package org.asamk.signal.manager.helper;
import org.asamk.signal.manager.api.IncorrectPinException;
-import org.asamk.signal.manager.util.PinHashing;
-import org.signal.libsignal.protocol.InvalidKeyException;
-import org.whispersystems.signalservice.api.KbsPinData;
-import org.whispersystems.signalservice.api.KeyBackupService;
-import org.whispersystems.signalservice.api.KeyBackupServicePinException;
-import org.whispersystems.signalservice.api.KeyBackupSystemNoDataException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
import org.whispersystems.signalservice.api.kbs.MasterKey;
-import org.whispersystems.signalservice.internal.contacts.crypto.UnauthenticatedResponseException;
-import org.whispersystems.signalservice.internal.contacts.entities.TokenResponse;
+import org.whispersystems.signalservice.api.svr.SecureValueRecovery;
+import org.whispersystems.signalservice.internal.push.AuthCredentials;
import org.whispersystems.signalservice.internal.push.LockedException;
import java.io.IOException;
+import java.util.List;
public class PinHelper {
- private final KeyBackupService keyBackupService;
+ private static final Logger logger = LoggerFactory.getLogger(PinHelper.class);
- public PinHelper(final KeyBackupService keyBackupService) {
- this.keyBackupService = keyBackupService;
- }
+ private final List<SecureValueRecovery> secureValueRecoveries;
- public void setRegistrationLockPin(
- String pin, MasterKey masterKey
- ) throws IOException {
- final var pinChangeSession = keyBackupService.newPinChangeSession();
- final var hashedPin = PinHashing.hashPin(pin, pinChangeSession);
+ public PinHelper(final List<SecureValueRecovery> secureValueRecoveries) {
+ this.secureValueRecoveries = secureValueRecoveries;
+ }
- try {
- pinChangeSession.setPin(hashedPin, masterKey);
- } catch (UnauthenticatedResponseException e) {
- throw new IOException(e);
+ public void setRegistrationLockPin(String pin, MasterKey masterKey) throws IOException {
+ IOException exception = null;
+ for (final var secureValueRecovery : secureValueRecoveries) {
+ try {
+ final var backupResponse = secureValueRecovery.setPin(pin, masterKey).execute();
+ switch (backupResponse) {
+ case SecureValueRecovery.BackupResponse.Success success -> {
+ }
+ case SecureValueRecovery.BackupResponse.ServerRejected serverRejected ->
+ logger.warn("Backup svr failed: ServerRejected");
+ case SecureValueRecovery.BackupResponse.EnclaveNotFound enclaveNotFound ->
+ logger.warn("Backup svr failed: EnclaveNotFound");
+ case SecureValueRecovery.BackupResponse.ExposeFailure exposeFailure ->
+ logger.warn("Backup svr failed: ExposeFailure");
+ case SecureValueRecovery.BackupResponse.ApplicationError error ->
+ throw new IOException(error.getException());
+ case SecureValueRecovery.BackupResponse.NetworkError error -> throw error.getException();
+ case null, default -> throw new AssertionError("Unexpected response");
+ }
+ } catch (IOException e) {
+ exception = e;
+ }
+ }
+ if (exception != null) {
+ throw exception;
}
- pinChangeSession.enableRegistrationLock(masterKey);
}
- public void removeRegistrationLockPin() throws IOException {
- final var pinChangeSession = keyBackupService.newPinChangeSession();
- pinChangeSession.disableRegistrationLock();
- try {
- pinChangeSession.removePin();
- } catch (UnauthenticatedResponseException e) {
- throw new IOException(e);
- }
+ public void migrateRegistrationLockPin(String pin, MasterKey masterKey) throws IOException {
+ setRegistrationLockPin(pin, masterKey);
}
- public KbsPinData getRegistrationLockData(
- String pin, LockedException e
- ) throws IOException, IncorrectPinException {
- var basicStorageCredentials = e.getBasicStorageCredentials();
- if (basicStorageCredentials == null) {
- return null;
+ public void removeRegistrationLockPin() throws IOException {
+ IOException exception = null;
+ for (final var secureValueRecovery : secureValueRecoveries) {
+ try {
+ final var deleteResponse = secureValueRecovery.deleteData();
+ switch (deleteResponse) {
+ case SecureValueRecovery.DeleteResponse.Success success -> {
+ }
+ case SecureValueRecovery.DeleteResponse.ServerRejected serverRejected ->
+ logger.warn("Delete svr2 failed: ServerRejected");
+ case SecureValueRecovery.DeleteResponse.EnclaveNotFound enclaveNotFound ->
+ logger.warn("Delete svr2 failed: EnclaveNotFound");
+ case SecureValueRecovery.DeleteResponse.ApplicationError error ->
+ throw new IOException(error.getException());
+ case SecureValueRecovery.DeleteResponse.NetworkError error -> throw error.getException();
+ case null, default -> throw new AssertionError("Unexpected response");
+ }
+ } catch (IOException e) {
+ exception = e;
+ }
}
-
- try {
- return getRegistrationLockData(pin, basicStorageCredentials);
- } catch (KeyBackupSystemNoDataException ex) {
- throw new IOException(e);
- } catch (KeyBackupServicePinException ex) {
- throw new IncorrectPinException(ex.getTriesRemaining());
+ if (exception != null) {
+ throw exception;
}
}
- private KbsPinData getRegistrationLockData(
- String pin, String basicStorageCredentials
- ) throws IOException, KeyBackupSystemNoDataException, KeyBackupServicePinException {
- var tokenResponse = keyBackupService.getToken(basicStorageCredentials);
- if (tokenResponse == null || tokenResponse.getTries() == 0) {
- throw new IOException("KBS Account locked, maximum pin attempts reached.");
+ public SecureValueRecovery.RestoreResponse.Success getRegistrationLockData(
+ String pin,
+ LockedException lockedException
+ ) throws IOException, IncorrectPinException {
+ var svr2Credentials = lockedException.getSvr2Credentials();
+ if (svr2Credentials != null) {
+ IOException exception = null;
+ for (final var secureValueRecovery : secureValueRecoveries) {
+ try {
+ final var lockData = getRegistrationLockData(secureValueRecovery, svr2Credentials, pin);
+ if (lockData == null) {
+ continue;
+ }
+ return lockData;
+ } catch (IOException e) {
+ exception = e;
+ }
+ }
+ if (exception != null) {
+ throw exception;
+ }
}
- var registrationLockData = restoreMasterKey(pin, basicStorageCredentials, tokenResponse);
- if (registrationLockData == null) {
- throw new AssertionError("Failed to restore master key");
- }
- return registrationLockData;
+ return null;
}
- private KbsPinData restoreMasterKey(
- String pin, String basicStorageCredentials, TokenResponse tokenResponse
- ) throws IOException, KeyBackupSystemNoDataException, KeyBackupServicePinException {
- if (pin == null) return null;
-
- if (basicStorageCredentials == null) {
- throw new AssertionError("Cannot restore KBS key, no storage credentials supplied");
- }
-
- var session = keyBackupService.newRegistrationSession(basicStorageCredentials, tokenResponse);
+ public SecureValueRecovery.RestoreResponse.Success getRegistrationLockData(
+ SecureValueRecovery secureValueRecovery,
+ AuthCredentials authCredentials,
+ String pin
+ ) throws IOException, IncorrectPinException {
+ final var restoreResponse = secureValueRecovery.restoreDataPreRegistration(authCredentials, null, pin);
- try {
- var hashedPin = PinHashing.hashPin(pin, session);
- var kbsData = session.restorePin(hashedPin);
- if (kbsData == null) {
- throw new AssertionError("Null not expected");
+ switch (restoreResponse) {
+ case SecureValueRecovery.RestoreResponse.Success s -> {
+ return s;
+ }
+ case SecureValueRecovery.RestoreResponse.PinMismatch pinMismatch ->
+ throw new IncorrectPinException(pinMismatch.getTriesRemaining());
+ case SecureValueRecovery.RestoreResponse.ApplicationError error ->
+ throw new IOException(error.getException());
+ case SecureValueRecovery.RestoreResponse.NetworkError error -> throw error.getException();
+ case SecureValueRecovery.RestoreResponse.Missing missing -> {
+ logger.debug("No SVR data stored for the given credentials.");
+ return null;
}
- return kbsData;
- } catch (UnauthenticatedResponseException | InvalidKeyException e) {
- throw new IOException(e);
+ case null, default ->
+ throw new AssertionError("Unexpected response: " + restoreResponse.getClass().getSimpleName());
}
}
}
git.nmode.ca / signal-cli / blobdiff
