Signal/Signal-Server
1
0
Fork 0
mirror of https://github.com/signalapp/Signal-Server synced 2026-04-20 08:40:16 +01:00
Code Issues Packages Projects Releases Wiki Activity

Make UUID in sealed sender certificate optional for buggy clients

Browse Source
This commit is contained in:
Moxie Marlinspike
2019-07-11 19:14:39 -07:00
parent 07822b371f
commit 79f2efdfd9
3 changed files with 47 additions and 13 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
service/src/main/java/org/whispersystems/textsecuregcm/auth/CertificateGenerator.java
View File

@@ -28,18 +28,20 @@ public class CertificateGenerator {
this.serverCertificate = ServerCertificate.parseFrom(serverCertificate);
}
public byte[] createFor(Account account, Device device) throws IOException, InvalidKeyException {
byte[] certificate = SenderCertificate.Certificate.newBuilder()
.setSender(account.getNumber())
.setSenderUuid(account.getUuid().toString())
.setSenderDevice(Math.toIntExact(device.getId()))
.setExpires(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(expiresDays))
.setIdentityKey(ByteString.copyFrom(Base64.decode(account.getIdentityKey())))
.setSigner(serverCertificate)
.build()
.toByteArray();
public byte[] createFor(Account account, Device device, boolean includeUuid) throws IOException, InvalidKeyException {
SenderCertificate.Certificate.Builder builder = SenderCertificate.Certificate.newBuilder()
.setSender(account.getNumber())
.setSenderDevice(Math.toIntExact(device.getId()))
.setExpires(System.currentTimeMillis() + TimeUnit.DAYS.toMillis(expiresDays))
.setIdentityKey(ByteString.copyFrom(Base64.decode(account.getIdentityKey())))
.setSigner(serverCertificate);
byte[] signature = Curve.calculateSignature(privateKey, certificate);
if (includeUuid) {
builder.setSenderUuid(account.getUuid().toString());
}
byte[] certificate = builder.build().toByteArray();
byte[] signature = Curve.calculateSignature(privateKey, certificate);
return SenderCertificate.newBuilder()
.setCertificate(ByteString.copyFrom(certificate))

10
service/src/main/java/org/whispersystems/textsecuregcm/controllers/CertificateController.java
View File

@@ -11,14 +11,17 @@ import org.whispersystems.textsecuregcm.util.Util;
import javax.ws.rs.GET;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.QueryParam;
import javax.ws.rs.WebApplicationException;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.Response;
import java.io.IOException;
import java.security.InvalidKeyException;
import java.util.Optional;
import io.dropwizard.auth.Auth;
@SuppressWarnings("OptionalUsedAsFieldOrParameterType")
@Path("/v1/certificate")
public class CertificateController {
@@ -34,14 +37,17 @@ public class CertificateController {
@GET
@Produces(MediaType.APPLICATION_JSON)
@Path("/delivery")
public DeliveryCertificate getDeliveryCertificate(@Auth Account account) throws IOException, InvalidKeyException {
public DeliveryCertificate getDeliveryCertificate(@Auth Account account,
@QueryParam("includeUuid") Optional<Boolean> includeUuid)
throws IOException, InvalidKeyException
{
if (!account.getAuthenticatedDevice().isPresent()) throw new AssertionError();
if (Util.isEmpty(account.getIdentityKey())) {
throw new WebApplicationException(Response.Status.BAD_REQUEST);
}
return new DeliveryCertificate(certificateGenerator.createFor(account, account.getAuthenticatedDevice().get()));
return new DeliveryCertificate(certificateGenerator.createFor(account, account.getAuthenticatedDevice().get(), includeUuid.orElse(false)));
}
}