Merge tag '2.32.0.17'

Signal/src/Jobs/MessageFetcherJob.swift

@@ -198,8 +198,8 @@ private
 
     private func acknowledgeDelivery(envelope: SSKProtoEnvelope) {
         let request: TSRequest
-        if let serverGuid = envelope.serverGuid, envelope.hasServerTimestamp, serverGuid.count > 0, envelope.serverTimestamp > 0 {
+        if let serverGuid = envelope.serverGuid, serverGuid.count > 0 {
-            request = OWSRequestFactory.acknowledgeMessageDeliveryRequest(withServerGuid: serverGuid, serverTimestamp: envelope.serverTimestamp)
+            request = OWSRequestFactory.acknowledgeMessageDeliveryRequest(withServerGuid: serverGuid)
         } else if let source = envelope.source, source.count > 0, envelope.timestamp > 0 {
             request = OWSRequestFactory.acknowledgeMessageDeliveryRequest(withSource: source, timestamp: envelope.timestamp)
         } else {

SignalMessaging/profiles/ProfileFetcherJob.swift

@@ -70,6 +70,10 @@ public class ProfileFetcherJob: NSObject {
         return SignalServiceRestClient()
     }
 
+    private var tsAccountManager: TSAccountManager {
+        return SSKEnvironment.shared.tsAccountManager
+    }
+
     // MARK: -
 
     public func run(recipientIds: [String]) {
@@ -143,8 +147,13 @@ public class ProfileFetcherJob: NSObject {
 
         Logger.error("getProfile: \(recipientId)")
 
-        let udAccess = udManager.udAccess(forRecipientId: recipientId,
+        // Don't use UD for "self" profile fetches.
-            requireSyncAccess: false)
+        var udAccess: OWSUDAccess?
+        if recipientId != tsAccountManager.localNumber() {
+            udAccess = udManager.udAccess(forRecipientId: recipientId,
+                                          requireSyncAccess: false)
+        }
+        
         return requestProfile(recipientId: recipientId,
                               udAccess: udAccess,
                               canFailoverUDAuth: true)

SignalServiceKit/src/Messages/UD/OWSUDManager.swift

@@ -12,6 +12,15 @@ public enum OWSUDError: Error {
     case invalidData(description: String)
 }
 
+@objc
+public enum OWSUDCertificateExpirationPolicy: Int {
+    // We want to try to rotate the sender certificate
+    // on a frequent basis, but we don't want to block
+    // sending on this.
+    case strict
+    case permissive
+}
+
 @objc
 public enum UnidentifiedAccessMode: Int {
     case unknown
@@ -104,6 +113,8 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
     private let kUDCollection = "kUDCollection"
     private let kUDCurrentSenderCertificateKey_Production = "kUDCurrentSenderCertificateKey_Production"
     private let kUDCurrentSenderCertificateKey_Staging = "kUDCurrentSenderCertificateKey_Staging"
+    private let kUDCurrentSenderCertificateDateKey_Production = "kUDCurrentSenderCertificateDateKey_Production"
+    private let kUDCurrentSenderCertificateDateKey_Staging = "kUDCurrentSenderCertificateDateKey_Staging"
     private let kUDUnrestrictedAccessKey = "kUDUnrestrictedAccessKey"
 
     // MARK: Recipient State
@@ -128,12 +139,16 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
             }
 
             // Any error is silently ignored on startup.
-            self.ensureSenderCertificate().retainUntilComplete()
+            self.ensureSenderCertificate(certificateExpirationPolicy: .strict).retainUntilComplete()
         }
         NotificationCenter.default.addObserver(self,
                                                selector: #selector(registrationStateDidChange),
                                                name: .RegistrationStateDidChange,
                                                object: nil)
+        NotificationCenter.default.addObserver(self,
+                                               selector: #selector(didBecomeActive),
+                                               name: NSNotification.Name.OWSApplicationDidBecomeActive,
+                                               object: nil)
     }
 
     @objc
@@ -141,7 +156,20 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
         AssertIsOnMainThread()
 
         // Any error is silently ignored
-        ensureSenderCertificate().retainUntilComplete()
+        ensureSenderCertificate(certificateExpirationPolicy: .strict).retainUntilComplete()
+    }
+
+    @objc func didBecomeActive() {
+        AssertIsOnMainThread()
+
+        AppReadiness.runNowOrWhenAppDidBecomeReady {
+            guard TSAccountManager.isRegistered() else {
+                return
+            }
+
+            // Any error is silently ignored on startup.
+            self.ensureSenderCertificate(certificateExpirationPolicy: .strict).retainUntilComplete()
+        }
     }
 
     // MARK: -
@@ -308,11 +336,21 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
     #if DEBUG
     @objc
     public func hasSenderCertificate() -> Bool {
-        return senderCertificate() != nil
+        return senderCertificate(certificateExpirationPolicy: .permissive) != nil
     }
     #endif
 
-    private func senderCertificate() -> SMKSenderCertificate? {
+    private func senderCertificate(certificateExpirationPolicy: OWSUDCertificateExpirationPolicy) -> SMKSenderCertificate? {
+        if certificateExpirationPolicy == .strict {
+            guard let certificateDate = dbConnection.object(forKey: senderCertificateDateKey(), inCollection: kUDCollection) as? Date else {
+                return nil
+            }
+            guard certificateDate.timeIntervalSinceNow < kDayInterval else {
+                // Discard certificates that we obtained more than 24 hours ago.
+                return nil
+            }
+        }
+
         guard let certificateData = dbConnection.object(forKey: senderCertificateKey(), inCollection: kUDCollection) as? Data else {
             return nil
         }
@@ -333,6 +371,7 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
     }
 
     func setSenderCertificate(_ certificateData: Data) {
+        dbConnection.setObject(Date(), forKey: senderCertificateDateKey(), inCollection: kUDCollection)
         dbConnection.setObject(certificateData, forKey: senderCertificateKey(), inCollection: kUDCollection)
     }
 
@@ -340,11 +379,23 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
         return IsUsingProductionService() ? kUDCurrentSenderCertificateKey_Production : kUDCurrentSenderCertificateKey_Staging
     }
 
+    private func senderCertificateDateKey() -> String {
+        return IsUsingProductionService() ? kUDCurrentSenderCertificateDateKey_Production : kUDCurrentSenderCertificateDateKey_Staging
+    }
+
     @objc
     public func ensureSenderCertificate(success:@escaping (SMKSenderCertificate) -> Void,
                                         failure:@escaping (Error) -> Void) {
+        return ensureSenderCertificate(certificateExpirationPolicy: .permissive,
+                                        success: success,
+                                        failure: failure)
+    }
+
+    private func ensureSenderCertificate(certificateExpirationPolicy: OWSUDCertificateExpirationPolicy,
+                                        success:@escaping (SMKSenderCertificate) -> Void,
+                                        failure:@escaping (Error) -> Void) {
         firstly {
-            ensureSenderCertificate()
+            ensureSenderCertificate(certificateExpirationPolicy: certificateExpirationPolicy)
         }.map { certificate in
             success(certificate)
         }.catch { error in
@@ -352,9 +403,11 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
         }.retainUntilComplete()
     }
 
-    public func ensureSenderCertificate() -> Promise<SMKSenderCertificate> {
+    public func ensureSenderCertificate(certificateExpirationPolicy: OWSUDCertificateExpirationPolicy) -> Promise<SMKSenderCertificate> {
         // If there is a valid cached sender certificate, use that.
-        if let certificate = senderCertificate() {
+        //
+        // NOTE: We use a "strict" expiration policy.
+        if let certificate = senderCertificate(certificateExpirationPolicy: certificateExpirationPolicy) {
             return Promise.value(certificate)
         }
 

SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h

@@ -23,8 +23,7 @@ typedef NS_ENUM(NSUInteger, TSVerificationTransport) { TSVerificationTransportVo
 
 + (TSRequest *)acknowledgeMessageDeliveryRequestWithSource:(NSString *)source timestamp:(UInt64)timestamp;
 
-+ (TSRequest *)acknowledgeMessageDeliveryRequestWithServerGuid:(NSString *)serverGuid
++ (TSRequest *)acknowledgeMessageDeliveryRequestWithServerGuid:(NSString *)serverGuid;
-                                               serverTimestamp:(UInt64)serverTimestamp;
 
 + (TSRequest *)deleteDeviceRequestWithDevice:(OWSDevice *)device;
 

SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m

@@ -73,12 +73,10 @@ NS_ASSUME_NONNULL_BEGIN
 }
 
 + (TSRequest *)acknowledgeMessageDeliveryRequestWithServerGuid:(NSString *)serverGuid
-                                               serverTimestamp:(UInt64)serverTimestamp
 {
     OWSAssertDebug(serverGuid.length > 0);
-    OWSAssertDebug(serverTimestamp > 0);
 
-    NSString *path = [NSString stringWithFormat:@"v1/messages/%@/%llu", serverGuid, serverTimestamp];
+    NSString *path = [NSString stringWithFormat:@"v1/messages/uuid/%@", serverGuid];
 
     return [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"DELETE" parameters:@{}];
 }