SSK: Update for removal of SMK{Sender,Server}Certificate

This commit is contained in:
Jordan Rose 2020-12-02 15:53:29 -08:00
parent 4219c597b9
commit aeb78527ea
2 changed files with 31 additions and 28 deletions

View File

@ -6,6 +6,7 @@ import Foundation
import PromiseKit
import SignalMetadataKit
import SignalCoreKit
import SignalClient
public enum OWSUDError: Error {
case assertionError(description: String)
@ -67,9 +68,9 @@ public class OWSUDAccess: NSObject {
@objc
public class SenderCertificates: NSObject {
let defaultCert: SMKSenderCertificate
let uuidOnlyCert: SMKSenderCertificate
init(defaultCert: SMKSenderCertificate, uuidOnlyCert: SMKSenderCertificate) {
let defaultCert: SenderCertificate
let uuidOnlyCert: SenderCertificate
init(defaultCert: SenderCertificate, uuidOnlyCert: SenderCertificate) {
self.defaultCert = defaultCert
self.uuidOnlyCert = uuidOnlyCert
}
@ -81,10 +82,9 @@ public class OWSUDSendingAccess: NSObject {
@objc
public let udAccess: OWSUDAccess
@objc
public let senderCertificate: SMKSenderCertificate
public let senderCertificate: SenderCertificate
init(udAccess: OWSUDAccess, senderCertificate: SMKSenderCertificate) {
init(udAccess: OWSUDAccess, senderCertificate: SenderCertificate) {
self.udAccess = udAccess
self.senderCertificate = senderCertificate
}
@ -494,7 +494,7 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
return nil
}
let senderCertificate: SMKSenderCertificate
let senderCertificate: SenderCertificate
switch phoneNumberSharingMode {
case .everybody:
senderCertificate = senderCertificates.defaultCert
@ -521,7 +521,7 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
}
#endif
private func senderCertificate(uuidOnly: Bool, certificateExpirationPolicy: OWSUDCertificateExpirationPolicy) -> SMKSenderCertificate? {
private func senderCertificate(uuidOnly: Bool, certificateExpirationPolicy: OWSUDCertificateExpirationPolicy) -> SenderCertificate? {
var certificateDateValue: Date?
var certificateDataValue: Data?
databaseStorage.read { transaction in
@ -544,7 +544,7 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
}
do {
let certificate = try SMKSenderCertificate(serializedData: certificateData)
let certificate = try SenderCertificate(certificateData)
guard isValidCertificate(certificate) else {
Logger.warn("Current sender certificate is not valid.")
@ -618,7 +618,7 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
}
}
public func ensureSenderCertificate(uuidOnly: Bool, certificateExpirationPolicy: OWSUDCertificateExpirationPolicy) -> Promise<SMKSenderCertificate> {
public func ensureSenderCertificate(uuidOnly: Bool, certificateExpirationPolicy: OWSUDCertificateExpirationPolicy) -> Promise<SenderCertificate> {
// If there is a valid cached sender certificate, use that.
if let certificate = senderCertificate(uuidOnly: uuidOnly, certificateExpirationPolicy: certificateExpirationPolicy) {
return Promise.value(certificate)
@ -626,45 +626,46 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager {
return firstly {
requestSenderCertificate(uuidOnly: uuidOnly)
}.map { (certificate: SMKSenderCertificate) in
self.setSenderCertificate(uuidOnly: uuidOnly, certificateData: certificate.serializedData)
}.map { (certificate: SenderCertificate) in
self.setSenderCertificate(uuidOnly: uuidOnly, certificateData: Data(try! certificate.serialize()))
return certificate
}
}
private func requestSenderCertificate(uuidOnly: Bool) -> Promise<SMKSenderCertificate> {
private func requestSenderCertificate(uuidOnly: Bool) -> Promise<SenderCertificate> {
return firstly {
SignalServiceRestClient().requestUDSenderCertificate(uuidOnly: uuidOnly)
}.map { certificateData -> SMKSenderCertificate in
let certificate = try SMKSenderCertificate(serializedData: certificateData)
}.map { certificateData -> SenderCertificate in
let certificate = try SenderCertificate(certificateData)
guard self.isValidCertificate(certificate) else {
throw OWSUDError.invalidData(description: "Invalid sender certificate returned by server")
}
return certificate
}.recover { error -> Promise<SMKSenderCertificate> in
}.recover { error -> Promise<SenderCertificate> in
throw error
}
}
private func isValidCertificate(_ certificate: SMKSenderCertificate) -> Bool {
guard certificate.senderDeviceId == tsAccountManager.storedDeviceId() else {
private func isValidCertificate(_ certificate: SenderCertificate) -> Bool {
let sender = try! certificate.sender()
guard sender.deviceId == tsAccountManager.storedDeviceId() else {
Logger.warn("Sender certificate has incorrect device ID")
return false
}
guard certificate.senderAddress.e164 == nil || certificate.senderAddress.e164 == tsAccountManager.localNumber else {
guard sender.e164 == nil || sender.e164 == tsAccountManager.localNumber else {
Logger.warn("Sender certificate has incorrect phone number")
return false
}
guard certificate.senderAddress.uuid == nil || certificate.senderAddress.uuid == tsAccountManager.localUuid else {
guard sender.uuidString == nil || sender.uuidString == tsAccountManager.localUuid?.uuidString else {
Logger.warn("Sender certificate has incorrect UUID")
return false
}
guard certificate.senderAddress.uuid != nil || certificate.senderAddress.e164 != nil else {
guard sender.uuidString != nil || sender.e164 != nil else {
Logger.warn("Sender certificate does not have a valid address.")
return false
}

View File

@ -7,6 +7,7 @@ import Foundation
import Curve25519Kit
import SignalCoreKit
import SignalMetadataKit
import SignalClient
@testable import SignalServiceKit
class OWSUDManagerTest: SSKBaseTestSwift {
@ -30,8 +31,8 @@ class OWSUDManagerTest: SSKBaseTestSwift {
let aliceE164 = "+13213214321"
let aliceUuid = UUID()
lazy var aliceAddress = SignalServiceAddress(uuid: aliceUuid, phoneNumber: aliceE164)
lazy var defaultSenderCert = try! SMKSenderCertificate(serializedData: buildSenderCertificateProto(uuidOnly: false).serializedData())
lazy var uuidOnlySenderCert = try! SMKSenderCertificate(serializedData: buildSenderCertificateProto(uuidOnly: true).serializedData())
lazy var defaultSenderCert = try! SenderCertificate(buildSenderCertificateProto(uuidOnly: false).serializedData())
lazy var uuidOnlySenderCert = try! SenderCertificate(buildSenderCertificateProto(uuidOnly: true).serializedData())
override func setUp() {
super.setUp()
@ -47,8 +48,8 @@ class OWSUDManagerTest: SSKBaseTestSwift {
}
udManager.certificateValidator = MockCertificateValidator()
udManager.setSenderCertificate(uuidOnly: true, certificateData: uuidOnlySenderCert.serializedData)
udManager.setSenderCertificate(uuidOnly: false, certificateData: defaultSenderCert.serializedData)
udManager.setSenderCertificate(uuidOnly: true, certificateData: Data(try! uuidOnlySenderCert.serialize()))
udManager.setSenderCertificate(uuidOnly: false, certificateData: Data(try! defaultSenderCert.serialize()))
}
override func tearDown() {
@ -251,7 +252,8 @@ class OWSUDManagerTest: SSKBaseTestSwift {
let sendingAccess = self.udManager.udSendingAccess(forAddress: bobRecipientAddress, requireSyncAccess: false, senderCertificates: senderCertificates)!
XCTAssertEqual(.unknown, sendingAccess.udAccess.udAccessMode)
XCTAssertFalse(sendingAccess.udAccess.isRandomKey)
XCTAssertEqual(sendingAccess.senderCertificate.serializedData, self.defaultSenderCert.serializedData)
XCTAssertEqual(try! sendingAccess.senderCertificate.serialize(),
try! self.defaultSenderCert.serialize())
}
}.done {
completed.fulfill()
@ -297,11 +299,11 @@ class OWSUDManagerTest: SSKBaseTestSwift {
// MARK: -
class MockCertificateValidator: NSObject, SMKCertificateValidator {
@objc public func throwswrapped_validate(senderCertificate: SMKSenderCertificate, validationTime: UInt64) throws {
public func throwswrapped_validate(senderCertificate: SenderCertificate, validationTime: UInt64) throws {
// Do not throw
}
@objc public func throwswrapped_validate(serverCertificate: SMKServerCertificate) throws {
public func throwswrapped_validate(serverCertificate: ServerCertificate) throws {
// Do not throw
}
}