import org.asamk.signal.storage.groups.GroupInfo;
import org.asamk.signal.util.DateUtils;
import org.asamk.signal.util.Util;
+import org.signal.libsignal.metadata.ProtocolUntrustedIdentityException;
import org.whispersystems.signalservice.api.messages.SignalServiceAttachment;
import org.whispersystems.signalservice.api.messages.SignalServiceAttachmentPointer;
import org.whispersystems.signalservice.api.messages.SignalServiceContent;
System.out.println("The user’s key is untrusted, either the user has reinstalled Signal or a third party sent this message.");
System.out.println("Use 'signal-cli -u " + m.getUsername() + " listIdentities -n " + e.getName() + "', verify the key and run 'signal-cli -u " + m.getUsername() + " trust -v \"FINGER_PRINT\" " + e.getName() + "' to mark it as trusted");
System.out.println("If you don't care about security, use 'signal-cli -u " + m.getUsername() + " trust -a " + e.getName() + "' to trust it without verification");
+ } else if (exception instanceof ProtocolUntrustedIdentityException) {
+ ProtocolUntrustedIdentityException e = (ProtocolUntrustedIdentityException) exception;
+ System.out.println("The user’s key is untrusted, either the user has reinstalled Signal or a third party sent this message.");
+ System.out.println("Use 'signal-cli -u " + m.getUsername() + " listIdentities -n " + e.getSender() + "', verify the key and run 'signal-cli -u " + m.getUsername() + " trust -v \"FINGER_PRINT\" " + e.getSender() + "' to mark it as trusted");
+ System.out.println("If you don't care about security, use 'signal-cli -u " + m.getUsername() + " trust -a " + e.getSender() + "' to trust it without verification");
} else {
System.out.println("Exception: " + exception.getMessage() + " (" + exception.getClass().getSimpleName() + ")");
}
import org.signal.libsignal.metadata.ProtocolNoSessionException;
import org.signal.libsignal.metadata.ProtocolUntrustedIdentityException;
import org.signal.libsignal.metadata.SelfSendException;
+import org.signal.libsignal.metadata.certificate.InvalidCertificateException;
import org.signal.zkgroup.InvalidInputException;
+import org.signal.zkgroup.VerificationFailedException;
import org.signal.zkgroup.profiles.ProfileKey;
import org.whispersystems.libsignal.IdentityKey;
import org.whispersystems.libsignal.IdentityKeyPair;
import org.whispersystems.signalservice.api.SignalServiceMessagePipe;
import org.whispersystems.signalservice.api.SignalServiceMessageReceiver;
import org.whispersystems.signalservice.api.SignalServiceMessageSender;
+import org.whispersystems.signalservice.api.crypto.InvalidCiphertextException;
+import org.whispersystems.signalservice.api.crypto.ProfileCipher;
import org.whispersystems.signalservice.api.crypto.SignalServiceCipher;
import org.whispersystems.signalservice.api.crypto.UnidentifiedAccess;
import org.whispersystems.signalservice.api.crypto.UnidentifiedAccessPair;
account.getDeviceId(), account.getSignalProtocolStore(), BaseConfig.USER_AGENT, account.isMultiDevice(), Optional.fromNullable(messagePipe), Optional.fromNullable(unidentifiedMessagePipe), Optional.absent());
}
+ private SignalServiceProfile getRecipientProfile(SignalServiceAddress address, Optional<UnidentifiedAccess> unidentifiedAccess) throws IOException {
+ SignalServiceMessagePipe pipe = unidentifiedMessagePipe != null && unidentifiedAccess.isPresent() ? unidentifiedMessagePipe
+ : messagePipe;
+
+ if (pipe != null) {
+ try {
+ return pipe.getProfile(address, Optional.absent(), unidentifiedAccess, SignalServiceProfile.RequestType.PROFILE).getProfile();
+ } catch (IOException ignored) {
+ }
+ }
+
+ SignalServiceMessageReceiver receiver = getMessageReceiver();
+ try {
+ return receiver.retrieveProfile(address, Optional.absent(), unidentifiedAccess, SignalServiceProfile.RequestType.PROFILE).getProfile();
+ } catch (VerificationFailedException e) {
+ throw new AssertionError(e);
+ }
+ }
+
private Optional<SignalServiceAttachmentStream> createGroupAvatarAttachment(byte[] groupId) throws IOException {
File file = getGroupAvatarFile(groupId);
if (!file.exists()) {
}
}
+ private byte[] getSenderCertificate() throws IOException {
+ byte[] certificate = accountManager.getSenderCertificate();
+ // TODO cache for a day
+ return certificate;
+ }
+
private byte[] getSelfUnidentifiedAccessKey() {
return UnidentifiedAccess.deriveAccessKeyFrom(account.getProfileKey());
}
- private byte[] getTargetUnidentifiedAccessKey(SignalServiceAddress recipient) {
- // TODO implement
- return null;
+ private static SignalProfile decryptProfile(SignalServiceProfile encryptedProfile, ProfileKey profileKey) throws IOException {
+ ProfileCipher profileCipher = new ProfileCipher(profileKey);
+ try {
+ return new SignalProfile(
+ encryptedProfile.getIdentityKey(),
+ encryptedProfile.getName() == null ? null : new String(profileCipher.decryptName(Base64.decode(encryptedProfile.getName()))),
+ encryptedProfile.getAvatar(),
+ encryptedProfile.getUnidentifiedAccess() == null || !profileCipher.verifyUnidentifiedAccess(Base64.decode(encryptedProfile.getUnidentifiedAccess())) ? null : encryptedProfile.getUnidentifiedAccess(),
+ encryptedProfile.isUnrestrictedUnidentifiedAccess()
+ );
+ } catch (InvalidCiphertextException e) {
+ return null;
+ }
}
- private Optional<UnidentifiedAccessPair> getAccessForSync() {
- // TODO implement
- return Optional.absent();
+ private byte[] getTargetUnidentifiedAccessKey(SignalServiceAddress recipient) throws IOException {
+ ContactInfo contact = account.getContactStore().getContact(recipient.getNumber().get());
+ if (contact == null || contact.profileKey == null) {
+ return null;
+ }
+ ProfileKey theirProfileKey;
+ try {
+ theirProfileKey = new ProfileKey(Base64.decode(contact.profileKey));
+ } catch (InvalidInputException e) {
+ throw new AssertionError(e);
+ }
+ SignalProfile targetProfile = decryptProfile(getRecipientProfile(recipient, Optional.absent()), theirProfileKey);
+
+ if (targetProfile == null || targetProfile.getUnidentifiedAccess() == null) {
+ return null;
+ }
+
+ if (targetProfile.isUnrestrictedUnidentifiedAccess()) {
+ return KeyUtils.createUnrestrictedUnidentifiedAccess();
+ }
+
+ return UnidentifiedAccess.deriveAccessKeyFrom(theirProfileKey);
+ }
+
+ private Optional<UnidentifiedAccessPair> getAccessForSync() throws IOException {
+ byte[] selfUnidentifiedAccessKey = getSelfUnidentifiedAccessKey();
+ byte[] selfUnidentifiedAccessCertificate = getSenderCertificate();
+
+ if (selfUnidentifiedAccessKey == null || selfUnidentifiedAccessCertificate == null) {
+ return Optional.absent();
+ }
+
+ try {
+ return Optional.of(new UnidentifiedAccessPair(
+ new UnidentifiedAccess(selfUnidentifiedAccessKey, selfUnidentifiedAccessCertificate),
+ new UnidentifiedAccess(selfUnidentifiedAccessKey, selfUnidentifiedAccessCertificate)
+ ));
+ } catch (InvalidCertificateException e) {
+ return Optional.absent();
+ }
}
- private List<Optional<UnidentifiedAccessPair>> getAccessFor(Collection<SignalServiceAddress> recipients) {
+ private List<Optional<UnidentifiedAccessPair>> getAccessFor(Collection<SignalServiceAddress> recipients) throws IOException {
List<Optional<UnidentifiedAccessPair>> result = new ArrayList<>(recipients.size());
for (SignalServiceAddress recipient : recipients) {
- result.add(Optional.absent());
+ result.add(getAccessFor(recipient));
}
return result;
}
- private Optional<UnidentifiedAccessPair> getAccessFor(SignalServiceAddress recipient) {
- // TODO implement
- return Optional.absent();
+ private Optional<UnidentifiedAccessPair> getAccessFor(SignalServiceAddress recipient) throws IOException {
+ byte[] recipientUnidentifiedAccessKey = getTargetUnidentifiedAccessKey(recipient);
+ byte[] selfUnidentifiedAccessKey = getSelfUnidentifiedAccessKey();
+ byte[] selfUnidentifiedAccessCertificate = getSenderCertificate();
+
+ if (recipientUnidentifiedAccessKey == null || selfUnidentifiedAccessKey == null || selfUnidentifiedAccessCertificate == null) {
+ return Optional.absent();
+ }
+
+ try {
+ return Optional.of(new UnidentifiedAccessPair(
+ new UnidentifiedAccess(recipientUnidentifiedAccessKey, selfUnidentifiedAccessCertificate),
+ new UnidentifiedAccess(selfUnidentifiedAccessKey, selfUnidentifiedAccessCertificate)
+ ));
+ } catch (InvalidCertificateException e) {
+ return Optional.absent();
+ }
}
private void sendSyncMessage(SignalServiceSyncMessage message)
return Collections.emptyList();
}
+ if (messagePipe == null) {
+ messagePipe = getMessageReceiver().createMessagePipe();
+ }
+ if (unidentifiedMessagePipe == null) {
+ unidentifiedMessagePipe = getMessageReceiver().createUnidentifiedMessagePipe();
+ }
SignalServiceDataMessage message = null;
try {
SignalServiceMessageSender messageSender = getMessageSender();
--- /dev/null
+package org.asamk.signal.manager;
+
+public class SignalProfile {
+
+ private final String identityKey;
+
+ private final String name;
+
+ private final String avatar;
+
+ private final String unidentifiedAccess;
+
+ private final boolean unrestrictedUnidentifiedAccess;
+
+ public SignalProfile(final String identityKey, final String name, final String avatar, final String unidentifiedAccess, final boolean unrestrictedUnidentifiedAccess) {
+ this.identityKey = identityKey;
+ this.name = name;
+ this.avatar = avatar;
+ this.unidentifiedAccess = unidentifiedAccess;
+ this.unrestrictedUnidentifiedAccess = unrestrictedUnidentifiedAccess;
+ }
+
+ public String getIdentityKey() {
+ return identityKey;
+ }
+
+ public String getName() {
+ return name;
+ }
+
+ public String getAvatar() {
+ return avatar;
+ }
+
+ public String getUnidentifiedAccess() {
+ return unidentifiedAccess;
+ }
+
+ public boolean isUnrestrictedUnidentifiedAccess() {
+ return unrestrictedUnidentifiedAccess;
+ }
+
+ @Override
+ public String toString() {
+ return "SignalProfile{" +
+ "identityKey='" + identityKey + '\'' +
+ ", name='" + name + '\'' +
+ ", avatar='" + avatar + '\'' +
+ ", unidentifiedAccess='" + unidentifiedAccess + '\'' +
+ ", unrestrictedUnidentifiedAccess=" + unrestrictedUnidentifiedAccess +
+ '}';
+ }
+}
git.nmode.ca / signal-cli / commitdiff
