Search in sources :

Example 31 with UntrustedIdentityException

use of org.whispersystems.signalservice.api.crypto.UntrustedIdentityException in project Signal-Android by signalapp.

the class SignalServiceMessageSender method handleMismatchedDevices.

private void handleMismatchedDevices(PushServiceSocket socket, SignalServiceAddress recipient, MismatchedDevices mismatchedDevices) throws IOException, UntrustedIdentityException {
    try {
        Log.w(TAG, "[handleMismatchedDevices] Address: " + recipient.getIdentifier() + ", ExtraDevices: " + mismatchedDevices.getExtraDevices() + ", MissingDevices: " + mismatchedDevices.getMissingDevices());
        archiveSessions(recipient, mismatchedDevices.getExtraDevices());
        for (int missingDeviceId : mismatchedDevices.getMissingDevices()) {
            PreKeyBundle preKey = socket.getPreKey(recipient, missingDeviceId);
            try {
                SignalSessionBuilder sessionBuilder = new SignalSessionBuilder(sessionLock, new SessionBuilder(store, new SignalProtocolAddress(recipient.getIdentifier(), missingDeviceId)));
                sessionBuilder.process(preKey);
            } catch (org.whispersystems.libsignal.UntrustedIdentityException e) {
                throw new UntrustedIdentityException("Untrusted identity key!", recipient.getIdentifier(), preKey.getIdentityKey());
            }
        }
    } catch (InvalidKeyException e) {
        throw new IOException(e);
    }
}
Also used : PreKeyBundle(org.whispersystems.libsignal.state.PreKeyBundle) SignalSessionBuilder(org.whispersystems.signalservice.api.crypto.SignalSessionBuilder) UntrustedIdentityException(org.whispersystems.signalservice.api.crypto.UntrustedIdentityException) SignalGroupSessionBuilder(org.whispersystems.signalservice.api.crypto.SignalGroupSessionBuilder) GroupSessionBuilder(org.whispersystems.libsignal.groups.GroupSessionBuilder) SessionBuilder(org.whispersystems.libsignal.SessionBuilder) SignalSessionBuilder(org.whispersystems.signalservice.api.crypto.SignalSessionBuilder) IOException(java.io.IOException) InvalidKeyException(org.whispersystems.libsignal.InvalidKeyException) ContentHint(org.whispersystems.signalservice.api.crypto.ContentHint) SignalProtocolAddress(org.whispersystems.libsignal.SignalProtocolAddress)

Example 32 with UntrustedIdentityException

use of org.whispersystems.signalservice.api.crypto.UntrustedIdentityException in project Signal-Android by signalapp.

the class SignalServiceMessageSender method sendGroupMessage.

/**
 * Will send a message using sender keys to all of the specified recipients. It is assumed that
 * all of the recipients have UUIDs.
 *
 * This method will handle sending out SenderKeyDistributionMessages as necessary.
 */
private List<SendMessageResult> sendGroupMessage(DistributionId distributionId, List<SignalServiceAddress> recipients, List<UnidentifiedAccess> unidentifiedAccess, long timestamp, Content content, ContentHint contentHint, byte[] groupId, boolean online, SenderKeyGroupEvents sendEvents) throws IOException, UntrustedIdentityException, NoSessionException, InvalidKeyException, InvalidRegistrationIdException {
    if (recipients.isEmpty()) {
        Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Empty recipient list!");
        return Collections.emptyList();
    }
    Preconditions.checkArgument(recipients.size() == unidentifiedAccess.size(), "[" + timestamp + "] Unidentified access mismatch!");
    Map<ServiceId, UnidentifiedAccess> accessBySid = new HashMap<>();
    Iterator<SignalServiceAddress> addressIterator = recipients.iterator();
    Iterator<UnidentifiedAccess> accessIterator = unidentifiedAccess.iterator();
    while (addressIterator.hasNext()) {
        accessBySid.put(addressIterator.next().getServiceId(), accessIterator.next());
    }
    for (int i = 0; i < RETRY_COUNT; i++) {
        GroupTargetInfo targetInfo = buildGroupTargetInfo(recipients);
        Set<SignalProtocolAddress> sharedWith = store.getSenderKeySharedWith(distributionId);
        List<SignalServiceAddress> needsSenderKey = targetInfo.destinations.stream().filter(a -> !sharedWith.contains(a)).map(a -> ServiceId.parseOrThrow(a.getName())).distinct().map(SignalServiceAddress::new).collect(Collectors.toList());
        if (needsSenderKey.size() > 0) {
            Log.i(TAG, "[sendGroupMessage][" + timestamp + "] Need to send the distribution message to " + needsSenderKey.size() + " addresses.");
            SenderKeyDistributionMessage message = getOrCreateNewGroupSession(distributionId);
            List<Optional<UnidentifiedAccessPair>> access = needsSenderKey.stream().map(r -> {
                UnidentifiedAccess targetAccess = accessBySid.get(r.getServiceId());
                return Optional.of(new UnidentifiedAccessPair(targetAccess, targetAccess));
            }).collect(Collectors.toList());
            List<SendMessageResult> results = sendSenderKeyDistributionMessage(distributionId, needsSenderKey, access, message, groupId);
            List<SignalServiceAddress> successes = results.stream().filter(SendMessageResult::isSuccess).map(SendMessageResult::getAddress).collect(Collectors.toList());
            Set<String> successSids = successes.stream().map(a -> a.getServiceId().toString()).collect(Collectors.toSet());
            Set<SignalProtocolAddress> successAddresses = targetInfo.destinations.stream().filter(a -> successSids.contains(a.getName())).collect(Collectors.toSet());
            store.markSenderKeySharedWith(distributionId, successAddresses);
            Log.i(TAG, "[sendGroupMessage][" + timestamp + "] Successfully sent sender keys to " + successes.size() + "/" + needsSenderKey.size() + " recipients.");
            int failureCount = results.size() - successes.size();
            if (failureCount > 0) {
                Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Failed to send sender keys to " + failureCount + " recipients. Sending back failed results now.");
                List<SendMessageResult> trueFailures = results.stream().filter(r -> !r.isSuccess()).collect(Collectors.toList());
                Set<ServiceId> failedAddresses = trueFailures.stream().map(result -> result.getAddress().getServiceId()).collect(Collectors.toSet());
                List<SendMessageResult> fakeNetworkFailures = recipients.stream().filter(r -> !failedAddresses.contains(r.getServiceId())).map(SendMessageResult::networkFailure).collect(Collectors.toList());
                List<SendMessageResult> modifiedResults = new LinkedList<>();
                modifiedResults.addAll(trueFailures);
                modifiedResults.addAll(fakeNetworkFailures);
                return modifiedResults;
            } else {
                targetInfo = buildGroupTargetInfo(recipients);
            }
        }
        sendEvents.onSenderKeyShared();
        SignalServiceCipher cipher = new SignalServiceCipher(localAddress, localDeviceId, store, sessionLock, null);
        SenderCertificate senderCertificate = unidentifiedAccess.get(0).getUnidentifiedCertificate();
        byte[] ciphertext;
        try {
            ciphertext = cipher.encryptForGroup(distributionId, targetInfo.destinations, senderCertificate, content.toByteArray(), contentHint, groupId);
        } catch (org.whispersystems.libsignal.UntrustedIdentityException e) {
            throw new UntrustedIdentityException("Untrusted during group encrypt", e.getName(), e.getUntrustedIdentity());
        }
        sendEvents.onMessageEncrypted();
        byte[] joinedUnidentifiedAccess = new byte[16];
        for (UnidentifiedAccess access : unidentifiedAccess) {
            joinedUnidentifiedAccess = ByteArrayUtil.xor(joinedUnidentifiedAccess, access.getUnidentifiedAccessKey());
        }
        try {
            try {
                SendGroupMessageResponse response = new MessagingService.SendResponseProcessor<>(messagingService.sendToGroup(ciphertext, joinedUnidentifiedAccess, timestamp, online).blockingGet()).getResultOrThrow();
                return transformGroupResponseToMessageResults(targetInfo.devices, response, content);
            } catch (InvalidUnidentifiedAccessHeaderException | NotFoundException | GroupMismatchedDevicesException | GroupStaleDevicesException e) {
                // Non-technical failures shouldn't be retried with socket
                throw e;
            } catch (WebSocketUnavailableException e) {
                Log.i(TAG, "[sendGroupMessage][" + timestamp + "] Pipe unavailable, falling back... (" + e.getClass().getSimpleName() + ": " + e.getMessage() + ")");
            } catch (IOException e) {
                Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Pipe failed, falling back... (" + e.getClass().getSimpleName() + ": " + e.getMessage() + ")");
            }
            SendGroupMessageResponse response = socket.sendGroupMessage(ciphertext, joinedUnidentifiedAccess, timestamp, online);
            return transformGroupResponseToMessageResults(targetInfo.devices, response, content);
        } catch (GroupMismatchedDevicesException e) {
            Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Handling mismatched devices. (" + e.getMessage() + ")");
            for (GroupMismatchedDevices mismatched : e.getMismatchedDevices()) {
                SignalServiceAddress address = new SignalServiceAddress(ACI.parseOrThrow(mismatched.getUuid()), Optional.absent());
                handleMismatchedDevices(socket, address, mismatched.getDevices());
            }
        } catch (GroupStaleDevicesException e) {
            Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Handling stale devices. (" + e.getMessage() + ")");
            for (GroupStaleDevices stale : e.getStaleDevices()) {
                SignalServiceAddress address = new SignalServiceAddress(ACI.parseOrThrow(stale.getUuid()), Optional.absent());
                handleStaleDevices(address, stale.getDevices());
            }
        }
        Log.w(TAG, "[sendGroupMessage][" + timestamp + "] Attempt failed (i = " + i + ")");
    }
    throw new IOException("Failed to resolve conflicts after " + RETRY_COUNT + " attempts!");
}
Also used : ServerRejectedException(org.whispersystems.signalservice.api.push.exceptions.ServerRejectedException) GroupContext(org.whispersystems.signalservice.internal.push.SignalServiceProtos.GroupContext) CallingResponse(org.whispersystems.signalservice.api.messages.calls.CallingResponse) StickerPackOperationMessage(org.whispersystems.signalservice.api.messages.multidevice.StickerPackOperationMessage) TypingMessage(org.whispersystems.signalservice.internal.push.SignalServiceProtos.TypingMessage) PaddingInputStream(org.whispersystems.signalservice.internal.crypto.PaddingInputStream) DataMessage(org.whispersystems.signalservice.internal.push.SignalServiceProtos.DataMessage) ReceiptMessage(org.whispersystems.signalservice.internal.push.SignalServiceProtos.ReceiptMessage) SecureRandom(java.security.SecureRandom) Future(java.util.concurrent.Future) Preconditions(org.whispersystems.libsignal.util.guava.Preconditions) SignalGroupSessionBuilder(org.whispersystems.signalservice.api.crypto.SignalGroupSessionBuilder) GroupMismatchedDevicesException(org.whispersystems.signalservice.internal.push.exceptions.GroupMismatchedDevicesException) SenderCertificate(org.signal.libsignal.metadata.certificate.SenderCertificate) Map(java.util.Map) GroupStaleDevicesException(org.whispersystems.signalservice.internal.push.exceptions.GroupStaleDevicesException) AttachmentPointerUtil(org.whispersystems.signalservice.api.util.AttachmentPointerUtil) StaleDevicesException(org.whispersystems.signalservice.internal.push.exceptions.StaleDevicesException) SendMessageResponse(org.whispersystems.signalservice.internal.push.SendMessageResponse) ClientZkProfileOperations(org.signal.zkgroup.profiles.ClientZkProfileOperations) PartialSendCompleteListener(org.whispersystems.signalservice.internal.push.http.PartialSendCompleteListener) ACI(org.whispersystems.signalservice.api.push.ACI) SignalServiceAttachment(org.whispersystems.signalservice.api.messages.SignalServiceAttachment) InvalidUnidentifiedAccessHeaderException(org.whispersystems.signalservice.internal.push.exceptions.InvalidUnidentifiedAccessHeaderException) Set(java.util.Set) OutgoingPushMessageList(org.whispersystems.signalservice.internal.push.OutgoingPushMessageList) Executors(java.util.concurrent.Executors) CredentialsProvider(org.whispersystems.signalservice.api.util.CredentialsProvider) SignalServiceGroupContext(org.whispersystems.signalservice.api.messages.SignalServiceGroupContext) SignalServiceGroupV2(org.whispersystems.signalservice.api.messages.SignalServiceGroupV2) GroupSessionBuilder(org.whispersystems.libsignal.groups.GroupSessionBuilder) Base64(org.whispersystems.util.Base64) MismatchedDevices(org.whispersystems.signalservice.internal.push.MismatchedDevices) ContentHint(org.whispersystems.signalservice.api.crypto.ContentHint) SignalServiceTypingMessage(org.whispersystems.signalservice.api.messages.SignalServiceTypingMessage) MalformedResponseException(org.whispersystems.signalservice.api.push.exceptions.MalformedResponseException) InvalidKeyException(org.whispersystems.libsignal.InvalidKeyException) ArrayList(java.util.ArrayList) UnidentifiedAccess(org.whispersystems.signalservice.api.crypto.UnidentifiedAccess) Verified(org.whispersystems.signalservice.internal.push.SignalServiceProtos.Verified) BlockedListMessage(org.whispersystems.signalservice.api.messages.multidevice.BlockedListMessage) SignalServiceGroup(org.whispersystems.signalservice.api.messages.SignalServiceGroup) SignalServiceCallMessage(org.whispersystems.signalservice.api.messages.calls.SignalServiceCallMessage) SignalServiceAttachmentRemoteId(org.whispersystems.signalservice.api.messages.SignalServiceAttachmentRemoteId) ReadMessage(org.whispersystems.signalservice.api.messages.multidevice.ReadMessage) PreKeyBundle(org.whispersystems.libsignal.state.PreKeyBundle) ViewOnceOpenMessage(org.whispersystems.signalservice.api.messages.multidevice.ViewOnceOpenMessage) MessageRequestResponseMessage(org.whispersystems.signalservice.api.messages.multidevice.MessageRequestResponseMessage) GroupMismatchedDevices(org.whispersystems.signalservice.internal.push.GroupMismatchedDevices) KeysMessage(org.whispersystems.signalservice.api.messages.multidevice.KeysMessage) DistributionId(org.whispersystems.signalservice.api.push.DistributionId) CallMessage(org.whispersystems.signalservice.internal.push.SignalServiceProtos.CallMessage) PushNetworkException(org.whispersystems.signalservice.api.push.exceptions.PushNetworkException) IOException(java.io.IOException) Optional(org.whispersystems.libsignal.util.guava.Optional) ExecutionException(java.util.concurrent.ExecutionException) UntrustedIdentityException(org.whispersystems.signalservice.api.crypto.UntrustedIdentityException) AttachmentPointer(org.whispersystems.signalservice.internal.push.SignalServiceProtos.AttachmentPointer) ServiceId(org.whispersystems.signalservice.api.push.ServiceId) VerifiedMessage(org.whispersystems.signalservice.api.messages.multidevice.VerifiedMessage) Uint64Util(org.whispersystems.signalservice.api.util.Uint64Util) ResumableUploadSpec(org.whispersystems.signalservice.internal.push.http.ResumableUploadSpec) EnvelopeContent(org.whispersystems.signalservice.api.crypto.EnvelopeContent) SignalServiceDataMessage(org.whispersystems.signalservice.api.messages.SignalServiceDataMessage) SendMessageResult(org.whispersystems.signalservice.api.messages.SendMessageResult) Util(org.whispersystems.signalservice.internal.util.Util) SentTranscriptMessage(org.whispersystems.signalservice.api.messages.multidevice.SentTranscriptMessage) ProvisioningProtos(org.whispersystems.signalservice.internal.push.ProvisioningProtos) SyncMessage(org.whispersystems.signalservice.internal.push.SignalServiceProtos.SyncMessage) SignalServiceAddress(org.whispersystems.signalservice.api.push.SignalServiceAddress) NotFoundException(org.whispersystems.signalservice.api.push.exceptions.NotFoundException) AttachmentCipherOutputStream(org.whispersystems.signalservice.api.crypto.AttachmentCipherOutputStream) NonSuccessfulResponseCodeException(org.whispersystems.signalservice.api.push.exceptions.NonSuccessfulResponseCodeException) SignalProtocolAddress(org.whispersystems.libsignal.SignalProtocolAddress) PushAttachmentData(org.whispersystems.signalservice.internal.push.PushAttachmentData) PlaintextContent(org.whispersystems.libsignal.protocol.PlaintextContent) PushServiceSocket(org.whispersystems.signalservice.internal.push.PushServiceSocket) SenderKeyDistributionMessage(org.whispersystems.libsignal.protocol.SenderKeyDistributionMessage) MismatchedDevicesException(org.whispersystems.signalservice.internal.push.exceptions.MismatchedDevicesException) ByteArrayUtil(org.whispersystems.util.ByteArrayUtil) SignalServiceConfiguration(org.whispersystems.signalservice.internal.configuration.SignalServiceConfiguration) Collectors(java.util.stream.Collectors) ByteString(com.google.protobuf.ByteString) GroupContextV2(org.whispersystems.signalservice.internal.push.SignalServiceProtos.GroupContextV2) List(java.util.List) ViewedMessage(org.whispersystems.signalservice.api.messages.multidevice.ViewedMessage) WebSocketUnavailableException(org.whispersystems.signalservice.api.websocket.WebSocketUnavailableException) StaleDevices(org.whispersystems.signalservice.internal.push.StaleDevices) SendGroupMessageResponse(org.whispersystems.signalservice.internal.push.SendGroupMessageResponse) SharedContact(org.whispersystems.signalservice.api.messages.shared.SharedContact) AttachmentV2UploadAttributes(org.whispersystems.signalservice.internal.push.AttachmentV2UploadAttributes) NoSessionException(org.whispersystems.libsignal.NoSessionException) SignalServiceReceiptMessage(org.whispersystems.signalservice.api.messages.SignalServiceReceiptMessage) AnswerMessage(org.whispersystems.signalservice.api.messages.calls.AnswerMessage) ConfigurationMessage(org.whispersystems.signalservice.api.messages.multidevice.ConfigurationMessage) NullMessage(org.whispersystems.signalservice.internal.push.SignalServiceProtos.NullMessage) CancelationSignal(org.whispersystems.signalservice.internal.push.http.CancelationSignal) HashMap(java.util.HashMap) InvalidRegistrationIdException(org.whispersystems.libsignal.InvalidRegistrationIdException) OfferMessage(org.whispersystems.signalservice.api.messages.calls.OfferMessage) UnidentifiedAccessPair(org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair) AttachmentV3UploadAttributes(org.whispersystems.signalservice.internal.push.AttachmentV3UploadAttributes) AttachmentCipherOutputStreamFactory(org.whispersystems.signalservice.internal.push.http.AttachmentCipherOutputStreamFactory) SessionBuilder(org.whispersystems.libsignal.SessionBuilder) OpaqueMessage(org.whispersystems.signalservice.api.messages.calls.OpaqueMessage) Pair(org.whispersystems.libsignal.util.Pair) MessagingService(org.whispersystems.signalservice.api.services.MessagingService) AuthorizationFailedException(org.whispersystems.signalservice.api.push.exceptions.AuthorizationFailedException) Log(org.whispersystems.libsignal.logging.Log) AttachmentService(org.whispersystems.signalservice.api.services.AttachmentService) Uint64RangeException(org.whispersystems.signalservice.api.util.Uint64RangeException) LinkedList(java.util.LinkedList) ExecutorService(java.util.concurrent.ExecutorService) SignalServiceAttachmentPointer(org.whispersystems.signalservice.api.messages.SignalServiceAttachmentPointer) OutgoingPushMessage(org.whispersystems.signalservice.internal.push.OutgoingPushMessage) DecryptionErrorMessage(org.whispersystems.libsignal.protocol.DecryptionErrorMessage) Iterator(java.util.Iterator) OutgoingPaymentMessage(org.whispersystems.signalservice.api.messages.multidevice.OutgoingPaymentMessage) SignalSessionBuilder(org.whispersystems.signalservice.api.crypto.SignalSessionBuilder) UnregisteredUserException(org.whispersystems.signalservice.api.push.exceptions.UnregisteredUserException) ProofRequiredException(org.whispersystems.signalservice.api.push.exceptions.ProofRequiredException) GroupStaleDevices(org.whispersystems.signalservice.internal.push.GroupStaleDevices) IceUpdateMessage(org.whispersystems.signalservice.api.messages.calls.IceUpdateMessage) Content(org.whispersystems.signalservice.internal.push.SignalServiceProtos.Content) SignalServiceCipher(org.whispersystems.signalservice.api.crypto.SignalServiceCipher) SignalServiceSyncMessage(org.whispersystems.signalservice.api.messages.multidevice.SignalServiceSyncMessage) Collections(java.util.Collections) SignalServiceAttachmentStream(org.whispersystems.signalservice.api.messages.SignalServiceAttachmentStream) InputStream(java.io.InputStream) UntrustedIdentityException(org.whispersystems.signalservice.api.crypto.UntrustedIdentityException) GroupMismatchedDevicesException(org.whispersystems.signalservice.internal.push.exceptions.GroupMismatchedDevicesException) HashMap(java.util.HashMap) NotFoundException(org.whispersystems.signalservice.api.push.exceptions.NotFoundException) ByteString(com.google.protobuf.ByteString) ServiceId(org.whispersystems.signalservice.api.push.ServiceId) SignalServiceAddress(org.whispersystems.signalservice.api.push.SignalServiceAddress) GroupStaleDevices(org.whispersystems.signalservice.internal.push.GroupStaleDevices) SendGroupMessageResponse(org.whispersystems.signalservice.internal.push.SendGroupMessageResponse) SignalProtocolAddress(org.whispersystems.libsignal.SignalProtocolAddress) GroupMismatchedDevices(org.whispersystems.signalservice.internal.push.GroupMismatchedDevices) SenderCertificate(org.signal.libsignal.metadata.certificate.SenderCertificate) Optional(org.whispersystems.libsignal.util.guava.Optional) SignalServiceCipher(org.whispersystems.signalservice.api.crypto.SignalServiceCipher) UnidentifiedAccessPair(org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair) WebSocketUnavailableException(org.whispersystems.signalservice.api.websocket.WebSocketUnavailableException) IOException(java.io.IOException) ContentHint(org.whispersystems.signalservice.api.crypto.ContentHint) SendMessageResult(org.whispersystems.signalservice.api.messages.SendMessageResult) LinkedList(java.util.LinkedList) UnidentifiedAccess(org.whispersystems.signalservice.api.crypto.UnidentifiedAccess) MessagingService(org.whispersystems.signalservice.api.services.MessagingService) GroupStaleDevicesException(org.whispersystems.signalservice.internal.push.exceptions.GroupStaleDevicesException) SenderKeyDistributionMessage(org.whispersystems.libsignal.protocol.SenderKeyDistributionMessage) InvalidUnidentifiedAccessHeaderException(org.whispersystems.signalservice.internal.push.exceptions.InvalidUnidentifiedAccessHeaderException)

Example 33 with UntrustedIdentityException

use of org.whispersystems.signalservice.api.crypto.UntrustedIdentityException in project Signal-Android by signalapp.

the class SignalServiceMessageSender method getEncryptedMessage.

private OutgoingPushMessage getEncryptedMessage(PushServiceSocket socket, SignalServiceAddress recipient, Optional<UnidentifiedAccess> unidentifiedAccess, int deviceId, EnvelopeContent plaintext) throws IOException, InvalidKeyException, UntrustedIdentityException {
    SignalProtocolAddress signalProtocolAddress = new SignalProtocolAddress(recipient.getIdentifier(), deviceId);
    SignalServiceCipher cipher = new SignalServiceCipher(localAddress, localDeviceId, store, sessionLock, null);
    if (!store.containsSession(signalProtocolAddress)) {
        try {
            List<PreKeyBundle> preKeys = socket.getPreKeys(recipient, unidentifiedAccess, deviceId);
            for (PreKeyBundle preKey : preKeys) {
                try {
                    SignalProtocolAddress preKeyAddress = new SignalProtocolAddress(recipient.getIdentifier(), preKey.getDeviceId());
                    SignalSessionBuilder sessionBuilder = new SignalSessionBuilder(sessionLock, new SessionBuilder(store, preKeyAddress));
                    sessionBuilder.process(preKey);
                } catch (org.whispersystems.libsignal.UntrustedIdentityException e) {
                    throw new UntrustedIdentityException("Untrusted identity key!", recipient.getIdentifier(), preKey.getIdentityKey());
                }
            }
            if (eventListener.isPresent()) {
                eventListener.get().onSecurityEvent(recipient);
            }
        } catch (InvalidKeyException e) {
            throw new IOException(e);
        }
    }
    try {
        return cipher.encrypt(signalProtocolAddress, unidentifiedAccess, plaintext);
    } catch (org.whispersystems.libsignal.UntrustedIdentityException e) {
        throw new UntrustedIdentityException("Untrusted on send", recipient.getIdentifier(), e.getUntrustedIdentity());
    }
}
Also used : PreKeyBundle(org.whispersystems.libsignal.state.PreKeyBundle) SignalSessionBuilder(org.whispersystems.signalservice.api.crypto.SignalSessionBuilder) UntrustedIdentityException(org.whispersystems.signalservice.api.crypto.UntrustedIdentityException) SignalServiceCipher(org.whispersystems.signalservice.api.crypto.SignalServiceCipher) SignalGroupSessionBuilder(org.whispersystems.signalservice.api.crypto.SignalGroupSessionBuilder) GroupSessionBuilder(org.whispersystems.libsignal.groups.GroupSessionBuilder) SessionBuilder(org.whispersystems.libsignal.SessionBuilder) SignalSessionBuilder(org.whispersystems.signalservice.api.crypto.SignalSessionBuilder) IOException(java.io.IOException) InvalidKeyException(org.whispersystems.libsignal.InvalidKeyException) SignalProtocolAddress(org.whispersystems.libsignal.SignalProtocolAddress)

Example 34 with UntrustedIdentityException

use of org.whispersystems.signalservice.api.crypto.UntrustedIdentityException in project Signal-Android by signalapp.

the class GroupSendUtil method sendMessage.

/**
 * Handles all of the logic of sending to a group. Will do sender key sends and legacy 1:1 sends as-needed, and give you back a list of
 * {@link SendMessageResult}s just like we're used to.
 *
 * @param groupId The groupId of the group you're sending to, or null if you're sending to a collection of recipients not joined by a group.
 * @param isRecipientUpdate True if you've already sent this message to some recipients in the past, otherwise false.
 */
@WorkerThread
private static List<SendMessageResult> sendMessage(@NonNull Context context, @Nullable GroupId.V2 groupId, @Nullable MessageId relatedMessageId, @NonNull List<Recipient> allTargets, boolean isRecipientUpdate, @NonNull SendOperation sendOperation, @Nullable CancelationSignal cancelationSignal) throws IOException, UntrustedIdentityException {
    Log.i(TAG, "Starting group send. GroupId: " + (groupId != null ? groupId.toString() : "none") + ", RelatedMessageId: " + (relatedMessageId != null ? relatedMessageId.toString() : "none") + ", Targets: " + allTargets.size() + ", RecipientUpdate: " + isRecipientUpdate + ", Operation: " + sendOperation.getClass().getSimpleName());
    Set<Recipient> unregisteredTargets = allTargets.stream().filter(Recipient::isUnregistered).collect(Collectors.toSet());
    List<Recipient> registeredTargets = allTargets.stream().filter(r -> !unregisteredTargets.contains(r)).collect(Collectors.toList());
    RecipientData recipients = new RecipientData(context, registeredTargets);
    Optional<GroupRecord> groupRecord = groupId != null ? SignalDatabase.groups().getGroup(groupId) : Optional.absent();
    List<Recipient> senderKeyTargets = new LinkedList<>();
    List<Recipient> legacyTargets = new LinkedList<>();
    for (Recipient recipient : registeredTargets) {
        Optional<UnidentifiedAccessPair> access = recipients.getAccessPair(recipient.getId());
        boolean validMembership = groupRecord.isPresent() && groupRecord.get().getMembers().contains(recipient.getId());
        if (recipient.getSenderKeyCapability() == Recipient.Capability.SUPPORTED && recipient.hasServiceId() && access.isPresent() && access.get().getTargetUnidentifiedAccess().isPresent() && validMembership) {
            senderKeyTargets.add(recipient);
        } else {
            legacyTargets.add(recipient);
        }
    }
    if (groupId == null) {
        Log.i(TAG, "Recipients not in a group. Using legacy.");
        legacyTargets.addAll(senderKeyTargets);
        senderKeyTargets.clear();
    } else if (Recipient.self().getSenderKeyCapability() != Recipient.Capability.SUPPORTED) {
        Log.i(TAG, "All of our devices do not support sender key. Using legacy.");
        legacyTargets.addAll(senderKeyTargets);
        senderKeyTargets.clear();
    } else if (SignalStore.internalValues().removeSenderKeyMinimum()) {
        Log.i(TAG, "Sender key minimum removed. Using for " + senderKeyTargets.size() + " recipients.");
    } else if (senderKeyTargets.size() < 2) {
        Log.i(TAG, "Too few sender-key-capable users (" + senderKeyTargets.size() + "). Doing all legacy sends.");
        legacyTargets.addAll(senderKeyTargets);
        senderKeyTargets.clear();
    } else {
        Log.i(TAG, "Can use sender key for " + senderKeyTargets.size() + "/" + allTargets.size() + " recipients.");
    }
    if (relatedMessageId != null) {
        SignalLocalMetrics.GroupMessageSend.onSenderKeyStarted(relatedMessageId.getId());
    }
    List<SendMessageResult> allResults = new ArrayList<>(allTargets.size());
    SignalServiceMessageSender messageSender = ApplicationDependencies.getSignalServiceMessageSender();
    if (senderKeyTargets.size() > 0 && groupId != null) {
        DistributionId distributionId = SignalDatabase.groups().getOrCreateDistributionId(groupId);
        long keyCreateTime = SenderKeyUtil.getCreateTimeForOurKey(context, distributionId);
        long keyAge = System.currentTimeMillis() - keyCreateTime;
        if (keyCreateTime != -1 && keyAge > FeatureFlags.senderKeyMaxAge()) {
            Log.w(TAG, "DistributionId " + distributionId + " was created at " + keyCreateTime + " and is " + (keyAge) + " ms old (~" + TimeUnit.MILLISECONDS.toDays(keyAge) + " days). Rotating.");
            SenderKeyUtil.rotateOurKey(context, distributionId);
        }
        try {
            List<SignalServiceAddress> targets = senderKeyTargets.stream().map(r -> recipients.getAddress(r.getId())).collect(Collectors.toList());
            List<UnidentifiedAccess> access = senderKeyTargets.stream().map(r -> recipients.requireAccess(r.getId())).collect(Collectors.toList());
            List<SendMessageResult> results = sendOperation.sendWithSenderKey(messageSender, distributionId, targets, access, isRecipientUpdate);
            allResults.addAll(results);
            int successCount = (int) results.stream().filter(SendMessageResult::isSuccess).count();
            Log.d(TAG, "Successfully sent using sender key to " + successCount + "/" + targets.size() + " sender key targets.");
            if (sendOperation.shouldIncludeInMessageLog()) {
                SignalDatabase.messageLog().insertIfPossible(sendOperation.getSentTimestamp(), senderKeyTargets, results, sendOperation.getContentHint(), sendOperation.getRelatedMessageId());
            }
            if (relatedMessageId != null) {
                SignalLocalMetrics.GroupMessageSend.onSenderKeyMslInserted(relatedMessageId.getId());
            }
        } catch (InvalidUnidentifiedAccessHeaderException e) {
            Log.w(TAG, "Someone had a bad UD header. Falling back to legacy sends.", e);
            legacyTargets.addAll(senderKeyTargets);
        } catch (NoSessionException e) {
            Log.w(TAG, "No session. Falling back to legacy sends.", e);
            legacyTargets.addAll(senderKeyTargets);
        } catch (InvalidKeyException e) {
            Log.w(TAG, "Invalid key. Falling back to legacy sends.", e);
            legacyTargets.addAll(senderKeyTargets);
        } catch (InvalidRegistrationIdException e) {
            Log.w(TAG, "Invalid registrationId. Falling back to legacy sends.", e);
            legacyTargets.addAll(senderKeyTargets);
        } catch (NotFoundException e) {
            Log.w(TAG, "Someone was unregistered. Falling back to legacy sends.", e);
            legacyTargets.addAll(senderKeyTargets);
        }
    } else if (relatedMessageId != null) {
        SignalLocalMetrics.GroupMessageSend.onSenderKeyShared(relatedMessageId.getId());
        SignalLocalMetrics.GroupMessageSend.onSenderKeyEncrypted(relatedMessageId.getId());
        SignalLocalMetrics.GroupMessageSend.onSenderKeyMessageSent(relatedMessageId.getId());
        SignalLocalMetrics.GroupMessageSend.onSenderKeySyncSent(relatedMessageId.getId());
        SignalLocalMetrics.GroupMessageSend.onSenderKeyMslInserted(relatedMessageId.getId());
    }
    if (cancelationSignal != null && cancelationSignal.isCanceled()) {
        throw new CancelationException();
    }
    boolean onlyTargetIsSelfWithLinkedDevice = legacyTargets.isEmpty() && senderKeyTargets.isEmpty() && TextSecurePreferences.isMultiDevice(context);
    if (legacyTargets.size() > 0 || onlyTargetIsSelfWithLinkedDevice) {
        if (legacyTargets.size() > 0) {
            Log.i(TAG, "Need to do " + legacyTargets.size() + " legacy sends.");
        } else {
            Log.i(TAG, "Need to do a legacy send to send a sync message for a group of only ourselves.");
        }
        List<SignalServiceAddress> targets = legacyTargets.stream().map(r -> recipients.getAddress(r.getId())).collect(Collectors.toList());
        List<Optional<UnidentifiedAccessPair>> access = legacyTargets.stream().map(r -> recipients.getAccessPair(r.getId())).collect(Collectors.toList());
        boolean recipientUpdate = isRecipientUpdate || allResults.size() > 0;
        final MessageSendLogDatabase messageLogDatabase = SignalDatabase.messageLog();
        final AtomicLong entryId = new AtomicLong(-1);
        final boolean includeInMessageLog = sendOperation.shouldIncludeInMessageLog();
        List<SendMessageResult> results = sendOperation.sendLegacy(messageSender, targets, access, recipientUpdate, result -> {
            if (!includeInMessageLog) {
                return;
            }
            synchronized (entryId) {
                if (entryId.get() == -1) {
                    entryId.set(messageLogDatabase.insertIfPossible(recipients.requireRecipientId(result.getAddress()), sendOperation.getSentTimestamp(), result, sendOperation.getContentHint(), sendOperation.getRelatedMessageId()));
                } else {
                    messageLogDatabase.addRecipientToExistingEntryIfPossible(entryId.get(), recipients.requireRecipientId(result.getAddress()), result);
                }
            }
        }, cancelationSignal);
        allResults.addAll(results);
        int successCount = (int) results.stream().filter(SendMessageResult::isSuccess).count();
        Log.d(TAG, "Successfully sent using 1:1 to " + successCount + "/" + targets.size() + " legacy targets.");
    } else if (relatedMessageId != null) {
        SignalLocalMetrics.GroupMessageSend.onLegacyMessageSent(relatedMessageId.getId());
        SignalLocalMetrics.GroupMessageSend.onLegacySyncFinished(relatedMessageId.getId());
    }
    if (unregisteredTargets.size() > 0) {
        Log.w(TAG, "There are " + unregisteredTargets.size() + " unregistered targets. Including failure results.");
        List<SendMessageResult> unregisteredResults = unregisteredTargets.stream().filter(Recipient::hasServiceId).map(t -> SendMessageResult.unregisteredFailure(new SignalServiceAddress(t.requireServiceId(), t.getE164().orNull()))).collect(Collectors.toList());
        if (unregisteredResults.size() < unregisteredTargets.size()) {
            Log.w(TAG, "There are " + (unregisteredTargets.size() - unregisteredResults.size()) + " targets that have no UUID! Cannot report a failure for them.");
        }
        allResults.addAll(unregisteredResults);
    }
    return allResults;
}
Also used : SignalStore(org.thoughtcrime.securesms.keyvalue.SignalStore) SignalServiceDataMessage(org.whispersystems.signalservice.api.messages.SignalServiceDataMessage) SendMessageResult(org.whispersystems.signalservice.api.messages.SendMessageResult) NonNull(androidx.annotation.NonNull) RecipientUtil(org.thoughtcrime.securesms.recipients.RecipientUtil) SignalServiceAddress(org.whispersystems.signalservice.api.push.SignalServiceAddress) NotFoundException(org.whispersystems.signalservice.api.push.exceptions.NotFoundException) SenderKeyUtil(org.thoughtcrime.securesms.crypto.SenderKeyUtil) RecipientId(org.thoughtcrime.securesms.recipients.RecipientId) Map(java.util.Map) Recipient(org.thoughtcrime.securesms.recipients.Recipient) LegacyGroupEvents(org.whispersystems.signalservice.api.SignalServiceMessageSender.LegacyGroupEvents) PartialSendCompleteListener(org.whispersystems.signalservice.internal.push.http.PartialSendCompleteListener) ApplicationDependencies(org.thoughtcrime.securesms.dependencies.ApplicationDependencies) InvalidUnidentifiedAccessHeaderException(org.whispersystems.signalservice.internal.push.exceptions.InvalidUnidentifiedAccessHeaderException) Set(java.util.Set) UnidentifiedAccessUtil(org.thoughtcrime.securesms.crypto.UnidentifiedAccessUtil) Collectors(java.util.stream.Collectors) Objects(java.util.Objects) Log(org.signal.core.util.logging.Log) FeatureFlags(org.thoughtcrime.securesms.util.FeatureFlags) List(java.util.List) Nullable(androidx.annotation.Nullable) GroupId(org.thoughtcrime.securesms.groups.GroupId) NoSessionException(org.whispersystems.libsignal.NoSessionException) CancelationException(org.whispersystems.signalservice.api.CancelationException) Context(android.content.Context) RecipientAccessList(org.thoughtcrime.securesms.util.RecipientAccessList) SignalDatabase(org.thoughtcrime.securesms.database.SignalDatabase) ContentHint(org.whispersystems.signalservice.api.crypto.ContentHint) SignalServiceTypingMessage(org.whispersystems.signalservice.api.messages.SignalServiceTypingMessage) SignalLocalMetrics(org.thoughtcrime.securesms.util.SignalLocalMetrics) WorkerThread(androidx.annotation.WorkerThread) GroupRecord(org.thoughtcrime.securesms.database.GroupDatabase.GroupRecord) SenderKeyGroupEvents(org.whispersystems.signalservice.api.SignalServiceMessageSender.SenderKeyGroupEvents) CancelationSignal(org.whispersystems.signalservice.internal.push.http.CancelationSignal) HashMap(java.util.HashMap) InvalidRegistrationIdException(org.whispersystems.libsignal.InvalidRegistrationIdException) InvalidKeyException(org.whispersystems.libsignal.InvalidKeyException) UnidentifiedAccessPair(org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair) ArrayList(java.util.ArrayList) TextSecurePreferences(org.thoughtcrime.securesms.util.TextSecurePreferences) UnidentifiedAccess(org.whispersystems.signalservice.api.crypto.UnidentifiedAccess) SignalServiceCallMessage(org.whispersystems.signalservice.api.messages.calls.SignalServiceCallMessage) MessageSendLogDatabase(org.thoughtcrime.securesms.database.MessageSendLogDatabase) LinkedList(java.util.LinkedList) DistributionId(org.whispersystems.signalservice.api.push.DistributionId) SignalServiceMessageSender(org.whispersystems.signalservice.api.SignalServiceMessageSender) MessageId(org.thoughtcrime.securesms.database.model.MessageId) Iterator(java.util.Iterator) IOException(java.io.IOException) Optional(org.whispersystems.libsignal.util.guava.Optional) TimeUnit(java.util.concurrent.TimeUnit) AtomicLong(java.util.concurrent.atomic.AtomicLong) UntrustedIdentityException(org.whispersystems.signalservice.api.crypto.UntrustedIdentityException) Collections(java.util.Collections) ArrayList(java.util.ArrayList) SignalServiceMessageSender(org.whispersystems.signalservice.api.SignalServiceMessageSender) NotFoundException(org.whispersystems.signalservice.api.push.exceptions.NotFoundException) MessageSendLogDatabase(org.thoughtcrime.securesms.database.MessageSendLogDatabase) GroupRecord(org.thoughtcrime.securesms.database.GroupDatabase.GroupRecord) NoSessionException(org.whispersystems.libsignal.NoSessionException) CancelationException(org.whispersystems.signalservice.api.CancelationException) SignalServiceAddress(org.whispersystems.signalservice.api.push.SignalServiceAddress) Optional(org.whispersystems.libsignal.util.guava.Optional) InvalidRegistrationIdException(org.whispersystems.libsignal.InvalidRegistrationIdException) Recipient(org.thoughtcrime.securesms.recipients.Recipient) UnidentifiedAccessPair(org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair) DistributionId(org.whispersystems.signalservice.api.push.DistributionId) InvalidKeyException(org.whispersystems.libsignal.InvalidKeyException) LinkedList(java.util.LinkedList) SendMessageResult(org.whispersystems.signalservice.api.messages.SendMessageResult) ContentHint(org.whispersystems.signalservice.api.crypto.ContentHint) UnidentifiedAccess(org.whispersystems.signalservice.api.crypto.UnidentifiedAccess) AtomicLong(java.util.concurrent.atomic.AtomicLong) InvalidUnidentifiedAccessHeaderException(org.whispersystems.signalservice.internal.push.exceptions.InvalidUnidentifiedAccessHeaderException) WorkerThread(androidx.annotation.WorkerThread)

Example 35 with UntrustedIdentityException

use of org.whispersystems.signalservice.api.crypto.UntrustedIdentityException in project libsignal-service-java by signalapp.

the class SignalServiceMessageSender method sendMessage.

private List<SendMessageResult> sendMessage(List<SignalServiceAddress> recipients, List<Optional<UnidentifiedAccess>> unidentifiedAccess, long timestamp, byte[] content, boolean online) throws IOException {
    List<SendMessageResult> results = new LinkedList<>();
    Iterator<SignalServiceAddress> recipientIterator = recipients.iterator();
    Iterator<Optional<UnidentifiedAccess>> unidentifiedAccessIterator = unidentifiedAccess.iterator();
    while (recipientIterator.hasNext()) {
        SignalServiceAddress recipient = recipientIterator.next();
        try {
            SendMessageResult result = sendMessage(recipient, unidentifiedAccessIterator.next(), timestamp, content, online);
            results.add(result);
        } catch (UntrustedIdentityException e) {
            Log.w(TAG, e);
            results.add(SendMessageResult.identityFailure(recipient, e.getIdentityKey()));
        } catch (UnregisteredUserException e) {
            Log.w(TAG, e);
            results.add(SendMessageResult.unregisteredFailure(recipient));
        } catch (PushNetworkException e) {
            Log.w(TAG, e);
            results.add(SendMessageResult.networkFailure(recipient));
        }
    }
    return results;
}
Also used : UntrustedIdentityException(org.whispersystems.signalservice.api.crypto.UntrustedIdentityException) UnregisteredUserException(org.whispersystems.signalservice.api.push.exceptions.UnregisteredUserException) PushNetworkException(org.whispersystems.signalservice.api.push.exceptions.PushNetworkException) Optional(org.whispersystems.libsignal.util.guava.Optional) SignalServiceAddress(org.whispersystems.signalservice.api.push.SignalServiceAddress) SendMessageResult(org.whispersystems.signalservice.api.messages.SendMessageResult) LinkedList(java.util.LinkedList)

Aggregations

UntrustedIdentityException (org.whispersystems.signalservice.api.crypto.UntrustedIdentityException)41 IOException (java.io.IOException)27 Recipient (org.thoughtcrime.securesms.recipients.Recipient)23 List (java.util.List)19 SendMessageResult (org.whispersystems.signalservice.api.messages.SendMessageResult)19 RecipientId (org.thoughtcrime.securesms.recipients.RecipientId)18 LinkedList (java.util.LinkedList)16 Optional (org.whispersystems.libsignal.util.guava.Optional)15 NonNull (androidx.annotation.NonNull)14 Collections (java.util.Collections)14 Collectors (java.util.stream.Collectors)14 Log (org.signal.core.util.logging.Log)14 ApplicationDependencies (org.thoughtcrime.securesms.dependencies.ApplicationDependencies)14 RecipientUtil (org.thoughtcrime.securesms.recipients.RecipientUtil)14 UnregisteredUserException (org.whispersystems.signalservice.api.push.exceptions.UnregisteredUserException)14 Context (android.content.Context)12 Nullable (androidx.annotation.Nullable)12 Set (java.util.Set)12 SignalDatabase (org.thoughtcrime.securesms.database.SignalDatabase)12 GroupId (org.thoughtcrime.securesms.groups.GroupId)12