Java Code Examples for org.whispersystems.libsignal.InvalidKeyException

public Set<IdentityKey> loadIdentityKeys(Account account, String name, FingerprintStatus status) {
    Set<IdentityKey> identityKeys = new HashSet<>();
    Cursor cursor = getIdentityKeyCursor(account, name, false);

    while (cursor.moveToNext()) {
        if (status != null && !FingerprintStatus.fromCursor(cursor).equals(status)) {
            continue;
        }
        try {
            String key = cursor.getString(cursor.getColumnIndex(SQLiteAxolotlStore.KEY));
            if (key != null) {
                identityKeys.add(new IdentityKey(Base64.decode(key, Base64.DEFAULT), 0));
            } else {
                Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Missing key (possibly preverified) in database for account" + account.getJid().asBareJid() + ", address: " + name);
            }
        } catch (InvalidKeyException e) {
            Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Encountered invalid IdentityKey in database for account" + account.getJid().asBareJid() + ", address: " + name);
        }
    }
    cursor.close();

    return identityKeys;
}
 

private OutgoingPushMessageList getEncryptedMessages(PushServiceSocket            socket,
                                                     SignalServiceAddress         recipient,
                                                     Optional<UnidentifiedAccess> unidentifiedAccess,
                                                     long                         timestamp,
                                                     byte[]                       plaintext,
                                                     boolean                      online)
    throws IOException, InvalidKeyException, UntrustedIdentityException
{
  List<OutgoingPushMessage> messages = new LinkedList<>();

  if (!recipient.matches(localAddress) || unidentifiedAccess.isPresent()) {
    messages.add(getEncryptedMessage(socket, recipient, unidentifiedAccess, SignalServiceAddress.DEFAULT_DEVICE_ID, plaintext));
  }

  for (int deviceId : store.getSubDeviceSessions(recipient.getIdentifier())) {
    if (store.containsSession(new SignalProtocolAddress(recipient.getIdentifier(), deviceId))) {
      messages.add(getEncryptedMessage(socket, recipient, unidentifiedAccess, deviceId, plaintext));
    }
  }

  return new OutgoingPushMessageList(recipient.getIdentifier(), timestamp, messages, online);
}
 

public static SignalStorageRecord remoteToLocalStorageRecord(StorageItem item, int type, StorageKey storageKey) throws IOException, InvalidKeyException {
  byte[]        key       = item.getKey().toByteArray();
  byte[]        rawRecord = SignalStorageCipher.decrypt(storageKey.deriveItemKey(key), item.getValue().toByteArray());
  StorageRecord record    = StorageRecord.parseFrom(rawRecord);
  StorageId     id        = StorageId.forType(key, type);

  if (record.hasContact() && type == ManifestRecord.Identifier.Type.CONTACT_VALUE) {
    return SignalStorageRecord.forContact(id, new SignalContactRecord(id, record.getContact()));
  } else if (record.hasGroupV1() && type == ManifestRecord.Identifier.Type.GROUPV1_VALUE) {
    return SignalStorageRecord.forGroupV1(id, new SignalGroupV1Record(id, record.getGroupV1()));
  } else if (record.hasGroupV2() && type == ManifestRecord.Identifier.Type.GROUPV2_VALUE && record.getGroupV2().getMasterKey().size() == GroupMasterKey.SIZE) {
    return SignalStorageRecord.forGroupV2(id, new SignalGroupV2Record(id, record.getGroupV2()));
  } else if (record.hasAccount() && type == ManifestRecord.Identifier.Type.ACCOUNT_VALUE) {
    return SignalStorageRecord.forAccount(id, new SignalAccountRecord(id, record.getAccount()));
  } else {
    return SignalStorageRecord.forUnknown(StorageId.forType(key, type));
  }
}
 

public byte[] encrypt(ProvisionMessage message) throws InvalidKeyException {
  ECKeyPair ourKeyPair    = Curve.generateKeyPair();
  byte[]    sharedSecret  = Curve.calculateAgreement(theirPublicKey, ourKeyPair.getPrivateKey());
  byte[]    derivedSecret = new HKDFv3().deriveSecrets(sharedSecret, "TextSecure Provisioning Message".getBytes(), 64);
  byte[][]  parts         = Util.split(derivedSecret, 32, 32);

  byte[] version    = {0x01};
  byte[] ciphertext = getCiphertext(parts[0], message.toByteArray());
  byte[] mac        = getMac(parts[1], Util.join(version, ciphertext));
  byte[] body       = Util.join(version, ciphertext, mac);

  return ProvisionEnvelope.newBuilder()
                          .setPublicKey(ByteString.copyFrom(ourKeyPair.getPublicKey().serialize()))
                          .setBody(ByteString.copyFrom(body))
                          .build()
                          .toByteArray();
}
 

public @Nullable PreKeyRecord getPreKey(int keyId) {
  SQLiteDatabase database = databaseHelper.getReadableDatabase();

  try (Cursor cursor = database.query(TABLE_NAME, null, KEY_ID + " = ?",
                                      new String[] {String.valueOf(keyId)},
                                      null, null, null))
  {
    if (cursor != null && cursor.moveToFirst()) {
      try {
        ECPublicKey  publicKey  = Curve.decodePoint(Base64.decode(cursor.getString(cursor.getColumnIndexOrThrow(PUBLIC_KEY))), 0);
        ECPrivateKey privateKey = Curve.decodePrivatePoint(Base64.decode(cursor.getString(cursor.getColumnIndexOrThrow(PRIVATE_KEY))));

        return new PreKeyRecord(keyId, new ECKeyPair(publicKey, privateKey));
      } catch (InvalidKeyException | IOException e) {
        Log.w(TAG, e);
      }
    }
  }

  return null;
}
 

public @Nullable SignedPreKeyRecord getSignedPreKey(int keyId) {
  SQLiteDatabase database = databaseHelper.getReadableDatabase();

  try (Cursor cursor = database.query(TABLE_NAME, null, KEY_ID + " = ?",
                                      new String[] {String.valueOf(keyId)},
                                      null, null, null))
  {
    if (cursor != null && cursor.moveToFirst()) {
      try {
        ECPublicKey  publicKey  = Curve.decodePoint(Base64.decode(cursor.getString(cursor.getColumnIndexOrThrow(PUBLIC_KEY))), 0);
        ECPrivateKey privateKey = Curve.decodePrivatePoint(Base64.decode(cursor.getString(cursor.getColumnIndexOrThrow(PRIVATE_KEY))));
        byte[]       signature  = Base64.decode(cursor.getString(cursor.getColumnIndexOrThrow(SIGNATURE)));
        long         timestamp  = cursor.getLong(cursor.getColumnIndexOrThrow(TIMESTAMP));

        return new SignedPreKeyRecord(keyId, timestamp, new ECKeyPair(publicKey, privateKey), signature);
      } catch (InvalidKeyException | IOException e) {
        Log.w(TAG, e);
      }
    }
  }

  return null;
}
 

public @NonNull IdentityRecordList getIdentities(@NonNull List<Recipient> recipients) {
  IdentityRecordList identityRecordList = new IdentityRecordList();
  SQLiteDatabase     database           = databaseHelper.getReadableDatabase();
  String[]           selectionArgs      = new String[1];

  database.beginTransaction();
  try {
    for (Recipient recipient : recipients) {
      selectionArgs[0] = recipient.getId().serialize();

      try (Cursor cursor = database.query(TABLE_NAME, null, RECIPIENT_ID + " = ?", selectionArgs, null, null, null)) {
        if (cursor.moveToFirst()) {
          identityRecordList.add(getIdentityRecord(cursor));
        }
      } catch (InvalidKeyException | IOException e) {
        throw new AssertionError(e);
      }
    }
  } finally {
    database.endTransaction();
  }

  return identityRecordList;
}
 

public IncomingEncryptedMessage decrypt(Context context, IncomingPreKeyBundleMessage message)
    throws InvalidVersionException, InvalidMessageException, DuplicateMessageException,
           UntrustedIdentityException, LegacyMessageException
{
  try {
    byte[]              decoded       = transportDetails.getDecodedMessage(message.getMessageBody().getBytes());
    PreKeySignalMessage preKeyMessage = new PreKeySignalMessage(decoded);
    SessionCipher       sessionCipher = new SessionCipher(signalProtocolStore, new SignalProtocolAddress(message.getSender(), 1));
    byte[]              padded        = sessionCipher.decrypt(preKeyMessage);
    byte[]              plaintext     = transportDetails.getStrippedPaddingMessageBody(padded);

    return new IncomingEncryptedMessage(message, new String(plaintext));
  } catch (IOException | InvalidKeyException | InvalidKeyIdException e) {
    throw new InvalidMessageException(e);
  }
}
 

public static AsymmetricMasterSecret getAsymmetricMasterSecret(@NonNull  Context context,
                                                               @Nullable MasterSecret masterSecret)
{
  try {
    byte[] djbPublicBytes   = retrieve(context, ASYMMETRIC_LOCAL_PUBLIC_DJB);
    byte[] djbPrivateBytes  = retrieve(context, ASYMMETRIC_LOCAL_PRIVATE_DJB);

    MasterCipher masterCipher  = new MasterCipher(masterSecret);
    ECPublicKey  djbPublicKey  = masterCipher.decryptPublicKey(djbPublicBytes);
    ECPrivateKey djbPrivateKey = masterCipher.decryptPrivateKey(djbPrivateBytes);

    return new AsymmetricMasterSecret(djbPublicKey, djbPrivateKey);
  } catch (InvalidKeyException ike) {
    throw new SecurityException(ike);
  }
}
 

public synchronized static SignedPreKeyRecord generateSignedPreKey(Context context, IdentityKeyPair identityKeyPair, boolean active) {
  try {
    SignedPreKeyStore  signedPreKeyStore = new TextSecurePreKeyStore(context);
    int                signedPreKeyId    = TextSecurePreferences.getNextSignedPreKeyId(context);
    ECKeyPair          keyPair           = Curve.generateKeyPair();
    byte[]             signature         = Curve.calculateSignature(identityKeyPair.getPrivateKey(), keyPair.getPublicKey().serialize());
    SignedPreKeyRecord record            = new SignedPreKeyRecord(signedPreKeyId, System.currentTimeMillis(), keyPair, signature);

    signedPreKeyStore.storeSignedPreKey(signedPreKeyId, record);
    TextSecurePreferences.setNextSignedPreKeyId(context, (signedPreKeyId + 1) % Medium.MAX_VALUE);

    if (active) {
      TextSecurePreferences.setActiveSignedPreKeyId(context, signedPreKeyId);
    }

    return record;
  } catch (InvalidKeyException e) {
    throw new AssertionError(e);
  }
}
 

@Override
public void onRun() throws IOException, UntrustedIdentityException {
  try {
    if (!TextSecurePreferences.isMultiDevice(context)) {
      Log.i(TAG, "Not multi device...");
      return;
    }

    if (destination == null) {
      Log.w(TAG, "No destination...");
      return;
    }

    SignalServiceMessageSender    messageSender        = ApplicationDependencies.getSignalServiceMessageSender();
    Recipient                     recipient            = Recipient.resolved(destination);
    VerifiedMessage.VerifiedState verifiedState        = getVerifiedState(verifiedStatus);
    SignalServiceAddress          verifiedAddress      = RecipientUtil.toSignalServiceAddress(context, recipient);
    VerifiedMessage               verifiedMessage      = new VerifiedMessage(verifiedAddress, new IdentityKey(identityKey, 0), verifiedState, timestamp);

    messageSender.sendMessage(SignalServiceSyncMessage.forVerified(verifiedMessage),
                              UnidentifiedAccessUtil.getAccessFor(context, recipient));
  } catch (InvalidKeyException e) {
    throw new IOException(e);
  }
}
 

private void setIdentityKey(Recipient recipient, String identityKeyValue) {
  try {
    if (TextUtils.isEmpty(identityKeyValue)) {
      Log.w(TAG, "Identity key is missing on profile!");
      return;
    }

    IdentityKey identityKey = new IdentityKey(Base64.decode(identityKeyValue), 0);

    if (!DatabaseFactory.getIdentityDatabase(context)
                        .getIdentity(recipient.getId())
                        .isPresent())
    {
      Log.w(TAG, "Still first use...");
      return;
    }

    IdentityUtil.saveIdentity(context, recipient.requireServiceId(), identityKey);
  } catch (InvalidKeyException | IOException e) {
    Log.w(TAG, e);
  }
}
 

public byte[] encrypt(ProvisionMessage message) throws InvalidKeyException {
  ECKeyPair ourKeyPair    = Curve.generateKeyPair();
  byte[]    sharedSecret  = Curve.calculateAgreement(theirPublicKey, ourKeyPair.getPrivateKey());
  byte[]    derivedSecret = new HKDFv3().deriveSecrets(sharedSecret, "TextSecure Provisioning Message".getBytes(), 64);
  byte[][]  parts         = Util.split(derivedSecret, 32, 32);

  byte[] version    = {0x01};
  byte[] ciphertext = getCiphertext(parts[0], message.toByteArray());
  byte[] mac        = getMac(parts[1], Util.join(version, ciphertext));
  byte[] body       = Util.join(version, ciphertext, mac);

  return ProvisionEnvelope.newBuilder()
                          .setPublicKey(ByteString.copyFrom(ourKeyPair.getPublicKey().serialize()))
                          .setBody(ByteString.copyFrom(body))
                          .build()
                          .toByteArray();
}
 

public Optional<IdentityRecord> getIdentity(String uid) {
    SQLiteDatabase database = databaseHelper.getReadableDatabase();
    Cursor cursor = null;

    try {
        cursor = database.query(TABLE_NAME, null, ADDRESS + " = ?",
                new String[]{uid}, null, null, null);

        if (cursor != null && cursor.moveToFirst()) {
            return Optional.of(getIdentityRecord(cursor));
        }
    } catch (InvalidKeyException | IOException e) {
        throw new AssertionError(e);
    } finally {
        if (cursor != null)
            cursor.close();
    }

    return Optional.absent();
}
 

public static IdentityKeyPair getIdentityKeyPair(Context context,
                                                 MasterSecret masterSecret,
                                                 int subscriptionId)
{
  if (!hasIdentityKey(context, subscriptionId))
    return null;

  try {
    MasterCipher masterCipher = new MasterCipher(masterSecret);
    IdentityKey  publicKey    = getIdentityKey(context, subscriptionId);
    ECPrivateKey privateKey   = masterCipher.decryptKey(Base64.decode(retrieve(context, getIdentityPrivateKeyDjbPref(subscriptionId))));

    return new IdentityKeyPair(publicKey, privateKey);
  } catch (IOException | InvalidKeyException e) {
    throw new AssertionError(e);
  }
}
 

public String encryptBody(String body) {
  try {
    ECPublicKey  theirPublic        = asymmetricMasterSecret.getDjbPublicKey();
    ECKeyPair    ourKeyPair         = Curve.generateKeyPair();
    byte[]       secret             = Curve.calculateAgreement(theirPublic, ourKeyPair.getPrivateKey());
    MasterCipher masterCipher       = getMasterCipherForSecret(secret);
    byte[]       encryptedBodyBytes = masterCipher.encryptBytes(body.getBytes());

    PublicKey    ourPublicKey       = new PublicKey(31337, ourKeyPair.getPublicKey());
    byte[]       publicKeyBytes     = ourPublicKey.serialize();
    byte[]       combined           = Util.combine(publicKeyBytes, encryptedBodyBytes);

    return Base64.encodeBytes(combined);
  } catch (InvalidKeyException e) {
    throw new AssertionError(e);
  }
}
 

public static SignedPreKeyRecord generateSignedPreKey(Context context, AccountContext accountContext, IdentityKeyPair identityKeyPair, boolean active) {
    try {
        SignedPreKeyStore signedPreKeyStore = new TextSecurePreKeyStore(context, accountContext);
        int signedPreKeyId = getNextSignedPreKeyId(context, accountContext);
        ECKeyPair keyPair = Curve.generateKeyPair();
        byte[] signature = Curve.calculateSignature(identityKeyPair.getPrivateKey(), keyPair.getPublicKey().serialize());
        SignedPreKeyRecord record = new SignedPreKeyRecord(signedPreKeyId, System.currentTimeMillis(), keyPair, signature);

        signedPreKeyStore.storeSignedPreKey(signedPreKeyId, record);
        setNextSignedPreKeyId(context, accountContext,(signedPreKeyId + 1) % Medium.MAX_VALUE);

        if (active) {
            setActiveSignedPreKeyId(context, accountContext, signedPreKeyId);
        }

        return record;
    } catch (InvalidKeyException e) {
        throw new AssertionError(e);
    }
}
 

public byte[] encryptBytes(byte[] body) {
  try {
    ECPublicKey  theirPublic        = asymmetricMasterSecret.getDjbPublicKey();
    ECKeyPair    ourKeyPair         = Curve.generateKeyPair();
    byte[]       secret             = Curve.calculateAgreement(theirPublic, ourKeyPair.getPrivateKey());
    MasterCipher masterCipher       = getMasterCipherForSecret(secret);
    byte[]       encryptedBodyBytes = masterCipher.encryptBytes(body);

    PublicKey    ourPublicKey       = new PublicKey(31337, ourKeyPair.getPublicKey());
    byte[]       publicKeyBytes     = ourPublicKey.serialize();

    return Util.combine(publicKeyBytes, encryptedBodyBytes);
  } catch (InvalidKeyException e) {
    throw new AssertionError(e);
  }
}
 

public String decryptBody(String body) throws IOException, InvalidMessageException {
  try {
    byte[]    combined       = Base64.decode(body);
    byte[][]  parts          = Util.split(combined, PublicKey.KEY_SIZE, combined.length - PublicKey.KEY_SIZE);
    PublicKey theirPublicKey = new PublicKey(parts[0], 0);

    ECPrivateKey ourPrivateKey = asymmetricMasterSecret.getPrivateKey();
    byte[]       secret        = Curve.calculateAgreement(theirPublicKey.getKey(), ourPrivateKey);
    MasterCipher masterCipher  = getMasterCipherForSecret(secret);
    byte[]       decryptedBody = masterCipher.decryptBytes(parts[1]);

    return new String(decryptedBody);
  } catch (InvalidKeyException | InvalidMessageException ike) {
    throw new InvalidMessageException(ike);
  }
}
 

private OutgoingPushMessageList getEncryptedMessages(PushServiceSocket            socket,
                                                     SignalServiceAddress         recipient,
                                                     Optional<UnidentifiedAccess> unidentifiedAccess,
                                                     long                         timestamp,
                                                     byte[]                       plaintext,
                                                     boolean                      online)
    throws IOException, InvalidKeyException, UntrustedIdentityException
{
  List<OutgoingPushMessage> messages = new LinkedList<>();

  if (!recipient.matches(localAddress) || unidentifiedAccess.isPresent()) {
    messages.add(getEncryptedMessage(socket, recipient, unidentifiedAccess, SignalServiceAddress.DEFAULT_DEVICE_ID, plaintext));
  }

  for (int deviceId : store.getSubDeviceSessions(recipient.getIdentifier())) {
    if (store.containsSession(new SignalProtocolAddress(recipient.getIdentifier(), deviceId))) {
      messages.add(getEncryptedMessage(socket, recipient, unidentifiedAccess, deviceId, plaintext));
    }
  }

  return new OutgoingPushMessageList(recipient.getIdentifier(), timestamp, messages, online);
}
 

public byte[] encrypt(ProvisionMessage message) throws InvalidKeyException {
  ECKeyPair ourKeyPair    = Curve.generateKeyPair();
  byte[]    sharedSecret  = Curve.calculateAgreement(theirPublicKey, ourKeyPair.getPrivateKey());
  byte[]    derivedSecret = new HKDFv3().deriveSecrets(sharedSecret, "TextSecure Provisioning Message".getBytes(), 64);
  byte[][]  parts         = Util.split(derivedSecret, 32, 32);

  byte[] version    = {0x01};
  byte[] ciphertext = getCiphertext(parts[0], message.toByteArray());
  byte[] mac        = getMac(parts[1], Util.join(version, ciphertext));
  byte[] body       = Util.join(version, ciphertext, mac);

  return ProvisionEnvelope.newBuilder()
                          .setPublicKey(ByteString.copyFrom(ourKeyPair.getPublicKey().serialize()))
                          .setBody(ByteString.copyFrom(body))
                          .build()
                          .toByteArray();
}
 

/**
 * Initiate a new session by sending an initial KeyExchangeMessage to the recipient.
 *
 * @return the KeyExchangeMessage to deliver.
 */
public KeyExchangeMessage process() {
  synchronized (SessionCipher.SESSION_LOCK) {
    try {
      int             sequence         = KeyHelper.getRandomSequence(65534) + 1;
      int             flags            = KeyExchangeMessage.INITIATE_FLAG;
      ECKeyPair       baseKey          = Curve.generateKeyPair();
      ECKeyPair       ratchetKey       = Curve.generateKeyPair();
      IdentityKeyPair identityKey      = identityKeyStore.getIdentityKeyPair();
      byte[]          baseKeySignature = Curve.calculateSignature(identityKey.getPrivateKey(), baseKey.getPublicKey().serialize());
      SessionRecord   sessionRecord    = sessionStore.loadSession(remoteAddress);

      sessionRecord.getSessionState().setPendingKeyExchange(sequence, baseKey, ratchetKey, identityKey);
      sessionStore.storeSession(remoteAddress, sessionRecord);

      return new KeyExchangeMessage(CiphertextMessage.CURRENT_VERSION,
                                    sequence, flags, baseKey.getPublicKey(), baseKeySignature,
                                    ratchetKey.getPublicKey(), identityKey.getPublicKey());
    } catch (InvalidKeyException e) {
      throw new AssertionError(e);
    }
  }
}
 

public Optional<SignalStorageManifest> getStorageManifest(StorageKey storageKey) throws IOException {
  try {
    String          authToken       = this.pushServiceSocket.getStorageAuth();
    StorageManifest storageManifest = this.pushServiceSocket.getStorageManifest(authToken);

    return Optional.of(SignalStorageModels.remoteToLocalStorageManifest(storageManifest, storageKey));
  } catch (InvalidKeyException | NotFoundException e) {
    Log.w(TAG, "Error while fetching manifest.", e);
    return Optional.absent();
  }
}
 

public static AsymmetricMasterSecret getAsymmetricMasterSecret(Context context,
                                                               MasterSecret masterSecret)
{
  try {
    byte[] djbPublicBytes   = retrieve(context, ASYMMETRIC_LOCAL_PUBLIC_DJB);
    byte[] djbPrivateBytes  = retrieve(context, ASYMMETRIC_LOCAL_PRIVATE_DJB);

    ECPublicKey  djbPublicKey  = null;
    ECPrivateKey djbPrivateKey = null;

    if (djbPublicBytes != null) {
      djbPublicKey = Curve.decodePoint(djbPublicBytes, 0);
    }

    if (masterSecret != null) {
      MasterCipher masterCipher = new MasterCipher(masterSecret);

      if (djbPrivateBytes != null) {
        djbPrivateKey = masterCipher.decryptKey(djbPrivateBytes);
      }
    }

    return new AsymmetricMasterSecret(djbPublicKey, djbPrivateKey);
  } catch (InvalidKeyException | IOException ike) {
    throw new AssertionError(ike);
  }
}
 

public List<SignalStorageRecord> readStorageRecords(StorageKey storageKey, List<StorageId> storageKeys) throws IOException, InvalidKeyException {
  if (storageKeys.isEmpty()) {
    return Collections.emptyList();
  }

  List<SignalStorageRecord> result    = new ArrayList<>();
  ReadOperation.Builder     operation = ReadOperation.newBuilder();
  Map<ByteString, Integer>  typeMap   = new HashMap<>();

  for (StorageId key : storageKeys) {
    typeMap.put(ByteString.copyFrom(key.getRaw()), key.getType());

    if (StorageId.isKnownType(key.getType())) {
      operation.addReadKey(ByteString.copyFrom(key.getRaw()));
    } else {
      result.add(SignalStorageRecord.forUnknown(key));
    }
  }

  String       authToken = this.pushServiceSocket.getStorageAuth();
  StorageItems items     = this.pushServiceSocket.readStorageItems(authToken, operation.build());

  if (items.getItemsCount() != storageKeys.size()) {
    Log.w(TAG, "Failed to find all remote keys! Requested: " + storageKeys.size() + ", Found: " + items.getItemsCount());
  }

  for (StorageItem item : items.getItemsList()) {
    Integer type = typeMap.get(item.getKey());
    if (type != null) {
      result.add(SignalStorageModels.remoteToLocalStorageRecord(item, type, storageKey));
    } else {
      Log.w(TAG, "No type found! Skipping.");
    }
  }

  return result;
}
 

/**
 * @return If there was a conflict, the latest {@link SignalStorageManifest}. Otherwise absent.
 */
public Optional<SignalStorageManifest> writeStorageRecords(StorageKey storageKey,
                                                           SignalStorageManifest manifest,
                                                           List<SignalStorageRecord> inserts,
                                                           List<byte[]> deletes)
    throws IOException, InvalidKeyException
{
  return writeStorageRecords(storageKey, manifest, inserts, deletes, false);
}
 

public void addDevice(String deviceIdentifier,
                      ECPublicKey deviceKey,
                      IdentityKeyPair identityKeyPair,
                      Optional<byte[]> profileKey,
                      String code)
    throws InvalidKeyException, IOException
{
  ProvisioningCipher       cipher  = new ProvisioningCipher(deviceKey);
  ProvisionMessage.Builder message = ProvisionMessage.newBuilder()
                                                     .setIdentityKeyPublic(ByteString.copyFrom(identityKeyPair.getPublicKey().serialize()))
                                                     .setIdentityKeyPrivate(ByteString.copyFrom(identityKeyPair.getPrivateKey().serialize()))
                                                     .setProvisioningCode(code)
                                                     .setProvisioningVersion(ProvisioningVersion.CURRENT_VALUE);

  String e164 = credentials.getE164();
  UUID   uuid = credentials.getUuid();

  if (e164 != null) {
    message.setNumber(e164);
  } else {
    throw new AssertionError("Missing phone number!");
  }

  if (uuid != null) {
    message.setUuid(uuid.toString());
  } else {
    Log.w(TAG, "[addDevice] Missing UUID.");
  }

  if (profileKey.isPresent()) {
    message.setProfileKey(ByteString.copyFrom(profileKey.get()));
  }

  byte[] ciphertext = cipher.encrypt(message.build());
  this.pushServiceSocket.sendProvisioningMessage(deviceIdentifier, ciphertext);
}
 

public static byte[] encrypt(StorageCipherKey key, byte[] data) {
  try {
    Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
    byte[] iv     = Util.getSecretBytes(IV_LENGTH);

    cipher.init(Cipher.ENCRYPT_MODE, new SecretKeySpec(key.serialize(), "AES"), new GCMParameterSpec(128, iv));
    byte[] ciphertext = cipher.doFinal(data);

    return Util.join(iv, ciphertext);
  } catch (NoSuchAlgorithmException | java.security.InvalidKeyException | InvalidAlgorithmParameterException | NoSuchPaddingException | BadPaddingException | IllegalBlockSizeException  e) {
    throw new AssertionError(e);
  }
}
 

public static SignalStorageManifest remoteToLocalStorageManifest(StorageManifest manifest, StorageKey storageKey) throws IOException, InvalidKeyException {
  byte[]          rawRecord      = SignalStorageCipher.decrypt(storageKey.deriveManifestKey(manifest.getVersion()), manifest.getValue().toByteArray());
  ManifestRecord  manifestRecord = ManifestRecord.parseFrom(rawRecord);
  List<StorageId> ids            = new ArrayList<>(manifestRecord.getIdentifiersCount());

  for (ManifestRecord.Identifier id : manifestRecord.getIdentifiersList()) {
    ids.add(StorageId.forType(id.getRaw().toByteArray(), id.getType().getNumber()));
  }

  return new SignalStorageManifest(manifestRecord.getVersion(), ids);
}
 

@Override
public ECPublicKey deserialize(JsonParser p, DeserializationContext ctxt) throws IOException {
  try {
    return Curve.decodePoint(Base64.decodeWithoutPadding(p.getValueAsString()), 0);
  } catch (InvalidKeyException e) {
    throw new IOException(e);
  }
}