Java IdentityKeyStore类代码示例

import org.whispersystems.libsignal.state.IdentityKeyStore; //导入依赖的package包/类
public static void saveIdentity(Context context, String number, IdentityKey identityKey) {
  synchronized (SESSION_LOCK) {
    IdentityKeyStore      identityKeyStore = new TextSecureIdentityKeyStore(context);
    SessionStore          sessionStore     = new TextSecureSessionStore(context);
    SignalProtocolAddress address          = new SignalProtocolAddress(number, 1);

    if (identityKeyStore.saveIdentity(address, identityKey)) {
      if (sessionStore.containsSession(address)) {
        SessionRecord sessionRecord = sessionStore.loadSession(address);
        sessionRecord.archiveCurrentState();

        sessionStore.storeSession(address, sessionRecord);
      }
    }
  }
}
 

import org.whispersystems.libsignal.state.IdentityKeyStore; //导入依赖的package包/类
private static void initiateKeyExchange(Context context, MasterSecret masterSecret, Recipients recipients, int subscriptionId) {
  Recipient         recipient         = recipients.getPrimaryRecipient();
  SessionStore      sessionStore      = new SilenceSessionStore(context, masterSecret);
  PreKeyStore       preKeyStore       = new SilencePreKeyStore(context, masterSecret);
  SignedPreKeyStore signedPreKeyStore = new SilencePreKeyStore(context, masterSecret);
  IdentityKeyStore  identityKeyStore  = new SilenceIdentityKeyStore(context, masterSecret);

  SessionBuilder    sessionBuilder    = new SessionBuilder(sessionStore, preKeyStore, signedPreKeyStore,
                                                           identityKeyStore, new SignalProtocolAddress(recipient.getNumber(), 1));

  KeyExchangeMessage         keyExchangeMessage = sessionBuilder.process();
  String                     serializedMessage  = Base64.encodeBytesWithoutPadding(keyExchangeMessage.serialize());
  OutgoingKeyExchangeMessage textMessage        = new OutgoingKeyExchangeMessage(recipients, serializedMessage, subscriptionId);

  MessageSender.send(context, masterSecret, textMessage, -1, false);
}
 

import org.whispersystems.libsignal.state.IdentityKeyStore; //导入依赖的package包/类
/**
 * Build a new session from a received {@link PreKeySignalMessage}.
 *
 * After a session is constructed in this way, the embedded {@link SignalMessage}
 * can be decrypted.
 *
 * @param message The received {@link PreKeySignalMessage}.
 * @throws org.whispersystems.libsignal.InvalidKeyIdException when there is no local
 *                                                             {@link org.whispersystems.libsignal.state.PreKeyRecord}
 *                                                             that corresponds to the PreKey ID in
 *                                                             the message.
 * @throws org.whispersystems.libsignal.InvalidKeyException when the message is formatted incorrectly.
 * @throws org.whispersystems.libsignal.UntrustedIdentityException when the {@link IdentityKey} of the sender is untrusted.
 */
/*package*/ Optional<Integer> process(SessionRecord sessionRecord, PreKeySignalMessage message)
    throws InvalidKeyIdException, InvalidKeyException, UntrustedIdentityException
{
  IdentityKey theirIdentityKey = message.getIdentityKey();

  if (!identityKeyStore.isTrustedIdentity(remoteAddress, theirIdentityKey, IdentityKeyStore.Direction.RECEIVING)) {
    throw new UntrustedIdentityException(remoteAddress.getName(), theirIdentityKey);
  }

  Optional<Integer> unsignedPreKeyId = processV3(sessionRecord, message);

  identityKeyStore.saveIdentity(remoteAddress, theirIdentityKey);

  return unsignedPreKeyId;
}
 

import org.whispersystems.libsignal.state.IdentityKeyStore; //导入依赖的package包/类
/**
 * Constructs a SessionBuilder.
 *
 * @param sessionStore The {@link org.whispersystems.libsignal.state.SessionStore} to store the constructed session in.
 * @param preKeyStore The {@link  org.whispersystems.libsignal.state.PreKeyStore} where the client's local {@link org.whispersystems.libsignal.state.PreKeyRecord}s are stored.
 * @param identityKeyStore The {@link org.whispersystems.libsignal.state.IdentityKeyStore} containing the client's identity key information.
 * @param remoteAddress The address of the remote user to build a session with.
 */
public SessionBuilder(SessionStore sessionStore,
                      PreKeyStore preKeyStore,
                      SignedPreKeyStore signedPreKeyStore,
                      IdentityKeyStore identityKeyStore,
                      SignalProtocolAddress remoteAddress)
{
  this.sessionStore      = sessionStore;
  this.preKeyStore       = preKeyStore;
  this.signedPreKeyStore = signedPreKeyStore;
  this.identityKeyStore  = identityKeyStore;
  this.remoteAddress     = remoteAddress;
}
 

import org.whispersystems.libsignal.state.IdentityKeyStore; //导入依赖的package包/类
/**
 * Construct a SessionCipher for encrypt/decrypt operations on a session.
 * In order to use SessionCipher, a session must have already been created
 * and stored using {@link SessionBuilder}.
 *
 * @param  sessionStore The {@link SessionStore} that contains a session for this recipient.
 * @param  remoteAddress  The remote address that messages will be encrypted to or decrypted from.
 */
public SessionCipher(SessionStore sessionStore, PreKeyStore preKeyStore,
                     SignedPreKeyStore signedPreKeyStore, IdentityKeyStore identityKeyStore,
                     SignalProtocolAddress remoteAddress)
{
  this.sessionStore     = sessionStore;
  this.preKeyStore      = preKeyStore;
  this.identityKeyStore = identityKeyStore;
  this.remoteAddress    = remoteAddress;
  this.sessionBuilder   = new SessionBuilder(sessionStore, preKeyStore, signedPreKeyStore,
                                             identityKeyStore, remoteAddress);
}
 

import org.whispersystems.libsignal.state.IdentityKeyStore; //导入依赖的package包/类
/**
 * Decrypt a message.
 *
 * @param  ciphertext The {@link SignalMessage} to decrypt.
 * @param  callback   A callback that is triggered after decryption is complete,
 *                    but before the updated session state has been committed to the session
 *                    DB.  This allows some implementations to store the committed plaintext
 *                    to a DB first, in case they are concerned with a crash happening between
 *                    the time the session state is updated but before they're able to store
 *                    the plaintext to disk.
 *
 * @return The plaintext.
 * @throws InvalidMessageException if the input is not valid ciphertext.
 * @throws DuplicateMessageException if the input is a message that has already been received.
 * @throws LegacyMessageException if the input is a message formatted by a protocol version that
 *                                is no longer supported.
 * @throws NoSessionException if there is no established session for this contact.
 */
public byte[] decrypt(SignalMessage ciphertext, DecryptionCallback callback)
    throws InvalidMessageException, DuplicateMessageException, LegacyMessageException,
           NoSessionException, UntrustedIdentityException
{
  synchronized (SESSION_LOCK) {

    if (!sessionStore.containsSession(remoteAddress)) {
      throw new NoSessionException("No session for: " + remoteAddress);
    }

    SessionRecord sessionRecord = sessionStore.loadSession(remoteAddress);
    byte[]        plaintext     = decrypt(sessionRecord, ciphertext);

    if (!identityKeyStore.isTrustedIdentity(remoteAddress, sessionRecord.getSessionState().getRemoteIdentityKey(), IdentityKeyStore.Direction.RECEIVING)) {
      throw new UntrustedIdentityException(remoteAddress.getName(), sessionRecord.getSessionState().getRemoteIdentityKey());
    }

    identityKeyStore.saveIdentity(remoteAddress, sessionRecord.getSessionState().getRemoteIdentityKey());

    callback.handlePlaintext(plaintext);

    sessionStore.storeSession(remoteAddress, sessionRecord);

    return plaintext;
  }
}
 

import org.whispersystems.libsignal.state.IdentityKeyStore; //导入依赖的package包/类
private boolean isTrusted(MasterSecret masterSecret, IdentityKey identityKey, Recipient recipient) {
  IdentityKeyStore identityKeyStore = new SilenceIdentityKeyStore(getContext(), masterSecret);

  return identityKeyStore.isTrustedIdentity(new SignalProtocolAddress(recipient.getNumber(), 1), identityKey);
}
 

import org.whispersystems.libsignal.state.IdentityKeyStore; //导入依赖的package包/类
/**
 * Build a new session from a {@link org.whispersystems.libsignal.state.PreKeyBundle} retrieved from
 * a server.
 *
 * @param preKey A PreKey for the destination recipient, retrieved from a server.
 * @throws InvalidKeyException when the {@link org.whispersystems.libsignal.state.PreKeyBundle} is
 *                             badly formatted.
 * @throws org.whispersystems.libsignal.UntrustedIdentityException when the sender's
 *                                                                  {@link IdentityKey} is not
 *                                                                  trusted.
 */
public void process(PreKeyBundle preKey) throws InvalidKeyException, UntrustedIdentityException {
  synchronized (SessionCipher.SESSION_LOCK) {
    if (!identityKeyStore.isTrustedIdentity(remoteAddress, preKey.getIdentityKey(), IdentityKeyStore.Direction.SENDING)) {
      throw new UntrustedIdentityException(remoteAddress.getName(), preKey.getIdentityKey());
    }

    if (preKey.getSignedPreKey() != null &&
        !Curve.verifySignature(preKey.getIdentityKey().getPublicKey(),
                               preKey.getSignedPreKey().serialize(),
                               preKey.getSignedPreKeySignature()))
    {
      throw new InvalidKeyException("Invalid signature on device key!");
    }

    if (preKey.getSignedPreKey() == null) {
      throw new InvalidKeyException("No signed prekey!");
    }

    SessionRecord         sessionRecord        = sessionStore.loadSession(remoteAddress);
    ECKeyPair             ourBaseKey           = Curve.generateKeyPair();
    ECPublicKey           theirSignedPreKey    = preKey.getSignedPreKey();
    Optional<ECPublicKey> theirOneTimePreKey   = Optional.fromNullable(preKey.getPreKey());
    Optional<Integer>     theirOneTimePreKeyId = theirOneTimePreKey.isPresent() ? Optional.of(preKey.getPreKeyId()) :
                                                                                  Optional.<Integer>absent();

    AliceSignalProtocolParameters.Builder parameters = AliceSignalProtocolParameters.newBuilder();

    parameters.setOurBaseKey(ourBaseKey)
              .setOurIdentityKey(identityKeyStore.getIdentityKeyPair())
              .setTheirIdentityKey(preKey.getIdentityKey())
              .setTheirSignedPreKey(theirSignedPreKey)
              .setTheirRatchetKey(theirSignedPreKey)
              .setTheirOneTimePreKey(theirOneTimePreKey);

    if (!sessionRecord.isFresh()) sessionRecord.archiveCurrentState();

    RatchetingSession.initializeSession(sessionRecord.getSessionState(), parameters.create());

    sessionRecord.getSessionState().setUnacknowledgedPreKeyMessage(theirOneTimePreKeyId, preKey.getSignedPreKeyId(), ourBaseKey.getPublicKey());
    sessionRecord.getSessionState().setLocalRegistrationId(identityKeyStore.getLocalRegistrationId());
    sessionRecord.getSessionState().setRemoteRegistrationId(preKey.getRegistrationId());
    sessionRecord.getSessionState().setAliceBaseKey(ourBaseKey.getPublicKey().serialize());

    identityKeyStore.saveIdentity(remoteAddress, preKey.getIdentityKey());
    sessionStore.storeSession(remoteAddress, sessionRecord);
  }
}