From dbe635f721ccd89b3d8f36f63a0f0f3e73685453 Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Wed, 24 Oct 2018 20:25:17 -0400 Subject: [PATCH] Try random UD access keys in profile gets. --- .../profiles/ProfileFetcherJob.swift | 30 +++++++++++-- .../src/Messages/OWSMessageSend.swift | 2 +- .../src/Messages/UD/OWSUDManager.swift | 43 +++++++++---------- .../src/Network/UnidentifiedAccess.swift | 11 ----- 4 files changed, 49 insertions(+), 37 deletions(-) diff --git a/SignalMessaging/profiles/ProfileFetcherJob.swift b/SignalMessaging/profiles/ProfileFetcherJob.swift index 7d4830e1a..5955fa13c 100644 --- a/SignalMessaging/profiles/ProfileFetcherJob.swift +++ b/SignalMessaging/profiles/ProfileFetcherJob.swift @@ -134,7 +134,29 @@ public class ProfileFetcherJob: NSObject { Logger.error("getProfile: \(recipientId)") - let unidentifiedAccess: SSKUnidentifiedAccess? = self.getUnidentifiedAccess(forRecipientId: recipientId) + // If we are in unknown mode, try using a random UD access key + // in case they support unrestricted access. + if self.udManager.unidentifiedAccessMode(recipientId: recipientId) == .unknown, + let randomUnidentifiedAccess = self.udManager.getRandomAccess() { + return requestProfile(recipientId: recipientId, + unidentifiedAccess: randomUnidentifiedAccess) + .recover { (_: Error) -> Promise in + Logger.verbose("Failing over to non-random access.") + let unidentifiedAccess = self.getUnidentifiedAccess(forRecipientId: recipientId) + return self.requestProfile(recipientId: recipientId, + unidentifiedAccess: unidentifiedAccess) + } + } else { + let unidentifiedAccess = getUnidentifiedAccess(forRecipientId: recipientId) + return requestProfile(recipientId: recipientId, + unidentifiedAccess: unidentifiedAccess) + } + } + + private func requestProfile(recipientId: String, + unidentifiedAccess: SSKUnidentifiedAccess?) -> Promise { + AssertIsOnMainThread() + let requestMaker = RequestMaker(requestFactoryBlock: { (unidentifiedAccessForRequest) -> TSRequest in return OWSRequestFactory.getProfileRequest(recipientId: recipientId, unidentifiedAccess: unidentifiedAccessForRequest) }, udAuthFailureBlock: { @@ -158,7 +180,9 @@ public class ProfileFetcherJob: NSObject { profileNameEncrypted: signalServiceProfile.profileNameEncrypted, avatarUrlPath: signalServiceProfile.avatarUrlPath) - updateUnidentifiedAccess(recipientId: recipientId, verifier: signalServiceProfile.unidentifiedAccessVerifier, hasUnrestrictedAccess: signalServiceProfile.hasUnrestrictedUnidentifiedAccess) + updateUnidentifiedAccess(recipientId: recipientId, + verifier: signalServiceProfile.unidentifiedAccessVerifier, + hasUnrestrictedAccess: signalServiceProfile.hasUnrestrictedUnidentifiedAccess) } private func updateUnidentifiedAccess(recipientId: String, verifier: Data?, hasUnrestrictedAccess: Bool) { @@ -207,6 +231,6 @@ public class ProfileFetcherJob: NSObject { } private func getUnidentifiedAccess(forRecipientId recipientId: RecipientIdentifier) -> SSKUnidentifiedAccess? { - return self.udManager.getAccess(forRecipientId: recipientId)?.targetUnidentifiedAccess + return self.udManager.getAccess(forRecipientId: recipientId) } } diff --git a/SignalServiceKit/src/Messages/OWSMessageSend.swift b/SignalServiceKit/src/Messages/OWSMessageSend.swift index 6832f53ee..93d07cb63 100644 --- a/SignalServiceKit/src/Messages/OWSMessageSend.swift +++ b/SignalServiceKit/src/Messages/OWSMessageSend.swift @@ -61,7 +61,7 @@ public class OWSMessageSend: NSObject { self.localNumber = localNumber if let recipientId = recipient.uniqueId { - self.unidentifiedAccess = udManager.getAccess(forRecipientId: recipientId)?.targetUnidentifiedAccess + self.unidentifiedAccess = udManager.getAccess(forRecipientId: recipientId) self.isLocalNumber = localNumber == recipientId } else { owsFailDebug("SignalRecipient missing recipientId") diff --git a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift index 8718a14e5..a4c7346ba 100644 --- a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift +++ b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift @@ -34,7 +34,13 @@ public enum UnidentifiedAccessMode: Int { func setUnidentifiedAccessMode(_ mode: UnidentifiedAccessMode, recipientId: String) @objc - func getAccess(forRecipientId recipientId: RecipientIdentifier) -> SSKUnidentifiedAccessPair? + func getRandomAccess() -> SSKUnidentifiedAccess? + + @objc + func getAccess(forRecipientId recipientId: RecipientIdentifier) -> SSKUnidentifiedAccess? + + @objc + func unidentifiedAccessMode(recipientId: RecipientIdentifier) -> UnidentifiedAccessMode // Returns the UD access key for a given recipient if: // @@ -124,7 +130,18 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { // MARK: - Recipient state @objc - public func getAccess(forRecipientId recipientId: RecipientIdentifier) -> SSKUnidentifiedAccessPair? { + public func getRandomAccess() -> SSKUnidentifiedAccess? { + guard let ourSenderCertificate = senderCertificate() else { + return nil + } + + let theirAccessKey = SMKUDAccessKey(randomKeyData: ()) + + return SSKUnidentifiedAccess(accessKey: theirAccessKey, senderCertificate: ourSenderCertificate) + } + + @objc + public func getAccess(forRecipientId recipientId: RecipientIdentifier) -> SSKUnidentifiedAccess? { let theirAccessMode = unidentifiedAccessMode(recipientId: recipientId) guard theirAccessMode == .enabled || theirAccessMode == .unrestricted else { return nil @@ -138,29 +155,11 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { return nil } - guard let ourAccessKey: SMKUDAccessKey = { - if shouldAllowUnrestrictedAccessLocal() { - return SMKUDAccessKey(randomKeyData: ()) - } else { - guard let localNumber = tsAccountManager.localNumber() else { - owsFailDebug("localNumber was unexpectedly nil") - return nil - } - - return enabledUDAccessKeyForRecipient(localNumber) - } - }() else { - return nil - } - - let targetUnidentifiedAccess = SSKUnidentifiedAccess(accessKey: theirAccessKey, senderCertificate: ourSenderCertificate) - let selfUnidentifiedAccess = SSKUnidentifiedAccess(accessKey: ourAccessKey, senderCertificate: ourSenderCertificate) - return SSKUnidentifiedAccessPair(targetUnidentifiedAccess: targetUnidentifiedAccess, - selfUnidentifiedAccess: selfUnidentifiedAccess) + return SSKUnidentifiedAccess(accessKey: theirAccessKey, senderCertificate: ourSenderCertificate) } @objc - func unidentifiedAccessMode(recipientId: RecipientIdentifier) -> UnidentifiedAccessMode { + public func unidentifiedAccessMode(recipientId: RecipientIdentifier) -> UnidentifiedAccessMode { guard let existingRawValue = dbConnection.object(forKey: recipientId, inCollection: kUnidentifiedAccessCollection) as? Int else { return .unknown } diff --git a/SignalServiceKit/src/Network/UnidentifiedAccess.swift b/SignalServiceKit/src/Network/UnidentifiedAccess.swift index e4ae99fc8..48d7b8b4d 100644 --- a/SignalServiceKit/src/Network/UnidentifiedAccess.swift +++ b/SignalServiceKit/src/Network/UnidentifiedAccess.swift @@ -5,17 +5,6 @@ import Foundation import SignalMetadataKit -@objc -public class SSKUnidentifiedAccessPair: NSObject { - public let targetUnidentifiedAccess: SSKUnidentifiedAccess - public let selfUnidentifiedAccess: SSKUnidentifiedAccess - - init(targetUnidentifiedAccess: SSKUnidentifiedAccess, selfUnidentifiedAccess: SSKUnidentifiedAccess) { - self.targetUnidentifiedAccess = targetUnidentifiedAccess - self.selfUnidentifiedAccess = selfUnidentifiedAccess - } -} - @objc public class SSKUnidentifiedAccess: NSObject { @objc