]> nmode's Git Repositories - signal-cli/blob - lib/src/main/java/org/asamk/signal/manager/helper/GroupV2Helper.java
git.nmode.ca / signal-cli / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Implement setting expiration timer for groups
[signal-cli] / lib / src / main / java / org / asamk / signal / manager / helper / GroupV2Helper.java
1 package org.asamk.signal.manager.helper;
2
3 import com.google.protobuf.InvalidProtocolBufferException;
4
5 import org.asamk.signal.manager.groups.GroupLinkPassword;
6 import org.asamk.signal.manager.groups.GroupLinkState;
7 import org.asamk.signal.manager.groups.GroupUtils;
8 import org.asamk.signal.manager.storage.groups.GroupInfoV2;
9 import org.asamk.signal.manager.storage.recipients.Profile;
10 import org.asamk.signal.manager.storage.recipients.RecipientId;
11 import org.asamk.signal.manager.util.IOUtils;
12 import org.signal.storageservice.protos.groups.AccessControl;
13 import org.signal.storageservice.protos.groups.GroupChange;
14 import org.signal.storageservice.protos.groups.Member;
15 import org.signal.storageservice.protos.groups.local.DecryptedGroup;
16 import org.signal.storageservice.protos.groups.local.DecryptedGroupChange;
17 import org.signal.storageservice.protos.groups.local.DecryptedGroupJoinInfo;
18 import org.signal.storageservice.protos.groups.local.DecryptedPendingMember;
19 import org.signal.zkgroup.InvalidInputException;
20 import org.signal.zkgroup.VerificationFailedException;
21 import org.signal.zkgroup.groups.GroupMasterKey;
22 import org.signal.zkgroup.groups.GroupSecretParams;
23 import org.signal.zkgroup.groups.UuidCiphertext;
24 import org.slf4j.Logger;
25 import org.slf4j.LoggerFactory;
26 import org.whispersystems.libsignal.util.Pair;
27 import org.whispersystems.libsignal.util.guava.Optional;
28 import org.whispersystems.signalservice.api.groupsv2.DecryptedGroupUtil;
29 import org.whispersystems.signalservice.api.groupsv2.GroupCandidate;
30 import org.whispersystems.signalservice.api.groupsv2.GroupLinkNotActiveException;
31 import org.whispersystems.signalservice.api.groupsv2.GroupsV2Api;
32 import org.whispersystems.signalservice.api.groupsv2.GroupsV2AuthorizationString;
33 import org.whispersystems.signalservice.api.groupsv2.GroupsV2Operations;
34 import org.whispersystems.signalservice.api.groupsv2.InvalidGroupStateException;
35 import org.whispersystems.signalservice.api.groupsv2.NotAbleToApplyGroupV2ChangeException;
36 import org.whispersystems.signalservice.api.push.SignalServiceAddress;
37 import org.whispersystems.signalservice.api.util.UuidUtil;
38
39 import java.io.File;
40 import java.io.FileInputStream;
41 import java.io.IOException;
42 import java.io.InputStream;
43 import java.util.Set;
44 import java.util.UUID;
45 import java.util.stream.Collectors;
46
47 public class GroupV2Helper {
48
49 private final static Logger logger = LoggerFactory.getLogger(GroupV2Helper.class);
50
51 private final ProfileKeyCredentialProvider profileKeyCredentialProvider;
52
53 private final ProfileProvider profileProvider;
54
55 private final SelfRecipientIdProvider selfRecipientIdProvider;
56
57 private final GroupsV2Operations groupsV2Operations;
58
59 private final GroupsV2Api groupsV2Api;
60
61 private final GroupAuthorizationProvider groupAuthorizationProvider;
62
63 private final SignalServiceAddressResolver addressResolver;
64
65 public GroupV2Helper(
66 final ProfileKeyCredentialProvider profileKeyCredentialProvider,
67 final ProfileProvider profileProvider,
68 final SelfRecipientIdProvider selfRecipientIdProvider,
69 final GroupsV2Operations groupsV2Operations,
70 final GroupsV2Api groupsV2Api,
71 final GroupAuthorizationProvider groupAuthorizationProvider,
72 final SignalServiceAddressResolver addressResolver
73 ) {
74 this.profileKeyCredentialProvider = profileKeyCredentialProvider;
75 this.profileProvider = profileProvider;
76 this.selfRecipientIdProvider = selfRecipientIdProvider;
77 this.groupsV2Operations = groupsV2Operations;
78 this.groupsV2Api = groupsV2Api;
79 this.groupAuthorizationProvider = groupAuthorizationProvider;
80 this.addressResolver = addressResolver;
81 }
82
83 public DecryptedGroup getDecryptedGroup(final GroupSecretParams groupSecretParams) {
84 try {
85 final var groupsV2AuthorizationString = groupAuthorizationProvider.getAuthorizationForToday(
86 groupSecretParams);
87 return groupsV2Api.getGroup(groupSecretParams, groupsV2AuthorizationString);
88 } catch (IOException | VerificationFailedException | InvalidGroupStateException e) {
89 logger.warn("Failed to retrieve Group V2 info, ignoring: {}", e.getMessage());
90 return null;
91 }
92 }
93
94 public DecryptedGroupJoinInfo getDecryptedGroupJoinInfo(
95 GroupMasterKey groupMasterKey, GroupLinkPassword password
96 ) throws IOException, GroupLinkNotActiveException {
97 var groupSecretParams = GroupSecretParams.deriveFromMasterKey(groupMasterKey);
98
99 return groupsV2Api.getGroupJoinInfo(groupSecretParams,
100 Optional.fromNullable(password).transform(GroupLinkPassword::serialize),
101 groupAuthorizationProvider.getAuthorizationForToday(groupSecretParams));
102 }
103
104 public Pair<GroupInfoV2, DecryptedGroup> createGroup(
105 String name, Set<RecipientId> members, File avatarFile
106 ) throws IOException {
107 final var avatarBytes = readAvatarBytes(avatarFile);
108 final var newGroup = buildNewGroup(name, members, avatarBytes);
109 if (newGroup == null) {
110 return null;
111 }
112
113 final var groupSecretParams = newGroup.getGroupSecretParams();
114
115 final GroupsV2AuthorizationString groupAuthForToday;
116 final DecryptedGroup decryptedGroup;
117 try {
118 groupAuthForToday = groupAuthorizationProvider.getAuthorizationForToday(groupSecretParams);
119 groupsV2Api.putNewGroup(newGroup, groupAuthForToday);
120 decryptedGroup = groupsV2Api.getGroup(groupSecretParams, groupAuthForToday);
121 } catch (IOException | VerificationFailedException | InvalidGroupStateException e) {
122 logger.warn("Failed to create V2 group: {}", e.getMessage());
123 return null;
124 }
125 if (decryptedGroup == null) {
126 logger.warn("Failed to create V2 group, unknown error!");
127 return null;
128 }
129
130 final var groupId = GroupUtils.getGroupIdV2(groupSecretParams);
131 final var masterKey = groupSecretParams.getMasterKey();
132 var g = new GroupInfoV2(groupId, masterKey);
133
134 return new Pair<>(g, decryptedGroup);
135 }
136
137 private byte[] readAvatarBytes(final File avatarFile) throws IOException {
138 final byte[] avatarBytes;
139 try (InputStream avatar = avatarFile == null ? null : new FileInputStream(avatarFile)) {
140 avatarBytes = avatar == null ? null : IOUtils.readFully(avatar);
141 }
142 return avatarBytes;
143 }
144
145 private GroupsV2Operations.NewGroup buildNewGroup(
146 String name, Set<RecipientId> members, byte[] avatar
147 ) {
148 final var profileKeyCredential = profileKeyCredentialProvider.getProfileKeyCredential(selfRecipientIdProvider.getSelfRecipientId());
149 if (profileKeyCredential == null) {
150 logger.warn("Cannot create a V2 group as self does not have a versioned profile");
151 return null;
152 }
153
154 if (!areMembersValid(members)) return null;
155
156 var self = new GroupCandidate(addressResolver.resolveSignalServiceAddress(selfRecipientIdProvider.getSelfRecipientId())
157 .getUuid()
158 .orNull(), Optional.fromNullable(profileKeyCredential));
159 var candidates = members.stream()
160 .map(member -> new GroupCandidate(addressResolver.resolveSignalServiceAddress(member).getUuid().get(),
161 Optional.fromNullable(profileKeyCredentialProvider.getProfileKeyCredential(member))))
162 .collect(Collectors.toSet());
163
164 final var groupSecretParams = GroupSecretParams.generate();
165 return groupsV2Operations.createNewGroup(groupSecretParams,
166 name,
167 Optional.fromNullable(avatar),
168 self,
169 candidates,
170 Member.Role.DEFAULT,
171 0);
172 }
173
174 private boolean areMembersValid(final Set<RecipientId> members) {
175 final var noUuidCapability = members.stream()
176 .map(addressResolver::resolveSignalServiceAddress)
177 .filter(address -> !address.getUuid().isPresent())
178 .map(SignalServiceAddress::getLegacyIdentifier)
179 .collect(Collectors.toSet());
180 if (noUuidCapability.size() > 0) {
181 logger.warn("Cannot create a V2 group as some members don't have a UUID: {}",
182 String.join(", ", noUuidCapability));
183 return false;
184 }
185
186 final var noGv2Capability = members.stream()
187 .map(profileProvider::getProfile)
188 .filter(profile -> profile != null && !profile.getCapabilities().contains(Profile.Capability.gv2))
189 .collect(Collectors.toSet());
190 if (noGv2Capability.size() > 0) {
191 logger.warn("Cannot create a V2 group as some members don't support Groups V2: {}",
192 noGv2Capability.stream().map(Profile::getDisplayName).collect(Collectors.joining(", ")));
193 return false;
194 }
195
196 return true;
197 }
198
199 public Pair<DecryptedGroup, GroupChange> updateGroup(
200 GroupInfoV2 groupInfoV2, String name, String description, File avatarFile
201 ) throws IOException {
202 final var groupSecretParams = GroupSecretParams.deriveFromMasterKey(groupInfoV2.getMasterKey());
203 var groupOperations = groupsV2Operations.forGroup(groupSecretParams);
204
205 var change = name != null ? groupOperations.createModifyGroupTitle(name) : GroupChange.Actions.newBuilder();
206
207 if (description != null) {
208 change.setModifyDescription(groupOperations.createModifyGroupDescription(description));
209 }
210
211 if (avatarFile != null) {
212 final var avatarBytes = readAvatarBytes(avatarFile);
213 var avatarCdnKey = groupsV2Api.uploadAvatar(avatarBytes,
214 groupSecretParams,
215 groupAuthorizationProvider.getAuthorizationForToday(groupSecretParams));
216 change.setModifyAvatar(GroupChange.Actions.ModifyAvatarAction.newBuilder().setAvatar(avatarCdnKey));
217 }
218
219 final var uuid = addressResolver.resolveSignalServiceAddress(this.selfRecipientIdProvider.getSelfRecipientId())
220 .getUuid();
221 if (uuid.isPresent()) {
222 change.setSourceUuid(UuidUtil.toByteString(uuid.get()));
223 }
224
225 return commitChange(groupInfoV2, change);
226 }
227
228 public Pair<DecryptedGroup, GroupChange> addMembers(
229 GroupInfoV2 groupInfoV2, Set<RecipientId> newMembers
230 ) throws IOException {
231 GroupsV2Operations.GroupOperations groupOperations = getGroupOperations(groupInfoV2);
232
233 if (!areMembersValid(newMembers)) {
234 throw new IOException("Failed to update group");
235 }
236
237 var candidates = newMembers.stream()
238 .map(member -> new GroupCandidate(addressResolver.resolveSignalServiceAddress(member).getUuid().get(),
239 Optional.fromNullable(profileKeyCredentialProvider.getProfileKeyCredential(member))))
240 .collect(Collectors.toSet());
241
242 final var uuid = addressResolver.resolveSignalServiceAddress(selfRecipientIdProvider.getSelfRecipientId())
243 .getUuid()
244 .get();
245 final var change = groupOperations.createModifyGroupMembershipChange(candidates, uuid);
246
247 change.setSourceUuid(UuidUtil.toByteString(uuid));
248
249 return commitChange(groupInfoV2, change);
250 }
251
252 public Pair<DecryptedGroup, GroupChange> leaveGroup(GroupInfoV2 groupInfoV2) throws IOException {
253 var pendingMembersList = groupInfoV2.getGroup().getPendingMembersList();
254 final var selfUuid = addressResolver.resolveSignalServiceAddress(selfRecipientIdProvider.getSelfRecipientId())
255 .getUuid()
256 .get();
257 var selfPendingMember = DecryptedGroupUtil.findPendingByUuid(pendingMembersList, selfUuid);
258
259 if (selfPendingMember.isPresent()) {
260 return revokeInvites(groupInfoV2, Set.of(selfPendingMember.get()));
261 } else {
262 return ejectMembers(groupInfoV2, Set.of(selfUuid));
263 }
264 }
265
266 public Pair<DecryptedGroup, GroupChange> removeMembers(
267 GroupInfoV2 groupInfoV2, Set<RecipientId> members
268 ) throws IOException {
269 final var memberUuids = members.stream()
270 .map(addressResolver::resolveSignalServiceAddress)
271 .map(SignalServiceAddress::getUuid)
272 .filter(Optional::isPresent)
273 .map(Optional::get)
274 .collect(Collectors.toSet());
275 return ejectMembers(groupInfoV2, memberUuids);
276 }
277
278 public Pair<DecryptedGroup, GroupChange> revokeInvitedMembers(
279 GroupInfoV2 groupInfoV2, Set<RecipientId> members
280 ) throws IOException {
281 var pendingMembersList = groupInfoV2.getGroup().getPendingMembersList();
282 final var memberUuids = members.stream()
283 .map(addressResolver::resolveSignalServiceAddress)
284 .map(SignalServiceAddress::getUuid)
285 .filter(Optional::isPresent)
286 .map(Optional::get)
287 .map(uuid -> DecryptedGroupUtil.findPendingByUuid(pendingMembersList, uuid))
288 .filter(Optional::isPresent)
289 .map(Optional::get)
290 .collect(Collectors.toSet());
291 return revokeInvites(groupInfoV2, memberUuids);
292 }
293
294 public Pair<DecryptedGroup, GroupChange> resetGroupLinkPassword(GroupInfoV2 groupInfoV2) throws IOException {
295 final GroupsV2Operations.GroupOperations groupOperations = getGroupOperations(groupInfoV2);
296 final var newGroupLinkPassword = GroupLinkPassword.createNew().serialize();
297 final var change = groupOperations.createModifyGroupLinkPasswordChange(newGroupLinkPassword);
298 return commitChange(groupInfoV2, change);
299 }
300
301 public Pair<DecryptedGroup, GroupChange> setGroupLinkState(
302 GroupInfoV2 groupInfoV2, GroupLinkState state
303 ) throws IOException {
304 final GroupsV2Operations.GroupOperations groupOperations = getGroupOperations(groupInfoV2);
305
306 final var accessRequired = toAccessControl(state);
307 final var requiresNewPassword = state != GroupLinkState.DISABLED && groupInfoV2.getGroup()
308 .getInviteLinkPassword()
309 .isEmpty();
310
311 final var change = requiresNewPassword ? groupOperations.createModifyGroupLinkPasswordAndRightsChange(
312 GroupLinkPassword.createNew().serialize(),
313 accessRequired) : groupOperations.createChangeJoinByLinkRights(accessRequired);
314 return commitChange(groupInfoV2, change);
315 }
316
317 public GroupChange joinGroup(
318 GroupMasterKey groupMasterKey,
319 GroupLinkPassword groupLinkPassword,
320 DecryptedGroupJoinInfo decryptedGroupJoinInfo
321 ) throws IOException {
322 final var groupSecretParams = GroupSecretParams.deriveFromMasterKey(groupMasterKey);
323 final var groupOperations = groupsV2Operations.forGroup(groupSecretParams);
324
325 final var selfRecipientId = this.selfRecipientIdProvider.getSelfRecipientId();
326 final var profileKeyCredential = profileKeyCredentialProvider.getProfileKeyCredential(selfRecipientId);
327 if (profileKeyCredential == null) {
328 throw new IOException("Cannot join a V2 group as self does not have a versioned profile");
329 }
330
331 var requestToJoin = decryptedGroupJoinInfo.getAddFromInviteLink() == AccessControl.AccessRequired.ADMINISTRATOR;
332 var change = requestToJoin
333 ? groupOperations.createGroupJoinRequest(profileKeyCredential)
334 : groupOperations.createGroupJoinDirect(profileKeyCredential);
335
336 change.setSourceUuid(UuidUtil.toByteString(addressResolver.resolveSignalServiceAddress(selfRecipientId)
337 .getUuid()
338 .get()));
339
340 return commitChange(groupSecretParams, decryptedGroupJoinInfo.getRevision(), change, groupLinkPassword);
341 }
342
343 public Pair<DecryptedGroup, GroupChange> acceptInvite(GroupInfoV2 groupInfoV2) throws IOException {
344 final GroupsV2Operations.GroupOperations groupOperations = getGroupOperations(groupInfoV2);
345
346 final var selfRecipientId = this.selfRecipientIdProvider.getSelfRecipientId();
347 final var profileKeyCredential = profileKeyCredentialProvider.getProfileKeyCredential(selfRecipientId);
348 if (profileKeyCredential == null) {
349 throw new IOException("Cannot join a V2 group as self does not have a versioned profile");
350 }
351
352 final var change = groupOperations.createAcceptInviteChange(profileKeyCredential);
353
354 final var uuid = addressResolver.resolveSignalServiceAddress(selfRecipientId).getUuid();
355 if (uuid.isPresent()) {
356 change.setSourceUuid(UuidUtil.toByteString(uuid.get()));
357 }
358
359 return commitChange(groupInfoV2, change);
360 }
361
362 public Pair<DecryptedGroup, GroupChange> setMemberAdmin(
363 GroupInfoV2 groupInfoV2, RecipientId recipientId, boolean admin
364 ) throws IOException {
365 final GroupsV2Operations.GroupOperations groupOperations = getGroupOperations(groupInfoV2);
366 final var address = addressResolver.resolveSignalServiceAddress(recipientId);
367 final var newRole = admin ? Member.Role.ADMINISTRATOR : Member.Role.DEFAULT;
368 final var change = groupOperations.createChangeMemberRole(address.getUuid().get(), newRole);
369 return commitChange(groupInfoV2, change);
370 }
371
372 public Pair<DecryptedGroup, GroupChange> setMessageExpirationTimer(
373 GroupInfoV2 groupInfoV2, int messageExpirationTimer
374 ) throws IOException {
375 final GroupsV2Operations.GroupOperations groupOperations = getGroupOperations(groupInfoV2);
376 final var change = groupOperations.createModifyGroupTimerChange(messageExpirationTimer);
377 return commitChange(groupInfoV2, change);
378 }
379
380 private AccessControl.AccessRequired toAccessControl(final GroupLinkState state) {
381 switch (state) {
382 case DISABLED:
383 return AccessControl.AccessRequired.UNSATISFIABLE;
384 case ENABLED:
385 return AccessControl.AccessRequired.ANY;
386 case ENABLED_WITH_APPROVAL:
387 return AccessControl.AccessRequired.ADMINISTRATOR;
388 default:
389 throw new AssertionError();
390 }
391 }
392
393 private GroupsV2Operations.GroupOperations getGroupOperations(final GroupInfoV2 groupInfoV2) {
394 final var groupSecretParams = GroupSecretParams.deriveFromMasterKey(groupInfoV2.getMasterKey());
395 return groupsV2Operations.forGroup(groupSecretParams);
396 }
397
398 private Pair<DecryptedGroup, GroupChange> revokeInvites(
399 GroupInfoV2 groupInfoV2, Set<DecryptedPendingMember> pendingMembers
400 ) throws IOException {
401 final GroupsV2Operations.GroupOperations groupOperations = getGroupOperations(groupInfoV2);
402 final var uuidCipherTexts = pendingMembers.stream().map(member -> {
403 try {
404 return new UuidCiphertext(member.getUuidCipherText().toByteArray());
405 } catch (InvalidInputException e) {
406 throw new AssertionError(e);
407 }
408 }).collect(Collectors.toSet());
409 return commitChange(groupInfoV2, groupOperations.createRemoveInvitationChange(uuidCipherTexts));
410 }
411
412 private Pair<DecryptedGroup, GroupChange> ejectMembers(
413 GroupInfoV2 groupInfoV2, Set<UUID> uuids
414 ) throws IOException {
415 final GroupsV2Operations.GroupOperations groupOperations = getGroupOperations(groupInfoV2);
416 return commitChange(groupInfoV2, groupOperations.createRemoveMembersChange(uuids));
417 }
418
419 private Pair<DecryptedGroup, GroupChange> commitChange(
420 GroupInfoV2 groupInfoV2, GroupChange.Actions.Builder change
421 ) throws IOException {
422 final var groupSecretParams = GroupSecretParams.deriveFromMasterKey(groupInfoV2.getMasterKey());
423 final var groupOperations = groupsV2Operations.forGroup(groupSecretParams);
424 final var previousGroupState = groupInfoV2.getGroup();
425 final var nextRevision = previousGroupState.getRevision() + 1;
426 final var changeActions = change.setRevision(nextRevision).build();
427 final DecryptedGroupChange decryptedChange;
428 final DecryptedGroup decryptedGroupState;
429
430 try {
431 decryptedChange = groupOperations.decryptChange(changeActions,
432 addressResolver.resolveSignalServiceAddress(selfRecipientIdProvider.getSelfRecipientId())
433 .getUuid()
434 .get());
435 decryptedGroupState = DecryptedGroupUtil.apply(previousGroupState, decryptedChange);
436 } catch (VerificationFailedException | InvalidGroupStateException | NotAbleToApplyGroupV2ChangeException e) {
437 throw new IOException(e);
438 }
439
440 var signedGroupChange = groupsV2Api.patchGroup(changeActions,
441 groupAuthorizationProvider.getAuthorizationForToday(groupSecretParams),
442 Optional.absent());
443
444 return new Pair<>(decryptedGroupState, signedGroupChange);
445 }
446
447 private GroupChange commitChange(
448 GroupSecretParams groupSecretParams,
449 int currentRevision,
450 GroupChange.Actions.Builder change,
451 GroupLinkPassword password
452 ) throws IOException {
453 final var nextRevision = currentRevision + 1;
454 final var changeActions = change.setRevision(nextRevision).build();
455
456 return groupsV2Api.patchGroup(changeActions,
457 groupAuthorizationProvider.getAuthorizationForToday(groupSecretParams),
458 Optional.fromNullable(password).transform(GroupLinkPassword::serialize));
459 }
460
461 public DecryptedGroup getUpdatedDecryptedGroup(
462 DecryptedGroup group, byte[] signedGroupChange, GroupMasterKey groupMasterKey
463 ) {
464 try {
465 final var decryptedGroupChange = getDecryptedGroupChange(signedGroupChange, groupMasterKey);
466 if (decryptedGroupChange == null) {
467 return null;
468 }
469 return DecryptedGroupUtil.apply(group, decryptedGroupChange);
470 } catch (NotAbleToApplyGroupV2ChangeException e) {
471 return null;
472 }
473 }
474
475 private DecryptedGroupChange getDecryptedGroupChange(byte[] signedGroupChange, GroupMasterKey groupMasterKey) {
476 if (signedGroupChange != null) {
477 var groupOperations = groupsV2Operations.forGroup(GroupSecretParams.deriveFromMasterKey(groupMasterKey));
478
479 try {
480 return groupOperations.decryptChange(GroupChange.parseFrom(signedGroupChange), true).orNull();
481 } catch (VerificationFailedException | InvalidGroupStateException | InvalidProtocolBufferException e) {
482 return null;
483 }
484 }
485
486 return null;
487 }
488 }
[GitHub/AsamK] signal-cli provides an unofficial commandline, JSON-RPC and dbus interface for the Signal messenger.

Codeberg
GitHub
GitLab
SourceHut