] Pipe unavailable, falling back... (" + e.getClass().getSimpleName() + ": " + e.getMessage() + ")");
            } catch (IOException e) {
                Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Pipe failed, falling back... (" + e.getClass().getSimpleName() + ": " + e.getMessage() + ")");
            }
            SendGroupMessageResponse response = socket.sendGroupMessage(ciphertext, joinedUnidentifiedAccess, timestamp, online);
            return transformGroupResponseToMessageResults(targetInfo.devices, response, content);
        } catch (GroupMismatchedDevicesException e) {
            Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Handling mismatched devices. (" + e.getMessage() + ")");
            for (GroupMismatchedDevices mismatched : e.getMismatchedDevices()) {
                SignalServiceAddress address = new SignalServiceAddress(ACI.parseOrThrow(mismatched.getUuid()), Optional.absent());
                handleMismatchedDevices(socket, address, mismatched.getDevices());
            }
        } catch (GroupStaleDevicesException e) {
            Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Handling stale devices. (" + e.getMessage() + ")");
            for (GroupStaleDevices stale : e.getStaleDevices()) {
                SignalServiceAddress address = new SignalServiceAddress(ACI.parseOrThrow(stale.getUuid()), Optional.absent());
                handleStaleDevices(address, stale.getDevices());
            }
        }
        Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Attempt failed (i = " + i + ")");
    }
    throw new IOException("Failed to resolve conflicts after " + RETRY_COUNT + " attempts!");
}

Example 4 with SenderCertificate

use of org.signal.libsignal.metadata.certificate.SenderCertificate in project Signal-Android by signalapp.

the class PushSendJob method rotateSenderCertificateIfNecessary.

protected void rotateSenderCertificateIfNecessary() throws IOException {
    try {
        Collection<CertificateType> requiredCertificateTypes = SignalStore.phoneNumberPrivacy().getRequiredCertificateTypes();
        Log.i(TAG, "Ensuring we have these certificates " + requiredCertificateTypes);
        for (CertificateType certificateType : requiredCertificateTypes) {
            byte[] certificateBytes = SignalStore.certificateValues().getUnidentifiedAccessCertificate(certificateType);
            if (certificateBytes == null) {
                throw new InvalidCertificateException(String.format("No certificate %s was present.", certificateType));
            }
            SenderCertificate certificate = new SenderCertificate(certificateBytes);
            if (System.currentTimeMillis() > (certificate.getExpiration() - CERTIFICATE_EXPIRATION_BUFFER)) {
                throw new InvalidCertificateException(String.format(Locale.US, "Certificate %s is expired, or close to it. Expires on: %d, currently: %d", certificateType, certificate.getExpiration(), System.currentTimeMillis()));
            }
            Log.d(TAG, String.format("Certificate %s is valid", certificateType));
        }
        Log.d(TAG, "All certificates are valid.");
    } catch (InvalidCertificateException e) {
        Log.w(TAG, "A certificate was invalid at send time. Fetching new ones.", e);
        if (!ApplicationDependencies.getJobManager().runSynchronously(new RotateCertificateJob(), 5000).isPresent()) {
            throw new IOException("Timeout rotating certificate");
        }
    }
}

Aggregations

IOException (java.io.IOException)4 SenderCertificate (org.signal.libsignal.metadata.certificate.SenderCertificate)4 ByteString (com.google.protobuf.ByteString)2 InputStream (java.io.InputStream)2 SecureRandom (java.security.SecureRandom)2 ArrayList (java.util.ArrayList)2 Collections (java.util.Collections)2 HashMap (java.util.HashMap)2 Iterator (java.util.Iterator)2 LinkedList (java.util.LinkedList)2 List (java.util.List)2 Map (java.util.Map)2 Set (java.util.Set)2 ExecutionException (java.util.concurrent.ExecutionException)2 ExecutorService (java.util.concurrent.ExecutorService)2 Executors (java.util.concurrent.Executors)2 Future (java.util.concurrent.Future)2 Collectors (java.util.stream.Collectors)2 InvalidCertificateException (org.signal.libsignal.metadata.certificate.InvalidCertificateException)2 ClientZkProfileOperations (org.signal.zkgroup.profiles.ClientZkProfileOperations)2