Enforce one entry position per identifier in monitor request

signalapp · Jan 10, 2025 · d3d68c2 · d3d68c2
1 parent 0628b3e
commit d3d68c2
Show file tree

Hide file tree

Showing 4 changed files with 54 additions and 73 deletions.
diff --git a/...src/main/java/org/whispersystems/textsecuregcm/controllers/KeyTransparencyController.java b/...src/main/java/org/whispersystems/textsecuregcm/controllers/KeyTransparencyController.java
@@ -151,21 +151,21 @@ public KeyTransparencyMonitorResponse monitor(
     try {
       final AciMonitorRequest aciMonitorRequest = AciMonitorRequest.newBuilder()
           .setAci(ByteString.copyFrom(request.aci().value().toCompactByteArray()))
-          .addAllEntries(request.aci().positions())
+          .setEntryPosition(request.aci().entry_position())
           .setCommitmentIndex(ByteString.copyFrom(request.aci().commitmentIndex()))
           .build();
 
       final Optional<UsernameHashMonitorRequest> usernameHashMonitorRequest = request.usernameHash().map(usernameHash ->
           UsernameHashMonitorRequest.newBuilder()
               .setUsernameHash(ByteString.copyFrom(usernameHash.value()))
-              .addAllEntries(usernameHash.positions())
+              .setEntryPosition(usernameHash.entry_position())
               .setCommitmentIndex(ByteString.copyFrom(usernameHash.commitmentIndex()))
               .build());
 
       final Optional<E164MonitorRequest> e164MonitorRequest = request.e164().map(e164 ->
           E164MonitorRequest.newBuilder()
               .setE164(e164.value())
-              .addAllEntries(e164.positions())
+              .setEntryPosition(e164.entry_position())
               .setCommitmentIndex(ByteString.copyFrom(e164.commitmentIndex()))
               .build());
 

diff --git a/...rc/main/java/org/whispersystems/textsecuregcm/entities/KeyTransparencyMonitorRequest.java b/...rc/main/java/org/whispersystems/textsecuregcm/entities/KeyTransparencyMonitorRequest.java
@@ -49,11 +49,9 @@ public record AciMonitor(
       @Schema(description = "The aci identifier to monitor")
       AciServiceIdentifier value,
 
-      @Schema(description = "A list of log tree positions maintained by the client for the aci search key.")
-      @Valid
-      @NotNull
-      @NotEmpty
-      List<@Positive Long> positions,
+      @Schema(description = "A log tree position maintained by the client for the aci.")
+      @Positive
+      long entry_position,
 
       @Schema(description = "The commitment index derived from a previous search request, encoded in standard unpadded base64")
       @JsonSerialize(using = ByteArrayAdapter.Serializing.class)
@@ -68,11 +66,9 @@ public record E164Monitor(
       @NotBlank
       String value,
 
-      @Schema(description = "A list of log tree positions maintained by the client for the e164 search key.")
-      @NotNull
-      @NotEmpty
-      @Valid
-      List<@Positive Long> positions,
+      @Schema(description = "A log tree position maintained by the client for the e164.")
+      @Positive
+      long entry_position,
 
       @Schema(description = "The commitment index derived from a previous search request, encoded in standard unpadded base64")
       @JsonSerialize(using = ByteArrayAdapter.Serializing.class)
@@ -91,10 +87,9 @@ public record UsernameHashMonitor(
       @NotEmpty
       byte[] value,
 
-      @Schema(description = "A list of log tree positions maintained by the client for the username hash search key.")
-      @NotNull
-      @NotEmpty
-      @Valid List<@Positive Long> positions,
+      @Schema(description = "A log tree position maintained by the client for the username hash.")
+      @Positive
+      long entry_position,
 
       @Schema(description = "The commitment index derived from a previous search request, encoded in standard unpadded base64")
       @JsonSerialize(using = ByteArrayAdapter.Serializing.class)

diff --git a/service/src/main/proto/KeyTransparencyService.proto b/service/src/main/proto/KeyTransparencyService.proto
@@ -295,19 +295,19 @@ message MonitorRequest {
 
 message AciMonitorRequest {
   bytes aci = 1;
-  repeated uint64 entries = 2;
+  uint64 entry_position = 2;
   bytes commitment_index = 3;
 }
 
 message UsernameHashMonitorRequest {
   bytes username_hash = 1;
-  repeated uint64 entries = 2;
+  uint64 entry_position = 2;
   bytes commitment_index = 3;
 }
 
 message E164MonitorRequest {
   string e164 = 1;
-  repeated uint64 entries = 2;
+  uint64 entry_position = 2;
   bytes commitment_index = 3;
 }
 

diff --git a/...test/java/org/whispersystems/textsecuregcm/controllers/KeyTransparencyControllerTest.java b/...test/java/org/whispersystems/textsecuregcm/controllers/KeyTransparencyControllerTest.java
@@ -305,7 +305,7 @@ void monitorSuccess() {
     try (Response response = request.post(Entity.json(
         createRequestJson(
             new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(3L), COMMITMENT_INDEX),
+                new KeyTransparencyMonitorRequest.AciMonitor(ACI,3, COMMITMENT_INDEX),
                 Optional.empty(), Optional.empty(), 3L, 4L))))) {
       assertEquals(200, response.getStatus());
 
@@ -327,7 +327,7 @@ void monitorAuthenticated() {
     try (Response response = request.post(
         Entity.json(createRequestJson(
             new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(3L), COMMITMENT_INDEX),
+                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 3, COMMITMENT_INDEX),
                 Optional.empty(), Optional.empty(), 3L, 4L))))) {
       assertEquals(400, response.getStatus());
       verifyNoInteractions(keyTransparencyServiceClient);
@@ -346,7 +346,7 @@ void monitorGrpcErrors(final Status grpcStatus, final int httpStatus) {
     try (Response response = request.post(
         Entity.json(createRequestJson(
             new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(3L), COMMITMENT_INDEX),
+                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 3, COMMITMENT_INDEX),
                 Optional.empty(), Optional.empty(), 3L, 4L))))) {
       assertEquals(httpStatus, response.getStatus());
       verify(keyTransparencyServiceClient, times(1)).monitor(any(), any(), any(), anyLong(), anyLong(), any());
@@ -381,115 +381,101 @@ private static Stream<Arguments> monitorInvalidRequest() {
             new KeyTransparencyMonitorRequest(null, Optional.empty(), Optional.empty(), 3L, 4L))),
         // aci monitor fields can't be null
         Arguments.of(createRequestJson(
-            new KeyTransparencyMonitorRequest(new KeyTransparencyMonitorRequest.AciMonitor(null, null, null),
+            new KeyTransparencyMonitorRequest(new KeyTransparencyMonitorRequest.AciMonitor(null, 4, null),
                 Optional.empty(), Optional.empty(), 3L, 4L))),
         Arguments.of(createRequestJson(
             new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(null, List.of(4L), COMMITMENT_INDEX),
+                new KeyTransparencyMonitorRequest.AciMonitor(null, 4, COMMITMENT_INDEX),
                 Optional.empty(), Optional.empty(), 3L, 4L))),
         Arguments.of(createRequestJson(
-            new KeyTransparencyMonitorRequest(new KeyTransparencyMonitorRequest.AciMonitor(ACI, null, COMMITMENT_INDEX),
+            new KeyTransparencyMonitorRequest(new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, null),
                 Optional.empty(), Optional.empty(), 3L, 4L))),
-        Arguments.of(createRequestJson(
-            new KeyTransparencyMonitorRequest(new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), null),
-                Optional.empty(), Optional.empty(), 3L, 4L))),
-        // aciPositions list can't be empty
+        // aciPosition must be positive
         Arguments.of(createRequestJson(new KeyTransparencyMonitorRequest(
-            new KeyTransparencyMonitorRequest.AciMonitor(ACI, Collections.emptyList(), COMMITMENT_INDEX),
+            new KeyTransparencyMonitorRequest.AciMonitor(ACI, 0, COMMITMENT_INDEX),
             Optional.empty(), Optional.empty(), 3L, 4L))),
         // aci commitment index must be the correct size
         Arguments.of(createRequestJson(new KeyTransparencyMonitorRequest(
-            new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), new byte[0]),
+            new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, new byte[0]),
             Optional.empty(), Optional.empty(), 3L, 4L))),
         Arguments.of(createRequestJson(new KeyTransparencyMonitorRequest(
-            new KeyTransparencyMonitorRequest.AciMonitor(ACI, Collections.emptyList(), new byte[33]),
+            new KeyTransparencyMonitorRequest.AciMonitor(ACI, 0, new byte[33]),
             Optional.empty(), Optional.empty(), 3L, 4L))),
         // username monitor fields cannot be null
         Arguments.of(createRequestJson(
             new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX), Optional.empty(),
-                Optional.of(new KeyTransparencyMonitorRequest.UsernameHashMonitor(null, null, null)),
-                3L, 4L))),
-        Arguments.of(createRequestJson(
-            new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX), Optional.empty(),
-                Optional.of(new KeyTransparencyMonitorRequest.UsernameHashMonitor(null, List.of(5L), COMMITMENT_INDEX)),
+                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX), Optional.empty(),
+                Optional.of(new KeyTransparencyMonitorRequest.UsernameHashMonitor(null, 5, null)),
                 3L, 4L))),
         Arguments.of(createRequestJson(
             new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX), Optional.empty(),
-                Optional.of(
-                    new KeyTransparencyMonitorRequest.UsernameHashMonitor(USERNAME_HASH, null, COMMITMENT_INDEX)),
+                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX), Optional.empty(),
+                Optional.of(new KeyTransparencyMonitorRequest.UsernameHashMonitor(null, 5, COMMITMENT_INDEX)),
                 3L, 4L))),
         Arguments.of(createRequestJson(
             new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX), Optional.empty(),
-                Optional.of(new KeyTransparencyMonitorRequest.UsernameHashMonitor(USERNAME_HASH, List.of(5L), null)),
+                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX), Optional.empty(),
+                Optional.of(new KeyTransparencyMonitorRequest.UsernameHashMonitor(USERNAME_HASH, 5, null)),
                 3L, 4L))),
-        // usernameHashPositions list cannot be empty
+        // usernameHashPosition must be positive
         Arguments.of(createRequestJson(
             new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX),
+                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX),
                 Optional.empty(),
                 Optional.of(new KeyTransparencyMonitorRequest.UsernameHashMonitor(USERNAME_HASH,
-                    Collections.emptyList(), COMMITMENT_INDEX)), 3L, 4L))),
+                    0, COMMITMENT_INDEX)), 3L, 4L))),
         // username commitment index must be the correct size
         Arguments.of(createRequestJson(
             new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), new byte[0]),
+                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, new byte[0]),
                 Optional.empty(),
                 Optional.of(new KeyTransparencyMonitorRequest.UsernameHashMonitor(USERNAME_HASH,
-                    List.of(5L), new byte[0])), 3L, 4L))),
+                    5, new byte[0])), 3L, 4L))),
         Arguments.of(createRequestJson(
-            new KeyTransparencyMonitorRequest(new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), null),
+            new KeyTransparencyMonitorRequest(new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, null),
                 Optional.empty(),
                 Optional.of(new KeyTransparencyMonitorRequest.UsernameHashMonitor(USERNAME_HASH,
-                    List.of(5L), new byte[33])), 3L, 4L))),
+                    5, new byte[33])), 3L, 4L))),
         // e164 fields cannot be null
         Arguments.of(
             createRequestJson(new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX),
-                Optional.of(new KeyTransparencyMonitorRequest.E164Monitor(null, null, null)),
-                Optional.empty(), 3L, 4L))),
-        Arguments.of(
-            createRequestJson(new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX),
-                Optional.of(new KeyTransparencyMonitorRequest.E164Monitor(null, List.of(5L), COMMITMENT_INDEX)),
+                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX),
+                Optional.of(new KeyTransparencyMonitorRequest.E164Monitor(null, 5, null)),
                 Optional.empty(), 3L, 4L))),
         Arguments.of(
             createRequestJson(new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX),
-                Optional.of(new KeyTransparencyMonitorRequest.E164Monitor(NUMBER, null, COMMITMENT_INDEX)),
+                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX),
+                Optional.of(new KeyTransparencyMonitorRequest.E164Monitor(null, 5, COMMITMENT_INDEX)),
                 Optional.empty(), 3L, 4L))),
         Arguments.of(
             createRequestJson(new KeyTransparencyMonitorRequest(
-                new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX),
-                Optional.of(new KeyTransparencyMonitorRequest.E164Monitor(NUMBER, List.of(5L), null)),
+                new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX),
+                Optional.of(new KeyTransparencyMonitorRequest.E164Monitor(NUMBER, 5, null)),
                 Optional.empty(), 3L, 4L))),
-        // e164Positions list cannot empty
+        // e164Position must be positive
         Arguments.of(createRequestJson(new KeyTransparencyMonitorRequest(
-            new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX),
+            new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX),
             Optional.of(
-                new KeyTransparencyMonitorRequest.E164Monitor(NUMBER, Collections.emptyList(), COMMITMENT_INDEX)),
+                new KeyTransparencyMonitorRequest.E164Monitor(NUMBER, 0, COMMITMENT_INDEX)),
             Optional.empty(), 3L, 4L))),
         // e164 commitment index must be the correct size
         Arguments.of(createRequestJson(new KeyTransparencyMonitorRequest(
-            new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX),
+            new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX),
             Optional.of(
-                new KeyTransparencyMonitorRequest.E164Monitor(NUMBER, List.of(5L), new byte[0])),
+                new KeyTransparencyMonitorRequest.E164Monitor(NUMBER, 5, new byte[0])),
             Optional.empty(), 3L, 4L))),
         Arguments.of(createRequestJson(new KeyTransparencyMonitorRequest(
-            new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX),
+            new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX),
             Optional.of(
-                new KeyTransparencyMonitorRequest.E164Monitor(NUMBER, List.of(5L), new byte[33])),
+                new KeyTransparencyMonitorRequest.E164Monitor(NUMBER, 5, new byte[33])),
             Optional.empty(), 3L, 4L))),
         // lastNonDistinguishedTreeHeadSize must be positive
         Arguments.of(createRequestJson(new KeyTransparencyMonitorRequest(
-            new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX), Optional.empty(),
+            new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX), Optional.empty(),
             Optional.empty(), 0L, 4L))),
         // lastDistinguishedTreeHeadSize must be positive
         Arguments.of(createRequestJson(new KeyTransparencyMonitorRequest(
-            new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(4L), COMMITMENT_INDEX), Optional.empty(),
+            new KeyTransparencyMonitorRequest.AciMonitor(ACI, 4, COMMITMENT_INDEX), Optional.empty(),
             Optional.empty(), 3L, 0L)))
     );
   }
@@ -503,7 +489,7 @@ void monitorRateLimited() {
         .request();
     try (Response response = request.post(
         Entity.json(createRequestJson(
-            new KeyTransparencyMonitorRequest(new KeyTransparencyMonitorRequest.AciMonitor(ACI, List.of(3L), null),
+            new KeyTransparencyMonitorRequest(new KeyTransparencyMonitorRequest.AciMonitor(ACI, 3, null),
                 Optional.empty(), Optional.empty(),
                 3L, 4L))))) {
       assertEquals(429, response.getStatus());