From ac0c8b1e9a59e9aa0ef9f8e0761c05274e8a5c74 Mon Sep 17 00:00:00 2001 From: Jon Chambers Date: Thu, 19 Oct 2023 13:28:44 -0400 Subject: [PATCH] Introduce a canonical constant for UAK length --- .../java/org/signal/integration/TestUser.java | 3 +- .../CombinedUnidentifiedSenderAccessKeys.java | 2 +- .../auth/UnidentifiedAccessChecksum.java | 2 +- .../auth/UnidentifiedAccessUtil.java | 2 + .../controllers/MessageController.java | 7 +- .../entities/AccountAttributes.java | 3 +- .../auth/UnidentifiedAccessUtilTest.java | 2 +- .../controllers/MessageControllerTest.java | 3 +- .../grpc/KeysAnonymousGrpcServiceTest.java | 7 +- .../grpc/ProfileAnonymousGrpcServiceTest.java | 21 ++-- .../grpc/ProfileGrpcServiceTest.java | 3 +- ...ConcurrentModificationIntegrationTest.java | 3 +- .../storage/AccountsManagerTest.java | 99 ++++++++++--------- .../textsecuregcm/storage/AccountsTest.java | 3 +- 14 files changed, 86 insertions(+), 74 deletions(-) diff --git a/integration-tests/src/main/java/org/signal/integration/TestUser.java b/integration-tests/src/main/java/org/signal/integration/TestUser.java index 9abfcb7ea..8925ba5b5 100644 --- a/integration-tests/src/main/java/org/signal/integration/TestUser.java +++ b/integration-tests/src/main/java/org/signal/integration/TestUser.java @@ -20,6 +20,7 @@ import org.signal.libsignal.protocol.IdentityKeyPair; import org.signal.libsignal.protocol.ecc.ECPublicKey; import org.signal.libsignal.protocol.state.SignedPreKeyRecord; import org.signal.libsignal.protocol.util.KeyHelper; +import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessUtil; import org.whispersystems.textsecuregcm.entities.AccountAttributes; import org.whispersystems.textsecuregcm.storage.Device; @@ -54,7 +55,7 @@ public class TestUser { // registration id final int registrationId = KeyHelper.generateRegistrationId(false); // uak - final byte[] unidentifiedAccessKey = RandomUtils.nextBytes(16); + final byte[] unidentifiedAccessKey = RandomUtils.nextBytes(UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH); return new TestUser( registrationId, diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/auth/CombinedUnidentifiedSenderAccessKeys.java b/service/src/main/java/org/whispersystems/textsecuregcm/auth/CombinedUnidentifiedSenderAccessKeys.java index f101692bf..869be2d55 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/CombinedUnidentifiedSenderAccessKeys.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/CombinedUnidentifiedSenderAccessKeys.java @@ -16,7 +16,7 @@ public class CombinedUnidentifiedSenderAccessKeys { public CombinedUnidentifiedSenderAccessKeys(String header) { try { this.combinedUnidentifiedSenderAccessKeys = Base64.getDecoder().decode(header); - if (this.combinedUnidentifiedSenderAccessKeys == null || this.combinedUnidentifiedSenderAccessKeys.length != 16) { + if (this.combinedUnidentifiedSenderAccessKeys == null || this.combinedUnidentifiedSenderAccessKeys.length != UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH) { throw new WebApplicationException("Invalid combined unidentified sender access keys", Status.UNAUTHORIZED); } } catch (IllegalArgumentException e) { diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessChecksum.java b/service/src/main/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessChecksum.java index 3124e2713..7f558988a 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessChecksum.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessChecksum.java @@ -14,7 +14,7 @@ public class UnidentifiedAccessChecksum { public static byte[] generateFor(byte[] unidentifiedAccessKey) { try { - if (unidentifiedAccessKey.length != 16) { + if (unidentifiedAccessKey.length != UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH) { throw new IllegalArgumentException("Invalid UAK length: " + unidentifiedAccessKey.length); } diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessUtil.java b/service/src/main/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessUtil.java index 32283170a..dccfab6e9 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessUtil.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessUtil.java @@ -10,6 +10,8 @@ import java.security.MessageDigest; public class UnidentifiedAccessUtil { + public static final int UNIDENTIFIED_ACCESS_KEY_LENGTH = 16; + private UnidentifiedAccessUtil() { } diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java index 85f4ab601..0136b4fbe 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/controllers/MessageController.java @@ -67,6 +67,7 @@ import org.whispersystems.textsecuregcm.auth.Anonymous; import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount; import org.whispersystems.textsecuregcm.auth.CombinedUnidentifiedSenderAccessKeys; import org.whispersystems.textsecuregcm.auth.OptionalAccess; +import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessUtil; import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration; import org.whispersystems.textsecuregcm.entities.AccountMismatchedDevices; import org.whispersystems.textsecuregcm.entities.AccountStaleDevices; @@ -492,8 +493,8 @@ public class MessageController { throw new WebApplicationException(Status.UNAUTHORIZED); } AtomicBoolean throwUnauthorized = new AtomicBoolean(false); - byte[] empty = new byte[16]; - final Optional UNRESTRICTED_UNIDENTIFIED_ACCESS_KEY = Optional.of(new byte[16]); + byte[] empty = new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]; + final Optional UNRESTRICTED_UNIDENTIFIED_ACCESS_KEY = Optional.of(new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); byte[] combinedUnknownAccessKeys = destinationAccounts.stream() .map(account -> { if (account.isUnrestrictedUnidentifiedAccess()) { @@ -509,7 +510,7 @@ public class MessageController { } return accessKey.get(); }) - .reduce(new byte[16], (bytes, bytes2) -> { + .reduce(new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH], (bytes, bytes2) -> { if (bytes.length != bytes2.length) { throwUnauthorized.set(true); return bytes; diff --git a/service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountAttributes.java b/service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountAttributes.java index 6f256c1a9..1e785582f 100644 --- a/service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountAttributes.java +++ b/service/src/main/java/org/whispersystems/textsecuregcm/entities/AccountAttributes.java @@ -11,6 +11,7 @@ import java.util.Optional; import java.util.OptionalInt; import javax.annotation.Nullable; import javax.validation.constraints.Size; +import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessUtil; import org.whispersystems.textsecuregcm.storage.Device.DeviceCapabilities; import org.whispersystems.textsecuregcm.util.ByteArrayAdapter; import org.whispersystems.textsecuregcm.util.ExactlySize; @@ -34,7 +35,7 @@ public class AccountAttributes { private String registrationLock; @JsonProperty - @ExactlySize({0, 16}) + @ExactlySize({0, UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH}) private byte[] unidentifiedAccessKey; @JsonProperty diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessUtilTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessUtilTest.java index 993974b07..ca6338ba4 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessUtilTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/auth/UnidentifiedAccessUtilTest.java @@ -35,7 +35,7 @@ class UnidentifiedAccessUtilTest { } private static Stream checkUnidentifiedAccess() { - final byte[] uak = new byte[16]; + final byte[] uak = new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]; new SecureRandom().nextBytes(uak); final byte[] incorrectUak = new byte[uak.length + 1]; diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/MessageControllerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/MessageControllerTest.java index a4d84d3cd..34890fc81 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/controllers/MessageControllerTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/controllers/MessageControllerTest.java @@ -80,6 +80,7 @@ import org.signal.libsignal.protocol.ecc.ECKeyPair; import org.whispersystems.textsecuregcm.auth.AuthenticatedAccount; import org.whispersystems.textsecuregcm.auth.DisabledPermittedAuthenticatedAccount; import org.whispersystems.textsecuregcm.auth.OptionalAccess; +import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessUtil; import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration; import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicInboundMessageByteLimitConfiguration; import org.whispersystems.textsecuregcm.entities.AccountMismatchedDevices; @@ -1170,7 +1171,7 @@ class MessageControllerTest { // This looks weird, but there is a method to the madness. // new bytes[16] is equivalent to UNIDENTIFIED_ACCESS_BYTES ^ UNIDENTIFIED_ACCESS_BYTES // (i.e. we need to XOR all the access keys together) - String accessBytes = Base64.getEncoder().encodeToString(new byte[16]); + String accessBytes = Base64.getEncoder().encodeToString(new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); // start building the request Invocation.Builder bldr = resources diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/grpc/KeysAnonymousGrpcServiceTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/grpc/KeysAnonymousGrpcServiceTest.java index f66dc08ff..2c2e3cc1d 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/grpc/KeysAnonymousGrpcServiceTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/grpc/KeysAnonymousGrpcServiceTest.java @@ -42,6 +42,7 @@ import org.signal.libsignal.protocol.IdentityKey; import org.signal.libsignal.protocol.InvalidKeyException; import org.signal.libsignal.protocol.ecc.Curve; import org.signal.libsignal.protocol.ecc.ECKeyPair; +import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessUtil; import org.whispersystems.textsecuregcm.entities.ECPreKey; import org.whispersystems.textsecuregcm.entities.ECSignedPreKey; import org.whispersystems.textsecuregcm.entities.KEMSignedPreKey; @@ -79,7 +80,7 @@ class KeysAnonymousGrpcServiceTest extends SimpleBaseGrpcTest()), a -> { - a.setUnidentifiedAccessKey(new byte[16]); + a.setUnidentifiedAccessKey(new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); a.removeDevice(1); a.addDevice(DevicesHelper.createDevice(1)); }); diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerTest.java index 7da82dd22..54db1e888 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsManagerTest.java @@ -61,6 +61,7 @@ import org.mockito.stubbing.Answer; import org.signal.libsignal.protocol.IdentityKey; import org.signal.libsignal.protocol.ecc.Curve; import org.signal.libsignal.protocol.ecc.ECKeyPair; +import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessUtil; import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration; import org.whispersystems.textsecuregcm.controllers.MismatchedDevicesException; import org.whispersystems.textsecuregcm.entities.AccountAttributes; @@ -425,7 +426,7 @@ class AccountsManagerTest { void testGetAccountByNumberNotInCache() { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(commands.get(eq("AccountMap::+14152222222"))).thenReturn(null); when(accounts.getByE164(eq("+14152222222"))).thenReturn(Optional.of(account)); @@ -449,7 +450,7 @@ class AccountsManagerTest { void testGetAccountByNumberNotInCacheAsync() { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(asyncCommands.get(eq("AccountMap::+14152222222"))).thenReturn(MockRedisFuture.completedFuture(null)); when(asyncCommands.setex(any(), anyLong(), any())).thenReturn(MockRedisFuture.completedFuture("OK")); @@ -475,7 +476,7 @@ class AccountsManagerTest { void testGetAccountByUuidNotInCache() { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(commands.get(eq("Account3::" + uuid))).thenReturn(null); when(accounts.getByAccountIdentifier(eq(uuid))).thenReturn(Optional.of(account)); @@ -499,7 +500,7 @@ class AccountsManagerTest { void testGetAccountByUuidNotInCacheAsync() { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(asyncCommands.get(eq("Account3::" + uuid))).thenReturn(MockRedisFuture.completedFuture(null)); when(asyncCommands.setex(any(), anyLong(), any())).thenReturn(MockRedisFuture.completedFuture("OK")); @@ -526,7 +527,7 @@ class AccountsManagerTest { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(commands.get(eq("AccountMap::" + pni))).thenReturn(null); when(accounts.getByPhoneNumberIdentifier(pni)).thenReturn(Optional.of(account)); @@ -551,7 +552,7 @@ class AccountsManagerTest { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(asyncCommands.get(eq("AccountMap::" + pni))).thenReturn(MockRedisFuture.completedFuture(null)); when(asyncCommands.setex(any(), anyLong(), any())).thenReturn(MockRedisFuture.completedFuture("OK")); @@ -577,7 +578,7 @@ class AccountsManagerTest { void testGetAccountByUsernameHashNotInCache() { UUID uuid = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); account.setUsernameHash(USERNAME_HASH_1); when(asyncCommands.get(eq("UAccountMap::" + BASE_64_URL_USERNAME_HASH_1))) @@ -606,7 +607,7 @@ class AccountsManagerTest { void testGetAccountByNumberBrokenCache() { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(commands.get(eq("AccountMap::+14152222222"))).thenThrow(new RedisException("Connection lost!")); when(accounts.getByE164(eq("+14152222222"))).thenReturn(Optional.of(account)); @@ -630,7 +631,7 @@ class AccountsManagerTest { void testGetAccountByNumberBrokenCacheAsync() { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(asyncCommands.get(eq("AccountMap::+14152222222"))) .thenReturn(MockRedisFuture.failedFuture(new RedisException("Connection lost!"))); @@ -658,7 +659,7 @@ class AccountsManagerTest { void testGetAccountByUuidBrokenCache() { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(commands.get(eq("Account3::" + uuid))).thenThrow(new RedisException("Connection lost!")); when(accounts.getByAccountIdentifier(eq(uuid))).thenReturn(Optional.of(account)); @@ -682,7 +683,7 @@ class AccountsManagerTest { void testGetAccountByUuidBrokenCacheAsync() { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(asyncCommands.get(eq("Account3::" + uuid))) .thenReturn(MockRedisFuture.failedFuture(new RedisException("Connection lost!"))); @@ -712,7 +713,7 @@ class AccountsManagerTest { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(commands.get(eq("AccountMap::" + pni))).thenThrow(new RedisException("OH NO")); when(accounts.getByPhoneNumberIdentifier(pni)).thenReturn(Optional.of(account)); @@ -737,7 +738,7 @@ class AccountsManagerTest { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(asyncCommands.get(eq("AccountMap::" + pni))) .thenReturn(MockRedisFuture.failedFuture(new RedisException("OH NO"))); @@ -766,7 +767,7 @@ class AccountsManagerTest { void testGetAccountByUsernameBrokenCache() { UUID uuid = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); account.setUsernameHash(USERNAME_HASH_1); when(asyncCommands.get(eq("UAccountMap::" + BASE_64_URL_USERNAME_HASH_1))) @@ -795,12 +796,12 @@ class AccountsManagerTest { void testUpdate_optimisticLockingFailure() { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(commands.get(eq("Account3::" + uuid))).thenReturn(null); when(accounts.getByAccountIdentifier(uuid)).thenReturn( - Optional.of(AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]))); + Optional.of(AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]))); doThrow(ContestedOptimisticLockException.class) .doAnswer(ACCOUNT_UPDATE_ANSWER) .when(accounts).update(any()); @@ -821,12 +822,12 @@ class AccountsManagerTest { void testUpdateAsync_optimisticLockingFailure() { UUID uuid = UUID.randomUUID(); UUID pni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(asyncCommands.get(eq("Account3::" + uuid))).thenReturn(null); when(accounts.getByAccountIdentifierAsync(uuid)).thenReturn(CompletableFuture.completedFuture( - Optional.of(AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[16])))); + Optional.of(AccountsHelper.generateTestAccount("+14152222222", uuid, pni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH])))); when(accounts.updateAsync(any())) .thenReturn(CompletableFuture.failedFuture(new ContestedOptimisticLockException())) @@ -847,7 +848,7 @@ class AccountsManagerTest { @Test void testUpdate_dynamoOptimisticLockingFailureDuringCreate() { UUID uuid = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(commands.get(eq("Account3::" + uuid))).thenReturn(null); when(accounts.getByAccountIdentifier(uuid)).thenReturn(Optional.empty()) @@ -864,10 +865,10 @@ class AccountsManagerTest { @Test void testUpdateDevice() { final UUID uuid = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(accounts.getByAccountIdentifier(uuid)).thenReturn( - Optional.of(AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[16]))); + Optional.of(AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]))); assertTrue(account.getDevices().isEmpty()); @@ -897,10 +898,10 @@ class AccountsManagerTest { @Test void testUpdateDeviceAsync() { final UUID uuid = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(accounts.getByAccountIdentifierAsync(uuid)).thenReturn(CompletableFuture.completedFuture( - Optional.of(AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[16])))); + Optional.of(AccountsHelper.generateTestAccount("+14152222222", uuid, UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH])))); assertTrue(account.getDevices().isEmpty()); @@ -1007,7 +1008,7 @@ class AccountsManagerTest { @ParameterizedTest @MethodSource void testUpdateDeviceLastSeen(final boolean expectUpdate, final long initialLastSeen, final long updatedLastSeen) { - final Account account = AccountsHelper.generateTestAccount("+14152222222", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[16]); + final Account account = AccountsHelper.generateTestAccount("+14152222222", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); final Device device = generateTestDevice(initialLastSeen); account.addDevice(device); @@ -1033,7 +1034,7 @@ class AccountsManagerTest { final UUID uuid = UUID.randomUUID(); final UUID originalPni = UUID.randomUUID(); - Account account = AccountsHelper.generateTestAccount(originalNumber, uuid, originalPni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount(originalNumber, uuid, originalPni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); account = accountsManager.changeNumber(account, targetNumber, null, null, null, null); assertEquals(targetNumber, account.getNumber()); @@ -1048,7 +1049,7 @@ class AccountsManagerTest { void testChangePhoneNumberSameNumber() throws InterruptedException, MismatchedDevicesException { final String number = "+14152222222"; - Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); account = accountsManager.changeNumber(account, number, null, null, null, null); assertEquals(number, account.getNumber()); @@ -1059,7 +1060,7 @@ class AccountsManagerTest { void testChangePhoneNumberSameNumberWithPniData() { final String number = "+14152222222"; - Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); final ECKeyPair pniIdentityKeyPair = Curve.generateKeyPair(); assertThrows(IllegalArgumentException.class, () -> accountsManager.changeNumber( @@ -1079,10 +1080,10 @@ class AccountsManagerTest { final UUID originalPni = UUID.randomUUID(); final UUID targetPni = UUID.randomUUID(); - final Account existingAccount = AccountsHelper.generateTestAccount(targetNumber, existingAccountUuid, targetPni, new ArrayList<>(), new byte[16]); + final Account existingAccount = AccountsHelper.generateTestAccount(targetNumber, existingAccountUuid, targetPni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(accounts.getByE164(targetNumber)).thenReturn(Optional.of(existingAccount)); - Account account = AccountsHelper.generateTestAccount(originalNumber, uuid, originalPni, new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount(originalNumber, uuid, originalPni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); account = accountsManager.changeNumber(account, targetNumber, null, null, null, null); assertEquals(targetNumber, account.getNumber()); @@ -1115,12 +1116,12 @@ class AccountsManagerTest { 2L, KeysHelper.signedKEMPreKey(4, identityKeyPair)); final Map newRegistrationIds = Map.of(1L, 201, 2L, 202); - final Account existingAccount = AccountsHelper.generateTestAccount(targetNumber, existingAccountUuid, targetPni, new ArrayList<>(), new byte[16]); + final Account existingAccount = AccountsHelper.generateTestAccount(targetNumber, existingAccountUuid, targetPni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(accounts.getByE164(targetNumber)).thenReturn(Optional.of(existingAccount)); when(keysManager.getPqEnabledDevices(uuid)).thenReturn(CompletableFuture.completedFuture(List.of(1L))); final List devices = List.of(DevicesHelper.createDevice(1L, 0L, 101), DevicesHelper.createDevice(2L, 0L, 102)); - final Account account = AccountsHelper.generateTestAccount(originalNumber, uuid, originalPni, devices, new byte[16]); + final Account account = AccountsHelper.generateTestAccount(originalNumber, uuid, originalPni, devices, new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); final Account updatedAccount = accountsManager.changeNumber( account, targetNumber, new IdentityKey(Curve.generateKeyPair().getPublicKey()), newSignedKeys, newSignedPqKeys, newRegistrationIds); @@ -1156,12 +1157,12 @@ class AccountsManagerTest { 1L, KeysHelper.signedKEMPreKey(3, identityKeyPair)); final Map newRegistrationIds = Map.of(1L, 201, 2L, 202); - final Account existingAccount = AccountsHelper.generateTestAccount(targetNumber, existingAccountUuid, targetPni, new ArrayList<>(), new byte[16]); + final Account existingAccount = AccountsHelper.generateTestAccount(targetNumber, existingAccountUuid, targetPni, new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(accounts.getByE164(targetNumber)).thenReturn(Optional.of(existingAccount)); when(keysManager.getPqEnabledDevices(uuid)).thenReturn(CompletableFuture.completedFuture(List.of(1L))); final List devices = List.of(DevicesHelper.createDevice(1L, 0L, 101), DevicesHelper.createDevice(2L, 0L, 102)); - final Account account = AccountsHelper.generateTestAccount(originalNumber, uuid, originalPni, devices, new byte[16]); + final Account account = AccountsHelper.generateTestAccount(originalNumber, uuid, originalPni, devices, new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); assertThrows(MismatchedDevicesException.class, () -> accountsManager.changeNumber( account, targetNumber, new IdentityKey(Curve.generateKeyPair().getPublicKey()), newSignedKeys, newSignedPqKeys, newRegistrationIds)); @@ -1176,7 +1177,7 @@ class AccountsManagerTest { final String targetNumber = "+14153333333"; final UUID uuid = UUID.randomUUID(); - final Account account = AccountsHelper.generateTestAccount(originalNumber, uuid, UUID.randomUUID(), new ArrayList<>(), new byte[16]); + final Account account = AccountsHelper.generateTestAccount(originalNumber, uuid, UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); assertThrows(AssertionError.class, () -> accountsManager.update(account, a -> a.setNumber(targetNumber, UUID.randomUUID()))); } @@ -1186,7 +1187,7 @@ class AccountsManagerTest { final String number = "+14152222222"; List devices = List.of(DevicesHelper.createDevice(1L, 0L, 101), DevicesHelper.createDevice(2L, 0L, 102)); - Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), devices, new byte[16]); + Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), devices, new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); final ECKeyPair identityKeyPair = Curve.generateKeyPair(); Map newSignedKeys = Map.of( 1L, KeysHelper.signedECPreKey(1, identityKeyPair), @@ -1233,7 +1234,7 @@ class AccountsManagerTest { final String number = "+14152222222"; List devices = List.of(DevicesHelper.createDevice(1L, 0L, 101), DevicesHelper.createDevice(2L, 0L, 102)); - Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), devices, new byte[16]); + Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), devices, new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); final ECKeyPair identityKeyPair = Curve.generateKeyPair(); final Map newSignedKeys = Map.of( 1L, KeysHelper.signedECPreKey(1, identityKeyPair), @@ -1290,7 +1291,7 @@ class AccountsManagerTest { final String number = "+14152222222"; List devices = List.of(DevicesHelper.createDevice(1L, 0L, 101), DevicesHelper.createDevice(2L, 0L, 102)); - Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), devices, new byte[16]); + Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), devices, new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); final ECKeyPair identityKeyPair = Curve.generateKeyPair(); final Map newSignedKeys = Map.of( 1L, KeysHelper.signedECPreKey(1, identityKeyPair), @@ -1351,7 +1352,7 @@ class AccountsManagerTest { final String number = "+14152222222"; List devices = List.of(DevicesHelper.createDevice(1L, 0L, 101), DevicesHelper.createDevice(2L, 0L, 102)); - Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), devices, new byte[16]); + Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), devices, new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); final ECKeyPair identityKeyPair = Curve.generateKeyPair(); final Map newSignedKeys = Map.of( 2L, KeysHelper.signedECPreKey(1, identityKeyPair), @@ -1378,7 +1379,7 @@ class AccountsManagerTest { final String number = "+14152222222"; List devices = List.of(DevicesHelper.createDevice(1L, 0L, 101), DevicesHelper.createDevice(2L, 0L, 102)); - Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), devices, new byte[16]); + Account account = AccountsHelper.generateTestAccount(number, UUID.randomUUID(), UUID.randomUUID(), devices, new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); final ECKeyPair identityKeyPair = Curve.generateKeyPair(); final Map newSignedKeys = Map.of( 1L, KeysHelper.signedECPreKey(1, identityKeyPair), @@ -1404,7 +1405,7 @@ class AccountsManagerTest { @Test void testReserveUsernameHash() throws UsernameHashNotAvailableException { - final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[16]); + final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); final List usernameHashes = List.of(new byte[32], new byte[32]); when(accounts.usernameHashAvailable(any())).thenReturn(CompletableFuture.completedFuture(true)); when(accounts.reserveUsernameHash(any(), any(), any())).thenReturn(CompletableFuture.completedFuture(null)); @@ -1414,7 +1415,7 @@ class AccountsManagerTest { @Test void testReserveUsernameHashNotAvailable() { - final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[16]); + final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(accounts.usernameHashAvailable(any())).thenReturn(CompletableFuture.completedFuture(false)); CompletableFutureTestUtil.assertFailsWithCause(UsernameHashNotAvailableException.class, @@ -1423,7 +1424,7 @@ class AccountsManagerTest { @Test void testReserveUsernameDisabled() { - final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[16]); + final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); when(enrollmentManager.isEnrolled(account.getUuid(), AccountsManager.USERNAME_EXPERIMENT_NAME)).thenReturn(false); CompletableFutureTestUtil.assertFailsWithCause(UsernameHashNotAvailableException.class, accountsManager.reserveUsernameHash(account, List.of(USERNAME_HASH_1))); @@ -1431,7 +1432,7 @@ class AccountsManagerTest { @Test void testConfirmReservedUsernameHash() throws UsernameHashNotAvailableException, UsernameReservationNotFoundException { - final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[16]); + final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); setReservationHash(account, USERNAME_HASH_1); when(accounts.usernameHashAvailable(Optional.of(account.getUuid()), USERNAME_HASH_1)) .thenReturn(CompletableFuture.completedFuture(true)); @@ -1445,7 +1446,7 @@ class AccountsManagerTest { @Test void testConfirmReservedHashNameMismatch() { - final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[16]); + final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); setReservationHash(account, USERNAME_HASH_1); when(accounts.usernameHashAvailable(eq(Optional.of(account.getUuid())), eq(USERNAME_HASH_1))) .thenReturn(CompletableFuture.completedFuture(true)); @@ -1455,7 +1456,7 @@ class AccountsManagerTest { @Test void testConfirmReservedLapsed() { - final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[16]); + final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); // hash was reserved, but the reservation lapsed and another account took it setReservationHash(account, USERNAME_HASH_1); when(accounts.usernameHashAvailable(eq(Optional.of(account.getUuid())), eq(USERNAME_HASH_1))) @@ -1467,7 +1468,7 @@ class AccountsManagerTest { @Test void testConfirmReservedRetry() throws UsernameHashNotAvailableException, UsernameReservationNotFoundException { - final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[16]); + final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); account.setUsernameHash(USERNAME_HASH_1); // reserved username already set, should be treated as a replay @@ -1478,7 +1479,7 @@ class AccountsManagerTest { @Test void testConfirmReservedUsernameHashWithNoReservation() { final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), - new ArrayList<>(), new byte[16]); + new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); CompletableFutureTestUtil.assertFailsWithCause(UsernameReservationNotFoundException.class, accountsManager.confirmReservedUsernameHash(account, USERNAME_HASH_1, ENCRYPTED_USERNAME_1)); verify(accounts, never()).confirmUsernameHash(any(), any(), any()); @@ -1489,7 +1490,7 @@ class AccountsManagerTest { when(accounts.clearUsernameHash(any())) .thenReturn(CompletableFuture.completedFuture(null)); - Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[16]); + Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); account.setUsernameHash(USERNAME_HASH_1); accountsManager.clearUsernameHash(account).join(); verify(accounts).clearUsernameHash(eq(account)); @@ -1497,7 +1498,7 @@ class AccountsManagerTest { @Test void testSetUsernameViaUpdate() { - final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[16]); + final Account account = AccountsHelper.generateTestAccount("+18005551234", UUID.randomUUID(), UUID.randomUUID(), new ArrayList<>(), new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]); assertThrows(AssertionError.class, () -> accountsManager.update(account, a -> a.setUsernameHash(USERNAME_HASH_1))); } diff --git a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsTest.java b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsTest.java index 11e5225ab..d943b3409 100644 --- a/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsTest.java +++ b/service/src/test/java/org/whispersystems/textsecuregcm/storage/AccountsTest.java @@ -47,6 +47,7 @@ import org.junit.jupiter.params.ParameterizedTest; import org.junit.jupiter.params.provider.Arguments; import org.junit.jupiter.params.provider.MethodSource; import org.junit.jupiter.params.provider.ValueSource; +import org.whispersystems.textsecuregcm.auth.UnidentifiedAccessUtil; import org.whispersystems.textsecuregcm.configuration.dynamic.DynamicConfiguration; import org.whispersystems.textsecuregcm.identity.IdentityType; import org.whispersystems.textsecuregcm.storage.DynamoDbExtensionSchema.Tables; @@ -1032,7 +1033,7 @@ class AccountsTest { } private static Account generateAccount(String number, UUID uuid, final UUID pni, List devices) { - final byte[] unidentifiedAccessKey = new byte[16]; + final byte[] unidentifiedAccessKey = new byte[UnidentifiedAccessUtil.UNIDENTIFIED_ACCESS_KEY_LENGTH]; final Random random = new Random(System.currentTimeMillis()); Arrays.fill(unidentifiedAccessKey, (byte) random.nextInt(255));