1package eu.siacs.conversations.crypto.axolotl;
  2
  3import android.support.annotation.NonNull;
  4import android.support.annotation.Nullable;
  5import android.util.Log;
  6
  7import org.bouncycastle.jce.provider.BouncyCastleProvider;
  8import org.whispersystems.libaxolotl.AxolotlAddress;
  9import org.whispersystems.libaxolotl.IdentityKey;
 10import org.whispersystems.libaxolotl.IdentityKeyPair;
 11import org.whispersystems.libaxolotl.InvalidKeyException;
 12import org.whispersystems.libaxolotl.InvalidKeyIdException;
 13import org.whispersystems.libaxolotl.SessionBuilder;
 14import org.whispersystems.libaxolotl.UntrustedIdentityException;
 15import org.whispersystems.libaxolotl.ecc.ECPublicKey;
 16import org.whispersystems.libaxolotl.state.PreKeyBundle;
 17import org.whispersystems.libaxolotl.state.PreKeyRecord;
 18import org.whispersystems.libaxolotl.state.SignedPreKeyRecord;
 19import org.whispersystems.libaxolotl.util.KeyHelper;
 20
 21import java.security.Security;
 22import java.util.Arrays;
 23import java.util.HashMap;
 24import java.util.HashSet;
 25import java.util.List;
 26import java.util.Map;
 27import java.util.Random;
 28import java.util.Set;
 29
 30import eu.siacs.conversations.Config;
 31import eu.siacs.conversations.entities.Account;
 32import eu.siacs.conversations.entities.Contact;
 33import eu.siacs.conversations.entities.Conversation;
 34import eu.siacs.conversations.entities.Message;
 35import eu.siacs.conversations.parser.IqParser;
 36import eu.siacs.conversations.services.XmppConnectionService;
 37import eu.siacs.conversations.utils.SerialSingleThreadExecutor;
 38import eu.siacs.conversations.xml.Element;
 39import eu.siacs.conversations.xmpp.OnIqPacketReceived;
 40import eu.siacs.conversations.xmpp.jid.InvalidJidException;
 41import eu.siacs.conversations.xmpp.jid.Jid;
 42import eu.siacs.conversations.xmpp.stanzas.IqPacket;
 43
 44public class AxolotlService {
 45
 46	public static final String PEP_PREFIX = "eu.siacs.conversations.axolotl";
 47	public static final String PEP_DEVICE_LIST = PEP_PREFIX + ".devicelist";
 48	public static final String PEP_BUNDLES = PEP_PREFIX + ".bundles";
 49
 50	public static final String LOGPREFIX = "AxolotlService";
 51
 52	public static final int NUM_KEYS_TO_PUBLISH = 100;
 53	public static final int publishTriesThreshold = 3;
 54
 55	private final Account account;
 56	private final XmppConnectionService mXmppConnectionService;
 57	private final SQLiteAxolotlStore axolotlStore;
 58	private final SessionMap sessions;
 59	private final Map<Jid, Set<Integer>> deviceIds;
 60	private final Map<String, XmppAxolotlMessage> messageCache;
 61	private final FetchStatusMap fetchStatusMap;
 62	private final SerialSingleThreadExecutor executor;
 63	private int numPublishTriesOnEmptyPep = 0;
 64	private boolean pepBroken = false;
 65
 66	private static class AxolotlAddressMap<T> {
 67		protected Map<String, Map<Integer, T>> map;
 68		protected final Object MAP_LOCK = new Object();
 69
 70		public AxolotlAddressMap() {
 71			this.map = new HashMap<>();
 72		}
 73
 74		public void put(AxolotlAddress address, T value) {
 75			synchronized (MAP_LOCK) {
 76				Map<Integer, T> devices = map.get(address.getName());
 77				if (devices == null) {
 78					devices = new HashMap<>();
 79					map.put(address.getName(), devices);
 80				}
 81				devices.put(address.getDeviceId(), value);
 82			}
 83		}
 84
 85		public T get(AxolotlAddress address) {
 86			synchronized (MAP_LOCK) {
 87				Map<Integer, T> devices = map.get(address.getName());
 88				if (devices == null) {
 89					return null;
 90				}
 91				return devices.get(address.getDeviceId());
 92			}
 93		}
 94
 95		public Map<Integer, T> getAll(AxolotlAddress address) {
 96			synchronized (MAP_LOCK) {
 97				Map<Integer, T> devices = map.get(address.getName());
 98				if (devices == null) {
 99					return new HashMap<>();
100				}
101				return devices;
102			}
103		}
104
105		public boolean hasAny(AxolotlAddress address) {
106			synchronized (MAP_LOCK) {
107				Map<Integer, T> devices = map.get(address.getName());
108				return devices != null && !devices.isEmpty();
109			}
110		}
111
112		public void clear() {
113			map.clear();
114		}
115
116	}
117
118	private static class SessionMap extends AxolotlAddressMap<XmppAxolotlSession> {
119		private final XmppConnectionService xmppConnectionService;
120		private final Account account;
121
122		public SessionMap(XmppConnectionService service, SQLiteAxolotlStore store, Account account) {
123			super();
124			this.xmppConnectionService = service;
125			this.account = account;
126			this.fillMap(store);
127		}
128
129		private void putDevicesForJid(String bareJid, List<Integer> deviceIds, SQLiteAxolotlStore store) {
130			for (Integer deviceId : deviceIds) {
131				AxolotlAddress axolotlAddress = new AxolotlAddress(bareJid, deviceId);
132				Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building session for remote address: " + axolotlAddress.toString());
133				String fingerprint = store.loadSession(axolotlAddress).getSessionState().getRemoteIdentityKey().getFingerprint().replaceAll("\\s", "");
134				this.put(axolotlAddress, new XmppAxolotlSession(account, store, axolotlAddress, fingerprint));
135			}
136		}
137
138		private void fillMap(SQLiteAxolotlStore store) {
139			List<Integer> deviceIds = store.getSubDeviceSessions(account.getJid().toBareJid().toString());
140			putDevicesForJid(account.getJid().toBareJid().toString(), deviceIds, store);
141			for (Contact contact : account.getRoster().getContacts()) {
142				Jid bareJid = contact.getJid().toBareJid();
143				String address = bareJid.toString();
144				deviceIds = store.getSubDeviceSessions(address);
145				putDevicesForJid(address, deviceIds, store);
146			}
147
148		}
149
150		@Override
151		public void put(AxolotlAddress address, XmppAxolotlSession value) {
152			super.put(address, value);
153			value.setNotFresh();
154			xmppConnectionService.syncRosterToDisk(account);
155		}
156
157		public void put(XmppAxolotlSession session) {
158			this.put(session.getRemoteAddress(), session);
159		}
160	}
161
162	private enum FetchStatus {
163		PENDING,
164		SUCCESS,
165		ERROR
166	}
167
168	private static class FetchStatusMap extends AxolotlAddressMap<FetchStatus> {
169
170	}
171
172	public static String getLogprefix(Account account) {
173		return LOGPREFIX + " (" + account.getJid().toBareJid().toString() + "): ";
174	}
175
176	public AxolotlService(Account account, XmppConnectionService connectionService) {
177		if (Security.getProvider("BC") == null) {
178			Security.addProvider(new BouncyCastleProvider());
179		}
180		this.mXmppConnectionService = connectionService;
181		this.account = account;
182		this.axolotlStore = new SQLiteAxolotlStore(this.account, this.mXmppConnectionService);
183		this.deviceIds = new HashMap<>();
184		this.messageCache = new HashMap<>();
185		this.sessions = new SessionMap(mXmppConnectionService, axolotlStore, account);
186		this.fetchStatusMap = new FetchStatusMap();
187		this.executor = new SerialSingleThreadExecutor();
188	}
189
190	public String getOwnFingerprint() {
191		return axolotlStore.getIdentityKeyPair().getPublicKey().getFingerprint().replaceAll("\\s", "");
192	}
193
194	public Set<IdentityKey> getKeysWithTrust(XmppAxolotlSession.Trust trust) {
195		return axolotlStore.getContactKeysWithTrust(account.getJid().toBareJid().toString(), trust);
196	}
197
198	public Set<IdentityKey> getKeysWithTrust(XmppAxolotlSession.Trust trust, Contact contact) {
199		return axolotlStore.getContactKeysWithTrust(contact.getJid().toBareJid().toString(), trust);
200	}
201
202	public long getNumTrustedKeys(Contact contact) {
203		return axolotlStore.getContactNumTrustedKeys(contact.getJid().toBareJid().toString());
204	}
205
206	private AxolotlAddress getAddressForJid(Jid jid) {
207		return new AxolotlAddress(jid.toString(), 0);
208	}
209
210	private Set<XmppAxolotlSession> findOwnSessions() {
211		AxolotlAddress ownAddress = getAddressForJid(account.getJid().toBareJid());
212		return new HashSet<>(this.sessions.getAll(ownAddress).values());
213	}
214
215	private Set<XmppAxolotlSession> findSessionsforContact(Contact contact) {
216		AxolotlAddress contactAddress = getAddressForJid(contact.getJid());
217		return new HashSet<>(this.sessions.getAll(contactAddress).values());
218	}
219
220	public Set<String> getFingerprintsForOwnSessions() {
221		Set<String> fingerprints = new HashSet<>();
222		for (XmppAxolotlSession session : findOwnSessions()) {
223			fingerprints.add(session.getFingerprint());
224		}
225		return fingerprints;
226	}
227
228	public Set<String> getFingerprintsForContact(final Contact contact) {
229		Set<String> fingerprints = new HashSet<>();
230		for (XmppAxolotlSession session : findSessionsforContact(contact)) {
231			fingerprints.add(session.getFingerprint());
232		}
233		return fingerprints;
234	}
235
236	private boolean hasAny(Contact contact) {
237		AxolotlAddress contactAddress = getAddressForJid(contact.getJid());
238		return sessions.hasAny(contactAddress);
239	}
240
241	public boolean isPepBroken() {
242		return this.pepBroken;
243	}
244
245	public void regenerateKeys() {
246		axolotlStore.regenerate();
247		sessions.clear();
248		fetchStatusMap.clear();
249		publishBundlesIfNeeded(true);
250	}
251
252	public int getOwnDeviceId() {
253		return axolotlStore.getLocalRegistrationId();
254	}
255
256	public Set<Integer> getOwnDeviceIds() {
257		return this.deviceIds.get(account.getJid().toBareJid());
258	}
259
260	private void setTrustOnSessions(final Jid jid, @NonNull final Set<Integer> deviceIds,
261	                                final XmppAxolotlSession.Trust from,
262	                                final XmppAxolotlSession.Trust to) {
263		for (Integer deviceId : deviceIds) {
264			AxolotlAddress address = new AxolotlAddress(jid.toBareJid().toString(), deviceId);
265			XmppAxolotlSession session = sessions.get(address);
266			if (session != null && session.getFingerprint() != null
267					&& session.getTrust() == from) {
268				session.setTrust(to);
269			}
270		}
271	}
272
273	public void registerDevices(final Jid jid, @NonNull final Set<Integer> deviceIds) {
274		if (jid.toBareJid().equals(account.getJid().toBareJid())) {
275			if (!deviceIds.isEmpty()) {
276				Log.d(Config.LOGTAG, getLogprefix(account) + "Received non-empty own device list. Resetting publish attemps and pepBroken status.");
277				pepBroken = false;
278				numPublishTriesOnEmptyPep = 0;
279			}
280			if (deviceIds.contains(getOwnDeviceId())) {
281				deviceIds.remove(getOwnDeviceId());
282			} else {
283				publishOwnDeviceId(deviceIds);
284			}
285			for (Integer deviceId : deviceIds) {
286				AxolotlAddress ownDeviceAddress = new AxolotlAddress(jid.toBareJid().toString(), deviceId);
287				if (sessions.get(ownDeviceAddress) == null) {
288					buildSessionFromPEP(ownDeviceAddress);
289				}
290			}
291		}
292		Set<Integer> expiredDevices = new HashSet<>(axolotlStore.getSubDeviceSessions(jid.toBareJid().toString()));
293		expiredDevices.removeAll(deviceIds);
294		setTrustOnSessions(jid, expiredDevices, XmppAxolotlSession.Trust.TRUSTED,
295				XmppAxolotlSession.Trust.INACTIVE_TRUSTED);
296		setTrustOnSessions(jid, expiredDevices, XmppAxolotlSession.Trust.UNDECIDED,
297				XmppAxolotlSession.Trust.INACTIVE_UNDECIDED);
298		setTrustOnSessions(jid, expiredDevices, XmppAxolotlSession.Trust.UNTRUSTED,
299				XmppAxolotlSession.Trust.INACTIVE_UNTRUSTED);
300		Set<Integer> newDevices = new HashSet<>(deviceIds);
301		setTrustOnSessions(jid, newDevices, XmppAxolotlSession.Trust.INACTIVE_TRUSTED,
302				XmppAxolotlSession.Trust.TRUSTED);
303		setTrustOnSessions(jid, newDevices, XmppAxolotlSession.Trust.INACTIVE_UNDECIDED,
304				XmppAxolotlSession.Trust.UNDECIDED);
305		setTrustOnSessions(jid, newDevices, XmppAxolotlSession.Trust.INACTIVE_UNTRUSTED,
306				XmppAxolotlSession.Trust.UNTRUSTED);
307		this.deviceIds.put(jid, deviceIds);
308		mXmppConnectionService.keyStatusUpdated();
309	}
310
311	public void wipeOtherPepDevices() {
312		if (pepBroken) {
313			Log.d(Config.LOGTAG, getLogprefix(account) + "wipeOtherPepDevices called, but PEP is broken. Ignoring... ");
314			return;
315		}
316		Set<Integer> deviceIds = new HashSet<>();
317		deviceIds.add(getOwnDeviceId());
318		IqPacket publish = mXmppConnectionService.getIqGenerator().publishDeviceIds(deviceIds);
319		Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Wiping all other devices from Pep:" + publish);
320		mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() {
321			@Override
322			public void onIqPacketReceived(Account account, IqPacket packet) {
323				// TODO: implement this!
324			}
325		});
326	}
327
328	public void purgeKey(final String fingerprint) {
329		axolotlStore.setFingerprintTrust(fingerprint.replaceAll("\\s", ""), XmppAxolotlSession.Trust.COMPROMISED);
330	}
331
332	public void publishOwnDeviceIdIfNeeded() {
333		if (pepBroken) {
334			Log.d(Config.LOGTAG, getLogprefix(account) + "publishOwnDeviceIdIfNeeded called, but PEP is broken. Ignoring... ");
335			return;
336		}
337		IqPacket packet = mXmppConnectionService.getIqGenerator().retrieveDeviceIds(account.getJid().toBareJid());
338		mXmppConnectionService.sendIqPacket(account, packet, new OnIqPacketReceived() {
339			@Override
340			public void onIqPacketReceived(Account account, IqPacket packet) {
341				if (packet.getType() == IqPacket.TYPE.TIMEOUT) {
342					Log.d(Config.LOGTAG, getLogprefix(account) + "Timeout received while retrieving own Device Ids.");
343				} else {
344					Element item = mXmppConnectionService.getIqParser().getItem(packet);
345					Set<Integer> deviceIds = mXmppConnectionService.getIqParser().deviceIds(item);
346					if (!deviceIds.contains(getOwnDeviceId())) {
347						publishOwnDeviceId(deviceIds);
348					}
349				}
350			}
351		});
352	}
353
354	public void publishOwnDeviceId(Set<Integer> deviceIds) {
355		Set<Integer> deviceIdsCopy = new HashSet<>(deviceIds);
356		if (!deviceIdsCopy.contains(getOwnDeviceId())) {
357			Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Own device " + getOwnDeviceId() + " not in PEP devicelist.");
358			if (deviceIdsCopy.isEmpty()) {
359				if (numPublishTriesOnEmptyPep >= publishTriesThreshold) {
360					Log.w(Config.LOGTAG, getLogprefix(account) + "Own device publish attempt threshold exceeded, aborting...");
361					pepBroken = true;
362					return;
363				} else {
364					numPublishTriesOnEmptyPep++;
365					Log.w(Config.LOGTAG, getLogprefix(account) + "Own device list empty, attempting to publish (try " + numPublishTriesOnEmptyPep + ")");
366				}
367			} else {
368				numPublishTriesOnEmptyPep = 0;
369			}
370			deviceIdsCopy.add(getOwnDeviceId());
371			IqPacket publish = mXmppConnectionService.getIqGenerator().publishDeviceIds(deviceIdsCopy);
372			mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() {
373				@Override
374				public void onIqPacketReceived(Account account, IqPacket packet) {
375					if (packet.getType() != IqPacket.TYPE.RESULT) {
376						Log.d(Config.LOGTAG, getLogprefix(account) + "Error received while publishing own device id" + packet.findChild("error"));
377					}
378				}
379			});
380		}
381	}
382
383	public void publishBundlesIfNeeded(final boolean announceAfter) {
384		if (pepBroken) {
385			Log.d(Config.LOGTAG, getLogprefix(account) + "publishBundlesIfNeeded called, but PEP is broken. Ignoring... ");
386			return;
387		}
388		IqPacket packet = mXmppConnectionService.getIqGenerator().retrieveBundlesForDevice(account.getJid().toBareJid(), getOwnDeviceId());
389		mXmppConnectionService.sendIqPacket(account, packet, new OnIqPacketReceived() {
390			@Override
391			public void onIqPacketReceived(Account account, IqPacket packet) {
392
393				if (packet.getType() == IqPacket.TYPE.TIMEOUT) {
394					return; //ignore timeout. do nothing
395				}
396
397				if (packet.getType() == IqPacket.TYPE.ERROR) {
398					Element error = packet.findChild("error");
399					if (error == null || !error.hasChild("item-not-found")) {
400						pepBroken = true;
401						Log.w(Config.LOGTAG, AxolotlService.getLogprefix(account) + "request for device bundles came back with something other than item-not-found" + packet);
402						return;
403					}
404				}
405
406				PreKeyBundle bundle = mXmppConnectionService.getIqParser().bundle(packet);
407				Map<Integer, ECPublicKey> keys = mXmppConnectionService.getIqParser().preKeyPublics(packet);
408				boolean flush = false;
409				if (bundle == null) {
410					Log.w(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Received invalid bundle:" + packet);
411					bundle = new PreKeyBundle(-1, -1, -1, null, -1, null, null, null);
412					flush = true;
413				}
414				if (keys == null) {
415					Log.w(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Received invalid prekeys:" + packet);
416				}
417				try {
418					boolean changed = false;
419					// Validate IdentityKey
420					IdentityKeyPair identityKeyPair = axolotlStore.getIdentityKeyPair();
421					if (flush || !identityKeyPair.getPublicKey().equals(bundle.getIdentityKey())) {
422						Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Adding own IdentityKey " + identityKeyPair.getPublicKey() + " to PEP.");
423						changed = true;
424					}
425
426					// Validate signedPreKeyRecord + ID
427					SignedPreKeyRecord signedPreKeyRecord;
428					int numSignedPreKeys = axolotlStore.loadSignedPreKeys().size();
429					try {
430						signedPreKeyRecord = axolotlStore.loadSignedPreKey(bundle.getSignedPreKeyId());
431						if (flush
432								|| !bundle.getSignedPreKey().equals(signedPreKeyRecord.getKeyPair().getPublicKey())
433								|| !Arrays.equals(bundle.getSignedPreKeySignature(), signedPreKeyRecord.getSignature())) {
434							Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Adding new signedPreKey with ID " + (numSignedPreKeys + 1) + " to PEP.");
435							signedPreKeyRecord = KeyHelper.generateSignedPreKey(identityKeyPair, numSignedPreKeys + 1);
436							axolotlStore.storeSignedPreKey(signedPreKeyRecord.getId(), signedPreKeyRecord);
437							changed = true;
438						}
439					} catch (InvalidKeyIdException e) {
440						Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Adding new signedPreKey with ID " + (numSignedPreKeys + 1) + " to PEP.");
441						signedPreKeyRecord = KeyHelper.generateSignedPreKey(identityKeyPair, numSignedPreKeys + 1);
442						axolotlStore.storeSignedPreKey(signedPreKeyRecord.getId(), signedPreKeyRecord);
443						changed = true;
444					}
445
446					// Validate PreKeys
447					Set<PreKeyRecord> preKeyRecords = new HashSet<>();
448					if (keys != null) {
449						for (Integer id : keys.keySet()) {
450							try {
451								PreKeyRecord preKeyRecord = axolotlStore.loadPreKey(id);
452								if (preKeyRecord.getKeyPair().getPublicKey().equals(keys.get(id))) {
453									preKeyRecords.add(preKeyRecord);
454								}
455							} catch (InvalidKeyIdException ignored) {
456							}
457						}
458					}
459					int newKeys = NUM_KEYS_TO_PUBLISH - preKeyRecords.size();
460					if (newKeys > 0) {
461						List<PreKeyRecord> newRecords = KeyHelper.generatePreKeys(
462								axolotlStore.getCurrentPreKeyId() + 1, newKeys);
463						preKeyRecords.addAll(newRecords);
464						for (PreKeyRecord record : newRecords) {
465							axolotlStore.storePreKey(record.getId(), record);
466						}
467						changed = true;
468						Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Adding " + newKeys + " new preKeys to PEP.");
469					}
470
471
472					if (changed) {
473						IqPacket publish = mXmppConnectionService.getIqGenerator().publishBundles(
474								signedPreKeyRecord, axolotlStore.getIdentityKeyPair().getPublicKey(),
475								preKeyRecords, getOwnDeviceId());
476						Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + ": Bundle " + getOwnDeviceId() + " in PEP not current. Publishing: " + publish);
477						mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() {
478							@Override
479							public void onIqPacketReceived(Account account, IqPacket packet) {
480								if (packet.getType() == IqPacket.TYPE.RESULT) {
481									Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Successfully published bundle. ");
482									if (announceAfter) {
483										Log.d(Config.LOGTAG, getLogprefix(account) + "Announcing device " + getOwnDeviceId());
484										publishOwnDeviceIdIfNeeded();
485									}
486								} else {
487									Log.d(Config.LOGTAG, getLogprefix(account) + "Error received while publishing bundle: " + packet.findChild("error"));
488								}
489							}
490						});
491					} else {
492						Log.d(Config.LOGTAG, getLogprefix(account) + "Bundle " + getOwnDeviceId() + " in PEP was current");
493						if (announceAfter) {
494							Log.d(Config.LOGTAG, getLogprefix(account) + "Announcing device " + getOwnDeviceId());
495							publishOwnDeviceIdIfNeeded();
496						}
497					}
498				} catch (InvalidKeyException e) {
499					Log.e(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Failed to publish bundle " + getOwnDeviceId() + ", reason: " + e.getMessage());
500					return;
501				}
502			}
503		});
504	}
505
506	public boolean isContactAxolotlCapable(Contact contact) {
507		Jid jid = contact.getJid().toBareJid();
508		return hasAny(contact) ||
509				(deviceIds.containsKey(jid) && !deviceIds.get(jid).isEmpty());
510	}
511
512	public XmppAxolotlSession.Trust getFingerprintTrust(String fingerprint) {
513		return axolotlStore.getFingerprintTrust(fingerprint);
514	}
515
516	public void setFingerprintTrust(String fingerprint, XmppAxolotlSession.Trust trust) {
517		axolotlStore.setFingerprintTrust(fingerprint, trust);
518	}
519
520	private void buildSessionFromPEP(final AxolotlAddress address) {
521		Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building new sesstion for " + address.toString());
522		if (address.getDeviceId() == getOwnDeviceId()) {
523			throw new AssertionError("We should NEVER build a session with ourselves. What happened here?!");
524		}
525
526		try {
527			IqPacket bundlesPacket = mXmppConnectionService.getIqGenerator().retrieveBundlesForDevice(
528					Jid.fromString(address.getName()), address.getDeviceId());
529			Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Retrieving bundle: " + bundlesPacket);
530			mXmppConnectionService.sendIqPacket(account, bundlesPacket, new OnIqPacketReceived() {
531				private void finish() {
532					AxolotlAddress ownAddress = new AxolotlAddress(account.getJid().toBareJid().toString(), 0);
533					if (!fetchStatusMap.getAll(ownAddress).containsValue(FetchStatus.PENDING)
534							&& !fetchStatusMap.getAll(address).containsValue(FetchStatus.PENDING)) {
535						mXmppConnectionService.keyStatusUpdated();
536					}
537				}
538
539				@Override
540				public void onIqPacketReceived(Account account, IqPacket packet) {
541					if (packet.getType() == IqPacket.TYPE.RESULT) {
542						Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Received preKey IQ packet, processing...");
543						final IqParser parser = mXmppConnectionService.getIqParser();
544						final List<PreKeyBundle> preKeyBundleList = parser.preKeys(packet);
545						final PreKeyBundle bundle = parser.bundle(packet);
546						if (preKeyBundleList.isEmpty() || bundle == null) {
547							Log.e(Config.LOGTAG, AxolotlService.getLogprefix(account) + "preKey IQ packet invalid: " + packet);
548							fetchStatusMap.put(address, FetchStatus.ERROR);
549							finish();
550							return;
551						}
552						Random random = new Random();
553						final PreKeyBundle preKey = preKeyBundleList.get(random.nextInt(preKeyBundleList.size()));
554						if (preKey == null) {
555							//should never happen
556							fetchStatusMap.put(address, FetchStatus.ERROR);
557							finish();
558							return;
559						}
560
561						final PreKeyBundle preKeyBundle = new PreKeyBundle(0, address.getDeviceId(),
562								preKey.getPreKeyId(), preKey.getPreKey(),
563								bundle.getSignedPreKeyId(), bundle.getSignedPreKey(),
564								bundle.getSignedPreKeySignature(), bundle.getIdentityKey());
565
566						try {
567							SessionBuilder builder = new SessionBuilder(axolotlStore, address);
568							builder.process(preKeyBundle);
569							XmppAxolotlSession session = new XmppAxolotlSession(account, axolotlStore, address, bundle.getIdentityKey().getFingerprint().replaceAll("\\s", ""));
570							sessions.put(address, session);
571							fetchStatusMap.put(address, FetchStatus.SUCCESS);
572						} catch (UntrustedIdentityException | InvalidKeyException e) {
573							Log.e(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Error building session for " + address + ": "
574									+ e.getClass().getName() + ", " + e.getMessage());
575							fetchStatusMap.put(address, FetchStatus.ERROR);
576						}
577
578						finish();
579					} else {
580						fetchStatusMap.put(address, FetchStatus.ERROR);
581						Log.d(Config.LOGTAG, getLogprefix(account) + "Error received while building session:" + packet.findChild("error"));
582						finish();
583						return;
584					}
585				}
586			});
587		} catch (InvalidJidException e) {
588			Log.e(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Got address with invalid jid: " + address.getName());
589		}
590	}
591
592	public Set<AxolotlAddress> findDevicesWithoutSession(final Conversation conversation) {
593		Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Finding devices without session for " + conversation.getContact().getJid().toBareJid());
594		Jid contactJid = conversation.getContact().getJid().toBareJid();
595		Set<AxolotlAddress> addresses = new HashSet<>();
596		if (deviceIds.get(contactJid) != null) {
597			for (Integer foreignId : this.deviceIds.get(contactJid)) {
598				AxolotlAddress address = new AxolotlAddress(contactJid.toString(), foreignId);
599				if (sessions.get(address) == null) {
600					IdentityKey identityKey = axolotlStore.loadSession(address).getSessionState().getRemoteIdentityKey();
601					if (identityKey != null) {
602						Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Already have session for " + address.toString() + ", adding to cache...");
603						XmppAxolotlSession session = new XmppAxolotlSession(account, axolotlStore, address, identityKey.getFingerprint().replaceAll("\\s", ""));
604						sessions.put(address, session);
605					} else {
606						Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Found device " + account.getJid().toBareJid() + ":" + foreignId);
607						addresses.add(new AxolotlAddress(contactJid.toString(), foreignId));
608					}
609				}
610			}
611		} else {
612			Log.w(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Have no target devices in PEP!");
613		}
614		if (deviceIds.get(account.getJid().toBareJid()) != null) {
615			for (Integer ownId : this.deviceIds.get(account.getJid().toBareJid())) {
616				AxolotlAddress address = new AxolotlAddress(account.getJid().toBareJid().toString(), ownId);
617				if (sessions.get(address) == null) {
618					IdentityKey identityKey = axolotlStore.loadSession(address).getSessionState().getRemoteIdentityKey();
619					if (identityKey != null) {
620						Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Already have session for " + address.toString() + ", adding to cache...");
621						XmppAxolotlSession session = new XmppAxolotlSession(account, axolotlStore, address, identityKey.getFingerprint().replaceAll("\\s", ""));
622						sessions.put(address, session);
623					} else {
624						Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Found device " + account.getJid().toBareJid() + ":" + ownId);
625						addresses.add(new AxolotlAddress(account.getJid().toBareJid().toString(), ownId));
626					}
627				}
628			}
629		}
630
631		return addresses;
632	}
633
634	public boolean createSessionsIfNeeded(final Conversation conversation) {
635		Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Creating axolotl sessions if needed...");
636		boolean newSessions = false;
637		Set<AxolotlAddress> addresses = findDevicesWithoutSession(conversation);
638		for (AxolotlAddress address : addresses) {
639			Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Processing device: " + address.toString());
640			FetchStatus status = fetchStatusMap.get(address);
641			if (status == null || status == FetchStatus.ERROR) {
642				fetchStatusMap.put(address, FetchStatus.PENDING);
643				this.buildSessionFromPEP(address);
644				newSessions = true;
645			} else if (status == FetchStatus.PENDING) {
646				newSessions = true;
647			} else {
648				Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Already fetching bundle for " + address.toString());
649			}
650		}
651
652		return newSessions;
653	}
654
655	public boolean hasPendingKeyFetches(Conversation conversation) {
656		AxolotlAddress ownAddress = new AxolotlAddress(account.getJid().toBareJid().toString(), 0);
657		AxolotlAddress foreignAddress = new AxolotlAddress(conversation.getJid().toBareJid().toString(), 0);
658		return fetchStatusMap.getAll(ownAddress).containsValue(FetchStatus.PENDING)
659				|| fetchStatusMap.getAll(foreignAddress).containsValue(FetchStatus.PENDING);
660
661	}
662
663	@Nullable
664	private XmppAxolotlMessage buildHeader(Contact contact) {
665		final XmppAxolotlMessage axolotlMessage = new XmppAxolotlMessage(
666				contact.getJid().toBareJid(), getOwnDeviceId());
667
668		Set<XmppAxolotlSession> contactSessions = findSessionsforContact(contact);
669		Set<XmppAxolotlSession> ownSessions = findOwnSessions();
670		if (contactSessions.isEmpty()) {
671			return null;
672		}
673		Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building axolotl foreign keyElements...");
674		for (XmppAxolotlSession session : contactSessions) {
675			Log.v(Config.LOGTAG, AxolotlService.getLogprefix(account) + session.getRemoteAddress().toString());
676			axolotlMessage.addDevice(session);
677		}
678		Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building axolotl own keyElements...");
679		for (XmppAxolotlSession session : ownSessions) {
680			Log.v(Config.LOGTAG, AxolotlService.getLogprefix(account) + session.getRemoteAddress().toString());
681			axolotlMessage.addDevice(session);
682		}
683
684		return axolotlMessage;
685	}
686
687	@Nullable
688	public XmppAxolotlMessage encrypt(Message message) {
689		XmppAxolotlMessage axolotlMessage = buildHeader(message.getContact());
690
691		if (axolotlMessage != null) {
692			final String content;
693			if (message.hasFileOnRemoteHost()) {
694				content = message.getFileParams().url.toString();
695			} else {
696				content = message.getBody();
697			}
698			try {
699				axolotlMessage.encrypt(content);
700			} catch (CryptoFailedException e) {
701				Log.w(Config.LOGTAG, getLogprefix(account) + "Failed to encrypt message: " + e.getMessage());
702				return null;
703			}
704		}
705
706		return axolotlMessage;
707	}
708
709	public void preparePayloadMessage(final Message message, final boolean delay) {
710		executor.execute(new Runnable() {
711			@Override
712			public void run() {
713				XmppAxolotlMessage axolotlMessage = encrypt(message);
714				if (axolotlMessage == null) {
715					mXmppConnectionService.markMessage(message, Message.STATUS_SEND_FAILED);
716					//mXmppConnectionService.updateConversationUi();
717				} else {
718					Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Generated message, caching: " + message.getUuid());
719					messageCache.put(message.getUuid(), axolotlMessage);
720					mXmppConnectionService.resendMessage(message, delay);
721				}
722			}
723		});
724	}
725
726	public void prepareKeyTransportMessage(final Contact contact, final OnMessageCreatedCallback onMessageCreatedCallback) {
727		executor.execute(new Runnable() {
728			@Override
729			public void run() {
730				XmppAxolotlMessage axolotlMessage = buildHeader(contact);
731				onMessageCreatedCallback.run(axolotlMessage);
732			}
733		});
734	}
735
736	public XmppAxolotlMessage fetchAxolotlMessageFromCache(Message message) {
737		XmppAxolotlMessage axolotlMessage = messageCache.get(message.getUuid());
738		if (axolotlMessage != null) {
739			Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Cache hit: " + message.getUuid());
740			messageCache.remove(message.getUuid());
741		} else {
742			Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Cache miss: " + message.getUuid());
743		}
744		return axolotlMessage;
745	}
746
747	private XmppAxolotlSession recreateUncachedSession(AxolotlAddress address) {
748		IdentityKey identityKey = axolotlStore.loadSession(address).getSessionState().getRemoteIdentityKey();
749		return (identityKey != null)
750				? new XmppAxolotlSession(account, axolotlStore, address,
751						identityKey.getFingerprint().replaceAll("\\s", ""))
752				: null;
753	}
754
755	private XmppAxolotlSession getReceivingSession(XmppAxolotlMessage message) {
756		AxolotlAddress senderAddress = new AxolotlAddress(message.getFrom().toString(),
757				message.getSenderDeviceId());
758		XmppAxolotlSession session = sessions.get(senderAddress);
759		if (session == null) {
760			Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Account: " + account.getJid() + " No axolotl session found while parsing received message " + message);
761			session = recreateUncachedSession(senderAddress);
762			if (session == null) {
763				session = new XmppAxolotlSession(account, axolotlStore, senderAddress);
764			}
765		}
766		return session;
767	}
768
769	public XmppAxolotlMessage.XmppAxolotlPlaintextMessage processReceivingPayloadMessage(XmppAxolotlMessage message) {
770		XmppAxolotlMessage.XmppAxolotlPlaintextMessage plaintextMessage = null;
771
772		XmppAxolotlSession session = getReceivingSession(message);
773		try {
774			plaintextMessage = message.decrypt(session, getOwnDeviceId());
775			Integer preKeyId = session.getPreKeyId();
776			if (preKeyId != null) {
777				publishBundlesIfNeeded(false);
778				session.resetPreKeyId();
779			}
780		} catch (CryptoFailedException e) {
781			Log.w(Config.LOGTAG, getLogprefix(account) + "Failed to decrypt message: " + e.getMessage());
782		}
783
784		if (session.isFresh() && plaintextMessage != null) {
785			sessions.put(session);
786		}
787
788		return plaintextMessage;
789	}
790
791	public XmppAxolotlMessage.XmppAxolotlKeyTransportMessage processReceivingKeyTransportMessage(XmppAxolotlMessage message) {
792		XmppAxolotlMessage.XmppAxolotlKeyTransportMessage keyTransportMessage;
793
794		XmppAxolotlSession session = getReceivingSession(message);
795		keyTransportMessage = message.getParameters(session, getOwnDeviceId());
796
797		if (session.isFresh() && keyTransportMessage != null) {
798			sessions.put(session);
799		}
800
801		return keyTransportMessage;
802	}
803}