Reject SenderCertificates without UUIDs

Additionally, never look up a session by e164 when decrypting sealed-sender messages. This is an API-breaking change for both Java and Swift clients; certain fields and arguments are no longer Optional. On top of that, some tests may need to be updated to provide UUIDs instead of just phone numbers.
2026-05-10 09:02:05 +02:00 · 2021-01-28 15:10:39 -08:00
parent 8ec4e4b835
commit 512d0226bc
13 changed files with 50 additions and 116 deletions
--- a/java/java/src/main/java/org/signal/internal/Native.java
+++ b/java/java/src/main/java/org/signal/internal/Native.java
@@ -163,7 +163,6 @@ public final class Native {
  public static native long SenderCertificate_GetServerCertificate(long cert);
  public static native byte[] SenderCertificate_GetSignature(long handle);
  public static native long SenderCertificate_New(String senderUuid, String senderE164, int senderDeviceId, long senderKey, long expiration, long signerCert, long signerKey);
-  public static native long SenderCertificate_PreferredAddress(long cert, SessionStore sessionStore);
  public static native boolean SenderCertificate_Validate(long cert, long key, long time);

  public static native long SenderKeyDistributionMessage_Deserialize(byte[] data);
--- a/java/java/src/main/java/org/signal/libsignal/metadata/SealedSessionCipher.java
+++ b/java/java/src/main/java/org/signal/libsignal/metadata/SealedSessionCipher.java
@@ -42,7 +42,7 @@ public class SealedSessionCipher {
                             int localDeviceId)
  {
    this.signalProtocolStore = signalProtocolStore;
-    this.localUuidAddress    = localUuid != null ? localUuid.toString() : null;
+    this.localUuidAddress    = localUuid.toString();
    this.localE164Address    = localE164Address;
    this.localDeviceId       = localDeviceId;
  }
@@ -77,7 +77,7 @@ public class SealedSessionCipher {
    }

    boolean isLocalE164 = localE164Address != null && localE164Address.equals(content.getSenderCertificate().getSenderE164().orNull());
-    boolean isLocalUuid = localUuidAddress != null && localUuidAddress.equals(content.getSenderCertificate().getSenderUuid().orNull());
+    boolean isLocalUuid = localUuidAddress.equals(content.getSenderCertificate().getSenderUuid());

    if ((isLocalE164 || isLocalUuid) && content.getSenderCertificate().getSenderDeviceId() == localDeviceId) {
      throw new SelfSendException();
@@ -118,7 +118,7 @@ public class SealedSessionCipher {
  private byte[] decrypt(UnidentifiedSenderMessageContent message)
      throws InvalidVersionException, InvalidMessageException, InvalidKeyException, DuplicateMessageException, InvalidKeyIdException, UntrustedIdentityException, LegacyMessageException, NoSessionException
  {
-    SignalProtocolAddress sender = new SignalProtocolAddress(Native.SenderCertificate_PreferredAddress(message.getSenderCertificate().nativeHandle(), signalProtocolStore));
+    SignalProtocolAddress sender = new SignalProtocolAddress(message.getSenderCertificate().getSenderUuid(), message.getSenderCertificate().getSenderDeviceId());

    switch (message.getType()) {
      case CiphertextMessage.WHISPER_TYPE: return new SessionCipher(signalProtocolStore, sender).decrypt(new SignalMessage(message.getContent()));
@@ -128,19 +128,19 @@ public class SealedSessionCipher {
  }

  public static class DecryptionResult {
-    private final Optional<String> senderUuid;
+    private final String           senderUuid;
    private final Optional<String> senderE164;
    private final int              deviceId;
    private final byte[]           paddedMessage;

-    private DecryptionResult(Optional<String> senderUuid, Optional<String> senderE164, int deviceId, byte[] paddedMessage) {
+    private DecryptionResult(String senderUuid, Optional<String> senderE164, int deviceId, byte[] paddedMessage) {
      this.senderUuid    = senderUuid;
      this.senderE164    = senderE164;
      this.deviceId      = deviceId;
      this.paddedMessage = paddedMessage;
    }

-    public Optional<String> getSenderUuid() {
+    public String getSenderUuid() {
      return senderUuid;
    }

--- a/java/java/src/main/java/org/signal/libsignal/metadata/certificate/SenderCertificate.java
+++ b/java/java/src/main/java/org/signal/libsignal/metadata/certificate/SenderCertificate.java
@@ -43,8 +43,8 @@ public class SenderCertificate {
    return Native.SenderCertificate_GetDeviceId(this.handle);
  }

-  public Optional<String> getSenderUuid() {
-    return Optional.fromNullable(Native.SenderCertificate_GetSenderUuid(this.handle));
+  public String getSenderUuid() {
+    return Native.SenderCertificate_GetSenderUuid(this.handle);
  }

  public Optional<String> getSenderE164() {
@@ -52,7 +52,7 @@ public class SenderCertificate {
  }

  public String getSender() {
-    return getSenderE164().or(getSenderUuid()).orNull();
+    return getSenderE164().or(getSenderUuid());
  }

  public long getExpiration() {