From 7385894b668a116d2fc3286d0c22d3294ff05225 Mon Sep 17 00:00:00 2001
From: Stephen Birarda <commit@birarda.com>
Date: Thu, 14 Apr 2016 13:57:09 -0700
Subject: [PATCH] keep a set of pending public key requests

---
 ice-server/src/IceServer.cpp | 61 +++++++++++++++++++++---------------
 ice-server/src/IceServer.h   |  2 ++
 2 files changed, 37 insertions(+), 26 deletions(-)

diff --git a/ice-server/src/IceServer.cpp b/ice-server/src/IceServer.cpp
index 537742ad8b..df8afdb82f 100644
--- a/ice-server/src/IceServer.cpp
+++ b/ice-server/src/IceServer.cpp
@@ -167,39 +167,42 @@ SharedNetworkPeer IceServer::addOrUpdateHeartbeatingPeer(NLPacket& packet) {
 }
 
 bool IceServer::isVerifiedHeartbeat(const QUuid& domainID, const QByteArray& plaintext, const QByteArray& signature) {
-    // check if we have a public key for this domain ID - if we do not then fire off the request for it
-    auto it = _domainPublicKeys.find(domainID);
-    if (it != _domainPublicKeys.end()) {
+    // make sure we're not already waiting for a public key for this domain-server
+    if (!_pendingPublicKeyRequests.contains(domainID)) {
+        // check if we have a public key for this domain ID - if we do not then fire off the request for it
+        auto it = _domainPublicKeys.find(domainID);
+        if (it != _domainPublicKeys.end()) {
 
-        // attempt to verify the signature for this heartbeat
-        const auto rsaPublicKey = it->second.get();
+            // attempt to verify the signature for this heartbeat
+            const auto rsaPublicKey = it->second.get();
 
-        if (rsaPublicKey) {
-            auto hashedPlaintext = QCryptographicHash::hash(plaintext, QCryptographicHash::Sha256);
-            int verificationResult = RSA_verify(NID_sha256,
-                                                reinterpret_cast<const unsigned char*>(hashedPlaintext.constData()),
-                                                hashedPlaintext.size(),
-                                                reinterpret_cast<const unsigned char*>(signature.constData()),
-                                                signature.size(),
-                                                rsaPublicKey);
+            if (rsaPublicKey) {
+                auto hashedPlaintext = QCryptographicHash::hash(plaintext, QCryptographicHash::Sha256);
+                int verificationResult = RSA_verify(NID_sha256,
+                                                    reinterpret_cast<const unsigned char*>(hashedPlaintext.constData()),
+                                                    hashedPlaintext.size(),
+                                                    reinterpret_cast<const unsigned char*>(signature.constData()),
+                                                    signature.size(),
+                                                    rsaPublicKey);
+
+                if (verificationResult == 1) {
+                    // this is the only success case - we return true here to indicate that the heartbeat is verified
+                    return true;
+                } else {
+                    qDebug() << "Failed to verify heartbeat for" << domainID << "- re-requesting public key from API.";
+                }
 
-            if (verificationResult == 1) {
-                // this is the only success case - we return true here to indicate that the heartbeat is verified
-                return true;
             } else {
-                qDebug() << "Failed to verify heartbeat for" << domainID << "- re-requesting public key from API.";
+                // we can't let this user in since we couldn't convert their public key to an RSA key we could use
+                qWarning() << "Public key for" << domainID << "is not a usable RSA* public key.";
+                qWarning() << "Re-requesting public key from API";
             }
-
-        } else {
-            // we can't let this user in since we couldn't convert their public key to an RSA key we could use
-            qWarning() << "Public key for" << domainID << "is not a usable RSA* public key.";
-            qWarning() << "Re-requesting public key from API";
         }
-    }
 
-    // we could not verify this heartbeat (missing public key, could not load public key, bad actor)
-    // ask the metaverse API for the right public key and return false to indicate that this is not verified
-    requestDomainPublicKey(domainID);
+        // we could not verify this heartbeat (missing public key, could not load public key, bad actor)
+        // ask the metaverse API for the right public key and return false to indicate that this is not verified
+        requestDomainPublicKey(domainID);
+    }
 
     return false;
 }
@@ -217,6 +220,9 @@ void IceServer::requestDomainPublicKey(const QUuid& domainID) {
 
     qDebug() << "Requesting public key for domain with ID" << domainID;
 
+    // add this to the set of pending public key requests
+    _pendingPublicKeyRequests.insert(domainID);
+
     networkAccessManager.get(publicKeyRequest);
 }
 
@@ -269,6 +275,9 @@ void IceServer::publicKeyReplyFinished(QNetworkReply* reply) {
         qWarning() << "Error retreiving public key for domain with ID" << domainID << "-" <<  reply->errorString();
     }
 
+    // remove this domain ID from the list of pending public key requests
+    _pendingPublicKeyRequests.remove(domainID);
+
     reply->deleteLater();
 }
 
diff --git a/ice-server/src/IceServer.h b/ice-server/src/IceServer.h
index a204c59e28..2aa9a875a7 100644
--- a/ice-server/src/IceServer.h
+++ b/ice-server/src/IceServer.h
@@ -54,6 +54,8 @@ private:
     using RSAUniquePtr = std::unique_ptr<RSA, std::function<void(RSA*)>>;
     using DomainPublicKeyHash = std::unordered_map<QUuid, RSAUniquePtr>;
     DomainPublicKeyHash _domainPublicKeys;
+
+    QSet<QUuid> _pendingPublicKeyRequests;
 };
 
 #endif // hifi_IceServer_h