]> nmode's Git Repositories - signal-cli/blob - lib/src/main/java/org/asamk/signal/manager/storage/identities/IdentityKeyStore.java
git.nmode.ca / signal-cli / blob
? search:


f24e77b1ef2293ba61cbc3b25d0095a4be6e5d90
[signal-cli] / lib / src / main / java / org / asamk / signal / manager / storage / identities / IdentityKeyStore.java
1 package org.asamk.signal.manager.storage.identities;
2
3 import com.fasterxml.jackson.databind.ObjectMapper;
4
5 import org.asamk.signal.manager.TrustLevel;
6 import org.asamk.signal.manager.storage.recipients.RecipientId;
7 import org.asamk.signal.manager.storage.recipients.RecipientResolver;
8 import org.asamk.signal.manager.util.IOUtils;
9 import org.slf4j.Logger;
10 import org.slf4j.LoggerFactory;
11 import org.whispersystems.libsignal.IdentityKey;
12 import org.whispersystems.libsignal.IdentityKeyPair;
13 import org.whispersystems.libsignal.InvalidKeyException;
14 import org.whispersystems.libsignal.SignalProtocolAddress;
15
16 import java.io.ByteArrayInputStream;
17 import java.io.ByteArrayOutputStream;
18 import java.io.File;
19 import java.io.FileInputStream;
20 import java.io.FileOutputStream;
21 import java.io.IOException;
22 import java.nio.file.Files;
23 import java.util.Arrays;
24 import java.util.Base64;
25 import java.util.Date;
26 import java.util.HashMap;
27 import java.util.List;
28 import java.util.Map;
29 import java.util.regex.Pattern;
30 import java.util.stream.Collectors;
31
32 public class IdentityKeyStore implements org.whispersystems.libsignal.state.IdentityKeyStore {
33
34 private final static Logger logger = LoggerFactory.getLogger(IdentityKeyStore.class);
35 private final ObjectMapper objectMapper = org.asamk.signal.manager.storage.Utils.createStorageObjectMapper();
36
37 private final Map<RecipientId, IdentityInfo> cachedIdentities = new HashMap<>();
38
39 private final File identitiesPath;
40
41 private final RecipientResolver resolver;
42 private final IdentityKeyPair identityKeyPair;
43 private final int localRegistrationId;
44 private final TrustNewIdentity trustNewIdentity;
45
46 public IdentityKeyStore(
47 final File identitiesPath,
48 final RecipientResolver resolver,
49 final IdentityKeyPair identityKeyPair,
50 final int localRegistrationId,
51 final TrustNewIdentity trustNewIdentity
52 ) {
53 this.identitiesPath = identitiesPath;
54 this.resolver = resolver;
55 this.identityKeyPair = identityKeyPair;
56 this.localRegistrationId = localRegistrationId;
57 this.trustNewIdentity = trustNewIdentity;
58 }
59
60 @Override
61 public IdentityKeyPair getIdentityKeyPair() {
62 return identityKeyPair;
63 }
64
65 @Override
66 public int getLocalRegistrationId() {
67 return localRegistrationId;
68 }
69
70 @Override
71 public boolean saveIdentity(SignalProtocolAddress address, IdentityKey identityKey) {
72 final var recipientId = resolveRecipient(address.getName());
73
74 return saveIdentity(recipientId, identityKey, new Date());
75 }
76
77 public boolean saveIdentity(final RecipientId recipientId, final IdentityKey identityKey, Date added) {
78 synchronized (cachedIdentities) {
79 final var identityInfo = loadIdentityLocked(recipientId);
80 if (identityInfo != null && identityInfo.getIdentityKey().equals(identityKey)) {
81 // Identity already exists, not updating the trust level
82 return false;
83 }
84
85 final var trustLevel = trustNewIdentity == TrustNewIdentity.ALWAYS || (
86 trustNewIdentity == TrustNewIdentity.ON_FIRST_USE && identityInfo == null
87 ) ? TrustLevel.TRUSTED_UNVERIFIED : TrustLevel.UNTRUSTED;
88 logger.debug("Storing new identity for recipient {} with trust {}", recipientId, trustLevel);
89 final var newIdentityInfo = new IdentityInfo(recipientId, identityKey, trustLevel, added);
90 storeIdentityLocked(recipientId, newIdentityInfo);
91 return true;
92 }
93 }
94
95 public boolean setIdentityTrustLevel(
96 RecipientId recipientId, IdentityKey identityKey, TrustLevel trustLevel
97 ) {
98 synchronized (cachedIdentities) {
99 final var identityInfo = loadIdentityLocked(recipientId);
100 if (identityInfo == null || !identityInfo.getIdentityKey().equals(identityKey)) {
101 // Identity not found, not updating the trust level
102 return false;
103 }
104
105 final var newIdentityInfo = new IdentityInfo(recipientId,
106 identityKey,
107 trustLevel,
108 identityInfo.getDateAdded());
109 storeIdentityLocked(recipientId, newIdentityInfo);
110 return true;
111 }
112 }
113
114 @Override
115 public boolean isTrustedIdentity(SignalProtocolAddress address, IdentityKey identityKey, Direction direction) {
116 if (trustNewIdentity == TrustNewIdentity.ALWAYS) {
117 return true;
118 }
119
120 var recipientId = resolveRecipient(address.getName());
121
122 synchronized (cachedIdentities) {
123 final var identityInfo = loadIdentityLocked(recipientId);
124 if (identityInfo == null) {
125 // Identity not found
126 return trustNewIdentity == TrustNewIdentity.ON_FIRST_USE;
127 }
128
129 // TODO implement possibility for different handling of incoming/outgoing trust decisions
130 if (!identityInfo.getIdentityKey().equals(identityKey)) {
131 // Identity found, but different
132 return false;
133 }
134
135 return identityInfo.isTrusted();
136 }
137 }
138
139 @Override
140 public IdentityKey getIdentity(SignalProtocolAddress address) {
141 var recipientId = resolveRecipient(address.getName());
142
143 synchronized (cachedIdentities) {
144 var identity = loadIdentityLocked(recipientId);
145 return identity == null ? null : identity.getIdentityKey();
146 }
147 }
148
149 public IdentityInfo getIdentity(RecipientId recipientId) {
150 synchronized (cachedIdentities) {
151 return loadIdentityLocked(recipientId);
152 }
153 }
154
155 final Pattern identityFileNamePattern = Pattern.compile("([0-9]+)");
156
157 public List<IdentityInfo> getIdentities() {
158 final var files = identitiesPath.listFiles();
159 if (files == null) {
160 return List.of();
161 }
162 return Arrays.stream(files)
163 .filter(f -> identityFileNamePattern.matcher(f.getName()).matches())
164 .map(f -> RecipientId.of(Integer.parseInt(f.getName())))
165 .map(this::loadIdentityLocked)
166 .collect(Collectors.toList());
167 }
168
169 public void mergeRecipients(final RecipientId recipientId, final RecipientId toBeMergedRecipientId) {
170 synchronized (cachedIdentities) {
171 deleteIdentityLocked(toBeMergedRecipientId);
172 }
173 }
174
175 /**
176 * @param identifier can be either a serialized uuid or a e164 phone number
177 */
178 private RecipientId resolveRecipient(String identifier) {
179 return resolver.resolveRecipient(identifier);
180 }
181
182 private File getIdentityFile(final RecipientId recipientId) {
183 try {
184 IOUtils.createPrivateDirectories(identitiesPath);
185 } catch (IOException e) {
186 throw new AssertionError("Failed to create identities path", e);
187 }
188 return new File(identitiesPath, String.valueOf(recipientId.getId()));
189 }
190
191 private IdentityInfo loadIdentityLocked(final RecipientId recipientId) {
192 {
193 final var session = cachedIdentities.get(recipientId);
194 if (session != null) {
195 return session;
196 }
197 }
198
199 final var file = getIdentityFile(recipientId);
200 if (!file.exists()) {
201 return null;
202 }
203 try (var inputStream = new FileInputStream(file)) {
204 var storage = objectMapper.readValue(inputStream, IdentityStorage.class);
205
206 var id = new IdentityKey(Base64.getDecoder().decode(storage.getIdentityKey()));
207 var trustLevel = TrustLevel.fromInt(storage.getTrustLevel());
208 var added = new Date(storage.getAddedTimestamp());
209
210 final var identityInfo = new IdentityInfo(recipientId, id, trustLevel, added);
211 cachedIdentities.put(recipientId, identityInfo);
212 return identityInfo;
213 } catch (IOException | InvalidKeyException e) {
214 logger.warn("Failed to load identity key: {}", e.getMessage());
215 return null;
216 }
217 }
218
219 private void storeIdentityLocked(final RecipientId recipientId, final IdentityInfo identityInfo) {
220 cachedIdentities.put(recipientId, identityInfo);
221
222 var storage = new IdentityStorage(Base64.getEncoder().encodeToString(identityInfo.getIdentityKey().serialize()),
223 identityInfo.getTrustLevel().ordinal(),
224 identityInfo.getDateAdded().getTime());
225
226 final var file = getIdentityFile(recipientId);
227 // Write to memory first to prevent corrupting the file in case of serialization errors
228 try (var inMemoryOutput = new ByteArrayOutputStream()) {
229 objectMapper.writeValue(inMemoryOutput, storage);
230
231 var input = new ByteArrayInputStream(inMemoryOutput.toByteArray());
232 try (var outputStream = new FileOutputStream(file)) {
233 input.transferTo(outputStream);
234 }
235 } catch (Exception e) {
236 logger.error("Error saving identity file: {}", e.getMessage());
237 }
238 }
239
240 private void deleteIdentityLocked(final RecipientId recipientId) {
241 cachedIdentities.remove(recipientId);
242
243 final var file = getIdentityFile(recipientId);
244 if (!file.exists()) {
245 return;
246 }
247 try {
248 Files.delete(file.toPath());
249 } catch (IOException e) {
250 logger.error("Failed to delete identity file {}: {}", file, e.getMessage());
251 }
252 }
253
254 private static final class IdentityStorage {
255
256 private String identityKey;
257 private int trustLevel;
258 private long addedTimestamp;
259
260 // For deserialization
261 private IdentityStorage() {
262 }
263
264 private IdentityStorage(final String identityKey, final int trustLevel, final long addedTimestamp) {
265 this.identityKey = identityKey;
266 this.trustLevel = trustLevel;
267 this.addedTimestamp = addedTimestamp;
268 }
269
270 public String getIdentityKey() {
271 return identityKey;
272 }
273
274 public int getTrustLevel() {
275 return trustLevel;
276 }
277
278 public long getAddedTimestamp() {
279 return addedTimestamp;
280 }
281 }
282 }
[GitHub/AsamK] signal-cli provides an unofficial commandline, JSON-RPC and dbus interface for the Signal messenger.

Codeberg
GitHub
GitLab
SourceHut