import org.asamk.signal.manager.storage.SignalAccount;
import org.asamk.signal.manager.util.KeyUtils;
import org.signal.libsignal.protocol.IdentityKeyPair;
+import org.signal.libsignal.protocol.InvalidKeyIdException;
import org.signal.libsignal.protocol.state.KyberPreKeyRecord;
import org.signal.libsignal.protocol.state.PreKeyRecord;
import org.signal.libsignal.protocol.state.SignedPreKeyRecord;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
+import org.whispersystems.signalservice.api.NetworkResultUtil;
import org.whispersystems.signalservice.api.account.PreKeyUpload;
+import org.whispersystems.signalservice.api.keys.OneTimePreKeyCounts;
import org.whispersystems.signalservice.api.push.ServiceIdType;
import org.whispersystems.signalservice.api.push.exceptions.AuthorizationFailedException;
-import org.whispersystems.signalservice.internal.push.OneTimePreKeyCounts;
+import org.whispersystems.signalservice.api.push.exceptions.NonSuccessfulResponseCodeException;
import java.io.IOException;
import java.util.List;
+import static org.asamk.signal.manager.config.ServiceConfig.PREKEY_STALE_AGE;
+import static org.asamk.signal.manager.config.ServiceConfig.SIGNED_PREKEY_ROTATE_AGE;
+import static org.asamk.signal.manager.util.Utils.handleResponseException;
+
public class PreKeyHelper {
- private final static Logger logger = LoggerFactory.getLogger(PreKeyHelper.class);
+ private static final Logger logger = LoggerFactory.getLogger(PreKeyHelper.class);
private final SignalAccount account;
private final SignalDependencies dependencies;
- public PreKeyHelper(
- final SignalAccount account, final SignalDependencies dependencies
- ) {
+ public PreKeyHelper(final SignalAccount account, final SignalDependencies dependencies) {
this.account = account;
this.dependencies = dependencies;
}
refreshPreKeysIfNecessary(ServiceIdType.PNI);
}
+ public void forceRefreshPreKeys() throws IOException {
+ forceRefreshPreKeys(ServiceIdType.ACI);
+ forceRefreshPreKeys(ServiceIdType.PNI);
+ }
+
public void refreshPreKeysIfNecessary(ServiceIdType serviceIdType) throws IOException {
+ final var identityKeyPair = account.getIdentityKeyPair(serviceIdType);
+ if (identityKeyPair == null) {
+ return;
+ }
+ final var accountId = account.getAccountId(serviceIdType);
+ if (accountId == null) {
+ return;
+ }
+
+ if (refreshPreKeysIfNecessary(serviceIdType, identityKeyPair)) {
+ refreshPreKeysIfNecessary(serviceIdType, identityKeyPair);
+ }
+ }
+
+ public void forceRefreshPreKeys(ServiceIdType serviceIdType) throws IOException {
+ final var identityKeyPair = account.getIdentityKeyPair(serviceIdType);
+ if (identityKeyPair == null) {
+ return;
+ }
+ final var accountId = account.getAccountId(serviceIdType);
+ if (accountId == null) {
+ return;
+ }
+
+ final var counts = new OneTimePreKeyCounts(0, 0);
+ if (refreshPreKeysIfNecessary(serviceIdType, identityKeyPair, counts, true)) {
+ refreshPreKeysIfNecessary(serviceIdType, identityKeyPair, counts, true);
+ }
+ }
+
+ private boolean refreshPreKeysIfNecessary(
+ final ServiceIdType serviceIdType,
+ final IdentityKeyPair identityKeyPair
+ ) throws IOException {
OneTimePreKeyCounts preKeyCounts;
try {
- preKeyCounts = dependencies.getAccountManager().getPreKeyCounts(serviceIdType);
+ preKeyCounts = handleResponseException(dependencies.getKeysApi().getAvailablePreKeyCounts(serviceIdType));
} catch (AuthorizationFailedException e) {
logger.debug("Failed to get pre key count, ignoring: " + e.getClass().getSimpleName());
preKeyCounts = new OneTimePreKeyCounts(0, 0);
}
- if (preKeyCounts.getEcCount() < ServiceConfig.PREKEY_MINIMUM_COUNT) {
+
+ return refreshPreKeysIfNecessary(serviceIdType, identityKeyPair, preKeyCounts, false);
+ }
+
+ private boolean refreshPreKeysIfNecessary(
+ final ServiceIdType serviceIdType,
+ final IdentityKeyPair identityKeyPair,
+ final OneTimePreKeyCounts preKeyCounts,
+ final boolean force
+ ) throws IOException {
+ List<PreKeyRecord> preKeyRecords = null;
+ if (force || preKeyCounts.getEcCount() < ServiceConfig.PREKEY_MINIMUM_COUNT) {
logger.debug("Refreshing {} ec pre keys, because only {} of min {} pre keys remain",
serviceIdType,
preKeyCounts.getEcCount(),
ServiceConfig.PREKEY_MINIMUM_COUNT);
- refreshPreKeys(serviceIdType);
+ preKeyRecords = generatePreKeys(serviceIdType);
+ }
+
+ SignedPreKeyRecord signedPreKeyRecord = null;
+ if (force || signedPreKeyNeedsRefresh(serviceIdType)) {
+ logger.debug("Refreshing {} signed pre key.", serviceIdType);
+ signedPreKeyRecord = generateSignedPreKey(serviceIdType, identityKeyPair);
}
- if (preKeyCounts.getKyberCount() < ServiceConfig.PREKEY_MINIMUM_COUNT) {
+
+ List<KyberPreKeyRecord> kyberPreKeyRecords = null;
+ if (force || preKeyCounts.getKyberCount() < ServiceConfig.PREKEY_MINIMUM_COUNT) {
logger.debug("Refreshing {} kyber pre keys, because only {} of min {} pre keys remain",
serviceIdType,
preKeyCounts.getKyberCount(),
ServiceConfig.PREKEY_MINIMUM_COUNT);
- refreshKyberPreKeys(serviceIdType);
+ kyberPreKeyRecords = generateKyberPreKeys(serviceIdType, identityKeyPair);
}
- }
- private void refreshPreKeys(ServiceIdType serviceIdType) throws IOException {
- final var identityKeyPair = account.getIdentityKeyPair(serviceIdType);
- if (identityKeyPair == null) {
- return;
+ KyberPreKeyRecord lastResortKyberPreKeyRecord = null;
+ if (force || lastResortKyberPreKeyNeedsRefresh(serviceIdType)) {
+ logger.debug("Refreshing {} last resort kyber pre key.", serviceIdType);
+ lastResortKyberPreKeyRecord = generateLastResortKyberPreKey(serviceIdType,
+ identityKeyPair,
+ kyberPreKeyRecords == null ? 0 : kyberPreKeyRecords.size());
}
- final var accountId = account.getAccountId(serviceIdType);
- if (accountId == null) {
- return;
+
+ if (signedPreKeyRecord == null
+ && preKeyRecords == null
+ && lastResortKyberPreKeyRecord == null
+ && kyberPreKeyRecords == null) {
+ return false;
}
+
+ final var preKeyUpload = new PreKeyUpload(serviceIdType,
+ signedPreKeyRecord,
+ preKeyRecords,
+ lastResortKyberPreKeyRecord,
+ kyberPreKeyRecords);
+ var needsReset = false;
try {
- refreshPreKeys(serviceIdType, identityKeyPair);
- } catch (Exception e) {
- logger.warn("Failed to store new pre keys, resetting preKey id offset", e);
- account.resetPreKeyOffsets(serviceIdType);
- refreshPreKeys(serviceIdType, identityKeyPair);
+ NetworkResultUtil.toPreKeysLegacy(dependencies.getKeysApi().setPreKeys(preKeyUpload));
+ try {
+ if (preKeyRecords != null) {
+ account.addPreKeys(serviceIdType, preKeyRecords);
+ }
+ if (signedPreKeyRecord != null) {
+ account.addSignedPreKey(serviceIdType, signedPreKeyRecord);
+ }
+ } catch (Exception e) {
+ logger.warn("Failed to store new pre keys, resetting preKey id offset", e);
+ account.resetPreKeyOffsets(serviceIdType);
+ needsReset = true;
+ }
+ try {
+ if (kyberPreKeyRecords != null) {
+ account.addKyberPreKeys(serviceIdType, kyberPreKeyRecords);
+ }
+ if (lastResortKyberPreKeyRecord != null) {
+ account.addLastResortKyberPreKey(serviceIdType, lastResortKyberPreKeyRecord);
+ }
+ } catch (Exception e) {
+ logger.warn("Failed to store new kyber pre keys, resetting preKey id offset", e);
+ account.resetKyberPreKeyOffsets(serviceIdType);
+ needsReset = true;
+ }
+ } catch (AuthorizationFailedException e) {
+ // This can happen when the primary device has changed phone number
+ logger.warn("Failed to updated pre keys: {}", e.getMessage());
+ } catch (NonSuccessfulResponseCodeException e) {
+ if (serviceIdType != ServiceIdType.PNI || e.code != 422) {
+ throw e;
+ }
+ logger.warn("Failed to set PNI pre keys, ignoring for now. Account needs to be reregistered to fix this.");
}
+ return needsReset;
}
- private void refreshPreKeys(
- final ServiceIdType serviceIdType, final IdentityKeyPair identityKeyPair
- ) throws IOException {
- final var oneTimePreKeys = generatePreKeys(serviceIdType);
- final var signedPreKeyRecord = generateSignedPreKey(serviceIdType, identityKeyPair);
+ public void cleanOldPreKeys() {
+ cleanOldPreKeys(ServiceIdType.ACI);
+ cleanOldPreKeys(ServiceIdType.PNI);
+ }
- final var preKeyUpload = new PreKeyUpload(serviceIdType,
- identityKeyPair.getPublicKey(),
- signedPreKeyRecord,
- oneTimePreKeys,
- null,
- null);
- dependencies.getAccountManager().setPreKeys(preKeyUpload);
+ private void cleanOldPreKeys(final ServiceIdType serviceIdType) {
+ cleanSignedPreKeys(serviceIdType);
+ cleanOneTimePreKeys(serviceIdType);
}
private List<PreKeyRecord> generatePreKeys(ServiceIdType serviceIdType) {
- final var offset = account.getPreKeyIdOffset(serviceIdType);
+ final var accountData = account.getAccountData(serviceIdType);
+ final var offset = accountData.getPreKeyMetadata().getNextPreKeyId();
- var records = KeyUtils.generatePreKeyRecords(offset);
- account.addPreKeys(serviceIdType, records);
-
- return records;
+ return KeyUtils.generatePreKeyRecords(offset);
}
- private SignedPreKeyRecord generateSignedPreKey(ServiceIdType serviceIdType, IdentityKeyPair identityKeyPair) {
- final var signedPreKeyId = account.getNextSignedPreKeyId(serviceIdType);
-
- var record = KeyUtils.generateSignedPreKeyRecord(signedPreKeyId, identityKeyPair);
- account.addSignedPreKey(serviceIdType, record);
-
- return record;
- }
+ private boolean signedPreKeyNeedsRefresh(ServiceIdType serviceIdType) {
+ final var accountData = account.getAccountData(serviceIdType);
- private void refreshKyberPreKeys(ServiceIdType serviceIdType) throws IOException {
- final var identityKeyPair = account.getIdentityKeyPair(serviceIdType);
- if (identityKeyPair == null) {
- return;
- }
- final var accountId = account.getAccountId(serviceIdType);
- if (accountId == null) {
- return;
+ final var activeSignedPreKeyId = accountData.getPreKeyMetadata().getActiveSignedPreKeyId();
+ if (activeSignedPreKeyId == -1) {
+ return true;
}
try {
- refreshKyberPreKeys(serviceIdType, identityKeyPair);
- } catch (Exception e) {
- logger.warn("Failed to store new pre keys, resetting preKey id offset", e);
- account.resetKyberPreKeyOffsets(serviceIdType);
- refreshKyberPreKeys(serviceIdType, identityKeyPair);
+ final var signedPreKeyRecord = accountData.getSignedPreKeyStore().loadSignedPreKey(activeSignedPreKeyId);
+ return signedPreKeyRecord.getTimestamp() < System.currentTimeMillis() - SIGNED_PREKEY_ROTATE_AGE;
+ } catch (InvalidKeyIdException e) {
+ return true;
}
}
- private void refreshKyberPreKeys(
- final ServiceIdType serviceIdType, final IdentityKeyPair identityKeyPair
- ) throws IOException {
- final var oneTimePreKeys = generateKyberPreKeys(serviceIdType, identityKeyPair);
- final var lastResortPreKeyRecord = generateLastResortKyberPreKey(serviceIdType, identityKeyPair);
+ private SignedPreKeyRecord generateSignedPreKey(ServiceIdType serviceIdType, IdentityKeyPair identityKeyPair) {
+ final var accountData = account.getAccountData(serviceIdType);
+ final var signedPreKeyId = accountData.getPreKeyMetadata().getNextSignedPreKeyId();
- final var preKeyUpload = new PreKeyUpload(serviceIdType,
- identityKeyPair.getPublicKey(),
- null,
- null,
- lastResortPreKeyRecord,
- oneTimePreKeys);
- dependencies.getAccountManager().setPreKeys(preKeyUpload);
+ return KeyUtils.generateSignedPreKeyRecord(signedPreKeyId, identityKeyPair.getPrivateKey());
}
private List<KyberPreKeyRecord> generateKyberPreKeys(
- ServiceIdType serviceIdType, final IdentityKeyPair identityKeyPair
+ ServiceIdType serviceIdType,
+ final IdentityKeyPair identityKeyPair
) {
- final var offset = account.getKyberPreKeyIdOffset(serviceIdType);
+ final var accountData = account.getAccountData(serviceIdType);
+ final var offset = accountData.getPreKeyMetadata().getNextKyberPreKeyId();
+
+ return KeyUtils.generateKyberPreKeyRecords(offset, identityKeyPair.getPrivateKey());
+ }
- var records = KeyUtils.generateKyberPreKeyRecords(offset, identityKeyPair.getPrivateKey());
- account.addKyberPreKeys(serviceIdType, records);
+ private boolean lastResortKyberPreKeyNeedsRefresh(ServiceIdType serviceIdType) {
+ final var accountData = account.getAccountData(serviceIdType);
- return records;
+ final var activeLastResortKyberPreKeyId = accountData.getPreKeyMetadata().getActiveLastResortKyberPreKeyId();
+ if (activeLastResortKyberPreKeyId == -1) {
+ return true;
+ }
+ try {
+ final var kyberPreKeyRecord = accountData.getKyberPreKeyStore()
+ .loadKyberPreKey(activeLastResortKyberPreKeyId);
+ return kyberPreKeyRecord.getTimestamp() < System.currentTimeMillis() - SIGNED_PREKEY_ROTATE_AGE;
+ } catch (InvalidKeyIdException e) {
+ return true;
+ }
}
private KyberPreKeyRecord generateLastResortKyberPreKey(
- ServiceIdType serviceIdType, IdentityKeyPair identityKeyPair
+ ServiceIdType serviceIdType,
+ IdentityKeyPair identityKeyPair,
+ final int offset
) {
- final var signedPreKeyId = account.getKyberPreKeyIdOffset(serviceIdType);
+ final var accountData = account.getAccountData(serviceIdType);
+ final var signedPreKeyId = accountData.getPreKeyMetadata().getNextKyberPreKeyId() + offset;
+
+ return KeyUtils.generateKyberPreKeyRecord(signedPreKeyId, identityKeyPair.getPrivateKey());
+ }
+
+ private void cleanSignedPreKeys(ServiceIdType serviceIdType) {
+ final var accountData = account.getAccountData(serviceIdType);
+
+ final var activeSignedPreKeyId = accountData.getPreKeyMetadata().getActiveSignedPreKeyId();
+ accountData.getSignedPreKeyStore().removeOldSignedPreKeys(activeSignedPreKeyId);
+
+ final var activeLastResortKyberPreKeyId = accountData.getPreKeyMetadata().getActiveLastResortKyberPreKeyId();
+ accountData.getKyberPreKeyStore().removeOldLastResortKyberPreKeys(activeLastResortKyberPreKeyId);
+ }
- var record = KeyUtils.generateKyberPreKeyRecord(signedPreKeyId, identityKeyPair.getPrivateKey());
- account.addLastResortKyberPreKey(serviceIdType, record);
+ private void cleanOneTimePreKeys(ServiceIdType serviceIdType) {
+ long threshold = System.currentTimeMillis() - PREKEY_STALE_AGE;
+ int minCount = 200;
- return record;
+ final var accountData = account.getAccountData(serviceIdType);
+ accountData.getPreKeyStore().deleteAllStaleOneTimeEcPreKeys(threshold, minCount);
+ accountData.getKyberPreKeyStore().deleteAllStaleOneTimeKyberPreKeys(threshold, minCount);
}
}
git.nmode.ca / signal-cli / blobdiff
