Avoid some 401 errors during story sends.

2025-12-24 21:15:48 +00:00 · 2023-05-11 16:54:57 -04:00
parent 3b5a3eccfe
commit 387f18be98
4 changed files with 47 additions and 18 deletions
--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/api/SignalServiceMessageSender.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/api/SignalServiceMessageSender.java
@@ -2378,9 +2378,15 @@ public class SignalServiceMessageSender {

  private List<PreKeyBundle> getPreKeys(SignalServiceAddress recipient, Optional<UnidentifiedAccess> unidentifiedAccess, int deviceId, boolean story) throws IOException {
    try {
+      // If it's only unrestricted because it's a story send, then we know it'll fail
+      if (story && unidentifiedAccess.isPresent() && unidentifiedAccess.get().isUnrestrictedForStory()) {
+        unidentifiedAccess = Optional.empty();
+      }
+
      return socket.getPreKeys(recipient, unidentifiedAccess, deviceId);
    } catch (NonSuccessfulResponseCodeException e) {
      if (e.getCode() == 401 && story) {
+        Log.d(TAG, "Got 401 when fetching prekey for story. Trying without UD.");
        return socket.getPreKeys(recipient, Optional.empty(), deviceId);
      } else {
        throw e;
--- a/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/UnidentifiedAccess.java
+++ b/libsignal/service/src/main/java/org/whispersystems/signalservice/api/crypto/UnidentifiedAccess.java
@@ -21,12 +21,19 @@ public class UnidentifiedAccess {

  private final byte[]            unidentifiedAccessKey;
  private final SenderCertificate unidentifiedCertificate;
+  private final boolean           isUnrestrictedForStory;

-  public UnidentifiedAccess(byte[] unidentifiedAccessKey, byte[] unidentifiedCertificate)
+  /**
+   * @param isUnrestrictedForStory When sending to a story, we always want to use sealed sender. Receivers will accept it for story messages. However, there are
+   *                               some situations where we need to know if this access key will be correct for non-story purposes. Set this flag to true if
+   *                               the access key is a synthetic one that would only be valid for story messages.
+   */
+  public UnidentifiedAccess(byte[] unidentifiedAccessKey, byte[] unidentifiedCertificate, boolean isUnrestrictedForStory)
      throws InvalidCertificateException
  {
    this.unidentifiedAccessKey   = unidentifiedAccessKey;
    this.unidentifiedCertificate = new SenderCertificate(unidentifiedCertificate);
+    this.isUnrestrictedForStory  = isUnrestrictedForStory;
  }

  public byte[] getUnidentifiedAccessKey() {
@@ -37,6 +44,10 @@ public class UnidentifiedAccess {
    return unidentifiedCertificate;
  }

+  public boolean isUnrestrictedForStory() {
+    return isUnrestrictedForStory;
+  }
+
  public static byte[] deriveAccessKeyFrom(ProfileKey profileKey) {
    try {
      byte[]         nonce  = new byte[12];