keejef
/
session-ios
mirror of https://github.com/oxen-io/session-ios
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'mkirk/unidentified-profile-fetch' into private-master

Browse Source
pull/1/head
Michael Kirk 7 years ago
parent 1b94207452 a5db222c7a
commit 92f1827627
11 changed files with 260 additions and 178 deletions
Show Stats Download Patch File Download Diff File

128
SignalMessaging/profiles/ProfileFetcherJob.swift
Unescape Escape View File

@ -56,6 +56,11 @@ public class ProfileFetcherJob: NSObject {
return SSKEnvironment.shared.identityManager return SSKEnvironment.shared.identityManager
} }
private var signalServiceClient: SignalServiceClient {
// TODO hang on SSKEnvironment
return SignalServiceRestClient()
}
// MARK: - // MARK: -
public func run(recipientIds: [String]) { public func run(recipientIds: [String]) {
@ -88,8 +93,7 @@ public class ProfileFetcherJob: NSObject {
} }
enum ProfileFetcherJobError: Error { enum ProfileFetcherJobError: Error {
case throttled(lastTimeInterval: TimeInterval), case throttled(lastTimeInterval: TimeInterval)
unknownNetworkError
} }
public func updateProfile(recipientId: String, remainingRetries: Int = 3) { public func updateProfile(recipientId: String, remainingRetries: Int = 3) {
@ -130,14 +134,14 @@ public class ProfileFetcherJob: NSObject {
Logger.error("getProfile: \(recipientId)") Logger.error("getProfile: \(recipientId)")
let request = OWSRequestFactory.getProfileRequest(withRecipientId: recipientId) let unidentifiedAccess: SSKUnidentifiedAccess? = self.getUnidentifiedAccess(forRecipientId: recipientId)
let socketType: OWSWebSocketType = unidentifiedAccess == nil ? .default : .UD
let (promise, fulfill, reject) = Promise<SignalServiceProfile>.pending() if socketManager.canMakeRequests(of: socketType) {
let request = OWSRequestFactory.getProfileRequest(recipientId: recipientId, unidentifiedAccess: unidentifiedAccess)
let (promise, fulfill, reject) = Promise<SignalServiceProfile>.pending()
// TODO: Use UD socket for some profile gets.
if socketManager.canMakeRequests(of: .default) {
self.socketManager.make(request, self.socketManager.make(request,
webSocketType: .default, webSocketType: socketType,
success: { (responseObject: Any?) -> Void in success: { (responseObject: Any?) -> Void in
do { do {
let profile = try SignalServiceProfile(recipientId: recipientId, responseObject: responseObject) let profile = try SignalServiceProfile(recipientId: recipientId, responseObject: responseObject)
@ -149,27 +153,10 @@ public class ProfileFetcherJob: NSObject {
failure: { (_: NSInteger, _:Data?, error: Error) in failure: { (_: NSInteger, _:Data?, error: Error) in
reject(error) reject(error)
}) })
return promise
} else { } else {
self.networkManager.makeRequest(request, return self.signalServiceClient.retrieveProfile(recipientId: recipientId, unidentifiedAccess: unidentifiedAccess)
success: { (_: URLSessionDataTask?, responseObject: Any?) -> Void in
do {
let profile = try SignalServiceProfile(recipientId: recipientId, responseObject: responseObject)
fulfill(profile)
} catch {
reject(error)
}
},
failure: { (_: URLSessionDataTask?, error: Error?) in
if let error = error {
reject(error)
}
reject(ProfileFetcherJobError.unknownNetworkError)
})
} }
return promise
} }
private func updateProfile(signalServiceProfile: SignalServiceProfile) { private func updateProfile(signalServiceProfile: SignalServiceProfile) {
@ -180,29 +167,34 @@ public class ProfileFetcherJob: NSObject {
profileNameEncrypted: signalServiceProfile.profileNameEncrypted, profileNameEncrypted: signalServiceProfile.profileNameEncrypted,
avatarUrlPath: signalServiceProfile.avatarUrlPath) avatarUrlPath: signalServiceProfile.avatarUrlPath)
// Recipients should be in "UD delivery mode" IFF: updateUnidentifiedAccess(recipientId: recipientId, verifier: signalServiceProfile.unidentifiedAccessVerifier, hasUnrestrictedAccess: signalServiceProfile.hasUnrestrictedUnidentifiedAccess)
// }
// * Their profile includes a unidentifiedAccessVerifier.
// * The unidentifiedAccessVerifier matches the "expected" value derived private func updateUnidentifiedAccess(recipientId: String, verifier: Data?, hasUnrestrictedAccess: Bool) {
// from their profile key (if any). if hasUnrestrictedAccess {
// udManager.setUnidentifiedAccessMode(.unrestricted, recipientId: recipientId)
// Recipients should be in "normal delivery mode" otherwise. return
var supportsUnidentifiedDelivery = false
if let unidentifiedAccessVerifier = signalServiceProfile.unidentifiedAccessVerifier,
let udAccessKey = udManager.udAccessKeyForRecipient(recipientId) {
let dataToVerify = Data(count: 32)
if let expectedVerfier = Cryptography.computeSHA256HMAC(dataToVerify, withHMACKey: udAccessKey.keyData) {
supportsUnidentifiedDelivery = expectedVerfier == unidentifiedAccessVerifier
} else {
owsFailDebug("could not verify UD")
}
} }
// TODO: We may want to only call setSupportsUnidentifiedDelivery if guard let verifier = verifier, let udAccessKey = udManager.udAccessKeyForRecipient(recipientId) else {
// supportsUnidentifiedDelivery is true. udManager.setUnidentifiedAccessMode(.disabled, recipientId: recipientId)
udManager.setSupportsUnidentifiedDelivery(supportsUnidentifiedDelivery, recipientId: recipientId) return
}
let dataToVerify = Data(count: 32)
guard let expectedVerfier = Cryptography.computeSHA256HMAC(dataToVerify, withHMACKey: udAccessKey.keyData) else {
owsFailDebug("could not compute verification")
udManager.setUnidentifiedAccessMode(.disabled, recipientId: recipientId)
return
}
udManager.setShouldAllowUnrestrictedAccess(recipientId: recipientId, shouldAllowUnrestrictedAccess: signalServiceProfile.hasUnrestrictedUnidentifiedAccess) guard expectedVerfier == verifier else {
Logger.verbose("verifier mismatch, new profile key?")
udManager.setUnidentifiedAccessMode(.disabled, recipientId: recipientId)
return
}
udManager.setUnidentifiedAccessMode(.enabled, recipientId: recipientId)
} }
private func verifyIdentityUpToDateAsync(recipientId: String, latestIdentityKey: Data) { private func verifyIdentityUpToDateAsync(recipientId: String, latestIdentityKey: Data) {
@ -215,46 +207,8 @@ public class ProfileFetcherJob: NSObject {
} }
} }
} }
}
@objc
public class SignalServiceProfile: NSObject {
public enum ValidationError: Error {
case invalid(description: String)
case invalidIdentityKey(description: String)
case invalidProfileName(description: String)
}
public let recipientId: String
public let identityKey: Data
public let profileNameEncrypted: Data?
public let avatarUrlPath: String?
public let unidentifiedAccessVerifier: Data?
public let hasUnrestrictedUnidentifiedAccess: Bool
init(recipientId: String, responseObject: Any?) throws {
self.recipientId = recipientId
guard let params = ParamParser(responseObject: responseObject) else {
throw ValidationError.invalid(description: "invalid response: \(String(describing: responseObject))")
}
let identityKeyWithType = try params.requiredBase64EncodedData(key: "identityKey")
let kIdentityKeyLength = 33
guard identityKeyWithType.count == kIdentityKeyLength else {
throw ValidationError.invalidIdentityKey(description: "malformed identity key \(identityKeyWithType.hexadecimalString) with decoded length: \(identityKeyWithType.count)")
}
// `removeKeyType` is an objc category method only on NSData, so temporarily cast.
self.identityKey = (identityKeyWithType as NSData).removeKeyType() as Data
self.profileNameEncrypted = try params.optionalBase64EncodedData(key: "name")
let avatarUrlPath: String? = try params.optional(key: "avatar")
self.avatarUrlPath = avatarUrlPath
self.unidentifiedAccessVerifier = try params.optionalBase64EncodedData(key: "unidentifiedAccess")
self.hasUnrestrictedUnidentifiedAccess = try params.optional(key: "unrestrictedUnidentifiedAccess") ?? false private func getUnidentifiedAccess(forRecipientId recipientId: RecipientIdentifier) -> SSKUnidentifiedAccess? {
return self.udManager.getAccess(forRecipientId: recipientId)?.targetUnidentifiedAccess
} }
} }

22
SignalServiceKit/src/Messages/OWSMessageSend.swift
Unescape Escape View File

@ -36,7 +36,7 @@ public class OWSMessageSend: NSObject {
public var hasUDAuthFailed = false public var hasUDAuthFailed = false
@objc @objc
public let udAccessKey: SMKUDAccessKey? public let unidentifiedAccess: SSKUnidentifiedAccess?
@objc @objc
public let localNumber: String public let localNumber: String
@ -44,9 +44,6 @@ public class OWSMessageSend: NSObject {
@objc @objc
public let isLocalNumber: Bool public let isLocalNumber: Bool
@objc
public let senderCertificate: SMKSenderCertificate?
@objc @objc
public let success: () -> Void public let success: () -> Void
@ -65,21 +62,16 @@ public class OWSMessageSend: NSObject {
self.message = message self.message = message
self.thread = thread self.thread = thread
self.recipient = recipient self.recipient = recipient
self.senderCertificate = senderCertificate self.localNumber = localNumber
var udAccessKey: SMKUDAccessKey?
var isLocalNumber: Bool = false
if let recipientId = recipient.uniqueId { if let recipientId = recipient.uniqueId {
udAccessKey = (udManager.supportsUnidentifiedDelivery(recipientId: recipientId) self.unidentifiedAccess = udManager.getAccess(forRecipientId: recipientId)?.targetUnidentifiedAccess
? udManager.udAccessKeyForRecipient(recipientId) self.isLocalNumber = localNumber == recipientId
: nil)
isLocalNumber = localNumber == recipientId
} else { } else {
owsFailDebug("SignalRecipient missing recipientId") owsFailDebug("SignalRecipient missing recipientId")
self.isLocalNumber = false
self.unidentifiedAccess = nil
} }
self.udAccessKey = udAccessKey
self.localNumber = localNumber
self.isLocalNumber = isLocalNumber
self.success = success self.success = success
self.failure = failure self.failure = failure
@ -87,6 +79,6 @@ public class OWSMessageSend: NSObject {
@objc @objc
public var isUDSend: Bool { public var isUDSend: Bool {
return (!hasUDAuthFailed && udAccessKey != nil && senderCertificate != nil) return (!hasUDAuthFailed && self.unidentifiedAccess != nil)
} }
} }

26
SignalServiceKit/src/Messages/OWSMessageSender.m
Unescape Escape View File

@ -998,12 +998,8 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException";
TSRequest *request = [OWSRequestFactory submitMessageRequestWithRecipient:recipient.uniqueId TSRequest *request = [OWSRequestFactory submitMessageRequestWithRecipient:recipient.uniqueId
messages:deviceMessages messages:deviceMessages
timeStamp:message.timestamp]; timeStamp:message.timestamp
unidentifiedAccess:messageSend.unidentifiedAccess];
if (messageSend.isUDSend) {
DDLogVerbose(@"UD send.");
[request useUDAuth:messageSend.udAccessKey];
}
OWSWebSocketType webSocketType = (messageSend.isUDSend ? OWSWebSocketTypeUD : OWSWebSocketTypeDefault); OWSWebSocketType webSocketType = (messageSend.isUDSend ? OWSWebSocketTypeUD : OWSWebSocketTypeDefault);
BOOL canMakeWebsocketRequests = ([TSSocketManager.shared canMakeRequestsOfType:webSocketType] && BOOL canMakeWebsocketRequests = ([TSSocketManager.shared canMakeRequestsOfType:webSocketType] &&
@ -1041,7 +1037,8 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException";
// //
// TODO: Do we want to discriminate based on exact error? // TODO: Do we want to discriminate based on exact error?
OWSLogDebug(@"UD send failed; failing over to non-UD send."); OWSLogDebug(@"UD send failed; failing over to non-UD send.");
[self.udManager setSupportsUnidentifiedDelivery:NO recipientId:recipient.uniqueId]; [self.udManager setUnidentifiedAccessMode:UnidentifiedAccessModeDisabled
recipientId:recipient.uniqueId];
messageSend.hasUDAuthFailed = YES; messageSend.hasUDAuthFailed = YES;
dispatch_async([OWSDispatch sendingQueue], ^{ dispatch_async([OWSDispatch sendingQueue], ^{
[self sendMessageToRecipient:messageSend]; [self sendMessageToRecipient:messageSend];
@ -1089,7 +1086,8 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException";
[SignalRecipient markRecipientAsRegisteredAndGet:recipient.recipientId transaction:transaction]; [SignalRecipient markRecipientAsRegisteredAndGet:recipient.recipientId transaction:transaction];
}]; }];
[self handleMessageSentLocally:messageSend.message senderCertificate:messageSend.senderCertificate]; [self handleMessageSentLocally:messageSend.message
senderCertificate:messageSend.unidentifiedAccess.senderCertificate];
messageSend.success(); messageSend.success();
}); });
} }
@ -1398,13 +1396,9 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException";
// To avoid deadlock, we need to ensure that our success/failure completions // To avoid deadlock, we need to ensure that our success/failure completions
// are called _off_ the main thread. Otherwise we'll deadlock if the main // are called _off_ the main thread. Otherwise we'll deadlock if the main
// thread is blocked on opening a transaction. // thread is blocked on opening a transaction.
TSRequest *request = TSRequest *request = [OWSRequestFactory recipientPrekeyRequestWithRecipient:recipientId
[OWSRequestFactory recipientPrekeyRequestWithRecipient:recipientId deviceId:[deviceId stringValue]]; deviceId:[deviceId stringValue]
unidentifiedAccess:messageSend.unidentifiedAccess];
if (messageSend.isUDSend) {
DDLogVerbose(@"UD prekey request.");
[request useUDAuth:messageSend.udAccessKey];
}
[self.networkManager makeRequest:request [self.networkManager makeRequest:request
completionQueue:dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0) completionQueue:dispatch_get_global_queue(DISPATCH_QUEUE_PRIORITY_DEFAULT, 0)
@ -1508,7 +1502,7 @@ NSString *const OWSMessageSenderRateLimitedException = @"RateLimitedException";
serializedMessage = [secretCipher encryptMessageWithRecipientId:recipientId serializedMessage = [secretCipher encryptMessageWithRecipientId:recipientId
deviceId:deviceId.intValue deviceId:deviceId.intValue
paddedPlaintext:[plainText paddedMessageBody] paddedPlaintext:[plainText paddedMessageBody]
senderCertificate:messageSend.senderCertificate senderCertificate:messageSend.unidentifiedAccess.senderCertificate
protocolContext:transaction protocolContext:transaction
error:&error]; error:&error];
messageType = TSUnidentifiedSenderMessageType; messageType = TSUnidentifiedSenderMessageType;

102
SignalServiceKit/src/Messages/UD/OWSUDManager.swift
Unescape Escape View File

@ -12,38 +12,45 @@ public enum OWSUDError: Error {
case invalidData(description: String) case invalidData(description: String)
} }
@objc
public enum UnidentifiedAccessMode: Int {
case unknown
case enabled
case disabled
case unrestricted
}
@objc public protocol OWSUDManager: class { @objc public protocol OWSUDManager: class {
@objc func setup() @objc func setup()
@objc func trustRoot() -> ECPublicKey @objc func trustRoot() -> ECPublicKey
// MARK: - Recipient state // MARK: - Recipient State
@objc func supportsUnidentifiedDelivery(recipientId: String) -> Bool @objc
func setUnidentifiedAccessMode(_ mode: UnidentifiedAccessMode, recipientId: String)
@objc func setSupportsUnidentifiedDelivery(_ value: Bool, recipientId: String) @objc
func getAccess(forRecipientId recipientId: RecipientIdentifier) -> SSKUnidentifiedAccessPair?
// Returns the UD access key for a given recipient if they are // Returns the UD access key for a given recipient if they are
// a UD recipient and we have a valid profile key for them. // a UD recipient and we have a valid profile key for them.
@objc func udAccessKeyForRecipient(_ recipientId: String) -> SMKUDAccessKey? @objc func udAccessKeyForRecipient(_ recipientId: RecipientIdentifier) -> SMKUDAccessKey?
// MARK: - Sender Certificate // MARK: - Local State
// MARK: Sender Certificate
// We use completion handlers instead of a promise so that message sending // We use completion handlers instead of a promise so that message sending
// logic can access the certificate data. // logic can access the strongly typed certificate data.
@objc func ensureSenderCertificateObjC(success:@escaping (SMKSenderCertificate) -> Void, @objc func ensureSenderCertificateObjC(success:@escaping (SMKSenderCertificate) -> Void,
failure:@escaping (Error) -> Void) failure:@escaping (Error) -> Void)
// MARK: - Unrestricted Access // MARK: Unrestricted Access
@objc func shouldAllowUnrestrictedAccessLocal() -> Bool @objc func shouldAllowUnrestrictedAccessLocal() -> Bool
@objc func setShouldAllowUnrestrictedAccessLocal(_ value: Bool) @objc func setShouldAllowUnrestrictedAccessLocal(_ value: Bool)
@objc func shouldAllowUnrestrictedAccess(recipientId: String) -> Bool
@objc func setShouldAllowUnrestrictedAccess(recipientId: String, shouldAllowUnrestrictedAccess: Bool)
} }
// MARK: - // MARK: -
@ -53,11 +60,13 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
private let dbConnection: YapDatabaseConnection private let dbConnection: YapDatabaseConnection
// MARK: Local Configuration State
private let kUDCollection = "kUDCollection" private let kUDCollection = "kUDCollection"
private let kUDCurrentSenderCertificateKey = "kUDCurrentSenderCertificateKey" private let kUDCurrentSenderCertificateKey = "kUDCurrentSenderCertificateKey"
private let kUDUnrestrictedAccessKey = "kUDUnrestrictedAccessKey" private let kUDUnrestrictedAccessKey = "kUDUnrestrictedAccessKey"
private let kUDRecipientModeCollection = "kUDRecipientModeCollection"
private let kUDUnrestrictedAccessCollection = "kUDUnrestrictedAccessCollection" // MARK: Recipient State
private let kUnidentifiedAccessCollection = "kUnidentifiedAccessCollection"
@objc @objc
public required init(primaryStorage: OWSPrimaryStorage) { public required init(primaryStorage: OWSPrimaryStorage) {
@ -101,26 +110,61 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
// MARK: - Recipient state // MARK: - Recipient state
@objc @objc
public func supportsUnidentifiedDelivery(recipientId: String) -> Bool { public func getAccess(forRecipientId recipientId: RecipientIdentifier) -> SSKUnidentifiedAccessPair? {
if tsAccountManager.localNumber() == recipientId { guard let theirAccessKey = self.udAccessKeyForRecipient(recipientId) else {
return true return nil
}
guard let ourSenderCertificate = self.senderCertificate() else {
return nil
} }
return dbConnection.bool(forKey: recipientId, inCollection: kUDRecipientModeCollection, defaultValue: false)
guard let ourAccessKey: SMKUDAccessKey = {
if self.shouldAllowUnrestrictedAccessLocal() {
return SMKUDAccessKey(randomKeyData: ())
} else {
guard let localNumber = self.tsAccountManager.localNumber() else {
owsFailDebug("localNumber was unexpectedly nil")
return nil
}
return self.udAccessKeyForRecipient(localNumber)
}
}() else {
return nil
}
let targetUnidentifiedAccess = SSKUnidentifiedAccess(accessKey: theirAccessKey, senderCertificate: ourSenderCertificate)
let selfUnidentifiedAccess = SSKUnidentifiedAccess(accessKey: ourAccessKey, senderCertificate: ourSenderCertificate)
return SSKUnidentifiedAccessPair(targetUnidentifiedAccess: targetUnidentifiedAccess,
selfUnidentifiedAccess: selfUnidentifiedAccess)
} }
@objc @objc
public func setSupportsUnidentifiedDelivery(_ value: Bool, recipientId: String) { private func unidentifiedAccessMode(recipientId: RecipientIdentifier) -> UnidentifiedAccessMode {
if value { if tsAccountManager.localNumber() == recipientId {
dbConnection.setBool(true, forKey: recipientId, inCollection: kUDRecipientModeCollection) if shouldAllowUnrestrictedAccessLocal() {
} else { return .unrestricted
dbConnection.removeObject(forKey: recipientId, inCollection: kUDRecipientModeCollection) } else {
return .enabled
}
}
guard let existingValue = dbConnection.object(forKey: recipientId, inCollection: kUnidentifiedAccessCollection) as? UnidentifiedAccessMode else {
return .unknown
} }
return existingValue
}
@objc
public func setUnidentifiedAccessMode(_ mode: UnidentifiedAccessMode, recipientId: String) {
dbConnection.setObject(mode, forKey: recipientId, inCollection: kUnidentifiedAccessCollection)
} }
// Returns the UD access key for a given recipient // Returns the UD access key for a given recipient
// if we have a valid profile key for them. // if we have a valid profile key for them.
@objc @objc
public func udAccessKeyForRecipient(_ recipientId: String) -> SMKUDAccessKey? { public func udAccessKeyForRecipient(_ recipientId: RecipientIdentifier) -> SMKUDAccessKey? {
guard let profileKey = profileManager.profileKeyData(forRecipientId: recipientId) else { guard let profileKey = profileManager.profileKeyData(forRecipientId: recipientId) else {
// Mark as "not a UD recipient". // Mark as "not a UD recipient".
return nil return nil
@ -251,14 +295,4 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
public func setShouldAllowUnrestrictedAccessLocal(_ value: Bool) { public func setShouldAllowUnrestrictedAccessLocal(_ value: Bool) {
dbConnection.setBool(value, forKey: kUDUnrestrictedAccessKey, inCollection: kUDCollection) dbConnection.setBool(value, forKey: kUDUnrestrictedAccessKey, inCollection: kUDCollection)
} }
@objc
public func shouldAllowUnrestrictedAccess(recipientId: String) -> Bool {
return dbConnection.bool(forKey: recipientId, inCollection: kUDUnrestrictedAccessCollection, defaultValue: false)
}
@objc
public func setShouldAllowUnrestrictedAccess(recipientId: String, shouldAllowUnrestrictedAccess: Bool) {
dbConnection.setBool(shouldAllowUnrestrictedAccess, forKey: recipientId, inCollection: kUDUnrestrictedAccessCollection)
}
} }

12
SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h
Unescape Escape View File

@ -7,6 +7,7 @@ NS_ASSUME_NONNULL_BEGIN
@class ECKeyPair; @class ECKeyPair;
@class OWSDevice; @class OWSDevice;
@class PreKeyRecord; @class PreKeyRecord;
@class SSKUnidentifiedAccess;
@class SignedPreKeyRecord; @class SignedPreKeyRecord;
@class TSRequest; @class TSRequest;
@ -35,7 +36,9 @@ typedef NS_ENUM(NSUInteger, TSVerificationTransport) { TSVerificationTransportVo
+ (TSRequest *)getMessagesRequest; + (TSRequest *)getMessagesRequest;
+ (TSRequest *)getProfileRequestWithRecipientId:(NSString *)recipientId; + (TSRequest *)getProfileRequestWithRecipientId:(NSString *)recipientId
unidentifiedAccess:(nullable SSKUnidentifiedAccess *)unidentifiedAccess
NS_SWIFT_NAME(getProfileRequest(recipientId:unidentifiedAccess:));
+ (TSRequest *)turnServerInfoRequest; + (TSRequest *)turnServerInfoRequest;
@ -58,7 +61,8 @@ typedef NS_ENUM(NSUInteger, TSVerificationTransport) { TSVerificationTransportVo
+ (TSRequest *)submitMessageRequestWithRecipient:(NSString *)recipientId + (TSRequest *)submitMessageRequestWithRecipient:(NSString *)recipientId
messages:(NSArray *)messages messages:(NSArray *)messages
timeStamp:(uint64_t)timeStamp; timeStamp:(uint64_t)timeStamp
unidentifiedAccess:(nullable SSKUnidentifiedAccess *)unidentifiedAccess;
+ (TSRequest *)verifyCodeRequestWithVerificationCode:(NSString *)verificationCode + (TSRequest *)verifyCodeRequestWithVerificationCode:(NSString *)verificationCode
forNumber:(NSString *)phoneNumber forNumber:(NSString *)phoneNumber
@ -72,7 +76,9 @@ typedef NS_ENUM(NSUInteger, TSVerificationTransport) { TSVerificationTransportVo
+ (TSRequest *)currentSignedPreKeyRequest; + (TSRequest *)currentSignedPreKeyRequest;
+ (TSRequest *)recipientPrekeyRequestWithRecipient:(NSString *)recipientNumber deviceId:(NSString *)deviceId; + (TSRequest *)recipientPrekeyRequestWithRecipient:(NSString *)recipientNumber
deviceId:(NSString *)deviceId
unidentifiedAccess:(nullable SSKUnidentifiedAccess *)unidentifiedAccess;
+ (TSRequest *)registerSignedPrekeyRequestWithSignedPreKeyRecord:(SignedPreKeyRecord *)signedPreKey; + (TSRequest *)registerSignedPrekeyRequestWithSignedPreKeyRecord:(SignedPreKeyRecord *)signedPreKey;

37
SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m
Unescape Escape View File

@ -124,11 +124,16 @@ NS_ASSUME_NONNULL_BEGIN
} }
+ (TSRequest *)getProfileRequestWithRecipientId:(NSString *)recipientId + (TSRequest *)getProfileRequestWithRecipientId:(NSString *)recipientId
unidentifiedAccess:(nullable SSKUnidentifiedAccess *)unidentifiedAccess
{ {
OWSAssertDebug(recipientId.length > 0); OWSAssertDebug(recipientId.length > 0);
NSString *path = [NSString stringWithFormat:textSecureProfileAPIFormat, recipientId]; NSString *path = [NSString stringWithFormat:textSecureProfileAPIFormat, recipientId];
return [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"GET" parameters:@{}]; TSRequest *request = [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"GET" parameters:@{}];
if (unidentifiedAccess != nil) {
[self useUDAuthWithRequest:request accessKey:unidentifiedAccess.accessKey];
}
return request;
} }
+ (TSRequest *)turnServerInfoRequest + (TSRequest *)turnServerInfoRequest
@ -181,13 +186,20 @@ NS_ASSUME_NONNULL_BEGIN
return [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"GET" parameters:@{}]; return [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"GET" parameters:@{}];
} }
+ (TSRequest *)recipientPrekeyRequestWithRecipient:(NSString *)recipientNumber deviceId:(NSString *)deviceId + (TSRequest *)recipientPrekeyRequestWithRecipient:(NSString *)recipientNumber
deviceId:(NSString *)deviceId
unidentifiedAccess:(nullable SSKUnidentifiedAccess *)unidentifiedAccess;
{ {
OWSAssertDebug(recipientNumber.length > 0); OWSAssertDebug(recipientNumber.length > 0);
OWSAssertDebug(deviceId.length > 0); OWSAssertDebug(deviceId.length > 0);
NSString *path = [NSString stringWithFormat:@"%@/%@/%@", textSecureKeysAPI, recipientNumber, deviceId]; NSString *path = [NSString stringWithFormat:@"%@/%@/%@", textSecureKeysAPI, recipientNumber, deviceId];
return [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"GET" parameters:@{}];
TSRequest *request = [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"GET" parameters:@{}];
if (unidentifiedAccess != nil) {
[self useUDAuthWithRequest:request accessKey:unidentifiedAccess.accessKey];
}
return request;
} }
+ (TSRequest *)registerForPushRequestWithPushIdentifier:(NSString *)identifier voipIdentifier:(NSString *)voipId + (TSRequest *)registerForPushRequestWithPushIdentifier:(NSString *)identifier voipIdentifier:(NSString *)voipId
@ -316,6 +328,7 @@ NS_ASSUME_NONNULL_BEGIN
+ (TSRequest *)submitMessageRequestWithRecipient:(NSString *)recipientId + (TSRequest *)submitMessageRequestWithRecipient:(NSString *)recipientId
messages:(NSArray *)messages messages:(NSArray *)messages
timeStamp:(uint64_t)timeStamp timeStamp:(uint64_t)timeStamp
unidentifiedAccess:(nullable SSKUnidentifiedAccess *)unidentifiedAccess
{ {
// NOTE: messages may be empty; See comments in OWSDeviceManager. // NOTE: messages may be empty; See comments in OWSDeviceManager.
OWSAssertDebug(recipientId.length > 0); OWSAssertDebug(recipientId.length > 0);
@ -327,7 +340,11 @@ NS_ASSUME_NONNULL_BEGIN
@"timestamp" : @(timeStamp), @"timestamp" : @(timeStamp),
}; };
return [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"PUT" parameters:parameters]; TSRequest *request = [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"PUT" parameters:parameters];
if (unidentifiedAccess != nil) {
[self useUDAuthWithRequest:request accessKey:unidentifiedAccess.accessKey];
}
return request;
} }
+ (TSRequest *)registerSignedPrekeyRequestWithSignedPreKeyRecord:(SignedPreKeyRecord *)signedPreKey + (TSRequest *)registerSignedPrekeyRequestWithSignedPreKeyRecord:(SignedPreKeyRecord *)signedPreKey
@ -462,6 +479,18 @@ NS_ASSUME_NONNULL_BEGIN
return [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"GET" parameters:@{}]; return [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"GET" parameters:@{}];
} }
+ (void)useUDAuthWithRequest:(TSRequest *)request accessKey:(SMKUDAccessKey *)udAccessKey
{
OWSAssertDebug(request);
OWSAssertDebug(udAccessKey);
// Suppress normal auth headers.
request.shouldHaveAuthorizationHeaders = NO;
// Add UD auth header.
[request setValue:[udAccessKey.keyData base64EncodedString] forHTTPHeaderField:@"Unidentified-Access-Key"];
}
@end @end
NS_ASSUME_NONNULL_END NS_ASSUME_NONNULL_END

4
SignalServiceKit/src/Network/API/Requests/TSRequest.h
Unescape Escape View File

@ -28,8 +28,4 @@
method:(NSString *)method method:(NSString *)method
parameters:(nullable NSDictionary<NSString *, id> *)parameters; parameters:(nullable NSDictionary<NSString *, id> *)parameters;
#pragma mark - UD
- (void)useUDAuth:(SMKUDAccessKey *)udAccessKey;
@end @end

12
SignalServiceKit/src/Network/API/Requests/TSRequest.m
Unescape Escape View File

@ -112,16 +112,4 @@
} }
} }
#pragma mark - UD
- (void)useUDAuth:(SMKUDAccessKey *)udAccessKey
{
OWSAssertDebug(udAccessKey);
// Suppress normal auth headers.
self.shouldHaveAuthorizationHeaders = NO;
// Add UD auth header.
[self setValue:[udAccessKey.keyData base64EncodedString] forHTTPHeaderField:@"Unidentified-Access-Key"];
}
@end @end

47
SignalServiceKit/src/Network/API/SignalServiceProfile.swift
Unescape Escape View File

@ -0,0 +1,47 @@
//
// Copyright (c) 2018 Open Whisper Systems. All rights reserved.
//
import Foundation
@objc
public class SignalServiceProfile: NSObject {
public enum ValidationError: Error {
case invalid(description: String)
case invalidIdentityKey(description: String)
case invalidProfileName(description: String)
}
public let recipientId: String
public let identityKey: Data
public let profileNameEncrypted: Data?
public let avatarUrlPath: String?
public let unidentifiedAccessVerifier: Data?
public let hasUnrestrictedUnidentifiedAccess: Bool
public init(recipientId: String, responseObject: Any?) throws {
self.recipientId = recipientId
guard let params = ParamParser(responseObject: responseObject) else {
throw ValidationError.invalid(description: "invalid response: \(String(describing: responseObject))")
}
let identityKeyWithType = try params.requiredBase64EncodedData(key: "identityKey")
let kIdentityKeyLength = 33
guard identityKeyWithType.count == kIdentityKeyLength else {
throw ValidationError.invalidIdentityKey(description: "malformed identity key \(identityKeyWithType.hexadecimalString) with decoded length: \(identityKeyWithType.count)")
}
// `removeKeyType` is an objc category method only on NSData, so temporarily cast.
self.identityKey = (identityKeyWithType as NSData).removeKeyType() as Data
self.profileNameEncrypted = try params.optionalBase64EncodedData(key: "name")
let avatarUrlPath: String? = try params.optional(key: "avatar")
self.avatarUrlPath = avatarUrlPath
self.unidentifiedAccessVerifier = try params.optionalBase64EncodedData(key: "unidentifiedAccess")
self.hasUnrestrictedUnidentifiedAccess = try params.optional(key: "unrestrictedUnidentifiedAccess") ?? false
}
}

17
SignalServiceKit/src/Network/SignalServiceClient.swift
Unescape Escape View File

@ -4,13 +4,17 @@
import Foundation import Foundation
import PromiseKit import PromiseKit
import SignalMetadataKit
protocol SignalServiceClient { public typealias RecipientIdentifier = String
public protocol SignalServiceClient {
func getAvailablePreKeys() -> Promise<Int> func getAvailablePreKeys() -> Promise<Int>
func registerPreKeys(identityKey: IdentityKey, signedPreKeyRecord: SignedPreKeyRecord, preKeyRecords: [PreKeyRecord]) -> Promise<Void> func registerPreKeys(identityKey: IdentityKey, signedPreKeyRecord: SignedPreKeyRecord, preKeyRecords: [PreKeyRecord]) -> Promise<Void>
func setCurrentSignedPreKey(_ signedPreKey: SignedPreKeyRecord) -> Promise<Void> func setCurrentSignedPreKey(_ signedPreKey: SignedPreKeyRecord) -> Promise<Void>
func requestUDSenderCertificate() -> Promise<Data> func requestUDSenderCertificate() -> Promise<Data>
func updateAcountAttributes() -> Promise<Void> func updateAcountAttributes() -> Promise<Void>
func retrieveProfile(recipientId: RecipientIdentifier, unidentifiedAccess: SSKUnidentifiedAccess?) -> Promise<SignalServiceProfile>
} }
/// Based on libsignal-service-java's PushServiceSocket class /// Based on libsignal-service-java's PushServiceSocket class
@ -25,7 +29,7 @@ public class SignalServiceRestClient: NSObject, SignalServiceClient {
return OWSErrorMakeUnableToProcessServerResponseError() return OWSErrorMakeUnableToProcessServerResponseError()
} }
func getAvailablePreKeys() -> Promise<Int> { public func getAvailablePreKeys() -> Promise<Int> {
Logger.debug("") Logger.debug("")
let request = OWSRequestFactory.availablePreKeysCountRequest() let request = OWSRequestFactory.availablePreKeysCountRequest()
@ -41,7 +45,7 @@ public class SignalServiceRestClient: NSObject, SignalServiceClient {
} }
} }
func registerPreKeys(identityKey: IdentityKey, signedPreKeyRecord: SignedPreKeyRecord, preKeyRecords: [PreKeyRecord]) -> Promise<Void> { public func registerPreKeys(identityKey: IdentityKey, signedPreKeyRecord: SignedPreKeyRecord, preKeyRecords: [PreKeyRecord]) -> Promise<Void> {
Logger.debug("") Logger.debug("")
let request = OWSRequestFactory.registerPrekeysRequest(withPrekeyArray: preKeyRecords, identityKey: identityKey, signedPreKey: signedPreKeyRecord) let request = OWSRequestFactory.registerPrekeysRequest(withPrekeyArray: preKeyRecords, identityKey: identityKey, signedPreKey: signedPreKeyRecord)
@ -83,4 +87,11 @@ public class SignalServiceRestClient: NSObject, SignalServiceClient {
}) })
return promise return promise
} }
public func retrieveProfile(recipientId: RecipientIdentifier, unidentifiedAccess: SSKUnidentifiedAccess?) -> Promise<SignalServiceProfile> {
let request = OWSRequestFactory.getProfileRequest(recipientId: recipientId, unidentifiedAccess: unidentifiedAccess)
return networkManager.makePromise(request: request).then { (task: URLSessionDataTask, responseObject: Any?) in
return try SignalServiceProfile(recipientId: recipientId, responseObject: responseObject)
}
}
} }

31
SignalServiceKit/src/Network/UnidentifiedAccess.swift
Unescape Escape View File

@ -0,0 +1,31 @@
//
// Copyright (c) 2018 Open Whisper Systems. All rights reserved.
//
import Foundation
import SignalMetadataKit
@objc
public class SSKUnidentifiedAccessPair: NSObject {
public let targetUnidentifiedAccess: SSKUnidentifiedAccess
public let selfUnidentifiedAccess: SSKUnidentifiedAccess
init(targetUnidentifiedAccess: SSKUnidentifiedAccess, selfUnidentifiedAccess: SSKUnidentifiedAccess) {
self.targetUnidentifiedAccess = targetUnidentifiedAccess
self.selfUnidentifiedAccess = selfUnidentifiedAccess
}
}
@objc
public class SSKUnidentifiedAccess: NSObject {
@objc
let accessKey: SMKUDAccessKey
@objc
let senderCertificate: SMKSenderCertificate
init(accessKey: SMKUDAccessKey, senderCertificate: SMKSenderCertificate) {
self.accessKey = accessKey
self.senderCertificate = senderCertificate
}
}
Write Preview
Loading…
Cancel
Save