status-im/status-go
2
0
Fork 0
mirror of https://github.com/status-im/status-go.git synced 2025-01-21 20:20:29 +00:00
Code Issues Projects Releases Wiki Activity

Add grant validation

Browse Source
This commit is contained in:
Andrea Maria Piana 2020-07-13 10:53:13 +02:00
parent 83e859c75f
commit 3f4575b802
No known key found for this signature in database
GPG Key ID: AA6CCA6DE0E06424
8 changed files with 236 additions and 64 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
PUSH-NOTIFICATIONS-TODO.txt
View File

@ -2,3 +2,4 @@ Specs changes:
- Use application metadata wrapper
- Encrypt of payload instead of signature + public key of server
- Removed preferencs + each device registers individually
- Add grant

125
protocol/protobuf/push_notifications.pb.go
View File

@ -123,6 +123,7 @@ type PushNotificationRegistration struct {
AllowedUserList [][]byte `protobuf:"bytes,7,rep,name=allowed_user_list,json=allowedUserList,proto3" json:"allowed_user_list,omitempty"`
BlockedChatList [][]byte `protobuf:"bytes,8,rep,name=blocked_chat_list,json=blockedChatList,proto3" json:"blocked_chat_list,omitempty"`
Unregister bool `protobuf:"varint,9,opt,name=unregister,proto3" json:"unregister,omitempty"`
Grant []byte `protobuf:"bytes,10,opt,name=grant,proto3" json:"grant,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@ -216,6 +217,13 @@ func (m *PushNotificationRegistration) GetUnregister() bool {
return false
}
func (m *PushNotificationRegistration) GetGrant() []byte {
if m != nil {
return m.Grant
}
return nil
}
type PushNotificationRegistrationResponse struct {
Success bool `protobuf:"varint,1,opt,name=success,proto3" json:"success,omitempty"`
Error PushNotificationRegistrationResponse_ErrorType `protobuf:"varint,2,opt,name=error,proto3,enum=protobuf.PushNotificationRegistrationResponse_ErrorType" json:"error,omitempty"`
@ -409,6 +417,7 @@ type PushNotificationQueryInfo struct {
InstallationId string `protobuf:"bytes,2,opt,name=installation_id,json=installationId,proto3" json:"installation_id,omitempty"`
PublicKey []byte `protobuf:"bytes,3,opt,name=public_key,json=publicKey,proto3" json:"public_key,omitempty"`
AllowedUserList [][]byte `protobuf:"bytes,4,rep,name=allowed_user_list,json=allowedUserList,proto3" json:"allowed_user_list,omitempty"`
Grant []byte `protobuf:"bytes,5,opt,name=grant,proto3" json:"grant,omitempty"`
XXX_NoUnkeyedLiteral struct{} `json:"-"`
XXX_unrecognized []byte `json:"-"`
XXX_sizecache int32 `json:"-"`
@ -467,6 +476,13 @@ func (m *PushNotificationQueryInfo) GetAllowedUserList() [][]byte {
return nil
}
func (m *PushNotificationQueryInfo) GetGrant() []byte {
if m != nil {
return m.Grant
}
return nil
}
type PushNotificationQueryResponse struct {
Info []*PushNotificationQueryInfo `protobuf:"bytes,1,rep,name=info,proto3" json:"info,omitempty"`
MessageId []byte `protobuf:"bytes,2,opt,name=message_id,json=messageId,proto3" json:"message_id,omitempty"`
@ -770,58 +786,59 @@ func init() {
func init() { proto.RegisterFile("push_notifications.proto", fileDescriptor_200acd86044eaa5d) }
var fileDescriptor_200acd86044eaa5d = []byte{
// 836 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x94, 0x51, 0x6f, 0xe3, 0x44,
0x10, 0xc7, 0xb1, 0x9d, 0x36, 0xf1, 0x34, 0xb4, 0xbe, 0x55, 0xaf, 0x67, 0x4e, 0x1c, 0xe4, 0x0c,
0x12, 0xd1, 0x21, 0x45, 0xa8, 0x48, 0x70, 0xe2, 0x89, 0xd0, 0xba, 0xc5, 0x6a, 0x63, 0x87, 0x8d,
0xc3, 0x09, 0x09, 0xc9, 0x72, 0xe2, 0xcd, 0xc5, 0xaa, 0xcf, 0x36, 0xde, 0xf5, 0xa1, 0x3c, 0x20,
0xf1, 0x09, 0x90, 0x78, 0xe5, 0x53, 0xa0, 0xfb, 0x0e, 0x7c, 0x2f, 0xe4, 0xb5, 0x1d, 0x1c, 0xc7,
0x4d, 0xf3, 0xc0, 0x93, 0x3d, 0xb3, 0x33, 0xbb, 0x3b, 0xbf, 0xd9, 0xf9, 0x83, 0x1a, 0xa7, 0x74,
0xe9, 0x84, 0x11, 0xf3, 0x17, 0xfe, 0xdc, 0x65, 0x7e, 0x14, 0xd2, 0x41, 0x9c, 0x44, 0x2c, 0x42,
0x1d, 0xfe, 0x99, 0xa5, 0x0b, 0xed, 0x1f, 0x09, 0x3e, 0x1c, 0xa7, 0x74, 0x69, 0x56, 0xa2, 0x30,
0x79, 0xed, 0x53, 0x96, 0xf0, 0x7f, 0x64, 0x01, 0xb0, 0xe8, 0x8e, 0x84, 0x0e, 0x5b, 0xc5, 0x44,
0x15, 0x7a, 0x42, 0xff, 0xf8, 0xfc, 0x8b, 0x41, 0x99, 0x3f, 0xd8, 0x95, 0x3b, 0xb0, 0xb3, 0x44,
0x7b, 0x15, 0x13, 0x2c, 0xb3, 0xf2, 0x17, 0x9d, 0xc2, 0x01, 0x37, 0x54, 0xb1, 0x27, 0xf4, 0x65,
0x9c, 0x1b, 0xe8, 0x33, 0x38, 0xf1, 0x43, 0xca, 0xdc, 0x20, 0xe0, 0xa9, 0x8e, 0xef, 0xa9, 0x12,
0x5f, 0x3f, 0xae, 0xba, 0x0d, 0x0f, 0x3d, 0x87, 0xae, 0x3b, 0x9f, 0x13, 0x4a, 0x9d, 0x7c, 0x97,
0x16, 0x8f, 0x3a, 0xca, 0x7d, 0xfc, 0x40, 0xa4, 0x42, 0x9b, 0x84, 0xee, 0x2c, 0x20, 0x9e, 0x7a,
0xd0, 0x13, 0xfa, 0x1d, 0x5c, 0x9a, 0xd9, 0xca, 0x5b, 0x92, 0x50, 0x3f, 0x0a, 0xd5, 0xc3, 0x9e,
0xd0, 0x6f, 0xe1, 0xd2, 0x44, 0x2f, 0xe0, 0x91, 0x1b, 0x04, 0xd1, 0xaf, 0xc4, 0x73, 0x52, 0x4a,
0x12, 0x27, 0xf0, 0x29, 0x53, 0xdb, 0x3d, 0xa9, 0xdf, 0xc5, 0x27, 0xc5, 0xc2, 0x94, 0x92, 0xe4,
0xd6, 0xa7, 0x2c, 0x8b, 0x9d, 0x05, 0xd1, 0xfc, 0x8e, 0x78, 0xce, 0x7c, 0xe9, 0xb2, 0x3c, 0xb6,
0x93, 0xc7, 0x16, 0x0b, 0x17, 0x4b, 0x97, 0xf1, 0xd8, 0x8f, 0x00, 0xd2, 0x30, 0xe1, 0x50, 0x48,
0xa2, 0xca, 0xfc, 0x3a, 0x15, 0x8f, 0x76, 0x05, 0xf2, 0x9a, 0x12, 0x3a, 0x03, 0x34, 0x35, 0x6f,
0x4c, 0xeb, 0x95, 0xe9, 0xd8, 0xd6, 0x8d, 0x6e, 0x3a, 0xf6, 0x4f, 0x63, 0x5d, 0x79, 0x0f, 0xbd,
0x0f, 0xf2, 0x70, 0x5c, 0xf8, 0x14, 0x01, 0x21, 0x38, 0xbe, 0x32, 0xb0, 0xfe, 0xdd, 0x70, 0xa2,
0x17, 0x3e, 0x51, 0x7b, 0x27, 0xc2, 0xa7, 0xbb, 0x7a, 0x81, 0x09, 0x8d, 0xa3, 0x90, 0x92, 0x0c,
0x01, 0x4d, 0x39, 0x2c, 0xde, 0xcc, 0x0e, 0x2e, 0x4d, 0x64, 0xc2, 0x01, 0x49, 0x92, 0x28, 0xe1,
0x8d, 0x39, 0x3e, 0x7f, 0xb9, 0x5f, 0x93, 0xcb, 0x8d, 0x07, 0x7a, 0x96, 0xcb, 0x9b, 0x9d, 0x6f,
0x83, 0x9e, 0x01, 0x24, 0xe4, 0x97, 0x94, 0x50, 0x56, 0x76, 0xb3, 0x8b, 0xe5, 0xc2, 0x63, 0x78,
0xda, 0xef, 0x02, 0xc8, 0xeb, 0x9c, 0x6a, 0xe9, 0x3a, 0xc6, 0x16, 0x2e, 0x4b, 0x7f, 0x0c, 0x8f,
0x46, 0xc3, 0xdb, 0x2b, 0x0b, 0x8f, 0xf4, 0x4b, 0x67, 0xa4, 0x4f, 0x26, 0xc3, 0x6b, 0x5d, 0x11,
0xd0, 0x29, 0x28, 0x3f, 0xea, 0x78, 0x62, 0x58, 0xa6, 0x33, 0x32, 0x26, 0xa3, 0xa1, 0x7d, 0xf1,
0xbd, 0x22, 0xa2, 0xa7, 0x70, 0x36, 0x35, 0x27, 0xd3, 0xf1, 0xd8, 0xc2, 0xb6, 0x7e, 0x59, 0x65,
0x28, 0x65, 0xd0, 0x0c, 0xd3, 0xd6, 0xb1, 0x39, 0xbc, 0xcd, 0x4f, 0x50, 0x5a, 0xda, 0x1f, 0x02,
0x3c, 0xaf, 0xd7, 0x36, 0xf4, 0xde, 0x92, 0x84, 0xf9, 0x94, 0xbc, 0x21, 0x21, 0x33, 0xc2, 0x45,
0x94, 0xd5, 0x11, 0xa7, 0xb3, 0xc0, 0x9f, 0x3b, 0x77, 0x64, 0xc5, 0xa1, 0x75, 0xb1, 0x9c, 0x7b,
0x6e, 0xc8, 0x6a, 0xeb, 0x41, 0x8a, 0xdb, 0x0f, 0x72, 0xdf, 0xc7, 0xad, 0xfd, 0x06, 0xea, 0x45,
0x14, 0x32, 0x77, 0xce, 0x2e, 0x22, 0x8f, 0x6c, 0x5c, 0x05, 0xb9, 0x70, 0xb6, 0x35, 0xcf, 0x8e,
0x1f, 0x2e, 0x22, 0x55, 0xe8, 0x49, 0xfd, 0xa3, 0xf3, 0xcf, 0xef, 0xef, 0xd7, 0x56, 0x4d, 0xf8,
0x34, 0xae, 0x85, 0x64, 0x5e, 0xed, 0x25, 0x3c, 0xae, 0xa7, 0xfe, 0x90, 0x92, 0x64, 0x85, 0x3e,
0x86, 0xa3, 0xff, 0x10, 0x50, 0x7e, 0x60, 0x17, 0xc3, 0x9a, 0x01, 0xd5, 0xde, 0x09, 0xf0, 0x41,
0x63, 0x2a, 0x27, 0x58, 0x47, 0x24, 0xec, 0x85, 0x48, 0x6c, 0x9c, 0xff, 0xcd, 0x6e, 0x48, 0xf5,
0x6e, 0x34, 0xce, 0x71, 0xab, 0x71, 0x8e, 0xb5, 0x3f, 0x05, 0x78, 0xd6, 0x78, 0xe9, 0xf5, 0xb0,
0x7c, 0x0d, 0xad, 0x0a, 0xe1, 0x4f, 0xee, 0x27, 0xbc, 0xae, 0x15, 0xf3, 0x84, 0xec, 0x96, 0x6f,
0x08, 0xa5, 0xee, 0x6b, 0x52, 0x56, 0xd2, 0xc5, 0x72, 0xe1, 0x31, 0xbc, 0xea, 0x10, 0x4a, 0x1b,
0x43, 0xa8, 0xfd, 0x2d, 0x80, 0x52, 0xdf, 0x7c, 0x1f, 0x7e, 0x4f, 0xa0, 0xcd, 0xb5, 0x68, 0xcd,
0xed, 0x30, 0x33, 0x1f, 0xe6, 0xd5, 0xc0, 0xbd, 0xd5, 0xc8, 0x5d, 0x85, 0x76, 0x71, 0x7f, 0x2e,
0xaa, 0x5d, 0x5c, 0x9a, 0x5a, 0x0c, 0x4f, 0xb6, 0x05, 0x82, 0x4f, 0x39, 0xfa, 0x0a, 0x3a, 0xc5,
0xc0, 0xd3, 0x82, 0xe1, 0xd3, 0x1d, 0xaa, 0xb2, 0x8e, 0x7d, 0x00, 0x9f, 0xf6, 0x97, 0x08, 0x67,
0xdb, 0x47, 0xc6, 0x51, 0xc2, 0x76, 0xc8, 0xdb, 0xb7, 0x9b, 0xf2, 0xf6, 0x62, 0x97, 0xbc, 0x65,
0x5b, 0x35, 0x0a, 0xda, 0xff, 0x81, 0x52, 0xfb, 0x79, 0x1f, 0xe1, 0x3b, 0x81, 0xa3, 0x57, 0xd8,
0x32, 0xaf, 0xab, 0xaa, 0x5f, 0x13, 0x30, 0x31, 0xf3, 0x99, 0x96, 0xed, 0x60, 0xfd, 0xda, 0x98,
0xd8, 0x3a, 0xd6, 0x2f, 0x15, 0x49, 0x4b, 0x41, 0xdd, 0x2e, 0xa8, 0x78, 0xcf, 0x9b, 0x5c, 0x85,
0xfa, 0xb3, 0xfc, 0x06, 0xda, 0x09, 0xaf, 0x9d, 0xaa, 0x22, 0xef, 0x56, 0xef, 0x21, 0x48, 0xb8,
0x4c, 0x98, 0x1d, 0xf2, 0xc8, 0x2f, 0xff, 0x0d, 0x00, 0x00, 0xff, 0xff, 0x9e, 0x28, 0xe3, 0xa0,
0x75, 0x08, 0x00, 0x00,
// 856 bytes of a gzipped FileDescriptorProto
0x1f, 0x8b, 0x08, 0x00, 0x00, 0x00, 0x00, 0x00, 0x02, 0xff, 0xac, 0x95, 0xe1, 0x6e, 0xe3, 0x44,
0x10, 0xc7, 0x59, 0x27, 0x6d, 0xe2, 0x69, 0x68, 0x73, 0xab, 0x5e, 0xcf, 0x9c, 0x38, 0xc8, 0x19,
0x24, 0xa2, 0x43, 0x8a, 0x50, 0x91, 0xe0, 0xc4, 0x27, 0x42, 0xeb, 0x16, 0xab, 0x8d, 0x1d, 0x36,
0x2e, 0x27, 0x24, 0x24, 0xcb, 0x89, 0xb7, 0x8d, 0xd5, 0x9c, 0x6d, 0x76, 0xd7, 0x87, 0xf2, 0x01,
0x89, 0x27, 0x40, 0xe2, 0x2b, 0x4f, 0x81, 0x78, 0x0a, 0xde, 0x81, 0x97, 0x41, 0x5e, 0xdb, 0xc1,
0x71, 0x7c, 0x69, 0x3e, 0xf0, 0x29, 0x9e, 0xd9, 0x99, 0xdd, 0x9d, 0xdf, 0xec, 0xfc, 0x03, 0x5a,
0x9c, 0xf0, 0xb9, 0x1b, 0x46, 0x22, 0xb8, 0x0d, 0x66, 0x9e, 0x08, 0xa2, 0x90, 0x0f, 0x62, 0x16,
0x89, 0x08, 0xb7, 0xe5, 0xcf, 0x34, 0xb9, 0xd5, 0xff, 0x69, 0xc0, 0xfb, 0xe3, 0x84, 0xcf, 0xad,
0x52, 0x14, 0xa1, 0x77, 0x01, 0x17, 0x4c, 0x7e, 0x63, 0x1b, 0x40, 0x44, 0xf7, 0x34, 0x74, 0xc5,
0x32, 0xa6, 0x1a, 0xea, 0xa1, 0xfe, 0xe1, 0xe9, 0x67, 0x83, 0x22, 0x7f, 0xb0, 0x2d, 0x77, 0xe0,
0xa4, 0x89, 0xce, 0x32, 0xa6, 0x44, 0x15, 0xc5, 0x27, 0x3e, 0x86, 0x3d, 0x69, 0x68, 0x4a, 0x0f,
0xf5, 0x55, 0x92, 0x19, 0xf8, 0x13, 0x38, 0x0a, 0x42, 0x2e, 0xbc, 0xc5, 0x42, 0xa6, 0xba, 0x81,
0xaf, 0x35, 0xe4, 0xfa, 0x61, 0xd9, 0x6d, 0xfa, 0xf8, 0x39, 0x74, 0xbc, 0xd9, 0x8c, 0x72, 0xee,
0x66, 0xbb, 0x34, 0x65, 0xd4, 0x41, 0xe6, 0x93, 0x07, 0x62, 0x0d, 0x5a, 0x34, 0xf4, 0xa6, 0x0b,
0xea, 0x6b, 0x7b, 0x3d, 0xd4, 0x6f, 0x93, 0xc2, 0x4c, 0x57, 0xde, 0x50, 0xc6, 0x83, 0x28, 0xd4,
0xf6, 0x7b, 0xa8, 0xdf, 0x24, 0x85, 0x89, 0x5f, 0xc0, 0x23, 0x6f, 0xb1, 0x88, 0x7e, 0xa6, 0xbe,
0x9b, 0x70, 0xca, 0xdc, 0x45, 0xc0, 0x85, 0xd6, 0xea, 0x35, 0xfa, 0x1d, 0x72, 0x94, 0x2f, 0xdc,
0x70, 0xca, 0xae, 0x03, 0x2e, 0xd2, 0xd8, 0xe9, 0x22, 0x9a, 0xdd, 0x53, 0xdf, 0x9d, 0xcd, 0x3d,
0x91, 0xc5, 0xb6, 0xb3, 0xd8, 0x7c, 0xe1, 0x6c, 0xee, 0x09, 0x19, 0xfb, 0x01, 0x40, 0x12, 0x32,
0x09, 0x85, 0x32, 0x4d, 0x95, 0xd7, 0x29, 0x79, 0x52, 0x1a, 0x77, 0xcc, 0x0b, 0x85, 0x06, 0x3d,
0xd4, 0xef, 0x90, 0xcc, 0xd0, 0x2f, 0x40, 0x5d, 0xb1, 0xc3, 0x27, 0x80, 0x6f, 0xac, 0x2b, 0xcb,
0x7e, 0x65, 0xb9, 0x8e, 0x7d, 0x65, 0x58, 0xae, 0xf3, 0xc3, 0xd8, 0xe8, 0xbe, 0x83, 0xdf, 0x05,
0x75, 0x38, 0xce, 0x7d, 0x5d, 0x84, 0x31, 0x1c, 0x5e, 0x98, 0xc4, 0xf8, 0x66, 0x38, 0x31, 0x72,
0x9f, 0xa2, 0xff, 0xa5, 0xc0, 0xc7, 0xdb, 0x3a, 0x44, 0x28, 0x8f, 0xa3, 0x90, 0xd3, 0x14, 0x0c,
0x4f, 0x24, 0x42, 0xd9, 0xe2, 0x36, 0x29, 0x4c, 0x6c, 0xc1, 0x1e, 0x65, 0x2c, 0x62, 0xb2, 0x5d,
0x87, 0xa7, 0x2f, 0x77, 0x6b, 0x7d, 0xb1, 0xf1, 0xc0, 0x48, 0x73, 0xe5, 0x13, 0xc8, 0xb6, 0xc1,
0xcf, 0x00, 0x18, 0xfd, 0x29, 0xa1, 0x5c, 0x14, 0x3d, 0xee, 0x10, 0x35, 0xf7, 0x98, 0xbe, 0xfe,
0x2b, 0x02, 0x75, 0x95, 0x53, 0x2e, 0xdd, 0x20, 0xc4, 0x26, 0x45, 0xe9, 0x8f, 0xe1, 0xd1, 0x68,
0x78, 0x7d, 0x61, 0x93, 0x91, 0x71, 0xee, 0x8e, 0x8c, 0xc9, 0x64, 0x78, 0x69, 0x74, 0x11, 0x3e,
0x86, 0xee, 0xf7, 0x06, 0x99, 0x98, 0xb6, 0xe5, 0x8e, 0xcc, 0xc9, 0x68, 0xe8, 0x9c, 0x7d, 0xdb,
0x55, 0xf0, 0x53, 0x38, 0xb9, 0xb1, 0x26, 0x37, 0xe3, 0xb1, 0x4d, 0x1c, 0xe3, 0xbc, 0xcc, 0xb0,
0x91, 0x42, 0x33, 0x2d, 0xc7, 0x20, 0xd6, 0xf0, 0x3a, 0x3b, 0xa1, 0xdb, 0xd4, 0x7f, 0x43, 0xf0,
0xbc, 0x5a, 0xdb, 0xd0, 0x7f, 0x43, 0x99, 0x08, 0x38, 0x7d, 0x4d, 0x43, 0x61, 0x86, 0xb7, 0x51,
0x5a, 0x47, 0x9c, 0x4c, 0x17, 0xc1, 0xcc, 0xbd, 0xa7, 0x4b, 0x09, 0xad, 0x43, 0xd4, 0xcc, 0x73,
0x45, 0x97, 0x1b, 0xcf, 0x54, 0xd9, 0x7c, 0xa6, 0xbb, 0x3e, 0x79, 0xfd, 0x17, 0xd0, 0xce, 0xa2,
0x50, 0x78, 0x33, 0x71, 0x16, 0xf9, 0x74, 0xed, 0x2a, 0xd8, 0x83, 0x93, 0x8d, 0x29, 0x77, 0x83,
0xf0, 0x36, 0xd2, 0x50, 0xaf, 0xd1, 0x3f, 0x38, 0xfd, 0xf4, 0xed, 0xfd, 0xda, 0xa8, 0x89, 0x1c,
0xc7, 0x95, 0x90, 0xd4, 0xab, 0xbf, 0x84, 0xc7, 0xd5, 0xd4, 0xef, 0x12, 0xca, 0x96, 0xf8, 0x43,
0x38, 0xf8, 0x0f, 0x01, 0x97, 0x07, 0x76, 0x08, 0xac, 0x18, 0x70, 0xfd, 0x6f, 0x04, 0xef, 0xd5,
0xa6, 0x4a, 0x82, 0x55, 0x44, 0x68, 0x27, 0x44, 0x4a, 0xad, 0x2a, 0xac, 0x77, 0xa3, 0x51, 0xed,
0x46, 0xed, 0x74, 0x37, 0xeb, 0xa7, 0x7b, 0x35, 0x91, 0x7b, 0xe5, 0x89, 0xfc, 0x1d, 0xc1, 0xb3,
0xda, 0x52, 0x56, 0x23, 0xf4, 0x25, 0x34, 0x4b, 0xdc, 0x3f, 0x7a, 0x3b, 0xf7, 0x15, 0x01, 0x22,
0x13, 0xd2, 0xbb, 0xbf, 0xa6, 0x9c, 0x7b, 0x77, 0xb4, 0xa8, 0xaf, 0x43, 0xd4, 0xdc, 0x63, 0xfa,
0xe5, 0xd1, 0x6c, 0xac, 0x8d, 0xa6, 0xfe, 0x27, 0x82, 0x6e, 0x75, 0xf3, 0x5d, 0xa8, 0x3e, 0x81,
0x96, 0xd4, 0xad, 0x15, 0xcd, 0xfd, 0xd4, 0x7c, 0x98, 0x62, 0x4d, 0x37, 0x9a, 0xb5, 0xdd, 0xd0,
0xa0, 0x95, 0xdf, 0x3f, 0x87, 0x58, 0x98, 0x7a, 0x0c, 0x4f, 0x36, 0x65, 0x43, 0xce, 0x3e, 0xfe,
0x02, 0xda, 0xb9, 0x0c, 0xf0, 0x9c, 0xe1, 0xd3, 0x2d, 0x5a, 0xb3, 0x8a, 0x7d, 0x00, 0x9f, 0xfe,
0x87, 0x02, 0x27, 0x9b, 0x47, 0xc6, 0x11, 0x13, 0x5b, 0x44, 0xef, 0xeb, 0x75, 0xd1, 0x7b, 0xb1,
0x4d, 0xf4, 0xd2, 0xad, 0x6a, 0x65, 0xee, 0xff, 0x40, 0xa9, 0xff, 0xb8, 0x8b, 0x1c, 0x1e, 0xc1,
0xc1, 0x2b, 0x62, 0x5b, 0x97, 0xe5, 0xff, 0x82, 0x8a, 0xac, 0x29, 0xa9, 0xcf, 0xb2, 0x1d, 0x97,
0x18, 0x97, 0xe6, 0xc4, 0x31, 0x88, 0x71, 0xde, 0x6d, 0xe8, 0x09, 0x68, 0x9b, 0x05, 0xe5, 0xef,
0x79, 0x9d, 0x2b, 0xaa, 0x3e, 0xcb, 0xaf, 0xa0, 0xc5, 0x64, 0xed, 0x5c, 0x53, 0x64, 0xb7, 0x7a,
0x0f, 0x41, 0x22, 0x45, 0xc2, 0x74, 0x5f, 0x46, 0x7e, 0xfe, 0x6f, 0x00, 0x00, 0x00, 0xff, 0xff,
0xcc, 0x3e, 0xe7, 0x96, 0xa1, 0x08, 0x00, 0x00,
}

2
protocol/protobuf/push_notifications.proto
View File

@ -17,6 +17,7 @@ message PushNotificationRegistration {
repeated bytes allowed_user_list = 7;
repeated bytes blocked_chat_list = 8;
bool unregister = 9;
bytes grant = 10;
}
message PushNotificationRegistrationResponse {
@ -52,6 +53,7 @@ message PushNotificationQueryInfo {
string installation_id = 2;
bytes public_key = 3;
repeated bytes allowed_user_list = 4;
bytes grant = 5;
}
message PushNotificationQueryResponse {

61
protocol/push_notification_client/push_notification.go → protocol/push_notification_client/client.go
View File

@ -341,11 +341,6 @@ func (c *Client) Register(deviceToken string, contactIDs []*ecdsa.PublicKey, mut
return nil, err
}
marshaledRegistration, err := proto.Marshal(registration)
if err != nil {
return nil, err
}
var serverPublicKeys []*ecdsa.PublicKey
for _, server := range servers {
@ -359,6 +354,20 @@ func (c *Client) Register(deviceToken string, contactIDs []*ecdsa.PublicKey, mut
return nil, err
}
grant, err := c.buildGrantSignature(server.PublicKey, registration.AccessToken)
if err != nil {
c.config.Logger.Error("failed to build grant", zap.Error(err))
return nil, err
}
c.config.Logger.Info("GRANT2", zap.Binary("GRANT", grant))
registration.Grant = grant
marshaledRegistration, err := proto.Marshal(registration)
if err != nil {
return nil, err
}
// Dispatch message
encryptedRegistration, err := c.encryptRegistration(server.PublicKey, marshaledRegistration)
if err != nil {
@ -441,6 +450,40 @@ func (p *Client) HandlePushNotificationAdvertisement(info *protobuf.PushNotifica
return nil
}
// buildGrantSignatureMaterial builds a grant for a specific server.
// We use 3 components:
// 1) The client public key. Not sure this applies to our signature scheme, but best to be conservative. https://crypto.stackexchange.com/questions/15538/given-a-message-and-signature-find-a-public-key-that-makes-the-signature-valid
// 2) The server public key
// 3) The access token
// By verifying this signature, a client can trust the server was instructed to store this access token.
func (c *Client) buildGrantSignatureMaterial(clientPublicKey *ecdsa.PublicKey, serverPublicKey *ecdsa.PublicKey, accessToken string) []byte {
var signatureMaterial []byte
signatureMaterial = append(signatureMaterial, crypto.CompressPubkey(clientPublicKey)...)
signatureMaterial = append(signatureMaterial, crypto.CompressPubkey(serverPublicKey)...)
signatureMaterial = append(signatureMaterial, []byte(accessToken)...)
return crypto.Keccak256(signatureMaterial)
}
func (c *Client) buildGrantSignature(serverPublicKey *ecdsa.PublicKey, accessToken string) ([]byte, error) {
signatureMaterial := c.buildGrantSignatureMaterial(&c.config.Identity.PublicKey, serverPublicKey, accessToken)
return crypto.Sign(signatureMaterial, c.config.Identity)
}
func (c *Client) handleGrant(clientPublicKey *ecdsa.PublicKey, serverPublicKey *ecdsa.PublicKey, grant []byte, accessToken string) error {
signatureMaterial := c.buildGrantSignatureMaterial(clientPublicKey, serverPublicKey, accessToken)
c.config.Logger.Info("GRANT", zap.Binary("GRANT", grant))
extractedPublicKey, err := crypto.SigToPub(signatureMaterial, grant)
if err != nil {
return err
}
if !common.IsPubKeyEqual(clientPublicKey, extractedPublicKey) {
return errors.New("invalid grant")
}
return nil
}
// HandlePushNotificationQueryResponse should update the data in the database for a given user
func (c *Client) HandlePushNotificationQueryResponse(serverPublicKey *ecdsa.PublicKey, response protobuf.PushNotificationQueryResponse) error {
@ -463,6 +506,14 @@ func (c *Client) HandlePushNotificationQueryResponse(serverPublicKey *ecdsa.Publ
c.config.Logger.Warn("reply for different key, ignoring")
continue
}
// We check the user has allowed this server to store this particular
// access token, otherwise anyone could reply with a fake token
// and receive notifications for a user
if err := c.handleGrant(publicKey, serverPublicKey, info.Grant, info.AccessToken); err != nil {
c.config.Logger.Warn("grant verification failed, ignoring", zap.Error(err))
continue
}
pushNotificationInfo = append(pushNotificationInfo, &PushNotificationInfo{
PublicKey: publicKey,
ServerPublicKey: serverPublicKey,

0
protocol/push_notification_client/push_notification_test.go → protocol/push_notification_client/client_test.go
View File

1
protocol/push_notification_server/errors.go
View File

@ -8,5 +8,6 @@ var ErrMalformedPushNotificationRegistrationInstallationID = errors.New("invalid
var ErrEmptyPushNotificationRegistrationPublicKey = errors.New("no public key")
var ErrCouldNotUnmarshalPushNotificationRegistration = errors.New("could not unmarshal preferences")
var ErrMalformedPushNotificationRegistrationDeviceToken = errors.New("invalid device token")
var ErrMalformedPushNotificationRegistrationGrant = errors.New("invalid grant")
var ErrMalformedPushNotificationRegistrationAccessToken = errors.New("invalid access token")
var ErrUnknownPushNotificationRegistrationTokenType = errors.New("invalid token type")

52
protocol/push_notification_server/server.go
View File

@ -9,6 +9,7 @@ import (
"github.com/golang/protobuf/proto"
"github.com/google/uuid"
"github.com/status-im/status-go/eth-node/crypto"
"github.com/status-im/status-go/eth-node/crypto/ecies"
"github.com/status-im/status-go/protocol/common"
"github.com/status-im/status-go/protocol/protobuf"
@ -63,7 +64,7 @@ func (p *Server) decryptRegistration(publicKey *ecdsa.PublicKey, payload []byte)
// ValidateRegistration validates a new message against the last one received for a given installationID and and public key
// and return the decrypted message
func (p *Server) ValidateRegistration(publicKey *ecdsa.PublicKey, payload []byte) (*protobuf.PushNotificationRegistration, error) {
func (s *Server) ValidateRegistration(publicKey *ecdsa.PublicKey, payload []byte) (*protobuf.PushNotificationRegistration, error) {
if payload == nil {
return nil, ErrEmptyPushNotificationRegistrationPayload
}
@ -72,7 +73,7 @@ func (p *Server) ValidateRegistration(publicKey *ecdsa.PublicKey, payload []byte
return nil, ErrEmptyPushNotificationRegistrationPublicKey
}
decryptedPayload, err := p.decryptRegistration(publicKey, payload)
decryptedPayload, err := s.decryptRegistration(publicKey, payload)
if err != nil {
return nil, err
}
@ -87,11 +88,11 @@ func (p *Server) ValidateRegistration(publicKey *ecdsa.PublicKey, payload []byte
return nil, ErrInvalidPushNotificationRegistrationVersion
}
if err := p.validateUUID(registration.InstallationId); err != nil {
if err := s.validateUUID(registration.InstallationId); err != nil {
return nil, ErrMalformedPushNotificationRegistrationInstallationID
}
previousRegistration, err := p.persistence.GetPushNotificationRegistrationByPublicKeyAndInstallationID(common.HashPublicKey(publicKey), registration.InstallationId)
previousRegistration, err := s.persistence.GetPushNotificationRegistrationByPublicKeyAndInstallationID(common.HashPublicKey(publicKey), registration.InstallationId)
if err != nil {
return nil, err
}
@ -105,10 +106,20 @@ func (p *Server) ValidateRegistration(publicKey *ecdsa.PublicKey, payload []byte
return registration, nil
}
if err := p.validateUUID(registration.AccessToken); err != nil {
if err := s.validateUUID(registration.AccessToken); err != nil {
return nil, ErrMalformedPushNotificationRegistrationAccessToken
}
if len(registration.Grant) == 0 {
return nil, ErrMalformedPushNotificationRegistrationGrant
}
if err := s.verifyGrantSignature(publicKey, registration.AccessToken, registration.Grant); err != nil {
s.config.Logger.Error("failed to verify grant", zap.Error(err))
return nil, ErrMalformedPushNotificationRegistrationGrant
}
if len(registration.Token) == 0 {
return nil, ErrMalformedPushNotificationRegistrationDeviceToken
}
@ -139,6 +150,7 @@ func (p *Server) HandlePushNotificationQuery(query *protobuf.PushNotificationQue
registration := idAndResponse.Registration
info := &protobuf.PushNotificationQueryInfo{
PublicKey: idAndResponse.ID,
Grant: registration.Grant,
InstallationId: registration.InstallationId,
}
@ -338,3 +350,33 @@ func (p *Server) HandlePushNotificationRequest2(publicKey *ecdsa.PublicKey,
_, err = p.messageProcessor.SendPrivate(context.Background(), publicKey, rawMessage)
return err
}
// buildGrantSignatureMaterial builds a grant for a specific server.
// We use 3 components:
// 1) The client public key. Not sure this applies to our signature scheme, but best to be conservative. https://crypto.stackexchange.com/questions/15538/given-a-message-and-signature-find-a-public-key-that-makes-the-signature-valid
// 2) The server public key
// 3) The access token
// By verifying this signature, a client can trust the server was instructed to store this access token.
func (s *Server) buildGrantSignatureMaterial(clientPublicKey *ecdsa.PublicKey, serverPublicKey *ecdsa.PublicKey, accessToken string) []byte {
var signatureMaterial []byte
signatureMaterial = append(signatureMaterial, crypto.CompressPubkey(clientPublicKey)...)
signatureMaterial = append(signatureMaterial, crypto.CompressPubkey(serverPublicKey)...)
signatureMaterial = append(signatureMaterial, []byte(accessToken)...)
a := crypto.Keccak256(signatureMaterial)
return a
}
func (s *Server) verifyGrantSignature(clientPublicKey *ecdsa.PublicKey, accessToken string, grant []byte) error {
signatureMaterial := s.buildGrantSignatureMaterial(clientPublicKey, &s.config.Identity.PublicKey, accessToken)
recoveredPublicKey, err := crypto.SigToPub(signatureMaterial, grant)
if err != nil {
return err
}
if !common.IsPubKeyEqual(recoveredPublicKey, clientPublicKey) {
return errors.New("pubkey mismatch")
}
return nil
}

58
protocol/push_notification_server/server_test.go
View File

@ -34,6 +34,7 @@ type ServerSuite struct {
identity *ecdsa.PrivateKey
key *ecdsa.PrivateKey
sharedKey []byte
grant []byte
server *Server
}
@ -64,6 +65,11 @@ func (s *ServerSuite) SetupTest() {
sharedKey, err := s.server.generateSharedKey(&s.key.PublicKey)
s.Require().NoError(err)
s.sharedKey = sharedKey
signatureMaterial := s.server.buildGrantSignatureMaterial(&s.key.PublicKey, &identity.PublicKey, s.accessToken)
grant, err := crypto.Sign(signatureMaterial, s.key)
s.Require().NoError(err)
s.grant = grant
}
@ -104,6 +110,7 @@ func (s *ServerSuite) TestPushNotificationServerValidateRegistration() {
// Missing installationID
payload, err := proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
Grant: s.grant,
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
Version: 1,
})
@ -118,6 +125,7 @@ func (s *ServerSuite) TestPushNotificationServerValidateRegistration() {
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
Grant: s.grant,
InstallationId: "abc",
Version: 1,
})
@ -130,6 +138,7 @@ func (s *ServerSuite) TestPushNotificationServerValidateRegistration() {
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
Grant: s.grant,
InstallationId: s.installationID,
})
s.Require().NoError(err)
@ -142,6 +151,7 @@ func (s *ServerSuite) TestPushNotificationServerValidateRegistration() {
// Version lower than previous one
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
Grant: s.grant,
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
InstallationId: s.installationID,
Version: 1,
@ -154,6 +164,7 @@ func (s *ServerSuite) TestPushNotificationServerValidateRegistration() {
// Setup persistence
s.Require().NoError(s.persistence.SavePushNotificationRegistration(common.HashPublicKey(&s.key.PublicKey), &protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
Grant: s.grant,
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
InstallationId: s.installationID,
Version: 2}))
@ -168,6 +179,7 @@ func (s *ServerSuite) TestPushNotificationServerValidateRegistration() {
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
InstallationId: s.installationID,
Grant: s.grant,
Unregister: true,
Version: 1,
})
@ -181,6 +193,7 @@ func (s *ServerSuite) TestPushNotificationServerValidateRegistration() {
// Missing access token
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
InstallationId: s.installationID,
Grant: s.grant,
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
Version: 1,
})
@ -195,6 +208,7 @@ func (s *ServerSuite) TestPushNotificationServerValidateRegistration() {
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: "bc",
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
Grant: s.grant,
InstallationId: s.installationID,
Version: 1,
})
@ -209,6 +223,7 @@ func (s *ServerSuite) TestPushNotificationServerValidateRegistration() {
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
Grant: s.grant,
InstallationId: s.installationID,
Version: 1,
})
@ -219,10 +234,41 @@ func (s *ServerSuite) TestPushNotificationServerValidateRegistration() {
_, err = s.server.ValidateRegistration(&s.key.PublicKey, cyphertext)
s.Require().Equal(ErrMalformedPushNotificationRegistrationDeviceToken, err)
// Missing grant
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
Token: "device-token",
InstallationId: s.installationID,
Version: 1,
})
s.Require().NoError(err)
cyphertext, err = common.Encrypt(payload, s.sharedKey, rand.Reader)
s.Require().NoError(err)
_, err = s.server.ValidateRegistration(&s.key.PublicKey, cyphertext)
s.Require().Equal(ErrMalformedPushNotificationRegistrationGrant, err)
// Invalid grant
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
Token: "device-token",
Grant: crypto.Keccak256([]byte("invalid")),
InstallationId: s.installationID,
Version: 1,
})
s.Require().NoError(err)
cyphertext, err = common.Encrypt(payload, s.sharedKey, rand.Reader)
s.Require().NoError(err)
_, err = s.server.ValidateRegistration(&s.key.PublicKey, cyphertext)
s.Require().Equal(ErrMalformedPushNotificationRegistrationGrant, err)
// Missing token type
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
Token: "device-token",
Grant: s.grant,
InstallationId: s.installationID,
Version: 1,
})
@ -237,6 +283,7 @@ func (s *ServerSuite) TestPushNotificationServerValidateRegistration() {
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
Token: "abc",
AccessToken: s.accessToken,
Grant: s.grant,
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
InstallationId: s.installationID,
Version: 1,
@ -299,6 +346,7 @@ func (s *ServerSuite) TestPushNotificationHandleRegistration() {
// Missing installationID
payload, err := proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
Grant: s.grant,
Version: 1,
})
s.Require().NoError(err)
@ -314,6 +362,7 @@ func (s *ServerSuite) TestPushNotificationHandleRegistration() {
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
InstallationId: "abc",
Grant: s.grant,
Version: 1,
})
cyphertext, err = common.Encrypt(payload, s.sharedKey, rand.Reader)
@ -326,6 +375,7 @@ func (s *ServerSuite) TestPushNotificationHandleRegistration() {
// Version set to 0
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
Grant: s.grant,
InstallationId: s.installationID,
})
s.Require().NoError(err)
@ -340,6 +390,7 @@ func (s *ServerSuite) TestPushNotificationHandleRegistration() {
// Version lower than previous one
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
Grant: s.grant,
InstallationId: s.installationID,
Version: 1,
})
@ -351,6 +402,7 @@ func (s *ServerSuite) TestPushNotificationHandleRegistration() {
// Setup persistence
s.Require().NoError(s.persistence.SavePushNotificationRegistration(common.HashPublicKey(&s.key.PublicKey), &protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
Grant: s.grant,
InstallationId: s.installationID,
Version: 2}))
@ -365,6 +417,7 @@ func (s *ServerSuite) TestPushNotificationHandleRegistration() {
// Missing access token
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
InstallationId: s.installationID,
Grant: s.grant,
Version: 1,
})
s.Require().NoError(err)
@ -379,6 +432,7 @@ func (s *ServerSuite) TestPushNotificationHandleRegistration() {
// Invalid access token
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: "bc",
Grant: s.grant,
InstallationId: s.installationID,
Version: 1,
})
@ -394,6 +448,7 @@ func (s *ServerSuite) TestPushNotificationHandleRegistration() {
// Missing device token
payload, err = proto.Marshal(&protobuf.PushNotificationRegistration{
AccessToken: s.accessToken,
Grant: s.grant,
InstallationId: s.installationID,
Version: 1,
})
@ -410,6 +465,7 @@ func (s *ServerSuite) TestPushNotificationHandleRegistration() {
registration := &protobuf.PushNotificationRegistration{
Token: "abc",
AccessToken: s.accessToken,
Grant: s.grant,
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
InstallationId: s.installationID,
Version: 1,
@ -461,6 +517,7 @@ func (s *ServerSuite) TestHandlePushNotificationQueryNoFiltering() {
registration := &protobuf.PushNotificationRegistration{
Token: "abc",
AccessToken: s.accessToken,
Grant: s.grant,
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
InstallationId: s.installationID,
Version: 1,
@ -496,6 +553,7 @@ func (s *ServerSuite) TestHandlePushNotificationQueryWithFiltering() {
registration := &protobuf.PushNotificationRegistration{
Token: "abc",
AccessToken: s.accessToken,
Grant: s.grant,
TokenType: protobuf.PushNotificationRegistration_APN_TOKEN,
InstallationId: s.installationID,
AllowedUserList: allowedUserList,