Java Code Examples for org.whispersystems.signalservice.api.crypto.UnidentifiedAccess#deriveAccessKeyFrom()

The following examples show how to use org.whispersystems.signalservice.api.crypto.UnidentifiedAccess#deriveAccessKeyFrom() . These examples are extracted from open source projects. You can vote up the ones you like or vote down the ones you don't like, and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
public static Optional<UnidentifiedAccessPair> getAccessForSync(@NonNull Context context) {
  try {
    byte[] ourUnidentifiedAccessKey         = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
    byte[] ourUnidentifiedAccessCertificate = TextSecurePreferences.getUnidentifiedAccessCertificate(context);

    if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
      ourUnidentifiedAccessKey = Util.getSecretBytes(16);
    }

    if (ourUnidentifiedAccessKey != null && ourUnidentifiedAccessCertificate != null) {
      return Optional.of(new UnidentifiedAccessPair(new UnidentifiedAccess(ourUnidentifiedAccessKey,
                                                                           ourUnidentifiedAccessCertificate),
                                                    new UnidentifiedAccess(ourUnidentifiedAccessKey,
                                                                           ourUnidentifiedAccessCertificate)));
    }

    return Optional.absent();
  } catch (InvalidCertificateException e) {
    Log.w(TAG, e);
    return Optional.absent();
  }
}
 
Example 2
private static @Nullable byte[] getTargetUnidentifiedAccessKey(@NonNull Recipient recipient) {
  ProfileKey theirProfileKey = ProfileKeyUtil.profileKeyOrNull(recipient.resolve().getProfileKey());

  switch (recipient.resolve().getUnidentifiedAccessMode()) {
    case UNKNOWN:
      if (theirProfileKey == null) return Util.getSecretBytes(16);
      else                         return UnidentifiedAccess.deriveAccessKeyFrom(theirProfileKey);
    case DISABLED:
      return null;
    case ENABLED:
      if (theirProfileKey == null) return null;
      else                         return UnidentifiedAccess.deriveAccessKeyFrom(theirProfileKey);
    case UNRESTRICTED:
      return Util.getSecretBytes(16);
    default:
      throw new AssertionError("Unknown mode: " + recipient.getUnidentifiedAccessMode().getMode());
  }
}
 
Example 3
@WorkerThread
public static Optional<UnidentifiedAccessPair> getAccessFor(@NonNull Context context,
                                                            @NonNull Recipient recipient)
{
  try {
    byte[] theirUnidentifiedAccessKey       = getTargetUnidentifiedAccessKey(recipient);
    byte[] ourUnidentifiedAccessKey         = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
    byte[] ourUnidentifiedAccessCertificate = TextSecurePreferences.getUnidentifiedAccessCertificate(context);

    if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
      ourUnidentifiedAccessKey = Util.getSecretBytes(16);
    }

    Log.i(TAG, "Their access key present? " + (theirUnidentifiedAccessKey != null) +
               " | Our access key present? " + (ourUnidentifiedAccessKey != null) +
               " | Our certificate present? " + (ourUnidentifiedAccessCertificate != null) +
               " | UUID certificate supported? " + recipient.isUuidSupported());

    if (theirUnidentifiedAccessKey != null &&
        ourUnidentifiedAccessKey != null   &&
        ourUnidentifiedAccessCertificate != null)
    {
      return Optional.of(new UnidentifiedAccessPair(new UnidentifiedAccess(theirUnidentifiedAccessKey,
                                                                           ourUnidentifiedAccessCertificate),
                                                    new UnidentifiedAccess(ourUnidentifiedAccessKey,
                                                                           ourUnidentifiedAccessCertificate)));
    }

    return Optional.absent();
  } catch (InvalidCertificateException e) {
    Log.w(TAG, e);
    return Optional.absent();
  }
}
 
Example 4
@Override
public void onRun() throws IOException {
  if (!TextSecurePreferences.isPushRegistered(context) || TextSecurePreferences.getLocalNumber(context) == null) {
    Log.w(TAG, "Not yet registered. Skipping.");
    return;
  }

  int       registrationId              = TextSecurePreferences.getLocalRegistrationId(context);
  boolean   fetchesMessages             = TextSecurePreferences.isFcmDisabled(context);
  byte[]    unidentifiedAccessKey       = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
  boolean   universalUnidentifiedAccess = TextSecurePreferences.isUniversalUnidentifiedAccess(context);
  String    registrationLockV1          = null;
  String    registrationLockV2          = null;
  KbsValues kbsValues                   = SignalStore.kbsValues();

  if (kbsValues.isV2RegistrationLockEnabled()) {
    registrationLockV2 = kbsValues.getRegistrationLockToken();
  } else if (TextSecurePreferences.isV1RegistrationLockEnabled(context)) {
    //noinspection deprecation Ok to read here as they have not migrated
    registrationLockV1 = TextSecurePreferences.getDeprecatedV1RegistrationLockPin(context);
  }

  Log.i(TAG, "Calling setAccountAttributes() reglockV1? " + !TextUtils.isEmpty(registrationLockV1) + ", reglockV2? " + !TextUtils.isEmpty(registrationLockV2) + ", pin? " + kbsValues.hasPin());

  SignalServiceAccountManager signalAccountManager = ApplicationDependencies.getSignalServiceAccountManager();
  signalAccountManager.setAccountAttributes(null, registrationId, fetchesMessages,
                                            registrationLockV1, registrationLockV2,
                                            unidentifiedAccessKey, universalUnidentifiedAccess,
                                            AppCapabilities.getCapabilities(kbsValues.hasPin()));
}
 
Example 5
public void verify(String verificationCode) throws IOException {
    String username = prefs.get("LOCAL_USERNAME", null);
    String password = prefs.get("LOCAL_PASSWORD", null);
    logger.info("Verifying user " + username + " with code " + verificationCode + "...");
    String code = verificationCode.replace("-", "");
    int registrationId = KeyHelper.generateRegistrationId(false);
    prefs.putInt("REGISTRATION_ID", registrationId);
    byte[] profileKey = Util.getSecretBytes(32);
    byte[] unidentifiedAccessKey = UnidentifiedAccess.deriveAccessKeyFrom(profileKey);
    accountManager = new SignalServiceAccountManager(config, username, password, USER_AGENT);
    accountManager.verifyAccountWithCode(code, null, registrationId, true, null, unidentifiedAccessKey, false);
}
 
Example 6
private static void verifyAccount(@NonNull Context context,
                                  @NonNull Credentials credentials,
                                  @NonNull String code,
                                  @Nullable String pin,
                                  @Nullable TokenResponse kbsTokenResponse,
                                  @Nullable String kbsStorageCredentials,
                                  @Nullable String fcmToken)
  throws IOException, KeyBackupSystemWrongPinException, KeyBackupSystemNoDataException
{
  boolean    isV2RegistrationLock        = kbsTokenResponse != null;
  int        registrationId              = KeyHelper.generateRegistrationId(false);
  boolean    universalUnidentifiedAccess = TextSecurePreferences.isUniversalUnidentifiedAccess(context);
  ProfileKey profileKey                  = findExistingProfileKey(context, credentials.getE164number());

  if (profileKey == null) {
    profileKey = ProfileKeyUtil.createNew();
    Log.i(TAG, "No profile key found, created a new one");
  }

  byte[] unidentifiedAccessKey = UnidentifiedAccess.deriveAccessKeyFrom(profileKey);

  TextSecurePreferences.setLocalRegistrationId(context, registrationId);
  SessionUtil.archiveAllSessions(context);

  SignalServiceAccountManager accountManager     = AccountManagerFactory.createUnauthenticated(context, credentials.getE164number(), credentials.getPassword());
  KbsPinData                  kbsData            = isV2RegistrationLock ? PinState.restoreMasterKey(pin, kbsStorageCredentials, kbsTokenResponse) : null;
  String                      registrationLockV2 = kbsData != null ? kbsData.getMasterKey().deriveRegistrationLock() : null;
  String                      registrationLockV1 = isV2RegistrationLock ? null : pin;
  boolean                     hasFcm             = fcmToken != null;

  Log.i(TAG, "Calling verifyAccountWithCode(): reglockV1? " + !TextUtils.isEmpty(registrationLockV1) + ", reglockV2? " + !TextUtils.isEmpty(registrationLockV2));

  VerifyAccountResponse response = accountManager.verifyAccountWithCode(code,
                                                                        null,
                                                                        registrationId,
                                                                        !hasFcm,
                                                                        registrationLockV1,
                                                                        registrationLockV2,
                                                                        unidentifiedAccessKey,
                                                                        universalUnidentifiedAccess,
                                                                        AppCapabilities.getCapabilities(true));

  UUID    uuid   = UuidUtil.parseOrThrow(response.getUuid());
  boolean hasPin = response.isStorageCapable();

  IdentityKeyPair    identityKey  = IdentityKeyUtil.getIdentityKeyPair(context);
  List<PreKeyRecord> records      = PreKeyUtil.generatePreKeys(context);
  SignedPreKeyRecord signedPreKey = PreKeyUtil.generateSignedPreKey(context, identityKey, true);

  accountManager = AccountManagerFactory.createAuthenticated(context, uuid, credentials.getE164number(), credentials.getPassword());
  accountManager.setPreKeys(identityKey.getPublicKey(), signedPreKey, records);

  if (hasFcm) {
    accountManager.setGcmId(Optional.fromNullable(fcmToken));
  }

  RecipientDatabase recipientDatabase = DatabaseFactory.getRecipientDatabase(context);
  RecipientId       selfId            = recipientDatabase.getOrInsertFromE164(credentials.getE164number());

  recipientDatabase.setProfileSharing(selfId, true);
  recipientDatabase.markRegistered(selfId, uuid);

  TextSecurePreferences.setLocalNumber(context, credentials.getE164number());
  TextSecurePreferences.setLocalUuid(context, uuid);
  recipientDatabase.setProfileKey(selfId, profileKey);
  ApplicationDependencies.getRecipientCache().clearSelf();

  TextSecurePreferences.setFcmToken(context, fcmToken);
  TextSecurePreferences.setFcmDisabled(context, !hasFcm);
  TextSecurePreferences.setWebsocketRegistered(context, true);

  DatabaseFactory.getIdentityDatabase(context)
                 .saveIdentity(selfId,
                               identityKey.getPublicKey(), IdentityDatabase.VerifiedStatus.VERIFIED,
                               true, System.currentTimeMillis(), true);

  TextSecurePreferences.setVerifying(context, false);
  TextSecurePreferences.setPushRegistered(context, true);
  TextSecurePreferences.setPushServerPassword(context, credentials.getPassword());
  TextSecurePreferences.setSignedPreKeyRegistered(context, true);
  TextSecurePreferences.setPromptedPushRegistration(context, true);
  TextSecurePreferences.setUnauthorizedReceived(context, false);

  PinState.onRegistration(context, kbsData, pin, hasPin);
}
 
Example 7
Source Project: signal-cli   File: Manager.java    License: GNU General Public License v3.0 4 votes vote down vote up
private byte[] getSelfUnidentifiedAccessKey() {
    return UnidentifiedAccess.deriveAccessKeyFrom(account.getProfileKey());
}