resolve conflicts on merge with ds-cleanup

2025-07-23 14:14:28 +02:00 · 2015-08-26 13:33:50 -07:00 · 2015-08-26 13:33:50 -07:00 · 352f3543c3
commit 352f3543c3
parent f16e0a63ee c776f04ab2
10 changed files with 846 additions and 564 deletions
--- a/domain-server/src/DomainGatekeeper.cpp
+++ b/domain-server/src/DomainGatekeeper.cpp
@ -0,0 +1,613 @@
 //
 //  DomainGatekeeper.cpp
 //  domain-server/src
 //
 //  Created by Stephen Birarda on 2015-08-24.
 //  Copyright 2015 High Fidelity, Inc.
 //
 //  Distributed under the Apache License, Version 2.0.
 //  See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
 //
 #include "DomainGatekeeper.h"
 #include <openssl/err.h>
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 #include <AccountManager.h>
 #include <Assignment.h>
 #include <JSONBreakableMarshal.h>
 #include "DomainServer.h"
 #include "DomainServerNodeData.h"
 using SharedAssignmentPointer = QSharedPointer<Assignment>;
 DomainGatekeeper::DomainGatekeeper(DomainServer* server) :
    _server(server)
 {
 }
 void DomainGatekeeper::addPendingAssignedNode(const QUuid& nodeUUID, const QUuid& assignmentUUID,
                                              const QUuid& walletUUID, const QString& nodeVersion) {
    _pendingAssignedNodes.emplace(std::piecewise_construct,
                                  std::forward_as_tuple(nodeUUID),
                                  std::forward_as_tuple(assignmentUUID, walletUUID, nodeVersion));
 }
 QUuid DomainGatekeeper::assignmentUUIDForPendingAssignment(const QUuid& tempUUID) {
    auto it = _pendingAssignedNodes.find(tempUUID);
    if (it != _pendingAssignedNodes.end()) {
        return it->second.getAssignmentUUID();
    } else {
        return QUuid();
    }
 }
 const NodeSet STATICALLY_ASSIGNED_NODES = NodeSet() << NodeType::AudioMixer
    << NodeType::AvatarMixer << NodeType::EntityServer;
 void DomainGatekeeper::processConnectRequestPacket(QSharedPointer<NLPacket> packet) {
    if (packet->getPayloadSize() == 0) {
        return;
    }
    QDataStream packetStream(packet.data());
    // read a NodeConnectionData object from the packet so we can pass around this data while we're inspecting it
    NodeConnectionData nodeConnection = NodeConnectionData::fromDataStream(packetStream, packet->getSenderSockAddr());
    if (nodeConnection.localSockAddr.isNull() || nodeConnection.publicSockAddr.isNull()) {
        qDebug() << "Unexpected data received for node local socket or public socket. Will not allow connection.";
        return;
    }
    // check if this connect request matches an assignment in the queue
    auto pendingAssignment = _pendingAssignedNodes.find(nodeConnection.connectUUID);
    SharedNodePointer node;
    if (pendingAssignment != _pendingAssignedNodes.end()) {
        node = processAssignmentConnectRequest(nodeConnection, pendingAssignment->second);
    } else if (!STATICALLY_ASSIGNED_NODES.contains(nodeConnection.nodeType)) {
        QString username;
        QByteArray usernameSignature;
        if (packet->bytesLeftToRead() > 0) {
            // read username from packet
            packetStream >> username;
            if (packet->bytesLeftToRead() > 0) {
                // read user signature from packet
                packetStream >> usernameSignature;
            }
        }
        node = processAgentConnectRequest(nodeConnection, username, usernameSignature);
    }
    if (node) {
        // set the sending sock addr and node interest set on this node
        DomainServerNodeData* nodeData = reinterpret_cast<DomainServerNodeData*>(node->getLinkedData());
        nodeData->setSendingSockAddr(packet->getSenderSockAddr());
        nodeData->setNodeInterestSet(nodeConnection.interestList.toSet());
        // signal that we just connected a node so the DomainServer can get it a list
        // and broadcast its presence right away
        emit connectedNode(node);
    } else {
        qDebug() << "Refusing connection from node at" << packet->getSenderSockAddr();
    }
 }
 SharedNodePointer DomainGatekeeper::processAssignmentConnectRequest(const NodeConnectionData& nodeConnection,
                                                                    const PendingAssignedNodeData& pendingAssignment) {
    // make sure this matches an assignment the DS told us we sent out
    auto it = _pendingAssignedNodes.find(nodeConnection.connectUUID);
    SharedAssignmentPointer matchingQueuedAssignment = SharedAssignmentPointer();
    if (it != _pendingAssignedNodes.end()) {
        // find the matching queued static assignment in DS queue
        matchingQueuedAssignment = _server->dequeueMatchingAssignment(it->second.getAssignmentUUID(), nodeConnection.nodeType);
        if (matchingQueuedAssignment) {
            qDebug() << "Assignment deployed with" << uuidStringWithoutCurlyBraces(nodeConnection.connectUUID)
                << "matches unfulfilled assignment"
                << uuidStringWithoutCurlyBraces(matchingQueuedAssignment->getUUID());
        } else {
            // this is a node connecting to fulfill an assignment that doesn't exist
            // don't reply back to them so they cycle back and re-request an assignment
            qDebug() << "No match for assignment deployed with" << uuidStringWithoutCurlyBraces(nodeConnection.connectUUID);
            return SharedNodePointer();
        }
    } else {
        qDebug() << "No assignment was deployed with UUID" << uuidStringWithoutCurlyBraces(nodeConnection.connectUUID);
        return SharedNodePointer();
    }
    // add the new node
    SharedNodePointer newNode = addVerifiedNodeFromConnectRequest(nodeConnection);
    DomainServerNodeData* nodeData = reinterpret_cast<DomainServerNodeData*>(newNode->getLinkedData());
    // set assignment related data on the linked data for this node
    nodeData->setAssignmentUUID(matchingQueuedAssignment->getUUID());
    nodeData->setWalletUUID(it->second.getWalletUUID());
    nodeData->setNodeVersion(it->second.getNodeVersion());
    // cleanup the PendingAssignedNodeData for this assignment now that it's connecting
    _pendingAssignedNodes.erase(it);
    // always allow assignment clients to create and destroy entities
    newNode->setCanAdjustLocks(true);
    newNode->setCanRez(true);
    return newNode;
 }
 const QString MAXIMUM_USER_CAPACITY = "security.maximum_user_capacity";
 const QString ALLOWED_EDITORS_SETTINGS_KEYPATH = "security.allowed_editors";
 const QString EDITORS_ARE_REZZERS_KEYPATH = "security.editors_are_rezzers";
 SharedNodePointer DomainGatekeeper::processAgentConnectRequest(const NodeConnectionData& nodeConnection,
                                                               const QString& username,
                                                               const QByteArray& usernameSignature) {
    auto limitedNodeList = DependencyManager::get<LimitedNodeList>();
    bool isRestrictingAccess =
        _server->_settingsManager.valueOrDefaultValueForKeyPath(RESTRICTED_ACCESS_SETTINGS_KEYPATH).toBool();
    // check if this user is on our local machine - if this is true they are always allowed to connect
    QHostAddress senderHostAddress = nodeConnection.senderSockAddr.getAddress();
    bool isLocalUser =
        (senderHostAddress == limitedNodeList->getLocalSockAddr().getAddress() || senderHostAddress == QHostAddress::LocalHost);
    // if we're using restricted access and this user is not local make sure we got a user signature
    if (isRestrictingAccess && !isLocalUser) {
        if (!username.isEmpty()) {
            if (usernameSignature.isEmpty()) {
                // if user didn't include usernameSignature in connect request, send a connectionToken packet
                sendConnectionTokenPacket(username, nodeConnection.senderSockAddr);
                // ask for their public key right now to make sure we have it
                requestUserPublicKey(username);
                return SharedNodePointer();
            }
        }
    }
    bool verifiedUsername = false;
    // if we do not have a local user we need to subject them to our verification and capacity checks
    if (!isLocalUser) {
        // check if we need to look at the username signature
        if (isRestrictingAccess) {
            if (isVerifiedAllowedUser(username, usernameSignature, nodeConnection.senderSockAddr)) {
                // we verified the user via their username and signature - set the verifiedUsername
                // so we don't re-decrypt their sig if we're trying to exempt them from max capacity check (due to
                // being in the allowed editors list)
                verifiedUsername = true;
            } else {
                // failed to verify user - return a null shared ptr
                return SharedNodePointer();
            }
        }
        if (!isWithinMaxCapacity(username, usernameSignature, verifiedUsername, nodeConnection.senderSockAddr)) {
            // we can't allow this user to connect because we are at max capacity (and they either aren't an allowed editor
            // or couldn't be verified as one)
            return SharedNodePointer();
        }
    }
    // if this user is in the editors list (or if the editors list is empty) set the user's node's canAdjustLocks to true
    const QVariant* allowedEditorsVariant =
        valueForKeyPath(_server->_settingsManager.getSettingsMap(), ALLOWED_EDITORS_SETTINGS_KEYPATH);
    QStringList allowedEditors = allowedEditorsVariant ? allowedEditorsVariant->toStringList() : QStringList();
    // if the allowed editors list is empty then everyone can adjust locks
    bool canAdjustLocks = allowedEditors.empty();
    if (allowedEditors.contains(username)) {
        // we have a non-empty allowed editors list - check if this user is verified to be in it
        if (!verifiedUsername) {
            if (!verifyUserSignature(username, usernameSignature, nodeConnection.senderSockAddr)) {
                // failed to verify a user that is in the allowed editors list
                sendConnectionTokenPacket(username, nodeConnection.senderSockAddr);
                qDebug() << "Could not verify user" << username << "as allowed editor. Forcing user to attempt reconnect.";
                return SharedNodePointer();
            } else {
                // just verified this user and they are in the allowed editors list
                canAdjustLocks = true;
            }
        } else {
            // already verified this user and they are in the allowed editors list
            canAdjustLocks = true;
        }
    }
    // check if only editors should be able to rez entities
    const QVariant* editorsAreRezzersVariant =
        valueForKeyPath(_server->_settingsManager.getSettingsMap(), EDITORS_ARE_REZZERS_KEYPATH);
    bool onlyEditorsAreRezzers = false;
    if (editorsAreRezzersVariant) {
        onlyEditorsAreRezzers = editorsAreRezzersVariant->toBool();
    }
    bool canRez = true;
    if (onlyEditorsAreRezzers) {
        canRez = canAdjustLocks;
    }
    // add the new node
    SharedNodePointer newNode = addVerifiedNodeFromConnectRequest(nodeConnection);
    // set the edit rights for this user
    newNode->setCanAdjustLocks(canAdjustLocks);
    newNode->setCanRez(canRez);
    // grab the linked data for our new node so we can set the username
    DomainServerNodeData* nodeData = reinterpret_cast<DomainServerNodeData*>(newNode->getLinkedData());
    // if we have a username from the connect request, set it on the DomainServerNodeData
    nodeData->setUsername(username);
    // also add an interpolation to JSONBreakableMarshal so that servers can get username in stats
    JSONBreakableMarshal::addInterpolationForKey(USERNAME_UUID_REPLACEMENT_STATS_KEY,
                                                 uuidStringWithoutCurlyBraces(newNode->getUUID()), username);
    return newNode;
 }
 SharedNodePointer DomainGatekeeper::addVerifiedNodeFromConnectRequest(const NodeConnectionData& nodeConnection) {
    HifiSockAddr discoveredSocket = nodeConnection.senderSockAddr;
    SharedNetworkPeer connectedPeer = _icePeers.value(nodeConnection.connectUUID);
    QUuid nodeUUID;
    if (connectedPeer) {
        //  this user negotiated a connection with us via ICE, so re-use their ICE client ID
        nodeUUID = nodeConnection.connectUUID;
        if (connectedPeer->getActiveSocket()) {
            // set their discovered socket to whatever the activated socket on the network peer object was
            discoveredSocket = *connectedPeer->getActiveSocket();
        }
    } else {
        // we got a connectUUID we didn't recognize, just add the node with a new UUID
        nodeUUID = QUuid::createUuid();
    }
    auto limitedNodeList = DependencyManager::get<LimitedNodeList>();
    SharedNodePointer newNode = limitedNodeList->addOrUpdateNode(nodeUUID, nodeConnection.nodeType,
                                                                 nodeConnection.publicSockAddr, nodeConnection.localSockAddr);
    // So that we can send messages to this node at will - we need to activate the correct socket on this node now
    newNode->activateMatchingOrNewSymmetricSocket(discoveredSocket);
    return newNode;
 }
 bool DomainGatekeeper::verifyUserSignature(const QString& username,
                                           const QByteArray& usernameSignature,
                                           const HifiSockAddr& senderSockAddr) {
    // it's possible this user can be allowed to connect, but we need to check their username signature
    QByteArray publicKeyArray = _userPublicKeys.value(username);
    const QUuid& connectionToken = _connectionTokenHash.value(username.toLower());
    if (!publicKeyArray.isEmpty() && !connectionToken.isNull()) {
        // if we do have a public key for the user, check for a signature match
        const unsigned char* publicKeyData = reinterpret_cast<const unsigned char*>(publicKeyArray.constData());
        // first load up the public key into an RSA struct
        RSA* rsaPublicKey = d2i_RSA_PUBKEY(NULL, &publicKeyData, publicKeyArray.size());
        QByteArray lowercaseUsername = username.toLower().toUtf8();
        QByteArray usernameWithToken = QCryptographicHash::hash(lowercaseUsername.append(connectionToken.toRfc4122()),
                                                                QCryptographicHash::Sha256);
        if (rsaPublicKey) {
            QByteArray decryptedArray(RSA_size(rsaPublicKey), 0);
            int decryptResult = RSA_verify(NID_sha256,
                                           reinterpret_cast<const unsigned char*>(usernameWithToken.constData()),
                                           usernameWithToken.size(),
                                           reinterpret_cast<const unsigned char*>(usernameSignature.constData()),
                                           usernameSignature.size(),
                                           rsaPublicKey);
            if (decryptResult == 1) {
                qDebug() << "Username signature matches for" << username << "- allowing connection.";
                // free up the public key and remove connection token before we return
                RSA_free(rsaPublicKey);
                _connectionTokenHash.remove(username);
                return true;
            } else {
                if (!senderSockAddr.isNull()) {
                    qDebug() << "Error decrypting username signature for " << username << "- denying connection.";
                    sendConnectionDeniedPacket("Error decrypting username signature.", senderSockAddr);
                }
                // free up the public key, we don't need it anymore
                RSA_free(rsaPublicKey);
            }
        } else {
            // we can't let this user in since we couldn't convert their public key to an RSA key we could use
            if (!senderSockAddr.isNull()) {
                qDebug() << "Couldn't convert data to RSA key for" << username << "- denying connection.";
                sendConnectionDeniedPacket("Couldn't convert data to RSA key.", senderSockAddr);
            }
        }
    } else {
        if (!senderSockAddr.isNull()) {
            qDebug() << "Insufficient data to decrypt username signature - denying connection.";
            sendConnectionDeniedPacket("Insufficient data", senderSockAddr);
        }
    }
    requestUserPublicKey(username); // no joy.  maybe next time?
    return false;
 }
 bool DomainGatekeeper::isVerifiedAllowedUser(const QString& username, const QByteArray& usernameSignature,
                                             const HifiSockAddr& senderSockAddr) {
    if (username.isEmpty()) {
        qDebug() << "Connect request denied - no username provided.";
        sendConnectionDeniedPacket("No username provided", senderSockAddr);
        return false;
    }
    QStringList allowedUsers =
        _server->_settingsManager.valueOrDefaultValueForKeyPath(ALLOWED_USERS_SETTINGS_KEYPATH).toStringList();
    if (allowedUsers.contains(username, Qt::CaseInsensitive)) {
        if (!verifyUserSignature(username, usernameSignature, senderSockAddr)) {
            return false;
        }
    } else {
        qDebug() << "Connect request denied for user" << username << "- not in allowed users list.";
        sendConnectionDeniedPacket("User not on whitelist.", senderSockAddr);
        return false;
    }
    return true;
 }
 bool DomainGatekeeper::isWithinMaxCapacity(const QString& username, const QByteArray& usernameSignature,
                                           bool& verifiedUsername,
                                           const HifiSockAddr& senderSockAddr) {
    // find out what our maximum capacity is
    const QVariant* maximumUserCapacityVariant = valueForKeyPath(_server->_settingsManager.getSettingsMap(), MAXIMUM_USER_CAPACITY);
    unsigned int maximumUserCapacity = maximumUserCapacityVariant ? maximumUserCapacityVariant->toUInt() : 0;
    if (maximumUserCapacity > 0) {
        unsigned int connectedUsers = _server->countConnectedUsers();
        if (connectedUsers >= maximumUserCapacity) {
            // too many users, deny the new connection unless this user is an allowed editor
            const QVariant* allowedEditorsVariant =
                valueForKeyPath(_server->_settingsManager.getSettingsMap(), ALLOWED_EDITORS_SETTINGS_KEYPATH);
            QStringList allowedEditors = allowedEditorsVariant ? allowedEditorsVariant->toStringList() : QStringList();
            if (allowedEditors.contains(username)) {
                if (verifiedUsername || verifyUserSignature(username, usernameSignature, senderSockAddr)) {
                    verifiedUsername = true;
                    qDebug() << "Above maximum capacity -" << connectedUsers << "/" << maximumUserCapacity <<
                        "but user" << username << "is in allowed editors list so will be allowed to connect.";
                    return true;
                }
            }
            // deny connection from this user
            qDebug() << connectedUsers << "/" << maximumUserCapacity << "users connected, denying new connection.";
            sendConnectionDeniedPacket("Too many connected users.", senderSockAddr);
            return false;
        }
        qDebug() << connectedUsers << "/" << maximumUserCapacity << "users connected, allowing new connection.";
    }
    return true;
 }
 void DomainGatekeeper::preloadAllowedUserPublicKeys() {
    const QVariant* allowedUsersVariant = valueForKeyPath(_server->_settingsManager.getSettingsMap(), ALLOWED_USERS_SETTINGS_KEYPATH);
    QStringList allowedUsers = allowedUsersVariant ? allowedUsersVariant->toStringList() : QStringList();
    if (allowedUsers.size() > 0) {
        // in the future we may need to limit how many requests here - for now assume that lists of allowed users are not
        // going to create > 100 requests
        foreach(const QString& username, allowedUsers) {
            requestUserPublicKey(username);
        }
    }
 }
 void DomainGatekeeper::requestUserPublicKey(const QString& username) {
    // even if we have a public key for them right now, request a new one in case it has just changed
    JSONCallbackParameters callbackParams;
    callbackParams.jsonCallbackReceiver = this;
    callbackParams.jsonCallbackMethod = "publicKeyJSONCallback";
    const QString USER_PUBLIC_KEY_PATH = "api/v1/users/%1/public_key";
    qDebug() << "Requesting public key for user" << username;
    AccountManager::getInstance().sendRequest(USER_PUBLIC_KEY_PATH.arg(username),
                                              AccountManagerAuth::None,
                                              QNetworkAccessManager::GetOperation, callbackParams);
 }
 void DomainGatekeeper::publicKeyJSONCallback(QNetworkReply& requestReply) {
    QJsonObject jsonObject = QJsonDocument::fromJson(requestReply.readAll()).object();
    if (jsonObject["status"].toString() == "success") {
        // figure out which user this is for
        const QString PUBLIC_KEY_URL_REGEX_STRING = "api\\/v1\\/users\\/([A-Za-z0-9_\\.]+)\\/public_key";
        QRegExp usernameRegex(PUBLIC_KEY_URL_REGEX_STRING);
        if (usernameRegex.indexIn(requestReply.url().toString()) != -1) {
            QString username = usernameRegex.cap(1);
            qDebug() << "Storing a public key for user" << username;
            // pull the public key as a QByteArray from this response
            const QString JSON_DATA_KEY = "data";
            const QString JSON_PUBLIC_KEY_KEY = "public_key";
            _userPublicKeys[username] =
                QByteArray::fromBase64(jsonObject[JSON_DATA_KEY].toObject()[JSON_PUBLIC_KEY_KEY].toString().toUtf8());
        }
    }
 }
 void DomainGatekeeper::sendConnectionDeniedPacket(const QString& reason, const HifiSockAddr& senderSockAddr) {
    // this is an agent and we've decided we won't let them connect - send them a packet to deny connection
    QByteArray utfString = reason.toUtf8();
    quint16 payloadSize = utfString.size();
    // setup the DomainConnectionDenied packet
    auto connectionDeniedPacket = NLPacket::create(PacketType::DomainConnectionDenied, payloadSize + sizeof(payloadSize));
    // pack in the reason the connection was denied (the client displays this)
    if (payloadSize > 0) {
        connectionDeniedPacket->writePrimitive(payloadSize);
        connectionDeniedPacket->write(utfString);
    }
    // send the packet off
    DependencyManager::get<LimitedNodeList>()->sendPacket(std::move(connectionDeniedPacket), senderSockAddr);
 }
 void DomainGatekeeper::sendConnectionTokenPacket(const QString& username, const HifiSockAddr& senderSockAddr) {
    // get the existing connection token or create a new one
    QUuid& connectionToken = _connectionTokenHash[username.toLower()];
    if (connectionToken.isNull()) {
        connectionToken = QUuid::createUuid();
    }
    // setup a static connection token packet
    static auto connectionTokenPacket = NLPacket::create(PacketType::DomainServerConnectionToken, NUM_BYTES_RFC4122_UUID);
    // reset the packet before each time we send
    connectionTokenPacket->reset();
    // write the connection token
    connectionTokenPacket->write(connectionToken.toRfc4122());
    // send off the packet unreliably
    DependencyManager::get<LimitedNodeList>()->sendUnreliablePacket(*connectionTokenPacket, senderSockAddr);
 }
 const int NUM_PEER_PINGS_BEFORE_DELETE = 2000 / UDP_PUNCH_PING_INTERVAL_MS;
 void DomainGatekeeper::pingPunchForConnectingPeer(const SharedNetworkPeer& peer) {
    if (peer->getConnectionAttempts() >= NUM_PEER_PINGS_BEFORE_DELETE) {
        // we've reached the maximum number of ping attempts
        qDebug() << "Maximum number of ping attempts reached for peer with ID" << peer->getUUID();
        qDebug() << "Removing from list of connecting peers.";
        _icePeers.remove(peer->getUUID());
    } else {
        auto limitedNodeList = DependencyManager::get<LimitedNodeList>();
        // send the ping packet to the local and public sockets for this node
        auto localPingPacket = limitedNodeList->constructICEPingPacket(PingType::Local, limitedNodeList->getSessionUUID());
        limitedNodeList->sendPacket(std::move(localPingPacket), peer->getLocalSocket());
        auto publicPingPacket = limitedNodeList->constructICEPingPacket(PingType::Public, limitedNodeList->getSessionUUID());
        limitedNodeList->sendPacket(std::move(publicPingPacket), peer->getPublicSocket());
        peer->incrementConnectionAttempts();
    }
 }
 void DomainGatekeeper::handlePeerPingTimeout() {
    NetworkPeer* senderPeer = qobject_cast<NetworkPeer*>(sender());
    if (senderPeer) {
        SharedNetworkPeer sharedPeer = _icePeers.value(senderPeer->getUUID());
        if (sharedPeer && !sharedPeer->getActiveSocket()) {
            pingPunchForConnectingPeer(sharedPeer);
        }
    }
 }
 void DomainGatekeeper::processICEPeerInformationPacket(QSharedPointer<NLPacket> packet) {
    // loop through the packet and pull out network peers
    // any peer we don't have we add to the hash, otherwise we update
    QDataStream iceResponseStream(packet.data());
    NetworkPeer* receivedPeer = new NetworkPeer;
    iceResponseStream >> *receivedPeer;
    if (!_icePeers.contains(receivedPeer->getUUID())) {
        qDebug() << "New peer requesting ICE connection being added to hash -" << *receivedPeer;
        SharedNetworkPeer newPeer = SharedNetworkPeer(receivedPeer);
        _icePeers[receivedPeer->getUUID()] = newPeer;
        // make sure we know when we should ping this peer
        connect(newPeer.data(), &NetworkPeer::pingTimerTimeout, this, &DomainGatekeeper::handlePeerPingTimeout);
        // immediately ping the new peer, and start a timer to continue pinging it until we connect to it
        newPeer->startPingTimer();
        qDebug() << "Sending ping packets to establish connectivity with ICE peer with ID"
            << newPeer->getUUID();
        pingPunchForConnectingPeer(newPeer);
    } else {
        delete receivedPeer;
    }
 }
 void DomainGatekeeper::processICEPingPacket(QSharedPointer<NLPacket> packet) {
    auto limitedNodeList = DependencyManager::get<LimitedNodeList>();
    auto pingReplyPacket = limitedNodeList->constructICEPingReplyPacket(*packet, limitedNodeList->getSessionUUID());
    limitedNodeList->sendPacket(std::move(pingReplyPacket), packet->getSenderSockAddr());
 }
 void DomainGatekeeper::processICEPingReplyPacket(QSharedPointer<NLPacket> packet) {
    QDataStream packetStream(packet.data());
    QUuid nodeUUID;
    packetStream >> nodeUUID;
    SharedNetworkPeer sendingPeer = _icePeers.value(nodeUUID);
    if (sendingPeer) {
        // we had this NetworkPeer in our connecting list - add the right sock addr to our connected list
        sendingPeer->activateMatchingOrNewSymmetricSocket(packet->getSenderSockAddr());
    }
 }
--- a/domain-server/src/DomainGatekeeper.h
+++ b/domain-server/src/DomainGatekeeper.h
@ -0,0 +1,93 @@
 //
 //  DomainGatekeeper.h
 //  domain-server/src
 //
 //  Created by Stephen Birarda on 2015-08-24.
 //  Copyright 2015 High Fidelity, Inc.
 //
 //  Distributed under the Apache License, Version 2.0.
 //  See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
 //
 #pragma once
 #ifndef hifi_DomainGatekeeper_h
 #define hifi_DomainGatekeeper_h
 #include <unordered_map>
 #include <QtCore/QObject>
 #include <QtNetwork/QNetworkReply>
 #include <NLPacket.h>
 #include <Node.h>
 #include <UUIDHasher.h>
 #include "NodeConnectionData.h"
 #include "PendingAssignedNodeData.h"
 class DomainServer;
 class DomainGatekeeper : public QObject {
    Q_OBJECT
 public:
    DomainGatekeeper(DomainServer* server);
    void addPendingAssignedNode(const QUuid& nodeUUID, const QUuid& assignmentUUID,
                                const QUuid& walletUUID, const QString& nodeVersion);
    QUuid assignmentUUIDForPendingAssignment(const QUuid& tempUUID);
    void preloadAllowedUserPublicKeys();
    void removeICEPeer(const QUuid& peerUUID) { _icePeers.remove(peerUUID); }
 public slots:
    void processConnectRequestPacket(QSharedPointer<NLPacket> packet);
    void processICEPingPacket(QSharedPointer<NLPacket> packet);
    void processICEPingReplyPacket(QSharedPointer<NLPacket> packet);
    void processICEPeerInformationPacket(QSharedPointer<NLPacket> packet);
    void publicKeyJSONCallback(QNetworkReply& requestReply);
 signals:
    void connectedNode(SharedNodePointer node);
 private slots:
    void handlePeerPingTimeout();
 private:
    SharedNodePointer processAssignmentConnectRequest(const NodeConnectionData& nodeConnection,
                                                      const PendingAssignedNodeData& pendingAssignment);
    SharedNodePointer processAgentConnectRequest(const NodeConnectionData& nodeConnection,
                                                 const QString& username,
                                                 const QByteArray& usernameSignature);
    SharedNodePointer addVerifiedNodeFromConnectRequest(const NodeConnectionData& nodeConnection);
    bool verifyUserSignature(const QString& username, const QByteArray& usernameSignature,
                             const HifiSockAddr& senderSockAddr);
    bool isVerifiedAllowedUser(const QString& username, const QByteArray& usernameSignature,
                               const HifiSockAddr& senderSockAddr);
    bool isWithinMaxCapacity(const QString& username, const QByteArray& usernameSignature,
                             bool& verifiedUsername,
                             const HifiSockAddr& senderSockAddr);
    bool shouldAllowConnectionFromNode(const QString& username, const QByteArray& usernameSignature,
                                       const HifiSockAddr& senderSockAddr);
    void sendConnectionTokenPacket(const QString& username, const HifiSockAddr& senderSockAddr);
    void sendConnectionDeniedPacket(const QString& reason, const HifiSockAddr& senderSockAddr);
    void pingPunchForConnectingPeer(const SharedNetworkPeer& peer);
    void requestUserPublicKey(const QString& username);
    DomainServer* _server;
    std::unordered_map<QUuid, PendingAssignedNodeData> _pendingAssignedNodes;
    QHash<QUuid, SharedNetworkPeer> _icePeers;
    QHash<QString, QUuid> _connectionTokenHash;
    QHash<QString, QByteArray> _userPublicKeys;
 };
 #endif // hifi_DomainGatekeeper_h
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@ -9,9 +9,7 @@
 //  See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
 //
-#include <openssl/err.h>
+#include "DomainServer.h"
 #include <openssl/rsa.h>
 #include <openssl/x509.h>
 #include <QDir>
 #include <QJsonDocument>
@ -38,24 +36,19 @@
 #include <LogHandler.h>
 #include "DomainServerNodeData.h"
-
+#include "NodeConnectionData.h"
 #include "DomainServer.h"
 int const DomainServer::EXIT_CODE_REBOOT = 234923;
 const QString ICE_SERVER_DEFAULT_HOSTNAME = "ice.highfidelity.io";
 const QString MAXIMUM_USER_CAPACITY = "security.maximum_user_capacity";
 const QString ALLOWED_EDITORS_SETTINGS_KEYPATH = "security.allowed_editors";
 const QString EDITORS_ARE_REZZERS_KEYPATH = "security.editors_are_rezzers";
 DomainServer::DomainServer(int argc, char* argv[]) :
    QCoreApplication(argc, argv),
    _gatekeeper(this),
    _httpManager(DOMAIN_SERVER_HTTP_PORT, QString("%1/resources/web/").arg(QCoreApplication::applicationDirPath()), this),
    _httpsManager(NULL),
    _allAssignments(),
    _unfulfilledAssignments(),
    _pendingAssignedNodes(),
    _isUsingDTLS(false),
    _oauthProviderURL(),
    _oauthClientID(),
@ -95,6 +88,9 @@ DomainServer::DomainServer(int argc, char* argv[]) :
    qRegisterMetaType<DomainServerWebSessionData>("DomainServerWebSessionData");
    qRegisterMetaTypeStreamOperators<DomainServerWebSessionData>("DomainServerWebSessionData");
    // make sure we hear about newly connected nodes from our gatekeeper
    connect(&_gatekeeper, &DomainGatekeeper::connectedNode, this, &DomainServer::handleConnectedNode);
    if (optionallyReadX509KeyAndCertificate() && optionallySetupOAuth() && optionallySetupAssignmentPayment()) {
        // we either read a certificate and private key or were not passed one
        // and completed login or did not need to
@ -108,7 +104,7 @@ DomainServer::DomainServer(int argc, char* argv[]) :
        setupAutomaticNetworking();
        // preload some user public keys so they can connect on first request
-        preloadAllowedUserPublicKeys();
+        _gatekeeper.preloadAllowedUserPublicKeys();
    }
 }
@ -289,17 +285,19 @@ void DomainServer::setupNodeListAndAssignments(const QUuid& sessionUUID) {
    // register as the packet receiver for the types we want
    PacketReceiver& packetReceiver = nodeList->getPacketReceiver();
    packetReceiver.registerListener(PacketType::RequestAssignment, this, "processRequestAssignmentPacket");
    packetReceiver.registerListener(PacketType::DomainConnectRequest, this, "processConnectRequestPacket");
    packetReceiver.registerListener(PacketType::DomainListRequest, this, "processListRequestPacket");
    packetReceiver.registerListener(PacketType::DomainServerPathQuery, this, "processPathQueryPacket");
    packetReceiver.registerListener(PacketType::NodeJsonStats, this, "processNodeJSONStatsPacket");
    packetReceiver.registerListener(PacketType::ICEPing, this, "processICEPingPacket");
    packetReceiver.registerListener(PacketType::ICEPingReply, this, "processICEPingReplyPacket");
    packetReceiver.registerListener(PacketType::ICEServerPeerInformation, this, "processICEPeerInformationPacket");
    // NodeList won't be available to the settings manager when it is created, so call registerListener here
    packetReceiver.registerListener(PacketType::DomainSettingsRequest, &_settingsManager, "processSettingsRequestPacket");
    // register the gatekeeper for the packetes it needs to receive
    packetReceiver.registerListener(PacketType::DomainConnectRequest, &_gatekeeper, "processConnectRequestPacket");
    packetReceiver.registerListener(PacketType::ICEPing, &_gatekeeper, "processICEPingPacket");
    packetReceiver.registerListener(PacketType::ICEPingReply, &_gatekeeper, "processICEPingReplyPacket");
    packetReceiver.registerListener(PacketType::ICEServerPeerInformation, &_gatekeeper, "processICEPeerInformationPacket");
    // add whatever static assignments that have been parsed to the queue
    addStaticAssignmentsToQueue();
 }
@ -595,217 +593,20 @@ void DomainServer::populateDefaultStaticAssignmentsExcludingTypes(const QSet<Ass
    }
 }
 const NodeSet STATICALLY_ASSIGNED_NODES = NodeSet() << NodeType::AudioMixer
    << NodeType::AvatarMixer << NodeType::EntityServer;
 void DomainServer::processConnectRequestPacket(QSharedPointer<NLPacket> packet) {
    NodeType_t nodeType;
    HifiSockAddr publicSockAddr, localSockAddr;
    if (packet->getPayloadSize() == 0) {
        return;
    }
    QDataStream packetStream(packet.data());
    QUuid connectUUID;
    packetStream >> connectUUID;
    const HifiSockAddr& senderSockAddr = packet->getSenderSockAddr();
    parseNodeData(packetStream, nodeType, publicSockAddr, localSockAddr, senderSockAddr);
    if (localSockAddr.isNull() || senderSockAddr.isNull()) {
        qDebug() << "Unexpected data received for node local socket or public socket. Will not allow connection.";
        return;
    }
    // check if this connect request matches an assignment in the queue
    bool isAssignment = _pendingAssignedNodes.contains(connectUUID);
    SharedAssignmentPointer matchingQueuedAssignment = SharedAssignmentPointer();
    PendingAssignedNodeData* pendingAssigneeData = NULL;
    if (isAssignment) {
        pendingAssigneeData = _pendingAssignedNodes.value(connectUUID);
        if (pendingAssigneeData) {
            matchingQueuedAssignment = matchingQueuedAssignmentForCheckIn(pendingAssigneeData->getAssignmentUUID(), nodeType);
            if (matchingQueuedAssignment) {
                qDebug() << "Assignment deployed with" << uuidStringWithoutCurlyBraces(connectUUID)
                    << "matches unfulfilled assignment"
                    << uuidStringWithoutCurlyBraces(matchingQueuedAssignment->getUUID());
                // remove this unique assignment deployment from the hash of pending assigned nodes
                // cleanup of the PendingAssignedNodeData happens below after the node has been added to the LimitedNodeList
                _pendingAssignedNodes.remove(connectUUID);
            } else {
                // this is a node connecting to fulfill an assignment that doesn't exist
                // don't reply back to them so they cycle back and re-request an assignment
                qDebug() << "No match for assignment deployed with" << uuidStringWithoutCurlyBraces(connectUUID);
                return;
            }
        }
    }
    QList<NodeType_t> nodeInterestList;
    QString username;
    QByteArray usernameSignature;
    auto limitedNodeList = DependencyManager::get<LimitedNodeList>();
    packetStream >> nodeInterestList;
    if (packet->bytesLeftToRead() > 0) {
        // try to verify username
        packetStream >> username;
    }
    bool isRestrictingAccess =
        _settingsManager.valueOrDefaultValueForKeyPath(RESTRICTED_ACCESS_SETTINGS_KEYPATH).toBool();
     // we always let in a user who is sending a packet from our local socket or from the localhost address
    bool isLocalUser = (senderSockAddr.getAddress() == DependencyManager::get<LimitedNodeList>()->getLocalSockAddr().getAddress() || senderSockAddr.getAddress() == QHostAddress::LocalHost);
    if (isRestrictingAccess && !isLocalUser) {
        if (!username.isEmpty()) {
            // if there's a username, try to unpack username signature
            packetStream >> usernameSignature;
            if (usernameSignature.isEmpty()) {
                // if user didn't include usernameSignature in connect request, send a connectionToken packet
                QUuid& connectionToken = _connectionTokenHash[username.toLower()];
                if (connectionToken.isNull()) {
                    connectionToken = QUuid::createUuid();
                }
                static auto connectionTokenPacket = NLPacket::create(PacketType::DomainServerConnectionToken, NUM_BYTES_RFC4122_UUID);
                connectionTokenPacket->reset();
                connectionTokenPacket->write(connectionToken.toRfc4122());
                limitedNodeList->sendUnreliablePacket(*connectionTokenPacket, packet->getSenderSockAddr());
                return;
            }
        }
    }
    QString reason;
    if (!isAssignment && !shouldAllowConnectionFromNode(username, usernameSignature, senderSockAddr, reason)) {
        // this is an agent and we've decided we won't let them connect - send them a packet to deny connection
        QByteArray utfString = reason.toUtf8();
        quint16 payloadSize = utfString.size();
        auto connectionDeniedPacket = NLPacket::create(PacketType::DomainConnectionDenied, payloadSize + sizeof(payloadSize));
        if (payloadSize > 0) {
            connectionDeniedPacket->writePrimitive(payloadSize);
            connectionDeniedPacket->write(utfString);
        }
        // tell client it has been refused.
        limitedNodeList->sendPacket(std::move(connectionDeniedPacket), senderSockAddr);
        return;
    }
    if ((!isAssignment && !STATICALLY_ASSIGNED_NODES.contains(nodeType))
        || (isAssignment && matchingQueuedAssignment)) {
        // this was either not a static assignment or it was and we had a matching one in the queue
        QUuid nodeUUID;
        HifiSockAddr discoveredSocket = senderSockAddr;
        SharedNetworkPeer connectedPeer = _icePeers.value(connectUUID);
        if (connectedPeer) {
            //  this user negotiated a connection with us via ICE, so re-use their ICE client ID
            nodeUUID = connectUUID;
            if (connectedPeer->getActiveSocket()) {
                // set their discovered socket to whatever the activated socket on the network peer object was
                discoveredSocket = *connectedPeer->getActiveSocket();
            }
        } else {
            // we got a connectUUID we didn't recognize, just add the node with a new UUID
            nodeUUID = QUuid::createUuid();
        }
        // if this user is in the editors list (or if the editors list is empty) set the user's node's canAdjustLocks to true
        const QVariant* allowedEditorsVariant =
            valueForKeyPath(_settingsManager.getSettingsMap(), ALLOWED_EDITORS_SETTINGS_KEYPATH);
        QStringList allowedEditors = allowedEditorsVariant ? allowedEditorsVariant->toStringList() : QStringList();
        bool canAdjustLocks = allowedEditors.isEmpty() || allowedEditors.contains(username);
        const QVariant* editorsAreRezzersVariant =
            valueForKeyPath(_settingsManager.getSettingsMap(), EDITORS_ARE_REZZERS_KEYPATH);
        bool onlyEditorsAreRezzers = false;
        if (editorsAreRezzersVariant) {
            onlyEditorsAreRezzers = editorsAreRezzersVariant->toBool();
        }
        bool canRez = true;
        if (onlyEditorsAreRezzers) {
            canRez = canAdjustLocks;
        }
        SharedNodePointer newNode = limitedNodeList->addOrUpdateNode(nodeUUID, nodeType,
                                                                     publicSockAddr, localSockAddr,
                                                                     canAdjustLocks, canRez);
        // So that we can send messages to this node at will - we need to activate the correct socket on this node now
        newNode->activateMatchingOrNewSymmetricSocket(discoveredSocket);
        // when the newNode is created the linked data is also created
        // if this was a static assignment set the UUID, set the sendingSockAddr
        DomainServerNodeData* nodeData = reinterpret_cast<DomainServerNodeData*>(newNode->getLinkedData());
        if (isAssignment) {
            nodeData->setAssignmentUUID(matchingQueuedAssignment->getUUID());
            nodeData->setWalletUUID(pendingAssigneeData->getWalletUUID());
            nodeData->setNodeVersion(pendingAssigneeData->getNodeVersion());
            // always allow assignment clients to create and destroy entities
            newNode->setCanAdjustLocks(true);
            newNode->setCanRez(true);
            // now that we've pulled the wallet UUID and added the node to our list, delete the pending assignee data
            delete pendingAssigneeData;
        }
        if (!username.isEmpty()) {
            // if we have a username from the connect request, set it on the DomainServerNodeData
            nodeData->setUsername(username);
            // also add an interpolation to JSONBreakableMarshal so that servers can get username in stats
            JSONBreakableMarshal::addInterpolationForKey(USERNAME_UUID_REPLACEMENT_STATS_KEY,
                uuidStringWithoutCurlyBraces(nodeUUID), username);
        }
        nodeData->setSendingSockAddr(senderSockAddr);
        // reply back to the user with a PacketType::DomainList
        sendDomainListToNode(newNode, senderSockAddr, nodeInterestList.toSet());
        // send out this node to our other connected nodes
        broadcastNewNode(newNode);
    }
 }
 void DomainServer::processListRequestPacket(QSharedPointer<NLPacket> packet, SharedNodePointer sendingNode) {
    NodeType_t throwawayNodeType;
    HifiSockAddr nodePublicAddress, nodeLocalAddress;
    QDataStream packetStream(packet.data());
    NodeConnectionData nodeRequestData = NodeConnectionData::fromDataStream(packetStream, packet->getSenderSockAddr(), false);
-    parseNodeData(packetStream, throwawayNodeType, nodePublicAddress, nodeLocalAddress, packet->getSenderSockAddr());
+    // update this node's sockets in case they have changed
    sendingNode->setPublicSocket(nodeRequestData.publicSockAddr);
    sendingNode->setLocalSocket(nodeRequestData.localSockAddr);
-    sendingNode->setPublicSocket(nodePublicAddress);
+    // update the NodeInterestSet in case there have been any changes
-    sendingNode->setLocalSocket(nodeLocalAddress);
+    DomainServerNodeData* nodeData = reinterpret_cast<DomainServerNodeData*>(sendingNode->getLinkedData());
    nodeData->setNodeInterestSet(nodeRequestData.interestList.toSet());
-    QList<NodeType_t> nodeInterestList;
+    sendDomainListToNode(sendingNode, packet->getSenderSockAddr());
    packetStream >> nodeInterestList;
    sendDomainListToNode(sendingNode, packet->getSenderSockAddr(), nodeInterestList.toSet());
 }
 unsigned int DomainServer::countConnectedUsers() {
@ -819,156 +620,6 @@ unsigned int DomainServer::countConnectedUsers() {
    return result;
 }
 bool DomainServer::verifyUserSignature(const QString& username,
                                       const QByteArray& usernameSignature,
                                       QString& reasonReturn) {
    // it's possible this user can be allowed to connect, but we need to check their username signature
    QByteArray publicKeyArray = _userPublicKeys.value(username);
    const QUuid& connectionToken = _connectionTokenHash.value(username.toLower());
    if (!publicKeyArray.isEmpty() && !connectionToken.isNull()) {
        // if we do have a public key for the user, check for a signature match
        const unsigned char* publicKeyData = reinterpret_cast<const unsigned char*>(publicKeyArray.constData());
        // first load up the public key into an RSA struct
        RSA* rsaPublicKey = d2i_RSA_PUBKEY(NULL, &publicKeyData, publicKeyArray.size());
        QByteArray lowercaseUsername = username.toLower().toUtf8();
        QByteArray usernameWithToken = QCryptographicHash::hash(lowercaseUsername.append(connectionToken.toRfc4122()),
                                                                QCryptographicHash::Sha256);
        if (rsaPublicKey) {
            QByteArray decryptedArray(RSA_size(rsaPublicKey), 0);
            int decryptResult = RSA_verify(NID_sha256,
                                           reinterpret_cast<const unsigned char*>(usernameWithToken.constData()),
                                           usernameWithToken.size(),
                                           reinterpret_cast<const unsigned char*>(usernameSignature.constData()),
                                           usernameSignature.size(),
                                           rsaPublicKey);
            if (decryptResult == 1) {
                qDebug() << "Username signature matches for" << username << "- allowing connection.";
                // free up the public key and remove connection token before we return
                RSA_free(rsaPublicKey);
                _connectionTokenHash.remove(username);
                return true;
            } else {
                qDebug() << "Error decrypting username signature for " << username << "- denying connection.";
                reasonReturn = "Error decrypting username signature.";
                // free up the public key, we don't need it anymore
                RSA_free(rsaPublicKey);
            }
        } else {
            // we can't let this user in since we couldn't convert their public key to an RSA key we could use
            qDebug() << "Couldn't convert data to RSA key for" << username << "- denying connection.";
            reasonReturn = "Couldn't convert data to RSA key.";
        }
    } else {
        qDebug() << "Insufficient data to decrypt username signature - denying connection.";
        reasonReturn = "Insufficient data";
    }
    requestUserPublicKey(username); // no joy.  maybe next time?
    return false;
 }
 bool DomainServer::shouldAllowConnectionFromNode(const QString& username,
                                                 const QByteArray& usernameSignature,
                                                 const HifiSockAddr& senderSockAddr,
                                                 QString& reasonReturn) {
    //TODO: improve flow so these bools aren't declared twice
    bool isRestrictingAccess =
        _settingsManager.valueOrDefaultValueForKeyPath(RESTRICTED_ACCESS_SETTINGS_KEYPATH).toBool();
    bool isLocalUser = (senderSockAddr.getAddress() == DependencyManager::get<LimitedNodeList>()->getLocalSockAddr().getAddress() || senderSockAddr.getAddress() == QHostAddress::LocalHost);
    if (isRestrictingAccess && !isLocalUser) {
        QStringList allowedUsers =
            _settingsManager.valueOrDefaultValueForKeyPath(ALLOWED_USERS_SETTINGS_KEYPATH).toStringList();
        if (allowedUsers.contains(username, Qt::CaseInsensitive)) {
            if (username.isEmpty()) {
                qDebug() << "Connect request denied - no username provided.";
                reasonReturn = "No username provided";
                return false;
            }
            if (!verifyUserSignature(username, usernameSignature, reasonReturn)) {
                return false;
            }
        } else {
            qDebug() << "Connect request denied for user" << username << "not in allowed users list.";
            reasonReturn = "User not on whitelist.";
            return false;
        }
    }
    // either we aren't restricting users, or this user is in the allowed list
    // if this user is in the editors list, exempt them from the max-capacity check
    const QVariant* allowedEditorsVariant =
        valueForKeyPath(_settingsManager.getSettingsMap(), ALLOWED_EDITORS_SETTINGS_KEYPATH);
    QStringList allowedEditors = allowedEditorsVariant ? allowedEditorsVariant->toStringList() : QStringList();
    if (allowedEditors.contains(username)) {
        if (verifyUserSignature(username, usernameSignature, reasonReturn)) {
            return true;
        }
    }
    // if we haven't reached max-capacity, let them in.
    const QVariant* maximumUserCapacityVariant = valueForKeyPath(_settingsManager.getSettingsMap(), MAXIMUM_USER_CAPACITY);
    unsigned int maximumUserCapacity = maximumUserCapacityVariant ? maximumUserCapacityVariant->toUInt() : 0;
    if (maximumUserCapacity > 0) {
        unsigned int connectedUsers = countConnectedUsers();
        if (connectedUsers >= maximumUserCapacity) {
            // too many users, deny the new connection.
            qDebug() << connectedUsers << "/" << maximumUserCapacity << "users connected, denying new connection.";
            reasonReturn = "Too many connected users.";
            return false;
        }
        qDebug() << connectedUsers << "/" << maximumUserCapacity << "users connected, perhaps allowing new connection.";
    }
    return true;
 }
 void DomainServer::preloadAllowedUserPublicKeys() {
    const QVariant* allowedUsersVariant = valueForKeyPath(_settingsManager.getSettingsMap(), ALLOWED_USERS_SETTINGS_KEYPATH);
    QStringList allowedUsers = allowedUsersVariant ? allowedUsersVariant->toStringList() : QStringList();
    if (allowedUsers.size() > 0) {
        // in the future we may need to limit how many requests here - for now assume that lists of allowed users are not
        // going to create > 100 requests
        foreach(const QString& username, allowedUsers) {
            requestUserPublicKey(username);
        }
    }
 }
 void DomainServer::requestUserPublicKey(const QString& username) {
    // even if we have a public key for them right now, request a new one in case it has just changed
    JSONCallbackParameters callbackParams;
    callbackParams.jsonCallbackReceiver = this;
    callbackParams.jsonCallbackMethod = "publicKeyJSONCallback";
    const QString USER_PUBLIC_KEY_PATH = "api/v1/users/%1/public_key";
    qDebug() << "Requesting public key for user" << username;
    AccountManager::getInstance().sendRequest(USER_PUBLIC_KEY_PATH.arg(username),
                                              AccountManagerAuth::None,
                                              QNetworkAccessManager::GetOperation, callbackParams);
 }
 QUrl DomainServer::oauthRedirectURL() {
    return QString("https://%1:%2/oauth").arg(_hostname).arg(_httpsManager->serverPort());
 }
@ -1003,30 +654,18 @@ QUrl DomainServer::oauthAuthorizationURL(const QUuid& stateUUID) {
    return authorizationURL;
 }
-int DomainServer::parseNodeData(QDataStream& packetStream, NodeType_t& nodeType,
+void DomainServer::handleConnectedNode(SharedNodePointer newNode) {
                                HifiSockAddr& publicSockAddr, HifiSockAddr& localSockAddr,
                                const HifiSockAddr& senderSockAddr) {
    packetStream >> nodeType;
    packetStream >> publicSockAddr >> localSockAddr;
-    if (publicSockAddr.getAddress().isNull()) {
+    DomainServerNodeData* nodeData = reinterpret_cast<DomainServerNodeData*>(newNode->getLinkedData());
        // this node wants to use us its STUN server
        // so set the node public address to whatever we perceive the public address to be
-        // if the sender is on our box then leave its public address to 0 so that
+    // reply back to the user with a PacketType::DomainList
-        // other users attempt to reach it on the same address they have for the domain-server
+    sendDomainListToNode(newNode, nodeData->getSendingSockAddr());
        if (senderSockAddr.getAddress().isLoopback()) {
            publicSockAddr.setAddress(QHostAddress());
        } else {
            publicSockAddr.setAddress(senderSockAddr.getAddress());
        }
    }
-    return packetStream.device()->pos();
+    // send out this node to our other connected nodes
    broadcastNewNode(newNode);
 }
-void DomainServer::sendDomainListToNode(const SharedNodePointer& node, const HifiSockAddr &senderSockAddr,
+void DomainServer::sendDomainListToNode(const SharedNodePointer& node, const HifiSockAddr &senderSockAddr) {
                                        const NodeSet& nodeInterestSet) {
    const int NUM_DOMAIN_LIST_EXTENDED_HEADER_BYTES = NUM_BYTES_RFC4122_UUID + NUM_BYTES_RFC4122_UUID + 2;
    // setup the extended header for the domain list packets
@ -1049,7 +688,7 @@ void DomainServer::sendDomainListToNode(const SharedNodePointer& node, const Hif
    DomainServerNodeData* nodeData = reinterpret_cast<DomainServerNodeData*>(node->getLinkedData());
    // store the nodeInterestSet on this DomainServerNodeData, in case it has changed
-    nodeData->setNodeInterestSet(nodeInterestSet);
+    auto& nodeInterestSet = nodeData->getNodeInterestSet();
    if (nodeInterestSet.size() > 0) {
@ -1058,6 +697,7 @@ void DomainServer::sendDomainListToNode(const SharedNodePointer& node, const Hif
            // if this authenticated node has any interest types, send back those nodes as well
            limitedNodeList->eachNode([&](const SharedNodePointer& otherNode){
                if (otherNode->getUUID() != node->getUUID() && nodeInterestSet.contains(otherNode->getType())) {
                    // since we're about to add a node to the packet we start a segment
                    domainListPackets.startSegment();
@ -1189,11 +829,10 @@ void DomainServer::processRequestAssignmentPacket(QSharedPointer<NLPacket> packe
        auto limitedNodeList = DependencyManager::get<LimitedNodeList>();
        limitedNodeList->sendUnreliablePacket(*assignmentPacket, packet->getSenderSockAddr());
-        // add the information for that deployed assignment to the hash of pending assigned nodes
+        // give the information for that deployed assignment to the gatekeeper so it knows to that that node
-        PendingAssignedNodeData* pendingNodeData = new PendingAssignedNodeData(assignmentToDeploy->getUUID(),
+        // in when it comes back around
-                                                                               requestAssignment.getWalletUUID(),
+        _gatekeeper.addPendingAssignedNode(uniqueAssignment.getUUID(), assignmentToDeploy->getUUID(),
-                                                                               requestAssignment.getNodeVersion());
+                                           requestAssignment.getWalletUUID(), requestAssignment.getNodeVersion());
        _pendingAssignedNodes.insert(uniqueAssignment.getUUID(), pendingNodeData);
    } else {
        if (requestAssignment.getType() != Assignment::AgentType
            || noisyMessageTimer.elapsed() > NOISY_MESSAGE_INTERVAL_MSECS) {
@ -1273,30 +912,6 @@ void DomainServer::sendPendingTransactionsToServer() {
    }
 }
 void DomainServer::publicKeyJSONCallback(QNetworkReply& requestReply) {
    QJsonObject jsonObject = QJsonDocument::fromJson(requestReply.readAll()).object();
    if (jsonObject["status"].toString() == "success") {
        // figure out which user this is for
        const QString PUBLIC_KEY_URL_REGEX_STRING = "api\\/v1\\/users\\/([A-Za-z0-9_\\.]+)\\/public_key";
        QRegExp usernameRegex(PUBLIC_KEY_URL_REGEX_STRING);
        if (usernameRegex.indexIn(requestReply.url().toString()) != -1) {
            QString username = usernameRegex.cap(1);
            qDebug() << "Storing a public key for user" << username;
            // pull the public key as a QByteArray from this response
            const QString JSON_DATA_KEY = "data";
            const QString JSON_PUBLIC_KEY_KEY = "public_key";
            _userPublicKeys[username] =
                QByteArray::fromBase64(jsonObject[JSON_DATA_KEY].toObject()[JSON_PUBLIC_KEY_KEY].toString().toUtf8());
        }
    }
 }
 void DomainServer::transactionJSONCallback(const QJsonObject& data) {
    // check if this was successful - if so we can remove it from our list of pending
    if (data.value("status").toString() == "success") {
@ -1393,91 +1008,6 @@ void DomainServer::sendHeartbeatToIceServer() {
    DependencyManager::get<LimitedNodeList>()->sendHeartbeatToIceServer(_iceServerSocket);
 }
 const int NUM_PEER_PINGS_BEFORE_DELETE = 2000 / UDP_PUNCH_PING_INTERVAL_MS;
 void DomainServer::pingPunchForConnectingPeer(const SharedNetworkPeer& peer) {
    if (peer->getConnectionAttempts() > 0 && peer->getConnectionAttempts() % NUM_PEER_PINGS_BEFORE_DELETE == 0) {
        // we've reached the maximum number of ping attempts
        qDebug() << "Maximum number of ping attempts reached for peer with ID" << peer->getUUID();
        qDebug() << "Removing from list of connecting peers.";
        _icePeers.remove(peer->getUUID());
    } else {
        auto limitedNodeList = DependencyManager::get<LimitedNodeList>();
        // send the ping packet to the local and public sockets for this node
        auto localPingPacket = limitedNodeList->constructICEPingPacket(PingType::Local, limitedNodeList->getSessionUUID());
        limitedNodeList->sendPacket(std::move(localPingPacket), peer->getLocalSocket());
        auto publicPingPacket = limitedNodeList->constructICEPingPacket(PingType::Public, limitedNodeList->getSessionUUID());
        limitedNodeList->sendPacket(std::move(publicPingPacket), peer->getPublicSocket());
        peer->incrementConnectionAttempts();
    }
 }
 void DomainServer::handlePeerPingTimeout() {
    NetworkPeer* senderPeer = qobject_cast<NetworkPeer*>(sender());
    if (senderPeer) {
        SharedNetworkPeer sharedPeer = _icePeers.value(senderPeer->getUUID());
        if (sharedPeer && !sharedPeer->getActiveSocket()) {
            pingPunchForConnectingPeer(sharedPeer);
        }
    }
 }
 void DomainServer::processICEPeerInformationPacket(QSharedPointer<NLPacket> packet) {
    // loop through the packet and pull out network peers
    // any peer we don't have we add to the hash, otherwise we update
    QDataStream iceResponseStream(packet.data());
    NetworkPeer* receivedPeer = new NetworkPeer;
    iceResponseStream >> *receivedPeer;
    if (!_icePeers.contains(receivedPeer->getUUID())) {
        qDebug() << "New peer requesting ICE connection being added to hash -" << *receivedPeer;
        SharedNetworkPeer newPeer = SharedNetworkPeer(receivedPeer);
        _icePeers[receivedPeer->getUUID()] = newPeer;
        // make sure we know when we should ping this peer
        connect(newPeer.data(), &NetworkPeer::pingTimerTimeout, this, &DomainServer::handlePeerPingTimeout);
        // immediately ping the new peer, and start a timer to continue pinging it until we connect to it
        newPeer->startPingTimer();
        qDebug() << "Sending ping packets to establish connectivity with ICE peer with ID"
            << newPeer->getUUID();
        pingPunchForConnectingPeer(newPeer);
    } else {
        delete receivedPeer;
    }
 }
 void DomainServer::processICEPingPacket(QSharedPointer<NLPacket> packet) {
    auto limitedNodeList = DependencyManager::get<LimitedNodeList>();
    auto pingReplyPacket = limitedNodeList->constructICEPingReplyPacket(*packet, limitedNodeList->getSessionUUID());
    limitedNodeList->sendPacket(std::move(pingReplyPacket), packet->getSenderSockAddr());
 }
 void DomainServer::processICEPingReplyPacket(QSharedPointer<NLPacket> packet) {
    QDataStream packetStream(packet.data());
    QUuid nodeUUID;
    packetStream >> nodeUUID;
    SharedNetworkPeer sendingPeer = _icePeers.value(nodeUUID);
    if (sendingPeer) {
        // we had this NetworkPeer in our connecting list - add the right sock addr to our connected list
        sendingPeer->activateMatchingOrNewSymmetricSocket(packet->getSenderSockAddr());
    }
 }
 void DomainServer::processNodeJSONStatsPacket(QSharedPointer<NLPacket> packet, SharedNodePointer sendingNode) {
    auto nodeData = dynamic_cast<DomainServerNodeData*>(sendingNode->getLinkedData());
    if (nodeData) {
@ -1589,9 +1119,9 @@ bool DomainServer::handleHTTPRequest(HTTPConnection* connection, const QUrl& url
        SharedAssignmentPointer matchingAssignment = _allAssignments.value(matchingUUID);
        if (!matchingAssignment) {
            // check if we have a pending assignment that matches this temp UUID, and it is a scripted assignment
-            PendingAssignedNodeData* pendingData = _pendingAssignedNodes.value(matchingUUID);
+            QUuid assignmentUUID = _gatekeeper.assignmentUUIDForPendingAssignment(matchingUUID);
-            if (pendingData) {
+            if (!assignmentUUID.isNull()) {
-                matchingAssignment = _allAssignments.value(pendingData->getAssignmentUUID());
+                matchingAssignment = _allAssignments.value(assignmentUUID);
                if (matchingAssignment && matchingAssignment->getType() == Assignment::AgentType) {
                    // we have a matching assignment and it is for the right type, have the HTTP manager handle it
@ -1599,7 +1129,7 @@ bool DomainServer::handleHTTPRequest(HTTPConnection* connection, const QUrl& url
                    QUrl scriptURL = url;
                    scriptURL.setPath(URI_ASSIGNMENT + "/scripts/"
-                                      + uuidStringWithoutCurlyBraces(pendingData->getAssignmentUUID()));
+                                      + uuidStringWithoutCurlyBraces(assignmentUUID));
                    // have the HTTPManager serve the appropriate script file
                    return _httpManager.handleHTTPRequest(connection, scriptURL, true);
@ -2133,7 +1663,7 @@ void DomainServer::nodeAdded(SharedNodePointer node) {
 void DomainServer::nodeKilled(SharedNodePointer node) {
    // if this peer connected via ICE then remove them from our ICE peers hash
-    _icePeers.remove(node->getUUID());
+    _gatekeeper.removeICEPeer(node->getUUID());
    DomainServerNodeData* nodeData = reinterpret_cast<DomainServerNodeData*>(node->getLinkedData());
@ -2161,7 +1691,7 @@ void DomainServer::nodeKilled(SharedNodePointer node) {
    }
 }
-SharedAssignmentPointer DomainServer::matchingQueuedAssignmentForCheckIn(const QUuid& assignmentUUID, NodeType_t nodeType) {
+SharedAssignmentPointer DomainServer::dequeueMatchingAssignment(const QUuid& assignmentUUID, NodeType_t nodeType) {
    QQueue<SharedAssignmentPointer>::iterator i = _unfulfilledAssignments.begin();
    while (i != _unfulfilledAssignments.end()) {
@ -2212,20 +1742,6 @@ SharedAssignmentPointer DomainServer::deployableAssignmentForRequest(const Assig
    return SharedAssignmentPointer();
 }
 void DomainServer::removeMatchingAssignmentFromQueue(const SharedAssignmentPointer& removableAssignment) {
    QQueue<SharedAssignmentPointer>::iterator potentialMatchingAssignment = _unfulfilledAssignments.begin();
    while (potentialMatchingAssignment != _unfulfilledAssignments.end()) {
        if (potentialMatchingAssignment->data()->getUUID() == removableAssignment->getUUID()) {
            _unfulfilledAssignments.erase(potentialMatchingAssignment);
            // we matched and removed an assignment, bail out
            break;
        } else {
            ++potentialMatchingAssignment;
        }
    }
 }
 void DomainServer::addStaticAssignmentsToQueue() {
    // if the domain-server has just restarted,
--- a/domain-server/src/DomainServer.h
+++ b/domain-server/src/DomainServer.h
@ -25,6 +25,7 @@
 #include <HTTPSConnection.h>
 #include <LimitedNodeList.h>
 #include "DomainGatekeeper.h"
 #include "DomainServerSettingsManager.h"
 #include "DomainServerWebSessionData.h"
 #include "WalletTransaction.h"
@ -51,19 +52,14 @@ public slots:
    /// Called by NodeList to inform us a node has been killed
    void nodeKilled(SharedNodePointer node);
    void publicKeyJSONCallback(QNetworkReply& requestReply);
    void transactionJSONCallback(const QJsonObject& data);
    void restart();
    void processRequestAssignmentPacket(QSharedPointer<NLPacket> packet);
    void processConnectRequestPacket(QSharedPointer<NLPacket> packet);
    void processListRequestPacket(QSharedPointer<NLPacket> packet, SharedNodePointer sendingNode);
    void processNodeJSONStatsPacket(QSharedPointer<NLPacket> packet, SharedNodePointer sendingNode);
    void processPathQueryPacket(QSharedPointer<NLPacket> packet);
    void processICEPingPacket(QSharedPointer<NLPacket> packet);
    void processICEPingReplyPacket(QSharedPointer<NLPacket> packet);
    void processICEPeerInformationPacket(QSharedPointer<NLPacket> packet);
 private slots:
    void aboutToQuit();
@ -75,7 +71,9 @@ private slots:
    void performIPAddressUpdate(const HifiSockAddr& newPublicSockAddr);
    void sendHeartbeatToDataServer() { sendHeartbeatToDataServer(QString()); }
    void sendHeartbeatToIceServer();
-    void handlePeerPingTimeout();
+    
    void handleConnectedNode(SharedNodePointer newNode);
 private:
    void setupNodeListAndAssignments(const QUuid& sessionUUID = QUuid::createUuid());
    bool optionallySetupOAuth();
@ -88,20 +86,9 @@ private:
    void setupAutomaticNetworking();
    void sendHeartbeatToDataServer(const QString& networkAddress);
    void pingPunchForConnectingPeer(const SharedNetworkPeer& peer);
    unsigned int countConnectedUsers();
    bool verifyUserSignature (const QString& username, const QByteArray& usernameSignature, QString& reasonReturn);
    bool shouldAllowConnectionFromNode(const QString& username, const QByteArray& usernameSignature,
                                       const HifiSockAddr& senderSockAddr, QString& reasonReturn);
-    void preloadAllowedUserPublicKeys();
+    void sendDomainListToNode(const SharedNodePointer& node, const HifiSockAddr& senderSockAddr);
    void requestUserPublicKey(const QString& username);
    int parseNodeData(QDataStream& packetStream, NodeType_t& nodeType,
                      HifiSockAddr& publicSockAddr, HifiSockAddr& localSockAddr, const HifiSockAddr& senderSockAddr);
    void sendDomainListToNode(const SharedNodePointer& node, const HifiSockAddr& senderSockAddr,
                              const NodeSet& nodeInterestSet);
    QUuid connectionSecretForNodes(const SharedNodePointer& nodeA, const SharedNodePointer& nodeB);
    void broadcastNewNode(const SharedNodePointer& node);
@ -112,9 +99,8 @@ private:
    void populateDefaultStaticAssignmentsExcludingTypes(const QSet<Assignment::Type>& excludedTypes);
    void populateStaticScriptedAssignmentsFromSettings();
-    SharedAssignmentPointer matchingQueuedAssignmentForCheckIn(const QUuid& checkInUUID, NodeType_t nodeType);
+    SharedAssignmentPointer dequeueMatchingAssignment(const QUuid& checkInUUID, NodeType_t nodeType);
    SharedAssignmentPointer deployableAssignmentForRequest(const Assignment& requestAssignment);
    void removeMatchingAssignmentFromQueue(const SharedAssignmentPointer& removableAssignment);
    void refreshStaticAssignmentAndAddToQueue(SharedAssignmentPointer& assignment);
    void addStaticAssignmentsToQueue();
@ -133,12 +119,13 @@ private:
    QJsonObject jsonForSocket(const HifiSockAddr& socket);
    QJsonObject jsonObjectForNode(const SharedNodePointer& node);
    DomainGatekeeper _gatekeeper;
    HTTPManager _httpManager;
    HTTPSManager* _httpsManager;
    QHash<QUuid, SharedAssignmentPointer> _allAssignments;
    QQueue<SharedAssignmentPointer> _unfulfilledAssignments;
    QHash<QUuid, PendingAssignedNodeData*> _pendingAssignedNodes;
    TransactionHash _pendingAssignmentCredits;
    bool _isUsingDTLS;
@ -151,17 +138,13 @@ private:
    QSet<QUuid> _webAuthenticationStateSet;
    QHash<QUuid, DomainServerWebSessionData> _cookieSessionHash;
    QHash<QString, QUuid> _connectionTokenHash;
    QHash<QString, QByteArray> _userPublicKeys;
    QHash<QUuid, SharedNetworkPeer> _icePeers;
    QString _automaticNetworkingSetting;
    DomainServerSettingsManager _settingsManager;
    HifiSockAddr _iceServerSocket;
    friend class DomainGatekeeper;
 };
--- a/domain-server/src/NodeConnectionData.cpp
+++ b/domain-server/src/NodeConnectionData.cpp
@ -0,0 +1,42 @@
 //
 //  NodeConnectionData.cpp
 //  domain-server/src
 //
 //  Created by Stephen Birarda on 2015-08-24.
 //  Copyright 2015 High Fidelity, Inc.
 //
 //  Distributed under the Apache License, Version 2.0.
 //  See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
 //
 #include "NodeConnectionData.h"
 NodeConnectionData NodeConnectionData::fromDataStream(QDataStream& dataStream, const HifiSockAddr& senderSockAddr,
                                                      bool isConnectRequest) {
    NodeConnectionData newHeader;
    if (isConnectRequest) {
        dataStream >> newHeader.connectUUID;
    }
    dataStream >> newHeader.nodeType
        >> newHeader.publicSockAddr >> newHeader.localSockAddr
        >> newHeader.interestList;
    newHeader.senderSockAddr = senderSockAddr;
    if (newHeader.publicSockAddr.getAddress().isNull()) {
        // this node wants to use us its STUN server
        // so set the node public address to whatever we perceive the public address to be
        // if the sender is on our box then leave its public address to 0 so that
        // other users attempt to reach it on the same address they have for the domain-server
        if (senderSockAddr.getAddress().isLoopback()) {
            newHeader.publicSockAddr.setAddress(QHostAddress());
        } else {
            newHeader.publicSockAddr.setAddress(senderSockAddr.getAddress());
        }
    }
    return newHeader;
 }
--- a/domain-server/src/NodeConnectionData.h
+++ b/domain-server/src/NodeConnectionData.h
@ -0,0 +1,33 @@
 //
 //  NodeConnectionData.h
 //  domain-server/src
 //
 //  Created by Stephen Birarda on 2015-08-24.
 //  Copyright 2015 High Fidelity, Inc.
 //
 //  Distributed under the Apache License, Version 2.0.
 //  See the accompanying file LICENSE or http://www.apache.org/licenses/LICENSE-2.0.html
 //
 #pragma once
 #ifndef hifi_NodeConnectionData_h
 #define hifi_NodeConnectionData_h
 #include <Node.h>
 class NodeConnectionData {
 public:
    static NodeConnectionData fromDataStream(QDataStream& dataStream, const HifiSockAddr& senderSockAddr,
                                             bool isConnectRequest = true);
    QUuid connectUUID;
    NodeType_t nodeType;
    HifiSockAddr publicSockAddr;
    HifiSockAddr localSockAddr;
    HifiSockAddr senderSockAddr;
    QList<NodeType_t> interestList;
 };
 #endif // hifi_NodeConnectionData_h
--- a/libraries/networking/src/LimitedNodeList.h
+++ b/libraries/networking/src/LimitedNodeList.h
@ -138,7 +138,7 @@ public:
    SharedNodePointer addOrUpdateNode(const QUuid& uuid, NodeType_t nodeType,
                                      const HifiSockAddr& publicSocket, const HifiSockAddr& localSocket,
-                                      bool canAdjustLocks, bool canRez,
+                                      bool canAdjustLocks = false, bool canRez = false,
                                      const QUuid& connectionSecret = QUuid());
    bool hasCompletedInitialSTUN() const { return _hasCompletedInitialSTUN; }
--- a/libraries/networking/src/UUIDHasher.h
+++ b/libraries/networking/src/UUIDHasher.h
@ -24,10 +24,12 @@ public:
    }
 };
-template <> struct std::hash<QUuid> {
+namespace std {
    template <> struct hash<QUuid> {
        size_t operator()(const QUuid& uuid) const {
            return qHash(uuid);
        }
-};
+    };
 }
 #endif // hifi_UUIDHasher_h