mirror of https://github.com/oxen-io/session-ios
You cannot select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
538 lines
21 KiB
Swift
538 lines
21 KiB
Swift
//
|
|
// Copyright (c) 2019 Open Whisper Systems. All rights reserved.
|
|
//
|
|
|
|
import Foundation
|
|
import SignalCoreKit
|
|
|
|
@objc(OWSLegacyContactDiscoveryOperation)
|
|
public class LegacyContactDiscoveryBatchOperation: OWSOperation {
|
|
|
|
@objc
|
|
public var registeredRecipientIds: Set<String>
|
|
|
|
private let recipientIdsToLookup: [String]
|
|
private var networkManager: TSNetworkManager {
|
|
return TSNetworkManager.shared()
|
|
}
|
|
|
|
// MARK: Initializers
|
|
|
|
@objc
|
|
public required init(recipientIdsToLookup: [String]) {
|
|
self.recipientIdsToLookup = recipientIdsToLookup
|
|
self.registeredRecipientIds = Set()
|
|
|
|
super.init()
|
|
|
|
Logger.debug("with recipientIdsToLookup: \(recipientIdsToLookup.count)")
|
|
}
|
|
|
|
// MARK: OWSOperation Overrides
|
|
|
|
// Called every retry, this is where the bulk of the operation's work should go.
|
|
override public func run() {
|
|
Logger.debug("")
|
|
|
|
guard !isCancelled else {
|
|
Logger.info("no work to do, since we were canceled")
|
|
self.reportCancelled()
|
|
return
|
|
}
|
|
|
|
var phoneNumbersByHashes: [String: String] = [:]
|
|
|
|
for recipientId in recipientIdsToLookup {
|
|
guard let hash = Cryptography.truncatedSHA1Base64EncodedWithoutPadding(recipientId) else {
|
|
owsFailDebug("could not hash recipient id: \(recipientId)")
|
|
continue
|
|
}
|
|
assert(phoneNumbersByHashes[hash] == nil)
|
|
phoneNumbersByHashes[hash] = recipientId
|
|
}
|
|
|
|
let hashes: [String] = Array(phoneNumbersByHashes.keys)
|
|
|
|
let request = OWSRequestFactory.contactsIntersectionRequest(withHashesArray: hashes)
|
|
|
|
self.networkManager.makeRequest(request,
|
|
success: { (task, responseDict) in
|
|
do {
|
|
self.registeredRecipientIds = try self.parse(response: responseDict, phoneNumbersByHashes: phoneNumbersByHashes)
|
|
self.reportSuccess()
|
|
} catch {
|
|
self.reportError(error)
|
|
}
|
|
},
|
|
failure: { (task, error) in
|
|
guard let response = task.response as? HTTPURLResponse else {
|
|
let responseError: NSError = OWSErrorMakeUnableToProcessServerResponseError() as NSError
|
|
responseError.isRetryable = true
|
|
self.reportError(responseError)
|
|
return
|
|
}
|
|
|
|
guard response.statusCode != 413 else {
|
|
let rateLimitError = OWSErrorWithCodeDescription(OWSErrorCode.contactsUpdaterRateLimit, "Contacts Intersection Rate Limit")
|
|
self.reportError(rateLimitError)
|
|
return
|
|
}
|
|
|
|
self.reportError(error)
|
|
})
|
|
}
|
|
|
|
// Called at most one time.
|
|
override public func didSucceed() {
|
|
// Compare against new CDS service
|
|
let modernCDSOperation = CDSOperation(recipientIdsToLookup: self.recipientIdsToLookup)
|
|
let cdsFeedbackOperation = CDSFeedbackOperation(legacyRegisteredRecipientIds: self.registeredRecipientIds)
|
|
cdsFeedbackOperation.addDependency(modernCDSOperation)
|
|
|
|
let operations = modernCDSOperation.dependencies + [modernCDSOperation, cdsFeedbackOperation]
|
|
CDSOperation.operationQueue.addOperations(operations, waitUntilFinished: false)
|
|
}
|
|
|
|
// MARK: Private Helpers
|
|
|
|
private func parse(response: Any?, phoneNumbersByHashes: [String: String]) throws -> Set<String> {
|
|
|
|
guard let responseDict = response as? [String: AnyObject] else {
|
|
let responseError: NSError = OWSErrorMakeUnableToProcessServerResponseError() as NSError
|
|
responseError.isRetryable = true
|
|
|
|
throw responseError
|
|
}
|
|
|
|
guard let contactDicts = responseDict["contacts"] as? [[String: AnyObject]] else {
|
|
let responseError: NSError = OWSErrorMakeUnableToProcessServerResponseError() as NSError
|
|
responseError.isRetryable = true
|
|
|
|
throw responseError
|
|
}
|
|
|
|
var registeredRecipientIds: Set<String> = Set()
|
|
|
|
for contactDict in contactDicts {
|
|
guard let hash = contactDict["token"] as? String, hash.count > 0 else {
|
|
owsFailDebug("hash was unexpectedly nil")
|
|
continue
|
|
}
|
|
|
|
guard let recipientId = phoneNumbersByHashes[hash], recipientId.count > 0 else {
|
|
owsFailDebug("recipientId was unexpectedly nil")
|
|
continue
|
|
}
|
|
|
|
guard recipientIdsToLookup.contains(recipientId) else {
|
|
owsFailDebug("unexpected recipientId")
|
|
continue
|
|
}
|
|
|
|
registeredRecipientIds.insert(recipientId)
|
|
}
|
|
|
|
return registeredRecipientIds
|
|
}
|
|
|
|
}
|
|
|
|
enum ContactDiscoveryError: Error {
|
|
case parseError(description: String)
|
|
case assertionError(description: String)
|
|
case clientError(underlyingError: Error)
|
|
case serverError(underlyingError: Error)
|
|
}
|
|
|
|
@objc(OWSCDSOperation)
|
|
class CDSOperation: OWSOperation {
|
|
|
|
let batchSize = 2048
|
|
static let operationQueue: OperationQueue = {
|
|
let queue = OperationQueue()
|
|
queue.maxConcurrentOperationCount = 5
|
|
queue.name = CDSOperation.logTag()
|
|
return queue
|
|
}()
|
|
|
|
let recipientIdsToLookup: [String]
|
|
|
|
@objc
|
|
var registeredRecipientIds: Set<String>
|
|
|
|
@objc
|
|
required init(recipientIdsToLookup: [String]) {
|
|
self.recipientIdsToLookup = recipientIdsToLookup
|
|
self.registeredRecipientIds = Set()
|
|
|
|
super.init()
|
|
|
|
Logger.debug("with recipientIdsToLookup: \(recipientIdsToLookup.count)")
|
|
for batchIds in recipientIdsToLookup.chunked(by: batchSize) {
|
|
let batchOperation = CDSBatchOperation(recipientIdsToLookup: batchIds)
|
|
self.addDependency(batchOperation)
|
|
}
|
|
}
|
|
|
|
// MARK: Mandatory overrides
|
|
|
|
// Called every retry, this is where the bulk of the operation's work should go.
|
|
override func run() {
|
|
Logger.debug("")
|
|
|
|
for dependency in self.dependencies {
|
|
guard let batchOperation = dependency as? CDSBatchOperation else {
|
|
owsFailDebug("unexpected dependency: \(dependency)")
|
|
continue
|
|
}
|
|
|
|
self.registeredRecipientIds.formUnion(batchOperation.registeredRecipientIds)
|
|
}
|
|
|
|
self.reportSuccess()
|
|
}
|
|
|
|
}
|
|
|
|
public
|
|
class CDSBatchOperation: OWSOperation {
|
|
|
|
private let recipientIdsToLookup: [String]
|
|
private(set) var registeredRecipientIds: Set<String>
|
|
|
|
private var networkManager: TSNetworkManager {
|
|
return TSNetworkManager.shared()
|
|
}
|
|
|
|
private var contactDiscoveryService: ContactDiscoveryService {
|
|
return ContactDiscoveryService.shared()
|
|
}
|
|
|
|
// MARK: Initializers
|
|
|
|
public required init(recipientIdsToLookup: [String]) {
|
|
self.recipientIdsToLookup = Set(recipientIdsToLookup).map { $0 }
|
|
self.registeredRecipientIds = Set()
|
|
|
|
super.init()
|
|
|
|
Logger.debug("with recipientIdsToLookup: \(recipientIdsToLookup.count)")
|
|
}
|
|
|
|
// MARK: OWSOperationOverrides
|
|
|
|
// Called every retry, this is where the bulk of the operation's work should go.
|
|
override public func run() {
|
|
Logger.debug("")
|
|
|
|
guard !isCancelled else {
|
|
Logger.info("no work to do, since we were canceled")
|
|
self.reportCancelled()
|
|
return
|
|
}
|
|
|
|
contactDiscoveryService.performRemoteAttestation(success: { (remoteAttestation: RemoteAttestation) in
|
|
self.makeContactDiscoveryRequest(remoteAttestation: remoteAttestation)
|
|
},
|
|
failure: self.reportError)
|
|
}
|
|
|
|
private func makeContactDiscoveryRequest(remoteAttestation: RemoteAttestation) {
|
|
return // Loki: Do nothing
|
|
|
|
guard !isCancelled else {
|
|
Logger.info("no work to do, since we were canceled")
|
|
self.reportCancelled()
|
|
return
|
|
}
|
|
|
|
let encryptionResult: AES25GCMEncryptionResult
|
|
do {
|
|
encryptionResult = try encryptAddresses(recipientIds: recipientIdsToLookup, remoteAttestation: remoteAttestation)
|
|
} catch {
|
|
reportError(error)
|
|
return
|
|
}
|
|
|
|
let request = OWSRequestFactory.enclaveContactDiscoveryRequest(withId: remoteAttestation.requestId,
|
|
addressCount: UInt(recipientIdsToLookup.count),
|
|
encryptedAddressData: encryptionResult.ciphertext,
|
|
cryptIv: encryptionResult.initializationVector,
|
|
cryptMac: encryptionResult.authTag,
|
|
enclaveId: remoteAttestation.enclaveId,
|
|
authUsername: remoteAttestation.auth.username,
|
|
authPassword: remoteAttestation.auth.password,
|
|
cookies: remoteAttestation.cookies)
|
|
|
|
self.networkManager.makeRequest(request,
|
|
success: { (task, responseDict) in
|
|
do {
|
|
self.registeredRecipientIds = try self.handle(response: responseDict, remoteAttestation: remoteAttestation)
|
|
self.reportSuccess()
|
|
} catch {
|
|
self.reportError(error)
|
|
}
|
|
},
|
|
failure: { (task, error) in
|
|
guard let response = task.response as? HTTPURLResponse else {
|
|
let responseError = OWSErrorMakeUnableToProcessServerResponseError() as NSError
|
|
responseError.isRetryable = true
|
|
self.reportError(responseError)
|
|
return
|
|
}
|
|
|
|
guard response.statusCode != 413 else {
|
|
let rateLimitError: NSError = OWSErrorWithCodeDescription(OWSErrorCode.contactsUpdaterRateLimit, "Contacts Intersection Rate Limit") as NSError
|
|
|
|
// TODO CDS ratelimiting, handle Retry-After header if available
|
|
rateLimitError.isRetryable = false
|
|
self.reportError(rateLimitError)
|
|
return
|
|
}
|
|
|
|
guard response.statusCode / 100 != 4 else {
|
|
let clientError: NSError = ContactDiscoveryError.clientError(underlyingError: error) as NSError
|
|
clientError.isRetryable = (error as NSError).isRetryable
|
|
self.reportError(clientError)
|
|
return
|
|
}
|
|
|
|
guard response.statusCode / 100 != 5 else {
|
|
let serverError = ContactDiscoveryError.serverError(underlyingError: error) as NSError
|
|
serverError.isRetryable = (error as NSError).isRetryable
|
|
|
|
// TODO CDS ratelimiting, handle Retry-After header if available
|
|
self.reportError(serverError)
|
|
return
|
|
}
|
|
|
|
self.reportError(error)
|
|
})
|
|
}
|
|
|
|
func encryptAddresses(recipientIds: [String], remoteAttestation: RemoteAttestation) throws -> AES25GCMEncryptionResult {
|
|
|
|
let addressPlainTextData = try type(of: self).encodePhoneNumbers(recipientIds: recipientIds)
|
|
|
|
guard let encryptionResult = Cryptography.encryptAESGCM(plainTextData: addressPlainTextData,
|
|
initializationVector: Cryptography.generateRandomBytes(kAESGCM256_DefaultIVLength),
|
|
additionalAuthenticatedData: remoteAttestation.requestId,
|
|
key: remoteAttestation.keys.clientKey) else {
|
|
|
|
throw ContactDiscoveryError.assertionError(description: "Encryption failure")
|
|
}
|
|
|
|
return encryptionResult
|
|
}
|
|
|
|
class func encodePhoneNumbers(recipientIds: [String]) throws -> Data {
|
|
var output = Data()
|
|
|
|
for recipientId in recipientIds {
|
|
guard recipientId.prefix(1) == "+" else {
|
|
throw ContactDiscoveryError.assertionError(description: "unexpected id format")
|
|
}
|
|
|
|
let numericPortionIndex = recipientId.index(after: recipientId.startIndex)
|
|
let numericPortion = recipientId.suffix(from: numericPortionIndex)
|
|
|
|
guard let numericIdentifier = UInt64(numericPortion), numericIdentifier > 99 else {
|
|
throw ContactDiscoveryError.assertionError(description: "unexpectedly short identifier")
|
|
}
|
|
|
|
var bigEndian: UInt64 = CFSwapInt64HostToBig(numericIdentifier)
|
|
let buffer = UnsafeBufferPointer(start: &bigEndian, count: 1)
|
|
output.append(buffer)
|
|
}
|
|
|
|
return output
|
|
}
|
|
|
|
func handle(response: Any?, remoteAttestation: RemoteAttestation) throws -> Set<String> {
|
|
let isIncludedData: Data = try parseAndDecrypt(response: response, remoteAttestation: remoteAttestation)
|
|
guard let isIncluded: [Bool] = type(of: self).boolArray(data: isIncludedData) else {
|
|
throw ContactDiscoveryError.assertionError(description: "isIncluded was unexpectedly nil")
|
|
}
|
|
|
|
return try match(recipientIds: self.recipientIdsToLookup, isIncluded: isIncluded)
|
|
}
|
|
|
|
class func boolArray(data: Data) -> [Bool]? {
|
|
var bools: [Bool]?
|
|
data.withUnsafeBytes { (bytes: UnsafePointer<Bool>) -> Void in
|
|
let buffer = UnsafeBufferPointer(start: bytes, count: data.count)
|
|
bools = Array(buffer)
|
|
}
|
|
|
|
return bools
|
|
}
|
|
|
|
func match(recipientIds: [String], isIncluded: [Bool]) throws -> Set<String> {
|
|
guard recipientIds.count == isIncluded.count else {
|
|
throw ContactDiscoveryError.assertionError(description: "length mismatch for isIncluded/recipientIds")
|
|
}
|
|
|
|
let includedRecipientIds: [String] = (0..<recipientIds.count).compactMap { index in
|
|
isIncluded[index] ? recipientIds[index] : nil
|
|
}
|
|
|
|
return Set(includedRecipientIds)
|
|
}
|
|
|
|
func parseAndDecrypt(response: Any?, remoteAttestation: RemoteAttestation) throws -> Data {
|
|
|
|
guard let params = ParamParser(responseObject: response) else {
|
|
throw ContactDiscoveryError.parseError(description: "missing response dict")
|
|
}
|
|
|
|
let cipherText = try params.requiredBase64EncodedData(key: "data")
|
|
let initializationVector = try params.requiredBase64EncodedData(key: "iv")
|
|
let authTag = try params.requiredBase64EncodedData(key: "mac")
|
|
|
|
guard let plainText = Cryptography.decryptAESGCM(withInitializationVector: initializationVector,
|
|
ciphertext: cipherText,
|
|
additionalAuthenticatedData: nil,
|
|
authTag: authTag,
|
|
key: remoteAttestation.keys.serverKey) else {
|
|
throw ContactDiscoveryError.parseError(description: "decryption failed")
|
|
}
|
|
|
|
return plainText
|
|
}
|
|
}
|
|
|
|
class CDSFeedbackOperation: OWSOperation {
|
|
|
|
enum FeedbackResult {
|
|
case ok
|
|
case mismatch
|
|
case attestationError(reason: String)
|
|
case unexpectedError(reason: String)
|
|
}
|
|
|
|
private let legacyRegisteredRecipientIds: Set<String>
|
|
|
|
var networkManager: TSNetworkManager {
|
|
return TSNetworkManager.shared()
|
|
}
|
|
|
|
// MARK: Initializers
|
|
|
|
required init(legacyRegisteredRecipientIds: Set<String>) {
|
|
self.legacyRegisteredRecipientIds = legacyRegisteredRecipientIds
|
|
|
|
super.init()
|
|
|
|
Logger.debug("")
|
|
}
|
|
|
|
// MARK: OWSOperation Overrides
|
|
|
|
override func checkForPreconditionError() -> Error? {
|
|
// override super with no-op
|
|
// In this rare case, we want to proceed even though our dependency might have an
|
|
// error so we can report the details of that error to the feedback service.
|
|
return nil
|
|
}
|
|
|
|
// Called every retry, this is where the bulk of the operation's work should go.
|
|
override func run() {
|
|
|
|
guard !isCancelled else {
|
|
Logger.info("no work to do, since we were canceled")
|
|
self.reportCancelled()
|
|
return
|
|
}
|
|
|
|
guard let cdsOperation = dependencies.first as? CDSOperation else {
|
|
let error = OWSErrorMakeAssertionError("cdsOperation was unexpectedly nil")
|
|
self.reportError(error)
|
|
return
|
|
}
|
|
|
|
if let error = cdsOperation.failingError {
|
|
switch error {
|
|
case TSNetworkManagerError.failedConnection:
|
|
// Don't submit feedback for connectivity errors
|
|
self.reportSuccess()
|
|
case ContactDiscoveryError.serverError, ContactDiscoveryError.clientError:
|
|
// Server already has this information, no need submit feedback
|
|
self.reportSuccess()
|
|
case let cdsError as ContactDiscoveryServiceError:
|
|
let reason = cdsError.reason
|
|
switch cdsError.code {
|
|
case .assertionError:
|
|
self.makeRequest(result: .unexpectedError(reason: "CDS assertionError: \(reason ?? "unknown")"))
|
|
case .attestationFailed:
|
|
self.makeRequest(result: .attestationError(reason: "CDS attestationFailed: \(reason ?? "unknown")"))
|
|
}
|
|
case ContactDiscoveryError.assertionError(let assertionDescription):
|
|
self.makeRequest(result: .unexpectedError(reason: "assertionError: \(assertionDescription)"))
|
|
case ContactDiscoveryError.parseError(description: let parseErrorDescription):
|
|
self.makeRequest(result: .unexpectedError(reason: "parseError: \(parseErrorDescription)"))
|
|
default:
|
|
let nsError = error as NSError
|
|
let reason = "unexpectedError code:\(nsError.code)"
|
|
self.makeRequest(result: .unexpectedError(reason: reason))
|
|
}
|
|
|
|
return
|
|
}
|
|
|
|
if cdsOperation.registeredRecipientIds == legacyRegisteredRecipientIds {
|
|
self.makeRequest(result: .ok)
|
|
return
|
|
} else {
|
|
self.makeRequest(result: .mismatch)
|
|
return
|
|
}
|
|
}
|
|
|
|
func makeRequest(result: FeedbackResult) {
|
|
let reason: String?
|
|
switch result {
|
|
case .ok:
|
|
reason = nil
|
|
case .mismatch:
|
|
reason = nil
|
|
case .attestationError(let attestationErrorReason):
|
|
reason = attestationErrorReason
|
|
case .unexpectedError(let unexpectedErrorReason):
|
|
reason = unexpectedErrorReason
|
|
}
|
|
let request = OWSRequestFactory.cdsFeedbackRequest(status: result.statusPath, reason: reason)
|
|
self.networkManager.makeRequest(request,
|
|
success: { _, _ in self.reportSuccess() },
|
|
failure: { _, error in self.reportError(error) })
|
|
}
|
|
}
|
|
|
|
extension Array {
|
|
// func chunked(by chunkSize: Int) -> [[Element]] {
|
|
// return stride(from: 0, to: self.count, by: chunkSize).map {
|
|
// Array(self[$0..<Swift.min($0 + chunkSize, self.count)])
|
|
// }
|
|
// }
|
|
}
|
|
|
|
extension CDSFeedbackOperation.FeedbackResult {
|
|
var statusPath: String {
|
|
switch self {
|
|
case .ok:
|
|
return "ok"
|
|
case .mismatch:
|
|
return "mismatch"
|
|
case .attestationError:
|
|
return "attestation-error"
|
|
case .unexpectedError:
|
|
return "unexpected-error"
|
|
}
|
|
}
|
|
}
|
|
|
|
extension ContactDiscoveryServiceError {
|
|
var reason: String? {
|
|
return userInfo[ContactDiscoveryServiceErrorKey_Reason] as? String
|
|
}
|
|
}
|