Defer attachment secret access until it's actually needed

Author: SessionHero01

app/src/main/java/org/thoughtcrime/securesms/conversation/v2/ConversationActivityV2.kt

@@ -59,6 +59,7 @@ import androidx.recyclerview.widget.RecyclerView
 import com.annimon.stream.Stream
 import com.bumptech.glide.Glide
 import com.squareup.phrase.Phrase
+import dagger.Lazy
 import dagger.hilt.android.AndroidEntryPoint
 import dagger.hilt.android.lifecycle.withCreationCallback
 import kotlinx.coroutines.CancellationException
@@ -263,7 +264,6 @@ class ConversationActivityV2 : ScreenLockActionBarActivity(), InputBarDelegate,
     @Inject lateinit var typingStatusRepository: TypingStatusRepository
     @Inject lateinit var typingStatusSender: TypingStatusSender
     @Inject lateinit var openGroupManager: OpenGroupManager
-    @Inject lateinit var attachmentDatabase: AttachmentDatabase
     @Inject lateinit var clock: SnodeClock
     @Inject @ManagerScope
     lateinit var scope: CoroutineScope

app/src/main/java/org/thoughtcrime/securesms/database/AttachmentDatabase.java

@@ -26,17 +26,16 @@
 import android.text.TextUtils;
 import android.util.Pair;
 
-import androidx.annotation.NonNull;
-import androidx.annotation.Nullable;
 import androidx.annotation.VisibleForTesting;
 
 import com.bumptech.glide.Glide;
 
 import net.zetetic.database.sqlcipher.SQLiteDatabase;
 
-import org.apache.commons.lang3.StringUtils;
 import org.json.JSONArray;
 import org.json.JSONException;
+import org.jspecify.annotations.NonNull;
+import org.jspecify.annotations.Nullable;
 import org.session.libsession.messaging.sending_receiving.attachments.Attachment;
 import org.session.libsession.messaging.sending_receiving.attachments.AttachmentId;
 import org.session.libsession.messaging.sending_receiving.attachments.AttachmentState;
@@ -80,14 +79,19 @@
 import java.util.concurrent.ExecutionException;
 import java.util.concurrent.ExecutorService;
 
+import javax.inject.Inject;
 import javax.inject.Provider;
+import javax.inject.Singleton;
 
+import dagger.Lazy;
+import dagger.hilt.android.qualifiers.ApplicationContext;
 import kotlin.jvm.Synchronized;
 import kotlinx.coroutines.channels.BufferOverflow;
 import kotlinx.coroutines.flow.MutableSharedFlow;
 import kotlinx.coroutines.flow.SharedFlow;
 import kotlinx.coroutines.flow.SharedFlowKt;
 
+@Singleton
 public class AttachmentDatabase extends Database {
 
   private static final String TAG = AttachmentDatabase.class.getSimpleName();
@@ -161,13 +165,18 @@ public class AttachmentDatabase extends Database {
 
   final ExecutorService thumbnailExecutor = Util.newSingleThreadedLifoExecutor();
 
-  private final AttachmentSecret attachmentSecret;
+  private final Lazy<@NonNull AttachmentSecret> attachmentSecret;
 
   private final MutableSharedFlow<Object> mutableChangesNotification = SharedFlowKt.MutableSharedFlow(
           0, 100, BufferOverflow.DROP_OLDEST
   );
 
-  public AttachmentDatabase(Context context, Provider<SQLCipherOpenHelper> databaseHelper, AttachmentSecret attachmentSecret) {
+  @Inject
+  public AttachmentDatabase(
+          @ApplicationContext Context context,
+          Provider<SQLCipherOpenHelper> databaseHelper,
+          Lazy<@NonNull AttachmentSecret> attachmentSecret
+  ) {
     super(context, databaseHelper);
     this.attachmentSecret = attachmentSecret;
   }
@@ -535,9 +544,9 @@ public void setTransferState(@NonNull AttachmentId attachmentId, int transferSta
 
     try {
       if (dataInfo.random != null && dataInfo.random.length == 32) {
-        return ModernDecryptingPartInputStream.createFor(attachmentSecret, dataInfo.random, dataInfo.file, offset);
+        return ModernDecryptingPartInputStream.createFor(attachmentSecret.get(), dataInfo.random, dataInfo.file, offset);
       } else {
-        InputStream stream  = ClassicDecryptingPartInputStream.createFor(attachmentSecret, dataInfo.file);
+        InputStream stream  = ClassicDecryptingPartInputStream.createFor(attachmentSecret.get(), dataInfo.file);
         long        skipped = stream.skip(offset);
 
         if (skipped != offset) {
@@ -607,7 +616,7 @@ public void setTransferState(@NonNull AttachmentId attachmentId, int transferSta
       File dataFile       = File.createTempFile("part", ".mms", partsDirectory);
 
       Log.d("AttachmentDatabase", "Writing attachment data to: " + dataFile.getAbsolutePath());
-      Pair<byte[], OutputStream> out    = ModernEncryptingPartOutputStream.createFor(attachmentSecret, dataFile, false);
+      Pair<byte[], OutputStream> out    = ModernEncryptingPartOutputStream.createFor(attachmentSecret.get(), dataFile, false);
       long                       length = Util.copy(in, out.second);
 
       return new DataInfo(dataFile, length, out.first);
@@ -894,7 +903,7 @@ private ThumbnailData generateVideoThumbnail(AttachmentId attachmentId) {
         return null;
       }
 
-      EncryptedMediaDataSource dataSource = new EncryptedMediaDataSource(attachmentSecret, dataInfo.file, dataInfo.random, dataInfo.length);
+      EncryptedMediaDataSource dataSource = new EncryptedMediaDataSource(attachmentSecret.get(), dataInfo.file, dataInfo.random, dataInfo.length);
       MediaMetadataRetriever   retriever  = new MediaMetadataRetriever();
       retriever.setDataSource(dataSource);
 

app/src/main/java/org/thoughtcrime/securesms/dependencies/DatabaseModule.kt

@@ -54,11 +54,6 @@ object DatabaseModule {
         return manager.openHelper
     }
 
-    @Provides
-    @Singleton
-    fun provideAttachmentDatabase(@ApplicationContext context: Context,
-                                  openHelper: Provider<SQLCipherOpenHelper>,
-                                  attachmentSecret: AttachmentSecret) = AttachmentDatabase(context, openHelper, attachmentSecret)
     @Provides
     @Singleton
     fun provideMediaDatbase(@ApplicationContext context: Context, openHelper: Provider<SQLCipherOpenHelper>) = MediaDatabase(context, openHelper)

app/src/main/java/org/thoughtcrime/securesms/glide/cache/EncryptedBitmapCacheDecoder.java

@@ -2,15 +2,18 @@
 
 
 import android.graphics.Bitmap;
+
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
-import org.session.libsignal.utilities.Log;
 
 import com.bumptech.glide.load.Options;
 import com.bumptech.glide.load.ResourceDecoder;
 import com.bumptech.glide.load.engine.Resource;
 import com.bumptech.glide.load.resource.bitmap.StreamBitmapDecoder;
 
+import org.session.libsignal.utilities.Log;
+import org.thoughtcrime.securesms.crypto.AttachmentSecretProvider;
+
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
@@ -20,10 +23,10 @@ public class EncryptedBitmapCacheDecoder extends EncryptedCoder implements Resou
   private static final String TAG = EncryptedBitmapCacheDecoder.class.getSimpleName();
 
   private final StreamBitmapDecoder streamBitmapDecoder;
-  private final byte[]              secret;
+  private final AttachmentSecretProvider attachmentSecretProvider;
 
-  public EncryptedBitmapCacheDecoder(@NonNull byte[] secret, @NonNull StreamBitmapDecoder streamBitmapDecoder) {
-    this.secret              = secret;
+  public EncryptedBitmapCacheDecoder(@NonNull AttachmentSecretProvider attachmentSecretProvider, @NonNull StreamBitmapDecoder streamBitmapDecoder) {
+    this.attachmentSecretProvider = attachmentSecretProvider;
     this.streamBitmapDecoder = streamBitmapDecoder;
   }
 
@@ -33,7 +36,7 @@ public boolean handles(@NonNull File source, @NonNull Options options)
   {
     Log.i(TAG, "Checking item for encrypted Bitmap cache decoder: " + source.toString());
 
-    try (InputStream inputStream = createEncryptedInputStream(secret, source)) {
+    try (InputStream inputStream = createEncryptedInputStream(attachmentSecretProvider.getOrCreateAttachmentSecret().getModernKey(), source)) {
       return streamBitmapDecoder.handles(inputStream, options);
     } catch (IOException e) {
       Log.w(TAG, e);
@@ -47,7 +50,7 @@ public Resource<Bitmap> decode(@NonNull File source, int width, int height, @Non
       throws IOException
   {
     Log.i(TAG, "Encrypted Bitmap cache decoder running: " + source.toString());
-    try (InputStream inputStream = createEncryptedInputStream(secret, source)) {
+    try (InputStream inputStream = createEncryptedInputStream(attachmentSecretProvider.getOrCreateAttachmentSecret().getModernKey(), source)) {
       return streamBitmapDecoder.decode(inputStream, width, height, options);
     }
   }

app/src/main/java/org/thoughtcrime/securesms/glide/cache/EncryptedBitmapResourceEncoder.java

@@ -4,6 +4,7 @@
 import android.graphics.Bitmap;
 import androidx.annotation.NonNull;
 import org.session.libsignal.utilities.Log;
+import org.thoughtcrime.securesms.crypto.AttachmentSecretProvider;
 
 import com.bumptech.glide.load.EncodeStrategy;
 import com.bumptech.glide.load.Options;
@@ -19,10 +20,10 @@ public class EncryptedBitmapResourceEncoder extends EncryptedCoder implements Re
 
   private static final String TAG = EncryptedBitmapResourceEncoder.class.getSimpleName();
 
-  private final byte[] secret;
+  private final AttachmentSecretProvider secretProvider;
 
-  public EncryptedBitmapResourceEncoder(@NonNull byte[] secret) {
-    this.secret = secret;
+  public EncryptedBitmapResourceEncoder(@NonNull AttachmentSecretProvider secretProvider) {
+    this.secretProvider = secretProvider;
   }
 
   @Override
@@ -39,7 +40,7 @@ public boolean encode(@NonNull Resource<Bitmap> data, @NonNull File file, @NonNu
     Bitmap.CompressFormat format  = getFormat(bitmap, options);
     int                   quality = options.get(BitmapEncoder.COMPRESSION_QUALITY);
 
-    try (OutputStream os = createEncryptedOutputStream(secret, file)) {
+    try (OutputStream os = createEncryptedOutputStream(secretProvider.getOrCreateAttachmentSecret().getModernKey(), file)) {
       bitmap.compress(format, quality, os);
       os.close();
       return true;

app/src/main/java/org/thoughtcrime/securesms/glide/cache/EncryptedCacheEncoder.java

@@ -1,28 +1,31 @@
 package org.thoughtcrime.securesms.glide.cache;
 
 
-import androidx.annotation.NonNull;
 
 import com.bumptech.glide.load.Encoder;
 import com.bumptech.glide.load.Options;
 import com.bumptech.glide.load.engine.bitmap_recycle.ArrayPool;
 
+import org.jspecify.annotations.NonNull;
 import org.session.libsignal.utilities.Log;
+import org.thoughtcrime.securesms.crypto.AttachmentSecretProvider;
 
 import java.io.File;
 import java.io.IOException;
 import java.io.InputStream;
 import java.io.OutputStream;
 
+import dagger.Lazy;
+
 public class EncryptedCacheEncoder extends EncryptedCoder implements Encoder<InputStream> {
 
   private static final String TAG = EncryptedCacheEncoder.class.getSimpleName();
 
-  private final byte[]    secret;
+  private final AttachmentSecretProvider attachmentSecretProvider;
   private final ArrayPool byteArrayPool;
 
-  public EncryptedCacheEncoder(@NonNull byte[] secret, @NonNull ArrayPool byteArrayPool) {
-    this.secret        = secret;
+  public EncryptedCacheEncoder(AttachmentSecretProvider attachmentSecretProvider, @NonNull ArrayPool byteArrayPool) {
+    this.attachmentSecretProvider = attachmentSecretProvider;
     this.byteArrayPool = byteArrayPool;
   }
 
@@ -33,7 +36,7 @@ public boolean encode(@NonNull InputStream data, @NonNull File file, @NonNull Op
 
     byte[] buffer = byteArrayPool.get(ArrayPool.STANDARD_BUFFER_SIZE_BYTES, byte[].class);
 
-    try (OutputStream outputStream = createEncryptedOutputStream(secret, file)) {
+    try (OutputStream outputStream = createEncryptedOutputStream(attachmentSecretProvider.getOrCreateAttachmentSecret().getModernKey(), file)) {
       int read;
 
       while ((read = data.read(buffer)) != -1) {

app/src/main/java/org/thoughtcrime/securesms/glide/cache/EncryptedGifCacheDecoder.java

@@ -4,6 +4,7 @@
 import androidx.annotation.NonNull;
 import androidx.annotation.Nullable;
 import org.session.libsignal.utilities.Log;
+import org.thoughtcrime.securesms.crypto.AttachmentSecretProvider;
 
 import com.bumptech.glide.load.Options;
 import com.bumptech.glide.load.ResourceDecoder;
@@ -19,19 +20,19 @@ public class EncryptedGifCacheDecoder extends EncryptedCoder implements Resource
 
   private static final String TAG = EncryptedGifCacheDecoder.class.getSimpleName();
 
-  private final byte[]           secret;
+  private final AttachmentSecretProvider attachmentSecretProvider;
   private final StreamGifDecoder gifDecoder;
 
-  public EncryptedGifCacheDecoder(@NonNull byte[] secret, @NonNull StreamGifDecoder gifDecoder) {
-    this.secret     = secret;
+  public EncryptedGifCacheDecoder(@NonNull AttachmentSecretProvider attachmentSecretProvider, @NonNull StreamGifDecoder gifDecoder) {
+    this.attachmentSecretProvider = attachmentSecretProvider;
     this.gifDecoder = gifDecoder;
   }
 
   @Override
   public boolean handles(@NonNull File source, @NonNull Options options) {
     Log.i(TAG, "Checking item for encrypted GIF cache decoder: " + source.toString());
 
-    try (InputStream inputStream = createEncryptedInputStream(secret, source)) {
+    try (InputStream inputStream = createEncryptedInputStream(attachmentSecretProvider.getOrCreateAttachmentSecret().getModernKey(), source)) {
       return gifDecoder.handles(inputStream, options);
     } catch (IOException e) {
       Log.w(TAG, e);
@@ -43,7 +44,7 @@ public boolean handles(@NonNull File source, @NonNull Options options) {
   @Override
   public Resource<GifDrawable> decode(@NonNull File source, int width, int height, @NonNull Options options) throws IOException {
     Log.i(TAG, "Encrypted GIF cache decoder running...");
-    try (InputStream inputStream = createEncryptedInputStream(secret, source)) {
+    try (InputStream inputStream = createEncryptedInputStream(attachmentSecretProvider.getOrCreateAttachmentSecret().getModernKey(), source)) {
       return gifDecoder.decode(inputStream, width, height, options);
     }
   }

app/src/main/java/org/thoughtcrime/securesms/glide/cache/EncryptedGifDrawableResourceEncoder.java

@@ -3,6 +3,7 @@
 
 import androidx.annotation.NonNull;
 import org.session.libsignal.utilities.Log;
+import org.thoughtcrime.securesms.crypto.AttachmentSecretProvider;
 
 import com.bumptech.glide.load.EncodeStrategy;
 import com.bumptech.glide.load.Options;
@@ -19,10 +20,10 @@ public class EncryptedGifDrawableResourceEncoder extends EncryptedCoder implemen
 
   private static final String TAG = EncryptedGifDrawableResourceEncoder.class.getSimpleName();
 
-  private final byte[] secret;
+  private final AttachmentSecretProvider secretProvider;
 
-  public EncryptedGifDrawableResourceEncoder(@NonNull byte[] secret) {
-    this.secret = secret;
+  public EncryptedGifDrawableResourceEncoder(@NonNull AttachmentSecretProvider secretProvider) {
+    this.secretProvider = secretProvider;
   }
 
   @Override
@@ -34,7 +35,7 @@ public EncodeStrategy getEncodeStrategy(@NonNull Options options) {
   public boolean encode(@NonNull Resource<GifDrawable> data, @NonNull File file, @NonNull Options options) {
     GifDrawable drawable = data.get();
 
-    try (OutputStream outputStream = createEncryptedOutputStream(secret, file)) {
+    try (OutputStream outputStream = createEncryptedOutputStream(secretProvider.getOrCreateAttachmentSecret().getModernKey(), file)) {
       ByteBufferUtil.toStream(drawable.getBuffer(), outputStream);
       return true;
     } catch (IOException e) {

app/src/main/java/org/thoughtcrime/securesms/logging/PersistentLogger.kt

@@ -58,8 +58,8 @@ class PersistentLogger @Inject constructor(
             var logWriter: LogFile.Writer? = null
             val entryBuilder = StringBuilder()
 
-            try {
-                while (true) {
+            while (true) {
+                try {
                     channel.receiveBulkLogs(bulk)
 
                     if (bulk.isNotEmpty()) {
@@ -92,18 +92,18 @@ class PersistentLogger @Inject constructor(
                             logWriter = null
                         }
                     }
-
-                    // Notify that the log channel is idle
-                    logChannelIdleSignal.tryEmit(Unit)
+                } catch (e: Throwable) {
+                    logWriter?.close()
+
+                    android.util.Log.e(
+                        TAG,
+                        "Error while processing log entries: ${e.message}",
+                        e
+                    )
                 }
-            } catch (e: Exception) {
-                logWriter?.close()
-
-                android.util.Log.e(
-                    TAG,
-                    "Error while processing log entries: ${e.message}",
-                    e
-                )
+
+                // Notify that the log channel is idle
+                logChannelIdleSignal.tryEmit(Unit)
             }
         }
     }

app/src/main/java/org/thoughtcrime/securesms/mms/SignalGlideModule.java

@@ -57,16 +57,15 @@ public void applyOptions(Context context, GlideBuilder builder) {
 
   @Override
   public void registerComponents(@NonNull Context context, @NonNull Glide glide, @NonNull Registry registry) {
-    AttachmentSecret attachmentSecret = AttachmentSecretProvider.getInstance(context).getOrCreateAttachmentSecret();
-    byte[]           secret           = attachmentSecret.getModernKey();
+    AttachmentSecretProvider secretProvider = AttachmentSecretProvider.getInstance(context);
 
     registry.prepend(File.class, File.class, UnitModelLoader.Factory.getInstance());
-    registry.prepend(InputStream.class, new EncryptedCacheEncoder(secret, glide.getArrayPool()));
-    registry.prepend(File.class, Bitmap.class, new EncryptedBitmapCacheDecoder(secret, new StreamBitmapDecoder(new Downsampler(registry.getImageHeaderParsers(), context.getResources().getDisplayMetrics(), glide.getBitmapPool(), glide.getArrayPool()), glide.getArrayPool())));
-    registry.prepend(File.class, GifDrawable.class, new EncryptedGifCacheDecoder(secret, new StreamGifDecoder(registry.getImageHeaderParsers(), new ByteBufferGifDecoder(context, registry.getImageHeaderParsers(), glide.getBitmapPool(), glide.getArrayPool()), glide.getArrayPool())));
+    registry.prepend(InputStream.class, new EncryptedCacheEncoder(secretProvider, glide.getArrayPool()));
+    registry.prepend(File.class, Bitmap.class, new EncryptedBitmapCacheDecoder(secretProvider, new StreamBitmapDecoder(new Downsampler(registry.getImageHeaderParsers(), context.getResources().getDisplayMetrics(), glide.getBitmapPool(), glide.getArrayPool()), glide.getArrayPool())));
+    registry.prepend(File.class, GifDrawable.class, new EncryptedGifCacheDecoder(secretProvider, new StreamGifDecoder(registry.getImageHeaderParsers(), new ByteBufferGifDecoder(context, registry.getImageHeaderParsers(), glide.getBitmapPool(), glide.getArrayPool()), glide.getArrayPool())));
 
-    registry.prepend(Bitmap.class, new EncryptedBitmapResourceEncoder(secret));
-    registry.prepend(GifDrawable.class, new EncryptedGifDrawableResourceEncoder(secret));
+    registry.prepend(Bitmap.class, new EncryptedBitmapResourceEncoder(secretProvider));
+    registry.prepend(GifDrawable.class, new EncryptedGifDrawableResourceEncoder(secretProvider));
 
     registry.append(RemoteFile.class, InputStream.class, new RemoteFileLoader.Factory(
             ((ApplicationContext) (context.getApplicationContext())).getRemoteFileLoader()