1package eu.siacs.conversations.crypto.axolotl;
  2
  3import android.support.annotation.NonNull;
  4import android.support.annotation.Nullable;
  5import android.util.Log;
  6
  7import org.bouncycastle.jce.provider.BouncyCastleProvider;
  8import org.whispersystems.libaxolotl.AxolotlAddress;
  9import org.whispersystems.libaxolotl.IdentityKey;
 10import org.whispersystems.libaxolotl.IdentityKeyPair;
 11import org.whispersystems.libaxolotl.InvalidKeyException;
 12import org.whispersystems.libaxolotl.InvalidKeyIdException;
 13import org.whispersystems.libaxolotl.SessionBuilder;
 14import org.whispersystems.libaxolotl.UntrustedIdentityException;
 15import org.whispersystems.libaxolotl.ecc.ECPublicKey;
 16import org.whispersystems.libaxolotl.state.PreKeyBundle;
 17import org.whispersystems.libaxolotl.state.PreKeyRecord;
 18import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
 19import org.whispersystems.libaxolotl.util.KeyHelper;
 20
 21import java.security.Security;
 22import java.util.Arrays;
 23import java.util.HashMap;
 24import java.util.HashSet;
 25import java.util.List;
 26import java.util.Map;
 27import java.util.Random;
 28import java.util.Set;
 29
 30import eu.siacs.conversations.Config;
 31import eu.siacs.conversations.entities.Account;
 32import eu.siacs.conversations.entities.Contact;
 33import eu.siacs.conversations.entities.Conversation;
 34import eu.siacs.conversations.entities.Message;
 35import eu.siacs.conversations.parser.IqParser;
 36import eu.siacs.conversations.services.XmppConnectionService;
 37import eu.siacs.conversations.utils.SerialSingleThreadExecutor;
 38import eu.siacs.conversations.xml.Element;
 39import eu.siacs.conversations.xmpp.OnIqPacketReceived;
 40import eu.siacs.conversations.xmpp.jid.InvalidJidException;
 41import eu.siacs.conversations.xmpp.jid.Jid;
 42import eu.siacs.conversations.xmpp.stanzas.IqPacket;
 43
 44public class AxolotlService {
 45
 46	public static final String PEP_PREFIX = "eu.siacs.conversations.axolotl";
 47	public static final String PEP_DEVICE_LIST = PEP_PREFIX + ".devicelist";
 48	public static final String PEP_BUNDLES = PEP_PREFIX + ".bundles";
 49
 50	public static final String LOGPREFIX = "AxolotlService";
 51
 52	public static final int NUM_KEYS_TO_PUBLISH = 10;
 53
 54	private final Account account;
 55	private final XmppConnectionService mXmppConnectionService;
 56	private final SQLiteAxolotlStore axolotlStore;
 57	private final SessionMap sessions;
 58	private final Map<Jid, Set<Integer>> deviceIds;
 59	private final Map<String, XmppAxolotlMessage> messageCache;
 60	private final FetchStatusMap fetchStatusMap;
 61	private final SerialSingleThreadExecutor executor;
 62
 63	private static class AxolotlAddressMap<T> {
 64		protected Map<String, Map<Integer, T>> map;
 65		protected final Object MAP_LOCK = new Object();
 66
 67		public AxolotlAddressMap() {
 68			this.map = new HashMap<>();
 69		}
 70
 71		public void put(AxolotlAddress address, T value) {
 72			synchronized (MAP_LOCK) {
 73				Map<Integer, T> devices = map.get(address.getName());
 74				if (devices == null) {
 75					devices = new HashMap<>();
 76					map.put(address.getName(), devices);
 77				}
 78				devices.put(address.getDeviceId(), value);
 79			}
 80		}
 81
 82		public T get(AxolotlAddress address) {
 83			synchronized (MAP_LOCK) {
 84				Map<Integer, T> devices = map.get(address.getName());
 85				if (devices == null) {
 86					return null;
 87				}
 88				return devices.get(address.getDeviceId());
 89			}
 90		}
 91
 92		public Map<Integer, T> getAll(AxolotlAddress address) {
 93			synchronized (MAP_LOCK) {
 94				Map<Integer, T> devices = map.get(address.getName());
 95				if (devices == null) {
 96					return new HashMap<>();
 97				}
 98				return devices;
 99			}
100		}
101
102		public boolean hasAny(AxolotlAddress address) {
103			synchronized (MAP_LOCK) {
104				Map<Integer, T> devices = map.get(address.getName());
105				return devices != null && !devices.isEmpty();
106			}
107		}
108
109		public void clear() {
110			map.clear();
111		}
112
113	}
114
115	private static class SessionMap extends AxolotlAddressMap<XmppAxolotlSession> {
116		private final XmppConnectionService xmppConnectionService;
117		private final Account account;
118
119		public SessionMap(XmppConnectionService service, SQLiteAxolotlStore store, Account account) {
120			super();
121			this.xmppConnectionService = service;
122			this.account = account;
123			this.fillMap(store);
124		}
125
126		private void putDevicesForJid(String bareJid, List<Integer> deviceIds, SQLiteAxolotlStore store) {
127			for (Integer deviceId : deviceIds) {
128				AxolotlAddress axolotlAddress = new AxolotlAddress(bareJid, deviceId);
129				Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building session for remote address: " + axolotlAddress.toString());
130				String fingerprint = store.loadSession(axolotlAddress).getSessionState().getRemoteIdentityKey().getFingerprint().replaceAll("\\s", "");
131				this.put(axolotlAddress, new XmppAxolotlSession(account, store, axolotlAddress, fingerprint));
132			}
133		}
134
135		private void fillMap(SQLiteAxolotlStore store) {
136			List<Integer> deviceIds = store.getSubDeviceSessions(account.getJid().toBareJid().toString());
137			putDevicesForJid(account.getJid().toBareJid().toString(), deviceIds, store);
138			for (Contact contact : account.getRoster().getContacts()) {
139				Jid bareJid = contact.getJid().toBareJid();
140				if (bareJid == null) {
141					continue; // FIXME: handle this?
142				}
143				String address = bareJid.toString();
144				deviceIds = store.getSubDeviceSessions(address);
145				putDevicesForJid(address, deviceIds, store);
146			}
147
148		}
149
150		@Override
151		public void put(AxolotlAddress address, XmppAxolotlSession value) {
152			super.put(address, value);
153			value.setNotFresh();
154			xmppConnectionService.syncRosterToDisk(account);
155		}
156
157		public void put(XmppAxolotlSession session) {
158			this.put(session.getRemoteAddress(), session);
159		}
160	}
161
162	private static enum FetchStatus {
163		PENDING,
164		SUCCESS,
165		ERROR
166	}
167
168	private static class FetchStatusMap extends AxolotlAddressMap<FetchStatus> {
169
170	}
171
172	public static String getLogprefix(Account account) {
173		return LOGPREFIX + " (" + account.getJid().toBareJid().toString() + "): ";
174	}
175
176	public AxolotlService(Account account, XmppConnectionService connectionService) {
177		if (Security.getProvider("BC") == null) {
178			Security.addProvider(new BouncyCastleProvider());
179		}
180		this.mXmppConnectionService = connectionService;
181		this.account = account;
182		this.axolotlStore = new SQLiteAxolotlStore(this.account, this.mXmppConnectionService);
183		this.deviceIds = new HashMap<>();
184		this.messageCache = new HashMap<>();
185		this.sessions = new SessionMap(mXmppConnectionService, axolotlStore, account);
186		this.fetchStatusMap = new FetchStatusMap();
187		this.executor = new SerialSingleThreadExecutor();
188	}
189
190	public IdentityKey getOwnPublicKey() {
191		return axolotlStore.getIdentityKeyPair().getPublicKey();
192	}
193
194	public Set<IdentityKey> getKeysWithTrust(SQLiteAxolotlStore.Trust trust) {
195		return axolotlStore.getContactKeysWithTrust(account.getJid().toBareJid().toString(), trust);
196	}
197
198	public Set<IdentityKey> getKeysWithTrust(SQLiteAxolotlStore.Trust trust, Contact contact) {
199		return axolotlStore.getContactKeysWithTrust(contact.getJid().toBareJid().toString(), trust);
200	}
201
202	public long getNumTrustedKeys(Contact contact) {
203		return axolotlStore.getContactNumTrustedKeys(contact.getJid().toBareJid().toString());
204	}
205
206	private AxolotlAddress getAddressForJid(Jid jid) {
207		return new AxolotlAddress(jid.toString(), 0);
208	}
209
210	private Set<XmppAxolotlSession> findOwnSessions() {
211		AxolotlAddress ownAddress = getAddressForJid(account.getJid().toBareJid());
212		Set<XmppAxolotlSession> ownDeviceSessions = new HashSet<>(this.sessions.getAll(ownAddress).values());
213		return ownDeviceSessions;
214	}
215
216	private Set<XmppAxolotlSession> findSessionsforContact(Contact contact) {
217		AxolotlAddress contactAddress = getAddressForJid(contact.getJid());
218		Set<XmppAxolotlSession> sessions = new HashSet<>(this.sessions.getAll(contactAddress).values());
219		return sessions;
220	}
221
222	private boolean hasAny(Contact contact) {
223		AxolotlAddress contactAddress = getAddressForJid(contact.getJid());
224		return sessions.hasAny(contactAddress);
225	}
226
227	public void regenerateKeys() {
228		axolotlStore.regenerate();
229		sessions.clear();
230		fetchStatusMap.clear();
231		publishBundlesIfNeeded();
232		publishOwnDeviceIdIfNeeded();
233	}
234
235	public int getOwnDeviceId() {
236		return axolotlStore.getLocalRegistrationId();
237	}
238
239	public Set<Integer> getOwnDeviceIds() {
240		return this.deviceIds.get(account.getJid().toBareJid());
241	}
242
243	private void setTrustOnSessions(final Jid jid, @NonNull final Set<Integer> deviceIds,
244	                                final SQLiteAxolotlStore.Trust from,
245	                                final SQLiteAxolotlStore.Trust to) {
246		for (Integer deviceId : deviceIds) {
247			AxolotlAddress address = new AxolotlAddress(jid.toBareJid().toString(), deviceId);
248			XmppAxolotlSession session = sessions.get(address);
249			if (session != null && session.getFingerprint() != null
250					&& session.getTrust() == from) {
251				session.setTrust(to);
252			}
253		}
254	}
255
256	public void registerDevices(final Jid jid, @NonNull final Set<Integer> deviceIds) {
257		if (jid.toBareJid().equals(account.getJid().toBareJid())) {
258			if (deviceIds.contains(getOwnDeviceId())) {
259				deviceIds.remove(getOwnDeviceId());
260			}
261			for (Integer deviceId : deviceIds) {
262				AxolotlAddress ownDeviceAddress = new AxolotlAddress(jid.toBareJid().toString(), deviceId);
263				if (sessions.get(ownDeviceAddress) == null) {
264					buildSessionFromPEP(ownDeviceAddress);
265				}
266			}
267		}
268		Set<Integer> expiredDevices = new HashSet<>(axolotlStore.getSubDeviceSessions(jid.toBareJid().toString()));
269		expiredDevices.removeAll(deviceIds);
270		setTrustOnSessions(jid, expiredDevices, SQLiteAxolotlStore.Trust.TRUSTED,
271				SQLiteAxolotlStore.Trust.INACTIVE);
272		Set<Integer> newDevices = new HashSet<>(deviceIds);
273		setTrustOnSessions(jid, newDevices, SQLiteAxolotlStore.Trust.INACTIVE,
274				SQLiteAxolotlStore.Trust.TRUSTED);
275		this.deviceIds.put(jid, deviceIds);
276		mXmppConnectionService.keyStatusUpdated();
277		publishOwnDeviceIdIfNeeded();
278	}
279
280	public void wipeOtherPepDevices() {
281		Set<Integer> deviceIds = new HashSet<>();
282		deviceIds.add(getOwnDeviceId());
283		IqPacket publish = mXmppConnectionService.getIqGenerator().publishDeviceIds(deviceIds);
284		Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Wiping all other devices from Pep:" + publish);
285		mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() {
286			@Override
287			public void onIqPacketReceived(Account account, IqPacket packet) {
288				// TODO: implement this!
289			}
290		});
291	}
292
293	public void purgeKey(IdentityKey identityKey) {
294		axolotlStore.setFingerprintTrust(identityKey.getFingerprint().replaceAll("\\s", ""), SQLiteAxolotlStore.Trust.COMPROMISED);
295	}
296
297	public void publishOwnDeviceIdIfNeeded() {
298		IqPacket packet = mXmppConnectionService.getIqGenerator().retrieveDeviceIds(account.getJid().toBareJid());
299		mXmppConnectionService.sendIqPacket(account, packet, new OnIqPacketReceived() {
300			@Override
301			public void onIqPacketReceived(Account account, IqPacket packet) {
302				Element item = mXmppConnectionService.getIqParser().getItem(packet);
303				Set<Integer> deviceIds = mXmppConnectionService.getIqParser().deviceIds(item);
304				if (deviceIds == null) {
305					deviceIds = new HashSet<Integer>();
306				}
307				if (!deviceIds.contains(getOwnDeviceId())) {
308					deviceIds.add(getOwnDeviceId());
309					IqPacket publish = mXmppConnectionService.getIqGenerator().publishDeviceIds(deviceIds);
310					Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Own device " + getOwnDeviceId() + " not in PEP devicelist. Publishing: " + publish);
311					mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() {
312						@Override
313						public void onIqPacketReceived(Account account, IqPacket packet) {
314							// TODO: implement this!
315						}
316					});
317				}
318			}
319		});
320	}
321
322	public void publishBundlesIfNeeded() {
323		IqPacket packet = mXmppConnectionService.getIqGenerator().retrieveBundlesForDevice(account.getJid().toBareJid(), getOwnDeviceId());
324		mXmppConnectionService.sendIqPacket(account, packet, new OnIqPacketReceived() {
325			@Override
326			public void onIqPacketReceived(Account account, IqPacket packet) {
327				PreKeyBundle bundle = mXmppConnectionService.getIqParser().bundle(packet);
328				Map<Integer, ECPublicKey> keys = mXmppConnectionService.getIqParser().preKeyPublics(packet);
329				boolean flush = false;
330				if (bundle == null) {
331					Log.w(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Received invalid bundle:" + packet);
332					bundle = new PreKeyBundle(-1, -1, -1, null, -1, null, null, null);
333					flush = true;
334				}
335				if (keys == null) {
336					Log.w(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Received invalid prekeys:" + packet);
337				}
338				try {
339					boolean changed = false;
340					// Validate IdentityKey
341					IdentityKeyPair identityKeyPair = axolotlStore.getIdentityKeyPair();
342					if (flush || !identityKeyPair.getPublicKey().equals(bundle.getIdentityKey())) {
343						Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Adding own IdentityKey " + identityKeyPair.getPublicKey() + " to PEP.");
344						changed = true;
345					}
346
347					// Validate signedPreKeyRecord + ID
348					SignedPreKeyRecord signedPreKeyRecord;
349					int numSignedPreKeys = axolotlStore.loadSignedPreKeys().size();
350					try {
351						signedPreKeyRecord = axolotlStore.loadSignedPreKey(bundle.getSignedPreKeyId());
352						if (flush
353								|| !bundle.getSignedPreKey().equals(signedPreKeyRecord.getKeyPair().getPublicKey())
354								|| !Arrays.equals(bundle.getSignedPreKeySignature(), signedPreKeyRecord.getSignature())) {
355							Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Adding new signedPreKey with ID " + (numSignedPreKeys + 1) + " to PEP.");
356							signedPreKeyRecord = KeyHelper.generateSignedPreKey(identityKeyPair, numSignedPreKeys + 1);
357							axolotlStore.storeSignedPreKey(signedPreKeyRecord.getId(), signedPreKeyRecord);
358							changed = true;
359						}
360					} catch (InvalidKeyIdException e) {
361						Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Adding new signedPreKey with ID " + (numSignedPreKeys + 1) + " to PEP.");
362						signedPreKeyRecord = KeyHelper.generateSignedPreKey(identityKeyPair, numSignedPreKeys + 1);
363						axolotlStore.storeSignedPreKey(signedPreKeyRecord.getId(), signedPreKeyRecord);
364						changed = true;
365					}
366
367					// Validate PreKeys
368					Set<PreKeyRecord> preKeyRecords = new HashSet<>();
369					if (keys != null) {
370						for (Integer id : keys.keySet()) {
371							try {
372								PreKeyRecord preKeyRecord = axolotlStore.loadPreKey(id);
373								if (preKeyRecord.getKeyPair().getPublicKey().equals(keys.get(id))) {
374									preKeyRecords.add(preKeyRecord);
375								}
376							} catch (InvalidKeyIdException ignored) {
377							}
378						}
379					}
380					int newKeys = NUM_KEYS_TO_PUBLISH - preKeyRecords.size();
381					if (newKeys > 0) {
382						List<PreKeyRecord> newRecords = KeyHelper.generatePreKeys(
383								axolotlStore.getCurrentPreKeyId() + 1, newKeys);
384						preKeyRecords.addAll(newRecords);
385						for (PreKeyRecord record : newRecords) {
386							axolotlStore.storePreKey(record.getId(), record);
387						}
388						changed = true;
389						Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Adding " + newKeys + " new preKeys to PEP.");
390					}
391
392
393					if (changed) {
394						IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles(
395								signedPreKeyRecord, axolotlStore.getIdentityKeyPair().getPublicKey(),
396								preKeyRecords, getOwnDeviceId());
397						Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + ": Bundle " + getOwnDeviceId() + " in PEP not current. Publishing: " + publish);
398						mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() {
399							@Override
400							public void onIqPacketReceived(Account account, IqPacket packet) {
401								// TODO: implement this!
402								Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Published bundle, got: " + packet);
403							}
404						});
405					}
406				} catch (InvalidKeyException e) {
407					Log.e(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Failed to publish bundle " + getOwnDeviceId() + ", reason: " + e.getMessage());
408					return;
409				}
410			}
411		});
412	}
413
414	public boolean isContactAxolotlCapable(Contact contact) {
415
416		Jid jid = contact.getJid().toBareJid();
417		AxolotlAddress address = new AxolotlAddress(jid.toString(), 0);
418		return sessions.hasAny(address) ||
419				(deviceIds.containsKey(jid) && !deviceIds.get(jid).isEmpty());
420	}
421
422	public SQLiteAxolotlStore.Trust getFingerprintTrust(String fingerprint) {
423		return axolotlStore.getFingerprintTrust(fingerprint);
424	}
425
426	public void setFingerprintTrust(String fingerprint, SQLiteAxolotlStore.Trust trust) {
427		axolotlStore.setFingerprintTrust(fingerprint, trust);
428	}
429
430	private void buildSessionFromPEP(final AxolotlAddress address) {
431		Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building new sesstion for " + address.getDeviceId());
432
433		try {
434			IqPacket bundlesPacket = mXmppConnectionService.getIqGenerator().retrieveBundlesForDevice(
435					Jid.fromString(address.getName()), address.getDeviceId());
436			Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Retrieving bundle: " + bundlesPacket);
437			mXmppConnectionService.sendIqPacket(account, bundlesPacket, new OnIqPacketReceived() {
438				private void finish() {
439					AxolotlAddress ownAddress = new AxolotlAddress(account.getJid().toBareJid().toString(), 0);
440					if (!fetchStatusMap.getAll(ownAddress).containsValue(FetchStatus.PENDING)
441							&& !fetchStatusMap.getAll(address).containsValue(FetchStatus.PENDING)) {
442						mXmppConnectionService.keyStatusUpdated();
443					}
444				}
445
446				@Override
447				public void onIqPacketReceived(Account account, IqPacket packet) {
448					Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Received preKey IQ packet, processing...");
449					final IqParser parser = mXmppConnectionService.getIqParser();
450					final List<PreKeyBundle> preKeyBundleList = parser.preKeys(packet);
451					final PreKeyBundle bundle = parser.bundle(packet);
452					if (preKeyBundleList.isEmpty() || bundle == null) {
453						Log.e(Config.LOGTAG, AxolotlService.getLogprefix(account) + "preKey IQ packet invalid: " + packet);
454						fetchStatusMap.put(address, FetchStatus.ERROR);
455						finish();
456						return;
457					}
458					Random random = new Random();
459					final PreKeyBundle preKey = preKeyBundleList.get(random.nextInt(preKeyBundleList.size()));
460					if (preKey == null) {
461						//should never happen
462						fetchStatusMap.put(address, FetchStatus.ERROR);
463						finish();
464						return;
465					}
466
467					final PreKeyBundle preKeyBundle = new PreKeyBundle(0, address.getDeviceId(),
468							preKey.getPreKeyId(), preKey.getPreKey(),
469							bundle.getSignedPreKeyId(), bundle.getSignedPreKey(),
470							bundle.getSignedPreKeySignature(), bundle.getIdentityKey());
471
472					axolotlStore.saveIdentity(address.getName(), bundle.getIdentityKey());
473
474					try {
475						SessionBuilder builder = new SessionBuilder(axolotlStore, address);
476						builder.process(preKeyBundle);
477						XmppAxolotlSession session = new XmppAxolotlSession(account, axolotlStore, address, bundle.getIdentityKey().getFingerprint().replaceAll("\\s", ""));
478						sessions.put(address, session);
479						fetchStatusMap.put(address, FetchStatus.SUCCESS);
480					} catch (UntrustedIdentityException | InvalidKeyException e) {
481						Log.e(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Error building session for " + address + ": "
482								+ e.getClass().getName() + ", " + e.getMessage());
483						fetchStatusMap.put(address, FetchStatus.ERROR);
484					}
485
486					finish();
487				}
488			});
489		} catch (InvalidJidException e) {
490			Log.e(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Got address with invalid jid: " + address.getName());
491		}
492	}
493
494	public Set<AxolotlAddress> findDevicesWithoutSession(final Conversation conversation) {
495		Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Finding devices without session for " + conversation.getContact().getJid().toBareJid());
496		Jid contactJid = conversation.getContact().getJid().toBareJid();
497		Set<AxolotlAddress> addresses = new HashSet<>();
498		if (deviceIds.get(contactJid) != null) {
499			for (Integer foreignId : this.deviceIds.get(contactJid)) {
500				AxolotlAddress address = new AxolotlAddress(contactJid.toString(), foreignId);
501				if (sessions.get(address) == null) {
502					IdentityKey identityKey = axolotlStore.loadSession(address).getSessionState().getRemoteIdentityKey();
503					if (identityKey != null) {
504						Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Already have session for " + address.toString() + ", adding to cache...");
505						XmppAxolotlSession session = new XmppAxolotlSession(account, axolotlStore, address, identityKey.getFingerprint().replaceAll("\\s", ""));
506						sessions.put(address, session);
507					} else {
508						Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Found device " + account.getJid().toBareJid() + ":" + foreignId);
509						addresses.add(new AxolotlAddress(contactJid.toString(), foreignId));
510					}
511				}
512			}
513		} else {
514			Log.w(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Have no target devices in PEP!");
515		}
516		if (deviceIds.get(account.getJid().toBareJid()) != null) {
517			for (Integer ownId : this.deviceIds.get(account.getJid().toBareJid())) {
518				AxolotlAddress address = new AxolotlAddress(account.getJid().toBareJid().toString(), ownId);
519				if (sessions.get(address) == null) {
520					IdentityKey identityKey = axolotlStore.loadSession(address).getSessionState().getRemoteIdentityKey();
521					if (identityKey != null) {
522						Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Already have session for " + address.toString() + ", adding to cache...");
523						XmppAxolotlSession session = new XmppAxolotlSession(account, axolotlStore, address, identityKey.getFingerprint().replaceAll("\\s", ""));
524						sessions.put(address, session);
525					} else {
526						Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Found device " + account.getJid().toBareJid() + ":" + ownId);
527						addresses.add(new AxolotlAddress(account.getJid().toBareJid().toString(), ownId));
528					}
529				}
530			}
531		}
532
533		return addresses;
534	}
535
536	public boolean createSessionsIfNeeded(final Conversation conversation) {
537		Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Creating axolotl sessions if needed...");
538		boolean newSessions = false;
539		Set<AxolotlAddress> addresses = findDevicesWithoutSession(conversation);
540		for (AxolotlAddress address : addresses) {
541			Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Processing device: " + address.toString());
542			FetchStatus status = fetchStatusMap.get(address);
543			if (status == null || status == FetchStatus.ERROR) {
544				fetchStatusMap.put(address, FetchStatus.PENDING);
545				this.buildSessionFromPEP(address);
546				newSessions = true;
547			} else if (status == FetchStatus.PENDING) {
548				newSessions = true;
549			} else {
550				Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Already fetching bundle for " + address.toString());
551			}
552		}
553
554		return newSessions;
555	}
556
557	public boolean hasPendingKeyFetches(Conversation conversation) {
558		AxolotlAddress ownAddress = new AxolotlAddress(account.getJid().toBareJid().toString(), 0);
559		AxolotlAddress foreignAddress = new AxolotlAddress(conversation.getJid().toBareJid().toString(), 0);
560		return fetchStatusMap.getAll(ownAddress).containsValue(FetchStatus.PENDING)
561				|| fetchStatusMap.getAll(foreignAddress).containsValue(FetchStatus.PENDING);
562
563	}
564
565	@Nullable
566	private XmppAxolotlMessage buildHeader(Contact contact) {
567		final XmppAxolotlMessage axolotlMessage = new XmppAxolotlMessage(
568				contact.getJid().toBareJid(), getOwnDeviceId());
569
570		Set<XmppAxolotlSession> contactSessions = findSessionsforContact(contact);
571		Set<XmppAxolotlSession> ownSessions = findOwnSessions();
572		if (contactSessions.isEmpty()) {
573			return null;
574		}
575		Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building axolotl foreign keyElements...");
576		for (XmppAxolotlSession session : contactSessions) {
577			Log.v(Config.LOGTAG, AxolotlService.getLogprefix(account) + session.getRemoteAddress().toString());
578			axolotlMessage.addDevice(session);
579		}
580		Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building axolotl own keyElements...");
581		for (XmppAxolotlSession session : ownSessions) {
582			Log.v(Config.LOGTAG, AxolotlService.getLogprefix(account) + session.getRemoteAddress().toString());
583			axolotlMessage.addDevice(session);
584		}
585
586		return axolotlMessage;
587	}
588
589	@Nullable
590	public XmppAxolotlMessage encrypt(Message message) {
591		XmppAxolotlMessage axolotlMessage = buildHeader(message.getContact());
592
593		if (axolotlMessage != null) {
594			final String content;
595			if (message.hasFileOnRemoteHost()) {
596				content = message.getFileParams().url.toString();
597			} else {
598				content = message.getBody();
599			}
600			try {
601				axolotlMessage.encrypt(content);
602			} catch (CryptoFailedException e) {
603				Log.w(Config.LOGTAG, getLogprefix(account) + "Failed to encrypt message: " + e.getMessage());
604				return null;
605			}
606		}
607
608		return axolotlMessage;
609	}
610
611	public void preparePayloadMessage(final Message message, final boolean delay) {
612		executor.execute(new Runnable() {
613			@Override
614			public void run() {
615				XmppAxolotlMessage axolotlMessage = encrypt(message);
616				if (axolotlMessage == null) {
617					mXmppConnectionService.markMessage(message, Message.STATUS_SEND_FAILED);
618					//mXmppConnectionService.updateConversationUi();
619				} else {
620					Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Generated message, caching: " + message.getUuid());
621					messageCache.put(message.getUuid(), axolotlMessage);
622					mXmppConnectionService.resendMessage(message, delay);
623				}
624			}
625		});
626	}
627
628	public void prepareKeyTransportMessage(final Contact contact, final OnMessageCreatedCallback onMessageCreatedCallback) {
629		executor.execute(new Runnable() {
630			@Override
631			public void run() {
632				XmppAxolotlMessage axolotlMessage = buildHeader(contact);
633				onMessageCreatedCallback.run(axolotlMessage);
634			}
635		});
636	}
637
638	public XmppAxolotlMessage fetchAxolotlMessageFromCache(Message message) {
639		XmppAxolotlMessage axolotlMessage = messageCache.get(message.getUuid());
640		if (axolotlMessage != null) {
641			Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Cache hit: " + message.getUuid());
642			messageCache.remove(message.getUuid());
643		} else {
644			Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Cache miss: " + message.getUuid());
645		}
646		return axolotlMessage;
647	}
648
649	private XmppAxolotlSession recreateUncachedSession(AxolotlAddress address) {
650		IdentityKey identityKey = axolotlStore.loadSession(address).getSessionState().getRemoteIdentityKey();
651		return (identityKey != null)
652				? new XmppAxolotlSession(account, axolotlStore, address,
653						identityKey.getFingerprint().replaceAll("\\s", ""))
654				: null;
655	}
656
657	private XmppAxolotlSession getReceivingSession(XmppAxolotlMessage message) {
658		AxolotlAddress senderAddress = new AxolotlAddress(message.getFrom().toString(),
659				message.getSenderDeviceId());
660		XmppAxolotlSession session = sessions.get(senderAddress);
661		if (session == null) {
662			Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Account: " + account.getJid() + " No axolotl session found while parsing received message " + message);
663			session = recreateUncachedSession(senderAddress);
664			if (session == null) {
665				session = new XmppAxolotlSession(account, axolotlStore, senderAddress);
666			}
667		}
668		return session;
669	}
670
671	public XmppAxolotlMessage.XmppAxolotlPlaintextMessage processReceivingPayloadMessage(XmppAxolotlMessage message) {
672		XmppAxolotlMessage.XmppAxolotlPlaintextMessage plaintextMessage = null;
673
674		XmppAxolotlSession session = getReceivingSession(message);
675		try {
676			plaintextMessage = message.decrypt(session, getOwnDeviceId());
677			Integer preKeyId = session.getPreKeyId();
678			if (preKeyId != null) {
679				publishBundlesIfNeeded();
680				session.resetPreKeyId();
681			}
682		} catch (CryptoFailedException e) {
683			Log.w(Config.LOGTAG, getLogprefix(account) + "Failed to decrypt message: " + e.getMessage());
684		}
685
686		if (session.isFresh() && plaintextMessage != null) {
687			sessions.put(session);
688		}
689
690		return plaintextMessage;
691	}
692
693	public XmppAxolotlMessage.XmppAxolotlKeyTransportMessage processReceivingKeyTransportMessage(XmppAxolotlMessage message) {
694		XmppAxolotlMessage.XmppAxolotlKeyTransportMessage keyTransportMessage = null;
695
696		XmppAxolotlSession session = getReceivingSession(message);
697		keyTransportMessage = message.getParameters(session, getOwnDeviceId());
698
699		if (session.isFresh() && keyTransportMessage != null) {
700			sessions.put(session);
701		}
702
703		return keyTransportMessage;
704	}
705}