|
|
|
@ -65,7 +65,7 @@ private func string(forUnidentifiedAccessMode mode: UnidentifiedAccessMode) -> S
|
|
|
|
// We use completion handlers instead of a promise so that message sending
|
|
|
|
// We use completion handlers instead of a promise so that message sending
|
|
|
|
// logic can access the strongly typed certificate data.
|
|
|
|
// logic can access the strongly typed certificate data.
|
|
|
|
@objc
|
|
|
|
@objc
|
|
|
|
func ensureSenderCertificateObjC(success:@escaping (SMKSenderCertificate) -> Void,
|
|
|
|
func trywrapped_ensureSenderCertificate(success:@escaping (SMKSenderCertificate) -> Void,
|
|
|
|
failure:@escaping (Error) -> Void)
|
|
|
|
failure:@escaping (Error) -> Void)
|
|
|
|
|
|
|
|
|
|
|
|
// MARK: Unrestricted Access
|
|
|
|
// MARK: Unrestricted Access
|
|
|
|
@ -109,7 +109,9 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
|
|
|
|
guard TSAccountManager.isRegistered() else {
|
|
|
|
guard TSAccountManager.isRegistered() else {
|
|
|
|
return
|
|
|
|
return
|
|
|
|
}
|
|
|
|
}
|
|
|
|
self.ensureSenderCertificate().retainUntilComplete()
|
|
|
|
|
|
|
|
|
|
|
|
// Any error is silently ignored on startup.
|
|
|
|
|
|
|
|
self.trywrapped_ensureSenderCertificate().retainUntilComplete()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
NotificationCenter.default.addObserver(self,
|
|
|
|
NotificationCenter.default.addObserver(self,
|
|
|
|
selector: #selector(registrationStateDidChange),
|
|
|
|
selector: #selector(registrationStateDidChange),
|
|
|
|
@ -121,7 +123,8 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
|
|
|
|
func registrationStateDidChange() {
|
|
|
|
func registrationStateDidChange() {
|
|
|
|
AssertIsOnMainThread()
|
|
|
|
AssertIsOnMainThread()
|
|
|
|
|
|
|
|
|
|
|
|
ensureSenderCertificate().retainUntilComplete()
|
|
|
|
// Any error is silently ignored
|
|
|
|
|
|
|
|
trywrapped_ensureSenderCertificate().retainUntilComplete()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// MARK: -
|
|
|
|
// MARK: -
|
|
|
|
@ -263,12 +266,12 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
|
|
|
|
|
|
|
|
|
|
|
|
#if DEBUG
|
|
|
|
#if DEBUG
|
|
|
|
@objc
|
|
|
|
@objc
|
|
|
|
public func hasSenderCertificate() -> Bool {
|
|
|
|
public func trywrapped_hasSenderCertificate() -> Bool {
|
|
|
|
return senderCertificate() != nil
|
|
|
|
return trywrapped_senderCertificate() != nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
#endif
|
|
|
|
#endif
|
|
|
|
|
|
|
|
|
|
|
|
private func senderCertificate() -> SMKSenderCertificate? {
|
|
|
|
private func trywrapped_senderCertificate() -> SMKSenderCertificate? {
|
|
|
|
guard let certificateData = dbConnection.object(forKey: senderCertificateKey(), inCollection: kUDCollection) as? Data else {
|
|
|
|
guard let certificateData = dbConnection.object(forKey: senderCertificateKey(), inCollection: kUDCollection) as? Data else {
|
|
|
|
return nil
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -276,7 +279,7 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
|
|
|
|
do {
|
|
|
|
do {
|
|
|
|
let certificate = try SMKSenderCertificate.parse(data: certificateData)
|
|
|
|
let certificate = try SMKSenderCertificate.parse(data: certificateData)
|
|
|
|
|
|
|
|
|
|
|
|
guard isValidCertificate(certificate) else {
|
|
|
|
guard trywrapped_isValidCertificate(certificate) else {
|
|
|
|
Logger.warn("Current sender certificate is not valid.")
|
|
|
|
Logger.warn("Current sender certificate is not valid.")
|
|
|
|
return nil
|
|
|
|
return nil
|
|
|
|
}
|
|
|
|
}
|
|
|
|
@ -297,10 +300,10 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@objc
|
|
|
|
@objc
|
|
|
|
public func ensureSenderCertificateObjC(success:@escaping (SMKSenderCertificate) -> Void,
|
|
|
|
public func trywrapped_ensureSenderCertificate(success:@escaping (SMKSenderCertificate) -> Void,
|
|
|
|
failure:@escaping (Error) -> Void) {
|
|
|
|
failure:@escaping (Error) -> Void) {
|
|
|
|
firstly {
|
|
|
|
firstly {
|
|
|
|
ensureSenderCertificate()
|
|
|
|
trywrapped_ensureSenderCertificate()
|
|
|
|
}.map { certificate in
|
|
|
|
}.map { certificate in
|
|
|
|
success(certificate)
|
|
|
|
success(certificate)
|
|
|
|
}.catch { error in
|
|
|
|
}.catch { error in
|
|
|
|
@ -308,15 +311,15 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
|
|
|
|
}.retainUntilComplete()
|
|
|
|
}.retainUntilComplete()
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
public func ensureSenderCertificate() -> Promise<SMKSenderCertificate> {
|
|
|
|
public func trywrapped_ensureSenderCertificate() -> Promise<SMKSenderCertificate> {
|
|
|
|
// If there is a valid cached sender certificate, use that.
|
|
|
|
// If there is a valid cached sender certificate, use that.
|
|
|
|
if let certificate = senderCertificate() {
|
|
|
|
if let certificate = trywrapped_senderCertificate() {
|
|
|
|
return Promise.value(certificate)
|
|
|
|
return Promise.value(certificate)
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
// Try to obtain a new sender certificate.
|
|
|
|
// Try to obtain a new sender certificate.
|
|
|
|
return firstly {
|
|
|
|
return firstly {
|
|
|
|
requestSenderCertificate()
|
|
|
|
trywrapped_requestSenderCertificate()
|
|
|
|
}.map { (certificateData: Data, certificate: SMKSenderCertificate) in
|
|
|
|
}.map { (certificateData: Data, certificate: SMKSenderCertificate) in
|
|
|
|
|
|
|
|
|
|
|
|
// Cache the current sender certificate.
|
|
|
|
// Cache the current sender certificate.
|
|
|
|
@ -326,13 +329,13 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private func requestSenderCertificate() -> Promise<(certificateData: Data, certificate: SMKSenderCertificate)> {
|
|
|
|
private func trywrapped_requestSenderCertificate() -> Promise<(certificateData: Data, certificate: SMKSenderCertificate)> {
|
|
|
|
return firstly {
|
|
|
|
return firstly {
|
|
|
|
SignalServiceRestClient().requestUDSenderCertificate()
|
|
|
|
SignalServiceRestClient().requestUDSenderCertificate()
|
|
|
|
}.map { certificateData -> (certificateData: Data, certificate: SMKSenderCertificate) in
|
|
|
|
}.map { certificateData -> (certificateData: Data, certificate: SMKSenderCertificate) in
|
|
|
|
let certificate = try SMKSenderCertificate.parse(data: certificateData)
|
|
|
|
let certificate = try SMKSenderCertificate.parse(data: certificateData)
|
|
|
|
|
|
|
|
|
|
|
|
guard self.isValidCertificate(certificate) else {
|
|
|
|
guard self.trywrapped_isValidCertificate(certificate) else {
|
|
|
|
throw OWSUDError.invalidData(description: "Invalid sender certificate returned by server")
|
|
|
|
throw OWSUDError.invalidData(description: "Invalid sender certificate returned by server")
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
@ -340,7 +343,7 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
|
|
private func isValidCertificate(_ certificate: SMKSenderCertificate) -> Bool {
|
|
|
|
private func trywrapped_isValidCertificate(_ certificate: SMKSenderCertificate) -> Bool {
|
|
|
|
// Ensure that the certificate will not expire in the next hour.
|
|
|
|
// Ensure that the certificate will not expire in the next hour.
|
|
|
|
// We want a threshold long enough to ensure that any outgoing message
|
|
|
|
// We want a threshold long enough to ensure that any outgoing message
|
|
|
|
// sends will complete before the expiration.
|
|
|
|
// sends will complete before the expiration.
|
|
|
|
@ -348,7 +351,7 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
|
|
|
|
let anHourFromNowMs = nowMs + kHourInMs
|
|
|
|
let anHourFromNowMs = nowMs + kHourInMs
|
|
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
do {
|
|
|
|
try certificateValidator.validate(senderCertificate: certificate, validationTime: anHourFromNowMs)
|
|
|
|
try certificateValidator.trywrapped_validate(senderCertificate: certificate, validationTime: anHourFromNowMs)
|
|
|
|
return true
|
|
|
|
return true
|
|
|
|
} catch {
|
|
|
|
} catch {
|
|
|
|
OWSLogger.error("Invalid certificate")
|
|
|
|
OWSLogger.error("Invalid certificate")
|
|
|
|
|
Michael Kirk
7 years ago