From 3edf3ed19986e7dc5d96454cae71020548473754 Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Mon, 19 Nov 2018 15:57:25 -0500 Subject: [PATCH 1/6] Don't use UD for "self" profile fetches. --- SignalMessaging/profiles/ProfileFetcherJob.swift | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/SignalMessaging/profiles/ProfileFetcherJob.swift b/SignalMessaging/profiles/ProfileFetcherJob.swift index 1261b3b0e..fae0485e5 100644 --- a/SignalMessaging/profiles/ProfileFetcherJob.swift +++ b/SignalMessaging/profiles/ProfileFetcherJob.swift @@ -62,6 +62,10 @@ public class ProfileFetcherJob: NSObject { return SignalServiceRestClient() } + private var tsAccountManager: TSAccountManager { + return SSKEnvironment.shared.tsAccountManager + } + // MARK: - public func run(recipientIds: [String]) { @@ -135,8 +139,13 @@ public class ProfileFetcherJob: NSObject { Logger.error("getProfile: \(recipientId)") - let udAccess = udManager.udAccess(forRecipientId: recipientId, - requireSyncAccess: false) + // Don't use UD for "self" profile fetches. + var udAccess: OWSUDAccess? + if recipientId != tsAccountManager.localNumber() { + udAccess = udManager.udAccess(forRecipientId: recipientId, + requireSyncAccess: false) + } + return requestProfile(recipientId: recipientId, udAccess: udAccess, canFailoverUDAuth: true) From 4ce0b68a8614fb7a7154cd42b0eccee6271caa78 Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Mon, 19 Nov 2018 16:04:09 -0500 Subject: [PATCH 2/6] Discard sender certificates after 24 hours. --- .../src/Messages/UD/OWSUDManager.swift | 32 +++++++++++++++++++ 1 file changed, 32 insertions(+) diff --git a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift index fbe0b3aa5..4a821ff48 100644 --- a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift +++ b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift @@ -104,6 +104,8 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { private let kUDCollection = "kUDCollection" private let kUDCurrentSenderCertificateKey_Production = "kUDCurrentSenderCertificateKey_Production" private let kUDCurrentSenderCertificateKey_Staging = "kUDCurrentSenderCertificateKey_Staging" + private let kUDCurrentSenderCertificateDateKey_Production = "kUDCurrentSenderCertificateDateKey_Production" + private let kUDCurrentSenderCertificateDateKey_Staging = "kUDCurrentSenderCertificateDateKey_Staging" private let kUDUnrestrictedAccessKey = "kUDUnrestrictedAccessKey" // MARK: Recipient State @@ -134,6 +136,10 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { selector: #selector(registrationStateDidChange), name: .RegistrationStateDidChange, object: nil) + NotificationCenter.default.addObserver(self, + selector: #selector(didBecomeActive), + name: NSNotification.Name.OWSApplicationDidBecomeActive, + object: nil) } @objc @@ -144,6 +150,19 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { ensureSenderCertificate().retainUntilComplete() } + @objc func didBecomeActive() { + AssertIsOnMainThread() + + AppReadiness.runNowOrWhenAppDidBecomeReady { + guard TSAccountManager.isRegistered() else { + return + } + + // Any error is silently ignored on startup. + self.ensureSenderCertificate().retainUntilComplete() + } + } + // MARK: - @objc @@ -313,6 +332,14 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { #endif private func senderCertificate() -> SMKSenderCertificate? { + guard let certificateDate = dbConnection.object(forKey: senderCertificateDateKey(), inCollection: kUDCollection) as? Date else { + return nil + } + guard certificateDate.timeIntervalSinceNow < kDayInterval else { + // Discard certificates that we obtained more than 24 hours ago. + return nil + } + guard let certificateData = dbConnection.object(forKey: senderCertificateKey(), inCollection: kUDCollection) as? Data else { return nil } @@ -333,6 +360,7 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { } func setSenderCertificate(_ certificateData: Data) { + dbConnection.setObject(Date(), forKey: senderCertificateDateKey(), inCollection: kUDCollection) dbConnection.setObject(certificateData, forKey: senderCertificateKey(), inCollection: kUDCollection) } @@ -340,6 +368,10 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { return IsUsingProductionService() ? kUDCurrentSenderCertificateKey_Production : kUDCurrentSenderCertificateKey_Staging } + private func senderCertificateDateKey() -> String { + return IsUsingProductionService() ? kUDCurrentSenderCertificateDateKey_Production : kUDCurrentSenderCertificateDateKey_Staging + } + @objc public func ensureSenderCertificate(success:@escaping (SMKSenderCertificate) -> Void, failure:@escaping (Error) -> Void) { From 4126b35a2782074a9bb7bbfa199f002e111db6b6 Mon Sep 17 00:00:00 2001 From: Matthew Chen Date: Mon, 26 Nov 2018 09:42:41 -0500 Subject: [PATCH 3/6] Respond to CR. --- .../src/Messages/UD/OWSUDManager.swift | 49 +++++++++++++------ 1 file changed, 35 insertions(+), 14 deletions(-) diff --git a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift index 4a821ff48..0a01222a6 100644 --- a/SignalServiceKit/src/Messages/UD/OWSUDManager.swift +++ b/SignalServiceKit/src/Messages/UD/OWSUDManager.swift @@ -12,6 +12,15 @@ public enum OWSUDError: Error { case invalidData(description: String) } +@objc +public enum OWSUDCertificateExpirationPolicy: Int { + // We want to try to rotate the sender certificate + // on a frequent basis, but we don't want to block + // sending on this. + case strict + case permissive +} + @objc public enum UnidentifiedAccessMode: Int { case unknown @@ -130,7 +139,7 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { } // Any error is silently ignored on startup. - self.ensureSenderCertificate().retainUntilComplete() + self.ensureSenderCertificate(certificateExpirationPolicy: .strict).retainUntilComplete() } NotificationCenter.default.addObserver(self, selector: #selector(registrationStateDidChange), @@ -147,7 +156,7 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { AssertIsOnMainThread() // Any error is silently ignored - ensureSenderCertificate().retainUntilComplete() + ensureSenderCertificate(certificateExpirationPolicy: .strict).retainUntilComplete() } @objc func didBecomeActive() { @@ -159,7 +168,7 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { } // Any error is silently ignored on startup. - self.ensureSenderCertificate().retainUntilComplete() + self.ensureSenderCertificate(certificateExpirationPolicy: .strict).retainUntilComplete() } } @@ -327,17 +336,19 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { #if DEBUG @objc public func hasSenderCertificate() -> Bool { - return senderCertificate() != nil + return senderCertificate(certificateExpirationPolicy: .permissive) != nil } #endif - private func senderCertificate() -> SMKSenderCertificate? { - guard let certificateDate = dbConnection.object(forKey: senderCertificateDateKey(), inCollection: kUDCollection) as? Date else { - return nil - } - guard certificateDate.timeIntervalSinceNow < kDayInterval else { - // Discard certificates that we obtained more than 24 hours ago. - return nil + private func senderCertificate(certificateExpirationPolicy: OWSUDCertificateExpirationPolicy) -> SMKSenderCertificate? { + if certificateExpirationPolicy == .strict { + guard let certificateDate = dbConnection.object(forKey: senderCertificateDateKey(), inCollection: kUDCollection) as? Date else { + return nil + } + guard certificateDate.timeIntervalSinceNow < kDayInterval else { + // Discard certificates that we obtained more than 24 hours ago. + return nil + } } guard let certificateData = dbConnection.object(forKey: senderCertificateKey(), inCollection: kUDCollection) as? Data else { @@ -375,8 +386,16 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { @objc public func ensureSenderCertificate(success:@escaping (SMKSenderCertificate) -> Void, failure:@escaping (Error) -> Void) { + return ensureSenderCertificate(certificateExpirationPolicy: .permissive, + success: success, + failure: failure) + } + + private func ensureSenderCertificate(certificateExpirationPolicy: OWSUDCertificateExpirationPolicy, + success:@escaping (SMKSenderCertificate) -> Void, + failure:@escaping (Error) -> Void) { firstly { - ensureSenderCertificate() + ensureSenderCertificate(certificateExpirationPolicy: certificateExpirationPolicy) }.map { certificate in success(certificate) }.catch { error in @@ -384,9 +403,11 @@ public class OWSUDManagerImpl: NSObject, OWSUDManager { }.retainUntilComplete() } - public func ensureSenderCertificate() -> Promise { + public func ensureSenderCertificate(certificateExpirationPolicy: OWSUDCertificateExpirationPolicy) -> Promise { // If there is a valid cached sender certificate, use that. - if let certificate = senderCertificate() { + // + // NOTE: We use a "strict" expiration policy. + if let certificate = senderCertificate(certificateExpirationPolicy: certificateExpirationPolicy) { return Promise.value(certificate) } From 24a19eaaca9593c82c24b83b6869765605abf953 Mon Sep 17 00:00:00 2001 From: Michael Kirk Date: Wed, 28 Nov 2018 21:49:49 -0700 Subject: [PATCH 4/6] update REST endpoint ack url --- Signal/src/Jobs/MessageFetcherJob.swift | 4 ++-- SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h | 3 +-- SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m | 4 +--- 3 files changed, 4 insertions(+), 7 deletions(-) diff --git a/Signal/src/Jobs/MessageFetcherJob.swift b/Signal/src/Jobs/MessageFetcherJob.swift index a6ab01294..6fd5c4e92 100644 --- a/Signal/src/Jobs/MessageFetcherJob.swift +++ b/Signal/src/Jobs/MessageFetcherJob.swift @@ -198,8 +198,8 @@ private private func acknowledgeDelivery(envelope: SSKProtoEnvelope) { let request: TSRequest - if let serverGuid = envelope.serverGuid, envelope.hasServerTimestamp, serverGuid.count > 0, envelope.serverTimestamp > 0 { - request = OWSRequestFactory.acknowledgeMessageDeliveryRequest(withServerGuid: serverGuid, serverTimestamp: envelope.serverTimestamp) + if let serverGuid = envelope.serverGuid, serverGuid.count > 0 { + request = OWSRequestFactory.acknowledgeMessageDeliveryRequest(withServerGuid: serverGuid) } else if let source = envelope.source, source.count > 0, envelope.timestamp > 0 { request = OWSRequestFactory.acknowledgeMessageDeliveryRequest(withSource: source, timestamp: envelope.timestamp) } else { diff --git a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h index 9a0d13abe..490403435 100644 --- a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h +++ b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.h @@ -23,8 +23,7 @@ typedef NS_ENUM(NSUInteger, TSVerificationTransport) { TSVerificationTransportVo + (TSRequest *)acknowledgeMessageDeliveryRequestWithSource:(NSString *)source timestamp:(UInt64)timestamp; -+ (TSRequest *)acknowledgeMessageDeliveryRequestWithServerGuid:(NSString *)serverGuid - serverTimestamp:(UInt64)serverTimestamp; ++ (TSRequest *)acknowledgeMessageDeliveryRequestWithServerGuid:(NSString *)serverGuid; + (TSRequest *)deleteDeviceRequestWithDevice:(OWSDevice *)device; diff --git a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m index 2ef8041dc..bad2dae92 100644 --- a/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m +++ b/SignalServiceKit/src/Network/API/Requests/OWSRequestFactory.m @@ -73,12 +73,10 @@ NS_ASSUME_NONNULL_BEGIN } + (TSRequest *)acknowledgeMessageDeliveryRequestWithServerGuid:(NSString *)serverGuid - serverTimestamp:(UInt64)serverTimestamp { OWSAssertDebug(serverGuid.length > 0); - OWSAssertDebug(serverTimestamp > 0); - NSString *path = [NSString stringWithFormat:@"v1/messages/%@/%llu", serverGuid, serverTimestamp]; + NSString *path = [NSString stringWithFormat:@"v1/messages/uuid/%@", serverGuid]; return [TSRequest requestWithUrl:[NSURL URLWithString:path] method:@"DELETE" parameters:@{}]; } From 9713c5870c47b1fb3c27a6adb6c00be44be5940a Mon Sep 17 00:00:00 2001 From: Michael Kirk Date: Wed, 28 Nov 2018 21:51:19 -0700 Subject: [PATCH 5/6] "Bump build to 2.31.1.0." --- Signal/Signal-Info.plist | 4 ++-- SignalShareExtension/Info.plist | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/Signal/Signal-Info.plist b/Signal/Signal-Info.plist index 5593fd41a..d6be6f842 100644 --- a/Signal/Signal-Info.plist +++ b/Signal/Signal-Info.plist @@ -32,7 +32,7 @@ CFBundlePackageType APPL CFBundleShortVersionString - 2.31.0 + 2.31.1 CFBundleSignature ???? CFBundleURLTypes @@ -49,7 +49,7 @@ CFBundleVersion - 2.31.0.39 + 2.31.1.0 ITSAppUsesNonExemptEncryption LOGS_EMAIL diff --git a/SignalShareExtension/Info.plist b/SignalShareExtension/Info.plist index 79859221b..3bd19ef94 100644 --- a/SignalShareExtension/Info.plist +++ b/SignalShareExtension/Info.plist @@ -17,9 +17,9 @@ CFBundlePackageType XPC! CFBundleShortVersionString - 2.31.0 + 2.31.1 CFBundleVersion - 2.31.0.39 + 2.31.1.0 ITSAppUsesNonExemptEncryption NSAppTransportSecurity From a247701ccdee1b0558924519d459ba97fa8e84c2 Mon Sep 17 00:00:00 2001 From: Michael Kirk Date: Wed, 28 Nov 2018 22:07:18 -0700 Subject: [PATCH 6/6] "Bump build to 2.32.0.17." --- Signal/Signal-Info.plist | 2 +- SignalShareExtension/Info.plist | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/Signal/Signal-Info.plist b/Signal/Signal-Info.plist index 7da7fefc1..6e727bc89 100644 --- a/Signal/Signal-Info.plist +++ b/Signal/Signal-Info.plist @@ -49,7 +49,7 @@ CFBundleVersion - 2.32.0.16 + 2.32.0.17 ITSAppUsesNonExemptEncryption LOGS_EMAIL diff --git a/SignalShareExtension/Info.plist b/SignalShareExtension/Info.plist index f0290a4f8..3f6bb5f9f 100644 --- a/SignalShareExtension/Info.plist +++ b/SignalShareExtension/Info.plist @@ -19,7 +19,7 @@ CFBundleShortVersionString 2.32.0 CFBundleVersion - 2.32.0.16 + 2.32.0.17 ITSAppUsesNonExemptEncryption NSAppTransportSecurity