Update gradle

Fixes #1814

.github/workflows/ci.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        java: [ '21', '23' ]
+        java: [ '21', '24' ]
 
     steps:
       - uses: actions/checkout@v4
@@ -30,7 +30,7 @@ jobs:
         with:
           dependency-graph: generate-and-submit
       - name: Install asciidoc
-        run: sudo apt --no-install-recommends install -y asciidoc-base
+        run: sudo apt update && sudo apt --no-install-recommends install -y asciidoc-base
       - name: Build with Gradle
         run: ./gradlew --no-daemon build
       - name: Build man page
@@ -69,3 +69,28 @@ jobs:
         with:
           name: signal-cli-native
           path: build/native/nativeCompile/signal-cli
+
+  build-client:
+    strategy:
+      matrix:
+        os:
+          - ubuntu
+          - macos
+          - windows
+    runs-on: ${{ matrix.os }}-latest
+    defaults:
+      run:
+        working-directory: ./client
+    steps:
+      - uses: actions/checkout@v4
+      - name: Install rust
+        run: rustup default stable
+      - name: Build client
+        run: cargo build --release --verbose
+      - name: Archive production artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: signal-cli-client-${{ matrix.os }}
+          path: |
+            client/target/release/signal-cli-client
+            client/target/release/signal-cli-client.exe

.github/workflows/codeql-analysis.yml

@@ -35,7 +35,7 @@ jobs:
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@v2
+        uses: github/codeql-action/init@v3
         # Override language selection by uncommenting this and choosing your languages
         # with:
         #   languages: go, javascript, csharp, python, cpp, java
@@ -43,7 +43,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@v2
+        uses: github/codeql-action/autobuild@v3
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 https://git.io/JvXDl
@@ -57,4 +57,4 @@ jobs:
       #   make release
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@v2
+        uses: github/codeql-action/analyze@v3

.github/workflows/release.yml

@@ -182,7 +182,7 @@ jobs:
           tar xf ./"${ARCHIVE_DIR}"/*.tar.gz
           rm -r signal-cli-archive-* signal-cli-native
           mkdir -p build/install/
-          mv ./signal-cli-*/ build/install/signal-cli
+          mv ./signal-cli-"${GITHUB_REF_NAME#v}"/ build/install/signal-cli
 
       - name: Build Image
         id: build_image

CHANGELOG.md

@@ -1,5 +1,73 @@
 # Changelog
 
+## [Unreleased]
+
+## [0.13.18] - 2025-07-16
+
+Requires libsignal-client version 0.76.3.
+
+### Added
+
+- Added `--view-once` parameter to send command to send view once images
+
+### Fixed
+
+- Handle rate limit exception correctly when querying usernames
+
+### Improved
+
+- Shut down when dbus daemon connection goes away unexpectedly
+- In daemon mode, exit immediately if account check fails at startup
+- Improve behavior when sending to devices that have no available prekeys
+
+## [0.13.17] - 2025-06-28
+
+Requires libsignal-client version 0.76.0.
+
+### Fixed
+
+- Fix issue when loading an older inactive group
+- Close attachment input streams after upload
+- Fix storage sync behavior with unhandled fields
+
+### Changed
+
+- Improve behavior when pin data doesn't exist on the server
+
+## [0.13.16] - 2025-06-07
+
+Requires libsignal-client version 0.73.2.
+
+### Changed
+
+- Ensure every sent message gets a unique timestamp
+
+## [0.13.15] - 2025-05-08
+
+Requires libsignal-client version 0.70.0.
+
+### Fixed
+
+- Fix native access warning with Java 24
+- Fix storage sync loop due to old removed e164 field
+
+### Changed
+
+- Increased compatibility of native build with older/virtual CPUs
+
+## [0.13.14] - 2025-04-06
+
+Requires libsignal-client version 0.68.1.
+
+### Fixed
+
+- Fix pre key import from old data files
+
+### Changed
+
+- Use websocket connection instead of HTTP for more requests
+- Improve handling of messages with decryption error
+
 ## [0.13.13] - 2025-02-28
 
 Requires libsignal-client version 0.66.2.

README.md

@@ -83,6 +83,12 @@ of all country codes.)
      signal-cli -a ACCOUNT send -m "This is a message" RECIPIENT
      ```
 
+* Send a message to a username, usernames need to be prefixed with `u:`
+
+     ```sh
+     signal-cli -a ACCOUNT send -m "This is a message" u:USERNAME.000
+     ```
+
 * Pipe the message content from another process.
 
       uname -a | signal-cli -a ACCOUNT send --message-from-stdin RECIPIENT

build.gradle.kts

@@ -3,12 +3,12 @@ plugins {
     application
     eclipse
     `check-lib-versions`
-    id("org.graalvm.buildtools.native") version "0.10.5"
+    id("org.graalvm.buildtools.native") version "0.10.6"
 }
 
 allprojects {
     group = "org.asamk"
-    version = "0.13.13"
+    version = "0.13.19-SNAPSHOT"
 }
 
 java {
@@ -24,6 +24,7 @@ java {
 
 application {
     mainClass.set("org.asamk.signal.Main")
+    applicationDefaultJvmArgs = listOf("--enable-native-access=ALL-UNNAMED")
 }
 
 graalvmNative {
@@ -32,6 +33,7 @@ graalvmNative {
             buildArgs.add("--install-exit-handlers")
             buildArgs.add("-Dfile.encoding=UTF-8")
             buildArgs.add("-J-Dfile.encoding=UTF-8")
+            buildArgs.add("-march=compatibility")
             resources.autodetect()
             configurationFileDirectories.from(file("graalvm-config-dir"))
             if (System.getenv("GRAALVM_HOME") == null) {
@@ -46,7 +48,41 @@ graalvmNative {
     }
 }
 
+val artifactType = Attribute.of("artifactType", String::class.java)
+val minified = Attribute.of("minified", Boolean::class.javaObjectType)
 dependencies {
+    attributesSchema {
+        attribute(minified)
+    }
+    artifactTypes.getByName("jar") {
+        attributes.attribute(minified, false)
+    }
+}
+
+configurations.runtimeClasspath.configure {
+    attributes {
+        attribute(minified, true)
+    }
+}
+val excludePatterns = mapOf(
+    "libsignal-client" to setOf(
+        "libsignal_jni_testing_amd64.so",
+        "signal_jni_testing_amd64.dll",
+        "libsignal_jni_testing_amd64.dylib",
+        "libsignal_jni_testing_aarch64.dylib",
+    )
+)
+
+dependencies {
+    registerTransform(JarFileExcluder::class) {
+        from.attribute(minified, false).attribute(artifactType, "jar")
+        to.attribute(minified, true).attribute(artifactType, "jar")
+
+        parameters {
+            excludeFilesByArtifact = excludePatterns
+        }
+    }
+
     implementation(libs.bouncycastle)
     implementation(libs.jackson.databind)
     implementation(libs.argparse4j)
@@ -78,12 +114,13 @@ tasks.withType<Jar> {
         attributes(
             "Implementation-Title" to project.name,
             "Implementation-Version" to project.version,
-            "Main-Class" to application.mainClass.get()
+            "Main-Class" to application.mainClass.get(),
+            "Enable-Native-Access" to "ALL-UNNAMED",
         )
     }
 }
 
-task("fatJar", type = Jar::class) {
+tasks.register("fatJar", type = Jar::class) {
     archiveBaseName.set("${project.name}-fat")
     exclude(
         "META-INF/*.SF",
@@ -92,9 +129,11 @@ task("fatJar", type = Jar::class) {
         "META-INF/NOTICE*",
         "META-INF/LICENSE*",
         "META-INF/INDEX.LIST",
-        "**/module-info.class"
+        "**/module-info.class",
     )
     duplicatesStrategy = DuplicatesStrategy.WARN
-    from(configurations.runtimeClasspath.get().map { if (it.isDirectory) it else zipTree(it) })
+    doFirst {
+        from(configurations.runtimeClasspath.get().map { if (it.isDirectory) it else zipTree(it) })
+    }
     with(tasks.jar.get())
 }

buildSrc/src/main/kotlin/CheckLibVersionsPlugin.kt

@@ -1,12 +1,10 @@
 @file:Suppress("DEPRECATION")
 
-import groovy.util.XmlSlurper
-import groovy.util.slurpersupport.GPathResult
-import org.codehaus.groovy.runtime.ResourceGroovyMethods
 import org.gradle.api.Plugin
 import org.gradle.api.Project
 import org.gradle.api.Task
 import org.gradle.api.artifacts.Dependency
+import javax.xml.parsers.DocumentBuilderFactory
 
 class CheckLibVersionsPlugin : Plugin<Project> {
     override fun apply(project: Project) {
@@ -28,10 +26,10 @@ class CheckLibVersionsPlugin : Plugin<Project> {
         val name = dependency.name
         val metaDataUrl = "https://repo1.maven.org/maven2/$path/$name/maven-metadata.xml"
         try {
-            val url = ResourceGroovyMethods.toURL(metaDataUrl)
+            val dbf = DocumentBuilderFactory.newInstance()
-            val metaDataText = ResourceGroovyMethods.getText(url)
+            val db = dbf.newDocumentBuilder()
-            val metadata = XmlSlurper().parseText(metaDataText)
+            val doc = db.parse(metaDataUrl);
-            val newest = (metadata.getProperty("versioning") as GPathResult).getProperty("latest")
+            val newest = doc.getElementsByTagName("latest").item(0).textContent
             if (version != newest.toString()) {
                 println("UPGRADE {\"group\": \"$group\", \"name\": \"$name\", \"current\": \"$version\", \"latest\": \"$newest\"}")
             }

buildSrc/src/main/kotlin/ExcludeFileFromJar.kt

@@ -0,0 +1,53 @@
+import org.gradle.api.artifacts.transform.*
+import org.gradle.api.file.FileSystemLocation
+import org.gradle.api.provider.Provider
+import org.gradle.api.tasks.Input
+import org.gradle.api.tasks.PathSensitive
+import org.gradle.api.tasks.PathSensitivity
+import java.io.File
+import java.io.FileInputStream
+import java.io.FileOutputStream
+import java.util.zip.ZipInputStream
+import java.util.zip.ZipOutputStream
+
+@CacheableTransform
+abstract class JarFileExcluder : TransformAction<JarFileExcluder.Parameters> {
+    interface Parameters : TransformParameters {
+        @get:Input
+        var excludeFilesByArtifact: Map<String, Set<String>>
+    }
+
+    @get:PathSensitive(PathSensitivity.NAME_ONLY)
+    @get:InputArtifact
+    abstract val inputArtifact: Provider<FileSystemLocation>
+
+    override
+    fun transform(outputs: TransformOutputs) {
+        val fileName = inputArtifact.get().asFile.name
+        for (entry in parameters.excludeFilesByArtifact) {
+            if (fileName.startsWith(entry.key)) {
+                val nameWithoutExtension = fileName.substring(0, fileName.lastIndexOf("."))
+                excludeFiles(inputArtifact.get().asFile, entry.value, outputs.file("${nameWithoutExtension}.jar"))
+                return
+            }
+        }
+        outputs.file(inputArtifact)
+    }
+
+    private fun excludeFiles(artifact: File, excludeFiles: Set<String>, jarFile: File) {
+        ZipInputStream(FileInputStream(artifact)).use { input ->
+            ZipOutputStream(FileOutputStream(jarFile)).use { output ->
+                var entry = input.nextEntry
+                while (entry != null) {
+                    if (!excludeFiles.contains(entry.name)) {
+                        output.putNextEntry(entry)
+                        input.copyTo(output)
+                        output.closeEntry()
+                    }
+
+                    entry = input.nextEntry
+                }
+            }
+        }
+    }
+}

client/Cargo.toml

@@ -1,18 +1,17 @@
 [package]
 name = "signal-cli-client"
 version = "0.0.1"
-edition = "2021"
+edition = "2024"
 
 # See more keys and their definitions at https://doc.rust-lang.org/cargo/reference/manifest.html
 
 [dependencies]
 anyhow = "1"
 clap = { version = "4", features = ["cargo", "derive", "wrap_help"] }
-log = "0.4"
 serde = "1"
 serde_json = "1"
 tokio = { version = "1", features = ["rt", "macros", "net", "rt-multi-thread"] }
-jsonrpsee = { version = "0.24", features = [
+jsonrpsee = { version = "0.25", features = [
     "macros",
     "async-client",
     "http-client",

client/src/cli.rs

@@ -15,6 +15,7 @@ pub struct Cli {
     pub json_rpc_tcp: Option<Option<SocketAddr>>,
 
     /// UNIX socket address and port of signal-cli daemon
+    #[cfg(unix)]
     #[arg(long, conflicts_with = "json_rpc_tcp")]
     pub json_rpc_socket: Option<Option<OsString>>,
 
@@ -84,6 +85,8 @@ pub enum CliCommands {
     },
     GetUserStatus {
         recipient: Vec<String>,
+        #[arg(long)]
+        username: Vec<String>,
     },
     JoinGroup {
         #[arg(long)]
@@ -176,6 +179,9 @@ pub enum CliCommands {
         #[arg(short = 'a', long)]
         attachment: Vec<String>,
 
+        #[arg(long)]
+        view_once: bool,
+
         #[arg(long)]
         mention: Vec<String>,
 

client/src/jsonrpc.rs

@@ -70,6 +70,7 @@ pub trait Rpc {
         &self,
         account: Option<String>,
         recipients: Vec<String>,
+        usernames: Vec<String>,
     ) -> Result<Value, ErrorObjectOwned>;
 
     #[method(name = "joinGroup", param_kind = map)]
@@ -182,6 +183,7 @@ pub trait Rpc {
         endSession: bool,
         message: String,
         attachments: Vec<String>,
+        viewOnce: bool,
         mentions: Vec<String>,
         textStyle: Vec<String>,
         quoteTimestamp: Option<u64>,
@@ -190,10 +192,10 @@ pub trait Rpc {
         quoteMention: Vec<String>,
         quoteTextStyle: Vec<String>,
         quoteAttachment: Vec<String>,
-        preview_url: Option<String>,
+        previewUrl: Option<String>,
-        preview_title: Option<String>,
+        previewTitle: Option<String>,
-        preview_description: Option<String>,
+        previewDescription: Option<String>,
-        preview_image: Option<String>,
+        previewImage: Option<String>,
         sticker: Option<String>,
         storyTimestamp: Option<u64>,
         storyAuthor: Option<String>,
@@ -409,6 +411,7 @@ pub async fn connect_tcp(
     Ok(ClientBuilder::default().build_with_tokio(sender, receiver))
 }
 
+#[cfg(unix)]
 pub async fn connect_unix(
     socket_path: impl AsRef<Path>,
 ) -> Result<impl SubscriptionClientT, std::io::Error> {
@@ -417,6 +420,6 @@ pub async fn connect_unix(
     Ok(ClientBuilder::default().build_with_tokio(sender, receiver))
 }
 
-pub async fn connect_http(uri: &str) -> Result<impl SubscriptionClientT, Error> {
+pub async fn connect_http(uri: &str) -> Result<impl SubscriptionClientT + use<>, Error> {
     HttpClientBuilder::default().build(uri)
 }

client/src/main.rs

@@ -60,8 +60,13 @@ async fn handle_command(
                 .delete_local_account_data(cli.account, ignore_registered)
                 .await
         }
-        CliCommands::GetUserStatus { recipient } => {
+        CliCommands::GetUserStatus {
-            client.get_user_status(cli.account, recipient).await
+            recipient,
+            username,
+        } => {
+            client
+                .get_user_status(cli.account, recipient, username)
+                .await
         }
         CliCommands::JoinGroup { uri } => client.join_group(cli.account, uri).await,
         CliCommands::Link { name } => {
@@ -70,7 +75,7 @@ async fn handle_command(
                 .await
                 .map_err(|e| RpcError::Custom(format!("JSON-RPC command startLink failed: {e:?}")))?
                 .device_link_uri;
-            println!("{}", url);
+            println!("{url}");
             client.finish_link(url, name).await
         }
         CliCommands::ListAccounts => client.list_accounts().await,
@@ -139,6 +144,7 @@ async fn handle_command(
             end_session,
             message,
             attachment,
+            view_once,
             mention,
             text_style,
             quote_timestamp,
@@ -165,6 +171,7 @@ async fn handle_command(
                     end_session,
                     message.unwrap_or_default(),
                     attachment,
+                    view_once,
                     mention,
                     text_style,
                     quote_timestamp,
@@ -477,23 +484,30 @@ async fn connect(cli: Cli) -> Result<Value, RpcError> {
 
         handle_command(cli, client).await
     } else {
-        let socket_path = cli
+        #[cfg(windows)]
-            .json_rpc_socket
+        {
-            .clone()
+            Err(RpcError::Custom("Invalid socket".into()))
-            .unwrap_or(None)
+        }
-            .or_else(|| {
+        #[cfg(unix)]
-                std::env::var_os("XDG_RUNTIME_DIR").map(|runtime_dir| {
+        {
-                    PathBuf::from(runtime_dir)
+            let socket_path = cli
-                        .join(DEFAULT_SOCKET_SUFFIX)
+                .json_rpc_socket
-                        .into()
+                .clone()
+                .unwrap_or(None)
+                .or_else(|| {
+                    std::env::var_os("XDG_RUNTIME_DIR").map(|runtime_dir| {
+                        PathBuf::from(runtime_dir)
+                            .join(DEFAULT_SOCKET_SUFFIX)
+                            .into()
+                    })
                 })
-            })
+                .unwrap_or_else(|| ("/run".to_owned() + DEFAULT_SOCKET_SUFFIX).into());
-            .unwrap_or_else(|| ("/run".to_owned() + DEFAULT_SOCKET_SUFFIX).into());
+            let client = jsonrpc::connect_unix(socket_path)
-        let client = jsonrpc::connect_unix(socket_path)
+                .await
-            .await
+                .map_err(|e| RpcError::Custom(format!("Failed to connect to socket: {e}")))?;
-            .map_err(|e| RpcError::Custom(format!("Failed to connect to socket: {e}")))?;
 
-        handle_command(cli, client).await
+            handle_command(cli, client).await
+        }
     }
 }
 

client/src/transports/mod.rs

@@ -1,10 +1,8 @@
 use futures_util::{stream::StreamExt, Sink, SinkExt, Stream};
-use jsonrpsee::core::{
+use jsonrpsee::core::client::{ReceivedMessage, TransportReceiverT, TransportSenderT};
-    async_trait,
-    client::{ReceivedMessage, TransportReceiverT, TransportSenderT},
-};
 use thiserror::Error;
 
+#[cfg(unix)]
 pub mod ipc;
 mod stream_codec;
 pub mod tcp;
@@ -21,7 +19,6 @@ struct Sender<T: Send + Sink<String>> {
     inner: T,
 }
 
-#[async_trait]
 impl<T: Send + Sink<String, Error = impl std::error::Error> + Unpin + 'static> TransportSenderT
     for Sender<T>
 {
@@ -31,7 +28,7 @@ impl<T: Send + Sink<String, Error = impl std::error::Error> + Unpin + 'static> T
         self.inner
             .send(body)
             .await
-            .map_err(|e| Errors::Other(format!("{:?}", e)))?;
+            .map_err(|e| Errors::Other(format!("{e:?}")))?;
         Ok(())
     }
 
@@ -39,7 +36,7 @@ impl<T: Send + Sink<String, Error = impl std::error::Error> + Unpin + 'static> T
         self.inner
             .close()
             .await
-            .map_err(|e| Errors::Other(format!("{:?}", e)))?;
+            .map_err(|e| Errors::Other(format!("{e:?}")))?;
         Ok(())
     }
 }
@@ -48,7 +45,6 @@ struct Receiver<T: Send + Stream> {
     inner: T,
 }
 
-#[async_trait]
 impl<T: Send + Stream<Item = Result<String, std::io::Error>> + Unpin + 'static> TransportReceiverT
     for Receiver<T>
 {
@@ -58,7 +54,7 @@ impl<T: Send + Stream<Item = Result<String, std::io::Error>> + Unpin + 'static>
         match self.inner.next().await {
             None => Err(Errors::Closed),
             Some(Ok(msg)) => Ok(ReceivedMessage::Text(msg)),
-            Some(Err(e)) => Err(Errors::Other(format!("{:?}", e))),
+            Some(Err(e)) => Err(Errors::Other(format!("{e:?}"))),
         }
     }
 }

client/src/transports/stream_codec.rs

@@ -41,7 +41,7 @@ impl Decoder for StreamCodec {
 
             match str::from_utf8(line.as_ref()) {
                 Ok(s) => Ok(Some(s.to_string())),
-                Err(_) => Err(io::Error::new(io::ErrorKind::Other, "invalid UTF-8")),
+                Err(_) => Err(io::Error::other("invalid UTF-8")),
             }
         } else {
             Ok(None)

data/org.asamk.SignalCli.metainfo.xml

@@ -45,6 +45,21 @@
         <content_attribute id="social-chat">intense</content_attribute>
     </content_rating>
     <releases>
+        <release version="0.13.18" date="2025-07-16">
+            <url type="details">https://github.com/AsamK/signal-cli/releases/tag/v0.13.18</url>
+        </release>
+        <release version="0.13.17" date="2025-06-28">
+            <url type="details">https://github.com/AsamK/signal-cli/releases/tag/v0.13.17</url>
+        </release>
+        <release version="0.13.16" date="2025-06-07">
+            <url type="details">https://github.com/AsamK/signal-cli/releases/tag/v0.13.16</url>
+        </release>
+        <release version="0.13.15" date="2025-05-08">
+            <url type="details">https://github.com/AsamK/signal-cli/releases/tag/v0.13.15</url>
+        </release>
+        <release version="0.13.14" date="2025-04-06">
+            <url type="details">https://github.com/AsamK/signal-cli/releases/tag/v0.13.14</url>
+        </release>
         <release version="0.13.13" date="2025-02-28">
             <url type="details">https://github.com/AsamK/signal-cli/releases/tag/v0.13.13</url>
         </release>

graalvm-config-dir/jni-config.json

@@ -27,6 +27,10 @@
 {
   "name":"java.lang.ClassNotFoundException"
 },
+{
+  "name":"java.lang.Enum",
+  "methods":[{"name":"ordinal","parameterTypes":[] }]
+},
 {
   "name":"java.lang.IllegalArgumentException",
   "methods":[{"name":"<init>","parameterTypes":["java.lang.String"] }]
@@ -48,9 +52,13 @@
 {
   "name":"java.lang.String"
 },
+{
+  "name":"java.lang.Thread",
+  "methods":[{"name":"currentThread","parameterTypes":[] }, {"name":"getStackTrace","parameterTypes":[] }]
+},
 {
   "name":"java.lang.Throwable",
-  "methods":[{"name":"getMessage","parameterTypes":[] }, {"name":"toString","parameterTypes":[] }]
+  "methods":[{"name":"getMessage","parameterTypes":[] }, {"name":"setStackTrace","parameterTypes":["java.lang.StackTraceElement[]"] }, {"name":"toString","parameterTypes":[] }]
 },
 {
   "name":"java.lang.UnsatisfiedLinkError",
@@ -88,7 +96,11 @@
 },
 {
   "name":"org.signal.libsignal.internal.CompletableFuture",
-  "methods":[{"name":"<init>","parameterTypes":[] }, {"name":"complete","parameterTypes":["java.lang.Object"] }, {"name":"completeExceptionally","parameterTypes":["java.lang.Throwable"] }]
+  "methods":[{"name":"<init>","parameterTypes":[] }, {"name":"complete","parameterTypes":["java.lang.Object"] }, {"name":"completeExceptionally","parameterTypes":["java.lang.Throwable"] }, {"name":"setCancellationId","parameterTypes":["long"] }]
+},
+{
+  "name":"org.signal.libsignal.internal.NativeHandleGuard$SimpleOwner",
+  "methods":[{"name":"unsafeNativeHandleWithoutGuard","parameterTypes":[] }]
 },
 {
   "name":"org.signal.libsignal.net.CdsiLookupResponse",
@@ -114,6 +126,10 @@
   "name":"org.signal.libsignal.net.NetworkException",
   "methods":[{"name":"<init>","parameterTypes":["java.lang.String"] }]
 },
+{
+  "name":"org.signal.libsignal.net.RetryLaterException",
+  "methods":[{"name":"<init>","parameterTypes":["long"] }]
+},
 {
   "name":"org.signal.libsignal.protocol.DuplicateMessageException",
   "methods":[{"name":"<init>","parameterTypes":["java.lang.String"] }]
@@ -191,6 +207,9 @@
   "name":"org.signal.libsignal.protocol.state.IdentityKeyStore$Direction",
   "fields":[{"name":"RECEIVING"}, {"name":"SENDING"}]
 },
+{
+  "name":"org.signal.libsignal.protocol.state.IdentityKeyStore$IdentityChange"
+},
 {
   "name":"org.signal.libsignal.protocol.state.KyberPreKeyRecord",
   "fields":[{"name":"unsafeHandle"}]

graalvm-config-dir/reflect-config.json

@@ -39,6 +39,9 @@
 {
   "name":"[Ljava.sql.Statement;"
 },
+{
+  "name":"[Lorg.asamk.signal.commands.ListStickerPacksCommand$JsonStickerPack$JsonSticker;"
+},
 {
   "name":"[Lorg.asamk.signal.json.JsonAttachment;"
 },
@@ -668,6 +671,10 @@
 {
   "name":"long[]"
 },
+{
+  "name":"okhttp3.internal.connection.RealConnectionPool",
+  "fields":[{"name":"addressStates"}]
+},
 {
   "name":"okio.BufferedSink"
 },
@@ -1406,6 +1413,12 @@
   "name":"org.asamk.signal.manager.storage.profiles.LegacyProfileStore$ProfileStoreDeserializer",
   "methods":[{"name":"<init>","parameterTypes":[] }]
 },
+{
+  "name":"org.asamk.signal.manager.storage.profiles.LegacySignalProfile",
+  "allDeclaredFields":true,
+  "allDeclaredMethods":true,
+  "allDeclaredConstructors":true
+},
 {
   "name":"org.asamk.signal.manager.storage.profiles.LegacySignalProfileEntry",
   "allDeclaredFields":true,
@@ -1617,6 +1630,10 @@
   "name":"org.bouncycastle.jcajce.provider.asymmetric.NTRU$Mappings",
   "methods":[{"name":"<init>","parameterTypes":[] }]
 },
+{
+  "name":"org.bouncycastle.jcajce.provider.asymmetric.NoSig$Mappings",
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
 {
   "name":"org.bouncycastle.jcajce.provider.asymmetric.RSA$Mappings",
   "methods":[{"name":"<init>","parameterTypes":[] }]
@@ -2302,7 +2319,7 @@
   "allDeclaredFields":true,
   "allDeclaredMethods":true,
   "allDeclaredConstructors":true,
-  "methods":[{"name":"getAnnouncementGroup","parameterTypes":[] }, {"name":"getChangeNumber","parameterTypes":[] }, {"name":"getDeleteSync","parameterTypes":[] }, {"name":"getGiftBadges","parameterTypes":[] }, {"name":"getPaymentActivation","parameterTypes":[] }, {"name":"getPni","parameterTypes":[] }, {"name":"getSenderKey","parameterTypes":[] }, {"name":"getStorage","parameterTypes":[] }, {"name":"getStorageServiceEncryptionV2","parameterTypes":[] }, {"name":"getStories","parameterTypes":[] }, {"name":"getVersionedExpirationTimer","parameterTypes":[] }]
+  "methods":[{"name":"getAnnouncementGroup","parameterTypes":[] }, {"name":"getAttachmentBackfill","parameterTypes":[] }, {"name":"getChangeNumber","parameterTypes":[] }, {"name":"getDeleteSync","parameterTypes":[] }, {"name":"getGiftBadges","parameterTypes":[] }, {"name":"getPaymentActivation","parameterTypes":[] }, {"name":"getPni","parameterTypes":[] }, {"name":"getSenderKey","parameterTypes":[] }, {"name":"getStorage","parameterTypes":[] }, {"name":"getStorageServiceEncryptionV2","parameterTypes":[] }, {"name":"getStories","parameterTypes":[] }, {"name":"getVersionedExpirationTimer","parameterTypes":[] }]
 },
 {
   "name":"org.whispersystems.signalservice.api.account.ChangePhoneNumberRequest",
@@ -2329,6 +2346,13 @@
 {
   "name":"org.whispersystems.signalservice.api.groupsv2.TemporalCredential[]"
 },
+{
+  "name":"org.whispersystems.signalservice.api.keys.OneTimePreKeyCounts",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true,
+  "queryAllDeclaredConstructors":true,
+  "methods":[{"name":"<init>","parameterTypes":[] }]
+},
 {
   "name":"org.whispersystems.signalservice.api.link.LinkedDeviceVerificationCodeResponse",
   "allDeclaredFields":true,
@@ -2396,7 +2420,14 @@
   "name":"org.whispersystems.signalservice.api.profiles.SignalServiceProfileWrite",
   "allDeclaredFields":true,
   "allDeclaredMethods":true,
-  "allDeclaredConstructors":true
+  "allDeclaredConstructors":true,
+  "methods":[{"name":"<init>","parameterTypes":["java.lang.String","byte[]","byte[]","byte[]","byte[]","byte[]","boolean","boolean","byte[]","java.util.List"] }, {"name":"getAbout","parameterTypes":[] }, {"name":"getAboutEmoji","parameterTypes":[] }, {"name":"getAvatar","parameterTypes":[] }, {"name":"getBadgeIds","parameterTypes":[] }, {"name":"getCommitment","parameterTypes":[] }, {"name":"getName","parameterTypes":[] }, {"name":"getPaymentAddress","parameterTypes":[] }, {"name":"getPhoneNumberSharing","parameterTypes":[] }, {"name":"getSameAvatar","parameterTypes":[] }, {"name":"getVersion","parameterTypes":[] }]
+},
+{
+  "name":"org.whispersystems.signalservice.api.provisioning.ProvisioningMessage",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true,
+  "queryAllDeclaredConstructors":true
 },
 {
   "name":"org.whispersystems.signalservice.api.push.ServiceId",
@@ -2441,6 +2472,12 @@
   "queryAllDeclaredConstructors":true,
   "methods":[{"name":"<init>","parameterTypes":["java.lang.String","java.lang.String"] }]
 },
+{
+  "name":"org.whispersystems.signalservice.api.ratelimit.SubmitRecaptchaChallengePayload",
+  "allDeclaredFields":true,
+  "queryAllDeclaredMethods":true,
+  "queryAllDeclaredConstructors":true
+},
 {
   "name":"org.whispersystems.signalservice.api.storage.StorageAuthResponse",
   "allDeclaredFields":true,
@@ -2967,6 +3004,9 @@
   "allDeclaredFields":true,
   "methods":[{"name":"adapter","parameterTypes":[] }, {"name":"unknownFields","parameterTypes":[] }]
 },
+{
+  "name":"org.whispersystems.signalservice.internal.storage.protos.AccountRecord$BackupTierHistory"
+},
 {
   "name":"org.whispersystems.signalservice.internal.storage.protos.AccountRecord$Builder"
 },
@@ -2976,6 +3016,9 @@
 {
   "name":"org.whispersystems.signalservice.internal.storage.protos.AccountRecord$IAPSubscriberData"
 },
+{
+  "name":"org.whispersystems.signalservice.internal.storage.protos.AccountRecord$NotificationProfileManualOverride"
+},
 {
   "name":"org.whispersystems.signalservice.internal.storage.protos.AccountRecord$PhoneNumberSharingMode"
 },
@@ -2991,6 +3034,9 @@
   "name":"org.whispersystems.signalservice.internal.storage.protos.AccountRecord$UsernameLink",
   "allDeclaredFields":true
 },
+{
+  "name":"org.whispersystems.signalservice.internal.storage.protos.AvatarColor"
+},
 {
   "name":"org.whispersystems.signalservice.internal.storage.protos.ContactRecord",
   "allDeclaredFields":true,
@@ -3024,6 +3070,7 @@
 {
   "name":"org.whispersystems.signalservice.internal.storage.protos.GroupV2Record",
   "allDeclaredFields":true,
+  "fields":[{"name":"archived"}, {"name":"avatarColor"}, {"name":"blocked"}, {"name":"dontNotifyForMentionsIfMuted"}, {"name":"hideStory"}, {"name":"markedUnread"}, {"name":"masterKey"}, {"name":"mutedUntilTimestamp"}, {"name":"storySendMode"}, {"name":"whitelisted"}],
   "methods":[{"name":"adapter","parameterTypes":[] }, {"name":"unknownFields","parameterTypes":[] }]
 },
 {

graalvm-config-dir/resource-config.json

@@ -188,8 +188,6 @@
     "pattern":"\\Qlibsignal_jni_amd64.dylib\\E"
   }, {
     "pattern":"\\Qlibsignal_jni_amd64.so\\E"
-  }, {
-    "pattern":"\\Qlibsignal_jni_testing_amd64.so\\E"
   }, {
     "pattern":"\\Qorg/asamk/signal/manager/config/ias.store\\E"
   }, {

gradle/libs.versions.toml

@@ -2,16 +2,16 @@
 slf4j = "2.0.17"
 
 [libraries]
-bouncycastle = "org.bouncycastle:bcprov-jdk18on:1.80"
+bouncycastle = "org.bouncycastle:bcprov-jdk18on:1.81"
-jackson-databind = "com.fasterxml.jackson.core:jackson-databind:2.18.2"
+jackson-databind = "com.fasterxml.jackson.core:jackson-databind:2.19.1"
 argparse4j = "net.sourceforge.argparse4j:argparse4j:0.9.0"
 dbusjava = "com.github.hypfvieh:dbus-java-transport-native-unixsocket:5.0.0"
 slf4j-api = { module = "org.slf4j:slf4j-api", version.ref = "slf4j" }
 slf4j-jul = { module = "org.slf4j:jul-to-slf4j", version.ref = "slf4j" }
-logback = "ch.qos.logback:logback-classic:1.5.17"
+logback = "ch.qos.logback:logback-classic:1.5.18"
 
-signalservice = "com.github.turasa:signal-service-java:2.15.3_unofficial_118"
+signalservice = "com.github.turasa:signal-service-java:2.15.3_unofficial_127"
-sqlite = "org.xerial:sqlite-jdbc:3.49.1.0"
+sqlite = "org.xerial:sqlite-jdbc:3.50.2.0"
-hikari = "com.zaxxer:HikariCP:6.2.1"
+hikari = "com.zaxxer:HikariCP:6.3.0"
-junit-jupiter = "org.junit.jupiter:junit-jupiter:5.12.0"
+junit-jupiter = "org.junit.jupiter:junit-jupiter:5.13.2"
-junit-launcher = "org.junit.platform:junit-platform-launcher:1.12.0"
+junit-launcher = "org.junit.platform:junit-platform-launcher:1.13.2"

gradle/wrapper/gradle-wrapper.properties

@@ -1,6 +1,6 @@
 distributionBase=GRADLE_USER_HOME
 distributionPath=wrapper/dists
-distributionUrl=https\://services.gradle.org/distributions/gradle-8.12-bin.zip
+distributionUrl=https\://services.gradle.org/distributions/gradle-9.0.0-bin.zip
 networkTimeout=10000
 validateDistributionUrl=true
 zipStoreBase=GRADLE_USER_HOME

gradlew

@@ -1,7 +1,7 @@
 #!/bin/sh
 
 #
-# Copyright © 2015-2021 the original authors.
+# Copyright © 2015 the original authors.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
@@ -114,7 +114,7 @@ case "$( uname )" in                #(
   NONSTOP* )        nonstop=true ;;
 esac
 
-CLASSPATH=$APP_HOME/gradle/wrapper/gradle-wrapper.jar
+CLASSPATH="\\\"\\\""
 
 
 # Determine the Java command to use to start the JVM.
@@ -205,7 +205,7 @@ fi
 DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 
 # Collect all arguments for the java command:
-#   * DEFAULT_JVM_OPTS, JAVA_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
+#   * DEFAULT_JVM_OPTS, JAVA_OPTS, and optsEnvironmentVar are not allowed to contain shell fragments,
 #     and any embedded shellness will be escaped.
 #   * For example: A user cannot expect ${Hostname} to be expanded, as it is an environment variable and will be
 #     treated as '${Hostname}' itself on the command line.
@@ -213,7 +213,7 @@ DEFAULT_JVM_OPTS='"-Xmx64m" "-Xms64m"'
 set -- \
         "-Dorg.gradle.appname=$APP_BASE_NAME" \
         -classpath "$CLASSPATH" \
-        org.gradle.wrapper.GradleWrapperMain \
+        -jar "$APP_HOME/gradle/wrapper/gradle-wrapper.jar" \
         "$@"
 
 # Stop when "xargs" is not available.

gradlew.bat

@@ -70,11 +70,11 @@ goto fail
 :execute
 @rem Setup the command line
 
-set CLASSPATH=%APP_HOME%\gradle\wrapper\gradle-wrapper.jar
+set CLASSPATH=
 
 
 @rem Execute Gradle
-"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" org.gradle.wrapper.GradleWrapperMain %*
+"%JAVA_EXE%" %DEFAULT_JVM_OPTS% %JAVA_OPTS% %GRADLE_OPTS% "-Dorg.gradle.appname=%APP_BASE_NAME%" -classpath "%CLASSPATH%" -jar "%APP_HOME%\gradle\wrapper\gradle-wrapper.jar" %*
 
 :end
 @rem End local scope for the variables with windows NT shell

lib/src/main/java/org/asamk/signal/manager/Manager.java

@@ -1,5 +1,7 @@
 package org.asamk.signal.manager;
 
+import com.google.i18n.phonenumbers.PhoneNumberUtil;
+
 import org.asamk.signal.manager.api.AlreadyReceivingException;
 import org.asamk.signal.manager.api.AttachmentInvalidException;
 import org.asamk.signal.manager.api.CaptchaRejectedException;
@@ -28,6 +30,7 @@ import org.asamk.signal.manager.api.NotAGroupMemberException;
 import org.asamk.signal.manager.api.NotPrimaryDeviceException;
 import org.asamk.signal.manager.api.Pair;
 import org.asamk.signal.manager.api.PendingAdminApprovalException;
+import org.asamk.signal.manager.api.PinLockMissingException;
 import org.asamk.signal.manager.api.PinLockedException;
 import org.asamk.signal.manager.api.RateLimitException;
 import org.asamk.signal.manager.api.ReceiveConfig;
@@ -49,7 +52,6 @@ import org.asamk.signal.manager.api.UsernameStatus;
 import org.asamk.signal.manager.api.VerificationMethodNotAvailableException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.whispersystems.signalservice.api.util.PhoneNumberFormatter;
 
 import java.io.Closeable;
 import java.io.File;
@@ -65,7 +67,7 @@ import java.util.Set;
 public interface Manager extends Closeable {
 
     static boolean isValidNumber(final String e164Number, final String countryCode) {
-        return PhoneNumberFormatter.isValidNumber(e164Number, countryCode);
+        return PhoneNumberUtil.getInstance().isPossibleNumber(e164Number, countryCode);
     }
 
     static boolean isSignalClientAvailable() {
@@ -94,7 +96,7 @@ public interface Manager extends Closeable {
      */
     Map<String, UserStatus> getUserStatus(Set<String> numbers) throws IOException, RateLimitException;
 
-    Map<String, UsernameStatus> getUsernameStatus(Set<String> usernames);
+    Map<String, UsernameStatus> getUsernameStatus(Set<String> usernames) throws IOException;
 
     void updateAccountAttributes(
             String deviceName,
@@ -139,7 +141,7 @@ public interface Manager extends Closeable {
             String newNumber,
             String verificationCode,
             String pin
-    ) throws IncorrectPinException, PinLockedException, IOException, NotPrimaryDeviceException;
+    ) throws IncorrectPinException, PinLockedException, IOException, NotPrimaryDeviceException, PinLockMissingException;
 
     void unregister() throws IOException;
 

lib/src/main/java/org/asamk/signal/manager/RegistrationManager.java

@@ -3,6 +3,7 @@ package org.asamk.signal.manager;
 import org.asamk.signal.manager.api.CaptchaRequiredException;
 import org.asamk.signal.manager.api.IncorrectPinException;
 import org.asamk.signal.manager.api.NonNormalizedPhoneNumberException;
+import org.asamk.signal.manager.api.PinLockMissingException;
 import org.asamk.signal.manager.api.PinLockedException;
 import org.asamk.signal.manager.api.RateLimitException;
 import org.asamk.signal.manager.api.VerificationMethodNotAvailableException;
@@ -21,7 +22,7 @@ public interface RegistrationManager extends Closeable {
     void verifyAccount(
             String verificationCode,
             String pin
-    ) throws IOException, PinLockedException, IncorrectPinException;
+    ) throws IOException, PinLockedException, IncorrectPinException, PinLockMissingException;
 
     void deleteLocalAccountData() throws IOException;
 

lib/src/main/java/org/asamk/signal/manager/SignalAccountFiles.java

@@ -2,6 +2,7 @@ package org.asamk.signal.manager;
 
 import org.asamk.signal.manager.api.AccountCheckException;
 import org.asamk.signal.manager.api.NotRegisteredException;
+import org.asamk.signal.manager.api.Pair;
 import org.asamk.signal.manager.api.ServiceEnvironment;
 import org.asamk.signal.manager.config.ServiceConfig;
 import org.asamk.signal.manager.config.ServiceEnvironmentConfig;
@@ -63,19 +64,28 @@ public class SignalAccountFiles {
         return accountsStore.getAllNumbers();
     }
 
-    public MultiAccountManager initMultiAccountManager() throws IOException {
+    public MultiAccountManager initMultiAccountManager() throws IOException, AccountCheckException {
-        final var managers = accountsStore.getAllAccounts().parallelStream().map(a -> {
+        final var managerPairs = accountsStore.getAllAccounts().parallelStream().map(a -> {
             try {
-                return initManager(a.number(), a.path());
+                return new Pair<Manager, Throwable>(initManager(a.number(), a.path()), null);
-            } catch (NotRegisteredException | IOException | AccountCheckException e) {
+            } catch (NotRegisteredException e) {
                 logger.warn("Ignoring {}: {} ({})", a.number(), e.getMessage(), e.getClass().getSimpleName());
                 return null;
-            } catch (Throwable e) {
+            } catch (AccountCheckException | IOException e) {
                 logger.error("Failed to load {}: {} ({})", a.number(), e.getMessage(), e.getClass().getSimpleName());
-                throw e;
+                return new Pair<Manager, Throwable>(null, e);
             }
         }).filter(Objects::nonNull).toList();
 
+        for (final var pair : managerPairs) {
+            if (pair.second() instanceof IOException e) {
+                throw e;
+            } else if (pair.second() instanceof AccountCheckException e) {
+                throw e;
+            }
+        }
+
+        final var managers = managerPairs.stream().map(Pair::first).toList();
         return new MultiAccountManagerImpl(managers, this);
     }
 

lib/src/main/java/org/asamk/signal/manager/actions/RenewSessionAction.java

@@ -19,9 +19,7 @@ public class RenewSessionAction implements HandleAction {
     @Override
     public void execute(Context context) throws Throwable {
         context.getAccount().getAccountData(accountId).getSessionStore().archiveSessions(serviceId);
-        if (!recipientId.equals(context.getAccount().getSelfRecipientId())) {
+        context.getSendHelper().sendNullMessage(recipientId);
-            context.getSendHelper().sendNullMessage(recipientId);
-        }
     }
 
     @Override

lib/src/main/java/org/asamk/signal/manager/actions/SendRetryMessageRequestAction.java

@@ -7,7 +7,6 @@ import org.signal.libsignal.metadata.ProtocolException;
 import org.signal.libsignal.protocol.message.CiphertextMessage;
 import org.signal.libsignal.protocol.message.DecryptionErrorMessage;
 import org.whispersystems.signalservice.api.messages.SignalServiceEnvelope;
-import org.whispersystems.signalservice.api.push.ServiceId;
 import org.whispersystems.signalservice.internal.push.Envelope;
 
 import java.util.Optional;
@@ -15,29 +14,21 @@ import java.util.Optional;
 public class SendRetryMessageRequestAction implements HandleAction {
 
     private final RecipientId recipientId;
-    private final ServiceId serviceId;
     private final ProtocolException protocolException;
     private final SignalServiceEnvelope envelope;
-    private final ServiceId accountId;
 
     public SendRetryMessageRequestAction(
             final RecipientId recipientId,
-            final ServiceId serviceId,
             final ProtocolException protocolException,
-            final SignalServiceEnvelope envelope,
+            final SignalServiceEnvelope envelope
-            final ServiceId accountId
     ) {
         this.recipientId = recipientId;
-        this.serviceId = serviceId;
         this.protocolException = protocolException;
         this.envelope = envelope;
-        this.accountId = accountId;
     }
 
     @Override
     public void execute(Context context) throws Throwable {
-        context.getAccount().getAccountData(accountId).getSessionStore().archiveSessions(serviceId);
-
         int senderDevice = protocolException.getSenderDevice();
         Optional<GroupId> groupId = protocolException.getGroupId().isPresent() ? Optional.of(GroupId.unknownVersion(
                 protocolException.getGroupId().get())) : Optional.empty();

lib/src/main/java/org/asamk/signal/manager/api/DeviceLinkUrl.java

@@ -2,7 +2,6 @@ package org.asamk.signal.manager.api;
 
 import org.asamk.signal.manager.util.Utils;
 import org.signal.libsignal.protocol.InvalidKeyException;
-import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.protocol.ecc.ECPublicKey;
 
 import java.net.URI;
@@ -37,7 +36,7 @@ public record DeviceLinkUrl(String deviceIdentifier, ECPublicKey deviceKey) {
         }
         ECPublicKey deviceKey;
         try {
-            deviceKey = Curve.decodePoint(publicKeyBytes, 0);
+            deviceKey = new ECPublicKey(publicKeyBytes);
         } catch (InvalidKeyException e) {
             throw new InvalidDeviceLinkException("Invalid device link", e);
         }

lib/src/main/java/org/asamk/signal/manager/api/InvalidNumberException.java

@@ -2,7 +2,7 @@ package org.asamk.signal.manager.api;
 
 public class InvalidNumberException extends Exception {
 
-    InvalidNumberException(String message) {
+    public InvalidNumberException(String message) {
         super(message);
     }
 

lib/src/main/java/org/asamk/signal/manager/api/Message.java

@@ -6,6 +6,7 @@ import java.util.Optional;
 public record Message(
         String messageText,
         List<String> attachments,
+        boolean viewOnce,
         List<Mention> mentions,
         Optional<Quote> quote,
         Optional<Sticker> sticker,

lib/src/main/java/org/asamk/signal/manager/api/PinLockMissingException.java

@@ -0,0 +1,3 @@
+package org.asamk.signal.manager.api;
+
+public class PinLockMissingException extends Exception {}

lib/src/main/java/org/asamk/signal/manager/api/RecipientIdentifier.java

@@ -1,8 +1,8 @@
 package org.asamk.signal.manager.api;
 
+import org.asamk.signal.manager.util.PhoneNumberFormatter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.whispersystems.signalservice.api.util.PhoneNumberFormatter;
 import org.whispersystems.signalservice.api.util.UuidUtil;
 
 import java.util.UUID;
@@ -24,32 +24,28 @@ public sealed interface RecipientIdentifier {
     sealed interface Single extends RecipientIdentifier {
 
         static Single fromString(String identifier, String localNumber) throws InvalidNumberException {
-            try {
+            if (UuidUtil.isUuid(identifier)) {
-                if (UuidUtil.isUuid(identifier)) {
+                return new Uuid(UUID.fromString(identifier));
-                    return new Uuid(UUID.fromString(identifier));
-                }
-
-                if (identifier.startsWith("PNI:")) {
-                    final var pni = identifier.substring(4);
-                    if (!UuidUtil.isUuid(pni)) {
-                        throw new InvalidNumberException("Invalid PNI");
-                    }
-                    return new Pni(UUID.fromString(pni));
-                }
-
-                if (identifier.startsWith("u:")) {
-                    return new Username(identifier.substring(2));
-                }
-
-                final var normalizedNumber = PhoneNumberFormatter.formatNumber(identifier, localNumber);
-                if (!normalizedNumber.equals(identifier)) {
-                    final Logger logger = LoggerFactory.getLogger(RecipientIdentifier.class);
-                    logger.debug("Normalized number {} to {}.", identifier, normalizedNumber);
-                }
-                return new Number(normalizedNumber);
-            } catch (org.whispersystems.signalservice.api.util.InvalidNumberException e) {
-                throw new InvalidNumberException(e.getMessage(), e);
             }
+
+            if (identifier.startsWith("PNI:")) {
+                final var pni = identifier.substring(4);
+                if (!UuidUtil.isUuid(pni)) {
+                    throw new InvalidNumberException("Invalid PNI");
+                }
+                return new Pni(UUID.fromString(pni));
+            }
+
+            if (identifier.startsWith("u:")) {
+                return new Username(identifier.substring(2));
+            }
+
+            final var normalizedNumber = PhoneNumberFormatter.formatNumber(identifier, localNumber);
+            if (!normalizedNumber.equals(identifier)) {
+                final Logger logger = LoggerFactory.getLogger(RecipientIdentifier.class);
+                logger.debug("Normalized number {} to {}.", identifier, normalizedNumber);
+            }
+            return new Number(normalizedNumber);
         }
 
         static Single fromAddress(RecipientAddress address) {

lib/src/main/java/org/asamk/signal/manager/config/LiveConfig.java

@@ -2,9 +2,9 @@ package org.asamk.signal.manager.config;
 
 import org.signal.libsignal.net.Network.Environment;
 import org.signal.libsignal.protocol.InvalidKeyException;
-import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.protocol.ecc.ECPublicKey;
 import org.whispersystems.signalservice.api.push.TrustStore;
+import org.whispersystems.signalservice.internal.configuration.HttpProxy;
 import org.whispersystems.signalservice.internal.configuration.SignalCdnUrl;
 import org.whispersystems.signalservice.internal.configuration.SignalCdsiUrl;
 import org.whispersystems.signalservice.internal.configuration.SignalProxy;
@@ -28,7 +28,9 @@ class LiveConfig {
     private static final byte[] UNIDENTIFIED_SENDER_TRUST_ROOT = Base64.getDecoder()
             .decode("BXu6QIKVz5MA8gstzfOgRQGqyLqOwNKHL6INkv3IHWMF");
     private static final String CDSI_MRENCLAVE = "0f6fd79cdfdaa5b2e6337f534d3baf999318b0c462a7ac1f41297a3e4b424a57";
-    private static final String SVR2_MRENCLAVE = "9314436a9a144992bb3680770ea5fd7934a7ffd29257844a33763a238903d570";
+    private static final String SVR2_MRENCLAVE_LEGACY_LEGACY = "9314436a9a144992bb3680770ea5fd7934a7ffd29257844a33763a238903d570";
+    private static final String SVR2_MRENCLAVE_LEGACY = "093be9ea32405e85ae28dbb48eb668aebeb7dbe29517b9b86ad4bec4dfe0e6a6";
+    private static final String SVR2_MRENCLAVE = "29cd63c87bea751e3bfd0fbd401279192e2e5c99948b4ee9437eafc4968355fb";
 
     private static final String URL = "https://chat.signal.org";
     private static final String CDN_URL = "https://cdn.signal.org";
@@ -41,6 +43,7 @@ class LiveConfig {
 
     private static final Optional<Dns> dns = Optional.empty();
     private static final Optional<SignalProxy> proxy = Optional.empty();
+    private static final Optional<HttpProxy> systemProxy = Optional.empty();
 
     private static final byte[] zkGroupServerPublicParams = Base64.getDecoder()
             .decode("AMhf5ywVwITZMsff/eCyudZx9JDmkkkbV6PInzG4p8x3VqVJSFiMvnvlEKWuRob/1eaIetR31IYeAbm0NdOuHH8Qi+Rexi1wLlpzIo1gstHWBfZzy1+qHRV5A4TqPp15YzBPm0WSggW6PbSn+F4lf57VCnHF7p8SvzAA2ZZJPYJURt8X7bbg+H3i+PEjH9DXItNEqs2sNcug37xZQDLm7X36nOoGPs54XsEGzPdEV+itQNGUFEjY6X9Uv+Acuks7NpyGvCoKxGwgKgE5XyJ+nNKlyHHOLb6N1NuHyBrZrgtY/JYJHRooo5CEqYKBqdFnmbTVGEkCvJKxLnjwKWf+fEPoWeQFj5ObDjcKMZf2Jm2Ae69x+ikU5gBXsRmoF94GXTLfN0/vLt98KDPnxwAQL9j5V1jGOY8jQl6MLxEs56cwXN0dqCnImzVH3TZT1cJ8SW1BRX6qIVxEzjsSGx3yxF3suAilPMqGRp4ffyopjMD1JXiKR2RwLKzizUe5e8XyGOy9fplzhw3jVzTRyUZTRSZKkMLWcQ/gv0E4aONNqs4P+NameAZYOD12qRkxosQQP5uux6B2nRyZ7sAV54DgFyLiRcq1FvwKw2EPQdk4HDoePrO/RNUbyNddnM/mMgj4FW65xCoT1LmjrIjsv/Ggdlx46ueczhMgtBunx1/w8k8V+l8LVZ8gAT6wkU5J+DPQalQguMg12Jzug3q4TbdHiGCmD9EunCwOmsLuLJkz6EcSYXtrlDEnAM+hicw7iergYLLlMXpfTdGxJCWJmP4zqUFeTTmsmhsjGBt7NiEB/9pFFEB3pSbf4iiUukw63Eo8Aqnf4iwob6X1QviCWuc8t0LUlT9vALgh/f2DPVOOmR0RW6bgRvc7DSF20V/omg+YBw==");
@@ -68,6 +71,7 @@ class LiveConfig {
                 interceptors,
                 dns,
                 proxy,
+                systemProxy,
                 zkGroupServerPublicParams,
                 genericServerPublicParams,
                 backupServerPublicParams,
@@ -76,7 +80,7 @@ class LiveConfig {
 
     static ECPublicKey getUnidentifiedSenderTrustRoot() {
         try {
-            return Curve.decodePoint(UNIDENTIFIED_SENDER_TRUST_ROOT, 0);
+            return new ECPublicKey(UNIDENTIFIED_SENDER_TRUST_ROOT);
         } catch (InvalidKeyException e) {
             throw new AssertionError(e);
         }
@@ -88,7 +92,7 @@ class LiveConfig {
                 createDefaultServiceConfiguration(interceptors),
                 getUnidentifiedSenderTrustRoot(),
                 CDSI_MRENCLAVE,
-                List.of(SVR2_MRENCLAVE));
+                List.of(SVR2_MRENCLAVE, SVR2_MRENCLAVE_LEGACY, SVR2_MRENCLAVE_LEGACY_LEGACY));
     }
 
     private LiveConfig() {

lib/src/main/java/org/asamk/signal/manager/config/ServiceConfig.java

@@ -30,7 +30,8 @@ public class ServiceConfig {
     public static AccountAttributes.Capabilities getCapabilities(boolean isPrimaryDevice) {
         final var deleteSync = !isPrimaryDevice;
         final var storageEncryptionV2 = !isPrimaryDevice;
-        return new AccountAttributes.Capabilities(true, deleteSync, true, storageEncryptionV2);
+        final var attachmentBackfill = !isPrimaryDevice;
+        return new AccountAttributes.Capabilities(true, deleteSync, true, storageEncryptionV2, attachmentBackfill);
     }
 
     public static ServiceEnvironmentConfig getServiceEnvironmentConfig(

lib/src/main/java/org/asamk/signal/manager/config/StagingConfig.java

@@ -2,9 +2,9 @@ package org.asamk.signal.manager.config;
 
 import org.signal.libsignal.net.Network;
 import org.signal.libsignal.protocol.InvalidKeyException;
-import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.protocol.ecc.ECPublicKey;
 import org.whispersystems.signalservice.api.push.TrustStore;
+import org.whispersystems.signalservice.internal.configuration.HttpProxy;
 import org.whispersystems.signalservice.internal.configuration.SignalCdnUrl;
 import org.whispersystems.signalservice.internal.configuration.SignalCdsiUrl;
 import org.whispersystems.signalservice.internal.configuration.SignalProxy;
@@ -28,7 +28,9 @@ class StagingConfig {
     private static final byte[] UNIDENTIFIED_SENDER_TRUST_ROOT = Base64.getDecoder()
             .decode("BbqY1DzohE4NUZoVF+L18oUPrK3kILllLEJh2UnPSsEx");
     private static final String CDSI_MRENCLAVE = "0f6fd79cdfdaa5b2e6337f534d3baf999318b0c462a7ac1f41297a3e4b424a57";
-    private static final String SVR2_MRENCLAVE = "38e01eff4fe357dc0b0e8ef7a44b4abc5489fbccba3a78780f3872c277f62bf3";
+    private static final String SVR2_MRENCLAVE_LEGACY_LEGACY = "38e01eff4fe357dc0b0e8ef7a44b4abc5489fbccba3a78780f3872c277f62bf3";
+    private static final String SVR2_MRENCLAVE_LEGACY = "2e8cefe6e3f389d8426adb24e9b7fb7adf10902c96f06f7bbcee36277711ed91";
+    private static final String SVR2_MRENCLAVE = "a75542d82da9f6914a1e31f8a7407053b99cc99a0e7291d8fbd394253e19b036";
 
     private static final String URL = "https://chat.staging.signal.org";
     private static final String CDN_URL = "https://cdn-staging.signal.org";
@@ -41,6 +43,7 @@ class StagingConfig {
 
     private static final Optional<Dns> dns = Optional.empty();
     private static final Optional<SignalProxy> proxy = Optional.empty();
+    private static final Optional<HttpProxy> systemProxy = Optional.empty();
 
     private static final byte[] zkGroupServerPublicParams = Base64.getDecoder()
             .decode("ABSY21VckQcbSXVNCGRYJcfWHiAMZmpTtTELcDmxgdFbtp/bWsSxZdMKzfCp8rvIs8ocCU3B37fT3r4Mi5qAemeGeR2X+/YmOGR5ofui7tD5mDQfstAI9i+4WpMtIe8KC3wU5w3Inq3uNWVmoGtpKndsNfwJrCg0Hd9zmObhypUnSkfYn2ooMOOnBpfdanRtrvetZUayDMSC5iSRcXKpdlukrpzzsCIvEwjwQlJYVPOQPj4V0F4UXXBdHSLK05uoPBCQG8G9rYIGedYsClJXnbrgGYG3eMTG5hnx4X4ntARBgELuMWWUEEfSK0mjXg+/2lPmWcTZWR9nkqgQQP0tbzuiPm74H2wMO4u1Wafe+UwyIlIT9L7KLS19Aw8r4sPrXZSSsOZ6s7M1+rTJN0bI5CKY2PX29y5Ok3jSWufIKcgKOnWoP67d5b2du2ZVJjpjfibNIHbT/cegy/sBLoFwtHogVYUewANUAXIaMPyCLRArsKhfJ5wBtTminG/PAvuBdJ70Z/bXVPf8TVsR292zQ65xwvWTejROW6AZX6aqucUjlENAErBme1YHmOSpU6tr6doJ66dPzVAWIanmO/5mgjNEDeK7DDqQdB1xd03HT2Qs2TxY3kCK8aAb/0iM0HQiXjxZ9HIgYhbtvGEnDKW5ILSUydqH/KBhW4Pb0jZWnqN/YgbWDKeJxnDbYcUob5ZY5Lt5ZCMKuaGUvCJRrCtuugSMaqjowCGRempsDdJEt+cMaalhZ6gczklJB/IbdwENW9KeVFPoFNFzhxWUIS5ML9riVYhAtE6JE5jX0xiHNVIIPthb458cfA8daR0nYfYAUKogQArm0iBezOO+mPk5vCNWI+wwkyFCqNDXz/qxl1gAntuCJtSfq9OC3NkdhQlgYQ==");
@@ -68,6 +71,7 @@ class StagingConfig {
                 interceptors,
                 dns,
                 proxy,
+                systemProxy,
                 zkGroupServerPublicParams,
                 genericServerPublicParams,
                 backupServerPublicParams,
@@ -76,7 +80,7 @@ class StagingConfig {
 
     static ECPublicKey getUnidentifiedSenderTrustRoot() {
         try {
-            return Curve.decodePoint(UNIDENTIFIED_SENDER_TRUST_ROOT, 0);
+            return new ECPublicKey(UNIDENTIFIED_SENDER_TRUST_ROOT);
         } catch (InvalidKeyException e) {
             throw new AssertionError(e);
         }
@@ -88,7 +92,7 @@ class StagingConfig {
                 createDefaultServiceConfiguration(interceptors),
                 getUnidentifiedSenderTrustRoot(),
                 CDSI_MRENCLAVE,
-                List.of(SVR2_MRENCLAVE));
+                List.of(SVR2_MRENCLAVE, SVR2_MRENCLAVE_LEGACY, SVR2_MRENCLAVE_LEGACY_LEGACY));
     }
 
     private StagingConfig() {

lib/src/main/java/org/asamk/signal/manager/helper/AccountHelper.java

@@ -4,6 +4,7 @@ import org.asamk.signal.manager.api.CaptchaRequiredException;
 import org.asamk.signal.manager.api.DeviceLinkUrl;
 import org.asamk.signal.manager.api.IncorrectPinException;
 import org.asamk.signal.manager.api.NonNormalizedPhoneNumberException;
+import org.asamk.signal.manager.api.PinLockMissingException;
 import org.asamk.signal.manager.api.PinLockedException;
 import org.asamk.signal.manager.api.RateLimitException;
 import org.asamk.signal.manager.api.VerificationMethodNotAvailableException;
@@ -32,6 +33,7 @@ import org.whispersystems.signalservice.api.push.ServiceId.PNI;
 import org.whispersystems.signalservice.api.push.ServiceIdType;
 import org.whispersystems.signalservice.api.push.SignalServiceAddress;
 import org.whispersystems.signalservice.api.push.SignedPreKeyEntity;
+import org.whispersystems.signalservice.api.push.UsernameLinkComponents;
 import org.whispersystems.signalservice.api.push.exceptions.AlreadyVerifiedException;
 import org.whispersystems.signalservice.api.push.exceptions.AuthorizationFailedException;
 import org.whispersystems.signalservice.api.push.exceptions.DeprecatedVersionException;
@@ -50,7 +52,7 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Objects;
-import java.util.Optional;
+import java.util.UUID;
 import java.util.concurrent.TimeUnit;
 
 import okio.ByteString;
@@ -104,7 +106,7 @@ public class AccountHelper {
             if (!account.isPrimaryDevice() && account.getPniIdentityKeyPair() == null) {
                 throw new IOException("Missing PNI identity key, relinking required");
             }
-            if (account.getPreviousStorageVersion() < 4
+            if (account.getPreviousStorageVersion() < 10
                     && account.isPrimaryDevice()
                     && account.getRegistrationLockPin() != null) {
                 migrateRegistrationPin();
@@ -184,7 +186,7 @@ public class AccountHelper {
             String newNumber,
             String verificationCode,
             String pin
-    ) throws IncorrectPinException, PinLockedException, IOException {
+    ) throws IncorrectPinException, PinLockedException, IOException, PinLockMissingException {
         for (var attempts = 0; attempts < 5; attempts++) {
             try {
                 finishChangeNumberInternal(newNumber, verificationCode, pin);
@@ -204,7 +206,7 @@ public class AccountHelper {
             String newNumber,
             String verificationCode,
             String pin
-    ) throws IncorrectPinException, PinLockedException, IOException {
+    ) throws IncorrectPinException, PinLockedException, IOException, PinLockMissingException {
         final var pniIdentity = KeyUtils.generateIdentityKeyPair();
         final var encryptedDeviceMessages = new ArrayList<OutgoingPushMessage>();
         final var devicePniSignedPreKeys = new HashMap<Integer, SignedPreKeyEntity>();
@@ -289,12 +291,13 @@ public class AccountHelper {
                 context.getPinHelper(),
                 (sessionId1, verificationCode1, registrationLock) -> {
                     final var registrationApi = dependencies.getRegistrationApi();
+                    final var accountApi = dependencies.getAccountApi();
                     try {
                         handleResponseException(registrationApi.verifyAccount(sessionId1, verificationCode1));
                     } catch (AlreadyVerifiedException e) {
                         // Already verified so can continue changing number
                     }
-                    return handleResponseException(registrationApi.changeNumber(new ChangePhoneNumberRequest(sessionId1,
+                    return handleResponseException(accountApi.changeNumber(new ChangePhoneNumberRequest(sessionId1,
                             null,
                             newNumber,
                             registrationLock,
@@ -378,7 +381,7 @@ public class AccountHelper {
             candidateHashes.add(Base64.encodeUrlSafeWithoutPadding(candidate.getHash()));
         }
 
-        final var response = dependencies.getAccountManager().reserveUsername(candidateHashes);
+        final var response = handleResponseException(dependencies.getAccountApi().reserveUsername(candidateHashes));
         final var hashIndex = candidateHashes.indexOf(response.getUsernameHash());
         if (hashIndex == -1) {
             logger.warn("[reserveUsername] The response hash could not be found in our set of candidateHashes.");
@@ -388,7 +391,7 @@ public class AccountHelper {
         logger.debug("[reserveUsername] Successfully reserved username.");
         final var username = candidates.get(hashIndex);
 
-        final var linkComponents = dependencies.getAccountManager().confirmUsernameAndCreateNewLink(username);
+        final var linkComponents = confirmUsernameAndCreateNewLink(username);
         account.setUsername(username.getUsername());
         account.setUsernameLink(linkComponents);
         account.getRecipientStore().resolveSelfRecipientTrusted(account.getSelfRecipientAddress());
@@ -396,6 +399,40 @@ public class AccountHelper {
         logger.debug("[confirmUsername] Successfully confirmed username.");
     }
 
+    public UsernameLinkComponents createUsernameLink(Username username) throws IOException {
+        try {
+            Username.UsernameLink link = username.generateLink();
+            return handleResponseException(dependencies.getAccountApi().createUsernameLink(link));
+        } catch (BaseUsernameException e) {
+            throw new AssertionError(e);
+        }
+    }
+
+    private UsernameLinkComponents confirmUsernameAndCreateNewLink(Username username) throws IOException {
+        try {
+            Username.UsernameLink link = username.generateLink();
+            UUID serverId = handleResponseException(dependencies.getAccountApi().confirmUsername(username, link));
+
+            return new UsernameLinkComponents(link.getEntropy(), serverId);
+        } catch (BaseUsernameException e) {
+            throw new AssertionError(e);
+        }
+    }
+
+    private UsernameLinkComponents reclaimUsernameAndLink(
+            Username username,
+            UsernameLinkComponents linkComponents
+    ) throws IOException {
+        try {
+            Username.UsernameLink link = username.generateLink(linkComponents.getEntropy());
+            UUID serverId = handleResponseException(dependencies.getAccountApi().confirmUsername(username, link));
+
+            return new UsernameLinkComponents(link.getEntropy(), serverId);
+        } catch (BaseUsernameException e) {
+            throw new AssertionError(e);
+        }
+    }
+
     public void refreshCurrentUsername() throws IOException, BaseUsernameException {
         final var localUsername = account.getUsername();
         if (localUsername == null) {
@@ -438,14 +475,14 @@ public class AccountHelper {
         final var usernameLink = account.getUsernameLink();
 
         if (usernameLink == null) {
-            dependencies.getAccountManager()
+            handleResponseException(dependencies.getAccountApi()
-                    .reserveUsername(List.of(Base64.encodeUrlSafeWithoutPadding(username.getHash())));
+                    .reserveUsername(List.of(Base64.encodeUrlSafeWithoutPadding(username.getHash()))));
             logger.debug("[reserveUsername] Successfully reserved existing username.");
-            final var linkComponents = dependencies.getAccountManager().confirmUsernameAndCreateNewLink(username);
+            final var linkComponents = confirmUsernameAndCreateNewLink(username);
             account.setUsernameLink(linkComponents);
             logger.debug("[confirmUsername] Successfully confirmed existing username.");
         } else {
-            final var linkComponents = dependencies.getAccountManager().reclaimUsernameAndLink(username, usernameLink);
+            final var linkComponents = reclaimUsernameAndLink(username, usernameLink);
             account.setUsernameLink(linkComponents);
             logger.debug("[confirmUsername] Successfully reclaimed existing username and link.");
         }
@@ -455,7 +492,7 @@ public class AccountHelper {
     private void tryToSetUsernameLink(Username username) {
         for (var i = 1; i < 4; i++) {
             try {
-                final var linkComponents = dependencies.getAccountManager().createUsernameLink(username);
+                final var linkComponents = createUsernameLink(username);
                 account.setUsernameLink(linkComponents);
                 break;
             } catch (IOException e) {
@@ -465,9 +502,8 @@ public class AccountHelper {
     }
 
     public void deleteUsername() throws IOException {
-        dependencies.getAccountManager().deleteUsernameLink();
+        handleResponseException(dependencies.getAccountApi().deleteUsername());
         account.setUsernameLink(null);
-        dependencies.getAccountManager().deleteUsername();
         account.setUsername(null);
         logger.debug("[deleteUsername] Successfully deleted the username.");
     }
@@ -479,7 +515,7 @@ public class AccountHelper {
     }
 
     public void updateAccountAttributes() throws IOException {
-        dependencies.getAccountManager().setAccountAttributes(account.getAccountAttributes(null));
+        handleResponseException(dependencies.getAccountApi().setAccountAttributes(account.getAccountAttributes(null)));
     }
 
     public void addDevice(DeviceLinkUrl deviceLinkInfo) throws IOException, org.asamk.signal.manager.api.DeviceLimitExceededException {
@@ -500,9 +536,9 @@ public class AccountHelper {
                         account.getAciIdentityKeyPair(),
                         account.getPniIdentityKeyPair(),
                         account.getProfileKey(),
+                        account.getOrCreateAccountEntropyPool(),
                         account.getOrCreatePinMasterKey(),
                         account.getOrCreateMediaRootBackupKey(),
-                        account.getOrCreateAccountEntropyPool(),
                         verificationCode.getVerificationCode(),
                         null));
         account.setMultiDevice(true);
@@ -510,8 +546,8 @@ public class AccountHelper {
     }
 
     public void removeLinkedDevices(int deviceId) throws IOException {
-        dependencies.getAccountManager().removeDevice(deviceId);
+        handleResponseException(dependencies.getLinkDeviceApi().removeDevice(deviceId));
-        var devices = dependencies.getAccountManager().getDevices();
+        var devices = handleResponseException(dependencies.getLinkDeviceApi().getDevices());
         account.setMultiDevice(devices.size() > 1);
     }
 
@@ -519,14 +555,16 @@ public class AccountHelper {
         var masterKey = account.getOrCreatePinMasterKey();
 
         context.getPinHelper().migrateRegistrationLockPin(account.getRegistrationLockPin(), masterKey);
-        dependencies.getAccountManager().enableRegistrationLock(masterKey);
+        handleResponseException(dependencies.getAccountApi()
+                .enableRegistrationLock(masterKey.deriveRegistrationLock()));
     }
 
     public void setRegistrationPin(String pin) throws IOException {
         var masterKey = account.getOrCreatePinMasterKey();
 
         context.getPinHelper().setRegistrationLockPin(pin, masterKey);
-        dependencies.getAccountManager().enableRegistrationLock(masterKey);
+        handleResponseException(dependencies.getAccountApi()
+                .enableRegistrationLock(masterKey.deriveRegistrationLock()));
 
         account.setRegistrationLockPin(pin);
         updateAccountAttributes();
@@ -535,7 +573,7 @@ public class AccountHelper {
     public void removeRegistrationPin() throws IOException {
         // Remove KBS Pin
         context.getPinHelper().removeRegistrationLockPin();
-        dependencies.getAccountManager().disableRegistrationLock();
+        handleResponseException(dependencies.getAccountApi().disableRegistrationLock());
 
         account.setRegistrationLockPin(null);
     }
@@ -544,7 +582,7 @@ public class AccountHelper {
         // When setting an empty GCM id, the Signal-Server also sets the fetchesMessages property to false.
         // If this is the primary device, other users can't send messages to this number anymore.
         // If this is a linked device, other users can still send messages, but this device doesn't receive them anymore.
-        dependencies.getAccountManager().setGcmId(Optional.empty());
+        handleResponseException(dependencies.getAccountApi().clearFcmToken());
 
         account.setRegistered(false);
         unregisteredListener.call();
@@ -558,7 +596,7 @@ public class AccountHelper {
         }
         account.setRegistrationLockPin(null);
 
-        dependencies.getAccountManager().deleteAccount();
+        handleResponseException(dependencies.getAccountApi().deleteAccount());
 
         account.setRegistered(false);
         unregisteredListener.call();

lib/src/main/java/org/asamk/signal/manager/helper/AttachmentHelper.java

@@ -9,6 +9,7 @@ import org.asamk.signal.manager.util.IOUtils;
 import org.signal.libsignal.protocol.InvalidMessageException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.whispersystems.signalservice.api.crypto.AttachmentCipherInputStream;
 import org.whispersystems.signalservice.api.messages.SignalServiceAttachment;
 import org.whispersystems.signalservice.api.messages.SignalServiceAttachmentPointer;
 import org.whispersystems.signalservice.api.messages.SignalServiceAttachmentStream;
@@ -44,14 +45,20 @@ public class AttachmentHelper {
     }
 
     public List<SignalServiceAttachment> uploadAttachments(final List<String> attachments) throws AttachmentInvalidException, IOException {
-        var attachmentStreams = createAttachmentStreams(attachments);
+        final var attachmentStreams = createAttachmentStreams(attachments);
 
-        // Upload attachments here, so we only upload once even for multiple recipients
+        try {
-        var attachmentPointers = new ArrayList<SignalServiceAttachment>(attachmentStreams.size());
+            // Upload attachments here, so we only upload once even for multiple recipients
-        for (var attachmentStream : attachmentStreams) {
+            final var attachmentPointers = new ArrayList<SignalServiceAttachment>(attachmentStreams.size());
-            attachmentPointers.add(uploadAttachment(attachmentStream));
+            for (final var attachmentStream : attachmentStreams) {
+                attachmentPointers.add(uploadAttachment(attachmentStream));
+            }
+            return attachmentPointers;
+        } finally {
+            for (final var attachmentStream : attachmentStreams) {
+                attachmentStream.close();
+            }
         }
-        return attachmentPointers;
     }
 
     private List<SignalServiceAttachmentStream> createAttachmentStreams(List<String> attachments) throws AttachmentInvalidException, IOException {
@@ -132,9 +139,15 @@ public class AttachmentHelper {
             SignalServiceAttachmentPointer pointer,
             File tmpFile
     ) throws IOException {
+        if (pointer.getDigest().isEmpty()) {
+            throw new IOException("Attachment pointer has no digest.");
+        }
         try {
             return dependencies.getMessageReceiver()
-                    .retrieveAttachment(pointer, tmpFile, ServiceConfig.MAX_ATTACHMENT_SIZE);
+                    .retrieveAttachment(pointer,
+                            tmpFile,
+                            ServiceConfig.MAX_ATTACHMENT_SIZE,
+                            AttachmentCipherInputStream.IntegrityCheck.forEncryptedDigest(pointer.getDigest().get()));
         } catch (MissingConfigurationException | InvalidMessageException e) {
             throw new IOException(e);
         }

lib/src/main/java/org/asamk/signal/manager/helper/GroupHelper.java

@@ -551,6 +551,9 @@ public class GroupHelper {
         while (true) {
             final var page = context.getGroupV2Helper()
                     .getDecryptedGroupHistoryPage(groupSecretParams, fromRevision, sendEndorsementsExpirationMs);
+            if (page == null) {
+                break;
+            }
             page.getChangeLogs()
                     .stream()
                     .map(DecryptedGroupChangeLog::getChange)

lib/src/main/java/org/asamk/signal/manager/helper/GroupV2Helper.java

@@ -44,6 +44,7 @@ import org.whispersystems.signalservice.api.push.ServiceId.PNI;
 import org.whispersystems.signalservice.api.push.SignalServiceAddress;
 import org.whispersystems.signalservice.api.push.exceptions.NonSuccessfulResponseCodeException;
 import org.whispersystems.signalservice.api.util.UuidUtil;
+import org.whispersystems.signalservice.internal.push.exceptions.NotInGroupException;
 
 import java.io.IOException;
 import java.util.ArrayList;
@@ -119,6 +120,8 @@ class GroupV2Helper {
                             groupsV2AuthorizationString,
                             false,
                             sendEndorsementsExpirationMs);
+        } catch (NotInGroupException e) {
+            throw new NotAGroupMemberException(GroupUtils.getGroupIdV2(groupSecretParams), null);
         } catch (NonSuccessfulResponseCodeException e) {
             if (e.code == 403) {
                 throw new NotAGroupMemberException(GroupUtils.getGroupIdV2(groupSecretParams), null);

lib/src/main/java/org/asamk/signal/manager/helper/IncomingMessageHandler.java

@@ -41,6 +41,7 @@ import org.signal.libsignal.metadata.ProtocolNoSessionException;
 import org.signal.libsignal.metadata.ProtocolUntrustedIdentityException;
 import org.signal.libsignal.metadata.SelfSendException;
 import org.signal.libsignal.protocol.InvalidMessageException;
+import org.signal.libsignal.protocol.UsePqRatchet;
 import org.signal.libsignal.protocol.groups.GroupSessionBuilder;
 import org.signal.libsignal.protocol.message.DecryptionErrorMessage;
 import org.signal.libsignal.zkgroup.InvalidInputException;
@@ -105,7 +106,7 @@ public final class IncomingMessageHandler {
             try {
                 final var cipherResult = dependencies.getCipher(destination == null
                                 || destination.equals(account.getAci()) ? ServiceIdType.ACI : ServiceIdType.PNI)
-                        .decrypt(envelope.getProto(), envelope.getServerDeliveredTimestamp());
+                        .decrypt(envelope.getProto(), envelope.getServerDeliveredTimestamp(), UsePqRatchet.NO);
                 content = validate(envelope.getProto(), cipherResult, envelope.getServerDeliveredTimestamp());
                 if (content == null) {
                     return new Pair<>(List.of(), null);
@@ -143,7 +144,7 @@ public final class IncomingMessageHandler {
             try {
                 final var cipherResult = dependencies.getCipher(destination == null
                                 || destination.equals(account.getAci()) ? ServiceIdType.ACI : ServiceIdType.PNI)
-                        .decrypt(envelope.getProto(), envelope.getServerDeliveredTimestamp());
+                        .decrypt(envelope.getProto(), envelope.getServerDeliveredTimestamp(), UsePqRatchet.NO);
                 content = validate(envelope.getProto(), cipherResult, envelope.getServerDeliveredTimestamp());
                 if (content == null) {
                     return new Pair<>(List.of(), null);
@@ -157,6 +158,9 @@ public final class IncomingMessageHandler {
             } catch (ProtocolInvalidKeyIdException | ProtocolInvalidKeyException | ProtocolNoSessionException |
                      ProtocolInvalidMessageException e) {
                 logger.debug("Failed to decrypt incoming message", e);
+                if (e instanceof ProtocolInvalidKeyIdException) {
+                    actions.add(RefreshPreKeysAction.create());
+                }
                 final var sender = account.getRecipientResolver().resolveRecipient(e.getSender());
                 if (context.getContactHelper().isContactBlocked(sender)) {
                     logger.debug("Received invalid message from blocked contact, ignoring.");
@@ -165,12 +169,11 @@ public final class IncomingMessageHandler {
                     if (serviceId != null) {
                         final var isSelf = sender.equals(account.getSelfRecipientId())
                                 && e.getSenderDevice() == account.getDeviceId();
+                        logger.debug("Received invalid message, queuing renew session action.");
+                        actions.add(new RenewSessionAction(sender, serviceId, destination));
                         if (!isSelf) {
                             logger.debug("Received invalid message, requesting message resend.");
-                            actions.add(new SendRetryMessageRequestAction(sender, serviceId, e, envelope, destination));
+                            actions.add(new SendRetryMessageRequestAction(sender, e, envelope));
-                        } else {
-                            logger.debug("Received invalid message, queuing renew session action.");
-                            actions.add(new RenewSessionAction(sender, serviceId, destination));
                         }
                     } else {
                         logger.debug("Received invalid message from invalid sender: {}", e.getSender());

lib/src/main/java/org/asamk/signal/manager/helper/PinHelper.java

@@ -88,7 +88,11 @@ public class PinHelper {
             IOException exception = null;
             for (final var secureValueRecovery : secureValueRecoveries) {
                 try {
-                    return getRegistrationLockData(secureValueRecovery, svr2Credentials, pin);
+                    final var lockData = getRegistrationLockData(secureValueRecovery, svr2Credentials, pin);
+                    if (lockData == null) {
+                        continue;
+                    }
+                    return lockData;
                 } catch (IOException e) {
                     exception = e;
                 }

lib/src/main/java/org/asamk/signal/manager/helper/PreKeyHelper.java

@@ -11,17 +11,19 @@ import org.signal.libsignal.protocol.state.PreKeyRecord;
 import org.signal.libsignal.protocol.state.SignedPreKeyRecord;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.whispersystems.signalservice.api.NetworkResultUtil;
 import org.whispersystems.signalservice.api.account.PreKeyUpload;
+import org.whispersystems.signalservice.api.keys.OneTimePreKeyCounts;
 import org.whispersystems.signalservice.api.push.ServiceIdType;
 import org.whispersystems.signalservice.api.push.exceptions.AuthorizationFailedException;
 import org.whispersystems.signalservice.api.push.exceptions.NonSuccessfulResponseCodeException;
-import org.whispersystems.signalservice.internal.push.OneTimePreKeyCounts;
 
 import java.io.IOException;
 import java.util.List;
 
 import static org.asamk.signal.manager.config.ServiceConfig.PREKEY_STALE_AGE;
 import static org.asamk.signal.manager.config.ServiceConfig.SIGNED_PREKEY_ROTATE_AGE;
+import static org.asamk.signal.manager.util.Utils.handleResponseException;
 
 public class PreKeyHelper {
 
@@ -82,7 +84,7 @@ public class PreKeyHelper {
     ) throws IOException {
         OneTimePreKeyCounts preKeyCounts;
         try {
-            preKeyCounts = dependencies.getAccountManager().getPreKeyCounts(serviceIdType);
+            preKeyCounts = handleResponseException(dependencies.getKeysApi().getAvailablePreKeyCounts(serviceIdType));
         } catch (AuthorizationFailedException e) {
             logger.debug("Failed to get pre key count, ignoring: " + e.getClass().getSimpleName());
             preKeyCounts = new OneTimePreKeyCounts(0, 0);
@@ -143,7 +145,7 @@ public class PreKeyHelper {
                 kyberPreKeyRecords);
         var needsReset = false;
         try {
-            dependencies.getAccountManager().setPreKeys(preKeyUpload);
+            NetworkResultUtil.toPreKeysLegacy(dependencies.getKeysApi().setPreKeys(preKeyUpload));
             try {
                 if (preKeyRecords != null) {
                     account.addPreKeys(serviceIdType, preKeyRecords);

lib/src/main/java/org/asamk/signal/manager/helper/ProfileHelper.java

@@ -23,6 +23,7 @@ import org.signal.libsignal.zkgroup.profiles.ExpiringProfileKeyCredential;
 import org.signal.libsignal.zkgroup.profiles.ProfileKey;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.whispersystems.signalservice.api.NetworkResultUtil;
 import org.whispersystems.signalservice.api.crypto.SealedSenderAccess;
 import org.whispersystems.signalservice.api.profiles.AvatarUploadParams;
 import org.whispersystems.signalservice.api.profiles.ProfileAndCredential;
@@ -196,9 +197,10 @@ public final class ProfileHelper {
                         : avatar == null ? AvatarUploadParams.unchanged(true) : AvatarUploadParams.unchanged(false);
                 final var paymentsAddress = Optional.ofNullable(newProfile.getMobileCoinAddress())
                         .map(address -> PaymentUtils.signPaymentsAddress(address,
-                                account.getAciIdentityKeyPair().getPrivateKey()));
+                                account.getAciIdentityKeyPair().getPrivateKey()))
+                        .orElse(null);
                 logger.debug("Uploading new profile");
-                final var avatarPath = dependencies.getAccountManager()
+                final var avatarPath = NetworkResultUtil.toSetProfileLegacy(dependencies.getProfileApi()
                         .setVersionedProfile(account.getAci(),
                                 account.getProfileKey(),
                                 newProfile.getInternalServiceName(),
@@ -208,9 +210,9 @@ public final class ProfileHelper {
                                 avatarUploadParams,
                                 List.of(/* TODO implement support for badges */),
                                 account.getConfigurationStore().getPhoneNumberSharingMode()
-                                        == PhoneNumberSharingMode.EVERYBODY);
+                                        == PhoneNumberSharingMode.EVERYBODY));
                 if (!avatarUploadParams.keepTheSame) {
-                    builder.withAvatarUrlPath(avatarPath.orElse(null));
+                    builder.withAvatarUrlPath(avatarPath);
                 }
                 newProfile = builder.build();
             }

lib/src/main/java/org/asamk/signal/manager/helper/ReceiveHelper.java

@@ -11,10 +11,10 @@ import org.asamk.signal.manager.storage.messageCache.CachedMessage;
 import org.asamk.signal.manager.storage.recipients.RecipientAddress;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.whispersystems.signalservice.api.SignalWebSocket;
 import org.whispersystems.signalservice.api.messages.SignalServiceEnvelope;
 import org.whispersystems.signalservice.api.push.ServiceId;
 import org.whispersystems.signalservice.api.push.ServiceId.ACI;
+import org.whispersystems.signalservice.api.websocket.SignalWebSocket;
 import org.whispersystems.signalservice.api.websocket.WebSocketConnectionState;
 import org.whispersystems.signalservice.api.websocket.WebSocketUnavailableException;
 
@@ -28,7 +28,6 @@ import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.TimeoutException;
 
-import io.reactivex.rxjava3.core.Observable;
 import io.reactivex.rxjava3.schedulers.Schedulers;
 
 public class ReceiveHelper {
@@ -94,14 +93,14 @@ public class ReceiveHelper {
         // Use a Map here because java Set doesn't have a get method ...
         Map<HandleAction, HandleAction> queuedActions = new HashMap<>();
 
-        final var signalWebSocket = dependencies.getSignalWebSocket();
+        final var signalWebSocket = dependencies.getAuthenticatedSignalWebSocket();
-        final var webSocketStateDisposable = Observable.merge(signalWebSocket.getUnidentifiedWebSocketState(),
+        final var webSocketStateDisposable = signalWebSocket.getState()
-                        signalWebSocket.getWebSocketState())
                 .subscribeOn(Schedulers.computation())
                 .observeOn(Schedulers.computation())
                 .distinctUntilChanged()
                 .subscribe(this::onWebSocketStateChange);
         signalWebSocket.connect();
+        signalWebSocket.registerKeepAliveToken("receive");
 
         try {
             receiveMessagesInternal(signalWebSocket, timeout, returnOnTimeout, maxMessages, handler, queuedActions);
@@ -109,6 +108,7 @@ public class ReceiveHelper {
             hasCaughtUpWithOldMessages = false;
             handleQueuedActions(queuedActions.keySet());
             queuedActions.clear();
+            signalWebSocket.removeKeepAliveToken("receive");
             signalWebSocket.disconnect();
             webSocketStateDisposable.dispose();
             shouldStop = false;
@@ -116,7 +116,7 @@ public class ReceiveHelper {
     }
 
     private void receiveMessagesInternal(
-            final SignalWebSocket signalWebSocket,
+            final SignalWebSocket.AuthenticatedWebSocket signalWebSocket,
             Duration timeout,
             boolean returnOnTimeout,
             Integer maxMessages,

lib/src/main/java/org/asamk/signal/manager/helper/RecipientHelper.java

@@ -10,13 +10,14 @@ import org.signal.libsignal.usernames.BaseUsernameException;
 import org.signal.libsignal.usernames.Username;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.whispersystems.signalservice.api.cds.CdsiV2Service;
 import org.whispersystems.signalservice.api.push.ServiceId;
 import org.whispersystems.signalservice.api.push.ServiceId.ACI;
 import org.whispersystems.signalservice.api.push.ServiceId.PNI;
 import org.whispersystems.signalservice.api.push.SignalServiceAddress;
 import org.whispersystems.signalservice.api.push.exceptions.CdsiInvalidArgumentException;
 import org.whispersystems.signalservice.api.push.exceptions.CdsiInvalidTokenException;
-import org.whispersystems.signalservice.api.services.CdsiV2Service;
+import org.whispersystems.signalservice.api.push.exceptions.NonSuccessfulResponseCodeException;
 
 import java.io.IOException;
 import java.util.Collection;
@@ -25,8 +26,10 @@ import java.util.HashSet;
 import java.util.Map;
 import java.util.Optional;
 import java.util.Set;
+import java.util.UUID;
 
 import static org.asamk.signal.manager.config.ServiceConfig.MAXIMUM_ONE_OFF_REQUEST_SIZE;
+import static org.asamk.signal.manager.util.Utils.handleResponseException;
 
 public class RecipientHelper {
 
@@ -66,7 +69,7 @@ public class RecipientHelper {
                 .toSignalServiceAddress();
     }
 
-    public Set<RecipientId> resolveRecipients(Collection<RecipientIdentifier.Single> recipients) throws UnregisteredRecipientException {
+    public Set<RecipientId> resolveRecipients(Collection<RecipientIdentifier.Single> recipients) throws UnregisteredRecipientException, IOException {
         final var recipientIds = new HashSet<RecipientId>(recipients.size());
         for (var number : recipients) {
             final var recipientId = resolveRecipient(number);
@@ -76,12 +79,11 @@ public class RecipientHelper {
     }
 
     public RecipientId resolveRecipient(final RecipientIdentifier.Single recipient) throws UnregisteredRecipientException {
-        if (recipient instanceof RecipientIdentifier.Uuid uuidRecipient) {
+        if (recipient instanceof RecipientIdentifier.Uuid(UUID uuid)) {
-            return account.getRecipientResolver().resolveRecipient(ACI.from(uuidRecipient.uuid()));
+            return account.getRecipientResolver().resolveRecipient(ACI.from(uuid));
-        } else if (recipient instanceof RecipientIdentifier.Pni pniRecipient) {
+        } else if (recipient instanceof RecipientIdentifier.Pni(UUID pni)) {
-            return account.getRecipientResolver().resolveRecipient(PNI.from(pniRecipient.pni()));
+            return account.getRecipientResolver().resolveRecipient(PNI.from(pni));
-        } else if (recipient instanceof RecipientIdentifier.Number numberRecipient) {
+        } else if (recipient instanceof RecipientIdentifier.Number(String number)) {
-            final var number = numberRecipient.number();
             return account.getRecipientStore().resolveRecipientByNumber(number, () -> {
                 try {
                     return getRegisteredUserByNumber(number);
@@ -89,9 +91,12 @@ public class RecipientHelper {
                     return null;
                 }
             });
-        } else if (recipient instanceof RecipientIdentifier.Username usernameRecipient) {
+        } else if (recipient instanceof RecipientIdentifier.Username(String username)) {
-            var username = usernameRecipient.username();
+            try {
-            return resolveRecipientByUsernameOrLink(username, false);
+                return resolveRecipientByUsernameOrLink(username, false);
+            } catch (Exception e) {
+                return null;
+            }
         }
         throw new AssertionError("Unexpected RecipientIdentifier: " + recipient);
     }
@@ -99,7 +104,7 @@ public class RecipientHelper {
     public RecipientId resolveRecipientByUsernameOrLink(
             String username,
             boolean forceRefresh
-    ) throws UnregisteredRecipientException {
+    ) throws UnregisteredRecipientException, IOException {
         final Username finalUsername;
         try {
             finalUsername = getUsernameFromUsernameOrLink(username);
@@ -108,18 +113,22 @@ public class RecipientHelper {
         }
         if (forceRefresh) {
             try {
-                final var aci = dependencies.getAccountManager().getAciByUsername(finalUsername);
+                final var aci = handleResponseException(dependencies.getUsernameApi().getAciByUsername(finalUsername));
                 return account.getRecipientStore().resolveRecipientTrusted(aci, finalUsername.getUsername());
-            } catch (IOException e) {
+            } catch (NonSuccessfulResponseCodeException e) {
-                throw new UnregisteredRecipientException(new org.asamk.signal.manager.api.RecipientAddress(null,
+                if (e.code == 404) {
-                        null,
+                    throw new UnregisteredRecipientException(new org.asamk.signal.manager.api.RecipientAddress(null,
-                        null,
+                            null,
-                        username));
+                            null,
+                            username));
+                }
+                logger.debug("Failed to get uuid for username: {}", username, e);
+                throw e;
             }
         }
         return account.getRecipientStore().resolveRecipientByUsername(finalUsername.getUsername(), () -> {
             try {
-                return dependencies.getAccountManager().getAciByUsername(finalUsername);
+                return handleResponseException(dependencies.getUsernameApi().getAciByUsername(finalUsername));
             } catch (Exception e) {
                 return null;
             }
@@ -130,8 +139,8 @@ public class RecipientHelper {
         try {
             final var usernameLinkUrl = UsernameLinkUrl.fromUri(username);
             final var components = usernameLinkUrl.getComponents();
-            final var encryptedUsername = dependencies.getAccountManager()
+            final var encryptedUsername = handleResponseException(dependencies.getUsernameApi()
-                    .getEncryptedUsernameFromLinkServerId(components.getServerId());
+                    .getEncryptedUsernameFromLinkServerId(components.getServerId()));
             final var link = new Username.UsernameLink(components.getEntropy(), encryptedUsername);
 
             return Username.fromLink(link);
@@ -144,8 +153,8 @@ public class RecipientHelper {
         try {
             return Optional.of(resolveRecipient(recipient));
         } catch (UnregisteredRecipientException e) {
-            if (recipient instanceof RecipientIdentifier.Number r) {
+            if (recipient instanceof RecipientIdentifier.Number(String number)) {
-                return account.getRecipientStore().resolveRecipientByNumberOptional(r.number());
+                return account.getRecipientStore().resolveRecipientByNumberOptional(number);
             } else {
                 return Optional.empty();
             }
@@ -234,8 +243,8 @@ public class RecipientHelper {
 
         final CdsiV2Service.Response response;
         try {
-            response = dependencies.getAccountManager()
+            response = handleResponseException(dependencies.getCdsApi()
-                    .getRegisteredUsersWithCdsi(token.isEmpty() ? Set.of() : previousNumbers,
+                    .getRegisteredUsers(token.isEmpty() ? Set.of() : previousNumbers,
                             newNumbers,
                             account.getRecipientStore().getServiceIdToProfileKeyMap(),
                             token,
@@ -256,7 +265,7 @@ public class RecipientHelper {
                                     account.setCdsiToken(newToken);
                                     account.setLastRecipientsRefresh(System.currentTimeMillis());
                                 }
-                            });
+                            }));
         } catch (CdsiInvalidTokenException | CdsiInvalidArgumentException e) {
             account.setCdsiToken(null);
             account.getCdsiStore().clearAll();

lib/src/main/java/org/asamk/signal/manager/helper/UnidentifiedAccessHelper.java

@@ -18,6 +18,8 @@ import java.io.IOException;
 import java.util.List;
 import java.util.concurrent.TimeUnit;
 
+import static org.asamk.signal.manager.util.Utils.handleResponseException;
+
 public class UnidentifiedAccessHelper {
 
     private static final Logger logger = LoggerFactory.getLogger(UnidentifiedAccessHelper.class);
@@ -109,7 +111,8 @@ public class UnidentifiedAccessHelper {
             return privacySenderCertificate.getSerialized();
         }
         try {
-            final var certificate = dependencies.getAccountManager().getSenderCertificateForPhoneNumberPrivacy();
+            final var certificate = handleResponseException(dependencies.getCertificateApi()
+                    .getSenderCertificateForPhoneNumberPrivacy());
             privacySenderCertificate = new SenderCertificate(certificate);
             return certificate;
         } catch (IOException | InvalidCertificateException e) {
@@ -125,7 +128,7 @@ public class UnidentifiedAccessHelper {
             return senderCertificate.getSerialized();
         }
         try {
-            final var certificate = dependencies.getAccountManager().getSenderCertificate();
+            final var certificate = handleResponseException(dependencies.getCertificateApi().getSenderCertificate());
             this.senderCertificate = new SenderCertificate(certificate);
             return certificate;
         } catch (IOException | InvalidCertificateException e) {

lib/src/main/java/org/asamk/signal/manager/internal/ManagerImpl.java

@@ -35,6 +35,7 @@ import org.asamk.signal.manager.api.IdentityVerificationCode;
 import org.asamk.signal.manager.api.InactiveGroupLinkException;
 import org.asamk.signal.manager.api.IncorrectPinException;
 import org.asamk.signal.manager.api.InvalidDeviceLinkException;
+import org.asamk.signal.manager.api.InvalidNumberException;
 import org.asamk.signal.manager.api.InvalidStickerException;
 import org.asamk.signal.manager.api.InvalidUsernameException;
 import org.asamk.signal.manager.api.LastGroupAdminException;
@@ -47,6 +48,7 @@ import org.asamk.signal.manager.api.NotPrimaryDeviceException;
 import org.asamk.signal.manager.api.Pair;
 import org.asamk.signal.manager.api.PendingAdminApprovalException;
 import org.asamk.signal.manager.api.PhoneNumberSharingMode;
+import org.asamk.signal.manager.api.PinLockMissingException;
 import org.asamk.signal.manager.api.PinLockedException;
 import org.asamk.signal.manager.api.Profile;
 import org.asamk.signal.manager.api.RateLimitException;
@@ -87,12 +89,12 @@ import org.asamk.signal.manager.storage.stickers.StickerPack;
 import org.asamk.signal.manager.util.AttachmentUtils;
 import org.asamk.signal.manager.util.KeyUtils;
 import org.asamk.signal.manager.util.MimeUtils;
+import org.asamk.signal.manager.util.PhoneNumberFormatter;
 import org.asamk.signal.manager.util.StickerUtils;
 import org.signal.libsignal.protocol.InvalidMessageException;
 import org.signal.libsignal.usernames.BaseUsernameException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.whispersystems.signalservice.api.SignalSessionLock;
 import org.whispersystems.signalservice.api.messages.SignalServiceAttachment;
 import org.whispersystems.signalservice.api.messages.SignalServiceDataMessage;
 import org.whispersystems.signalservice.api.messages.SignalServicePreview;
@@ -106,8 +108,6 @@ import org.whispersystems.signalservice.api.push.exceptions.CdsiResourceExhauste
 import org.whispersystems.signalservice.api.push.exceptions.UsernameMalformedException;
 import org.whispersystems.signalservice.api.push.exceptions.UsernameTakenException;
 import org.whispersystems.signalservice.api.util.DeviceNameUtil;
-import org.whispersystems.signalservice.api.util.InvalidNumberException;
-import org.whispersystems.signalservice.api.util.PhoneNumberFormatter;
 import org.whispersystems.signalservice.api.util.StreamDetails;
 import org.whispersystems.signalservice.internal.util.Hex;
 import org.whispersystems.signalservice.internal.util.Util;
@@ -132,7 +132,7 @@ import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.TimeUnit;
 import java.util.concurrent.atomic.AtomicInteger;
-import java.util.concurrent.locks.ReentrantLock;
+import java.util.concurrent.atomic.AtomicLong;
 import java.util.function.Function;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
@@ -142,6 +142,7 @@ import io.reactivex.rxjava3.schedulers.Schedulers;
 import okio.Utf8;
 
 import static org.asamk.signal.manager.config.ServiceConfig.MAX_MESSAGE_SIZE_BYTES;
+import static org.asamk.signal.manager.util.Utils.handleResponseException;
 import static org.signal.core.util.StringExtensionsKt.splitByByteLength;
 
 public class ManagerImpl implements Manager {
@@ -161,6 +162,7 @@ public class ManagerImpl implements Manager {
     private final List<Runnable> closedListeners = new ArrayList<>();
     private final List<Runnable> addressChangedListeners = new ArrayList<>();
     private final CompositeDisposable disposable = new CompositeDisposable();
+    private final AtomicLong lastMessageTimestamp = new AtomicLong();
 
     public ManagerImpl(
             SignalAccount account,
@@ -171,15 +173,7 @@ public class ManagerImpl implements Manager {
     ) {
         this.account = account;
 
-        final var sessionLock = new SignalSessionLock() {
+        final var sessionLock = new ReentrantSignalSessionLock();
-            private final ReentrantLock LEGACY_LOCK = new ReentrantLock();
-
-            @Override
-            public Lock acquire() {
-                LEGACY_LOCK.lock();
-                return LEGACY_LOCK::unlock;
-            }
-        };
         this.dependencies = new SignalDependencies(serviceEnvironmentConfig,
                 userAgent,
                 account.getCredentialsProvider(),
@@ -291,7 +285,7 @@ public class ManagerImpl implements Manager {
     }
 
     @Override
-    public Map<String, UsernameStatus> getUsernameStatus(Set<String> usernames) {
+    public Map<String, UsernameStatus> getUsernameStatus(Set<String> usernames) throws IOException {
         final var registeredUsers = new HashMap<String, RecipientAddress>();
         for (final var username : usernames) {
             try {
@@ -435,7 +429,7 @@ public class ManagerImpl implements Manager {
             String newNumber,
             String verificationCode,
             String pin
-    ) throws IncorrectPinException, PinLockedException, IOException, NotPrimaryDeviceException {
+    ) throws IncorrectPinException, PinLockedException, IOException, NotPrimaryDeviceException, PinLockMissingException {
         if (!account.isPrimaryDevice()) {
             throw new NotPrimaryDeviceException();
         }
@@ -457,10 +451,10 @@ public class ManagerImpl implements Manager {
             String challenge,
             String captcha
     ) throws IOException, CaptchaRejectedException {
-        captcha = captcha == null ? null : captcha.replace("signalcaptcha://", "");
+        captcha = captcha == null ? "" : captcha.replace("signalcaptcha://", "");
 
         try {
-            dependencies.getAccountManager().submitRateLimitRecaptchaChallenge(challenge, captcha);
+            handleResponseException(dependencies.getRateLimitChallengeApi().submitCaptchaChallenge(challenge, captcha));
         } catch (org.whispersystems.signalservice.internal.push.exceptions.CaptchaRejectedException ignored) {
             throw new CaptchaRejectedException();
         }
@@ -468,7 +462,7 @@ public class ManagerImpl implements Manager {
 
     @Override
     public List<Device> getLinkedDevices() throws IOException {
-        var devices = dependencies.getAccountManager().getDevices();
+        var devices = handleResponseException(dependencies.getLinkDeviceApi().getDevices());
         account.setMultiDevice(devices.size() > 1);
         var identityKey = account.getAciIdentityKeyPair().getPrivateKey();
         return devices.stream().map(d -> {
@@ -607,6 +601,24 @@ public class ManagerImpl implements Manager {
         return context.getGroupHelper().joinGroup(inviteLinkUrl);
     }
 
+    private long getNextMessageTimestamp() {
+        while (true) {
+            final var last = lastMessageTimestamp.get();
+            final var timestamp = System.currentTimeMillis();
+            if (last == timestamp) {
+                try {
+                    Thread.sleep(1);
+                } catch (InterruptedException e) {
+                    Thread.currentThread().interrupt();
+                }
+                continue;
+            }
+            if (lastMessageTimestamp.compareAndSet(last, timestamp)) {
+                return timestamp;
+            }
+        }
+    }
+
     private SendMessageResults sendMessage(
             SignalServiceDataMessage.Builder messageBuilder,
             Set<RecipientIdentifier> recipients,
@@ -622,7 +634,7 @@ public class ManagerImpl implements Manager {
             Optional<Long> editTargetTimestamp
     ) throws IOException, NotAGroupMemberException, GroupNotFoundException, GroupSendingNotAllowedException {
         var results = new HashMap<RecipientIdentifier, List<SendMessageResult>>();
-        long timestamp = System.currentTimeMillis();
+        long timestamp = getNextMessageTimestamp();
         messageBuilder.withTimestamp(timestamp);
         for (final var recipient : recipients) {
             if (recipient instanceof RecipientIdentifier.NoteToSelf || (
@@ -662,7 +674,7 @@ public class ManagerImpl implements Manager {
             Set<RecipientIdentifier> recipients
     ) throws IOException, NotAGroupMemberException, GroupNotFoundException, GroupSendingNotAllowedException {
         var results = new HashMap<RecipientIdentifier, List<SendMessageResult>>();
-        final var timestamp = System.currentTimeMillis();
+        final var timestamp = getNextMessageTimestamp();
         for (var recipient : recipients) {
             if (recipient instanceof RecipientIdentifier.Single single) {
                 final var message = new SignalServiceTypingMessage(action, timestamp, Optional.empty());
@@ -694,7 +706,7 @@ public class ManagerImpl implements Manager {
 
     @Override
     public SendMessageResults sendReadReceipt(RecipientIdentifier.Single sender, List<Long> messageIds) {
-        final var timestamp = System.currentTimeMillis();
+        final var timestamp = getNextMessageTimestamp();
         var receiptMessage = new SignalServiceReceiptMessage(SignalServiceReceiptMessage.Type.READ,
                 messageIds,
                 timestamp);
@@ -704,7 +716,7 @@ public class ManagerImpl implements Manager {
 
     @Override
     public SendMessageResults sendViewedReceipt(RecipientIdentifier.Single sender, List<Long> messageIds) {
-        final var timestamp = System.currentTimeMillis();
+        final var timestamp = getNextMessageTimestamp();
         var receiptMessage = new SignalServiceReceiptMessage(SignalServiceReceiptMessage.Type.VIEWED,
                 messageIds,
                 timestamp);
@@ -798,6 +810,7 @@ public class ManagerImpl implements Manager {
         } else if (!additionalAttachments.isEmpty()) {
             messageBuilder.withAttachments(additionalAttachments);
         }
+        messageBuilder.withViewOnce(message.viewOnce());
         if (!message.mentions().isEmpty()) {
             messageBuilder.withMentions(resolveMentions(message.mentions()));
         }
@@ -1594,7 +1607,8 @@ public class ManagerImpl implements Manager {
         context.close();
         executor.close();
 
-        dependencies.getSignalWebSocket().disconnect();
+        dependencies.getAuthenticatedSignalWebSocket().disconnect();
+        dependencies.getUnauthenticatedSignalWebSocket().disconnect();
         dependencies.getPushServiceSocket().close();
         disposable.dispose();
 

lib/src/main/java/org/asamk/signal/manager/internal/ProvisioningManagerImpl.java

@@ -29,12 +29,10 @@ import org.asamk.signal.manager.util.KeyUtils;
 import org.signal.libsignal.protocol.IdentityKeyPair;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.whispersystems.signalservice.api.SignalServiceAccountManager;
-import org.whispersystems.signalservice.api.groupsv2.ClientZkOperations;
-import org.whispersystems.signalservice.api.groupsv2.GroupsV2Operations;
 import org.whispersystems.signalservice.api.push.ServiceIdType;
 import org.whispersystems.signalservice.api.push.SignalServiceAddress;
 import org.whispersystems.signalservice.api.push.exceptions.AuthorizationFailedException;
+import org.whispersystems.signalservice.api.registration.ProvisioningApi;
 import org.whispersystems.signalservice.api.util.DeviceNameUtil;
 import org.whispersystems.signalservice.internal.push.ProvisioningSocket;
 import org.whispersystems.signalservice.internal.push.PushServiceSocket;
@@ -58,7 +56,7 @@ public class ProvisioningManagerImpl implements ProvisioningManager {
     private final Consumer<Manager> newManagerListener;
     private final AccountsStore accountsStore;
 
-    private final SignalServiceAccountManager accountManager;
+    private final ProvisioningApi provisioningApi;
     private final IdentityKeyPair tempIdentityKey;
     private final String password;
 
@@ -77,8 +75,6 @@ public class ProvisioningManagerImpl implements ProvisioningManager {
 
         tempIdentityKey = KeyUtils.generateIdentityKeyPair();
         password = KeyUtils.createPassword();
-        final var clientZkOperations = ClientZkOperations.create(serviceEnvironmentConfig.signalServiceConfiguration());
-        final var groupsV2Operations = new GroupsV2Operations(clientZkOperations, ServiceConfig.GROUP_MAX_SIZE);
         final var credentialsProvider = new DynamicCredentialsProvider(null,
                 null,
                 null,
@@ -87,23 +83,22 @@ public class ProvisioningManagerImpl implements ProvisioningManager {
         final var pushServiceSocket = new PushServiceSocket(serviceEnvironmentConfig.signalServiceConfiguration(),
                 credentialsProvider,
                 userAgent,
-                clientZkOperations.getProfileOperations(),
                 ServiceConfig.AUTOMATIC_NETWORK_RETRY);
-        accountManager = new SignalServiceAccountManager(pushServiceSocket,
+        final var provisioningSocket = new ProvisioningSocket(serviceEnvironmentConfig.signalServiceConfiguration(),
-                new ProvisioningSocket(serviceEnvironmentConfig.signalServiceConfiguration(), userAgent),
+                userAgent);
-                groupsV2Operations);
+        this.provisioningApi = new ProvisioningApi(pushServiceSocket, provisioningSocket, credentialsProvider);
     }
 
     @Override
     public URI getDeviceLinkUri() throws TimeoutException, IOException {
-        var deviceUuid = accountManager.getNewDeviceUuid();
+        var deviceUuid = provisioningApi.getNewDeviceUuid();
 
         return new DeviceLinkUrl(deviceUuid, tempIdentityKey.getPublicKey().getPublicKey()).createDeviceLinkUri();
     }
 
     @Override
     public String finishDeviceLink(String deviceName) throws IOException, TimeoutException, UserAlreadyExistsException {
-        var ret = accountManager.getNewDeviceRegistration(tempIdentityKey);
+        var ret = provisioningApi.getNewDeviceRegistration(tempIdentityKey);
         var number = ret.getNumber();
         var aci = ret.getAci();
         var pni = ret.getPni();
@@ -160,7 +155,7 @@ public class ProvisioningManagerImpl implements ProvisioningManager {
             final var pniPreKeys = generatePreKeysForType(account.getAccountData(ServiceIdType.PNI));
 
             logger.debug("Finishing new device registration");
-            var deviceId = accountManager.finishNewDeviceRegistration(ret.getProvisioningCode(),
+            var deviceId = provisioningApi.finishNewDeviceRegistration(ret.getProvisioningCode(),
                     account.getAccountAttributes(null),
                     aciPreKeys,
                     pniPreKeys);

lib/src/main/java/org/asamk/signal/manager/internal/ReentrantSignalSessionLock.java

@@ -0,0 +1,16 @@
+package org.asamk.signal.manager.internal;
+
+import org.whispersystems.signalservice.api.SignalSessionLock;
+
+import java.util.concurrent.locks.ReentrantLock;
+
+class ReentrantSignalSessionLock implements SignalSessionLock {
+
+    private final ReentrantLock LEGACY_LOCK = new ReentrantLock();
+
+    @Override
+    public Lock acquire() {
+        LEGACY_LOCK.lock();
+        return LEGACY_LOCK::unlock;
+    }
+}

lib/src/main/java/org/asamk/signal/manager/internal/RegistrationManagerImpl.java

@@ -21,6 +21,7 @@ import org.asamk.signal.manager.RegistrationManager;
 import org.asamk.signal.manager.api.CaptchaRequiredException;
 import org.asamk.signal.manager.api.IncorrectPinException;
 import org.asamk.signal.manager.api.NonNormalizedPhoneNumberException;
+import org.asamk.signal.manager.api.PinLockMissingException;
 import org.asamk.signal.manager.api.PinLockedException;
 import org.asamk.signal.manager.api.RateLimitException;
 import org.asamk.signal.manager.api.UpdateProfile;
@@ -32,14 +33,11 @@ import org.asamk.signal.manager.helper.PinHelper;
 import org.asamk.signal.manager.storage.SignalAccount;
 import org.asamk.signal.manager.util.KeyUtils;
 import org.asamk.signal.manager.util.NumberVerificationUtils;
-import org.asamk.signal.manager.util.Utils;
 import org.signal.libsignal.usernames.BaseUsernameException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.whispersystems.signalservice.api.SignalServiceAccountManager;
 import org.whispersystems.signalservice.api.account.PreKeyCollection;
-import org.whispersystems.signalservice.api.groupsv2.ClientZkOperations;
-import org.whispersystems.signalservice.api.groupsv2.GroupsV2Operations;
 import org.whispersystems.signalservice.api.kbs.MasterKey;
 import org.whispersystems.signalservice.api.push.ServiceId.ACI;
 import org.whispersystems.signalservice.api.push.ServiceId.PNI;
@@ -48,13 +46,13 @@ import org.whispersystems.signalservice.api.push.SignalServiceAddress;
 import org.whispersystems.signalservice.api.push.exceptions.AlreadyVerifiedException;
 import org.whispersystems.signalservice.api.push.exceptions.DeprecatedVersionException;
 import org.whispersystems.signalservice.api.svr.SecureValueRecovery;
-import org.whispersystems.signalservice.internal.push.PushServiceSocket;
 import org.whispersystems.signalservice.internal.push.VerifyAccountResponse;
 
 import java.io.IOException;
 import java.util.function.Consumer;
 
 import static org.asamk.signal.manager.util.KeyUtils.generatePreKeysForType;
+import static org.asamk.signal.manager.util.Utils.handleResponseException;
 
 public class RegistrationManagerImpl implements RegistrationManager {
 
@@ -132,12 +130,15 @@ public class RegistrationManagerImpl implements RegistrationManager {
             }
 
             final var registrationApi = unauthenticatedAccountManager.getRegistrationApi();
+            logger.trace("Creating verification session");
             String sessionId = NumberVerificationUtils.handleVerificationSession(registrationApi,
                     account.getSessionId(account.getNumber()),
                     id -> account.setSessionId(account.getNumber(), id),
                     voiceVerification,
                     captcha);
+            logger.trace("Requesting verification code");
             NumberVerificationUtils.requestVerificationCode(registrationApi, sessionId, voiceVerification);
+            logger.debug("Successfully requested verification code");
             account.setRegistered(false);
         } catch (DeprecatedVersionException e) {
             logger.debug("Signal-Server returned deprecated version exception", e);
@@ -149,7 +150,7 @@ public class RegistrationManagerImpl implements RegistrationManager {
     public void verifyAccount(
             String verificationCode,
             String pin
-    ) throws IOException, PinLockedException, IncorrectPinException {
+    ) throws IOException, PinLockedException, IncorrectPinException, PinLockMissingException {
         if (account.isRegistered()) {
             throw new IOException("Account is already registered");
         }
@@ -199,7 +200,7 @@ public class RegistrationManagerImpl implements RegistrationManager {
             final var aciPreKeys = generatePreKeysForType(account.getAccountData(ServiceIdType.ACI));
             final var pniPreKeys = generatePreKeysForType(account.getAccountData(ServiceIdType.PNI));
             final var registrationApi = unauthenticatedAccountManager.getRegistrationApi();
-            final var response = Utils.handleResponseException(registrationApi.registerAccount(null,
+            final var response = handleResponseException(registrationApi.registerAccount(null,
                     recoveryPassword,
                     account.getAccountAttributes(null),
                     aciPreKeys,
@@ -221,8 +222,14 @@ public class RegistrationManagerImpl implements RegistrationManager {
 
     private boolean attemptReactivateAccount() {
         try {
-            final var accountManager = createAuthenticatedSignalServiceAccountManager();
+            final var dependencies = new SignalDependencies(serviceEnvironmentConfig,
-            accountManager.setAccountAttributes(account.getAccountAttributes(null));
+                    userAgent,
+                    account.getCredentialsProvider(),
+                    account.getSignalServiceDataStore(),
+                    null,
+                    new ReentrantSignalSessionLock());
+            handleResponseException(dependencies.getAccountApi()
+                    .setAccountAttributes(account.getAccountAttributes(null)));
             account.setRegistered(true);
             logger.info("Reactivated existing account, verify is not necessary.");
             if (newManagerListener != null) {
@@ -241,17 +248,6 @@ public class RegistrationManagerImpl implements RegistrationManager {
         return false;
     }
 
-    private SignalServiceAccountManager createAuthenticatedSignalServiceAccountManager() {
-        final var clientZkOperations = ClientZkOperations.create(serviceEnvironmentConfig.signalServiceConfiguration());
-        final var pushServiceSocket = new PushServiceSocket(serviceEnvironmentConfig.signalServiceConfiguration(),
-                account.getCredentialsProvider(),
-                userAgent,
-                clientZkOperations.getProfileOperations(),
-                ServiceConfig.AUTOMATIC_NETWORK_RETRY);
-        final var groupsV2Operations = new GroupsV2Operations(clientZkOperations, ServiceConfig.GROUP_MAX_SIZE);
-        return new SignalServiceAccountManager(pushServiceSocket, null, groupsV2Operations);
-    }
-
     private VerifyAccountResponse verifyAccountWithCode(
             final String sessionId,
             final String verificationCode,
@@ -261,11 +257,11 @@ public class RegistrationManagerImpl implements RegistrationManager {
     ) throws IOException {
         final var registrationApi = unauthenticatedAccountManager.getRegistrationApi();
         try {
-            Utils.handleResponseException(registrationApi.verifyAccount(sessionId, verificationCode));
+            handleResponseException(registrationApi.verifyAccount(sessionId, verificationCode));
         } catch (AlreadyVerifiedException e) {
             // Already verified so can continue registering
         }
-        return Utils.handleResponseException(registrationApi.registerAccount(sessionId,
+        return handleResponseException(registrationApi.registerAccount(sessionId,
                 null,
                 account.getAccountAttributes(registrationLock),
                 aciPreKeys,

lib/src/main/java/org/asamk/signal/manager/internal/SignalDependencies.java

@@ -5,6 +5,7 @@ import org.asamk.signal.manager.config.ServiceEnvironmentConfig;
 import org.asamk.signal.manager.util.Utils;
 import org.signal.libsignal.metadata.certificate.CertificateValidator;
 import org.signal.libsignal.net.Network;
+import org.signal.libsignal.protocol.UsePqRatchet;
 import org.signal.libsignal.zkgroup.profiles.ClientZkProfileOperations;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -13,26 +14,32 @@ import org.whispersystems.signalservice.api.SignalServiceDataStore;
 import org.whispersystems.signalservice.api.SignalServiceMessageReceiver;
 import org.whispersystems.signalservice.api.SignalServiceMessageSender;
 import org.whispersystems.signalservice.api.SignalSessionLock;
-import org.whispersystems.signalservice.api.SignalWebSocket;
+import org.whispersystems.signalservice.api.account.AccountApi;
+import org.whispersystems.signalservice.api.attachment.AttachmentApi;
+import org.whispersystems.signalservice.api.cds.CdsApi;
+import org.whispersystems.signalservice.api.certificate.CertificateApi;
 import org.whispersystems.signalservice.api.crypto.SignalServiceCipher;
 import org.whispersystems.signalservice.api.groupsv2.ClientZkOperations;
 import org.whispersystems.signalservice.api.groupsv2.GroupsV2Api;
 import org.whispersystems.signalservice.api.groupsv2.GroupsV2Operations;
+import org.whispersystems.signalservice.api.keys.KeysApi;
 import org.whispersystems.signalservice.api.link.LinkDeviceApi;
+import org.whispersystems.signalservice.api.message.MessageApi;
+import org.whispersystems.signalservice.api.profiles.ProfileApi;
 import org.whispersystems.signalservice.api.push.ServiceIdType;
 import org.whispersystems.signalservice.api.push.SignalServiceAddress;
+import org.whispersystems.signalservice.api.ratelimit.RateLimitChallengeApi;
 import org.whispersystems.signalservice.api.registration.RegistrationApi;
 import org.whispersystems.signalservice.api.services.ProfileService;
 import org.whispersystems.signalservice.api.storage.StorageServiceApi;
 import org.whispersystems.signalservice.api.storage.StorageServiceRepository;
 import org.whispersystems.signalservice.api.svr.SecureValueRecovery;
+import org.whispersystems.signalservice.api.username.UsernameApi;
 import org.whispersystems.signalservice.api.util.CredentialsProvider;
 import org.whispersystems.signalservice.api.util.UptimeSleepTimer;
-import org.whispersystems.signalservice.api.websocket.WebSocketFactory;
+import org.whispersystems.signalservice.api.websocket.SignalWebSocket;
-import org.whispersystems.signalservice.internal.push.ProvisioningSocket;
 import org.whispersystems.signalservice.internal.push.PushServiceSocket;
 import org.whispersystems.signalservice.internal.websocket.OkHttpWebSocketConnection;
-import org.whispersystems.signalservice.internal.websocket.WebSocketConnection;
 
 import java.io.IOException;
 import java.net.InetSocketAddress;
@@ -40,6 +47,7 @@ import java.net.Proxy;
 import java.util.List;
 import java.util.Optional;
 import java.util.concurrent.ExecutorService;
+import java.util.concurrent.TimeUnit;
 import java.util.function.Supplier;
 
 public class SignalDependencies {
@@ -58,22 +66,31 @@ public class SignalDependencies {
     private boolean allowStories = true;
 
     private SignalServiceAccountManager accountManager;
+    private AccountApi accountApi;
+    private RateLimitChallengeApi rateLimitChallengeApi;
+    private CdsApi cdsApi;
+    private UsernameApi usernameApi;
     private GroupsV2Api groupsV2Api;
     private RegistrationApi registrationApi;
     private LinkDeviceApi linkDeviceApi;
     private StorageServiceApi storageServiceApi;
+    private CertificateApi certificateApi;
+    private AttachmentApi attachmentApi;
+    private MessageApi messageApi;
+    private KeysApi keysApi;
     private GroupsV2Operations groupsV2Operations;
     private ClientZkOperations clientZkOperations;
 
     private PushServiceSocket pushServiceSocket;
-    private ProvisioningSocket provisioningSocket;
     private Network libSignalNetwork;
-    private SignalWebSocket signalWebSocket;
+    private SignalWebSocket.AuthenticatedWebSocket authenticatedSignalWebSocket;
+    private SignalWebSocket.UnauthenticatedWebSocket unauthenticatedSignalWebSocket;
     private SignalServiceMessageReceiver messageReceiver;
     private SignalServiceMessageSender messageSender;
 
     private List<SecureValueRecovery> secureValueRecovery;
     private ProfileService profileService;
+    private ProfileApi profileApi;
 
     SignalDependencies(
             final ServiceEnvironmentConfig serviceEnvironmentConfig,
@@ -103,7 +120,12 @@ public class SignalDependencies {
             this.registrationApi = null;
             this.secureValueRecovery = null;
         }
-        getSignalWebSocket().forceNewWebSockets();
+        if (this.authenticatedSignalWebSocket != null) {
+            this.authenticatedSignalWebSocket.forceNewWebSocket();
+        }
+        if (this.unauthenticatedSignalWebSocket != null) {
+            this.unauthenticatedSignalWebSocket.forceNewWebSocket();
+        }
     }
 
     /**
@@ -126,16 +148,9 @@ public class SignalDependencies {
                 () -> pushServiceSocket = new PushServiceSocket(serviceEnvironmentConfig.signalServiceConfiguration(),
                         credentialsProvider,
                         userAgent,
-                        getClientZkProfileOperations(),
                         ServiceConfig.AUTOMATIC_NETWORK_RETRY));
     }
 
-    public ProvisioningSocket getProvisioningSocket() {
-        return getOrCreate(() -> provisioningSocket,
-                () -> provisioningSocket = new ProvisioningSocket(getServiceEnvironmentConfig().signalServiceConfiguration(),
-                        userAgent));
-    }
-
     public Network getLibSignalNetwork() {
         return getOrCreate(() -> libSignalNetwork, () -> {
             libSignalNetwork = new Network(serviceEnvironmentConfig.netEnvironment(), userAgent);
@@ -169,8 +184,9 @@ public class SignalDependencies {
 
     public SignalServiceAccountManager getAccountManager() {
         return getOrCreate(() -> accountManager,
-                () -> accountManager = new SignalServiceAccountManager(getPushServiceSocket(),
+                () -> accountManager = new SignalServiceAccountManager(getAuthenticatedSignalWebSocket(),
-                        getProvisioningSocket(),
+                        getAccountApi(),
+                        getPushServiceSocket(),
                         getGroupsV2Operations()));
     }
 
@@ -186,6 +202,23 @@ public class SignalDependencies {
                 ServiceConfig.GROUP_MAX_SIZE);
     }
 
+    public AccountApi getAccountApi() {
+        return getOrCreate(() -> accountApi, () -> accountApi = new AccountApi(getAuthenticatedSignalWebSocket()));
+    }
+
+    public RateLimitChallengeApi getRateLimitChallengeApi() {
+        return getOrCreate(() -> rateLimitChallengeApi,
+                () -> rateLimitChallengeApi = new RateLimitChallengeApi(getAuthenticatedSignalWebSocket()));
+    }
+
+    public CdsApi getCdsApi() {
+        return getOrCreate(() -> cdsApi, () -> cdsApi = new CdsApi(getAuthenticatedSignalWebSocket()));
+    }
+
+    public UsernameApi getUsernameApi() {
+        return getOrCreate(() -> usernameApi, () -> usernameApi = new UsernameApi(getUnauthenticatedSignalWebSocket()));
+    }
+
     public GroupsV2Api getGroupsV2Api() {
         return getOrCreate(() -> groupsV2Api, () -> groupsV2Api = getAccountManager().getGroupsV2Api());
     }
@@ -195,18 +228,41 @@ public class SignalDependencies {
     }
 
     public LinkDeviceApi getLinkDeviceApi() {
-        return getOrCreate(() -> linkDeviceApi, () -> linkDeviceApi = new LinkDeviceApi(getPushServiceSocket()));
+        return getOrCreate(() -> linkDeviceApi,
+                () -> linkDeviceApi = new LinkDeviceApi(getAuthenticatedSignalWebSocket()));
     }
 
     private StorageServiceApi getStorageServiceApi() {
         return getOrCreate(() -> storageServiceApi,
-                () -> storageServiceApi = new StorageServiceApi(getPushServiceSocket()));
+                () -> storageServiceApi = new StorageServiceApi(getAuthenticatedSignalWebSocket(),
+                        getPushServiceSocket()));
     }
 
     public StorageServiceRepository getStorageServiceRepository() {
         return new StorageServiceRepository(getStorageServiceApi());
     }
 
+    public CertificateApi getCertificateApi() {
+        return getOrCreate(() -> certificateApi,
+                () -> certificateApi = new CertificateApi(getAuthenticatedSignalWebSocket()));
+    }
+
+    public AttachmentApi getAttachmentApi() {
+        return getOrCreate(() -> attachmentApi,
+                () -> attachmentApi = new AttachmentApi(getAuthenticatedSignalWebSocket(), getPushServiceSocket()));
+    }
+
+    public MessageApi getMessageApi() {
+        return getOrCreate(() -> messageApi,
+                () -> messageApi = new MessageApi(getAuthenticatedSignalWebSocket(),
+                        getUnauthenticatedSignalWebSocket()));
+    }
+
+    public KeysApi getKeysApi() {
+        return getOrCreate(() -> keysApi,
+                () -> keysApi = new KeysApi(getAuthenticatedSignalWebSocket(), getUnauthenticatedSignalWebSocket()));
+    }
+
     public GroupsV2Operations getGroupsV2Operations() {
         return getOrCreate(() -> groupsV2Operations,
                 () -> groupsV2Operations = new GroupsV2Operations(ClientZkOperations.create(serviceEnvironmentConfig.signalServiceConfiguration()),
@@ -223,33 +279,35 @@ public class SignalDependencies {
         return clientZkOperations.getProfileOperations();
     }
 
-    public SignalWebSocket getSignalWebSocket() {
+    public SignalWebSocket.AuthenticatedWebSocket getAuthenticatedSignalWebSocket() {
-        return getOrCreate(() -> signalWebSocket, () -> {
+        return getOrCreate(() -> authenticatedSignalWebSocket, () -> {
             final var timer = new UptimeSleepTimer();
             final var healthMonitor = new SignalWebSocketHealthMonitor(timer);
-            final var webSocketFactory = new WebSocketFactory() {
-                @Override
-                public WebSocketConnection createWebSocket() {
-                    return new OkHttpWebSocketConnection("normal",
-                            serviceEnvironmentConfig.signalServiceConfiguration(),
-                            Optional.of(credentialsProvider),
-                            userAgent,
-                            healthMonitor,
-                            allowStories);
-                }
 
-                @Override
+            authenticatedSignalWebSocket = new SignalWebSocket.AuthenticatedWebSocket(() -> new OkHttpWebSocketConnection(
-                public WebSocketConnection createUnidentifiedWebSocket() {
+                    "normal",
-                    return new OkHttpWebSocketConnection("unidentified",
+                    serviceEnvironmentConfig.signalServiceConfiguration(),
-                            serviceEnvironmentConfig.signalServiceConfiguration(),
+                    Optional.of(credentialsProvider),
-                            Optional.empty(),
+                    userAgent,
-                            userAgent,
+                    healthMonitor,
-                            healthMonitor,
+                    allowStories), () -> true, timer, TimeUnit.SECONDS.toMillis(10));
-                            allowStories);
+            healthMonitor.monitor(authenticatedSignalWebSocket);
-                }
+        });
-            };
+    }
-            signalWebSocket = new SignalWebSocket(webSocketFactory);
+
-            healthMonitor.monitor(signalWebSocket);
+    public SignalWebSocket.UnauthenticatedWebSocket getUnauthenticatedSignalWebSocket() {
+        return getOrCreate(() -> unauthenticatedSignalWebSocket, () -> {
+            final var timer = new UptimeSleepTimer();
+            final var healthMonitor = new SignalWebSocketHealthMonitor(timer);
+
+            unauthenticatedSignalWebSocket = new SignalWebSocket.UnauthenticatedWebSocket(() -> new OkHttpWebSocketConnection(
+                    "unidentified",
+                    serviceEnvironmentConfig.signalServiceConfiguration(),
+                    Optional.empty(),
+                    userAgent,
+                    healthMonitor,
+                    allowStories), () -> true, timer, TimeUnit.SECONDS.toMillis(10));
+            healthMonitor.monitor(unauthenticatedSignalWebSocket);
         });
     }
 
@@ -263,10 +321,14 @@ public class SignalDependencies {
                 () -> messageSender = new SignalServiceMessageSender(getPushServiceSocket(),
                         dataStore,
                         sessionLock,
-                        getSignalWebSocket(),
+                        getAttachmentApi(),
+                        getMessageApi(),
+                        getKeysApi(),
                         Optional.empty(),
                         executor,
-                        ServiceConfig.MAX_ENVELOPE_SIZE));
+                        ServiceConfig.MAX_ENVELOPE_SIZE,
+                        () -> true,
+                        UsePqRatchet.NO));
     }
 
     public List<SecureValueRecovery> getSecureValueRecovery() {
@@ -277,11 +339,19 @@ public class SignalDependencies {
                         .toList());
     }
 
+    public ProfileApi getProfileApi() {
+        return getOrCreate(() -> profileApi,
+                () -> profileApi = new ProfileApi(getAuthenticatedSignalWebSocket(),
+                        getUnauthenticatedSignalWebSocket(),
+                        getPushServiceSocket(),
+                        getClientZkProfileOperations()));
+    }
+
     public ProfileService getProfileService() {
         return getOrCreate(() -> profileService,
                 () -> profileService = new ProfileService(getClientZkProfileOperations(),
-                        getMessageReceiver(),
+                        getAuthenticatedSignalWebSocket(),
-                        getSignalWebSocket()));
+                        getUnauthenticatedSignalWebSocket()));
     }
 
     public SignalServiceCipher getCipher(ServiceIdType serviceIdType) {

lib/src/main/java/org/asamk/signal/manager/internal/SignalWebSocketHealthMonitor.java

@@ -2,195 +2,157 @@ package org.asamk.signal.manager.internal;
 
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.whispersystems.signalservice.api.SignalWebSocket;
 import org.whispersystems.signalservice.api.util.Preconditions;
 import org.whispersystems.signalservice.api.util.SleepTimer;
 import org.whispersystems.signalservice.api.websocket.HealthMonitor;
+import org.whispersystems.signalservice.api.websocket.SignalWebSocket;
 import org.whispersystems.signalservice.api.websocket.WebSocketConnectionState;
 import org.whispersystems.signalservice.internal.websocket.OkHttpWebSocketConnection;
 
-import java.util.Arrays;
+import java.util.concurrent.Executor;
+import java.util.concurrent.Executors;
 import java.util.concurrent.TimeUnit;
 
 import io.reactivex.rxjava3.schedulers.Schedulers;
+import kotlin.Unit;
 
-/**
- * Monitors the health of the identified and unidentified WebSockets. If either one appears to be
- * unhealthy, will trigger restarting both.
- * <p>
- * The monitor is also responsible for sending heartbeats/keep-alive messages to prevent
- * timeouts.
- */
 final class SignalWebSocketHealthMonitor implements HealthMonitor {
 
     private static final Logger logger = LoggerFactory.getLogger(SignalWebSocketHealthMonitor.class);
 
+    /**
+     * This is the amount of time in between sent keep alives. Must be greater than [KEEP_ALIVE_TIMEOUT]
+     */
     private static final long KEEP_ALIVE_SEND_CADENCE = TimeUnit.SECONDS.toMillis(OkHttpWebSocketConnection.KEEPALIVE_FREQUENCY_SECONDS);
-    private static final long MAX_TIME_SINCE_SUCCESSFUL_KEEP_ALIVE = KEEP_ALIVE_SEND_CADENCE * 3;
 
-    private SignalWebSocket signalWebSocket;
+    /**
+     * This is the amount of time we will wait for a response to the keep alive before we consider the websockets dead.
+     * It is required that this value be less than [KEEP_ALIVE_SEND_CADENCE]
+     */
+    private static final long KEEP_ALIVE_TIMEOUT = TimeUnit.SECONDS.toMillis(20);
+
+    private final Executor executor = Executors.newSingleThreadExecutor();
     private final SleepTimer sleepTimer;
-
+    private SignalWebSocket webSocket = null;
-    private volatile KeepAliveSender keepAliveSender;
+    private volatile KeepAliveSender keepAliveSender = null;
-
+    private boolean needsKeepAlive = false;
-    private final HealthState identified = new HealthState();
+    private long lastKeepAliveReceived = 0;
-    private final HealthState unidentified = new HealthState();
 
     public SignalWebSocketHealthMonitor(SleepTimer sleepTimer) {
         this.sleepTimer = sleepTimer;
     }
 
-    public void monitor(SignalWebSocket signalWebSocket) {
+    void monitor(SignalWebSocket webSocket) {
-        Preconditions.checkNotNull(signalWebSocket);
+        Preconditions.checkNotNull(webSocket);
-        Preconditions.checkArgument(this.signalWebSocket == null, "monitor can only be called once");
+        Preconditions.checkArgument(this.webSocket == null, "monitor can only be called once");
 
-        this.signalWebSocket = signalWebSocket;
+        executor.execute(() -> {
 
-        //noinspection ResultOfMethodCallIgnored
+            this.webSocket = webSocket;
-        signalWebSocket.getWebSocketState()
-                .subscribeOn(Schedulers.computation())
-                .observeOn(Schedulers.computation())
-                .distinctUntilChanged()
-                .subscribe(s -> onStateChange(s, identified));
 
-        //noinspection ResultOfMethodCallIgnored
+            webSocket.getState()
-        signalWebSocket.getUnidentifiedWebSocketState()
+                    .subscribeOn(Schedulers.computation())
-                .subscribeOn(Schedulers.computation())
+                    .observeOn(Schedulers.computation())
-                .observeOn(Schedulers.computation())
+                    .distinctUntilChanged()
-                .distinctUntilChanged()
+                    .subscribe(this::onStateChanged);
-                .subscribe(s -> onStateChange(s, unidentified));
+
+            webSocket.addKeepAliveChangeListener(() -> {
+                executor.execute(this::updateKeepAliveSenderStatus);
+                return Unit.INSTANCE;
+            });
+        });
     }
 
-    private synchronized void onStateChange(WebSocketConnectionState connectionState, HealthState healthState) {
+    private void onStateChanged(WebSocketConnectionState connectionState) {
-        switch (connectionState) {
+        executor.execute(() -> {
-            case CONNECTED -> logger.debug("WebSocket is now connected");
+            needsKeepAlive = connectionState == WebSocketConnectionState.CONNECTED;
-            case AUTHENTICATION_FAILED -> logger.debug("WebSocket authentication failed");
-            case FAILED -> logger.debug("WebSocket connection failed");
-        }
 
-        healthState.needsKeepAlive = connectionState == WebSocketConnectionState.CONNECTED;
+            updateKeepAliveSenderStatus();
+        });
+    }
 
-        if (keepAliveSender == null && isKeepAliveNecessary()) {
+    @Override
+    public void onKeepAliveResponse(long sentTimestamp, boolean isIdentifiedWebSocket) {
+        final var keepAliveTime = System.currentTimeMillis();
+        executor.execute(() -> lastKeepAliveReceived = keepAliveTime);
+    }
+
+    @Override
+    public void onMessageError(int status, boolean isIdentifiedWebSocket) {
+    }
+
+    private void updateKeepAliveSenderStatus() {
+        if (keepAliveSender == null && sendKeepAlives()) {
             keepAliveSender = new KeepAliveSender();
             keepAliveSender.start();
-        } else if (keepAliveSender != null && !isKeepAliveNecessary()) {
+        } else if (keepAliveSender != null && !sendKeepAlives()) {
             keepAliveSender.shutdown();
             keepAliveSender = null;
         }
     }
 
-    @Override
+    private boolean sendKeepAlives() {
-    public void onKeepAliveResponse(long sentTimestamp, boolean isIdentifiedWebSocket) {
+        return needsKeepAlive && webSocket != null && webSocket.shouldSendKeepAlives();
-        if (isIdentifiedWebSocket) {
-            identified.lastKeepAliveReceived = System.currentTimeMillis();
-        } else {
-            unidentified.lastKeepAliveReceived = System.currentTimeMillis();
-        }
-    }
-
-    @Override
-    public void onMessageError(int status, boolean isIdentifiedWebSocket) {
-        if (status == 409) {
-            HealthState healthState = (isIdentifiedWebSocket ? identified : unidentified);
-            if (healthState.mismatchErrorTracker.addSample(System.currentTimeMillis())) {
-                logger.warn("Received too many mismatch device errors, forcing new websockets.");
-                signalWebSocket.forceNewWebSockets();
-                signalWebSocket.connect();
-            }
-        }
-    }
-
-    private boolean isKeepAliveNecessary() {
-        return identified.needsKeepAlive || unidentified.needsKeepAlive;
-    }
-
-    private static class HealthState {
-
-        private final HttpErrorTracker mismatchErrorTracker = new HttpErrorTracker(5, TimeUnit.MINUTES.toMillis(1));
-
-        private volatile boolean needsKeepAlive;
-        private volatile long lastKeepAliveReceived;
     }
 
     /**
-     * Sends periodic heartbeats/keep-alives over both WebSockets to prevent connection timeouts. If
+     * Sends periodic heartbeats/keep-alives over the WebSocket to prevent connection timeouts. If
-     * either WebSocket fails 3 times to get a return heartbeat both are forced to be recreated.
+     * the WebSocket fails to get a return heartbeat after [KEEP_ALIVE_TIMEOUT] seconds, it is forced to be recreated.
      */
-    private class KeepAliveSender extends Thread {
+    private final class KeepAliveSender extends Thread {
 
         private volatile boolean shouldKeepRunning = true;
 
+        @Override
         public void run() {
-            identified.lastKeepAliveReceived = System.currentTimeMillis();
+            logger.debug("[KeepAliveSender({})] started", this.threadId());
-            unidentified.lastKeepAliveReceived = System.currentTimeMillis();
+            lastKeepAliveReceived = System.currentTimeMillis();
 
-            while (shouldKeepRunning && isKeepAliveNecessary()) {
+            var keepAliveSendTime = System.currentTimeMillis();
+            while (shouldKeepRunning && sendKeepAlives()) {
                 try {
-                    sleepTimer.sleep(KEEP_ALIVE_SEND_CADENCE);
+                    final var nextKeepAliveSendTime = keepAliveSendTime + KEEP_ALIVE_SEND_CADENCE;
+                    sleepUntil(nextKeepAliveSendTime);
 
-                    if (shouldKeepRunning && isKeepAliveNecessary()) {
+                    if (shouldKeepRunning && sendKeepAlives()) {
-                        long keepAliveRequiredSinceTime = System.currentTimeMillis()
+                        keepAliveSendTime = System.currentTimeMillis();
-                                - MAX_TIME_SINCE_SUCCESSFUL_KEEP_ALIVE;
+                        webSocket.sendKeepAlive();
+                    }
 
-                        if (identified.lastKeepAliveReceived < keepAliveRequiredSinceTime
+                    final var responseRequiredTime = keepAliveSendTime + KEEP_ALIVE_TIMEOUT;
-                                || unidentified.lastKeepAliveReceived < keepAliveRequiredSinceTime) {
+                    sleepUntil(responseRequiredTime);
-                            logger.warn("Missed keep alives, identified last: "
+
-                                    + identified.lastKeepAliveReceived
+                    if (shouldKeepRunning && sendKeepAlives()) {
-                                    + " unidentified last: "
+                        if (lastKeepAliveReceived < keepAliveSendTime) {
-                                    + unidentified.lastKeepAliveReceived
+                            logger.debug("Missed keep alive, last: {} needed by: {}",
-                                    + " needed by: "
+                                    lastKeepAliveReceived,
-                                    + keepAliveRequiredSinceTime);
+                                    responseRequiredTime);
-                            signalWebSocket.forceNewWebSockets();
+                            webSocket.forceNewWebSocket();
-                            signalWebSocket.connect();
-                        } else {
-                            signalWebSocket.sendKeepAlive();
                         }
                     }
                 } catch (Throwable e) {
-                    logger.warn("Error occurred in KeepAliveSender, ignoring ...", e);
+                    logger.warn("Keep alive sender failed", e);
+                }
+            }
+            logger.debug("[KeepAliveSender({})] ended", threadId());
+        }
+
+        void sleepUntil(long timeMillis) {
+            while (System.currentTimeMillis() < timeMillis) {
+                final var waitTime = timeMillis - System.currentTimeMillis();
+                if (waitTime > 0) {
+                    try {
+                        sleepTimer.sleep(waitTime);
+                    } catch (InterruptedException e) {
+                        logger.warn("WebSocket health monitor interrupted", e);
+                    }
                 }
             }
         }
 
-        public void shutdown() {
+        void shutdown() {
             shouldKeepRunning = false;
         }
     }
-
-    private static final class HttpErrorTracker {
-
-        private final long[] timestamps;
-        private final long errorTimeRange;
-
-        public HttpErrorTracker(int samples, long errorTimeRange) {
-            this.timestamps = new long[samples];
-            this.errorTimeRange = errorTimeRange;
-        }
-
-        public synchronized boolean addSample(long now) {
-            long errorsMustBeAfter = now - errorTimeRange;
-            int count = 1;
-            int minIndex = 0;
-
-            for (int i = 0; i < timestamps.length; i++) {
-                if (timestamps[i] < errorsMustBeAfter) {
-                    timestamps[i] = 0;
-                } else if (timestamps[i] != 0) {
-                    count++;
-                }
-
-                if (timestamps[i] < timestamps[minIndex]) {
-                    minIndex = i;
-                }
-            }
-
-            timestamps[minIndex] = now;
-
-            if (count >= timestamps.length) {
-                Arrays.fill(timestamps, 0);
-                return true;
-            }
-            return false;
-        }
-    }
 }
+

lib/src/main/java/org/asamk/signal/manager/storage/SignalAccount.java

@@ -116,7 +116,7 @@ public class SignalAccount implements Closeable {
     private static final Logger logger = LoggerFactory.getLogger(SignalAccount.class);
 
     private static final int MINIMUM_STORAGE_VERSION = 1;
-    private static final int CURRENT_STORAGE_VERSION = 9;
+    private static final int CURRENT_STORAGE_VERSION = 10;
 
     private final Object LOCK = new Object();
 
@@ -827,6 +827,7 @@ public class SignalAccount implements Closeable {
 
         if (legacySignalProtocolStore != null && legacySignalProtocolStore.getLegacyPreKeyStore() != null) {
             logger.debug("Migrating legacy pre key store.");
+            aciAccountData.getPreKeyStore().removeAllPreKeys();
             for (var entry : legacySignalProtocolStore.getLegacyPreKeyStore().getPreKeys().entrySet()) {
                 try {
                     aciAccountData.getPreKeyStore().storePreKey(entry.getKey(), new PreKeyRecord(entry.getValue()));
@@ -838,6 +839,7 @@ public class SignalAccount implements Closeable {
 
         if (legacySignalProtocolStore != null && legacySignalProtocolStore.getLegacySignedPreKeyStore() != null) {
             logger.debug("Migrating legacy signed pre key store.");
+            aciAccountData.getSignedPreKeyStore().removeAllSignedPreKeys();
             for (var entry : legacySignalProtocolStore.getLegacySignedPreKeyStore().getSignedPreKeys().entrySet()) {
                 try {
                     aciAccountData.getSignedPreKeyStore()

lib/src/main/java/org/asamk/signal/manager/storage/accounts/AccountsStore.java

@@ -1,6 +1,7 @@
 package org.asamk.signal.manager.storage.accounts;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
+import com.google.i18n.phonenumbers.PhoneNumberUtil;
 
 import org.asamk.signal.manager.api.Pair;
 import org.asamk.signal.manager.api.ServiceEnvironment;
@@ -10,7 +11,6 @@ import org.asamk.signal.manager.util.IOUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.whispersystems.signalservice.api.push.ServiceId.ACI;
-import org.whispersystems.signalservice.api.util.PhoneNumberFormatter;
 
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
@@ -181,7 +181,7 @@ public class AccountsStore {
         return Arrays.stream(files)
                 .filter(File::isFile)
                 .map(File::getName)
-                .filter(file -> PhoneNumberFormatter.isValidNumber(file, null))
+                .filter(file -> PhoneNumberUtil.getInstance().isPossibleNumber(file, null))
                 .collect(Collectors.toSet());
     }
 

lib/src/main/java/org/asamk/signal/manager/storage/identities/IdentityKeyStore.java

@@ -8,6 +8,7 @@ import org.asamk.signal.manager.storage.recipients.RecipientStore;
 import org.signal.libsignal.protocol.IdentityKey;
 import org.signal.libsignal.protocol.InvalidKeyException;
 import org.signal.libsignal.protocol.state.IdentityKeyStore.Direction;
+import org.signal.libsignal.protocol.state.IdentityKeyStore.IdentityChange;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.whispersystems.signalservice.api.push.ServiceId;
@@ -62,11 +63,11 @@ public class IdentityKeyStore {
         return identityChanges;
     }
 
-    public boolean saveIdentity(final ServiceId serviceId, final IdentityKey identityKey) {
+    public IdentityChange saveIdentity(final ServiceId serviceId, final IdentityKey identityKey) {
         return saveIdentity(serviceId.toString(), identityKey);
     }
 
-    public boolean saveIdentity(
+    public IdentityChange saveIdentity(
             final Connection connection,
             final ServiceId serviceId,
             final IdentityKey identityKey
@@ -74,9 +75,9 @@ public class IdentityKeyStore {
         return saveIdentity(connection, serviceId.toString(), identityKey);
     }
 
-    boolean saveIdentity(final String address, final IdentityKey identityKey) {
+    IdentityChange saveIdentity(final String address, final IdentityKey identityKey) {
         if (isRetryingDecryption) {
-            return false;
+            return IdentityChange.NEW_OR_UNCHANGED;
         }
         try (final var connection = database.getConnection()) {
             return saveIdentity(connection, address, identityKey);
@@ -85,20 +86,24 @@ public class IdentityKeyStore {
         }
     }
 
-    private boolean saveIdentity(
+    private IdentityChange saveIdentity(
             final Connection connection,
             final String address,
             final IdentityKey identityKey
     ) throws SQLException {
         final var identityInfo = loadIdentity(connection, address);
-        if (identityInfo != null && identityInfo.getIdentityKey().equals(identityKey)) {
+        if (identityInfo == null) {
+            saveNewIdentity(connection, address, identityKey, true);
+            return IdentityChange.NEW_OR_UNCHANGED;
+        }
+        if (identityInfo.getIdentityKey().equals(identityKey)) {
             // Identity already exists, not updating the trust level
             logger.trace("Not storing new identity for recipient {}, identity already stored", address);
-            return false;
+            return IdentityChange.NEW_OR_UNCHANGED;
         }
 
-        saveNewIdentity(connection, address, identityKey, identityInfo == null);
+        saveNewIdentity(connection, address, identityKey, false);
-        return true;
+        return IdentityChange.REPLACED_EXISTING;
     }
 
     public void setRetryingDecryption(final boolean retryingDecryption) {

lib/src/main/java/org/asamk/signal/manager/storage/identities/SignalIdentityKeyStore.java

@@ -33,7 +33,7 @@ public class SignalIdentityKeyStore implements org.signal.libsignal.protocol.sta
     }
 
     @Override
-    public boolean saveIdentity(SignalProtocolAddress address, IdentityKey identityKey) {
+    public IdentityChange saveIdentity(SignalProtocolAddress address, IdentityKey identityKey) {
         return identityKeyStore.saveIdentity(address.getName(), identityKey);
     }
 

lib/src/main/java/org/asamk/signal/manager/storage/messageCache/MessageCache.java

@@ -10,6 +10,7 @@ import org.whispersystems.signalservice.api.messages.SignalServiceEnvelope;
 import java.io.File;
 import java.io.IOException;
 import java.nio.file.Files;
+import java.nio.file.StandardCopyOption;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.Objects;
@@ -75,7 +76,7 @@ public class MessageCache {
             return cachedMessage;
         }
         logger.debug("Moving cached message {} to {}", cachedMessage.getFile().toPath(), cacheFile.toPath());
-        Files.move(cachedMessage.getFile().toPath(), cacheFile.toPath());
+        Files.move(cachedMessage.getFile().toPath(), cacheFile.toPath(), StandardCopyOption.REPLACE_EXISTING);
         return new CachedMessage(cacheFile);
     }
 

lib/src/main/java/org/asamk/signal/manager/storage/prekeys/PreKeyStore.java

@@ -4,8 +4,9 @@ import org.asamk.signal.manager.storage.Database;
 import org.asamk.signal.manager.storage.Utils;
 import org.signal.libsignal.protocol.InvalidKeyException;
 import org.signal.libsignal.protocol.InvalidKeyIdException;
-import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.protocol.ecc.ECKeyPair;
+import org.signal.libsignal.protocol.ecc.ECPrivateKey;
+import org.signal.libsignal.protocol.ecc.ECPublicKey;
 import org.signal.libsignal.protocol.state.PreKeyRecord;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -176,8 +177,8 @@ public class PreKeyStore implements SignalServicePreKeyStore {
     private PreKeyRecord getPreKeyRecordFromResultSet(ResultSet resultSet) throws SQLException {
         try {
             final var keyId = resultSet.getInt("key_id");
-            final var publicKey = Curve.decodePoint(resultSet.getBytes("public_key"), 0);
+            final var publicKey = new ECPublicKey(resultSet.getBytes("public_key"));
-            final var privateKey = Curve.decodePrivatePoint(resultSet.getBytes("private_key"));
+            final var privateKey = new ECPrivateKey(resultSet.getBytes("private_key"));
             return new PreKeyRecord(keyId, new ECKeyPair(publicKey, privateKey));
         } catch (InvalidKeyException e) {
             return null;

lib/src/main/java/org/asamk/signal/manager/storage/prekeys/SignedPreKeyStore.java

@@ -4,8 +4,9 @@ import org.asamk.signal.manager.storage.Database;
 import org.asamk.signal.manager.storage.Utils;
 import org.signal.libsignal.protocol.InvalidKeyException;
 import org.signal.libsignal.protocol.InvalidKeyIdException;
-import org.signal.libsignal.protocol.ecc.Curve;
 import org.signal.libsignal.protocol.ecc.ECKeyPair;
+import org.signal.libsignal.protocol.ecc.ECPrivateKey;
+import org.signal.libsignal.protocol.ecc.ECPublicKey;
 import org.signal.libsignal.protocol.state.SignedPreKeyRecord;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -238,8 +239,8 @@ public class SignedPreKeyStore implements org.signal.libsignal.protocol.state.Si
     private SignedPreKeyRecord getSignedPreKeyRecordFromResultSet(ResultSet resultSet) throws SQLException {
         try {
             final var keyId = resultSet.getInt("key_id");
-            final var publicKey = Curve.decodePoint(resultSet.getBytes("public_key"), 0);
+            final var publicKey = new ECPublicKey(resultSet.getBytes("public_key"));
-            final var privateKey = Curve.decodePrivatePoint(resultSet.getBytes("private_key"));
+            final var privateKey = new ECPrivateKey(resultSet.getBytes("private_key"));
             final var signature = resultSet.getBytes("signature");
             final var timestamp = resultSet.getLong("timestamp");
             return new SignedPreKeyRecord(keyId, timestamp, new ECKeyPair(publicKey, privateKey), signature);

lib/src/main/java/org/asamk/signal/manager/storage/protocol/SignalProtocolStore.java

@@ -65,7 +65,7 @@ public class SignalProtocolStore implements SignalServiceAccountDataStore {
     }
 
     @Override
-    public boolean saveIdentity(SignalProtocolAddress address, IdentityKey identityKey) {
+    public IdentityChange saveIdentity(SignalProtocolAddress address, IdentityKey identityKey) {
         return identityKeyStore.saveIdentity(address, identityKey);
     }
 

lib/src/main/java/org/asamk/signal/manager/storage/recipients/MergeRecipientHelper.java

@@ -83,10 +83,11 @@ public class MergeRecipientHelper {
             recipientsToBeStripped.add(recipient);
         }
 
-        logger.debug("Got separate recipients for high trust identifiers {}, need to merge ({}) and strip ({})",
+        logger.debug("Got separate recipients for high trust identifiers {}, need to merge ({}, {}) and strip ({})",
                 address,
-                recipientsToBeMerged.stream().map(r -> r.id().toString()).collect(Collectors.joining(", ")),
+                resultingRecipient.map(RecipientWithAddress::address),
-                recipientsToBeStripped.stream().map(r -> r.id().toString()).collect(Collectors.joining(", ")));
+                recipientsToBeMerged.stream().map(r -> r.address().toString()).collect(Collectors.joining(", ")),
+                recipientsToBeStripped.stream().map(r -> r.address().toString()).collect(Collectors.joining(", ")));
 
         RecipientAddress finalAddress = resultingRecipient.map(RecipientWithAddress::address).orElse(null);
         for (final var recipient : recipientsToBeMerged) {

lib/src/main/java/org/asamk/signal/manager/storage/recipients/RecipientStore.java

@@ -994,7 +994,12 @@ public class RecipientStore implements RecipientIdCreator, RecipientResolver, Re
     ) throws SQLException {
         markUnregistered(connection, recipientId);
         final var address = resolveRecipientAddress(connection, recipientId);
-        if (address.aci().isPresent() && address.pni().isPresent()) {
+        final var needSplit = address.aci().isPresent() && address.pni().isPresent();
+        logger.trace("Marking unregistered recipient {} as unregistered (and split={}): {}",
+                recipientId,
+                needSplit,
+                address);
+        if (needSplit) {
             final var numberAddress = new RecipientAddress(address.pni().get(), address.number().orElse(null));
             updateRecipientAddress(connection, recipientId, address.removeIdentifiersFrom(numberAddress));
             addNewRecipient(connection, numberAddress);

lib/src/main/java/org/asamk/signal/manager/syncStorage/AccountRecordProcessor.java

@@ -2,7 +2,6 @@ package org.asamk.signal.manager.syncStorage;
 
 import org.asamk.signal.manager.api.Profile;
 import org.asamk.signal.manager.internal.JobExecutor;
-import org.asamk.signal.manager.jobs.CheckWhoAmIJob;
 import org.asamk.signal.manager.jobs.DownloadProfileAvatarJob;
 import org.asamk.signal.manager.storage.SignalAccount;
 import org.asamk.signal.manager.util.KeyUtils;
@@ -112,7 +111,7 @@ public class AccountRecordProcessor extends DefaultStorageRecordProcessor<Signal
             backupsPurchaseToken = IAPSubscriptionId.Companion.from(local.backupSubscriberData);
         }
 
-        final var mergedBuilder = SignalAccountRecord.Companion.newBuilder(remote.unknownFields().toByteArray())
+        final var mergedBuilder = remote.newBuilder()
                 .givenName(givenName)
                 .familyName(familyName)
                 .avatarUrlPath(firstNonEmpty(remote.avatarUrlPath, local.avatarUrlPath))
@@ -146,7 +145,7 @@ public class AccountRecordProcessor extends DefaultStorageRecordProcessor<Signal
                         : remote.storyViewReceiptsEnabled)
                 .username(remote.username)
                 .usernameLink(remote.usernameLink)
-                .e164(account.isPrimaryDevice() ? local.e164 : remote.e164);
+                .avatarColor(remote.avatarColor);
         safeSetPayments(mergedBuilder,
                 payments != null && payments.enabled,
                 payments == null ? null : payments.entropy.toByteArray());
@@ -179,10 +178,6 @@ public class AccountRecordProcessor extends DefaultStorageRecordProcessor<Signal
         final var accountRecord = update.newRecord();
         final var accountProto = accountRecord.getProto();
 
-        if (!accountProto.e164.equals(account.getNumber())) {
-            jobExecutor.enqueueJob(new CheckWhoAmIJob());
-        }
-
         account.getConfigurationStore().setReadReceipts(connection, accountProto.readReceipts);
         account.getConfigurationStore().setTypingIndicators(connection, accountProto.typingIndicators);
         account.getConfigurationStore()

lib/src/main/java/org/asamk/signal/manager/syncStorage/ContactRecordProcessor.java

@@ -37,7 +37,7 @@ public class ContactRecordProcessor extends DefaultStorageRecordProcessor<Signal
 
     private static final Logger logger = LoggerFactory.getLogger(ContactRecordProcessor.class);
 
-    private static final Pattern E164_PATTERN = Pattern.compile("^\\+[1-9]\\d{0,18}$");
+    private static final Pattern E164_PATTERN = Pattern.compile("^\\+[1-9]\\d{6,18}$");
 
     private final ACI selfAci;
     private final PNI selfPni;
@@ -172,7 +172,7 @@ public class ContactRecordProcessor extends DefaultStorageRecordProcessor<Signal
             e164 = firstNonEmpty(remote.e164, local.e164);
         }
 
-        final var mergedBuilder = SignalContactRecord.Companion.newBuilder(remote.unknownFields().toByteArray())
+        final var mergedBuilder = remote.newBuilder()
                 .aci(local.aci.isEmpty() ? remote.aci : local.aci)
                 .e164(e164)
                 .pni(pni)
@@ -195,7 +195,8 @@ public class ContactRecordProcessor extends DefaultStorageRecordProcessor<Signal
                 .hidden(remote.hidden)
                 .pniSignatureVerified(remote.pniSignatureVerified || local.pniSignatureVerified)
                 .nickname(remote.nickname)
-                .note(remote.note);
+                .note(remote.note)
+                .avatarColor(remote.avatarColor);
         final var merged = mergedBuilder.build();
 
         final var matchesRemote = doProtosMatch(merged, remote);

lib/src/main/java/org/asamk/signal/manager/syncStorage/GroupV1RecordProcessor.java

@@ -74,7 +74,7 @@ public final class GroupV1RecordProcessor extends DefaultStorageRecordProcessor<
         final var remote = remoteRecord.getProto();
         final var local = localRecord.getProto();
 
-        final var mergedBuilder = SignalGroupV1Record.Companion.newBuilder(remote.unknownFields().toByteArray())
+        final var mergedBuilder = remote.newBuilder()
                 .id(remote.id)
                 .blocked(remote.blocked)
                 .whitelisted(remote.whitelisted)

lib/src/main/java/org/asamk/signal/manager/syncStorage/GroupV2RecordProcessor.java

@@ -53,7 +53,7 @@ public final class GroupV2RecordProcessor extends DefaultStorageRecordProcessor<
         final var remote = remoteRecord.getProto();
         final var local = localRecord.getProto();
 
-        final var mergedBuilder = SignalGroupV2Record.Companion.newBuilder(remote.unknownFields().toByteArray())
+        final var mergedBuilder = remote.newBuilder()
                 .masterKey(remote.masterKey)
                 .blocked(remote.blocked)
                 .whitelisted(remote.whitelisted)
@@ -62,7 +62,8 @@ public final class GroupV2RecordProcessor extends DefaultStorageRecordProcessor<
                 .mutedUntilTimestamp(remote.mutedUntilTimestamp)
                 .dontNotifyForMentionsIfMuted(remote.dontNotifyForMentionsIfMuted)
                 .hideStory(remote.hideStory)
-                .storySendMode(remote.storySendMode);
+                .storySendMode(remote.storySendMode)
+                .avatarColor(remote.avatarColor);
         final var merged = mergedBuilder.build();
 
         final var matchesRemote = doProtosMatch(merged, remote);

lib/src/main/java/org/asamk/signal/manager/syncStorage/StorageSyncModels.java

@@ -74,7 +74,6 @@ public final class StorageSyncModels {
                 .phoneNumberSharingMode(Optional.ofNullable(configStore.getPhoneNumberSharingMode(connection))
                         .map(StorageSyncModels::localToRemote)
                         .orElse(AccountRecord.PhoneNumberSharingMode.UNKNOWN))
-                .e164(self.getAddress().number().orElse(""))
                 .username(self.getAddress().username().orElse(""));
         if (usernameLinkComponents != null) {
             final var linkColor = configStore.getUsernameLinkColor(connection);

lib/src/main/java/org/asamk/signal/manager/util/KeyUtils.java

@@ -4,7 +4,7 @@ import org.asamk.signal.manager.storage.SignalAccount;
 import org.signal.libsignal.protocol.IdentityKey;
 import org.signal.libsignal.protocol.IdentityKeyPair;
 import org.signal.libsignal.protocol.InvalidKeyException;
-import org.signal.libsignal.protocol.ecc.Curve;
+import org.signal.libsignal.protocol.ecc.ECKeyPair;
 import org.signal.libsignal.protocol.ecc.ECPrivateKey;
 import org.signal.libsignal.protocol.kem.KEMKeyPair;
 import org.signal.libsignal.protocol.kem.KEMKeyType;
@@ -33,8 +33,8 @@ public class KeyUtils {
 
     public static IdentityKeyPair getIdentityKeyPair(byte[] publicKeyBytes, byte[] privateKeyBytes) {
         try {
-            IdentityKey publicKey = new IdentityKey(publicKeyBytes);
+            final var publicKey = new IdentityKey(publicKeyBytes);
-            ECPrivateKey privateKey = Curve.decodePrivatePoint(privateKeyBytes);
+            final var privateKey = new ECPrivateKey(privateKeyBytes);
 
             return new IdentityKeyPair(publicKey, privateKey);
         } catch (InvalidKeyException e) {
@@ -43,7 +43,7 @@ public class KeyUtils {
     }
 
     public static IdentityKeyPair generateIdentityKeyPair() {
-        var djbKeyPair = Curve.generateKeyPair();
+        var djbKeyPair = ECKeyPair.generate();
         var djbIdentityKey = new IdentityKey(djbKeyPair.getPublicKey());
         var djbPrivateKey = djbKeyPair.getPrivateKey();
 
@@ -54,7 +54,7 @@ public class KeyUtils {
         var records = new ArrayList<PreKeyRecord>(PREKEY_BATCH_SIZE);
         for (var i = 0; i < PREKEY_BATCH_SIZE; i++) {
             var preKeyId = (offset + i) % PREKEY_MAXIMUM_ID;
-            var keyPair = Curve.generateKeyPair();
+            var keyPair = ECKeyPair.generate();
             var record = new PreKeyRecord(preKeyId, keyPair);
 
             records.add(record);
@@ -66,13 +66,9 @@ public class KeyUtils {
             final int signedPreKeyId,
             final ECPrivateKey privateKey
     ) {
-        var keyPair = Curve.generateKeyPair();
+        var keyPair = ECKeyPair.generate();
         byte[] signature;
-        try {
+        signature = privateKey.calculateSignature(keyPair.getPublicKey().serialize());
-            signature = Curve.calculateSignature(privateKey, keyPair.getPublicKey().serialize());
-        } catch (InvalidKeyException e) {
-            throw new AssertionError(e);
-        }
         return new SignedPreKeyRecord(signedPreKeyId, System.currentTimeMillis(), keyPair, signature);
     }
 

lib/src/main/java/org/asamk/signal/manager/util/NumberVerificationUtils.java

@@ -4,6 +4,7 @@ import org.asamk.signal.manager.api.CaptchaRequiredException;
 import org.asamk.signal.manager.api.IncorrectPinException;
 import org.asamk.signal.manager.api.NonNormalizedPhoneNumberException;
 import org.asamk.signal.manager.api.Pair;
+import org.asamk.signal.manager.api.PinLockMissingException;
 import org.asamk.signal.manager.api.PinLockedException;
 import org.asamk.signal.manager.api.RateLimitException;
 import org.asamk.signal.manager.api.VerificationMethodNotAvailableException;
@@ -114,7 +115,7 @@ public class NumberVerificationUtils {
             String pin,
             PinHelper pinHelper,
             Verifier verifier
-    ) throws IOException, PinLockedException, IncorrectPinException {
+    ) throws IOException, PinLockedException, IncorrectPinException, PinLockMissingException {
         verificationCode = verificationCode.replace("-", "");
         try {
             final var response = verifier.verify(sessionId, verificationCode, null);
@@ -127,7 +128,7 @@ public class NumberVerificationUtils {
 
             final var registrationLockData = pinHelper.getRegistrationLockData(pin, e);
             if (registrationLockData == null) {
-                throw e;
+                throw new PinLockMissingException();
             }
 
             var registrationLock = registrationLockData.getMasterKey().deriveRegistrationLock();

lib/src/main/java/org/asamk/signal/manager/util/PhoneNumberFormatter.java

@@ -0,0 +1,59 @@
+package org.asamk.signal.manager.util;
+
+import com.google.i18n.phonenumbers.NumberParseException;
+import com.google.i18n.phonenumbers.PhoneNumberUtil;
+import com.google.i18n.phonenumbers.PhoneNumberUtil.PhoneNumberFormat;
+import com.google.i18n.phonenumbers.Phonenumber.PhoneNumber;
+
+import org.asamk.signal.manager.api.InvalidNumberException;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+public class PhoneNumberFormatter {
+
+    private static final Logger logger = LoggerFactory.getLogger(PhoneNumberFormatter.class);
+
+    private static String impreciseFormatNumber(String number, String localNumber) {
+        number = number.replaceAll("[^0-9+]", "");
+
+        if (number.charAt(0) == '+') return number;
+
+        if (localNumber.charAt(0) == '+') localNumber = localNumber.substring(1);
+
+        if (localNumber.length() == number.length() || number.length() > localNumber.length()) return "+" + number;
+
+        int difference = localNumber.length() - number.length();
+
+        return "+" + localNumber.substring(0, difference) + number;
+    }
+
+    public static String formatNumber(String number, String localNumber) throws InvalidNumberException {
+        if (number == null) {
+            throw new InvalidNumberException("Null String passed as number.");
+        }
+
+        if (number.contains("@")) {
+            throw new InvalidNumberException("Possible attempt to use email address.");
+        }
+
+        number = number.replaceAll("[^0-9+]", "");
+
+        if (number.isEmpty()) {
+            throw new InvalidNumberException("No valid characters found.");
+        }
+
+        try {
+            PhoneNumberUtil util = PhoneNumberUtil.getInstance();
+            PhoneNumber localNumberObject = util.parse(localNumber, null);
+
+            String localCountryCode = util.getRegionCodeForNumber(localNumberObject);
+            logger.trace("Got local CC: {}", localCountryCode);
+
+            PhoneNumber numberObject = util.parse(number, localCountryCode);
+            return util.format(numberObject, PhoneNumberFormat.E164);
+        } catch (NumberParseException e) {
+            logger.debug("{}: {}", e.getClass().getSimpleName(), e.getMessage());
+            return impreciseFormatNumber(number, localNumber);
+        }
+    }
+}

lib/src/main/java/org/asamk/signal/manager/util/Utils.java

@@ -7,6 +7,7 @@ import org.signal.libsignal.protocol.fingerprint.NumericFingerprintGenerator;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.whispersystems.signalservice.api.NetworkResult;
+import org.whispersystems.signalservice.api.NetworkResultUtil;
 import org.whispersystems.signalservice.api.push.ServiceId;
 import org.whispersystems.signalservice.api.util.StreamDetails;
 
@@ -154,15 +155,7 @@ public class Utils {
     }
 
     public static <T> T handleResponseException(final NetworkResult<T> response) throws IOException {
-        final var throwableOptional = response.getCause();
+        return NetworkResultUtil.toBasicLegacy(response);
-        if (throwableOptional != null) {
-            if (throwableOptional instanceof IOException ioException) {
-                throw ioException;
-            } else {
-                throw new IOException(throwableOptional);
-            }
-        }
-        return response.successOrThrow();
     }
 
     public static ByteString firstNonEmpty(ByteString... strings) {

man/signal-cli.1.adoc

@@ -316,6 +316,11 @@ Data URI encoded attachments must follow the RFC 2397.
 Additionally a file name can be added:
 e.g.: `data:<MIME-TYPE>;filename=<FILENAME>;base64,<BASE64 ENCODED DATA>`
 
+*--view-once*::
+Send the message as a view once message.
+A conformant client will only allow the receiver to view the message once.
+View Once is only supported for messages that include an image attachment.
+
 *--sticker* STICKER::
 Send a sticker of a locally known sticker pack (syntax: stickerPackId:stickerId).
 Shouldn't be used together with `-m` as the official clients don't support this.

run_tests.sh

@@ -141,6 +141,7 @@ exec 3> "$FIFO_FILE"
   echo '{"jsonrpc":"2.0","id":"id","method":"listGroups"}' >&3
   echo '{"jsonrpc":"2.0","id":"id","method":"listDevices"}' >&3
   echo '{"jsonrpc":"2.0","id":"id","method":"listIdentities"}' >&3
+  echo '{"jsonrpc":"2.0","id":"id","method":"listStickerPacks"}' >&3
   echo '{"jsonrpc":"2.0","id":"id","method":"sendSyncRequest"}' >&3
   echo '{"jsonrpc":"2.0","id":"id","method":"sendContacts"}' >&3
   echo '{"jsonrpc":"2.0","id":"id","method":"version"}' >&3
@@ -175,6 +176,17 @@ run_main -a "$NUMBER_2" receive
 run_main -a "$NUMBER_2" send "$NUMBER_1" -m hi
 run_main -a "$NUMBER_1" receive
 run_main -a "$NUMBER_2" receive
+run_main -a "$NUMBER_1" updateAccount --discoverable-by-number=true
+run_main -a "$NUMBER_2" removeContact --forget "$NUMBER_1"
+run_main -a "$NUMBER_2" send "$NUMBER_1" -m hi
+run_main -a "$NUMBER_2" send "$NUMBER_1" -m hii
+run_main -a "$NUMBER_1" updateAccount --discoverable-by-number=false
+run_main -a "$NUMBER_1" receive
+run_main -a "$NUMBER_2" receive
+run_main -a "$NUMBER_2" send "$NUMBER_1" -m hi
+run_main -a "$NUMBER_2" send "$NUMBER_1" -m hii
+run_main -a "$NUMBER_1" receive
+run_main -a "$NUMBER_2" receive
 ## Groups
 GROUP_ID=$(run_main -a "$NUMBER_1" --output=json updateGroup -n GRUPPE -a LICENSE -m "$NUMBER_1" | jq -r '.groupId')
 run_main -a "$NUMBER_1" send "$NUMBER_2" -m first
@@ -237,7 +249,9 @@ for OUTPUT in "plain-text" "json"; do
   run_linked -a "$NUMBER_1" --output="$OUTPUT" receive
 done
 
-run_main -a "$NUMBER_1" removeDevice -d 2
+run_main -a "$NUMBER_1" --output="$OUTPUT" receive
+run_main -a "$NUMBER_1" removeDevice -d 2 || true
+run_main -a "$NUMBER_1" removeDevice -d 2 || true
 
 ## Unregister
 if [ "$TEST_REGISTER" -eq 1 ]; then

src/main/java/org/asamk/signal/App.java

@@ -291,6 +291,8 @@ public class App {
             commandHandler.handleMultiLocalCommand(command, multiAccountManager);
         } catch (IOException e) {
             throw new IOErrorException("Failed to load local accounts file", e);
+        } catch (AccountCheckException e) {
+            throw new UnexpectedErrorException("Failed to load account file", e);
         }
     }
 

src/main/java/org/asamk/signal/BaseConfig.java

@@ -8,7 +8,7 @@ public class BaseConfig {
     public static final String PROJECT_VERSION = BaseConfig.class.getPackage().getImplementationVersion();
 
     static final String USER_AGENT_SIGNAL_ANDROID = Optional.ofNullable(System.getenv("SIGNAL_CLI_USER_AGENT"))
-            .orElse("Signal-Android/7.35.0");
+            .orElse("Signal-Android/7.47.1");
     static final String USER_AGENT_SIGNAL_CLI = PROJECT_NAME == null
             ? "signal-cli"
             : PROJECT_NAME + "/" + PROJECT_VERSION;

src/main/java/org/asamk/signal/Shutdown.java

@@ -1,5 +1,6 @@
 package org.asamk.signal;
 
+import org.asamk.signal.commands.exceptions.CommandException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -11,7 +12,7 @@ import sun.misc.Signal;
 public class Shutdown {
 
     private static final Logger logger = LoggerFactory.getLogger(Shutdown.class);
-    private static final CompletableFuture<Void> shutdown = new CompletableFuture<>();
+    private static final CompletableFuture<Object> shutdown = new CompletableFuture<>();
     private static final CompletableFuture<Void> shutdownComplete = new CompletableFuture<>();
     private static boolean initialized = false;
 
@@ -43,9 +44,17 @@ public class Shutdown {
         shutdown.complete(null);
     }
 
-    public static void waitForShutdown() throws InterruptedException {
+    public static void triggerShutdown(CommandException exception) {
+        logger.debug("Triggering shutdown with exception.", exception);
+        shutdown.complete(exception);
+    }
+
+    public static void waitForShutdown() throws InterruptedException, CommandException {
         try {
-            shutdown.get();
+            final var result = shutdown.get();
+            if (result instanceof CommandException e) {
+                throw e;
+            }
         } catch (ExecutionException e) {
             throw new RuntimeException(e);
         }

src/main/java/org/asamk/signal/commands/DaemonCommand.java

@@ -97,7 +97,7 @@ public class DaemonCommand implements MultiLocalCommand, LocalCommand {
             final OutputWriter outputWriter
     ) throws CommandException {
         Shutdown.installHandler();
-        logger.info("Starting daemon in single-account mode for " + m.getSelfNumber());
+        logger.info("Starting daemon in single-account mode for {}", m.getSelfNumber());
         final var noReceiveStdOut = Boolean.TRUE.equals(ns.getBoolean("no-receive-stdout"));
         final var receiveMode = ns.<ReceiveMode>get("receive-mode");
         final var receiveConfig = getReceiveConfig(ns);

src/main/java/org/asamk/signal/commands/FinishChangeNumberCommand.java

@@ -9,6 +9,7 @@ import org.asamk.signal.commands.exceptions.UserErrorException;
 import org.asamk.signal.manager.Manager;
 import org.asamk.signal.manager.api.IncorrectPinException;
 import org.asamk.signal.manager.api.NotPrimaryDeviceException;
+import org.asamk.signal.manager.api.PinLockMissingException;
 import org.asamk.signal.manager.api.PinLockedException;
 import org.asamk.signal.output.OutputWriter;
 
@@ -50,6 +51,8 @@ public class FinishChangeNumberCommand implements JsonRpcLocalCommand {
                             + "\nUse '--pin PIN_CODE' to specify the registration lock PIN");
         } catch (IncorrectPinException e) {
             throw new UserErrorException("Verification failed! Invalid pin, tries remaining: " + e.getTriesRemaining());
+        } catch (PinLockMissingException e) {
+            throw new UserErrorException("Account is pin locked, but pin data has been deleted on the server.");
         } catch (NotPrimaryDeviceException e) {
             throw new UserErrorException("This command doesn't work on linked devices.");
         } catch (IOException e) {

src/main/java/org/asamk/signal/commands/GetUserStatusCommand.java

@@ -64,9 +64,16 @@ public class GetUserStatusCommand implements JsonRpcLocalCommand {
         }
 
         final var usernames = ns.<String>getList("username");
-        final var registeredUsernames = usernames == null
+        final Map<String, UsernameStatus> registeredUsernames;
-                ? Map.<String, UsernameStatus>of()
+        try {
-                : m.getUsernameStatus(new HashSet<>(usernames));
+            registeredUsernames = usernames == null ? Map.of() : m.getUsernameStatus(new HashSet<>(usernames));
+        } catch (IOException e) {
+            throw new IOErrorException("Unable to check if users are registered: "
+                    + e.getMessage()
+                    + " ("
+                    + e.getClass().getSimpleName()
+                    + ")", e);
+        }
 
         // Output
         switch (outputWriter) {

src/main/java/org/asamk/signal/commands/SendCommand.java

@@ -66,6 +66,9 @@ public class SendCommand implements JsonRpcLocalCommand {
                 .help("Add an attachment. "
                         + "Can be either a file path or a data URI. Data URI encoded attachments must follow the RFC 2397. Additionally a file name can be added, e.g. "
                         + "data:<MIME-TYPE>;filename=<FILENAME>;base64,<BASE64 ENCODED DATA>.");
+        subparser.addArgument("--view-once")
+                .action(Arguments.storeTrue())
+                .help("Send the message as a view once message");
         subparser.addArgument("-e", "--end-session", "--endsession")
                 .help("Clear session state and send end session message.")
                 .action(Arguments.storeTrue());
@@ -164,6 +167,7 @@ public class SendCommand implements JsonRpcLocalCommand {
         if (attachments == null) {
             attachments = List.of();
         }
+        final var viewOnce = Boolean.TRUE.equals(ns.getBoolean("view-once"));
 
         final var selfNumber = m.getSelfNumber();
 
@@ -239,6 +243,7 @@ public class SendCommand implements JsonRpcLocalCommand {
         try {
             final var message = new Message(messageText,
                     attachments,
+                    viewOnce,
                     mentions,
                     Optional.ofNullable(quote),
                     Optional.ofNullable(sticker),
@@ -250,8 +255,14 @@ public class SendCommand implements JsonRpcLocalCommand {
                     : m.sendMessage(message, recipientIdentifiers, notifySelf);
             outputResult(outputWriter, results);
         } catch (AttachmentInvalidException | IOException e) {
-            throw new UnexpectedErrorException("Failed to send message: " + e.getMessage() + " (" + e.getClass()
+            if (e instanceof IOException io && io.getMessage().contains("No prekeys available")) {
-                    .getSimpleName() + ")", e);
+                throw new UnexpectedErrorException("Failed to send message: " + e.getMessage() + " (" + e.getClass()
+                        .getSimpleName() + "), maybe one of the devices of the recipient wasn't online for a while.",
+                        e);
+            } else {
+                throw new UnexpectedErrorException("Failed to send message: " + e.getMessage() + " (" + e.getClass()
+                        .getSimpleName() + ")", e);
+            }
         } catch (GroupNotFoundException | NotAGroupMemberException | GroupSendingNotAllowedException e) {
             throw new UserErrorException(e.getMessage());
         } catch (UnregisteredRecipientException e) {

src/main/java/org/asamk/signal/commands/VerifyCommand.java

@@ -11,6 +11,7 @@ import org.asamk.signal.commands.exceptions.IOErrorException;
 import org.asamk.signal.commands.exceptions.UserErrorException;
 import org.asamk.signal.manager.RegistrationManager;
 import org.asamk.signal.manager.api.IncorrectPinException;
+import org.asamk.signal.manager.api.PinLockMissingException;
 import org.asamk.signal.manager.api.PinLockedException;
 import org.asamk.signal.output.JsonWriter;
 import org.slf4j.Logger;
@@ -76,6 +77,8 @@ public class VerifyCommand implements RegistrationCommand, JsonRpcRegistrationCo
                             + "\nUse '--pin PIN_CODE' to specify the registration lock PIN");
         } catch (IncorrectPinException e) {
             throw new UserErrorException("Verification failed! Invalid pin, tries remaining: " + e.getTriesRemaining());
+        } catch (PinLockMissingException e) {
+            throw new UserErrorException("Account is pin locked, but pin data has been deleted on the server.");
         } catch (IOException e) {
             throw new IOErrorException("Verify error: " + e.getMessage(), e);
         }

src/main/java/org/asamk/signal/dbus/DbusHandler.java

@@ -1,17 +1,21 @@
 package org.asamk.signal.dbus;
 
 import org.asamk.signal.DbusConfig;
+import org.asamk.signal.Shutdown;
 import org.asamk.signal.commands.exceptions.CommandException;
+import org.asamk.signal.commands.exceptions.IOErrorException;
 import org.asamk.signal.commands.exceptions.UnexpectedErrorException;
 import org.asamk.signal.commands.exceptions.UserErrorException;
 import org.asamk.signal.manager.Manager;
 import org.asamk.signal.manager.MultiAccountManager;
+import org.freedesktop.dbus.connections.IDisconnectCallback;
 import org.freedesktop.dbus.connections.impl.DBusConnection;
 import org.freedesktop.dbus.connections.impl.DBusConnectionBuilder;
 import org.freedesktop.dbus.exceptions.DBusException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import java.io.IOException;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -94,7 +98,9 @@ public class DbusHandler implements AutoCloseable {
         final var busType = isDbusSystem ? DBusConnection.DBusBusType.SYSTEM : DBusConnection.DBusBusType.SESSION;
         logger.debug("Starting DBus server on {} bus: {}", busType, busname);
         try {
-            dBusConnection = DBusConnectionBuilder.forType(busType).build();
+            dBusConnection = DBusConnectionBuilder.forType(busType)
+                    .withDisconnectCallback(new DisconnectCallback())
+                    .build();
             dbusRunner.run(dBusConnection);
         } catch (DBusException e) {
             throw new UnexpectedErrorException("Dbus command failed: " + e.getMessage(), e);
@@ -141,4 +147,13 @@ public class DbusHandler implements AutoCloseable {
 
         void run(DBusConnection connection) throws DBusException;
     }
+
+    private static final class DisconnectCallback implements IDisconnectCallback {
+
+        @Override
+        public void disconnectOnError(IOException ex) {
+            logger.debug("DBus daemon disconnected unexpectedly, shutting down");
+            Shutdown.triggerShutdown(new IOErrorException("Unexpected dbus daemon disconnect", ex));
+        }
+    }
 }

src/main/java/org/asamk/signal/dbus/DbusSignalControlImpl.java

@@ -10,6 +10,7 @@ import org.asamk.signal.manager.RegistrationManager;
 import org.asamk.signal.manager.api.CaptchaRequiredException;
 import org.asamk.signal.manager.api.IncorrectPinException;
 import org.asamk.signal.manager.api.NonNormalizedPhoneNumberException;
+import org.asamk.signal.manager.api.PinLockMissingException;
 import org.asamk.signal.manager.api.PinLockedException;
 import org.asamk.signal.manager.api.RateLimitException;
 import org.asamk.signal.manager.api.UserAlreadyExistsException;
@@ -105,6 +106,8 @@ public class DbusSignalControlImpl implements org.asamk.SignalControl {
                             + (e.getTimeRemaining() / 1000 / 60 / 60));
         } catch (IncorrectPinException e) {
             throw new Error.Failure("Verification failed! Invalid pin, tries remaining: " + e.getTriesRemaining());
+        } catch (PinLockMissingException e) {
+            throw new Error.Failure("Account is pin locked, but pin data has been deleted on the server.");
         }
     }
 

src/main/java/org/asamk/signal/dbus/DbusSignalImpl.java

@@ -236,6 +236,7 @@ public class DbusSignalImpl implements Signal, AutoCloseable {
         try {
             final var message = new Message(messageText,
                     attachments,
+                    false,
                     List.of(),
                     Optional.empty(),
                     Optional.empty(),
@@ -399,6 +400,7 @@ public class DbusSignalImpl implements Signal, AutoCloseable {
         try {
             final var message = new Message(messageText,
                     attachments,
+                    false,
                     List.of(),
                     Optional.empty(),
                     Optional.empty(),
@@ -444,6 +446,7 @@ public class DbusSignalImpl implements Signal, AutoCloseable {
         try {
             final var message = new Message(messageText,
                     attachments,
+                    false,
                     List.of(),
                     Optional.empty(),
                     Optional.empty(),