signal-desktop/ts/textsecure/getKeysForServiceId.ts

207 lines
5.5 KiB
TypeScript
Raw Normal View History

2021-05-25 22:40:04 +00:00
// Copyright 2021 Signal Messenger, LLC
// SPDX-License-Identifier: AGPL-3.0-only
import {
ErrorCode,
KEMPublicKey,
LibSignalErrorBase,
2021-05-25 22:40:04 +00:00
PreKeyBundle,
processPreKeyBundle,
ProtocolAddress,
PublicKey,
} from '@signalapp/libsignal-client';
2021-05-25 22:40:04 +00:00
import {
OutgoingIdentityKeyError,
UnregisteredUserError,
HTTPError,
} from './Errors';
2021-05-25 22:40:04 +00:00
import { Sessions, IdentityKeys } from '../LibSignalStores';
import { Address } from '../types/Address';
import { QualifiedAddress } from '../types/QualifiedAddress';
import type { ServiceIdString } from '../types/ServiceId';
import type { ServerKeysType, WebAPIType } from './WebAPI';
import * as log from '../logging/log';
import { isRecord } from '../util/isRecord';
2024-09-06 17:52:19 +00:00
import type { GroupSendToken } from '../types/GroupSendEndorsements';
import { onFailedToSendWithEndorsements } from '../util/groupSendEndorsements';
2021-05-25 22:40:04 +00:00
export async function getKeysForServiceId(
serviceId: ServiceIdString,
2021-05-25 22:40:04 +00:00
server: WebAPIType,
2024-09-06 17:52:19 +00:00
devicesToUpdate: Array<number> | null,
accessKey: string | null,
groupSendToken: GroupSendToken | null
2021-05-25 22:40:04 +00:00
): Promise<{ accessKeyFailed?: boolean }> {
try {
const { keys, accessKeyFailed } = await getServerKeys(
serviceId,
2021-05-25 22:40:04 +00:00
server,
2024-09-06 17:52:19 +00:00
accessKey,
groupSendToken
2021-05-25 22:40:04 +00:00
);
await handleServerKeys(serviceId, keys, devicesToUpdate);
2021-05-25 22:40:04 +00:00
return {
accessKeyFailed,
};
} catch (error) {
2021-09-22 00:58:03 +00:00
if (error instanceof HTTPError && error.code === 404) {
await window.textsecure.storage.protocol.archiveAllSessions(serviceId);
throw new UnregisteredUserError(serviceId, error);
2021-05-25 22:40:04 +00:00
}
throw error;
2021-05-25 22:40:04 +00:00
}
}
2024-09-06 17:52:19 +00:00
function isUnauthorizedError(error: unknown) {
return (
isRecord(error) &&
typeof error.code === 'number' &&
(error.code === 401 || error.code === 403)
);
}
2021-05-25 22:40:04 +00:00
async function getServerKeys(
serviceId: ServiceIdString,
2021-05-25 22:40:04 +00:00
server: WebAPIType,
2024-09-06 17:52:19 +00:00
accessKey: string | null,
groupSendToken: GroupSendToken | null
): Promise<{ accessKeyFailed: boolean; keys: ServerKeysType }> {
// Return true only when attempted with access key
let accessKeyFailed = false;
2024-09-06 17:52:19 +00:00
if (accessKey != null) {
// Try the access key first
try {
const keys = await server.getKeysForServiceIdUnauth(
serviceId,
undefined,
{ accessKey }
);
return { keys, accessKeyFailed };
} catch (error) {
accessKeyFailed = true;
if (!isUnauthorizedError(error)) {
throw error;
}
2021-05-25 22:40:04 +00:00
}
2024-09-06 17:52:19 +00:00
}
2021-05-25 22:40:04 +00:00
2024-09-06 17:52:19 +00:00
if (groupSendToken != null) {
try {
const keys = await server.getKeysForServiceIdUnauth(
serviceId,
undefined,
{ groupSendToken }
);
return { keys, accessKeyFailed };
} catch (error) {
if (!isUnauthorizedError(error)) {
throw error;
} else {
onFailedToSendWithEndorsements(error);
}
}
2021-05-25 22:40:04 +00:00
}
2024-09-06 17:52:19 +00:00
return {
keys: await server.getKeysForServiceId(serviceId),
accessKeyFailed,
};
2021-05-25 22:40:04 +00:00
}
async function handleServerKeys(
serviceId: ServiceIdString,
2021-05-25 22:40:04 +00:00
response: ServerKeysType,
2024-09-06 17:52:19 +00:00
devicesToUpdate: Array<number> | null
2021-05-25 22:40:04 +00:00
): Promise<void> {
const ourAci = window.textsecure.storage.user.getCheckedAci();
const sessionStore = new Sessions({ ourServiceId: ourAci });
const identityKeyStore = new IdentityKeys({ ourServiceId: ourAci });
2021-05-25 22:40:04 +00:00
await Promise.all(
response.devices.map(async device => {
const { deviceId, registrationId, pqPreKey, preKey, signedPreKey } =
device;
2024-09-06 17:52:19 +00:00
if (devicesToUpdate != null && !devicesToUpdate.includes(deviceId)) {
2021-05-25 22:40:04 +00:00
return;
}
if (device.registrationId === 0) {
log.info(
`handleServerKeys/${serviceId}: Got device registrationId zero!`
2021-05-25 22:40:04 +00:00
);
}
if (!signedPreKey) {
throw new Error(
`getKeysForIdentifier/${serviceId}: Missing signed prekey for deviceId ${deviceId}`
2021-05-25 22:40:04 +00:00
);
}
const protocolAddress = ProtocolAddress.new(serviceId, deviceId);
2021-05-25 22:40:04 +00:00
const preKeyId = preKey?.keyId || null;
const preKeyObject = preKey
? PublicKey.deserialize(Buffer.from(preKey.publicKey))
: null;
const signedPreKeyObject = PublicKey.deserialize(
Buffer.from(signedPreKey.publicKey)
);
const identityKey = PublicKey.deserialize(
Buffer.from(response.identityKey)
);
const pqPreKeyId = pqPreKey?.keyId || null;
const pqPreKeyPublic = pqPreKey
? KEMPublicKey.deserialize(Buffer.from(pqPreKey.publicKey))
: null;
const pqPreKeySignature = pqPreKey
? Buffer.from(pqPreKey.signature)
: null;
2021-05-25 22:40:04 +00:00
const preKeyBundle = PreKeyBundle.new(
registrationId,
deviceId,
preKeyId,
preKeyObject,
signedPreKey.keyId,
signedPreKeyObject,
Buffer.from(signedPreKey.signature),
identityKey,
pqPreKeyId,
pqPreKeyPublic,
pqPreKeySignature
2021-05-25 22:40:04 +00:00
);
const address = new QualifiedAddress(
ourAci,
new Address(serviceId, deviceId)
);
try {
await window.textsecure.storage.protocol.enqueueSessionJob(
address,
`handleServerKeys(${serviceId})`,
() =>
processPreKeyBundle(
preKeyBundle,
protocolAddress,
sessionStore,
identityKeyStore
)
);
} catch (error) {
if (
error instanceof LibSignalErrorBase &&
error.code === ErrorCode.UntrustedIdentity
) {
throw new OutgoingIdentityKeyError(serviceId, error);
}
throw error;
}
2021-05-25 22:40:04 +00:00
})
);
}