fix: assets are not encrypted at rest WPB-6977 (#1145)

wireapp · Mar 22, 2024 · 255a695 · 255a695
1 parent 592b557
commit 255a695
Show file tree

Hide file tree

Showing 65 changed files with 2,032 additions and 1,112 deletions.
diff --git a/wire-ios-data-model/Source/Model/Conversation/Team.swift b/wire-ios-data-model/Source/Model/Conversation/Team.swift
@@ -108,38 +108,55 @@ extension Team {
 
 // MARK: - Logo Image
 extension Team {
-    static let defaultLogoFormat = ZMImageFormat.medium
 
     @objc static let pictureAssetIdKey = #keyPath(Team.pictureAssetId)
 
     public var imageData: Data? {
         get {
-            return managedObjectContext?.zm_fileAssetCache.assetData(for: self, format: Team.defaultLogoFormat, encrypted: false)
+            guard let cache = managedObjectContext?.zm_fileAssetCache else {
+                return nil
+            }
+
+            return cache.imageData(for: self)
         }
 
         set {
-            defer {
-                if let uiContext = managedObjectContext?.zm_userInterface {
-                    // Notify about a non core data change since the image is persisted in the file cache
-                    NotificationDispatcher.notifyNonCoreDataChanges(objectID: objectID, changedKeys: [#keyPath(Team.imageData)], uiContext: uiContext)
-                }
+            guard let cache = managedObjectContext?.zm_fileAssetCache else {
+                return
             }
 
-            guard let newValue = newValue else {
-                managedObjectContext?.zm_fileAssetCache.deleteAssetData(for: self, format: Team.defaultLogoFormat, encrypted: false)
-                return
+            if let newValue {
+                cache.storeImage(data: newValue, for: self)
+            } else {
+                cache.deleteImageData(for: self)
             }
 
-            managedObjectContext?.zm_fileAssetCache.storeAssetData(for: self, format: Team.defaultLogoFormat, encrypted: false, data: newValue)
+            if let uiContext = managedObjectContext?.zm_userInterface {
+                // Notify about a non core data change since the image is persisted in the file cache
+                NotificationDispatcher.notifyNonCoreDataChanges(
+                    objectID: objectID,
+                    changedKeys: [#keyPath(Team.imageData)],
+                    uiContext: uiContext
+                )
+            }
         }
     }
 
     public func requestImage() {
-        guard let moc = self.managedObjectContext, moc.zm_isUserInterfaceContext, !moc.zm_fileAssetCache.hasDataOnDisk(for: self, format: Team.defaultLogoFormat, encrypted: false) else { return }
+        guard
+            let context = self.managedObjectContext,
+            context.zm_isUserInterfaceContext,
+            let cache = context.zm_fileAssetCache,
+            !cache.hasImageData(for: self)
+        else {
+            return
+        }
 
-        NotificationInContext(name: .teamDidRequestAsset,
-                              context: moc.notificationContext,
-                              object: objectID).post()
+        NotificationInContext(
+            name: .teamDidRequestAsset,
+            context: context.notificationContext,
+            object: objectID
+        ).post()
     }
 
     public static var imageDownloadFilter: NSPredicate {

diff --git a/wire-ios-data-model/Source/Model/Conversation/ZMConversation+Message.swift b/wire-ios-data-model/Source/Model/Conversation/ZMConversation+Message.swift
@@ -225,7 +225,7 @@ extension ZMConversation {
                                      size: UInt64(imageData.count))
 
         return try append(asset: asset, nonce: nonce, expires: true, prepareMessage: { message in
-            moc.zm_fileAssetCache.storeAssetData(message, format: .original, encrypted: false, data: imageData)
+            moc.zm_fileAssetCache.storeOriginalImage(data: imageData, for: message)
         })
     }
 
@@ -242,20 +242,36 @@ extension ZMConversation {
     ///     The appended message.
 
     @discardableResult
-    public func appendFile(with fileMetadata: ZMFileMetadata, nonce: UUID = UUID()) throws -> ZMConversationMessage {
+    public func appendFile(
+        with fileMetadata: ZMFileMetadata,
+        nonce: UUID = UUID()
+    ) throws -> ZMConversationMessage {
         guard let moc = managedObjectContext else {
             throw AppendMessageError.missingManagedObjectContext
         }
 
-        guard let data = try? Data.init(contentsOf: fileMetadata.fileURL, options: .mappedIfSafe) else {
+        guard let data = try? Data(
+            contentsOf: fileMetadata.fileURL,
+            options: .mappedIfSafe
+        ) else {
             throw AppendMessageError.invalidFileUrl
         }
 
-        return try append(asset: fileMetadata.asset, nonce: nonce, expires: false) { (message) in
-            moc.zm_fileAssetCache.storeAssetData(message, encrypted: false, data: data)
+        return try append(
+            asset: fileMetadata.asset,
+            nonce: nonce,
+            expires: false
+        ) { message in
+            moc.zm_fileAssetCache.storeFile(
+                data: data,
+                for: message
+            )
 
             if let thumbnailData = fileMetadata.thumbnail {
-                moc.zm_fileAssetCache.storeAssetData(message, format: .original, encrypted: false, data: thumbnailData)
+                moc.zm_fileAssetCache.storeOriginalImage(
+                    data: thumbnailData,
+                    for: message
+                )
             }
         }
     }

diff --git a/wire-ios-data-model/Source/Model/Message/AssetEncryption.swift b/wire-ios-data-model/Source/Model/Message/AssetEncryption.swift