signal-desktop/ts/services/senderCertificate.ts

244 lines
7.1 KiB
TypeScript
Raw Normal View History

2021-04-08 16:24:21 +00:00
// Copyright 2021 Signal Messenger, LLC
// SPDX-License-Identifier: AGPL-3.0-only
import type { SerializedCertificateType } from '../textsecure/OutgoingMessage';
2021-04-08 16:24:21 +00:00
import {
SenderCertificateMode,
serializedCertificateSchema,
} from '../textsecure/OutgoingMessage';
2021-07-02 19:21:24 +00:00
import * as Bytes from '../Bytes';
import { assertDev } from '../util/assert';
2021-04-08 16:24:21 +00:00
import { missingCaseError } from '../util/missingCaseError';
import { waitForOnline } from '../util/waitForOnline';
import * as log from '../logging/log';
import type { StorageInterface } from '../types/Storage.d';
import * as Errors from '../types/errors';
import type { WebAPIType } from '../textsecure/WebAPI';
2021-07-02 19:21:24 +00:00
import { SignalService as Proto } from '../protobuf';
import SenderCertificate = Proto.SenderCertificate;
2021-04-08 16:24:21 +00:00
2021-05-25 22:40:04 +00:00
function isWellFormed(data: unknown): data is SerializedCertificateType {
return serializedCertificateSchema.safeParse(data).success;
}
2021-04-08 16:24:21 +00:00
// In case your clock is different from the server's, we "fake" expire certificates early.
const CLOCK_SKEW_THRESHOLD = 15 * 60 * 1000;
// This is exported for testing.
export class SenderCertificateService {
private server?: WebAPIType;
2021-04-08 16:24:21 +00:00
private fetchPromises: Map<
SenderCertificateMode,
Promise<undefined | SerializedCertificateType>
> = new Map();
private events?: Pick<typeof window.Whisper.events, 'on' | 'off'>;
2021-04-08 16:24:21 +00:00
private storage?: StorageInterface;
2021-04-08 16:24:21 +00:00
initialize({
server,
events,
2021-04-08 16:24:21 +00:00
storage,
}: {
server: WebAPIType;
events?: Pick<typeof window.Whisper.events, 'on' | 'off'>;
storage: StorageInterface;
2021-04-08 16:24:21 +00:00
}): void {
log.info('Sender certificate service initialized');
this.server = server;
this.events = events;
2021-04-08 16:24:21 +00:00
this.storage = storage;
}
async get(
mode: SenderCertificateMode
): Promise<undefined | SerializedCertificateType> {
const storedCertificate = this.getStoredCertificate(mode);
if (storedCertificate) {
log.info(
`Sender certificate service found a valid ${modeToLogString(
mode
)} certificate in storage; skipping fetch`
);
return storedCertificate;
}
return this.fetchCertificate(mode);
}
2021-09-27 17:31:34 +00:00
// This is intended to be called when our credentials have been deleted, so any fetches
// made until this function is complete would fail anyway.
async clear(): Promise<void> {
log.info(
'Sender certificate service: Clearing in-progress fetches and ' +
'deleting cached certificates'
);
await Promise.all(this.fetchPromises.values());
const { storage } = this;
assertDev(
2021-09-27 17:31:34 +00:00
storage,
'Sender certificate service method was called before it was initialized'
);
await storage.remove('senderCertificate');
await storage.remove('senderCertificateNoE164');
}
2021-04-08 16:24:21 +00:00
private getStoredCertificate(
mode: SenderCertificateMode
): undefined | SerializedCertificateType {
const { storage } = this;
assertDev(
2021-04-08 16:24:21 +00:00
storage,
'Sender certificate service method was called before it was initialized'
);
const valueInStorage = storage.get(modeToStorageKey(mode));
2021-05-25 22:40:04 +00:00
if (
isWellFormed(valueInStorage) &&
2021-04-08 16:24:21 +00:00
isExpirationValid(valueInStorage.expires)
2021-05-25 22:40:04 +00:00
) {
return valueInStorage;
}
return undefined;
2021-04-08 16:24:21 +00:00
}
private fetchCertificate(
mode: SenderCertificateMode
): Promise<undefined | SerializedCertificateType> {
// This prevents multiple concurrent fetches.
const existingPromise = this.fetchPromises.get(mode);
if (existingPromise) {
log.info(
`Sender certificate service was already fetching a ${modeToLogString(
mode
)} certificate; piggybacking off of that`
);
return existingPromise;
}
let promise: Promise<undefined | SerializedCertificateType>;
const doFetch = async () => {
const result = await this.fetchAndSaveCertificate(mode);
assertDev(
2021-04-08 16:24:21 +00:00
this.fetchPromises.get(mode) === promise,
'Sender certificate service was deleting a different promise than expected'
);
this.fetchPromises.delete(mode);
return result;
};
promise = doFetch();
assertDev(
2021-04-08 16:24:21 +00:00
!this.fetchPromises.has(mode),
'Sender certificate service somehow already had a promise for this mode'
);
this.fetchPromises.set(mode, promise);
return promise;
}
private async fetchAndSaveCertificate(
mode: SenderCertificateMode
): Promise<undefined | SerializedCertificateType> {
const { storage, server, events } = this;
assertDev(
storage && server && events,
2021-04-08 16:24:21 +00:00
'Sender certificate service method was called before it was initialized'
);
log.info(
`Sender certificate service: fetching and saving a ${modeToLogString(
mode
)} certificate`
);
await waitForOnline({ server, events });
2021-04-08 16:24:21 +00:00
let certificateString: string;
try {
certificateString = await this.requestSenderCertificate(mode);
} catch (err) {
log.warn(
`Sender certificate service could not fetch a ${modeToLogString(
mode
)} certificate. Returning undefined`,
Errors.toLogFormat(err)
2021-04-08 16:24:21 +00:00
);
return undefined;
}
2021-07-02 19:21:24 +00:00
const certificate = Bytes.fromBase64(certificateString);
2021-04-08 16:24:21 +00:00
const decodedContainer = SenderCertificate.decode(certificate);
const decodedCert = decodedContainer.certificate
? SenderCertificate.Certificate.decode(decodedContainer.certificate)
: undefined;
2022-03-23 20:49:27 +00:00
const expires = decodedCert?.expires?.toNumber();
2021-04-08 16:24:21 +00:00
if (!isExpirationValid(expires)) {
log.warn(
`Sender certificate service fetched a ${modeToLogString(
mode
)} certificate from the server that was already expired (or was invalid). Is your system clock off?`
);
return undefined;
}
const serializedCertificate = {
expires: expires - CLOCK_SKEW_THRESHOLD,
2021-09-24 00:49:05 +00:00
serialized: certificate,
2021-04-08 16:24:21 +00:00
};
await storage.put(modeToStorageKey(mode), serializedCertificate);
return serializedCertificate;
}
private async requestSenderCertificate(
mode: SenderCertificateMode
): Promise<string> {
const { server } = this;
assertDev(
server,
2021-04-08 16:24:21 +00:00
'Sender certificate service method was called before it was initialized'
);
const omitE164 = mode === SenderCertificateMode.WithoutE164;
const { certificate } = await server.getSenderCertificate(omitE164);
return certificate;
}
}
function modeToStorageKey(
mode: SenderCertificateMode
): 'senderCertificate' | 'senderCertificateNoE164' {
switch (mode) {
case SenderCertificateMode.WithE164:
return 'senderCertificate';
case SenderCertificateMode.WithoutE164:
return 'senderCertificateNoE164';
default:
throw missingCaseError(mode);
}
}
function modeToLogString(mode: SenderCertificateMode): string {
switch (mode) {
case SenderCertificateMode.WithE164:
return 'yes-E164';
case SenderCertificateMode.WithoutE164:
return 'no-E164';
default:
throw missingCaseError(mode);
}
}
function isExpirationValid(expiration: unknown): expiration is number {
return typeof expiration === 'number' && expiration > Date.now();
}
export const senderCertificateService = new SenderCertificateService();