empathicqubit/Signal-Android
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions 1

Rotate sender cert at send time if it's expired.

Browse source
This commit is contained in:
Greyson Parrelli 2018-11-21 17:26:06 -08:00
parent f9d7cf0e19
commit 36b24d0a20
5 changed files with 33 additions and 4 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/org/thoughtcrime/securesms/jobs/PushGroupSendJob.java
View file

@ -203,6 +203,8 @@ public class PushGroupSendJob extends PushSendJob implements InjectableType {
throws IOException, RecipientFormattingException, InvalidNumberException,
UndeliverableMessageException, UntrustedIdentityException
{
rotateSenderCertificateIfNecessary();
String groupId = message.getRecipient().getAddress().toGroupString();
Optional<byte[]> profileKey = getProfileKey(message.getRecipient());
MediaConstraints mediaConstraints = MediaConstraints.getPushMediaConstraints();

2
src/org/thoughtcrime/securesms/jobs/PushMediaSendJob.java
View file

@ -156,6 +156,8 @@ public class PushMediaSendJob extends PushSendJob implements InjectableType {
}
try {
rotateSenderCertificateIfNecessary();
SignalServiceAddress address = getPushAddress(message.getRecipient().getAddress());
MediaConstraints mediaConstraints = MediaConstraints.getPushMediaConstraints();
List<Attachment> scaledAttachments = scaleAndStripExifFromAttachments(mediaConstraints, message.getAttachments());

25
src/org/thoughtcrime/securesms/jobs/PushSendJob.java
View file

@ -4,6 +4,8 @@ import android.content.Context;
import android.support.annotation.NonNull;
import org.greenrobot.eventbus.EventBus;
import org.signal.libsignal.metadata.certificate.InvalidCertificateException;
import org.signal.libsignal.metadata.certificate.SenderCertificate;
import org.thoughtcrime.securesms.ApplicationContext;
import org.thoughtcrime.securesms.TextSecureExpiredException;
import org.thoughtcrime.securesms.attachments.Attachment;
@ -41,8 +43,9 @@ import java.util.concurrent.TimeUnit;
public abstract class PushSendJob extends SendJob {
private static final long serialVersionUID = 5906098204770900739L;
private static final String TAG = PushSendJob.class.getSimpleName();
private static final long serialVersionUID = 5906098204770900739L;
private static final String TAG = PushSendJob.class.getSimpleName();
private static final long CERTIFICATE_EXPIRATION_BUFFER = TimeUnit.DAYS.toMillis(1);
protected PushSendJob(Context context, JobParameters parameters) {
super(context, parameters);
@ -199,5 +202,23 @@ public abstract class PushSendJob extends SendJob {
return sharedContacts;
}
protected void rotateSenderCertificateIfNecessary() throws IOException {
try {
SenderCertificate certificate = new SenderCertificate(TextSecurePreferences.getUnidentifiedAccessCertificate(context));
if (System.currentTimeMillis() > (certificate.getExpiration() - CERTIFICATE_EXPIRATION_BUFFER)) {
throw new InvalidCertificateException("Certificate is expired, or close to it. Expires on: " + certificate.getExpiration() + ", currently: " + System.currentTimeMillis());
}
Log.d(TAG, "Certificate is valid.");
} catch (InvalidCertificateException e) {
Log.w(TAG, "Certificate was invalid at send time. Fetching a new one.", e);
RotateCertificateJob certificateJob = new RotateCertificateJob();
ApplicationContext.getInstance(context).injectDependencies(certificateJob);
certificateJob.setContext(context);
certificateJob.onRun();
}
}
protected abstract void onPushSend() throws Exception;
}

2
src/org/thoughtcrime/securesms/jobs/PushTextSendJob.java
View file

@ -151,6 +151,8 @@ public class PushTextSendJob extends PushSendJob implements InjectableType {
throws UntrustedIdentityException, InsecureFallbackApprovalException, RetryLaterException
{
try {
rotateSenderCertificateIfNecessary();
SignalServiceAddress address = getPushAddress(message.getIndividualRecipient().getAddress());
Optional<byte[]> profileKey = getProfileKey(message.getIndividualRecipient());
Optional<UnidentifiedAccessPair> unidentifiedAccess = UnidentifiedAccessUtil.getAccessFor(context, message.getIndividualRecipient());

6
src/org/thoughtcrime/securesms/jobs/RotateCertificateJob.java
View file

@ -55,8 +55,10 @@ public class RotateCertificateJob extends ContextJob implements InjectableType {
@Override
public void onRun() throws IOException {
byte[] certificate = accountManager.getSenderCertificate();
TextSecurePreferences.setUnidentifiedAccessCertificate(context, certificate);
synchronized (RotateCertificateJob.class) {
byte[] certificate = accountManager.getSenderCertificate();
TextSecurePreferences.setUnidentifiedAccessCertificate(context, certificate);
}
}
@Override