Phone number privacy settings and certificate support behind feature flag.

2026-04-24 10:51:27 +01:00 · 2020-09-03 18:35:17 -03:00
parent abd3d4b546
commit 7b24e66ed3
23 changed files with 520 additions and 144 deletions
--- a/app/src/main/java/org/thoughtcrime/securesms/crypto/UnidentifiedAccessUtil.java
+++ b/app/src/main/java/org/thoughtcrime/securesms/crypto/UnidentifiedAccessUtil.java
@@ -2,6 +2,7 @@ package org.thoughtcrime.securesms.crypto;


 import android.content.Context;
+
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
 import androidx.annotation.WorkerThread;
@@ -10,6 +11,9 @@ import org.signal.libsignal.metadata.certificate.CertificateValidator;
 import org.signal.libsignal.metadata.certificate.InvalidCertificateException;
 import org.signal.zkgroup.profiles.ProfileKey;
 import org.thoughtcrime.securesms.BuildConfig;
+import org.thoughtcrime.securesms.keyvalue.CertificateType;
+import org.thoughtcrime.securesms.keyvalue.PhoneNumberPrivacyValues;
+import org.thoughtcrime.securesms.keyvalue.SignalStore;
 import org.thoughtcrime.securesms.logging.Log;
 import org.thoughtcrime.securesms.recipients.Recipient;
 import org.thoughtcrime.securesms.util.Base64;
@@ -44,21 +48,17 @@ public class UnidentifiedAccessUtil {
    try {
      byte[] theirUnidentifiedAccessKey       = getTargetUnidentifiedAccessKey(recipient);
      byte[] ourUnidentifiedAccessKey         = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
-      byte[] ourUnidentifiedAccessCertificate = TextSecurePreferences.getUnidentifiedAccessCertificate(context);
+      byte[] ourUnidentifiedAccessCertificate = getUnidentifiedAccessCertificate(recipient);

      if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
        ourUnidentifiedAccessKey = Util.getSecretBytes(16);
      }

      Log.i(TAG, "Their access key present? " + (theirUnidentifiedAccessKey != null) +
-                 " | Our access key present? " + (ourUnidentifiedAccessKey != null) +
                 " | Our certificate present? " + (ourUnidentifiedAccessCertificate != null) +
                 " | UUID certificate supported? " + recipient.isUuidSupported());

-      if (theirUnidentifiedAccessKey != null &&
-          ourUnidentifiedAccessKey != null   &&
-          ourUnidentifiedAccessCertificate != null)
-      {
+      if (theirUnidentifiedAccessKey != null && ourUnidentifiedAccessCertificate != null) {
        return Optional.of(new UnidentifiedAccessPair(new UnidentifiedAccess(theirUnidentifiedAccessKey,
                                                                             ourUnidentifiedAccessCertificate),
                                                      new UnidentifiedAccess(ourUnidentifiedAccessKey,
@@ -75,13 +75,13 @@ public class UnidentifiedAccessUtil {
  public static Optional<UnidentifiedAccessPair> getAccessForSync(@NonNull Context context) {
    try {
      byte[] ourUnidentifiedAccessKey         = UnidentifiedAccess.deriveAccessKeyFrom(ProfileKeyUtil.getSelfProfileKey());
-      byte[] ourUnidentifiedAccessCertificate = TextSecurePreferences.getUnidentifiedAccessCertificate(context);
+      byte[] ourUnidentifiedAccessCertificate = getUnidentifiedAccessCertificate(Recipient.self());

      if (TextSecurePreferences.isUniversalUnidentifiedAccess(context)) {
        ourUnidentifiedAccessKey = Util.getSecretBytes(16);
      }

-      if (ourUnidentifiedAccessKey != null && ourUnidentifiedAccessCertificate != null) {
+      if (ourUnidentifiedAccessCertificate != null) {
        return Optional.of(new UnidentifiedAccessPair(new UnidentifiedAccess(ourUnidentifiedAccessKey,
                                                                             ourUnidentifiedAccessCertificate),
                                                      new UnidentifiedAccess(ourUnidentifiedAccessKey,
@@ -95,6 +95,23 @@ public class UnidentifiedAccessUtil {
    }
  }

+  private static byte[] getUnidentifiedAccessCertificate(@NonNull Recipient recipient) {
+    CertificateType                                 certificateType;
+    PhoneNumberPrivacyValues.PhoneNumberSharingMode sendPhoneNumberTo = SignalStore.phoneNumberPrivacy().getPhoneNumberSharingMode();
+
+    switch (sendPhoneNumberTo) {
+      case EVERYONE: certificateType = CertificateType.UUID_AND_E164; break;
+      case CONTACTS: certificateType = recipient.isSystemContact() ? CertificateType.UUID_AND_E164 : CertificateType.UUID_ONLY; break;
+      case NOBODY  : certificateType = CertificateType.UUID_ONLY; break;
+      default      : throw new AssertionError();
+    }
+
+    Log.i(TAG, String.format("Certificate type for %s with setting %s -> %s", recipient.getId(), sendPhoneNumberTo, certificateType));
+
+    return SignalStore.certificateValues()
+                      .getUnidentifiedAccessCertificate(certificateType);
+  }
+
  private static @Nullable byte[] getTargetUnidentifiedAccessKey(@NonNull Recipient recipient) {
    ProfileKey theirProfileKey = ProfileKeyUtil.profileKeyOrNull(recipient.resolve().getProfileKey());