2021-05-25 22:40:04 +00:00
|
|
|
// Copyright 2021 Signal Messenger, LLC
|
|
|
|
// SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
|
|
|
import {
|
|
|
|
PreKeyBundle,
|
|
|
|
processPreKeyBundle,
|
|
|
|
ProtocolAddress,
|
|
|
|
PublicKey,
|
|
|
|
} from '@signalapp/signal-client';
|
|
|
|
|
2021-09-22 00:58:03 +00:00
|
|
|
import { UnregisteredUserError, HTTPError } from './Errors';
|
2021-05-25 22:40:04 +00:00
|
|
|
import { Sessions, IdentityKeys } from '../LibSignalStores';
|
2021-09-10 02:38:11 +00:00
|
|
|
import { Address } from '../types/Address';
|
|
|
|
import { QualifiedAddress } from '../types/QualifiedAddress';
|
|
|
|
import { UUID } from '../types/UUID';
|
2021-10-26 19:15:33 +00:00
|
|
|
import type { ServerKeysType, WebAPIType } from './WebAPI';
|
2021-09-17 18:27:53 +00:00
|
|
|
import * as log from '../logging/log';
|
2021-05-25 22:40:04 +00:00
|
|
|
|
|
|
|
export async function getKeysForIdentifier(
|
|
|
|
identifier: string,
|
|
|
|
server: WebAPIType,
|
|
|
|
devicesToUpdate?: Array<number>,
|
|
|
|
accessKey?: string
|
|
|
|
): Promise<{ accessKeyFailed?: boolean }> {
|
|
|
|
try {
|
|
|
|
const { keys, accessKeyFailed } = await getServerKeys(
|
|
|
|
identifier,
|
|
|
|
server,
|
|
|
|
accessKey
|
|
|
|
);
|
|
|
|
|
|
|
|
await handleServerKeys(identifier, keys, devicesToUpdate);
|
|
|
|
|
|
|
|
return {
|
|
|
|
accessKeyFailed,
|
|
|
|
};
|
|
|
|
} catch (error) {
|
2021-09-22 00:58:03 +00:00
|
|
|
if (error instanceof HTTPError && error.code === 404) {
|
2021-09-10 02:38:11 +00:00
|
|
|
const theirUuid = UUID.lookup(identifier);
|
|
|
|
|
|
|
|
if (theirUuid) {
|
|
|
|
await window.textsecure.storage.protocol.archiveAllSessions(theirUuid);
|
|
|
|
}
|
2021-05-25 22:40:04 +00:00
|
|
|
}
|
|
|
|
throw new UnregisteredUserError(identifier, error);
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
async function getServerKeys(
|
|
|
|
identifier: string,
|
|
|
|
server: WebAPIType,
|
|
|
|
accessKey?: string
|
|
|
|
): Promise<{ accessKeyFailed?: boolean; keys: ServerKeysType }> {
|
|
|
|
if (!accessKey) {
|
|
|
|
return {
|
|
|
|
keys: await server.getKeysForIdentifier(identifier),
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
try {
|
|
|
|
return {
|
|
|
|
keys: await server.getKeysForIdentifierUnauth(identifier, undefined, {
|
|
|
|
accessKey,
|
|
|
|
}),
|
|
|
|
};
|
|
|
|
} catch (error) {
|
|
|
|
if (error.code === 401 || error.code === 403) {
|
|
|
|
return {
|
|
|
|
accessKeyFailed: true,
|
|
|
|
keys: await server.getKeysForIdentifier(identifier),
|
|
|
|
};
|
|
|
|
}
|
|
|
|
|
|
|
|
throw error;
|
|
|
|
}
|
|
|
|
}
|
|
|
|
|
|
|
|
async function handleServerKeys(
|
|
|
|
identifier: string,
|
|
|
|
response: ServerKeysType,
|
|
|
|
devicesToUpdate?: Array<number>
|
|
|
|
): Promise<void> {
|
2021-09-10 02:38:11 +00:00
|
|
|
const ourUuid = window.textsecure.storage.user.getCheckedUuid();
|
|
|
|
const sessionStore = new Sessions({ ourUuid });
|
|
|
|
const identityKeyStore = new IdentityKeys({ ourUuid });
|
2021-05-25 22:40:04 +00:00
|
|
|
|
|
|
|
await Promise.all(
|
|
|
|
response.devices.map(async device => {
|
|
|
|
const { deviceId, registrationId, preKey, signedPreKey } = device;
|
|
|
|
if (
|
|
|
|
devicesToUpdate !== undefined &&
|
|
|
|
!devicesToUpdate.includes(deviceId)
|
|
|
|
) {
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
if (device.registrationId === 0) {
|
2021-09-17 18:27:53 +00:00
|
|
|
log.info(
|
2021-05-25 22:40:04 +00:00
|
|
|
`handleServerKeys/${identifier}: Got device registrationId zero!`
|
|
|
|
);
|
|
|
|
}
|
|
|
|
if (!signedPreKey) {
|
|
|
|
throw new Error(
|
|
|
|
`getKeysForIdentifier/${identifier}: Missing signed prekey for deviceId ${deviceId}`
|
|
|
|
);
|
|
|
|
}
|
2021-09-10 02:38:11 +00:00
|
|
|
const theirUuid = UUID.checkedLookup(identifier);
|
|
|
|
const protocolAddress = ProtocolAddress.new(
|
|
|
|
theirUuid.toString(),
|
|
|
|
deviceId
|
|
|
|
);
|
2021-05-25 22:40:04 +00:00
|
|
|
const preKeyId = preKey?.keyId || null;
|
|
|
|
const preKeyObject = preKey
|
|
|
|
? PublicKey.deserialize(Buffer.from(preKey.publicKey))
|
|
|
|
: null;
|
|
|
|
const signedPreKeyObject = PublicKey.deserialize(
|
|
|
|
Buffer.from(signedPreKey.publicKey)
|
|
|
|
);
|
|
|
|
const identityKey = PublicKey.deserialize(
|
|
|
|
Buffer.from(response.identityKey)
|
|
|
|
);
|
|
|
|
|
|
|
|
const preKeyBundle = PreKeyBundle.new(
|
|
|
|
registrationId,
|
|
|
|
deviceId,
|
|
|
|
preKeyId,
|
|
|
|
preKeyObject,
|
|
|
|
signedPreKey.keyId,
|
|
|
|
signedPreKeyObject,
|
|
|
|
Buffer.from(signedPreKey.signature),
|
|
|
|
identityKey
|
|
|
|
);
|
|
|
|
|
2021-09-10 02:38:11 +00:00
|
|
|
const address = new QualifiedAddress(
|
|
|
|
ourUuid,
|
|
|
|
new Address(theirUuid, deviceId)
|
|
|
|
);
|
2021-05-25 22:40:04 +00:00
|
|
|
await window.textsecure.storage.protocol
|
|
|
|
.enqueueSessionJob(address, () =>
|
|
|
|
processPreKeyBundle(
|
|
|
|
preKeyBundle,
|
|
|
|
protocolAddress,
|
|
|
|
sessionStore,
|
|
|
|
identityKeyStore
|
|
|
|
)
|
|
|
|
)
|
|
|
|
.catch(error => {
|
|
|
|
if (error?.message?.includes('untrusted identity for address')) {
|
|
|
|
// eslint-disable-next-line no-param-reassign
|
|
|
|
error.identityKey = response.identityKey;
|
|
|
|
}
|
|
|
|
throw error;
|
|
|
|
});
|
|
|
|
})
|
|
|
|
);
|
|
|
|
}
|