Add storage capability and return KBS creds on rereg w/ storage set

2026-04-21 02:08:03 +01:00 · 2020-03-24 11:57:09 -07:00
parent bb7433ab40
commit 3c8e7c6c10
9 changed files with 175 additions and 86 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredRegistrationLock.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/StoredRegistrationLock.java
@@ -0,0 +1,59 @@
+package org.whispersystems.textsecuregcm.auth;
+
+import com.google.common.annotations.VisibleForTesting;
+import org.whispersystems.textsecuregcm.util.Util;
+
+import javax.annotation.Nullable;
+import java.security.MessageDigest;
+import java.util.Optional;
+import java.util.concurrent.TimeUnit;
+
+@SuppressWarnings("OptionalUsedAsFieldOrParameterType")
+public class StoredRegistrationLock {
+
+  private final Optional<String> registrationLock;
+
+  private final Optional<String> registrationLockSalt;
+
+  private final Optional<String> deprecatedPin;
+
+  private final long             lastSeen;
+
+  public StoredRegistrationLock(Optional<String> registrationLock, Optional<String> registrationLockSalt, Optional<String> deprecatedPin, long lastSeen) {
+    this.registrationLock     = registrationLock;
+    this.registrationLockSalt = registrationLockSalt;
+    this.deprecatedPin        = deprecatedPin;
+    this.lastSeen             = lastSeen;
+  }
+
+  public boolean requiresClientRegistrationLock() {
+    return ((registrationLock.isPresent() && registrationLockSalt.isPresent())  || deprecatedPin.isPresent()) && System.currentTimeMillis() - lastSeen < TimeUnit.DAYS.toMillis(7);
+  }
+
+  public boolean needsFailureCredentials() {
+    return registrationLock.isPresent() && registrationLockSalt.isPresent();
+  }
+
+  public long getTimeRemaining() {
+    return TimeUnit.DAYS.toMillis(7) - (System.currentTimeMillis() - lastSeen);
+  }
+
+  public boolean verify(@Nullable String clientRegistrationLock, @Nullable String clientDeprecatedPin) {
+    if (Util.isEmpty(clientRegistrationLock) && Util.isEmpty(clientDeprecatedPin)) {
+      return false;
+    }
+
+    if (registrationLock.isPresent() && registrationLockSalt.isPresent() && !Util.isEmpty(clientRegistrationLock)) {
+      return new AuthenticationCredentials(registrationLock.get(), registrationLockSalt.get()).verify(clientRegistrationLock);
+    } else if (deprecatedPin.isPresent() && !Util.isEmpty(clientDeprecatedPin)) {
+      return MessageDigest.isEqual(deprecatedPin.get().getBytes(), clientDeprecatedPin.getBytes());
+    } else {
+      return false;
+    }
+  }
+
+  @VisibleForTesting
+  public StoredRegistrationLock forTime(long timestamp) {
+    return new StoredRegistrationLock(registrationLock, registrationLockSalt, deprecatedPin, timestamp);
+  }
+}