Bump version to 4.30.8

Originally from 47a10a028.

This migration has already been released to beta, and therefore needs to
continue to exist.

build.gradle

@@ -281,8 +281,8 @@ android {
     }
 
     defaultConfig {
-        versionCode 429
-        versionName "4.30.7"
+        versionCode 431
+        versionName "4.30.8"
 
         minSdkVersion 14
         targetSdkVersion 26

src/org/thoughtcrime/securesms/database/helpers/SQLCipherOpenHelper.java

@@ -57,8 +57,9 @@ public class SQLCipherOpenHelper extends SQLiteOpenHelper {
   private static final int QUOTE_MISSING                    = 11;
   private static final int NOTIFICATION_CHANNELS            = 12;
   private static final int SECRET_SENDER                    = 13;
+  private static final int ATTACHMENT_CAPTIONS              = 14;
 
-  private static final int    DATABASE_VERSION = 13;
+  private static final int    DATABASE_VERSION = 14;
   private static final String DATABASE_NAME    = "signal.db";
 
   private final Context        context;
@@ -294,6 +295,10 @@ public class SQLCipherOpenHelper extends SQLiteOpenHelper {
         db.execSQL("ALTER TABLE sms ADD COLUMN unidentified INTEGER DEFAULT 0");
       }
 
+      if (oldVersion < ATTACHMENT_CAPTIONS) {
+        db.execSQL("ALTER TABLE part ADD COLUMN caption TEXT DEFAULT NULL");
+      }
+
       db.setTransactionSuccessful();
     } finally {
       db.endTransaction();

src/org/thoughtcrime/securesms/jobs/PushGroupSendJob.java

@@ -205,6 +205,8 @@ public class PushGroupSendJob extends PushSendJob implements InjectableType {
       throws IOException, RecipientFormattingException, InvalidNumberException,
              UndeliverableMessageException, UntrustedIdentityException
   {
+    rotateSenderCertificateIfNecessary();
+
     String                        groupId           = message.getRecipient().getAddress().toGroupString();
     Optional<byte[]>              profileKey        = getProfileKey(message.getRecipient());
     MediaConstraints              mediaConstraints  = MediaConstraints.getPushMediaConstraints();

src/org/thoughtcrime/securesms/jobs/PushMediaSendJob.java

@@ -158,6 +158,8 @@ public class PushMediaSendJob extends PushSendJob implements InjectableType {
     }
 
     try {
+      rotateSenderCertificateIfNecessary();
+
       SignalServiceAddress                     address           = getPushAddress(message.getRecipient().getAddress());
       MediaConstraints                         mediaConstraints  = MediaConstraints.getPushMediaConstraints();
       List<Attachment>                         scaledAttachments = scaleAndStripExifFromAttachments(mediaConstraints, message.getAttachments());

src/org/thoughtcrime/securesms/jobs/PushSendJob.java

@@ -4,6 +4,8 @@ import android.content.Context;
 import android.support.annotation.NonNull;
 
 import org.greenrobot.eventbus.EventBus;
+import org.signal.libsignal.metadata.certificate.InvalidCertificateException;
+import org.signal.libsignal.metadata.certificate.SenderCertificate;
 import org.thoughtcrime.securesms.ApplicationContext;
 import org.thoughtcrime.securesms.TextSecureExpiredException;
 import org.thoughtcrime.securesms.attachments.Attachment;
@@ -40,8 +42,9 @@ import java.util.concurrent.TimeUnit;
 
 public abstract class PushSendJob extends SendJob {
 
-  private static final long   serialVersionUID = 5906098204770900739L;
-  private static final String TAG              = PushSendJob.class.getSimpleName();
+  private static final long   serialVersionUID              = 5906098204770900739L;
+  private static final String TAG                           = PushSendJob.class.getSimpleName();
+  private static final long   CERTIFICATE_EXPIRATION_BUFFER = TimeUnit.SECONDS.toMillis(30);
 
   protected PushSendJob(Context context, JobParameters parameters) {
     super(context, parameters);
@@ -198,5 +201,23 @@ public abstract class PushSendJob extends SendJob {
     return sharedContacts;
   }
 
+  protected void rotateSenderCertificateIfNecessary() throws IOException {
+    try {
+      SenderCertificate certificate = new SenderCertificate(TextSecurePreferences.getUnidentifiedAccessCertificate(context));
+
+      if (System.currentTimeMillis() > (certificate.getExpiration() - CERTIFICATE_EXPIRATION_BUFFER)) {
+        throw new InvalidCertificateException("Certificate is expired.");
+      }
+
+      Log.d(TAG, "Certificate is valid.");
+    } catch (InvalidCertificateException e) {
+      Log.w(TAG, "Certificate was invalid at send time. Fetching a new one.", e);
+      RotateCertificateJob certificateJob = new RotateCertificateJob();
+      ApplicationContext.getInstance(context).injectDependencies(certificateJob);
+      certificateJob.setContext(context);
+      certificateJob.onRun();
+    }
+  }
+
   protected abstract void onPushSend() throws Exception;
 }

src/org/thoughtcrime/securesms/jobs/PushTextSendJob.java

@@ -151,6 +151,8 @@ public class PushTextSendJob extends PushSendJob implements InjectableType {
       throws UntrustedIdentityException, InsecureFallbackApprovalException, RetryLaterException
   {
     try {
+      rotateSenderCertificateIfNecessary();
+
       SignalServiceAddress             address            = getPushAddress(message.getIndividualRecipient().getAddress());
       Optional<byte[]>                 profileKey         = getProfileKey(message.getIndividualRecipient());
       Optional<UnidentifiedAccessPair> unidentifiedAccess = UnidentifiedAccessUtil.getAccessFor(context, message.getIndividualRecipient());

src/org/thoughtcrime/securesms/jobs/RotateCertificateJob.java

@@ -55,8 +55,10 @@ public class RotateCertificateJob extends ContextJob implements InjectableType {
 
   @Override
   public void onRun() throws IOException {
-    byte[] certificate = accountManager.getSenderCertificate();
-    TextSecurePreferences.setUnidentifiedAccessCertificate(context, certificate);
+    synchronized (RotateCertificateJob.class) {
+      byte[] certificate = accountManager.getSenderCertificate();
+      TextSecurePreferences.setUnidentifiedAccessCertificate(context, certificate);
+    }
   }
 
   @Override