status-go/protocol/push_notification_server/push_notification_server.go

package push_notification_server

import (
	"errors"
	"io"

	"crypto/aes"
	"crypto/cipher"
	"crypto/ecdsa"
	"golang.org/x/crypto/sha3"

	"github.com/golang/protobuf/proto"
	"github.com/google/uuid"

	"github.com/status-im/status-go/eth-node/crypto/ecies"
	"github.com/status-im/status-go/protocol/protobuf"
)

const encryptedPayloadKeyLength = 16
const nonceLength = 12

type Config struct {
	// Identity is our identity key
	Identity *ecdsa.PrivateKey
	// GorushUrl is the url for the gorush service
	GorushURL string
}

type Server struct {
	persistence Persistence
	config      *Config
}

func New(config *Config, persistence Persistence) *Server {
	return &Server{persistence: persistence, config: config}
}

func (p *Server) generateSharedKey(publicKey *ecdsa.PublicKey) ([]byte, error) {
	return ecies.ImportECDSA(p.config.Identity).GenerateShared(
		ecies.ImportECDSAPublic(publicKey),
		encryptedPayloadKeyLength,
		encryptedPayloadKeyLength,
	)
}

func (p *Server) validateUUID(u string) error {
	if len(u) == 0 {
		return errors.New("empty uuid")
	}
	_, err := uuid.Parse(u)
	return err
}

func (p *Server) decryptRegistration(publicKey *ecdsa.PublicKey, payload []byte) ([]byte, error) {
	sharedKey, err := p.generateSharedKey(publicKey)
	if err != nil {
		return nil, err
	}

	return decrypt(payload, sharedKey)
}

// ValidateRegistration validates a new message against the last one received for a given installationID and and public key
// and return the decrypted message
func (p *Server) ValidateRegistration(publicKey *ecdsa.PublicKey, payload []byte) (*protobuf.PushNotificationRegistration, error) {
	if payload == nil {
		return nil, ErrEmptyPushNotificationRegistrationPayload
	}

	if publicKey == nil {
		return nil, ErrEmptyPushNotificationRegistrationPublicKey
	}

	decryptedPayload, err := p.decryptRegistration(publicKey, payload)
	if err != nil {
		return nil, err
	}

	registration := &protobuf.PushNotificationRegistration{}

	if err := proto.Unmarshal(decryptedPayload, registration); err != nil {
		return nil, ErrCouldNotUnmarshalPushNotificationRegistration
	}

	if registration.Version < 1 {
		return nil, ErrInvalidPushNotificationRegistrationVersion
	}

	if err := p.validateUUID(registration.InstallationId); err != nil {
		return nil, ErrMalformedPushNotificationRegistrationInstallationID
	}

	previousRegistration, err := p.persistence.GetPushNotificationRegistration(publicKey, registration.InstallationId)
	if err != nil {
		return nil, err
	}

	if previousRegistration != nil && registration.Version <= previousRegistration.Version {
		return nil, ErrInvalidPushNotificationRegistrationVersion
	}

	// Unregistering message
	if registration.Unregister {
		return registration, nil
	}

	if err := p.validateUUID(registration.AccessToken); err != nil {
		return nil, ErrMalformedPushNotificationRegistrationAccessToken
	}

	if len(registration.Token) == 0 {
		return nil, ErrMalformedPushNotificationRegistrationDeviceToken
	}

	return registration, nil
}

func (p *Server) HandlePushNotificationRegistration(publicKey *ecdsa.PublicKey, payload []byte) *protobuf.PushNotificationRegistrationResponse {
	response := &protobuf.PushNotificationRegistrationResponse{
		RequestId: shake256(payload),
	}

	registration, err := p.ValidateRegistration(publicKey, payload)
	if registration != nil {
	}

	if err != nil {
		if err == ErrInvalidPushNotificationRegistrationVersion {
			response.Error = protobuf.PushNotificationRegistrationResponse_VERSION_MISMATCH
		} else {
			response.Error = protobuf.PushNotificationRegistrationResponse_MALFORMED_MESSAGE
		}
		return response
	}

	if registration.Unregister {
		// We save an empty registration, only keeping version and installation-id
		emptyRegistration := &protobuf.PushNotificationRegistration{
			Version:        registration.Version,
			InstallationId: registration.InstallationId,
		}
		if err := p.persistence.SavePushNotificationRegistration(publicKey, emptyRegistration); err != nil {
			response.Error = protobuf.PushNotificationRegistrationResponse_INTERNAL_ERROR
			return response
		}

	} else if err := p.persistence.SavePushNotificationRegistration(publicKey, registration); err != nil {
		response.Error = protobuf.PushNotificationRegistrationResponse_INTERNAL_ERROR
		return response
	}

	response.Success = true

	return response
}

func decrypt(cyphertext []byte, key []byte) ([]byte, error) {
	if len(cyphertext) < nonceLength {
		return nil, ErrInvalidCiphertextLength
	}

	c, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}

	gcm, err := cipher.NewGCM(c)
	if err != nil {
		return nil, err
	}

	nonce := cyphertext[:nonceLength]
	return gcm.Open(nil, nonce, cyphertext[nonceLength:], nil)
}

func encrypt(plaintext []byte, key []byte, reader io.Reader) ([]byte, error) {
	c, err := aes.NewCipher(key)
	if err != nil {
		return nil, err
	}

	gcm, err := cipher.NewGCM(c)
	if err != nil {
		return nil, err
	}

	nonce := make([]byte, gcm.NonceSize())
	if _, err = io.ReadFull(reader, nonce); err != nil {
		return nil, err
	}

	return gcm.Seal(nonce, nonce, plaintext, nil), nil
}

func shake256(buf []byte) []byte {
	h := make([]byte, 64)
	sha3.ShakeSum256(h, buf)
	return h
}
implement migrations & persistence for pns 2020-07-01 12:04:09 +00:00			`package push_notification_server`
Add skeleton for server and separate namespace for client 2020-06-30 08:30:58 +00:00
			`import (`
			`"errors"`
decrypt push notification preferences 2020-06-30 14:55:24 +00:00			`"io"`
Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00
			`"crypto/aes"`
			`"crypto/cipher"`
			`"crypto/ecdsa"`
implement handle push notification registration 2020-07-02 08:08:19 +00:00			`"golang.org/x/crypto/sha3"`
Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00
decrypt push notification preferences 2020-06-30 14:55:24 +00:00			`"github.com/golang/protobuf/proto"`
remove push notification preferences 2020-07-01 08:37:54 +00:00			`"github.com/google/uuid"`
decrypt push notification preferences 2020-06-30 14:55:24 +00:00
Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00			`"github.com/status-im/status-go/eth-node/crypto/ecies"`
Add skeleton for server and separate namespace for client 2020-06-30 08:30:58 +00:00			`"github.com/status-im/status-go/protocol/protobuf"`
			`)`

Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00			`const encryptedPayloadKeyLength = 16`
			`const nonceLength = 12`

Add skeleton for server and separate namespace for client 2020-06-30 08:30:58 +00:00			`type Config struct {`
			`// Identity is our identity key`
			`Identity *ecdsa.PrivateKey`
			`// GorushUrl is the url for the gorush service`
			`GorushURL string`
			`}`

			`type Server struct {`
Pull push notification options from persistence 2020-07-01 10:09:40 +00:00			`persistence Persistence`
Add skeleton for server and separate namespace for client 2020-06-30 08:30:58 +00:00			`config *Config`
			`}`

Pull push notification options from persistence 2020-07-01 10:09:40 +00:00			`func New(config Config, persistence Persistence) Server {`
			`return &Server{persistence: persistence, config: config}`
Add skeleton for server and separate namespace for client 2020-06-30 08:30:58 +00:00			`}`

decrypt push notification preferences 2020-06-30 14:55:24 +00:00			`func (p Server) generateSharedKey(publicKey ecdsa.PublicKey) ([]byte, error) {`
			`return ecies.ImportECDSA(p.config.Identity).GenerateShared(`
			`ecies.ImportECDSAPublic(publicKey),`
			`encryptedPayloadKeyLength,`
			`encryptedPayloadKeyLength,`
			`)`
			`}`

remove push notification preferences 2020-07-01 08:37:54 +00:00			`func (p *Server) validateUUID(u string) error {`
			`if len(u) == 0 {`
			`return errors.New("empty uuid")`
			`}`
			`_, err := uuid.Parse(u)`
			`return err`
			`}`

Pull push notification options from persistence 2020-07-01 10:09:40 +00:00			`func (p Server) decryptRegistration(publicKey ecdsa.PublicKey, payload []byte) ([]byte, error) {`
			`sharedKey, err := p.generateSharedKey(publicKey)`
			`if err != nil {`
			`return nil, err`
			`}`

			`return decrypt(payload, sharedKey)`
			`}`

Return decrypted options on validation 2020-07-01 08:53:05 +00:00			`// ValidateRegistration validates a new message against the last one received for a given installationID and and public key`
			`// and return the decrypted message`
implement handle push notification registration 2020-07-02 08:08:19 +00:00			`func (p Server) ValidateRegistration(publicKey ecdsa.PublicKey, payload []byte) (*protobuf.PushNotificationRegistration, error) {`
Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00			`if payload == nil {`
implement handle push notification registration 2020-07-02 08:08:19 +00:00			`return nil, ErrEmptyPushNotificationRegistrationPayload`
Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00			`}`

			`if publicKey == nil {`
implement handle push notification registration 2020-07-02 08:08:19 +00:00			`return nil, ErrEmptyPushNotificationRegistrationPublicKey`
Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00			`}`

Pull push notification options from persistence 2020-07-01 10:09:40 +00:00			`decryptedPayload, err := p.decryptRegistration(publicKey, payload)`
Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00			`if err != nil {`
Return decrypted options on validation 2020-07-01 08:53:05 +00:00			`return nil, err`
Add skeleton for server and separate namespace for client 2020-06-30 08:30:58 +00:00			`}`
Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00
implement handle push notification registration 2020-07-02 08:08:19 +00:00			`registration := &protobuf.PushNotificationRegistration{}`
decrypt push notification preferences 2020-06-30 14:55:24 +00:00
implement handle push notification registration 2020-07-02 08:08:19 +00:00			`if err := proto.Unmarshal(decryptedPayload, registration); err != nil {`
			`return nil, ErrCouldNotUnmarshalPushNotificationRegistration`
decrypt push notification preferences 2020-06-30 14:55:24 +00:00			`}`

implement handle push notification registration 2020-07-02 08:08:19 +00:00			`if registration.Version < 1 {`
			`return nil, ErrInvalidPushNotificationRegistrationVersion`
remove push notification preferences 2020-07-01 08:37:54 +00:00			`}`

implement handle push notification registration 2020-07-02 08:08:19 +00:00			`if err := p.validateUUID(registration.InstallationId); err != nil {`
			`return nil, ErrMalformedPushNotificationRegistrationInstallationID`
remove push notification preferences 2020-07-01 08:37:54 +00:00			`}`

implement handle push notification registration 2020-07-02 08:08:19 +00:00			`previousRegistration, err := p.persistence.GetPushNotificationRegistration(publicKey, registration.InstallationId)`
Pull push notification options from persistence 2020-07-01 10:09:40 +00:00			`if err != nil {`
			`return nil, err`
			`}`

implement handle push notification registration 2020-07-02 08:08:19 +00:00			`if previousRegistration != nil && registration.Version <= previousRegistration.Version {`
			`return nil, ErrInvalidPushNotificationRegistrationVersion`
Pull push notification options from persistence 2020-07-01 10:09:40 +00:00			`}`

remove push notification preferences 2020-07-01 08:37:54 +00:00			`// Unregistering message`
implement handle push notification registration 2020-07-02 08:08:19 +00:00			`if registration.Unregister {`
			`return registration, nil`
remove push notification preferences 2020-07-01 08:37:54 +00:00			`}`

implement handle push notification registration 2020-07-02 08:08:19 +00:00			`if err := p.validateUUID(registration.AccessToken); err != nil {`
			`return nil, ErrMalformedPushNotificationRegistrationAccessToken`
remove push notification preferences 2020-07-01 08:37:54 +00:00			`}`

implement handle push notification registration 2020-07-02 08:08:19 +00:00			`if len(registration.Token) == 0 {`
			`return nil, ErrMalformedPushNotificationRegistrationDeviceToken`
decrypt push notification preferences 2020-06-30 14:55:24 +00:00			`}`
Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00
implement handle push notification registration 2020-07-02 08:08:19 +00:00			`return registration, nil`
Add skeleton for server and separate namespace for client 2020-06-30 08:30:58 +00:00			`}`
Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00
implement handle push notification registration 2020-07-02 08:08:19 +00:00			`func (p Server) HandlePushNotificationRegistration(publicKey ecdsa.PublicKey, payload []byte) *protobuf.PushNotificationRegistrationResponse {`
			`response := &protobuf.PushNotificationRegistrationResponse{`
			`RequestId: shake256(payload),`
			`}`

			`registration, err := p.ValidateRegistration(publicKey, payload)`
			`if registration != nil {`
			`}`
Pull push notification options from persistence 2020-07-01 10:09:40 +00:00
			`if err != nil {`
implement handle push notification registration 2020-07-02 08:08:19 +00:00			`if err == ErrInvalidPushNotificationRegistrationVersion {`
			`response.Error = protobuf.PushNotificationRegistrationResponse_VERSION_MISMATCH`
			`} else {`
			`response.Error = protobuf.PushNotificationRegistrationResponse_MALFORMED_MESSAGE`
			`}`
			`return response`
Pull push notification options from persistence 2020-07-01 10:09:40 +00:00			`}`
implement handle push notification registration 2020-07-02 08:08:19 +00:00
			`if registration.Unregister {`
			`// We save an empty registration, only keeping version and installation-id`
			`emptyRegistration := &protobuf.PushNotificationRegistration{`
			`Version: registration.Version,`
			`InstallationId: registration.InstallationId,`
			`}`
			`if err := p.persistence.SavePushNotificationRegistration(publicKey, emptyRegistration); err != nil {`
			`response.Error = protobuf.PushNotificationRegistrationResponse_INTERNAL_ERROR`
			`return response`
			`}`

			`} else if err := p.persistence.SavePushNotificationRegistration(publicKey, registration); err != nil {`
			`response.Error = protobuf.PushNotificationRegistrationResponse_INTERNAL_ERROR`
			`return response`
			`}`

			`response.Success = true`

			`return response`
Pull push notification options from persistence 2020-07-01 10:09:40 +00:00			`}`

Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00			`func decrypt(cyphertext []byte, key []byte) ([]byte, error) {`
			`if len(cyphertext) < nonceLength {`
decrypt push notification preferences 2020-06-30 14:55:24 +00:00			`return nil, ErrInvalidCiphertextLength`
Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00			`}`

			`c, err := aes.NewCipher(key)`
			`if err != nil {`
			`return nil, err`
			`}`

			`gcm, err := cipher.NewGCM(c)`
			`if err != nil {`
			`return nil, err`
			`}`

			`nonce := cyphertext[:nonceLength]`
decrypt push notification preferences 2020-06-30 14:55:24 +00:00			`return gcm.Open(nil, nonce, cyphertext[nonceLength:], nil)`
			`}`

			`func encrypt(plaintext []byte, key []byte, reader io.Reader) ([]byte, error) {`
			`c, err := aes.NewCipher(key)`
			`if err != nil {`
			`return nil, err`
			`}`

			`gcm, err := cipher.NewGCM(c)`
			`if err != nil {`
			`return nil, err`
			`}`

			`nonce := make([]byte, gcm.NonceSize())`
			`if _, err = io.ReadFull(reader, nonce); err != nil {`
			`return nil, err`
			`}`

			`return gcm.Seal(nonce, nonce, plaintext, nil), nil`
Remove PushNotificationRegister as we can use ApplicationMessage as a wrapper 2020-06-30 13:14:25 +00:00			`}`
implement handle push notification registration 2020-07-02 08:08:19 +00:00
			`func shake256(buf []byte) []byte {`
			`h := make([]byte, 64)`
			`sha3.ShakeSum256(h, buf)`
			`return h`
			`}`