track nonces by entity id instead of by cert

interface/src/ui/overlays/ContextOverlayInterface.cpp

@@ -329,7 +329,7 @@ void ContextOverlayInterface::requestOwnershipVerification(const QUuid& entityID
                                 QString ownerKey = jsonObject["transfer_recipient_key"].toString();
 
                                 QByteArray certID = entityProperties.getCertificateID().toUtf8();
-                                QByteArray text = DependencyManager::get<EntityTreeRenderer>()->getTree()->computeNonce(certID, ownerKey);
+                                QByteArray text = DependencyManager::get<EntityTreeRenderer>()->getTree()->computeNonce(entityID, ownerKey);
                                 QByteArray nodeToChallengeByteArray = entityProperties.getOwningAvatarID().toRfc4122();
 
                                 int certIDByteArraySize = certID.length();
@@ -422,7 +422,7 @@ void ContextOverlayInterface::handleChallengeOwnershipReplyPacket(QSharedPointer
     QString certID(packet->read(certIDByteArraySize));
     QString text(packet->read(textByteArraySize));
 
-    bool verificationSuccess = DependencyManager::get<EntityTreeRenderer>()->getTree()->verifyNonce(certID, text);
+    bool verificationSuccess = DependencyManager::get<EntityTreeRenderer>()->getTree()->verifyNonce(_lastInspectedEntity, text);
 
     if (verificationSuccess) {
         emit ledger->updateCertificateStatus(certID, (uint)(ledger->CERTIFICATE_STATUS_VERIFICATION_SUCCESS));

libraries/entities/src/EntityTree.cpp

@@ -1506,21 +1506,21 @@ void EntityTree::startChallengeOwnershipTimer(const EntityItemID& entityItemID)
     _challengeOwnershipTimeoutTimer->start(5000);
 }
 
-QByteArray EntityTree::computeNonce(const QString& certID, const QString ownerKey) {
+QByteArray EntityTree::computeNonce(const EntityItemID& entityID, const QString ownerKey) {
     QUuid nonce = QUuid::createUuid();  //random, 5-hex value, separated by "-"
     QByteArray nonceBytes = nonce.toByteArray();
 
-    QWriteLocker locker(&_certNonceMapLock);
-    _certNonceMap.insert(certID, QPair<QUuid, QString>(nonce, ownerKey));
+    QWriteLocker locker(&_entityNonceMapLock);
+    _entityNonceMap.insert(entityID, QPair<QUuid, QString>(nonce, ownerKey));
 
     return nonceBytes;
 }
 
-bool EntityTree::verifyNonce(const QString& certID, const QString& nonce) {
+bool EntityTree::verifyNonce(const EntityItemID& entityID, const QString& nonce) {
     QString actualNonce, key;
     {
-        QWriteLocker locker(&_certNonceMapLock);
-        QPair<QUuid, QString> sent = _certNonceMap.take(certID);
+        QWriteLocker locker(&_entityNonceMapLock);
+        QPair<QUuid, QString> sent = _entityNonceMap.take(entityID);
         actualNonce = sent.first.toString();
         key = sent.second;
     }
@@ -1530,9 +1530,9 @@ bool EntityTree::verifyNonce(const QString& certID, const QString& nonce) {
     bool verificationSuccess = EntityItemProperties::verifySignature(annotatedKey.toUtf8(), hashedActualNonce, QByteArray::fromBase64(nonce.toUtf8()));
 
     if (verificationSuccess) {
-        qCDebug(entities) << "Ownership challenge for Cert ID" << certID << "succeeded.";
+        qCDebug(entities) << "Ownership challenge for Entity ID" << entityID << "succeeded.";
     } else {
-        qCDebug(entities) << "Ownership challenge for Cert ID" << certID << "failed. Actual nonce:" << actualNonce <<
+        qCDebug(entities) << "Ownership challenge for Entity ID" << entityID << "failed. Actual nonce:" << actualNonce <<
             "\nHashed actual nonce (digest):" << hashedActualNonce << "\nSent nonce (signature)" << nonce << "\nKey" << key;
     }
 
@@ -1585,7 +1585,7 @@ void EntityTree::sendChallengeOwnershipPacket(const QString& certID, const QStri
     // 1. Obtain a nonce
     auto nodeList = DependencyManager::get<NodeList>();
 
-    QByteArray text = computeNonce(certID, ownerKey);
+    QByteArray text = computeNonce(entityItemID, ownerKey);
 
     if (text == "") {
         qCDebug(entities) << "CRITICAL ERROR: Couldn't compute nonce. Deleting entity...";
@@ -1708,7 +1708,7 @@ void EntityTree::processChallengeOwnershipPacket(ReceivedMessage& message, const
     }
     emit killChallengeOwnershipTimeoutTimer(id);
 
-    if (!verifyNonce(certID, text)) {
+    if (!verifyNonce(id, text)) {
         if (!id.isNull()) {
             deleteEntity(id, true);
         }

libraries/entities/src/EntityTree.h

@@ -247,8 +247,8 @@ public:
 
     static const float DEFAULT_MAX_TMP_ENTITY_LIFETIME;
 
-    QByteArray computeNonce(const QString& certID, const QString ownerKey);
-    bool verifyNonce(const QString& certID, const QString& nonce);
+    QByteArray computeNonce(const EntityItemID& entityID, const QString ownerKey);
+    bool verifyNonce(const EntityItemID& entityID, const QString& nonce);
 
     QUuid getMyAvatarSessionUUID() { return _myAvatar ? _myAvatar->getSessionUUID() : QUuid(); }
     void setMyAvatar(std::shared_ptr<AvatarData> myAvatar) { _myAvatar = myAvatar; }
@@ -325,8 +325,8 @@ protected:
     mutable QReadWriteLock _entityCertificateIDMapLock;
     QHash<QString, EntityItemID> _entityCertificateIDMap;
 
-    mutable QReadWriteLock _certNonceMapLock;
-    QHash<QString, QPair<QUuid, QString>> _certNonceMap;
+    mutable QReadWriteLock _entityNonceMapLock;
+    QHash<EntityItemID, QPair<QUuid, QString>> _entityNonceMap;
 
     EntitySimulationPointer _simulation;