Create call link credential endpoint

2023-05-04 14:33:45 -07:00 · 2023-05-04 14:33:45 -07:00 · 7ba86b40aa
parent b2b0aee4b7
commit 7ba86b40aa
6 changed files with 149 additions and 47 deletions
--- a/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/WhisperServerService.java
@ -467,9 +467,6 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
        config.getArtServiceConfiguration());
    ExternalServiceCredentialsGenerator svr2CredentialsGenerator = SecureValueRecovery2Controller.credentialsGenerator(
        config.getSvr2Configuration());
-    ExternalServiceCredentialsGenerator callLinkCredentialsGenerator = CallLinkController.credentialsGenerator(
-        config.getCallLinkConfiguration()
-    );

    dynamicConfigurationManager.start();

@ -721,7 +718,7 @@ public class WhisperServerService extends Application<WhisperServerConfiguration
        new ArtController(rateLimiters, artCredentialsGenerator),
        new AttachmentControllerV2(rateLimiters, config.getAwsAttachmentsConfiguration().getAccessKey(), config.getAwsAttachmentsConfiguration().getAccessSecret(), config.getAwsAttachmentsConfiguration().getRegion(), config.getAwsAttachmentsConfiguration().getBucket()),
        new AttachmentControllerV3(rateLimiters, config.getGcpAttachmentsConfiguration().getDomain(), config.getGcpAttachmentsConfiguration().getEmail(), config.getGcpAttachmentsConfiguration().getMaxSizeInBytes(), config.getGcpAttachmentsConfiguration().getPathPrefix(), config.getGcpAttachmentsConfiguration().getRsaSigningKey()),
-        new CallLinkController(callLinkCredentialsGenerator),
+        new CallLinkController(rateLimiters, genericZkSecretParams),
        new CertificateController(new CertificateGenerator(config.getDeliveryCertificate().getCertificate(), config.getDeliveryCertificate().getPrivateKey(), config.getDeliveryCertificate().getExpiresDays()), zkAuthOperations, genericZkSecretParams, clock),
        new ChallengeController(rateLimitChallengeManager),
        new DeviceController(pendingDevicesManager, accountsManager, messagesManager, keys, rateLimiters, config.getMaxDevices()),
--- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CallLinkController.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/CallLinkController.java
@ -1,56 +1,74 @@
 package org.whispersystems.textsecuregcm.controllers;

 import com.codahale.metrics.annotation.Timed;
-import com.google.common.annotations.VisibleForTesting;
 import io.dropwizard.auth.Auth;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.responses.ApiResponse;
+import org.signal.libsignal.zkgroup.GenericServerSecretParams;
+import org.signal.libsignal.zkgroup.InvalidInputException;
+import org.signal.libsignal.zkgroup.calllinks.CreateCallLinkCredentialRequest;
 import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
-import org.whispersystems.textsecuregcm.configuration.CallLinkConfiguration;
-import javax.ws.rs.GET;
+import org.whispersystems.textsecuregcm.entities.CreateCallLinkCredential;
+import org.whispersystems.textsecuregcm.entities.GetCreateCallLinkCredentialsRequest;
+import org.whispersystems.textsecuregcm.limits.RateLimiters;
+import javax.validation.constraints.NotNull;
+import javax.ws.rs.BadRequestException;
+import javax.ws.rs.POST;
 import javax.ws.rs.Path;
 import javax.ws.rs.Produces;
 import javax.ws.rs.core.MediaType;
-import java.time.Clock;
+import java.time.Instant;
 import java.time.temporal.ChronoUnit;
-import java.util.Optional;

@Path("/v1/call-link")
@io.swagger.v3.oas.annotations.tags.Tag(name = "CallLink")
 public class CallLinkController {
-  @VisibleForTesting
-  public static final String ANONYMOUS_CREDENTIAL_PREFIX = "anon";
-
-  private final ExternalServiceCredentialsGenerator callingFrontendServiceCredentialGenerator;
+  private final RateLimiters rateLimiters;
+  private final GenericServerSecretParams genericServerSecretParams;

  public CallLinkController(
-      ExternalServiceCredentialsGenerator callingFrontendServiceCredentialGenerator
+      final RateLimiters rateLimiters,
+      final GenericServerSecretParams genericServerSecretParams
  ) {
-    this.callingFrontendServiceCredentialGenerator = callingFrontendServiceCredentialGenerator;
+    this.rateLimiters = rateLimiters;
+    this.genericServerSecretParams = genericServerSecretParams;
  }

-  public static ExternalServiceCredentialsGenerator credentialsGenerator(final CallLinkConfiguration cfg) {
-    return ExternalServiceCredentialsGenerator
-        .builder(cfg.userAuthenticationTokenSharedSecret())
-        .withUsernameTimestampTruncatorAndPrefix(timestamp -> timestamp.truncatedTo(ChronoUnit.DAYS), ANONYMOUS_CREDENTIAL_PREFIX)
-        .build();
-  }
  @Timed
-  @GET
-  @Path("/auth")
+  @POST
+  @Path("/create-auth")
  @Produces(MediaType.APPLICATION_JSON)
  @Operation(
-      summary = "Generate credentials for calling frontend",
+      summary = "Generate a credential for creating call links",
      description = """
-          These credentials enable clients to prove to calling frontend that they were a Signal user within the last day.
-          For client privacy, timestamps are truncated to 1 day granularity and the token does not include or derive from an ACI.
+          Generate a credential over a truncated timestamp, room ID, and account UUID. With zero knowledge
+          group infrastructure, the server does not know the room ID.
          """
  )
  @ApiResponse(responseCode = "200", description = "`JSON` with generated credentials.", useReturnTypeSchema = true)
+  @ApiResponse(responseCode = "400", description = "Invalid create call link credential request.")
  @ApiResponse(responseCode = "401", description = "Account authentication check failed.")
-  public ExternalServiceCredentials getAuth(@Auth AuthenticatedAccount auth) {
-    return callingFrontendServiceCredentialGenerator.generateWithTimestampAsUsername();
+  @ApiResponse(responseCode = "422", description = "Invalid request format.")
+  @ApiResponse(responseCode = "429", description = "Ratelimited.")
+  public CreateCallLinkCredential getCreateAuth(
+      final @Auth AuthenticatedAccount auth,
+      final @NotNull GetCreateCallLinkCredentialsRequest request
+  ) throws RateLimitExceededException {
+
+    rateLimiters.getCreateCallLinkLimiter().validate(auth.getAccount().getUuid());
+
+    final Instant truncatedDayTimestamp = Instant.now().truncatedTo(ChronoUnit.DAYS);
+
+    CreateCallLinkCredentialRequest createCallLinkCredentialRequest;
+    try {
+      createCallLinkCredentialRequest = new CreateCallLinkCredentialRequest(request.createCallLinkCredentialRequest());
+    } catch (InvalidInputException e) {
+      throw new BadRequestException("Invalid create call link credential request", e);
+    }
+
+    return new CreateCallLinkCredential(
+        createCallLinkCredentialRequest.issueCredential(auth.getAccount().getUuid(), truncatedDayTimestamp, genericServerSecretParams).serialize(),
+        truncatedDayTimestamp.getEpochSecond()
+    );
  }
 }
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/CreateCallLinkCredential.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/CreateCallLinkCredential.java
@ -0,0 +1,3 @@
+package org.whispersystems.textsecuregcm.entities;
+
+public record CreateCallLinkCredential(byte[] credential, long redemptionTime){}
--- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/GetCreateCallLinkCredentialsRequest.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/GetCreateCallLinkCredentialsRequest.java
@ -0,0 +1,5 @@
+package org.whispersystems.textsecuregcm.entities;
+
+import javax.validation.constraints.NotNull;
+
+public record GetCreateCallLinkCredentialsRequest(@NotNull byte[] createCallLinkCredentialRequest) {}
--- a/service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimiters.java
+++ b/service/src/main/java/org/whispersystems/textsecuregcm/limits/RateLimiters.java
@ -73,6 +73,8 @@ public class RateLimiters extends BaseRateLimiters<RateLimiters.For> {
    PUSH_CHALLENGE_ATTEMPT("pushChallengeAttempt", true, new RateLimiterConfig(10, 10.0 / (60 * 24))),

    PUSH_CHALLENGE_SUCCESS("pushChallengeSuccess", true, new RateLimiterConfig(2, 2.0 / (60 * 24))),
+
+    CREATE_CALL_LINK("createCallLink", false, new RateLimiterConfig(100, 100 / (60 * 24)));
    ;

    private final String id;
@ -232,4 +234,8 @@ public class RateLimiters extends BaseRateLimiters<RateLimiters.For> {
  public RateLimiter getVerificationCaptchaLimiter() {
    return forDescriptor(For.VERIFICATION_CAPTCHA);
  }
+
+  public RateLimiter getCreateCallLinkLimiter() {
+    return forDescriptor(For.CREATE_CALL_LINK);
+  }
 }
--- a/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/CallLinkControllerTest.java
+++ b/service/src/test/java/org/whispersystems/textsecuregcm/tests/controllers/CallLinkControllerTest.java
@ -1,44 +1,117 @@
 package org.whispersystems.textsecuregcm.tests.controllers;

+import com.google.common.collect.ImmutableSet;
+import io.dropwizard.auth.PolymorphicAuthValueFactoryProvider;
 import io.dropwizard.testing.junit5.DropwizardExtensionsSupport;
 import io.dropwizard.testing.junit5.ResourceExtension;
 import org.glassfish.jersey.test.grizzly.GrizzlyWebTestContainerFactory;
+import org.junit.jupiter.api.BeforeEach;
 import org.junit.jupiter.api.Test;
 import org.junit.jupiter.api.extension.ExtendWith;
-import org.mockito.Mockito;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentials;
-import org.whispersystems.textsecuregcm.auth.ExternalServiceCredentialsGenerator;
-import org.whispersystems.textsecuregcm.configuration.CallLinkConfiguration;
+
+import org.signal.libsignal.protocol.util.Hex;
+import org.signal.libsignal.zkgroup.GenericServerSecretParams;
+import org.signal.libsignal.zkgroup.calllinks.CreateCallLinkCredentialRequestContext;
+import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount;
+import org.whispersystems.textsecuregcm.auth.DisabledPermittedAuthenticatedAccount;
 import org.whispersystems.textsecuregcm.controllers.CallLinkController;
+import org.whispersystems.textsecuregcm.controllers.RateLimitExceededException;
+import org.whispersystems.textsecuregcm.entities.GetCreateCallLinkCredentialsRequest;
+import org.whispersystems.textsecuregcm.limits.RateLimiter;
+import org.whispersystems.textsecuregcm.limits.RateLimiters;
+import org.whispersystems.textsecuregcm.mappers.RateLimitExceededExceptionMapper;
 import org.whispersystems.textsecuregcm.tests.util.AuthHelper;
-import org.whispersystems.textsecuregcm.util.MockUtils;
 import org.whispersystems.textsecuregcm.util.SystemMapper;

+import javax.ws.rs.client.Entity;
+import javax.ws.rs.core.Response;
+
 import static org.assertj.core.api.AssertionsForClassTypes.assertThat;
+import static org.mockito.Mockito.doThrow;
+import static org.mockito.Mockito.mock;
+import static org.mockito.Mockito.when;

@ExtendWith(DropwizardExtensionsSupport.class)
 public class CallLinkControllerTest {
-  private static final CallLinkConfiguration callLinkConfiguration = MockUtils.buildMock(
-      CallLinkConfiguration.class,
-      cfg -> Mockito.when(cfg.userAuthenticationTokenSharedSecret()).thenReturn(new byte[32])
-  );
-  private static final ExternalServiceCredentialsGenerator callLinkCredentialsGenerator = CallLinkController.credentialsGenerator(callLinkConfiguration);
+  private static final GenericServerSecretParams genericServerSecretParams = GenericServerSecretParams.generate();
+  private static final RateLimiters rateLimiters = mock(RateLimiters.class);
+  private static final RateLimiter createCallLinkLimiter = mock(RateLimiter.class);
+  private static final byte[] roomId = Hex.fromStringCondensedAssert("c8c9cacbcccdcecfd0d1d2d3d4d5d6d7d8d9dadbdcdddedfe0e1e2e3e4e5e6e7");
+  private static final CreateCallLinkCredentialRequestContext createCallLinkRequestContext = CreateCallLinkCredentialRequestContext.forRoom(roomId);
+  private static final byte[] createCallLinkRequestSerialized = createCallLinkRequestContext.getRequest().serialize();

  private static final ResourceExtension resources = ResourceExtension.builder()
+      .addProvider(AuthHelper.getAuthFilter())
+      .addProvider(new PolymorphicAuthValueFactoryProvider.Binder<>(
+          ImmutableSet.of(AuthenticatedAccount.class, DisabledPermittedAuthenticatedAccount.class)))
+      .addProvider(new RateLimitExceededExceptionMapper())
      .setMapper(SystemMapper.jsonMapper())
      .setTestContainerFactory(new GrizzlyWebTestContainerFactory())
-      .addResource(new CallLinkController(callLinkCredentialsGenerator))
+      .addResource(new CallLinkController(rateLimiters, genericServerSecretParams))
      .build();

+  @BeforeEach
+  void setup() {
+    when(rateLimiters.getCreateCallLinkLimiter()).thenReturn(createCallLinkLimiter);
+  }
+
  @Test
-  void testGetAuth() {
-    ExternalServiceCredentials credentials = resources.getJerseyTest()
-        .target("/v1/call-link/auth")
+  void testGetCreateAuth() {
+    try (Response response = resources.getJerseyTest()
+        .target("/v1/call-link/create-auth")
        .request()
        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
-        .get(ExternalServiceCredentials.class);
+        .post(Entity.json(new GetCreateCallLinkCredentialsRequest(createCallLinkRequestSerialized)))) {
+      assertThat(response.getStatus()).isEqualTo(200);
+    }
+  }

-    assertThat(credentials.username()).isNotEmpty();
-    assertThat(credentials.password()).isNotEmpty();
+  @Test
+  void testGetCreateAuthInvalidInput() {
+    try (Response response = resources.getJerseyTest()
+        .target("/v1/call-link/create-auth")
+        .request()
+        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
+        .post(Entity.json(new GetCreateCallLinkCredentialsRequest(new byte[10])))) {
+      assertThat(response.getStatus()).isEqualTo(400);
+    }
+  }
+
+  @Test
+  void testGetCreateAuthInvalidAuth() {
+    try (Response response = resources.getJerseyTest()
+        .target("/v1/call-link/create-auth")
+        .request()
+        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.INVALID_UUID, AuthHelper.VALID_PASSWORD))
+        .post(Entity.json(new GetCreateCallLinkCredentialsRequest(createCallLinkRequestSerialized)))) {
+      assertThat(response.getStatus()).isEqualTo(401);
+    }
+  }
+
+  @Test
+  void testGetCreateAuthInvalidRequest() {
+    try (Response response = resources.getJerseyTest()
+        .target("/v1/call-link/create-auth")
+        .request()
+        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
+        .post(Entity.json(""))) {
+
+      assertThat(response.getStatus()).isEqualTo(422);
+    }
+  }
+
+  @Test
+  void testGetCreateAuthRatelimited() throws RateLimitExceededException{
+    doThrow(new RateLimitExceededException(null, false))
+        .when(createCallLinkLimiter).validate(AuthHelper.VALID_UUID);
+
+    try (Response response = resources.getJerseyTest()
+        .target("/v1/call-link/create-auth")
+        .request()
+        .header("Authorization", AuthHelper.getAuthHeader(AuthHelper.VALID_UUID, AuthHelper.VALID_PASSWORD))
+        .post(Entity.json(new GetCreateCallLinkCredentialsRequest(createCallLinkRequestSerialized)))) {
+
+      assertThat(response.getStatus()).isEqualTo(429);
+    }
  }
 }