nmode's Git Repositories - signal-cli/blob - lib/src/main/java/org/asamk/signal/manager/helper/IncomingMessageHandler.java

   1 package org.asamk.signal.manager.helper;
   2
   3 import org.asamk.signal.manager.Manager;
   4 import org.asamk.signal.manager.actions.HandleAction;
   5 import org.asamk.signal.manager.actions.RefreshPreKeysAction;
   6 import org.asamk.signal.manager.actions.RenewSessionAction;
   7 import org.asamk.signal.manager.actions.ResendMessageAction;
   8 import org.asamk.signal.manager.actions.RetrieveProfileAction;
   9 import org.asamk.signal.manager.actions.RetrieveStorageDataAction;
  10 import org.asamk.signal.manager.actions.SendGroupInfoAction;
  11 import org.asamk.signal.manager.actions.SendGroupInfoRequestAction;
  12 import org.asamk.signal.manager.actions.SendProfileKeyAction;
  13 import org.asamk.signal.manager.actions.SendReceiptAction;
  14 import org.asamk.signal.manager.actions.SendRetryMessageRequestAction;
  15 import org.asamk.signal.manager.actions.SendSyncBlockedListAction;
  16 import org.asamk.signal.manager.actions.SendSyncConfigurationAction;
  17 import org.asamk.signal.manager.actions.SendSyncContactsAction;
  18 import org.asamk.signal.manager.actions.SendSyncGroupsAction;
  19 import org.asamk.signal.manager.actions.SendSyncKeysAction;
  20 import org.asamk.signal.manager.actions.UpdateAccountAttributesAction;
  21 import org.asamk.signal.manager.api.GroupId;
  22 import org.asamk.signal.manager.api.GroupNotFoundException;
  23 import org.asamk.signal.manager.api.MessageEnvelope;
  24 import org.asamk.signal.manager.api.Pair;
  25 import org.asamk.signal.manager.api.Profile;
  26 import org.asamk.signal.manager.api.ReceiveConfig;
  27 import org.asamk.signal.manager.api.StickerPackId;
  28 import org.asamk.signal.manager.api.TrustLevel;
  29 import org.asamk.signal.manager.api.UntrustedIdentityException;
  30 import org.asamk.signal.manager.groups.GroupUtils;
  31 import org.asamk.signal.manager.internal.SignalDependencies;
  32 import org.asamk.signal.manager.jobs.RetrieveStickerPackJob;
  33 import org.asamk.signal.manager.storage.SignalAccount;
  34 import org.asamk.signal.manager.storage.groups.GroupInfoV1;
  35 import org.asamk.signal.manager.storage.recipients.RecipientId;
  36 import org.asamk.signal.manager.storage.stickers.StickerPack;
  37 import org.signal.libsignal.metadata.ProtocolInvalidKeyException;
  38 import org.signal.libsignal.metadata.ProtocolInvalidKeyIdException;
  39 import org.signal.libsignal.metadata.ProtocolInvalidMessageException;
  40 import org.signal.libsignal.metadata.ProtocolNoSessionException;
  41 import org.signal.libsignal.metadata.ProtocolUntrustedIdentityException;
  42 import org.signal.libsignal.metadata.SelfSendException;
  43 import org.signal.libsignal.protocol.IdentityKeyPair;
  44 import org.signal.libsignal.protocol.InvalidMessageException;
  45 import org.signal.libsignal.protocol.groups.GroupSessionBuilder;
  46 import org.signal.libsignal.protocol.message.DecryptionErrorMessage;
  47 import org.signal.libsignal.protocol.state.KyberPreKeyRecord;
  48 import org.signal.libsignal.protocol.state.SignedPreKeyRecord;
  49 import org.signal.libsignal.zkgroup.InvalidInputException;
  50 import org.signal.libsignal.zkgroup.profiles.ProfileKey;
  51 import org.slf4j.Logger;
  52 import org.slf4j.LoggerFactory;
  53 import org.whispersystems.signalservice.api.InvalidMessageStructureException;
  54 import org.whispersystems.signalservice.api.crypto.SignalGroupSessionBuilder;
  55 import org.whispersystems.signalservice.api.crypto.SignalServiceCipherResult;
  56 import org.whispersystems.signalservice.api.messages.EnvelopeContentValidator;
  57 import org.whispersystems.signalservice.api.messages.SignalServiceContent;
  58 import org.whispersystems.signalservice.api.messages.SignalServiceDataMessage;
  59 import org.whispersystems.signalservice.api.messages.SignalServiceEnvelope;
  60 import org.whispersystems.signalservice.api.messages.SignalServiceGroup;
  61 import org.whispersystems.signalservice.api.messages.SignalServiceGroupContext;
  62 import org.whispersystems.signalservice.api.messages.SignalServiceGroupV2;
  63 import org.whispersystems.signalservice.api.messages.SignalServiceMetadata;
  64 import org.whispersystems.signalservice.api.messages.SignalServicePniSignatureMessage;
  65 import org.whispersystems.signalservice.api.messages.SignalServiceReceiptMessage;
  66 import org.whispersystems.signalservice.api.messages.SignalServiceStoryMessage;
  67 import org.whispersystems.signalservice.api.messages.multidevice.SignalServiceSyncMessage;
  68 import org.whispersystems.signalservice.api.messages.multidevice.StickerPackOperationMessage;
  69 import org.whispersystems.signalservice.api.push.ServiceId;
  70 import org.whispersystems.signalservice.api.push.ServiceId.ACI;
  71 import org.whispersystems.signalservice.api.push.ServiceId.PNI;
  72 import org.whispersystems.signalservice.api.push.SignalServiceAddress;
  73 import org.whispersystems.signalservice.internal.push.Envelope;
  74 import org.whispersystems.signalservice.internal.push.UnsupportedDataMessageException;
  75
  76 import java.util.ArrayList;
  77 import java.util.List;
  78 import java.util.Optional;
  79 import java.util.stream.Collectors;
  80
  81 public final class IncomingMessageHandler {
  82
  83     private final static Logger logger = LoggerFactory.getLogger(IncomingMessageHandler.class);
  84
  85     private final SignalAccount account;
  86     private final SignalDependencies dependencies;
  87     private final Context context;
  88
  89     public IncomingMessageHandler(final Context context) {
  90         this.account = context.getAccount();
  91         this.dependencies = context.getDependencies();
  92         this.context = context;
  93     }
  94
  95     public Pair<List<HandleAction>, Exception> handleRetryEnvelope(
  96             final SignalServiceEnvelope envelope,
  97             final ReceiveConfig receiveConfig,
  98             final Manager.ReceiveMessageHandler handler
  99     ) {
 100         final List<HandleAction> actions = new ArrayList<>();
 101         if (envelope.isPreKeySignalMessage()) {
 102             actions.add(RefreshPreKeysAction.create());
 103         }
 104
 105         SignalServiceContent content = null;
 106         if (!envelope.isReceipt()) {
 107             account.getIdentityKeyStore().setRetryingDecryption(true);
 108             try {
 109                 final var cipherResult = dependencies.getCipher()
 110                         .decrypt(envelope.getProto(), envelope.getServerDeliveredTimestamp());
 111                 content = validate(envelope.getProto(), cipherResult, envelope.getServerDeliveredTimestamp());
 112                 if (content == null) {
 113                     return new Pair<>(List.of(), null);
 114                 }
 115             } catch (ProtocolUntrustedIdentityException e) {
 116                 final var recipientId = account.getRecipientResolver().resolveRecipient(e.getSender());
 117                 final var exception = new UntrustedIdentityException(account.getRecipientAddressResolver()
 118                         .resolveRecipientAddress(recipientId)
 119                         .toApiRecipientAddress(), e.getSenderDevice());
 120                 return new Pair<>(List.of(), exception);
 121             } catch (Exception e) {
 122                 return new Pair<>(List.of(), e);
 123             } finally {
 124                 account.getIdentityKeyStore().setRetryingDecryption(false);
 125             }
 126         }
 127         actions.addAll(checkAndHandleMessage(envelope, content, receiveConfig, handler, null));
 128         return new Pair<>(actions, null);
 129     }
 130
 131     public Pair<List<HandleAction>, Exception> handleEnvelope(
 132             final SignalServiceEnvelope envelope,
 133             final ReceiveConfig receiveConfig,
 134             final Manager.ReceiveMessageHandler handler
 135     ) {
 136         final var actions = new ArrayList<HandleAction>();
 137         SignalServiceContent content = null;
 138         Exception exception = null;
 139         try {
 140             if (envelope.hasSourceServiceId()) {
 141                 // Store uuid if we don't have it already
 142                 // uuid in envelope is sent by server
 143                 account.getRecipientTrustedResolver().resolveRecipientTrusted(envelope.getSourceAddress());
 144             }
 145         } catch (Exception e) {
 146             exception = e;
 147         }
 148         if (!envelope.isReceipt()) {
 149             try {
 150                 final var cipherResult = dependencies.getCipher()
 151                         .decrypt(envelope.getProto(), envelope.getServerDeliveredTimestamp());
 152                 content = validate(envelope.getProto(), cipherResult, envelope.getServerDeliveredTimestamp());
 153                 if (content == null) {
 154                     return new Pair<>(List.of(), null);
 155                 }
 156             } catch (ProtocolUntrustedIdentityException e) {
 157                 final var recipientId = account.getRecipientResolver().resolveRecipient(e.getSender());
 158                 actions.add(new RetrieveProfileAction(recipientId));
 159                 exception = new UntrustedIdentityException(account.getRecipientAddressResolver()
 160                         .resolveRecipientAddress(recipientId)
 161                         .toApiRecipientAddress(), e.getSenderDevice());
 162             } catch (ProtocolInvalidKeyIdException | ProtocolInvalidKeyException | ProtocolNoSessionException |
 163                      ProtocolInvalidMessageException e) {
 164                 logger.debug("Failed to decrypt incoming message", e);
 165                 final var sender = account.getRecipientResolver().resolveRecipient(e.getSender());
 166                 if (context.getContactHelper().isContactBlocked(sender)) {
 167                     logger.debug("Received invalid message from blocked contact, ignoring.");
 168                 } else {
 169                     final var senderProfile = context.getProfileHelper().getRecipientProfile(sender);
 170                     final var selfProfile = context.getProfileHelper().getSelfProfile();
 171                     var serviceId = ServiceId.parseOrNull(e.getSender());
 172                     if (serviceId == null) {
 173                         // Workaround for libsignal-client issue #492
 174                         serviceId = account.getRecipientAddressResolver()
 175                                 .resolveRecipientAddress(sender)
 176                                 .serviceId()
 177                                 .orElse(null);
 178                     }
 179                     if (serviceId != null) {
 180                         final var isSelf = sender.equals(account.getSelfRecipientId())
 181                                 && e.getSenderDevice() == account.getDeviceId();
 182                         final var isSenderSenderKeyCapable = senderProfile != null && senderProfile.getCapabilities()
 183                                 .contains(Profile.Capability.senderKey);
 184                         final var isSelfSenderKeyCapable = selfProfile != null && selfProfile.getCapabilities()
 185                                 .contains(Profile.Capability.senderKey);
 186                         final var destination = getDestination(envelope).serviceId();
 187                         if (!isSelf && isSenderSenderKeyCapable && isSelfSenderKeyCapable) {
 188                             logger.debug("Received invalid message, requesting message resend.");
 189                             actions.add(new SendRetryMessageRequestAction(sender, serviceId, e, envelope, destination));
 190                         } else {
 191                             logger.debug("Received invalid message, queuing renew session action.");
 192                             actions.add(new RenewSessionAction(sender, serviceId, destination));
 193                         }
 194                     } else {
 195                         logger.debug("Received invalid message from invalid sender: {}", e.getSender());
 196                     }
 197                 }
 198                 exception = e;
 199             } catch (SelfSendException e) {
 200                 logger.debug("Dropping unidentified message from self.");
 201                 return new Pair<>(List.of(), null);
 202             } catch (Exception e) {
 203                 logger.debug("Failed to handle incoming message", e);
 204                 exception = e;
 205             }
 206         }
 207
 208         actions.addAll(checkAndHandleMessage(envelope, content, receiveConfig, handler, exception));
 209         return new Pair<>(actions, exception);
 210     }
 211
 212     private SignalServiceContent validate(
 213             Envelope envelope, SignalServiceCipherResult cipherResult, long serverDeliveredTimestamp
 214     ) throws ProtocolInvalidKeyException, ProtocolInvalidMessageException, UnsupportedDataMessageException, InvalidMessageStructureException {
 215         final var content = cipherResult.getContent();
 216         final var envelopeMetadata = cipherResult.getMetadata();
 217         final var validationResult = EnvelopeContentValidator.INSTANCE.validate(envelope, content);
 218
 219         if (validationResult instanceof EnvelopeContentValidator.Result.Invalid v) {
 220             logger.warn("Invalid content! {}", v.getReason(), v.getThrowable());
 221             return null;
 222         }
 223
 224         if (validationResult instanceof EnvelopeContentValidator.Result.UnsupportedDataMessage v) {
 225             logger.warn("Unsupported DataMessage! Our version: {}, their version: {}",
 226                     v.getOurVersion(),
 227                     v.getTheirVersion());
 228             return null;
 229         }
 230
 231         final var localAddress = new SignalServiceAddress(envelopeMetadata.getDestinationServiceId(),
 232                 Optional.ofNullable(account.getNumber()));
 233         final var metadata = new SignalServiceMetadata(new SignalServiceAddress(envelopeMetadata.getSourceServiceId(),
 234                 Optional.ofNullable(envelopeMetadata.getSourceE164())),
 235                 envelopeMetadata.getSourceDeviceId(),
 236                 envelope.timestamp,
 237                 envelope.serverTimestamp,
 238                 serverDeliveredTimestamp,
 239                 envelopeMetadata.getSealedSender(),
 240                 envelope.serverGuid,
 241                 Optional.ofNullable(envelopeMetadata.getGroupId()),
 242                 envelopeMetadata.getDestinationServiceId().toString());
 243
 244         return SignalServiceContent.createFrom(localAddress, metadata, content);
 245     }
 246
 247     private List<HandleAction> checkAndHandleMessage(
 248             final SignalServiceEnvelope envelope,
 249             final SignalServiceContent content,
 250             final ReceiveConfig receiveConfig,
 251             final Manager.ReceiveMessageHandler handler,
 252             final Exception exception
 253     ) {
 254         if (content != null) {
 255             // Store uuid if we don't have it already
 256             // address/uuid is validated by unidentified sender certificate
 257
 258             boolean handledPniSignature = false;
 259             if (content.getPniSignatureMessage().isPresent()) {
 260                 final var message = content.getPniSignatureMessage().get();
 261                 final var senderAddress = getSenderAddress(envelope, content);
 262                 if (senderAddress != null) {
 263                     handledPniSignature = handlePniSignatureMessage(message, senderAddress);
 264                 }
 265             }
 266             if (!handledPniSignature) {
 267                 account.getRecipientTrustedResolver().resolveRecipientTrusted(content.getSender());
 268             }
 269         }
 270         if (envelope.isReceipt()) {
 271             final var senderDeviceAddress = getSender(envelope, content);
 272             final var sender = senderDeviceAddress.serviceId();
 273             final var senderDeviceId = senderDeviceAddress.deviceId();
 274             account.getMessageSendLogStore().deleteEntryForRecipient(envelope.getTimestamp(), sender, senderDeviceId);
 275         }
 276
 277         var notAllowedToSendToGroup = isNotAllowedToSendToGroup(envelope, content);
 278         final var groupContext = getGroupContext(content);
 279         if (groupContext != null && groupContext.getGroupV2().isPresent()) {
 280             handleGroupV2Context(groupContext.getGroupV2().get());
 281         }
 282         // Check again in case the user just joined the group
 283         notAllowedToSendToGroup = notAllowedToSendToGroup && isNotAllowedToSendToGroup(envelope, content);
 284
 285         if (isMessageBlocked(envelope, content)) {
 286             logger.info("Ignoring a message from blocked user/group: {}", envelope.getTimestamp());
 287             return List.of();
 288         } else if (notAllowedToSendToGroup) {
 289             final var senderAddress = getSenderAddress(envelope, content);
 290             logger.info("Ignoring a group message from an unauthorized sender (no member or admin): {} {}",
 291                     senderAddress == null ? null : senderAddress.getIdentifier(),
 292                     envelope.getTimestamp());
 293             return List.of();
 294         } else {
 295             List<HandleAction> actions;
 296             if (content != null) {
 297                 actions = handleMessage(envelope, content, receiveConfig);
 298             } else {
 299                 actions = List.of();
 300             }
 301             handler.handleMessage(MessageEnvelope.from(envelope,
 302                     content,
 303                     account.getRecipientResolver(),
 304                     account.getRecipientAddressResolver(),
 305                     context.getAttachmentHelper()::getAttachmentFile,
 306                     exception), exception);
 307             return actions;
 308         }
 309     }
 310
 311     public List<HandleAction> handleMessage(
 312             SignalServiceEnvelope envelope, SignalServiceContent content, ReceiveConfig receiveConfig
 313     ) {
 314         var actions = new ArrayList<HandleAction>();
 315         final var senderDeviceAddress = getSender(envelope, content);
 316         final var sender = senderDeviceAddress.recipientId();
 317         final var senderServiceId = senderDeviceAddress.serviceId();
 318         final var senderDeviceId = senderDeviceAddress.deviceId();
 319         final var destination = getDestination(envelope);
 320
 321         if (content.getReceiptMessage().isPresent()) {
 322             final var message = content.getReceiptMessage().get();
 323             if (message.isDeliveryReceipt()) {
 324                 account.getMessageSendLogStore()
 325                         .deleteEntriesForRecipient(message.getTimestamps(), senderServiceId, senderDeviceId);
 326             }
 327         }
 328
 329         if (content.getSenderKeyDistributionMessage().isPresent()) {
 330             final var message = content.getSenderKeyDistributionMessage().get();
 331             final var protocolAddress = senderServiceId.toProtocolAddress(senderDeviceId);
 332             logger.debug("Received a sender key distribution message for distributionId {} from {}",
 333                     message.getDistributionId(),
 334                     protocolAddress);
 335             new SignalGroupSessionBuilder(dependencies.getSessionLock(),
 336                     new GroupSessionBuilder(account.getSenderKeyStore())).process(protocolAddress, message);
 337         }
 338
 339         if (content.getDecryptionErrorMessage().isPresent()) {
 340             var message = content.getDecryptionErrorMessage().get();
 341             logger.debug("Received a decryption error message from {}.{} (resend request for {})",
 342                     sender,
 343                     senderDeviceId,
 344                     message.getTimestamp());
 345             if (message.getDeviceId() == account.getDeviceId()) {
 346                 handleDecryptionErrorMessage(actions,
 347                         sender,
 348                         senderServiceId,
 349                         senderDeviceId,
 350                         message,
 351                         destination.serviceId());
 352             } else {
 353                 logger.debug("Request is for another one of our devices");
 354             }
 355         }
 356
 357         if (content.getDataMessage().isPresent()) {
 358             var message = content.getDataMessage().get();
 359
 360             if (content.isNeedsReceipt()) {
 361                 actions.add(new SendReceiptAction(sender,
 362                         SignalServiceReceiptMessage.Type.DELIVERY,
 363                         message.getTimestamp()));
 364             } else {
 365                 // Message wasn't sent as unidentified sender message
 366                 final var contact = context.getAccount().getContactStore().getContact(sender);
 367                 if (account.isPrimaryDevice()
 368                         && contact != null
 369                         && !contact.isBlocked()
 370                         && contact.isProfileSharingEnabled()) {
 371                     actions.add(UpdateAccountAttributesAction.create());
 372                     actions.add(new SendProfileKeyAction(sender));
 373                 }
 374             }
 375             if (receiveConfig.sendReadReceipts()) {
 376                 actions.add(new SendReceiptAction(sender,
 377                         SignalServiceReceiptMessage.Type.READ,
 378                         message.getTimestamp()));
 379             }
 380
 381             actions.addAll(handleSignalServiceDataMessage(message,
 382                     false,
 383                     senderDeviceAddress,
 384                     destination,
 385                     receiveConfig.ignoreAttachments()));
 386         }
 387
 388         if (content.getStoryMessage().isPresent()) {
 389             final var message = content.getStoryMessage().get();
 390             actions.addAll(handleSignalServiceStoryMessage(message, sender, receiveConfig.ignoreAttachments()));
 391         }
 392
 393         if (content.getSyncMessage().isPresent()) {
 394             var syncMessage = content.getSyncMessage().get();
 395             actions.addAll(handleSyncMessage(envelope,
 396                     syncMessage,
 397                     senderDeviceAddress,
 398                     receiveConfig.ignoreAttachments()));
 399         }
 400
 401         return actions;
 402     }
 403
 404     private boolean handlePniSignatureMessage(
 405             final SignalServicePniSignatureMessage message, final SignalServiceAddress senderAddress
 406     ) {
 407         final var aci = senderAddress.getServiceId();
 408         final var aciIdentity = account.getIdentityKeyStore().getIdentityInfo(aci);
 409         final var pni = message.getPni();
 410         final var pniIdentity = account.getIdentityKeyStore().getIdentityInfo(pni);
 411
 412         if (aciIdentity == null || pniIdentity == null || aci.equals(pni)) {
 413             return false;
 414         }
 415
 416         final var verified = pniIdentity.getIdentityKey()
 417                 .verifyAlternateIdentity(aciIdentity.getIdentityKey(), message.getSignature());
 418
 419         if (!verified) {
 420             logger.debug("Invalid PNI signature of ACI {} with PNI {}", aci, pni);
 421             return false;
 422         }
 423
 424         logger.debug("Verified association of ACI {} with PNI {}", aci, pni);
 425         account.getRecipientTrustedResolver()
 426                 .resolveRecipientTrusted(Optional.of(ACI.from(aci.getRawUuid())),
 427                         Optional.of(pni),
 428                         senderAddress.getNumber());
 429         return true;
 430     }
 431
 432     private void handleDecryptionErrorMessage(
 433             final List<HandleAction> actions,
 434             final RecipientId sender,
 435             final ServiceId senderServiceId,
 436             final int senderDeviceId,
 437             final DecryptionErrorMessage message,
 438             final ServiceId destination
 439     ) {
 440         final var logEntries = account.getMessageSendLogStore()
 441                 .findMessages(senderServiceId,
 442                         senderDeviceId,
 443                         message.getTimestamp(),
 444                         message.getRatchetKey().isEmpty());
 445
 446         for (final var logEntry : logEntries) {
 447             actions.add(new ResendMessageAction(sender, message.getTimestamp(), logEntry));
 448         }
 449
 450         if (message.getRatchetKey().isPresent()) {
 451             final var sessionStore = account.getAccountData(destination).getSessionStore();
 452             if (sessionStore.isCurrentRatchetKey(senderServiceId, senderDeviceId, message.getRatchetKey().get())) {
 453                 if (logEntries.isEmpty()) {
 454                     logger.debug("Renewing the session with sender");
 455                     actions.add(new RenewSessionAction(sender, senderServiceId, destination));
 456                 } else {
 457                     logger.trace("Archiving the session with sender, a resend message has already been queued");
 458                     sessionStore.archiveSessions(senderServiceId);
 459                 }
 460             }
 461             return;
 462         }
 463
 464         var found = false;
 465         for (final var logEntry : logEntries) {
 466             if (logEntry.groupId().isEmpty()) {
 467                 continue;
 468             }
 469             final var group = account.getGroupStore().getGroup(logEntry.groupId().get());
 470             if (group == null) {
 471                 continue;
 472             }
 473             found = true;
 474             logger.trace("Deleting shared sender key with {} ({}): {}",
 475                     sender,
 476                     senderDeviceId,
 477                     group.getDistributionId());
 478             account.getSenderKeyStore().deleteSharedWith(senderServiceId, senderDeviceId, group.getDistributionId());
 479         }
 480         if (!found) {
 481             logger.debug("Reset all shared sender keys with this recipient, no related message found in send log");
 482             account.getSenderKeyStore().deleteSharedWith(senderServiceId);
 483         }
 484     }
 485
 486     private List<HandleAction> handleSyncMessage(
 487             final SignalServiceEnvelope envelope,
 488             final SignalServiceSyncMessage syncMessage,
 489             final DeviceAddress sender,
 490             final boolean ignoreAttachments
 491     ) {
 492         var actions = new ArrayList<HandleAction>();
 493         account.setMultiDevice(true);
 494         if (syncMessage.getSent().isPresent()) {
 495             var message = syncMessage.getSent().get();
 496             final var destination = message.getDestination().orElse(null);
 497             if (message.getDataMessage().isPresent()) {
 498                 actions.addAll(handleSignalServiceDataMessage(message.getDataMessage().get(),
 499                         true,
 500                         sender,
 501                         destination == null
 502                                 ? null
 503                                 : new DeviceAddress(context.getRecipientHelper().resolveRecipient(destination),
 504                                         destination.getServiceId(),
 505                                         0),
 506                         ignoreAttachments));
 507             }
 508             if (message.getStoryMessage().isPresent()) {
 509                 actions.addAll(handleSignalServiceStoryMessage(message.getStoryMessage().get(),
 510                         sender.recipientId(),
 511                         ignoreAttachments));
 512             }
 513         }
 514         if (syncMessage.getRequest().isPresent() && account.isPrimaryDevice()) {
 515             var rm = syncMessage.getRequest().get();
 516             if (rm.isContactsRequest()) {
 517                 actions.add(SendSyncContactsAction.create());
 518             }
 519             if (rm.isGroupsRequest()) {
 520                 actions.add(SendSyncGroupsAction.create());
 521             }
 522             if (rm.isBlockedListRequest()) {
 523                 actions.add(SendSyncBlockedListAction.create());
 524             }
 525             if (rm.isKeysRequest()) {
 526                 actions.add(SendSyncKeysAction.create());
 527             }
 528             if (rm.isConfigurationRequest()) {
 529                 actions.add(SendSyncConfigurationAction.create());
 530             }
 531         }
 532         if (syncMessage.getGroups().isPresent()) {
 533             try {
 534                 final var groupsMessage = syncMessage.getGroups().get();
 535                 context.getAttachmentHelper()
 536                         .retrieveAttachment(groupsMessage, context.getSyncHelper()::handleSyncDeviceGroups);
 537             } catch (Exception e) {
 538                 logger.warn("Failed to handle received sync groups, ignoring: {}", e.getMessage());
 539             }
 540         }
 541         if (syncMessage.getBlockedList().isPresent()) {
 542             final var blockedListMessage = syncMessage.getBlockedList().get();
 543             for (var address : blockedListMessage.getAddresses()) {
 544                 context.getContactHelper()
 545                         .setContactBlocked(context.getRecipientHelper().resolveRecipient(address), true);
 546             }
 547             for (var groupId : blockedListMessage.getGroupIds()
 548                     .stream()
 549                     .map(GroupId::unknownVersion)
 550                     .collect(Collectors.toSet())) {
 551                 try {
 552                     context.getGroupHelper().setGroupBlocked(groupId, true);
 553                 } catch (GroupNotFoundException e) {
 554                     logger.warn("BlockedListMessage contained groupID that was not found in GroupStore: {}",
 555                             groupId.toBase64());
 556                 }
 557             }
 558         }
 559         if (syncMessage.getContacts().isPresent()) {
 560             try {
 561                 final var contactsMessage = syncMessage.getContacts().get();
 562                 context.getAttachmentHelper()
 563                         .retrieveAttachment(contactsMessage.getContactsStream(),
 564                                 context.getSyncHelper()::handleSyncDeviceContacts);
 565             } catch (Exception e) {
 566                 logger.warn("Failed to handle received sync contacts, ignoring: {}", e.getMessage());
 567             }
 568         }
 569         if (syncMessage.getVerified().isPresent()) {
 570             final var verifiedMessage = syncMessage.getVerified().get();
 571             account.getIdentityKeyStore()
 572                     .setIdentityTrustLevel(verifiedMessage.getDestination().getServiceId(),
 573                             verifiedMessage.getIdentityKey(),
 574                             TrustLevel.fromVerifiedState(verifiedMessage.getVerified()));
 575         }
 576         if (syncMessage.getStickerPackOperations().isPresent()) {
 577             final var stickerPackOperationMessages = syncMessage.getStickerPackOperations().get();
 578             for (var m : stickerPackOperationMessages) {
 579                 if (m.getPackId().isEmpty()) {
 580                     continue;
 581                 }
 582                 final var stickerPackId = StickerPackId.deserialize(m.getPackId().get());
 583                 final var stickerPackKey = m.getPackKey().orElse(null);
 584                 final var installed = m.getType().isEmpty()
 585                         || m.getType().get() == StickerPackOperationMessage.Type.INSTALL;
 586
 587                 final var sticker = context.getStickerHelper()
 588                         .addOrUpdateStickerPack(stickerPackId, stickerPackKey, installed);
 589
 590                 if (sticker != null && installed) {
 591                     context.getJobExecutor().enqueueJob(new RetrieveStickerPackJob(stickerPackId, sticker.packKey()));
 592                 }
 593             }
 594         }
 595         if (syncMessage.getFetchType().isPresent()) {
 596             switch (syncMessage.getFetchType().get()) {
 597                 case LOCAL_PROFILE -> actions.add(new RetrieveProfileAction(account.getSelfRecipientId()));
 598                 case STORAGE_MANIFEST -> actions.add(RetrieveStorageDataAction.create());
 599             }
 600         }
 601         if (syncMessage.getKeys().isPresent()) {
 602             final var keysMessage = syncMessage.getKeys().get();
 603             if (keysMessage.getStorageService().isPresent()) {
 604                 final var storageKey = keysMessage.getStorageService().get();
 605                 account.setStorageKey(storageKey);
 606                 actions.add(RetrieveStorageDataAction.create());
 607             }
 608         }
 609         if (syncMessage.getConfiguration().isPresent()) {
 610             final var configurationMessage = syncMessage.getConfiguration().get();
 611             final var configurationStore = account.getConfigurationStore();
 612             if (configurationMessage.getReadReceipts().isPresent()) {
 613                 configurationStore.setReadReceipts(configurationMessage.getReadReceipts().get());
 614             }
 615             if (configurationMessage.getLinkPreviews().isPresent()) {
 616                 configurationStore.setLinkPreviews(configurationMessage.getLinkPreviews().get());
 617             }
 618             if (configurationMessage.getTypingIndicators().isPresent()) {
 619                 configurationStore.setTypingIndicators(configurationMessage.getTypingIndicators().get());
 620             }
 621             if (configurationMessage.getUnidentifiedDeliveryIndicators().isPresent()) {
 622                 configurationStore.setUnidentifiedDeliveryIndicators(configurationMessage.getUnidentifiedDeliveryIndicators()
 623                         .get());
 624             }
 625         }
 626         if (syncMessage.getPniChangeNumber().isPresent()) {
 627             final var pniChangeNumber = syncMessage.getPniChangeNumber().get();
 628             logger.debug("Received PNI change number sync message, applying.");
 629             if (pniChangeNumber.identityKeyPair != null
 630                     && pniChangeNumber.registrationId != null
 631                     && pniChangeNumber.signedPreKey != null
 632                     && !envelope.getUpdatedPni().isEmpty()) {
 633                 logger.debug("New PNI: {}", envelope.getUpdatedPni());
 634                 try {
 635                     final var updatedPni = PNI.parseOrThrow(envelope.getUpdatedPni());
 636                     context.getAccountHelper()
 637                             .setPni(updatedPni,
 638                                     new IdentityKeyPair(pniChangeNumber.identityKeyPair.toByteArray()),
 639                                     pniChangeNumber.newE164,
 640                                     pniChangeNumber.registrationId,
 641                                     new SignedPreKeyRecord(pniChangeNumber.signedPreKey.toByteArray()),
 642                                     pniChangeNumber.lastResortKyberPreKey != null ? new KyberPreKeyRecord(
 643                                             pniChangeNumber.lastResortKyberPreKey.toByteArray()) : null);
 644                 } catch (Exception e) {
 645                     logger.warn("Failed to handle change number message", e);
 646                 }
 647             }
 648         }
 649         return actions;
 650     }
 651
 652     private SignalServiceGroupContext getGroupContext(SignalServiceContent content) {
 653         if (content == null) {
 654             return null;
 655         }
 656
 657         if (content.getDataMessage().isPresent()) {
 658             var message = content.getDataMessage().get();
 659             if (message.getGroupContext().isPresent()) {
 660                 return message.getGroupContext().get();
 661             }
 662         }
 663
 664         if (content.getStoryMessage().isPresent()) {
 665             var message = content.getStoryMessage().get();
 666             if (message.getGroupContext().isPresent()) {
 667                 try {
 668                     return SignalServiceGroupContext.create(null, message.getGroupContext().get());
 669                 } catch (InvalidMessageException e) {
 670                     throw new AssertionError(e);
 671                 }
 672             }
 673         }
 674
 675         return null;
 676     }
 677
 678     private boolean isMessageBlocked(SignalServiceEnvelope envelope, SignalServiceContent content) {
 679         SignalServiceAddress source = getSenderAddress(envelope, content);
 680         if (source == null) {
 681             return false;
 682         }
 683         final var recipientId = context.getRecipientHelper().resolveRecipient(source);
 684         if (context.getContactHelper().isContactBlocked(recipientId)) {
 685             return true;
 686         }
 687
 688         final var groupContext = getGroupContext(content);
 689         if (groupContext != null) {
 690             var groupId = GroupUtils.getGroupId(groupContext);
 691             return context.getGroupHelper().isGroupBlocked(groupId);
 692         }
 693
 694         return false;
 695     }
 696
 697     private boolean isNotAllowedToSendToGroup(SignalServiceEnvelope envelope, SignalServiceContent content) {
 698         SignalServiceAddress source = getSenderAddress(envelope, content);
 699         if (source == null) {
 700             return false;
 701         }
 702
 703         final var groupContext = getGroupContext(content);
 704         if (groupContext == null) {
 705             return false;
 706         }
 707
 708         if (groupContext.getGroupV1().isPresent()) {
 709             var groupInfo = groupContext.getGroupV1().get();
 710             if (groupInfo.getType() == SignalServiceGroup.Type.QUIT) {
 711                 return false;
 712             }
 713         }
 714
 715         var groupId = GroupUtils.getGroupId(groupContext);
 716         var group = context.getGroupHelper().getGroup(groupId);
 717         if (group == null) {
 718             return false;
 719         }
 720
 721         final var message = content.getDataMessage().orElse(null);
 722
 723         final var recipientId = context.getRecipientHelper().resolveRecipient(source);
 724         if (!group.isMember(recipientId) && !(
 725                 group.isPendingMember(recipientId) && message != null && message.isGroupV2Update()
 726         )) {
 727             return true;
 728         }
 729
 730         if (group.isAnnouncementGroup() && !group.isAdmin(recipientId)) {
 731             return message == null
 732                     || message.getBody().isPresent()
 733                     || message.getAttachments().isPresent()
 734                     || message.getQuote().isPresent()
 735                     || message.getPreviews().isPresent()
 736                     || message.getMentions().isPresent()
 737                     || message.getSticker().isPresent();
 738         }
 739         return false;
 740     }
 741
 742     private List<HandleAction> handleSignalServiceDataMessage(
 743             SignalServiceDataMessage message,
 744             boolean isSync,
 745             DeviceAddress source,
 746             DeviceAddress destination,
 747             boolean ignoreAttachments
 748     ) {
 749         var actions = new ArrayList<HandleAction>();
 750         if (message.getGroupContext().isPresent()) {
 751             final var groupContext = message.getGroupContext().get();
 752             if (groupContext.getGroupV1().isPresent()) {
 753                 var groupInfo = groupContext.getGroupV1().get();
 754                 var groupId = GroupId.v1(groupInfo.getGroupId());
 755                 var group = context.getGroupHelper().getGroup(groupId);
 756                 if (group == null || group instanceof GroupInfoV1) {
 757                     var groupV1 = (GroupInfoV1) group;
 758                     switch (groupInfo.getType()) {
 759                         case UPDATE -> {
 760                             if (groupV1 == null) {
 761                                 groupV1 = new GroupInfoV1(groupId);
 762                             }
 763
 764                             if (groupInfo.getAvatar().isPresent()) {
 765                                 var avatar = groupInfo.getAvatar().get();
 766                                 context.getGroupHelper().downloadGroupAvatar(groupV1.getGroupId(), avatar);
 767                             }
 768
 769                             if (groupInfo.getName().isPresent()) {
 770                                 groupV1.name = groupInfo.getName().get();
 771                             }
 772
 773                             if (groupInfo.getMembers().isPresent()) {
 774                                 groupV1.addMembers(groupInfo.getMembers()
 775                                         .get()
 776                                         .stream()
 777                                         .map(context.getRecipientHelper()::resolveRecipient)
 778                                         .collect(Collectors.toSet()));
 779                             }
 780
 781                             account.getGroupStore().updateGroup(groupV1);
 782                         }
 783                         case DELIVER -> {
 784                             if (groupV1 == null && !isSync) {
 785                                 actions.add(new SendGroupInfoRequestAction(source.recipientId(), groupId));
 786                             }
 787                         }
 788                         case QUIT -> {
 789                             if (groupV1 != null) {
 790                                 groupV1.removeMember(source.recipientId());
 791                                 account.getGroupStore().updateGroup(groupV1);
 792                             }
 793                         }
 794                         case REQUEST_INFO -> {
 795                             if (groupV1 != null && !isSync) {
 796                                 actions.add(new SendGroupInfoAction(source.recipientId(), groupV1.getGroupId()));
 797                             }
 798                         }
 799                     }
 800                 } else {
 801                     // Received a group v1 message for a v2 group
 802                 }
 803             }
 804             if (groupContext.getGroupV2().isPresent()) {
 805                 handleGroupV2Context(groupContext.getGroupV2().get());
 806             }
 807         }
 808
 809         final var selfAddress = isSync ? source : destination;
 810         final var conversationPartnerAddress = isSync ? destination : source;
 811         if (conversationPartnerAddress != null && message.isEndSession()) {
 812             account.getAccountData(selfAddress.serviceId())
 813                     .getSessionStore()
 814                     .deleteAllSessions(conversationPartnerAddress.serviceId());
 815         }
 816         if (message.isExpirationUpdate() || message.getBody().isPresent()) {
 817             if (message.getGroupContext().isPresent()) {
 818                 final var groupContext = message.getGroupContext().get();
 819                 if (groupContext.getGroupV1().isPresent()) {
 820                     var groupInfo = groupContext.getGroupV1().get();
 821                     var group = account.getGroupStore().getOrCreateGroupV1(GroupId.v1(groupInfo.getGroupId()));
 822                     if (group != null) {
 823                         if (group.messageExpirationTime != message.getExpiresInSeconds()) {
 824                             group.messageExpirationTime = message.getExpiresInSeconds();
 825                             account.getGroupStore().updateGroup(group);
 826                         }
 827                     }
 828                 } else if (groupContext.getGroupV2().isPresent()) {
 829                     // disappearing message timer already stored in the DecryptedGroup
 830                 }
 831             } else if (conversationPartnerAddress != null) {
 832                 context.getContactHelper()
 833                         .setExpirationTimer(conversationPartnerAddress.recipientId(), message.getExpiresInSeconds());
 834             }
 835         }
 836         if (!ignoreAttachments) {
 837             if (message.getAttachments().isPresent()) {
 838                 for (var attachment : message.getAttachments().get()) {
 839                     context.getAttachmentHelper().downloadAttachment(attachment);
 840                 }
 841             }
 842             if (message.getSharedContacts().isPresent()) {
 843                 for (var contact : message.getSharedContacts().get()) {
 844                     if (contact.getAvatar().isPresent()) {
 845                         context.getAttachmentHelper().downloadAttachment(contact.getAvatar().get().getAttachment());
 846                     }
 847                 }
 848             }
 849             if (message.getPreviews().isPresent()) {
 850                 final var previews = message.getPreviews().get();
 851                 for (var preview : previews) {
 852                     if (preview.getImage().isPresent()) {
 853                         context.getAttachmentHelper().downloadAttachment(preview.getImage().get());
 854                     }
 855                 }
 856             }
 857             if (message.getQuote().isPresent()) {
 858                 final var quote = message.getQuote().get();
 859
 860                 if (quote.getAttachments() != null) {
 861                     for (var quotedAttachment : quote.getAttachments()) {
 862                         final var thumbnail = quotedAttachment.getThumbnail();
 863                         if (thumbnail != null) {
 864                             context.getAttachmentHelper().downloadAttachment(thumbnail);
 865                         }
 866                     }
 867                 }
 868             }
 869         }
 870         if (message.getGiftBadge().isPresent()) {
 871             handleIncomingGiftBadge(message.getGiftBadge().get());
 872         }
 873         if (message.getProfileKey().isPresent()) {
 874             handleIncomingProfileKey(message.getProfileKey().get(), source.recipientId());
 875         }
 876         if (message.getSticker().isPresent()) {
 877             final var messageSticker = message.getSticker().get();
 878             final var stickerPackId = StickerPackId.deserialize(messageSticker.getPackId());
 879             var sticker = account.getStickerStore().getStickerPack(stickerPackId);
 880             if (sticker == null) {
 881                 sticker = new StickerPack(stickerPackId, messageSticker.getPackKey());
 882                 account.getStickerStore().addStickerPack(sticker);
 883             }
 884             context.getJobExecutor().enqueueJob(new RetrieveStickerPackJob(stickerPackId, messageSticker.getPackKey()));
 885         }
 886         return actions;
 887     }
 888
 889     private void handleIncomingGiftBadge(final SignalServiceDataMessage.GiftBadge giftBadge) {
 890         // TODO
 891     }
 892
 893     private List<HandleAction> handleSignalServiceStoryMessage(
 894             SignalServiceStoryMessage message, RecipientId source, boolean ignoreAttachments
 895     ) {
 896         var actions = new ArrayList<HandleAction>();
 897         if (message.getGroupContext().isPresent()) {
 898             handleGroupV2Context(message.getGroupContext().get());
 899         }
 900
 901         if (!ignoreAttachments) {
 902             if (message.getFileAttachment().isPresent()) {
 903                 context.getAttachmentHelper().downloadAttachment(message.getFileAttachment().get());
 904             }
 905             if (message.getTextAttachment().isPresent()) {
 906                 final var textAttachment = message.getTextAttachment().get();
 907                 if (textAttachment.getPreview().isPresent()) {
 908                     final var preview = textAttachment.getPreview().get();
 909                     if (preview.getImage().isPresent()) {
 910                         context.getAttachmentHelper().downloadAttachment(preview.getImage().get());
 911                     }
 912                 }
 913             }
 914         }
 915
 916         if (message.getProfileKey().isPresent()) {
 917             handleIncomingProfileKey(message.getProfileKey().get(), source);
 918         }
 919
 920         return actions;
 921     }
 922
 923     private void handleGroupV2Context(final SignalServiceGroupV2 groupContext) {
 924         final var groupMasterKey = groupContext.getMasterKey();
 925
 926         context.getGroupHelper()
 927                 .getOrMigrateGroup(groupMasterKey,
 928                         groupContext.getRevision(),
 929                         groupContext.hasSignedGroupChange() ? groupContext.getSignedGroupChange() : null);
 930     }
 931
 932     private void handleIncomingProfileKey(final byte[] profileKeyBytes, final RecipientId source) {
 933         if (profileKeyBytes.length != 32) {
 934             logger.debug("Received invalid profile key of length {}", profileKeyBytes.length);
 935             return;
 936         }
 937         final ProfileKey profileKey;
 938         try {
 939             profileKey = new ProfileKey(profileKeyBytes);
 940         } catch (InvalidInputException e) {
 941             throw new AssertionError(e);
 942         }
 943         if (account.getSelfRecipientId().equals(source)) {
 944             this.account.setProfileKey(profileKey);
 945         }
 946         this.account.getProfileStore().storeProfileKey(source, profileKey);
 947     }
 948
 949     private SignalServiceAddress getSenderAddress(SignalServiceEnvelope envelope, SignalServiceContent content) {
 950         if (!envelope.isUnidentifiedSender() && envelope.hasSourceServiceId()) {
 951             return envelope.getSourceAddress();
 952         } else if (content != null) {
 953             return content.getSender();
 954         } else {
 955             return null;
 956         }
 957     }
 958
 959     private DeviceAddress getSender(SignalServiceEnvelope envelope, SignalServiceContent content) {
 960         if (!envelope.isUnidentifiedSender() && envelope.hasSourceServiceId()) {
 961             return new DeviceAddress(context.getRecipientHelper().resolveRecipient(envelope.getSourceAddress()),
 962                     envelope.getSourceAddress().getServiceId(),
 963                     envelope.getSourceDevice());
 964         } else {
 965             return new DeviceAddress(context.getRecipientHelper().resolveRecipient(content.getSender()),
 966                     content.getSender().getServiceId(),
 967                     content.getSenderDevice());
 968         }
 969     }
 970
 971     private DeviceAddress getDestination(SignalServiceEnvelope envelope) {
 972         if (!envelope.hasDestinationUuid()) {
 973             return new DeviceAddress(account.getSelfRecipientId(), account.getAci(), account.getDeviceId());
 974         }
 975         final var addressOptional = SignalServiceAddress.fromRaw(envelope.getDestinationServiceId(), null);
 976         if (addressOptional.isEmpty()) {
 977             return new DeviceAddress(account.getSelfRecipientId(), account.getAci(), account.getDeviceId());
 978         }
 979         final var address = addressOptional.get();
 980         return new DeviceAddress(context.getRecipientHelper().resolveRecipient(address),
 981                 address.getServiceId(),
 982                 account.getDeviceId());
 983     }
 984
 985     private record DeviceAddress(RecipientId recipientId, ServiceId serviceId, int deviceId) {}
 986 }