Line data Source code
1 : /*
2 : * Copyright (C) 2004-2025 Savoir-faire Linux Inc.
3 : *
4 : * This program is free software: you can redistribute it and/or modify
5 : * it under the terms of the GNU General Public License as published by
6 : * the Free Software Foundation, either version 3 of the License, or
7 : * (at your option) any later version.
8 : *
9 : * This program is distributed in the hope that it will be useful,
10 : * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 : * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 : * GNU General Public License for more details.
13 : *
14 : * You should have received a copy of the GNU General Public License
15 : * along with this program. If not, see <https://www.gnu.org/licenses/>.
16 : */
17 : #include "account_manager.h"
18 : #include "accountarchive.h"
19 : #include "jamiaccount.h"
20 : #include "base64.h"
21 : #include "jami/account_const.h"
22 : #include "account_schema.h"
23 : #include "archiver.h"
24 : #include "manager.h"
25 :
26 : #include "libdevcrypto/Common.h"
27 : #include "json_utils.h"
28 :
29 : #include <opendht/thread_pool.h>
30 : #include <opendht/crypto.h>
31 :
32 : #include <exception>
33 : #include <future>
34 : #include <fstream>
35 : #include <gnutls/ocsp.h>
36 :
37 : namespace jami {
38 :
39 : AccountManager::CertRequest
40 806 : AccountManager::buildRequest(PrivateKey fDeviceKey)
41 : {
42 806 : return dht::ThreadPool::computation().get<std::unique_ptr<dht::crypto::CertificateRequest>>(
43 806 : [fDeviceKey = std::move(fDeviceKey)] {
44 806 : auto request = std::make_unique<dht::crypto::CertificateRequest>();
45 806 : request->setName("Jami device");
46 806 : const auto& deviceKey = fDeviceKey.get();
47 806 : request->setUID(deviceKey->getPublicKey().getId().toString());
48 806 : request->sign(*deviceKey);
49 806 : return request;
50 806 : });
51 : }
52 :
53 2466 : AccountManager::~AccountManager() {
54 822 : if (dht_)
55 706 : dht_->join();
56 822 : }
57 :
58 : void
59 18050 : AccountManager::onSyncData(DeviceSync&& sync, bool checkDevice)
60 : {
61 18050 : auto sync_date = clock::time_point(clock::duration(sync.date));
62 18050 : if (checkDevice) {
63 : // If the DHT is used, we need to check the device here
64 0 : if (not info_->contacts->syncDevice(sync.owner->getLongId(), sync_date)) {
65 0 : return;
66 : }
67 : }
68 :
69 : // Sync known devices
70 54150 : JAMI_DEBUG("[Account {}] [Contacts] received device sync data ({:d} devices, {:d} contacts, {:d} requests)",
71 : accountId_,
72 : sync.devices_known.size() + sync.devices.size(),
73 : sync.peers.size(),
74 : sync.trust_requests.size());
75 18050 : for (const auto& d : sync.devices_known) {
76 0 : findCertificate(d.first, [this, d](const std::shared_ptr<dht::crypto::Certificate>& crt) {
77 0 : if (not crt)
78 0 : return;
79 : // std::lock_guard lock(deviceListMutex_);
80 0 : foundAccountDevice(crt, d.second);
81 : });
82 : }
83 53805 : for (const auto& d : sync.devices) {
84 35755 : findCertificate(d.second.sha1,
85 71510 : [this, d](const std::shared_ptr<dht::crypto::Certificate>& crt) {
86 35755 : if (not crt || crt->getLongId() != d.first)
87 0 : return;
88 : // std::lock_guard lock(deviceListMutex_);
89 35755 : foundAccountDevice(crt, d.second.name);
90 : });
91 : }
92 : // saveKnownDevices();
93 :
94 : // Sync contacts
95 18050 : if (!sync.peers.empty()) {
96 35468 : for (const auto &peer: sync.peers) {
97 17734 : info_->contacts->updateContact(peer.first, peer.second);
98 : }
99 17734 : info_->contacts->saveContacts();
100 : }
101 :
102 : // Sync trust requests
103 18063 : for (const auto& tr : sync.trust_requests)
104 26 : info_->contacts->onTrustRequest(tr.first,
105 13 : tr.second.device,
106 13 : tr.second.received,
107 : false,
108 13 : tr.second.conversationId,
109 : {});
110 : }
111 :
112 : dht::crypto::Identity
113 822 : AccountManager::loadIdentity(const std::string& crt_path,
114 : const std::string& key_path,
115 : const std::string& key_pwd) const
116 : {
117 : // Return to avoid unnecessary log if certificate or key is missing. Example case: when
118 : // importing an account when the certificate has not been unpacked from the archive.
119 822 : if (crt_path.empty() or key_path.empty())
120 802 : return {};
121 :
122 60 : JAMI_DEBUG("[Account {}] [Auth] Loading certificate from '{}' and key from '{}' at {}",
123 : accountId_,
124 : crt_path,
125 : key_path,
126 : path_);
127 : try {
128 40 : dht::crypto::Certificate dht_cert(fileutils::loadFile(crt_path, path_));
129 40 : dht::crypto::PrivateKey dht_key(fileutils::loadFile(key_path, path_), key_pwd);
130 20 : auto crt_id = dht_cert.getLongId();
131 20 : if (!crt_id or crt_id != dht_key.getPublicKey().getLongId()) {
132 0 : JAMI_ERROR("[Account {}] [Auth] Device certificate not matching public key!", accountId_);
133 0 : return {};
134 : }
135 20 : auto& issuer = dht_cert.issuer;
136 20 : if (not issuer) {
137 0 : JAMI_ERROR("[Account {}] [Auth] Device certificate {:s} has no issuer", accountId_, dht_cert.getId().to_view());
138 0 : return {};
139 : }
140 : // load revocation lists for device authority (account certificate).
141 20 : Manager::instance().certStore(accountId_).loadRevocations(*issuer);
142 :
143 40 : return {std::make_shared<dht::crypto::PrivateKey>(std::move(dht_key)),
144 20 : std::make_shared<dht::crypto::Certificate>(std::move(dht_cert))};
145 20 : } catch (const std::exception& e) {
146 0 : JAMI_ERROR("[Account {}] [Auth] Error loading identity: {}", accountId_, e.what());
147 0 : }
148 0 : return {};
149 : }
150 :
151 : std::shared_ptr<dht::Value>
152 16 : AccountManager::parseAnnounce(const std::string& announceBase64,
153 : const std::string& accountId,
154 : const std::string& deviceSha1,
155 : const std::string& deviceSha256)
156 : {
157 16 : auto announce_val = std::make_shared<dht::Value>();
158 : try {
159 16 : auto announce = base64::decode(announceBase64);
160 16 : msgpack::object_handle announce_msg = msgpack::unpack((const char*) announce.data(),
161 32 : announce.size());
162 16 : announce_val->msgpack_unpack(announce_msg.get());
163 16 : if (not announce_val->checkSignature()) {
164 0 : JAMI_ERROR("[Auth] announce signature check failed");
165 0 : return {};
166 : }
167 16 : DeviceAnnouncement da;
168 16 : da.unpackValue(*announce_val);
169 16 : if (da.from.toString() != accountId) {
170 0 : JAMI_ERROR("[Auth] Account ID mismatch in announce (account: {}, in announce: {})", accountId, da.from.toString());
171 0 : return {};
172 : }
173 16 : if ((da.pk && da.pk->getLongId().to_view() != deviceSha256) || da.dev.toString() != deviceSha1) {
174 0 : JAMI_ERROR("[Auth] Device ID mismatch in announce (device: {}, in announce: {})", da.pk ? deviceSha256 : deviceSha1, da.pk ? da.pk->getLongId().to_view() : da.dev.toString());
175 0 : return {};
176 : }
177 16 : } catch (const std::exception& e) {
178 0 : JAMI_ERROR("[Auth] unable to read announce: {}", e.what());
179 0 : return {};
180 0 : }
181 16 : return announce_val;
182 16 : }
183 :
184 : const AccountInfo*
185 822 : AccountManager::useIdentity(const dht::crypto::Identity& identity,
186 : const std::string& receipt,
187 : const std::vector<uint8_t>& receiptSignature,
188 : const std::string& username,
189 : const OnChangeCallback& onChange)
190 : {
191 822 : if (receipt.empty() or receiptSignature.empty())
192 806 : return nullptr;
193 :
194 16 : if (not identity.first or not identity.second) {
195 0 : JAMI_ERROR("[Account {}] [Auth] no identity provided", accountId_);
196 0 : return nullptr;
197 : }
198 :
199 16 : auto accountCertificate = identity.second->issuer;
200 16 : if (not accountCertificate) {
201 0 : JAMI_ERROR("[Account {}] [Auth] device certificate must be issued by the account certificate", accountId_);
202 0 : return nullptr;
203 : }
204 :
205 : // match certificate chain
206 16 : auto contactList = std::make_unique<ContactList>(accountId_, accountCertificate, path_, onChange);
207 16 : auto result = contactList->isValidAccountDevice(*identity.second);
208 16 : if (not result) {
209 0 : JAMI_ERROR("[Account {}] [Auth] unable to use identity: device certificate chain is unable to be verified: {}", accountId_,
210 : result.toString());
211 0 : return nullptr;
212 : }
213 :
214 16 : auto pk = accountCertificate->getSharedPublicKey();
215 48 : JAMI_LOG("[Account {}] [Auth] checking device receipt for account:{} device:{}", accountId_, pk->getId().toString(), identity.second->getLongId().toString());
216 16 : if (!pk->checkSignature({receipt.begin(), receipt.end()}, receiptSignature)) {
217 0 : JAMI_ERROR("[Account {}] [Auth] device receipt signature check failed", accountId_);
218 0 : return nullptr;
219 : }
220 :
221 16 : Json::Value root;
222 16 : if (!json::parse(receipt, root) || !root.isMember("announce")) {
223 0 : JAMI_ERROR("[Account {}] [Auth] device receipt parsing error", accountId_);
224 0 : return nullptr;
225 : }
226 :
227 16 : auto dev_id = root["dev"].asString();
228 16 : if (dev_id != identity.second->getId().toString()) {
229 0 : JAMI_ERROR("[Account {}] [Auth] device ID mismatch between receipt and certificate", accountId_);
230 0 : return nullptr;
231 : }
232 16 : auto id = root["id"].asString();
233 16 : if (id != pk->getId().toString()) {
234 0 : JAMI_ERROR("[Account {}] [Auth] account ID mismatch between receipt and certificate", accountId_);
235 0 : return nullptr;
236 : }
237 :
238 16 : auto devicePk = identity.first->getSharedPublicKey();
239 16 : if (!devicePk) {
240 0 : JAMI_ERROR("[Account {}] [Auth] No device pk found", accountId_);
241 0 : return nullptr;
242 : }
243 :
244 32 : auto announce = parseAnnounce(root["announce"].asString(), id, devicePk->getId().toString(), devicePk->getLongId().toString());
245 16 : if (not announce) {
246 0 : return nullptr;
247 : }
248 :
249 16 : onChange_ = std::move(onChange);
250 :
251 16 : auto info = std::make_unique<AccountInfo>();
252 16 : info->identity = identity;
253 16 : info->contacts = std::move(contactList);
254 16 : info->contacts->load();
255 16 : info->accountId = id;
256 16 : info->devicePk = std::move(devicePk);
257 16 : info->deviceId = info->devicePk->getLongId().toString();
258 16 : info->announce = std::move(announce);
259 16 : info->ethAccount = root["eth"].asString();
260 16 : info->username = username;
261 16 : info_ = std::move(info);
262 :
263 48 : JAMI_LOG("[Account {}] [Auth] Device {} receipt checked successfully for user {}", accountId_,
264 : info_->deviceId, id);
265 16 : return info_.get();
266 16 : }
267 :
268 : void
269 0 : AccountManager::reloadContacts()
270 : {
271 0 : if (info_) {
272 0 : info_->contacts->load();
273 : }
274 0 : }
275 :
276 : void
277 700 : AccountManager::startSync(const OnNewDeviceCb& cb, const OnDeviceAnnouncedCb& dcb, bool publishPresence)
278 : {
279 : // Put device announcement
280 700 : if (info_->announce) {
281 700 : auto h = dht::InfoHash(info_->accountId);
282 700 : if (publishPresence) {
283 2800 : dht_->put(
284 : h,
285 700 : info_->announce,
286 1400 : [dcb = std::move(dcb), h, accountId=accountId_](bool ok) {
287 700 : if (ok)
288 2055 : JAMI_DEBUG("[Account {}] device announced at {}", accountId, h.toString());
289 : // We do not care about the status, it's a permanent put, if this fail,
290 : // this means the DHT is disconnected but the put will be retried when connected.
291 700 : if (dcb)
292 700 : dcb();
293 700 : },
294 : {},
295 : true);
296 : }
297 700 : for (const auto& crl : info_->identity.second->issuer->getRevocationLists())
298 700 : dht_->put(h, crl, dht::DoneCallback {}, {}, true);
299 700 : dht_->listen<DeviceAnnouncement>(h, [this, cb = std::move(cb)](DeviceAnnouncement&& dev) {
300 775 : findCertificate(dev.dev,
301 775 : [this, cb](const std::shared_ptr<dht::crypto::Certificate>& crt) {
302 775 : foundAccountDevice(crt);
303 775 : if (cb)
304 775 : cb(crt);
305 775 : });
306 775 : return true;
307 : });
308 700 : dht_->listen<dht::crypto::RevocationList>(h, [this](dht::crypto::RevocationList&& crl) {
309 3 : if (crl.isSignedBy(*info_->identity.second->issuer)) {
310 9 : JAMI_DEBUG("[Account {}] Found CRL for account.", accountId_);
311 3 : certStore()
312 3 : .pinRevocationList(info_->accountId,
313 6 : std::make_shared<dht::crypto::RevocationList>(
314 3 : std::move(crl)));
315 : }
316 3 : return true;
317 : });
318 700 : syncDevices();
319 : } else {
320 0 : JAMI_ERROR("[Account {}] Unable to announce device: no announcement.", accountId_);
321 : }
322 :
323 700 : auto inboxKey = dht::InfoHash::get("inbox:" + info_->devicePk->getId().toString());
324 700 : dht_->listen<dht::TrustRequest>(inboxKey, [this](dht::TrustRequest&& v) {
325 111 : if (v.service != DHT_TYPE_NS)
326 0 : return true;
327 :
328 : // allowPublic always true for trust requests (only forbidden if banned)
329 222 : onPeerMessage(
330 111 : *v.owner,
331 : true,
332 110 : [this, v](const std::shared_ptr<dht::crypto::Certificate>&,
333 356 : dht::InfoHash peer_account) mutable {
334 330 : JAMI_WARNING("[Account {}] Got trust request (confirm: {}) from: {} / {}. ConversationId: {}",
335 : accountId_,
336 : v.confirm,
337 : peer_account.toString(),
338 : v.from.toString(),
339 : v.conversationId);
340 110 : if (info_)
341 220 : if (info_->contacts->onTrustRequest(peer_account,
342 110 : v.owner,
343 : time(nullptr),
344 110 : v.confirm,
345 110 : v.conversationId,
346 110 : std::move(v.payload))) {
347 13 : if (v.confirm) // No need to send a confirmation as already accepted here
348 7 : return;
349 13 : auto conversationId = v.conversationId;
350 : // Check if there was an old active conversation.
351 13 : if (auto details = info_->contacts->getContactInfo(peer_account)) {
352 13 : if (!details->conversationId.empty()) {
353 13 : if (details->conversationId == conversationId) {
354 : // Here, it's possible that we already have accepted the conversation
355 : // but contact were offline and sync failed.
356 : // So, retrigger the callback so upper layer will clone conversation if needed
357 : // instead of getting stuck in sync.
358 7 : info_->contacts->acceptConversation(conversationId, v.owner->getLongId().toString());
359 7 : return;
360 : }
361 6 : conversationId = details->conversationId;
362 18 : JAMI_WARNING("Accept with old convId: {}", conversationId);
363 : }
364 13 : }
365 6 : sendTrustRequestConfirm(peer_account, conversationId);
366 13 : }
367 : });
368 111 : return true;
369 : });
370 700 : }
371 :
372 : const std::map<dht::PkId, KnownDevice>&
373 1235 : AccountManager::getKnownDevices() const
374 : {
375 1235 : return info_->contacts->getKnownDevices();
376 : }
377 :
378 : bool
379 36530 : AccountManager::foundAccountDevice(const std::shared_ptr<dht::crypto::Certificate>& crt,
380 : const std::string& name,
381 : const time_point& last_sync)
382 : {
383 36530 : return info_->contacts->foundAccountDevice(crt, name, last_sync);
384 : }
385 :
386 : void
387 20 : AccountManager::setAccountDeviceName(const std::string& name)
388 : {
389 20 : if (info_)
390 16 : info_->contacts->setAccountDeviceName(DeviceId(info_->deviceId), name);
391 20 : }
392 :
393 : std::string
394 801 : AccountManager::getAccountDeviceName() const
395 : {
396 801 : if (info_)
397 1602 : return info_->contacts->getAccountDeviceName(DeviceId(info_->deviceId));
398 0 : return {};
399 : }
400 :
401 : bool
402 898 : AccountManager::foundPeerDevice(const std::string& accountId, const std::shared_ptr<dht::crypto::Certificate>& crt,
403 : dht::InfoHash& peer_id)
404 : {
405 898 : if (not crt)
406 0 : return false;
407 :
408 898 : auto top_issuer = crt;
409 2694 : while (top_issuer->issuer)
410 1796 : top_issuer = top_issuer->issuer;
411 :
412 : // Device certificate is unable to be self-signed
413 898 : if (top_issuer == crt) {
414 0 : JAMI_WARNING("[Account {}] Found invalid peer device: {}", accountId, crt->getLongId().toString());
415 0 : return false;
416 : }
417 :
418 : // Check peer certificate chain
419 : // Trust store with top issuer as the only CA
420 898 : dht::crypto::TrustList peer_trust;
421 898 : peer_trust.add(*top_issuer);
422 898 : if (not peer_trust.verify(*crt)) {
423 0 : JAMI_WARNING("[Account {}] Found invalid peer device: {}", accountId, crt->getLongId().toString());
424 0 : return false;
425 : }
426 :
427 : // Check cached OCSP response
428 898 : if (crt->ocspResponse and crt->ocspResponse->getCertificateStatus() != GNUTLS_OCSP_CERT_GOOD) {
429 0 : JAMI_WARNING("[Account {}] Certificate {} is disabled by cached OCSP response", accountId, crt->getLongId());
430 0 : return false;
431 : }
432 :
433 898 : peer_id = crt->issuer->getId();
434 2694 : JAMI_LOG("[Account {}] Found peer device: {} account:{} CA:{}",
435 : accountId,
436 : crt->getLongId().toString(),
437 : peer_id.toString(),
438 : top_issuer->getId().toString());
439 898 : return true;
440 898 : }
441 :
442 : void
443 111 : AccountManager::onPeerMessage(const dht::crypto::PublicKey& peer_device,
444 : bool allowPublic,
445 : std::function<void(const std::shared_ptr<dht::crypto::Certificate>& crt,
446 : const dht::InfoHash& peer_account)>&& cb)
447 : {
448 : // quick check in case we already explicilty banned this device
449 111 : auto trustStatus = getCertificateStatus(peer_device.toString());
450 111 : if (trustStatus == dhtnet::tls::TrustStore::PermissionStatus::BANNED) {
451 0 : JAMI_WARNING("[Account {}] [Auth] Discarding message from banned device {}", accountId_, peer_device.toString());
452 0 : return;
453 : }
454 :
455 111 : findCertificate(peer_device.getId(),
456 111 : [this, cb = std::move(cb), allowPublic](
457 111 : const std::shared_ptr<dht::crypto::Certificate>& cert) {
458 111 : dht::InfoHash peer_account_id;
459 111 : if (onPeerCertificate(cert, allowPublic, peer_account_id)) {
460 110 : cb(cert, peer_account_id);
461 : }
462 111 : });
463 : }
464 :
465 : bool
466 898 : AccountManager::onPeerCertificate(const std::shared_ptr<dht::crypto::Certificate>& cert,
467 : bool allowPublic,
468 : dht::InfoHash& account_id)
469 : {
470 898 : dht::InfoHash peer_account_id;
471 898 : if (not foundPeerDevice(accountId_, cert, peer_account_id)) {
472 0 : JAMI_WARNING("[Account {}] [Auth] Discarding message from invalid peer certificate", accountId_);
473 0 : return false;
474 : }
475 :
476 898 : if (not isAllowed(*cert, allowPublic)) {
477 18 : JAMI_WARNING("[Account {}] [Auth] Discarding message from unauthorized peer {}.",
478 : accountId_, peer_account_id.toString());
479 6 : return false;
480 : }
481 :
482 892 : account_id = peer_account_id;
483 892 : return true;
484 : }
485 :
486 : bool
487 64 : AccountManager::addContact(const dht::InfoHash& uri, bool confirmed, const std::string& conversationId)
488 : {
489 64 : if (not info_) {
490 0 : JAMI_ERROR("addContact(): account not loaded");
491 0 : return false;
492 : }
493 192 : JAMI_WARNING("[Account {}] addContact {}", accountId_, confirmed);
494 64 : if (info_->contacts->addContact(uri, confirmed, conversationId)) {
495 64 : syncDevices();
496 64 : return true;
497 : }
498 0 : return false;
499 : }
500 :
501 : void
502 19 : AccountManager::removeContact(const std::string& uri, bool banned)
503 : {
504 19 : dht::InfoHash h(uri);
505 19 : if (not h) {
506 0 : JAMI_ERROR("[Account {}] removeContact: invalid contact URI", accountId_);
507 0 : return;
508 : }
509 19 : if (not info_) {
510 0 : JAMI_ERROR("[Account {}] removeContact: account not loaded", accountId_);
511 0 : return;
512 : }
513 19 : if (info_->contacts->removeContact(h, banned))
514 19 : syncDevices();
515 : }
516 :
517 : void
518 1 : AccountManager::removeContactConversation(const std::string& uri)
519 : {
520 1 : dht::InfoHash h(uri);
521 1 : if (not h) {
522 0 : JAMI_ERROR("[Account {}] removeContactConversation: invalid contact URI", accountId_);
523 0 : return;
524 : }
525 1 : if (not info_) {
526 0 : JAMI_ERROR("[Account {}] removeContactConversation: account not loaded", accountId_);
527 0 : return;
528 : }
529 1 : if (info_->contacts->removeContactConversation(h))
530 1 : syncDevices();
531 : }
532 :
533 : void
534 17691 : AccountManager::updateContactConversation(
535 : const std::string& uri, const std::string& convId, bool added)
536 : {
537 17691 : dht::InfoHash h(uri);
538 17691 : if (not h) {
539 0 : JAMI_ERROR("[Account {}] updateContactConversation: invalid contact URI", accountId_);
540 0 : return;
541 : }
542 17691 : if (not info_) {
543 0 : JAMI_ERROR("[Account {}] updateContactConversation: account not loaded", accountId_);
544 0 : return;
545 : }
546 17691 : info_->contacts->updateConversation(h, convId, added);
547 : // Also decline trust request if there is one
548 17691 : auto req = info_->contacts->getTrustRequest(h);
549 35382 : if (req.find(libjami::Account::TrustRequest::CONVERSATIONID) != req.end()
550 35382 : && req.at(libjami::Account::TrustRequest::CONVERSATIONID) == convId) {
551 0 : discardTrustRequest(uri);
552 : }
553 17691 : syncDevices();
554 17691 : }
555 :
556 : std::vector<std::map<std::string, std::string>>
557 709 : AccountManager::getContacts(bool includeRemoved) const
558 : {
559 709 : if (not info_) {
560 0 : JAMI_ERROR("[Account {}] getContacts(): account not loaded", accountId_);
561 0 : return {};
562 : }
563 709 : const auto& contacts = info_->contacts->getContacts();
564 709 : std::vector<std::map<std::string, std::string>> ret;
565 709 : ret.reserve(contacts.size());
566 :
567 718 : for (const auto& c : contacts) {
568 9 : if (!c.second.isActive() && !includeRemoved && !c.second.isBanned())
569 0 : continue;
570 9 : auto details = c.second.toMap();
571 9 : if (not details.empty()) {
572 9 : details["id"] = c.first.toString();
573 9 : ret.emplace_back(std::move(details));
574 : }
575 9 : }
576 709 : return ret;
577 709 : }
578 :
579 : /** Obtain details about one account contact in serializable form. */
580 : std::map<std::string, std::string>
581 8 : AccountManager::getContactDetails(const std::string& uri) const
582 : {
583 8 : if (!info_) {
584 0 : JAMI_ERROR("[Account {}] getContactDetails(): account not loaded", accountId_);
585 0 : return {};
586 : }
587 8 : dht::InfoHash h(uri);
588 8 : if (not h) {
589 0 : JAMI_ERROR("[Account {}] getContactDetails: invalid contact URI", accountId_);
590 0 : return {};
591 : }
592 8 : return info_->contacts->getContactDetails(h);
593 : }
594 :
595 : std::optional<Contact>
596 600 : AccountManager::getContactInfo(const std::string& uri) const
597 : {
598 600 : if (!info_) {
599 0 : JAMI_ERROR("[Account {}] getContactInfo(): account not loaded", accountId_);
600 0 : return {};
601 : }
602 600 : dht::InfoHash h(uri);
603 600 : if (not h) {
604 0 : JAMI_ERROR("[Account {}] getContactInfo: invalid contact URI", accountId_);
605 0 : return {};
606 : }
607 600 : return info_->contacts->getContactInfo(h);
608 : }
609 :
610 : bool
611 40893 : AccountManager::findCertificate(
612 : const dht::InfoHash& h,
613 : std::function<void(const std::shared_ptr<dht::crypto::Certificate>&)>&& cb)
614 : {
615 81786 : if (auto cert = certStore().getCertificate(h.toString())) {
616 39854 : if (cb)
617 39850 : cb(cert);
618 1039 : } else if (dht_) {
619 2078 : dht_->findCertificate(h,
620 1039 : [cb = std::move(cb), this](
621 1914 : const std::shared_ptr<dht::crypto::Certificate>& crt) {
622 1039 : if (crt && info_) {
623 957 : certStore().pinCertificate(crt);
624 : }
625 1039 : if (cb)
626 957 : cb(crt);
627 1039 : });
628 40893 : }
629 40893 : return true;
630 : }
631 :
632 : bool
633 790 : AccountManager::findCertificate(
634 : const dht::PkId& id, std::function<void(const std::shared_ptr<dht::crypto::Certificate>&)>&& cb)
635 : {
636 1580 : if (auto cert = certStore().getCertificate(id.toString())) {
637 789 : if (cb)
638 789 : cb(cert);
639 4 : } else if (auto cert = certStore().getCertificateLegacy(fileutils::get_data_dir().string(),
640 3 : id.toString())) {
641 0 : if (cb)
642 0 : cb(cert);
643 1 : } else if (cb)
644 791 : cb(nullptr);
645 790 : return true;
646 : }
647 :
648 : bool
649 89 : AccountManager::setCertificateStatus(const std::string& cert_id,
650 : dhtnet::tls::TrustStore::PermissionStatus status)
651 : {
652 89 : return info_ and info_->contacts->setCertificateStatus(cert_id, status);
653 : }
654 :
655 : bool
656 0 : AccountManager::setCertificateStatus(const std::shared_ptr<crypto::Certificate>& cert,
657 : dhtnet::tls::TrustStore::PermissionStatus status,
658 : bool local)
659 : {
660 0 : return info_ and info_->contacts->setCertificateStatus(cert, status, local);
661 : }
662 :
663 : std::vector<std::string>
664 0 : AccountManager::getCertificatesByStatus(dhtnet::tls::TrustStore::PermissionStatus status)
665 : {
666 0 : return info_ ? info_->contacts->getCertificatesByStatus(status) : std::vector<std::string> {};
667 : }
668 :
669 : dhtnet::tls::TrustStore::PermissionStatus
670 8548 : AccountManager::getCertificateStatus(const std::string& cert_id) const
671 : {
672 8548 : return info_ ? info_->contacts->getCertificateStatus(cert_id)
673 17096 : : dhtnet::tls::TrustStore::PermissionStatus::UNDEFINED;
674 : }
675 :
676 : bool
677 898 : AccountManager::isAllowed(const crypto::Certificate& crt, bool allowPublic)
678 : {
679 898 : return info_ and info_->contacts->isAllowed(crt, allowPublic);
680 : }
681 :
682 : std::vector<std::map<std::string, std::string>>
683 728 : AccountManager::getTrustRequests() const
684 : {
685 728 : if (not info_) {
686 0 : JAMI_ERROR("[Account {}] getTrustRequests(): account not loaded", accountId_);
687 0 : return {};
688 : }
689 728 : return info_->contacts->getTrustRequests();
690 : }
691 :
692 : bool
693 200 : AccountManager::acceptTrustRequest(const std::string& from, bool includeConversation)
694 : {
695 200 : dht::InfoHash f(from);
696 200 : if (info_) {
697 200 : auto req = info_->contacts->getTrustRequest(dht::InfoHash(from));
698 200 : if (info_->contacts->acceptTrustRequest(f)) {
699 42 : sendTrustRequestConfirm(f,
700 : includeConversation
701 84 : ? req[libjami::Account::TrustRequest::CONVERSATIONID]
702 : : "");
703 42 : syncDevices();
704 42 : return true;
705 : }
706 158 : return false;
707 200 : }
708 0 : return false;
709 : }
710 :
711 : bool
712 3 : AccountManager::discardTrustRequest(const std::string& from)
713 : {
714 3 : dht::InfoHash f(from);
715 3 : return info_ and info_->contacts->discardTrustRequest(f);
716 : }
717 :
718 : void
719 59 : AccountManager::sendTrustRequest(const std::string& to,
720 : const std::string& convId,
721 : const std::vector<uint8_t>& payload)
722 : {
723 177 : JAMI_WARNING("[Account {}] AccountManager::sendTrustRequest", accountId_);
724 59 : auto toH = dht::InfoHash(to);
725 59 : if (not toH) {
726 0 : JAMI_ERROR("[Account {}] Unable to send trust request to invalid hash: {}", accountId_, to);
727 0 : return;
728 : }
729 59 : if (not info_) {
730 0 : JAMI_ERROR("[Account {}] sendTrustRequest(): account not loaded", accountId_);
731 0 : return;
732 : }
733 59 : if (info_->contacts->addContact(toH, false, convId)) {
734 1 : syncDevices();
735 : }
736 59 : forEachDevice(toH,
737 201 : [this, toH, convId, payload](const std::shared_ptr<dht::crypto::PublicKey>& dev) {
738 67 : auto to = toH.toString();
739 201 : JAMI_WARNING("[Account {}] Sending trust request to: {:s} / {:s} of size {:d}",
740 : accountId_, to, dev->getLongId(), payload.size());
741 268 : dht_->putEncrypted(dht::InfoHash::get("inbox:" + dev->getId().toString()),
742 : dev,
743 134 : dht::TrustRequest(DHT_TYPE_NS, convId, payload),
744 67 : [to, size = payload.size()](bool ok) {
745 67 : if (!ok)
746 60 : JAMI_ERROR("Tried to send request {:s} (size: "
747 : "{:d}), but put failed",
748 : to,
749 : size);
750 67 : });
751 67 : });
752 : }
753 :
754 : void
755 48 : AccountManager::sendTrustRequestConfirm(const dht::InfoHash& toH, const std::string& convId)
756 : {
757 144 : JAMI_WARNING("[Account {}] AccountManager::sendTrustRequestConfirm to {} (conversation {})", accountId_, toH, convId);
758 96 : dht::TrustRequest answer {DHT_TYPE_NS, convId};
759 48 : answer.confirm = true;
760 :
761 48 : if (!convId.empty() && info_)
762 48 : info_->contacts->acceptConversation(convId);
763 :
764 48 : forEachDevice(toH, [this, toH, answer](const std::shared_ptr<dht::crypto::PublicKey>& dev) {
765 147 : JAMI_WARNING("[Account {}] sending trust request reply: {} / {}",
766 : accountId_, toH, dev->getLongId());
767 49 : dht_->putEncrypted(dht::InfoHash::get("inbox:" + dev->getId().toString()), dev, answer);
768 49 : });
769 48 : }
770 :
771 : void
772 4150 : AccountManager::forEachDevice(
773 : const dht::InfoHash& to,
774 : std::function<void(const std::shared_ptr<dht::crypto::PublicKey>&)>&& op,
775 : std::function<void(bool)>&& end)
776 : {
777 4150 : if (not dht_) {
778 0 : JAMI_ERROR("[Account {}] forEachDevice: no dht", accountId_);
779 0 : if (end)
780 0 : end(false);
781 0 : return;
782 : }
783 4150 : dht_->get<dht::crypto::RevocationList>(to, [to, this](dht::crypto::RevocationList&& crl) {
784 0 : certStore().pinRevocationList(to.toString(), std::move(crl));
785 0 : return true;
786 : });
787 :
788 : struct State
789 : {
790 : const dht::InfoHash to;
791 : const std::string accountId;
792 : // Note: state is initialized to 1, because we need to wait that the get is finished
793 : unsigned remaining {1};
794 : std::set<dht::PkId> treatedDevices {};
795 : std::function<void(const std::shared_ptr<dht::crypto::PublicKey>&)> onDevice;
796 : std::function<void(bool)> onEnd;
797 :
798 4150 : State(dht::InfoHash to, std::string accountId)
799 4150 : : to(std::move(to)), accountId(std::move(accountId)) {}
800 :
801 8315 : void found(const std::shared_ptr<dht::crypto::PublicKey>& pk)
802 : {
803 8315 : remaining--;
804 8315 : if (pk && *pk) {
805 4165 : auto longId = pk->getLongId();
806 4165 : if (treatedDevices.emplace(longId).second) {
807 4159 : onDevice(pk);
808 : }
809 : }
810 8315 : ended();
811 8315 : }
812 :
813 8315 : void ended()
814 : {
815 8315 : if (remaining == 0 && onEnd) {
816 1122 : JAMI_LOG("[Account {}] Found {:d} device(s) for {}", accountId, treatedDevices.size(), to);
817 374 : onEnd(not treatedDevices.empty());
818 374 : onDevice = {};
819 374 : onEnd = {};
820 : }
821 8315 : }
822 : };
823 4150 : auto state = std::make_shared<State>(to, accountId_);
824 4150 : state->onDevice = std::move(op);
825 4150 : state->onEnd = std::move(end);
826 :
827 4150 : dht_->get<DeviceAnnouncement>(
828 : to,
829 8330 : [this, to, state](DeviceAnnouncement&& dev) {
830 4165 : if (dev.from != to)
831 0 : return true;
832 4165 : state->remaining++;
833 4165 : findCertificate(dev.dev, [state](const std::shared_ptr<dht::crypto::Certificate>& cert) {
834 8330 : state->found(cert ? cert->getSharedPublicKey()
835 4165 : : std::shared_ptr<dht::crypto::PublicKey> {});
836 4165 : });
837 4165 : return true;
838 : },
839 4150 : [state](bool /*ok*/) { state->found({}); });
840 4150 : }
841 :
842 : void
843 3 : AccountManager::lookupUri(const std::string& name,
844 : const std::string& defaultServer,
845 : LookupCallback cb)
846 : {
847 3 : nameDir_.get().lookupUri(name, defaultServer, std::move(cb));
848 3 : }
849 :
850 : void
851 810 : AccountManager::lookupAddress(const std::string& addr, LookupCallback cb)
852 : {
853 810 : nameDir_.get().lookupAddress(addr, cb);
854 810 : }
855 :
856 : dhtnet::tls::CertificateStore&
857 42648 : AccountManager::certStore() const
858 : {
859 42648 : return Manager::instance().certStore(info_->contacts->accountId());
860 : }
861 :
862 : } // namespace jami
|
