2020-07-01 12:04:09 +00:00
|
|
|
package push_notification_server
|
2020-06-30 08:30:58 +00:00
|
|
|
|
|
|
|
|
import (
|
|
|
|
|
"errors"
|
2020-06-30 14:55:24 +00:00
|
|
|
"io"
|
2020-06-30 13:14:25 +00:00
|
|
|
|
|
|
|
|
"crypto/aes"
|
|
|
|
|
"crypto/cipher"
|
|
|
|
|
"crypto/ecdsa"
|
2020-07-02 08:08:19 +00:00
|
|
|
"golang.org/x/crypto/sha3"
|
2020-06-30 13:14:25 +00:00
|
|
|
|
2020-06-30 14:55:24 +00:00
|
|
|
"github.com/golang/protobuf/proto"
|
2020-07-01 08:37:54 +00:00
|
|
|
"github.com/google/uuid"
|
2020-06-30 14:55:24 +00:00
|
|
|
|
2020-06-30 13:14:25 +00:00
|
|
|
"github.com/status-im/status-go/eth-node/crypto/ecies"
|
2020-06-30 08:30:58 +00:00
|
|
|
"github.com/status-im/status-go/protocol/protobuf"
|
|
|
|
|
)
|
|
|
|
|
|
2020-06-30 13:14:25 +00:00
|
|
|
const encryptedPayloadKeyLength = 16
|
|
|
|
|
const nonceLength = 12
|
|
|
|
|
|
2020-06-30 08:30:58 +00:00
|
|
|
type Config struct {
|
|
|
|
|
// Identity is our identity key
|
|
|
|
|
Identity *ecdsa.PrivateKey
|
|
|
|
|
// GorushUrl is the url for the gorush service
|
|
|
|
|
GorushURL string
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
type Server struct {
|
2020-07-01 10:09:40 +00:00
|
|
|
persistence Persistence
|
2020-06-30 08:30:58 +00:00
|
|
|
config *Config
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-01 10:09:40 +00:00
|
|
|
func New(config *Config, persistence Persistence) *Server {
|
|
|
|
|
return &Server{persistence: persistence, config: config}
|
2020-06-30 08:30:58 +00:00
|
|
|
}
|
|
|
|
|
|
2020-06-30 14:55:24 +00:00
|
|
|
func (p *Server) generateSharedKey(publicKey *ecdsa.PublicKey) ([]byte, error) {
|
|
|
|
|
return ecies.ImportECDSA(p.config.Identity).GenerateShared(
|
|
|
|
|
ecies.ImportECDSAPublic(publicKey),
|
|
|
|
|
encryptedPayloadKeyLength,
|
|
|
|
|
encryptedPayloadKeyLength,
|
|
|
|
|
)
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-01 08:37:54 +00:00
|
|
|
func (p *Server) validateUUID(u string) error {
|
|
|
|
|
if len(u) == 0 {
|
|
|
|
|
return errors.New("empty uuid")
|
|
|
|
|
}
|
|
|
|
|
_, err := uuid.Parse(u)
|
|
|
|
|
return err
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-01 10:09:40 +00:00
|
|
|
func (p *Server) decryptRegistration(publicKey *ecdsa.PublicKey, payload []byte) ([]byte, error) {
|
|
|
|
|
sharedKey, err := p.generateSharedKey(publicKey)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return decrypt(payload, sharedKey)
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-01 08:53:05 +00:00
|
|
|
// ValidateRegistration validates a new message against the last one received for a given installationID and and public key
|
|
|
|
|
// and return the decrypted message
|
2020-07-02 08:08:19 +00:00
|
|
|
func (p *Server) ValidateRegistration(publicKey *ecdsa.PublicKey, payload []byte) (*protobuf.PushNotificationRegistration, error) {
|
2020-06-30 13:14:25 +00:00
|
|
|
if payload == nil {
|
2020-07-02 08:08:19 +00:00
|
|
|
return nil, ErrEmptyPushNotificationRegistrationPayload
|
2020-06-30 13:14:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if publicKey == nil {
|
2020-07-02 08:08:19 +00:00
|
|
|
return nil, ErrEmptyPushNotificationRegistrationPublicKey
|
2020-06-30 13:14:25 +00:00
|
|
|
}
|
|
|
|
|
|
2020-07-01 10:09:40 +00:00
|
|
|
decryptedPayload, err := p.decryptRegistration(publicKey, payload)
|
2020-06-30 13:14:25 +00:00
|
|
|
if err != nil {
|
2020-07-01 08:53:05 +00:00
|
|
|
return nil, err
|
2020-06-30 08:30:58 +00:00
|
|
|
}
|
2020-06-30 13:14:25 +00:00
|
|
|
|
2020-07-02 08:08:19 +00:00
|
|
|
registration := &protobuf.PushNotificationRegistration{}
|
2020-06-30 14:55:24 +00:00
|
|
|
|
2020-07-02 08:08:19 +00:00
|
|
|
if err := proto.Unmarshal(decryptedPayload, registration); err != nil {
|
|
|
|
|
return nil, ErrCouldNotUnmarshalPushNotificationRegistration
|
2020-06-30 14:55:24 +00:00
|
|
|
}
|
|
|
|
|
|
2020-07-02 08:08:19 +00:00
|
|
|
if registration.Version < 1 {
|
|
|
|
|
return nil, ErrInvalidPushNotificationRegistrationVersion
|
2020-07-01 08:37:54 +00:00
|
|
|
}
|
|
|
|
|
|
2020-07-02 08:08:19 +00:00
|
|
|
if err := p.validateUUID(registration.InstallationId); err != nil {
|
|
|
|
|
return nil, ErrMalformedPushNotificationRegistrationInstallationID
|
2020-07-01 08:37:54 +00:00
|
|
|
}
|
|
|
|
|
|
2020-07-02 13:57:50 +00:00
|
|
|
previousRegistration, err := p.persistence.GetPushNotificationRegistrationByPublicKeyAndInstallationID(publicKey, registration.InstallationId)
|
2020-07-01 10:09:40 +00:00
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-02 08:08:19 +00:00
|
|
|
if previousRegistration != nil && registration.Version <= previousRegistration.Version {
|
|
|
|
|
return nil, ErrInvalidPushNotificationRegistrationVersion
|
2020-07-01 10:09:40 +00:00
|
|
|
}
|
|
|
|
|
|
2020-07-01 08:37:54 +00:00
|
|
|
// Unregistering message
|
2020-07-02 08:08:19 +00:00
|
|
|
if registration.Unregister {
|
|
|
|
|
return registration, nil
|
2020-07-01 08:37:54 +00:00
|
|
|
}
|
|
|
|
|
|
2020-07-02 08:08:19 +00:00
|
|
|
if err := p.validateUUID(registration.AccessToken); err != nil {
|
|
|
|
|
return nil, ErrMalformedPushNotificationRegistrationAccessToken
|
2020-07-01 08:37:54 +00:00
|
|
|
}
|
|
|
|
|
|
2020-07-02 08:08:19 +00:00
|
|
|
if len(registration.Token) == 0 {
|
|
|
|
|
return nil, ErrMalformedPushNotificationRegistrationDeviceToken
|
2020-06-30 14:55:24 +00:00
|
|
|
}
|
2020-06-30 13:14:25 +00:00
|
|
|
|
2020-07-02 14:19:21 +00:00
|
|
|
if registration.TokenType == protobuf.PushNotificationRegistration_UNKNOWN_TOKEN_TYPE {
|
|
|
|
|
return nil, ErrUnknownPushNotificationRegistrationTokenType
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-02 08:08:19 +00:00
|
|
|
return registration, nil
|
2020-06-30 08:30:58 +00:00
|
|
|
}
|
2020-06-30 13:14:25 +00:00
|
|
|
|
2020-07-02 13:57:50 +00:00
|
|
|
func (p *Server) HandlePushNotificationQuery(query *protobuf.PushNotificationQuery) *protobuf.PushNotificationQueryResponse {
|
|
|
|
|
response := &protobuf.PushNotificationQueryResponse{}
|
|
|
|
|
if query == nil || len(query.PublicKeys) == 0 {
|
|
|
|
|
return response
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
registrations, err := p.persistence.GetPushNotificationRegistrationByPublicKeys(query.PublicKeys)
|
|
|
|
|
if err != nil {
|
|
|
|
|
// TODO: log errors
|
|
|
|
|
return response
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
for _, idAndResponse := range registrations {
|
|
|
|
|
|
|
|
|
|
registration := idAndResponse.Registration
|
|
|
|
|
info := &protobuf.PushNotificationQueryInfo{
|
|
|
|
|
PublicKey: idAndResponse.ID,
|
|
|
|
|
InstallationId: registration.InstallationId,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if len(registration.AllowedUserList) > 0 {
|
|
|
|
|
info.AllowedUserList = registration.AllowedUserList
|
|
|
|
|
} else {
|
|
|
|
|
info.AccessToken = registration.AccessToken
|
|
|
|
|
}
|
|
|
|
|
response.Info = append(response.Info, info)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
response.Success = true
|
|
|
|
|
return response
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-02 08:08:19 +00:00
|
|
|
func (p *Server) HandlePushNotificationRegistration(publicKey *ecdsa.PublicKey, payload []byte) *protobuf.PushNotificationRegistrationResponse {
|
|
|
|
|
response := &protobuf.PushNotificationRegistrationResponse{
|
|
|
|
|
RequestId: shake256(payload),
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
registration, err := p.ValidateRegistration(publicKey, payload)
|
|
|
|
|
if registration != nil {
|
|
|
|
|
}
|
2020-07-01 10:09:40 +00:00
|
|
|
|
|
|
|
|
if err != nil {
|
2020-07-02 08:08:19 +00:00
|
|
|
if err == ErrInvalidPushNotificationRegistrationVersion {
|
|
|
|
|
response.Error = protobuf.PushNotificationRegistrationResponse_VERSION_MISMATCH
|
|
|
|
|
} else {
|
|
|
|
|
response.Error = protobuf.PushNotificationRegistrationResponse_MALFORMED_MESSAGE
|
|
|
|
|
}
|
|
|
|
|
return response
|
2020-07-01 10:09:40 +00:00
|
|
|
}
|
2020-07-02 08:08:19 +00:00
|
|
|
|
|
|
|
|
if registration.Unregister {
|
|
|
|
|
// We save an empty registration, only keeping version and installation-id
|
|
|
|
|
emptyRegistration := &protobuf.PushNotificationRegistration{
|
|
|
|
|
Version: registration.Version,
|
|
|
|
|
InstallationId: registration.InstallationId,
|
|
|
|
|
}
|
|
|
|
|
if err := p.persistence.SavePushNotificationRegistration(publicKey, emptyRegistration); err != nil {
|
|
|
|
|
response.Error = protobuf.PushNotificationRegistrationResponse_INTERNAL_ERROR
|
|
|
|
|
return response
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
} else if err := p.persistence.SavePushNotificationRegistration(publicKey, registration); err != nil {
|
|
|
|
|
response.Error = protobuf.PushNotificationRegistrationResponse_INTERNAL_ERROR
|
|
|
|
|
return response
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
response.Success = true
|
|
|
|
|
|
|
|
|
|
return response
|
2020-07-01 10:09:40 +00:00
|
|
|
}
|
|
|
|
|
|
2020-06-30 13:14:25 +00:00
|
|
|
func decrypt(cyphertext []byte, key []byte) ([]byte, error) {
|
|
|
|
|
if len(cyphertext) < nonceLength {
|
2020-06-30 14:55:24 +00:00
|
|
|
return nil, ErrInvalidCiphertextLength
|
2020-06-30 13:14:25 +00:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
c, err := aes.NewCipher(key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
gcm, err := cipher.NewGCM(c)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nonce := cyphertext[:nonceLength]
|
2020-06-30 14:55:24 +00:00
|
|
|
return gcm.Open(nil, nonce, cyphertext[nonceLength:], nil)
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
func encrypt(plaintext []byte, key []byte, reader io.Reader) ([]byte, error) {
|
|
|
|
|
c, err := aes.NewCipher(key)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
gcm, err := cipher.NewGCM(c)
|
|
|
|
|
if err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
nonce := make([]byte, gcm.NonceSize())
|
|
|
|
|
if _, err = io.ReadFull(reader, nonce); err != nil {
|
|
|
|
|
return nil, err
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return gcm.Seal(nonce, nonce, plaintext, nil), nil
|
2020-06-30 13:14:25 +00:00
|
|
|
}
|
2020-07-02 08:08:19 +00:00
|
|
|
|
|
|
|
|
func shake256(buf []byte) []byte {
|
|
|
|
|
h := make([]byte, 64)
|
|
|
|
|
sha3.ShakeSum256(h, buf)
|
|
|
|
|
return h
|
|
|
|
|
}
|
