]> nmode's Git Repositories - signal-cli/blob - lib/src/main/java/org/asamk/signal/manager/helper/IncomingMessageHandler.java
git.nmode.ca / signal-cli / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Fix NPR when loading an inactive group
[signal-cli] / lib / src / main / java / org / asamk / signal / manager / helper / IncomingMessageHandler.java
1 package org.asamk.signal.manager.helper;
2
3 import org.asamk.signal.manager.Manager;
4 import org.asamk.signal.manager.actions.HandleAction;
5 import org.asamk.signal.manager.actions.RefreshPreKeysAction;
6 import org.asamk.signal.manager.actions.RenewSessionAction;
7 import org.asamk.signal.manager.actions.ResendMessageAction;
8 import org.asamk.signal.manager.actions.RetrieveProfileAction;
9 import org.asamk.signal.manager.actions.SendGroupInfoAction;
10 import org.asamk.signal.manager.actions.SendGroupInfoRequestAction;
11 import org.asamk.signal.manager.actions.SendProfileKeyAction;
12 import org.asamk.signal.manager.actions.SendReceiptAction;
13 import org.asamk.signal.manager.actions.SendRetryMessageRequestAction;
14 import org.asamk.signal.manager.actions.SendSyncBlockedListAction;
15 import org.asamk.signal.manager.actions.SendSyncConfigurationAction;
16 import org.asamk.signal.manager.actions.SendSyncContactsAction;
17 import org.asamk.signal.manager.actions.SendSyncGroupsAction;
18 import org.asamk.signal.manager.actions.SendSyncKeysAction;
19 import org.asamk.signal.manager.actions.SyncStorageDataAction;
20 import org.asamk.signal.manager.actions.UpdateAccountAttributesAction;
21 import org.asamk.signal.manager.api.GroupId;
22 import org.asamk.signal.manager.api.GroupNotFoundException;
23 import org.asamk.signal.manager.api.MessageEnvelope;
24 import org.asamk.signal.manager.api.Pair;
25 import org.asamk.signal.manager.api.ReceiveConfig;
26 import org.asamk.signal.manager.api.StickerPackId;
27 import org.asamk.signal.manager.api.TrustLevel;
28 import org.asamk.signal.manager.api.UntrustedIdentityException;
29 import org.asamk.signal.manager.groups.GroupUtils;
30 import org.asamk.signal.manager.internal.SignalDependencies;
31 import org.asamk.signal.manager.jobs.RetrieveStickerPackJob;
32 import org.asamk.signal.manager.storage.SignalAccount;
33 import org.asamk.signal.manager.storage.groups.GroupInfoV1;
34 import org.asamk.signal.manager.storage.recipients.RecipientAddress;
35 import org.asamk.signal.manager.storage.recipients.RecipientId;
36 import org.asamk.signal.manager.storage.stickers.StickerPack;
37 import org.signal.libsignal.metadata.ProtocolInvalidKeyException;
38 import org.signal.libsignal.metadata.ProtocolInvalidKeyIdException;
39 import org.signal.libsignal.metadata.ProtocolInvalidMessageException;
40 import org.signal.libsignal.metadata.ProtocolNoSessionException;
41 import org.signal.libsignal.metadata.ProtocolUntrustedIdentityException;
42 import org.signal.libsignal.metadata.SelfSendException;
43 import org.signal.libsignal.protocol.InvalidMessageException;
44 import org.signal.libsignal.protocol.groups.GroupSessionBuilder;
45 import org.signal.libsignal.protocol.message.DecryptionErrorMessage;
46 import org.signal.libsignal.zkgroup.InvalidInputException;
47 import org.signal.libsignal.zkgroup.profiles.ProfileKey;
48 import org.slf4j.Logger;
49 import org.slf4j.LoggerFactory;
50 import org.whispersystems.signalservice.api.InvalidMessageStructureException;
51 import org.whispersystems.signalservice.api.crypto.SignalGroupSessionBuilder;
52 import org.whispersystems.signalservice.api.crypto.SignalServiceCipherResult;
53 import org.whispersystems.signalservice.api.messages.EnvelopeContentValidator;
54 import org.whispersystems.signalservice.api.messages.SignalServiceContent;
55 import org.whispersystems.signalservice.api.messages.SignalServiceDataMessage;
56 import org.whispersystems.signalservice.api.messages.SignalServiceEnvelope;
57 import org.whispersystems.signalservice.api.messages.SignalServiceGroup;
58 import org.whispersystems.signalservice.api.messages.SignalServiceGroupContext;
59 import org.whispersystems.signalservice.api.messages.SignalServiceGroupV2;
60 import org.whispersystems.signalservice.api.messages.SignalServicePniSignatureMessage;
61 import org.whispersystems.signalservice.api.messages.SignalServiceReceiptMessage;
62 import org.whispersystems.signalservice.api.messages.SignalServiceStoryMessage;
63 import org.whispersystems.signalservice.api.messages.multidevice.SignalServiceSyncMessage;
64 import org.whispersystems.signalservice.api.messages.multidevice.StickerPackOperationMessage;
65 import org.whispersystems.signalservice.api.push.ServiceId;
66 import org.whispersystems.signalservice.api.push.ServiceId.ACI;
67 import org.whispersystems.signalservice.api.push.ServiceIdType;
68 import org.whispersystems.signalservice.api.push.SignalServiceAddress;
69 import org.whispersystems.signalservice.internal.push.Envelope;
70 import org.whispersystems.signalservice.internal.push.UnsupportedDataMessageException;
71
72 import java.util.ArrayList;
73 import java.util.List;
74 import java.util.Optional;
75 import java.util.stream.Collectors;
76
77 public final class IncomingMessageHandler {
78
79 private static final Logger logger = LoggerFactory.getLogger(IncomingMessageHandler.class);
80
81 private final SignalAccount account;
82 private final SignalDependencies dependencies;
83 private final Context context;
84
85 public IncomingMessageHandler(final Context context) {
86 this.account = context.getAccount();
87 this.dependencies = context.getDependencies();
88 this.context = context;
89 }
90
91 public Pair<List<HandleAction>, Exception> handleRetryEnvelope(
92 final SignalServiceEnvelope envelope,
93 final ReceiveConfig receiveConfig,
94 final Manager.ReceiveMessageHandler handler
95 ) {
96 final List<HandleAction> actions = new ArrayList<>();
97 if (envelope.isPreKeySignalMessage()) {
98 actions.add(RefreshPreKeysAction.create());
99 }
100
101 SignalServiceContent content = null;
102 if (!envelope.isReceipt()) {
103 account.getIdentityKeyStore().setRetryingDecryption(true);
104 final var destination = getDestination(envelope).serviceId();
105 try {
106 final var cipherResult = dependencies.getCipher(destination == null
107 || destination.equals(account.getAci()) ? ServiceIdType.ACI : ServiceIdType.PNI)
108 .decrypt(envelope.getProto(), envelope.getServerDeliveredTimestamp());
109 content = validate(envelope.getProto(), cipherResult, envelope.getServerDeliveredTimestamp());
110 if (content == null) {
111 return new Pair<>(List.of(), null);
112 }
113 } catch (ProtocolUntrustedIdentityException e) {
114 final var recipientId = account.getRecipientResolver().resolveRecipient(e.getSender());
115 final var exception = new UntrustedIdentityException(account.getRecipientAddressResolver()
116 .resolveRecipientAddress(recipientId)
117 .toApiRecipientAddress(), e.getSenderDevice());
118 return new Pair<>(List.of(), exception);
119 } catch (Exception e) {
120 return new Pair<>(List.of(), e);
121 } finally {
122 account.getIdentityKeyStore().setRetryingDecryption(false);
123 }
124 }
125 actions.addAll(checkAndHandleMessage(envelope, content, receiveConfig, handler, null));
126 return new Pair<>(actions, null);
127 }
128
129 public Pair<List<HandleAction>, Exception> handleEnvelope(
130 final SignalServiceEnvelope envelope,
131 final ReceiveConfig receiveConfig,
132 final Manager.ReceiveMessageHandler handler
133 ) {
134 final var actions = new ArrayList<HandleAction>();
135 SignalServiceContent content = null;
136 Exception exception = null;
137 envelope.getSourceServiceId().map(ServiceId::parseOrNull)
138 // Store uuid if we don't have it already
139 // uuid in envelope is sent by server
140 .ifPresent(serviceId -> account.getRecipientResolver().resolveRecipient(serviceId));
141 if (!envelope.isReceipt()) {
142 final var destination = getDestination(envelope).serviceId();
143 try {
144 final var cipherResult = dependencies.getCipher(destination == null
145 || destination.equals(account.getAci()) ? ServiceIdType.ACI : ServiceIdType.PNI)
146 .decrypt(envelope.getProto(), envelope.getServerDeliveredTimestamp());
147 content = validate(envelope.getProto(), cipherResult, envelope.getServerDeliveredTimestamp());
148 if (content == null) {
149 return new Pair<>(List.of(), null);
150 }
151 } catch (ProtocolUntrustedIdentityException e) {
152 final var recipientId = account.getRecipientResolver().resolveRecipient(e.getSender());
153 actions.add(new RetrieveProfileAction(recipientId));
154 exception = new UntrustedIdentityException(account.getRecipientAddressResolver()
155 .resolveRecipientAddress(recipientId)
156 .toApiRecipientAddress(), e.getSenderDevice());
157 } catch (ProtocolInvalidKeyIdException | ProtocolInvalidKeyException | ProtocolNoSessionException |
158 ProtocolInvalidMessageException e) {
159 logger.debug("Failed to decrypt incoming message", e);
160 if (e instanceof ProtocolInvalidKeyIdException) {
161 actions.add(RefreshPreKeysAction.create());
162 }
163 final var sender = account.getRecipientResolver().resolveRecipient(e.getSender());
164 if (context.getContactHelper().isContactBlocked(sender)) {
165 logger.debug("Received invalid message from blocked contact, ignoring.");
166 } else {
167 var serviceId = ServiceId.parseOrNull(e.getSender());
168 if (serviceId != null) {
169 final var isSelf = sender.equals(account.getSelfRecipientId())
170 && e.getSenderDevice() == account.getDeviceId();
171 logger.debug("Received invalid message, queuing renew session action.");
172 actions.add(new RenewSessionAction(sender, serviceId, destination));
173 if (!isSelf) {
174 logger.debug("Received invalid message, requesting message resend.");
175 actions.add(new SendRetryMessageRequestAction(sender, e, envelope));
176 }
177 } else {
178 logger.debug("Received invalid message from invalid sender: {}", e.getSender());
179 }
180 }
181 exception = e;
182 } catch (SelfSendException e) {
183 logger.debug("Dropping unidentified message from self.");
184 return new Pair<>(List.of(), null);
185 } catch (Exception e) {
186 logger.debug("Failed to handle incoming message", e);
187 exception = e;
188 }
189 }
190
191 actions.addAll(checkAndHandleMessage(envelope, content, receiveConfig, handler, exception));
192 return new Pair<>(actions, exception);
193 }
194
195 private SignalServiceContent validate(
196 Envelope envelope,
197 SignalServiceCipherResult cipherResult,
198 long serverDeliveredTimestamp
199 ) throws ProtocolInvalidKeyException, ProtocolInvalidMessageException, UnsupportedDataMessageException, InvalidMessageStructureException {
200 final var content = cipherResult.getContent();
201 final var envelopeMetadata = cipherResult.getMetadata();
202 final var validationResult = EnvelopeContentValidator.INSTANCE.validate(envelope, content, account.getAci());
203
204 if (validationResult instanceof EnvelopeContentValidator.Result.Invalid v) {
205 logger.warn("Invalid content! {}", v.getReason(), v.getThrowable());
206 return null;
207 }
208
209 if (validationResult instanceof EnvelopeContentValidator.Result.UnsupportedDataMessage v) {
210 logger.warn("Unsupported DataMessage! Our version: {}, their version: {}",
211 v.getOurVersion(),
212 v.getTheirVersion());
213 return null;
214 }
215
216 return SignalServiceContent.Companion.createFrom(account.getNumber(),
217 envelope,
218 envelopeMetadata,
219 content,
220 serverDeliveredTimestamp);
221 }
222
223 private List<HandleAction> checkAndHandleMessage(
224 final SignalServiceEnvelope envelope,
225 final SignalServiceContent content,
226 final ReceiveConfig receiveConfig,
227 final Manager.ReceiveMessageHandler handler,
228 final Exception exception
229 ) {
230 if (content != null) {
231 // Store uuid if we don't have it already
232 // address/uuid is validated by unidentified sender certificate
233
234 boolean handledPniSignature = false;
235 if (content.getPniSignatureMessage().isPresent()) {
236 final var message = content.getPniSignatureMessage().get();
237 final var senderAddress = getSenderAddress(envelope, content);
238 if (senderAddress != null) {
239 handledPniSignature = handlePniSignatureMessage(message, senderAddress);
240 }
241 }
242 if (!handledPniSignature) {
243 account.getRecipientTrustedResolver().resolveRecipientTrusted(content.getSender());
244 }
245 }
246 if (envelope.isReceipt()) {
247 final var senderDeviceAddress = getSender(envelope, content);
248 final var sender = senderDeviceAddress.serviceId();
249 final var senderDeviceId = senderDeviceAddress.deviceId();
250 account.getMessageSendLogStore().deleteEntryForRecipient(envelope.getTimestamp(), sender, senderDeviceId);
251 }
252
253 var notAllowedToSendToGroup = isNotAllowedToSendToGroup(envelope, content);
254 final var groupContext = getGroupContext(content);
255 if (groupContext != null && groupContext.getGroupV2().isPresent()) {
256 handleGroupV2Context(groupContext.getGroupV2().get());
257 }
258 // Check again in case the user just joined the group
259 notAllowedToSendToGroup = notAllowedToSendToGroup && isNotAllowedToSendToGroup(envelope, content);
260
261 if (isMessageBlocked(envelope, content)) {
262 logger.info("Ignoring a message from blocked user/group: {}", envelope.getTimestamp());
263 return List.of();
264 } else if (notAllowedToSendToGroup) {
265 final var senderAddress = getSenderAddress(envelope, content);
266 logger.info("Ignoring a group message from an unauthorized sender (no member or admin): {} {}",
267 senderAddress == null ? null : senderAddress.getIdentifier(),
268 envelope.getTimestamp());
269 return List.of();
270 } else {
271 List<HandleAction> actions;
272 if (content != null) {
273 actions = handleMessage(envelope, content, receiveConfig);
274 } else {
275 actions = List.of();
276 }
277 handler.handleMessage(MessageEnvelope.from(envelope,
278 content,
279 account.getRecipientResolver(),
280 account.getRecipientAddressResolver(),
281 context.getAttachmentHelper()::getAttachmentFile,
282 exception), exception);
283 return actions;
284 }
285 }
286
287 public List<HandleAction> handleMessage(
288 SignalServiceEnvelope envelope,
289 SignalServiceContent content,
290 ReceiveConfig receiveConfig
291 ) {
292 var actions = new ArrayList<HandleAction>();
293 final var senderDeviceAddress = getSender(envelope, content);
294 final var sender = senderDeviceAddress.recipientId();
295 final var senderServiceId = senderDeviceAddress.serviceId();
296 final var senderDeviceId = senderDeviceAddress.deviceId();
297 final var destination = getDestination(envelope);
298
299 if (account.getPni().equals(destination.serviceId)) {
300 account.getRecipientStore().markNeedsPniSignature(destination.recipientId, true);
301 } else if (account.getAci().equals(destination.serviceId)) {
302 account.getRecipientStore().markNeedsPniSignature(destination.recipientId, false);
303 }
304
305 if (content.getReceiptMessage().isPresent()) {
306 final var message = content.getReceiptMessage().get();
307 if (message.isDeliveryReceipt()) {
308 account.getMessageSendLogStore()
309 .deleteEntriesForRecipient(message.getTimestamps(), senderServiceId, senderDeviceId);
310 }
311 }
312
313 if (content.getSenderKeyDistributionMessage().isPresent()) {
314 final var message = content.getSenderKeyDistributionMessage().get();
315 final var protocolAddress = senderServiceId.toProtocolAddress(senderDeviceId);
316 logger.debug("Received a sender key distribution message for distributionId {} from {}",
317 message.getDistributionId(),
318 protocolAddress);
319 new SignalGroupSessionBuilder(dependencies.getSessionLock(),
320 new GroupSessionBuilder(account.getSenderKeyStore())).process(protocolAddress, message);
321 }
322
323 if (content.getDecryptionErrorMessage().isPresent()) {
324 var message = content.getDecryptionErrorMessage().get();
325 logger.debug("Received a decryption error message from {}.{} (resend request for {})",
326 sender,
327 senderDeviceId,
328 message.getTimestamp());
329 if (message.getDeviceId() == account.getDeviceId()) {
330 handleDecryptionErrorMessage(actions,
331 sender,
332 senderServiceId,
333 senderDeviceId,
334 message,
335 destination.serviceId());
336 } else {
337 logger.debug("Request is for another one of our devices");
338 }
339 }
340
341 if (content.getDataMessage().isPresent() || content.getEditMessage().isPresent()) {
342 var message = content.getDataMessage().isPresent()
343 ? content.getDataMessage().get()
344 : content.getEditMessage().get().getDataMessage();
345
346 if (content.isNeedsReceipt()) {
347 actions.add(new SendReceiptAction(sender,
348 SignalServiceReceiptMessage.Type.DELIVERY,
349 message.getTimestamp()));
350 } else {
351 // Message wasn't sent as unidentified sender message
352 final var contact = context.getAccount().getContactStore().getContact(sender);
353 if (account.isPrimaryDevice()
354 && contact != null
355 && !contact.isBlocked()
356 && contact.isProfileSharingEnabled()) {
357 actions.add(UpdateAccountAttributesAction.create());
358 actions.add(new SendProfileKeyAction(sender));
359 }
360 }
361 if (receiveConfig.sendReadReceipts()) {
362 actions.add(new SendReceiptAction(sender,
363 SignalServiceReceiptMessage.Type.READ,
364 message.getTimestamp()));
365 }
366
367 actions.addAll(handleSignalServiceDataMessage(message,
368 false,
369 senderDeviceAddress,
370 destination,
371 receiveConfig.ignoreAttachments()));
372 }
373
374 if (content.getStoryMessage().isPresent()) {
375 final var message = content.getStoryMessage().get();
376 actions.addAll(handleSignalServiceStoryMessage(message, sender, receiveConfig.ignoreAttachments()));
377 }
378
379 if (content.getSyncMessage().isPresent()) {
380 var syncMessage = content.getSyncMessage().get();
381 actions.addAll(handleSyncMessage(envelope,
382 syncMessage,
383 senderDeviceAddress,
384 receiveConfig.ignoreAttachments()));
385 }
386
387 return actions;
388 }
389
390 private boolean handlePniSignatureMessage(
391 final SignalServicePniSignatureMessage message,
392 final SignalServiceAddress senderAddress
393 ) {
394 final var aci = senderAddress.getServiceId();
395 final var aciIdentity = account.getIdentityKeyStore().getIdentityInfo(aci);
396 final var pni = message.getPni();
397 final var pniIdentity = account.getIdentityKeyStore().getIdentityInfo(pni);
398
399 if (aciIdentity == null || pniIdentity == null || aci.equals(pni)) {
400 return false;
401 }
402
403 final var verified = pniIdentity.getIdentityKey()
404 .verifyAlternateIdentity(aciIdentity.getIdentityKey(), message.getSignature());
405
406 if (!verified) {
407 logger.debug("Invalid PNI signature of ACI {} with PNI {}", aci, pni);
408 return false;
409 }
410
411 logger.debug("Verified association of ACI {} with PNI {}", aci, pni);
412 account.getRecipientTrustedResolver()
413 .resolveRecipientTrusted(Optional.of(ACI.from(aci.getRawUuid())),
414 Optional.of(pni),
415 senderAddress.getNumber());
416 return true;
417 }
418
419 private void handleDecryptionErrorMessage(
420 final List<HandleAction> actions,
421 final RecipientId sender,
422 final ServiceId senderServiceId,
423 final int senderDeviceId,
424 final DecryptionErrorMessage message,
425 final ServiceId destination
426 ) {
427 final var logEntries = account.getMessageSendLogStore()
428 .findMessages(senderServiceId,
429 senderDeviceId,
430 message.getTimestamp(),
431 message.getRatchetKey().isEmpty());
432
433 for (final var logEntry : logEntries) {
434 actions.add(new ResendMessageAction(sender, message.getTimestamp(), logEntry));
435 }
436
437 if (message.getRatchetKey().isPresent()) {
438 final var sessionStore = account.getAccountData(destination).getSessionStore();
439 if (sessionStore.isCurrentRatchetKey(senderServiceId, senderDeviceId, message.getRatchetKey().get())) {
440 if (logEntries.isEmpty()) {
441 logger.debug("Renewing the session with sender");
442 actions.add(new RenewSessionAction(sender, senderServiceId, destination));
443 } else {
444 logger.trace("Archiving the session with sender, a resend message has already been queued");
445 sessionStore.archiveSessions(senderServiceId);
446 }
447 }
448 return;
449 }
450
451 var found = false;
452 for (final var logEntry : logEntries) {
453 if (logEntry.groupId().isEmpty()) {
454 continue;
455 }
456 final var group = account.getGroupStore().getGroup(logEntry.groupId().get());
457 if (group == null) {
458 continue;
459 }
460 found = true;
461 logger.trace("Deleting shared sender key with {} ({}): {}",
462 sender,
463 senderDeviceId,
464 group.getDistributionId());
465 account.getSenderKeyStore().deleteSharedWith(senderServiceId, senderDeviceId, group.getDistributionId());
466 }
467 if (!found) {
468 logger.debug("Reset all shared sender keys with this recipient, no related message found in send log");
469 account.getSenderKeyStore().deleteSharedWith(senderServiceId);
470 }
471 }
472
473 private List<HandleAction> handleSyncMessage(
474 final SignalServiceEnvelope envelope,
475 final SignalServiceSyncMessage syncMessage,
476 final DeviceAddress sender,
477 final boolean ignoreAttachments
478 ) {
479 var actions = new ArrayList<HandleAction>();
480 account.setMultiDevice(true);
481 if (syncMessage.getSent().isPresent()) {
482 var message = syncMessage.getSent().get();
483 final var destination = message.getDestination().orElse(null);
484 if (message.getDataMessage().isPresent()) {
485 actions.addAll(handleSignalServiceDataMessage(message.getDataMessage().get(),
486 true,
487 sender,
488 destination == null
489 ? null
490 : new DeviceAddress(account.getRecipientResolver().resolveRecipient(destination),
491 destination.getServiceId(),
492 0),
493 ignoreAttachments));
494 }
495 if (message.getStoryMessage().isPresent()) {
496 actions.addAll(handleSignalServiceStoryMessage(message.getStoryMessage().get(),
497 sender.recipientId(),
498 ignoreAttachments));
499 }
500 }
501 if (syncMessage.getRequest().isPresent() && account.isPrimaryDevice()) {
502 var rm = syncMessage.getRequest().get();
503 if (rm.isContactsRequest()) {
504 actions.add(SendSyncContactsAction.create());
505 }
506 if (rm.isGroupsRequest()) {
507 actions.add(SendSyncGroupsAction.create());
508 }
509 if (rm.isBlockedListRequest()) {
510 actions.add(SendSyncBlockedListAction.create());
511 }
512 if (rm.isKeysRequest()) {
513 actions.add(SendSyncKeysAction.create());
514 }
515 if (rm.isConfigurationRequest()) {
516 actions.add(SendSyncConfigurationAction.create());
517 }
518 actions.add(SyncStorageDataAction.create());
519 }
520 if (syncMessage.getGroups().isPresent()) {
521 try {
522 final var groupsMessage = syncMessage.getGroups().get();
523 context.getAttachmentHelper()
524 .retrieveAttachment(groupsMessage, context.getSyncHelper()::handleSyncDeviceGroups);
525 } catch (Exception e) {
526 logger.warn("Failed to handle received sync groups, ignoring: {}", e.getMessage());
527 }
528 }
529 if (syncMessage.getBlockedList().isPresent()) {
530 final var blockedListMessage = syncMessage.getBlockedList().get();
531 for (var individual : blockedListMessage.individuals) {
532 final var address = new RecipientAddress(individual.getAci(), individual.getE164());
533 final var recipientId = account.getRecipientResolver().resolveRecipient(address);
534 context.getContactHelper().setContactBlocked(recipientId, true);
535 }
536 for (var groupId : blockedListMessage.groupIds.stream()
537 .map(GroupId::unknownVersion)
538 .collect(Collectors.toSet())) {
539 try {
540 context.getGroupHelper().setGroupBlocked(groupId, true);
541 } catch (GroupNotFoundException e) {
542 logger.warn("BlockedListMessage contained groupID that was not found in GroupStore: {}",
543 groupId.toBase64());
544 }
545 }
546 }
547 if (syncMessage.getContacts().isPresent()) {
548 try {
549 final var contactsMessage = syncMessage.getContacts().get();
550 context.getAttachmentHelper()
551 .retrieveAttachment(contactsMessage.getContactsStream(),
552 context.getSyncHelper()::handleSyncDeviceContacts);
553 } catch (Exception e) {
554 logger.warn("Failed to handle received sync contacts, ignoring: {}", e.getMessage());
555 }
556 }
557 if (syncMessage.getVerified().isPresent()) {
558 final var verifiedMessage = syncMessage.getVerified().get();
559 account.getIdentityKeyStore()
560 .setIdentityTrustLevel(verifiedMessage.getDestination().getServiceId(),
561 verifiedMessage.getIdentityKey(),
562 TrustLevel.fromVerifiedState(verifiedMessage.getVerified()));
563 }
564 if (syncMessage.getStickerPackOperations().isPresent()) {
565 final var stickerPackOperationMessages = syncMessage.getStickerPackOperations().get();
566 for (var m : stickerPackOperationMessages) {
567 if (m.getPackId().isEmpty()) {
568 continue;
569 }
570 final var stickerPackId = StickerPackId.deserialize(m.getPackId().get());
571 final var stickerPackKey = m.getPackKey().orElse(null);
572 final var installed = m.getType().isEmpty()
573 || m.getType().get() == StickerPackOperationMessage.Type.INSTALL;
574
575 final var sticker = context.getStickerHelper()
576 .addOrUpdateStickerPack(stickerPackId, stickerPackKey, installed);
577
578 if (sticker != null && installed) {
579 context.getJobExecutor().enqueueJob(new RetrieveStickerPackJob(stickerPackId, sticker.packKey()));
580 }
581 }
582 }
583 if (syncMessage.getFetchType().isPresent()) {
584 switch (syncMessage.getFetchType().get()) {
585 case LOCAL_PROFILE -> actions.add(new RetrieveProfileAction(account.getSelfRecipientId()));
586 case STORAGE_MANIFEST -> actions.add(SyncStorageDataAction.create());
587 }
588 }
589 if (syncMessage.getKeys().isPresent()) {
590 final var keysMessage = syncMessage.getKeys().get();
591 if (keysMessage.getAccountEntropyPool() != null) {
592 final var aep = keysMessage.getAccountEntropyPool();
593 account.setAccountEntropyPool(aep);
594 actions.add(SyncStorageDataAction.create());
595 } else if (keysMessage.getMaster() != null) {
596 final var masterKey = keysMessage.getMaster();
597 account.setMasterKey(masterKey);
598 actions.add(SyncStorageDataAction.create());
599 } else if (keysMessage.getStorageService() != null) {
600 final var storageKey = keysMessage.getStorageService();
601 account.setStorageKey(storageKey);
602 actions.add(SyncStorageDataAction.create());
603 }
604 if (keysMessage.getMediaRootBackupKey() != null) {
605 final var mrb = keysMessage.getMediaRootBackupKey();
606 account.setMediaRootBackupKey(mrb);
607 actions.add(SyncStorageDataAction.create());
608 }
609 }
610 if (syncMessage.getConfiguration().isPresent()) {
611 final var configurationMessage = syncMessage.getConfiguration().get();
612 final var configurationStore = account.getConfigurationStore();
613 if (configurationMessage.getReadReceipts().isPresent()) {
614 configurationStore.setReadReceipts(configurationMessage.getReadReceipts().get());
615 }
616 if (configurationMessage.getLinkPreviews().isPresent()) {
617 configurationStore.setLinkPreviews(configurationMessage.getLinkPreviews().get());
618 }
619 if (configurationMessage.getTypingIndicators().isPresent()) {
620 configurationStore.setTypingIndicators(configurationMessage.getTypingIndicators().get());
621 }
622 if (configurationMessage.getUnidentifiedDeliveryIndicators().isPresent()) {
623 configurationStore.setUnidentifiedDeliveryIndicators(configurationMessage.getUnidentifiedDeliveryIndicators()
624 .get());
625 }
626 }
627 if (syncMessage.getPniChangeNumber().isPresent()) {
628 final var pniChangeNumber = syncMessage.getPniChangeNumber().get();
629 logger.debug("Received PNI change number sync message, applying.");
630 final var updatedPniString = envelope.getUpdatedPni();
631 if (updatedPniString != null && !updatedPniString.isEmpty()) {
632 final var updatedPni = ServiceId.PNI.parseOrThrow(updatedPniString);
633 context.getAccountHelper().handlePniChangeNumberMessage(pniChangeNumber, updatedPni);
634 }
635 }
636 return actions;
637 }
638
639 private SignalServiceGroupContext getGroupContext(SignalServiceContent content) {
640 if (content == null) {
641 return null;
642 }
643
644 if (content.getDataMessage().isPresent()) {
645 var message = content.getDataMessage().get();
646 if (message.getGroupContext().isPresent()) {
647 return message.getGroupContext().get();
648 }
649 }
650
651 if (content.getStoryMessage().isPresent()) {
652 var message = content.getStoryMessage().get();
653 if (message.getGroupContext().isPresent()) {
654 try {
655 return SignalServiceGroupContext.create(null, message.getGroupContext().get());
656 } catch (InvalidMessageException e) {
657 throw new AssertionError(e);
658 }
659 }
660 }
661
662 return null;
663 }
664
665 private boolean isMessageBlocked(SignalServiceEnvelope envelope, SignalServiceContent content) {
666 SignalServiceAddress source = getSenderAddress(envelope, content);
667 if (source == null) {
668 return false;
669 }
670 final var recipientId = account.getRecipientResolver().resolveRecipient(source);
671 if (context.getContactHelper().isContactBlocked(recipientId)) {
672 return true;
673 }
674
675 final var groupContext = getGroupContext(content);
676 if (groupContext != null) {
677 var groupId = GroupUtils.getGroupId(groupContext);
678 return context.getGroupHelper().isGroupBlocked(groupId);
679 }
680
681 return false;
682 }
683
684 private boolean isNotAllowedToSendToGroup(SignalServiceEnvelope envelope, SignalServiceContent content) {
685 SignalServiceAddress source = getSenderAddress(envelope, content);
686 if (source == null) {
687 return false;
688 }
689
690 final var groupContext = getGroupContext(content);
691 if (groupContext == null) {
692 return false;
693 }
694
695 if (groupContext.getGroupV1().isPresent()) {
696 var groupInfo = groupContext.getGroupV1().get();
697 if (groupInfo.getType() == SignalServiceGroup.Type.QUIT) {
698 return false;
699 }
700 }
701
702 var groupId = GroupUtils.getGroupId(groupContext);
703 var group = context.getGroupHelper().getGroup(groupId);
704 if (group == null) {
705 return false;
706 }
707
708 final var message = content.getDataMessage().orElse(null);
709
710 final var recipientId = account.getRecipientResolver().resolveRecipient(source);
711 if (!group.isMember(recipientId) && !(
712 group.isPendingMember(recipientId) && message != null && message.isGroupV2Update()
713 )) {
714 return true;
715 }
716
717 if (group.isAnnouncementGroup() && !group.isAdmin(recipientId)) {
718 return message == null
719 || message.getBody().isPresent()
720 || message.getAttachments().isPresent()
721 || message.getQuote().isPresent()
722 || message.getPreviews().isPresent()
723 || message.getMentions().isPresent()
724 || message.getSticker().isPresent();
725 }
726 return false;
727 }
728
729 private List<HandleAction> handleSignalServiceDataMessage(
730 SignalServiceDataMessage message,
731 boolean isSync,
732 DeviceAddress source,
733 DeviceAddress destination,
734 boolean ignoreAttachments
735 ) {
736 var actions = new ArrayList<HandleAction>();
737 if (message.getGroupContext().isPresent()) {
738 final var groupContext = message.getGroupContext().get();
739 if (groupContext.getGroupV1().isPresent()) {
740 var groupInfo = groupContext.getGroupV1().get();
741 var groupId = GroupId.v1(groupInfo.getGroupId());
742 var group = context.getGroupHelper().getGroup(groupId);
743 if (group == null || group instanceof GroupInfoV1) {
744 var groupV1 = (GroupInfoV1) group;
745 switch (groupInfo.getType()) {
746 case UPDATE -> {
747 if (groupV1 == null) {
748 groupV1 = new GroupInfoV1(groupId);
749 }
750
751 if (groupInfo.getAvatar().isPresent()) {
752 var avatar = groupInfo.getAvatar().get();
753 context.getGroupHelper().downloadGroupAvatar(groupV1.getGroupId(), avatar);
754 }
755
756 if (groupInfo.getName().isPresent()) {
757 groupV1.name = groupInfo.getName().get();
758 }
759
760 if (groupInfo.getMembers().isPresent()) {
761 final var recipientResolver = account.getRecipientResolver();
762 groupV1.addMembers(groupInfo.getMembers()
763 .get()
764 .stream()
765 .map(recipientResolver::resolveRecipient)
766 .collect(Collectors.toSet()));
767 }
768
769 account.getGroupStore().updateGroup(groupV1);
770 }
771 case DELIVER -> {
772 if (groupV1 == null && !isSync) {
773 actions.add(new SendGroupInfoRequestAction(source.recipientId(), groupId));
774 }
775 }
776 case QUIT -> {
777 if (groupV1 != null) {
778 groupV1.removeMember(source.recipientId());
779 account.getGroupStore().updateGroup(groupV1);
780 }
781 }
782 case REQUEST_INFO -> {
783 if (groupV1 != null && !isSync) {
784 actions.add(new SendGroupInfoAction(source.recipientId(), groupV1.getGroupId()));
785 }
786 }
787 }
788 } else {
789 // Received a group v1 message for a v2 group
790 }
791 }
792 if (groupContext.getGroupV2().isPresent()) {
793 handleGroupV2Context(groupContext.getGroupV2().get());
794 }
795 }
796
797 final var selfAddress = isSync ? source : destination;
798 final var conversationPartnerAddress = isSync ? destination : source;
799 if (conversationPartnerAddress != null && message.isEndSession()) {
800 account.getAccountData(selfAddress.serviceId())
801 .getSessionStore()
802 .deleteAllSessions(conversationPartnerAddress.serviceId());
803 }
804 if (message.isExpirationUpdate() || message.getBody().isPresent()) {
805 if (message.getGroupContext().isPresent()) {
806 final var groupContext = message.getGroupContext().get();
807 if (groupContext.getGroupV1().isPresent()) {
808 var groupInfo = groupContext.getGroupV1().get();
809 var group = account.getGroupStore().getOrCreateGroupV1(GroupId.v1(groupInfo.getGroupId()));
810 if (group != null) {
811 if (group.messageExpirationTime != message.getExpiresInSeconds()) {
812 group.messageExpirationTime = message.getExpiresInSeconds();
813 account.getGroupStore().updateGroup(group);
814 }
815 }
816 } else if (groupContext.getGroupV2().isPresent()) {
817 // disappearing message timer already stored in the DecryptedGroup
818 }
819 } else if (conversationPartnerAddress != null) {
820 context.getContactHelper()
821 .setExpirationTimer(conversationPartnerAddress.recipientId(),
822 message.getExpiresInSeconds(),
823 message.getExpireTimerVersion());
824 }
825 }
826 if (!ignoreAttachments) {
827 if (message.getAttachments().isPresent()) {
828 for (var attachment : message.getAttachments().get()) {
829 context.getAttachmentHelper().downloadAttachment(attachment);
830 }
831 }
832 if (message.getSharedContacts().isPresent()) {
833 for (var contact : message.getSharedContacts().get()) {
834 if (contact.getAvatar().isPresent()) {
835 context.getAttachmentHelper().downloadAttachment(contact.getAvatar().get().getAttachment());
836 }
837 }
838 }
839 if (message.getPreviews().isPresent()) {
840 final var previews = message.getPreviews().get();
841 for (var preview : previews) {
842 if (preview.getImage().isPresent()) {
843 context.getAttachmentHelper().downloadAttachment(preview.getImage().get());
844 }
845 }
846 }
847 if (message.getQuote().isPresent()) {
848 final var quote = message.getQuote().get();
849
850 if (quote.getAttachments() != null) {
851 for (var quotedAttachment : quote.getAttachments()) {
852 final var thumbnail = quotedAttachment.getThumbnail();
853 if (thumbnail != null) {
854 context.getAttachmentHelper().downloadAttachment(thumbnail);
855 }
856 }
857 }
858 }
859 }
860 if (message.getGiftBadge().isPresent()) {
861 handleIncomingGiftBadge(message.getGiftBadge().get());
862 }
863 if (message.getProfileKey().isPresent()) {
864 handleIncomingProfileKey(message.getProfileKey().get(), source.recipientId());
865 }
866 if (message.getSticker().isPresent()) {
867 final var messageSticker = message.getSticker().get();
868 final var stickerPackId = StickerPackId.deserialize(messageSticker.getPackId());
869 var sticker = account.getStickerStore().getStickerPack(stickerPackId);
870 if (sticker == null) {
871 sticker = new StickerPack(stickerPackId, messageSticker.getPackKey());
872 account.getStickerStore().addStickerPack(sticker);
873 }
874 context.getJobExecutor().enqueueJob(new RetrieveStickerPackJob(stickerPackId, messageSticker.getPackKey()));
875 }
876 return actions;
877 }
878
879 private void handleIncomingGiftBadge(final SignalServiceDataMessage.GiftBadge giftBadge) {
880 // TODO
881 }
882
883 private List<HandleAction> handleSignalServiceStoryMessage(
884 SignalServiceStoryMessage message,
885 RecipientId source,
886 boolean ignoreAttachments
887 ) {
888 var actions = new ArrayList<HandleAction>();
889 if (message.getGroupContext().isPresent()) {
890 handleGroupV2Context(message.getGroupContext().get());
891 }
892
893 if (!ignoreAttachments) {
894 if (message.getFileAttachment().isPresent()) {
895 context.getAttachmentHelper().downloadAttachment(message.getFileAttachment().get());
896 }
897 if (message.getTextAttachment().isPresent()) {
898 final var textAttachment = message.getTextAttachment().get();
899 if (textAttachment.getPreview().isPresent()) {
900 final var preview = textAttachment.getPreview().get();
901 if (preview.getImage().isPresent()) {
902 context.getAttachmentHelper().downloadAttachment(preview.getImage().get());
903 }
904 }
905 }
906 }
907
908 if (message.getProfileKey().isPresent()) {
909 handleIncomingProfileKey(message.getProfileKey().get(), source);
910 }
911
912 return actions;
913 }
914
915 private void handleGroupV2Context(final SignalServiceGroupV2 groupContext) {
916 final var groupMasterKey = groupContext.getMasterKey();
917
918 context.getGroupHelper()
919 .getOrMigrateGroup(groupMasterKey,
920 groupContext.getRevision(),
921 groupContext.hasSignedGroupChange() ? groupContext.getSignedGroupChange() : null);
922 }
923
924 private void handleIncomingProfileKey(final byte[] profileKeyBytes, final RecipientId source) {
925 if (profileKeyBytes.length != 32) {
926 logger.debug("Received invalid profile key of length {}", profileKeyBytes.length);
927 return;
928 }
929 final ProfileKey profileKey;
930 try {
931 profileKey = new ProfileKey(profileKeyBytes);
932 } catch (InvalidInputException e) {
933 throw new AssertionError(e);
934 }
935 if (account.getSelfRecipientId().equals(source)) {
936 this.account.setProfileKey(profileKey);
937 }
938 this.account.getProfileStore().storeProfileKey(source, profileKey);
939 }
940
941 private SignalServiceAddress getSenderAddress(SignalServiceEnvelope envelope, SignalServiceContent content) {
942 final var serviceId = envelope.getSourceServiceId().map(ServiceId::parseOrNull).orElse(null);
943 if (!envelope.isUnidentifiedSender() && serviceId != null) {
944 return new SignalServiceAddress(serviceId);
945 } else if (content != null) {
946 return content.getSender();
947 } else {
948 return null;
949 }
950 }
951
952 private DeviceAddress getSender(SignalServiceEnvelope envelope, SignalServiceContent content) {
953 final var serviceId = envelope.getSourceServiceId().map(ServiceId::parseOrNull).orElse(null);
954 if (!envelope.isUnidentifiedSender() && serviceId != null) {
955 return new DeviceAddress(account.getRecipientResolver().resolveRecipient(serviceId),
956 serviceId,
957 envelope.getSourceDevice());
958 } else {
959 return new DeviceAddress(account.getRecipientResolver().resolveRecipient(content.getSender()),
960 content.getSender().getServiceId(),
961 content.getSenderDevice());
962 }
963 }
964
965 private DeviceAddress getDestination(SignalServiceEnvelope envelope) {
966 final var destination = envelope.getDestinationServiceId();
967 if (destination == null || destination.isUnknown()) {
968 return new DeviceAddress(account.getSelfRecipientId(), account.getAci(), account.getDeviceId());
969 }
970 return new DeviceAddress(account.getRecipientResolver().resolveRecipient(destination),
971 destination,
972 account.getDeviceId());
973 }
974
975 private record DeviceAddress(RecipientId recipientId, ServiceId serviceId, int deviceId) {}
976 }
[GitHub/AsamK] signal-cli provides an unofficial commandline, JSON-RPC and dbus interface for the Signal messenger.

Codeberg
GitHub
GitLab
SourceHut