From daf019b28807452df54b3d8efe59f95cff2d96c9 Mon Sep 17 00:00:00 2001
From: Andrew Ferrazzutti <fair@miscworks.net>
Date: Tue, 5 Jan 2021 00:58:55 -0500
Subject: [PATCH] Identity: Recompute hashes after M_INVALID_PEPPER

When a new pepper is retrieved after an M_INVALID_PEPPER response,
recompute hashes with that pepper, and send those new hashes in the next
lookup attempt instead of reusing the original hashes.

Signed-off-by: Andrew Ferrazzutti <fair@miscworks.net>
---
 CHANGES.md                                    |  1 +
 .../identity/IdentityBulkLookupTask.kt        | 48 ++++++++++---------
 2 files changed, 27 insertions(+), 22 deletions(-)

diff --git a/CHANGES.md b/CHANGES.md
index b2483df78d..a8aabb213d 100644
--- a/CHANGES.md
+++ b/CHANGES.md
@@ -10,6 +10,7 @@ Improvements 🙌:
 Bugfix 🐛:
  - Fix clear cache issue: sometimes, after a clear cache, there is still a token, so the init sync service is not started.
  - Sidebar too large in horizontal orientation or tablets (#475)
+ - When receiving a new pepper from identity server, use it on the next hash lookup (#2708)
 
 Translations 🗣:
  -
diff --git a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/identity/IdentityBulkLookupTask.kt b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/identity/IdentityBulkLookupTask.kt
index a03bef9501..773d1066b5 100644
--- a/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/identity/IdentityBulkLookupTask.kt
+++ b/matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/session/identity/IdentityBulkLookupTask.kt
@@ -46,6 +46,17 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor(
         @UserId private val userId: String
 ) : IdentityBulkLookupTask {
 
+    private fun getHashedAddresses(threePids: List<ThreePid>, pepper: String): List<String> {
+        return withOlmUtility { olmUtility ->
+            threePids.map { threePid ->
+                base64ToBase64Url(
+                        olmUtility.sha256(threePid.value.toLowerCase(Locale.ROOT)
+                                + " " + threePid.toMedium() + " " + pepper)
+                )
+            }
+        }
+    }
+
     override suspend fun execute(params: IdentityBulkLookupTask.Params): List<FoundThreePid> {
         val identityAPI = getIdentityApiAndEnsureTerms(identityApiProvider, userId)
         val identityData = identityStore.getIdentityData() ?: throw IdentityServiceError.NoIdentityServerConfigured
@@ -63,33 +74,26 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor(
             throw IdentityServiceError.BulkLookupSha256NotSupported
         }
 
-        val hashedAddresses = withOlmUtility { olmUtility ->
-            params.threePids.map { threePid ->
-                base64ToBase64Url(
-                        olmUtility.sha256(threePid.value.toLowerCase(Locale.ROOT)
-                                + " " + threePid.toMedium() + " " + hashDetailResponse.pepper)
-                )
-            }
-        }
-
-        val identityLookUpV2Response = lookUpInternal(identityAPI, hashedAddresses, hashDetailResponse, true)
+        val lookupResult = lookUpInternal(identityAPI, params.threePids, hashDetailResponse, true)
 
         // Convert back to List<FoundThreePid>
-        return handleSuccess(params.threePids, hashedAddresses, identityLookUpV2Response)
+        return handleSuccess(params.threePids, lookupResult.first, lookupResult.second)
     }
 
     private suspend fun lookUpInternal(identityAPI: IdentityAPI,
-                                       hashedAddresses: List<String>,
+                                       threePids: List<ThreePid>,
                                        hashDetailResponse: IdentityHashDetailResponse,
-                                       canRetry: Boolean): IdentityLookUpResponse {
+                                       canRetry: Boolean): Pair<List<String>, IdentityLookUpResponse> {
+        val hashedAddresses = getHashedAddresses(threePids, hashDetailResponse.pepper)
         return try {
-            executeRequest(null) {
-                apiCall = identityAPI.lookup(IdentityLookUpParams(
-                        hashedAddresses,
-                        IdentityHashDetailResponse.ALGORITHM_SHA256,
-                        hashDetailResponse.pepper
-                ))
-            }
+            Pair(hashedAddresses,
+                    executeRequest(null) {
+                        apiCall = identityAPI.lookup(IdentityLookUpParams(
+                                hashedAddresses,
+                                IdentityHashDetailResponse.ALGORITHM_SHA256,
+                                hashDetailResponse.pepper
+                        ))
+                    })
         } catch (failure: Throwable) {
             // Catch invalid hash pepper and retry
             if (canRetry && failure is Failure.ServerError && failure.error.code == MatrixError.M_INVALID_PEPPER) {
@@ -98,7 +102,7 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor(
                     // Store it and use it right now
                     hashDetailResponse.copy(pepper = failure.error.newLookupPepper)
                             .also { identityStore.setHashDetails(it) }
-                            .let { lookUpInternal(identityAPI, hashedAddresses, it, false /* Avoid infinite loop */) }
+                            .let { lookUpInternal(identityAPI, threePids, it, false /* Avoid infinite loop */) }
                 } else {
                     // Retrieve the new hash details
                     val newHashDetailResponse = fetchAndStoreHashDetails(identityAPI)
@@ -109,7 +113,7 @@ internal class DefaultIdentityBulkLookupTask @Inject constructor(
                         throw IdentityServiceError.BulkLookupSha256NotSupported
                     }
 
-                    lookUpInternal(identityAPI, hashedAddresses, newHashDetailResponse, false /* Avoid infinite loop */)
+                    lookUpInternal(identityAPI, threePids, newHashDetailResponse, false /* Avoid infinite loop */)
                 }
             } else {
                 // Other error