From 96ed19100bf5e2101de7753cc4b4b4368cdae727 Mon Sep 17 00:00:00 2001
From: Stephen Birarda <commit@birarda.com>
Date: Tue, 23 Feb 2016 15:26:13 -0800
Subject: [PATCH] use ice-server heartbeat denial to trigger keypair re-gen

---
 domain-server/src/DomainServer.cpp | 18 ++++++++++++++++++
 domain-server/src/DomainServer.h   |  1 +
 ice-server/src/IceServer.cpp       |  2 +-
 3 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/domain-server/src/DomainServer.cpp b/domain-server/src/DomainServer.cpp
index 445c5ae436..672205b8a3 100644
--- a/domain-server/src/DomainServer.cpp
+++ b/domain-server/src/DomainServer.cpp
@@ -372,6 +372,7 @@ void DomainServer::setupNodeListAndAssignments(const QUuid& sessionUUID) {
     packetReceiver.registerListener(PacketType::ICEPing, &_gatekeeper, "processICEPingPacket");
     packetReceiver.registerListener(PacketType::ICEPingReply, &_gatekeeper, "processICEPingReplyPacket");
     packetReceiver.registerListener(PacketType::ICEServerPeerInformation, &_gatekeeper, "processICEPeerInformationPacket");
+    packetReceiver.registerListener(PacketType::ICEServerHeartbeatDenied, this, "processICEServerHeartbeatDenialPacket");
     
     // add whatever static assignments that have been parsed to the queue
     addStaticAssignmentsToQueue();
@@ -2006,3 +2007,20 @@ void DomainServer::processNodeDisconnectRequestPacket(QSharedPointer<ReceivedMes
         });
     }
 }
+
+void DomainServer::processICEServerHeartbeatDenialPacket(QSharedPointer<ReceivedMessage> message) {
+    static const int NUM_HEARTBEAT_DENIALS_FOR_KEYPAIR_REGEN = 3;
+
+    static int numHeartbeatDenials = 0;
+    if (++numHeartbeatDenials > NUM_HEARTBEAT_DENIALS_FOR_KEYPAIR_REGEN) {
+        qDebug() << "Received" << NUM_HEARTBEAT_DENIALS_FOR_KEYPAIR_REGEN << "heartbeat denials from ice-server"
+            << "- re-generating keypair now";
+
+        // we've hit our threshold of heartbeat denials, trigger a keypair re-generation
+        auto limitedNodeList = DependencyManager::get<LimitedNodeList>();
+        AccountManager::getInstance().generateNewDomainKeypair(limitedNodeList->getSessionUUID());
+
+        // reset our number of heartbeat denials
+        numHeartbeatDenials = 0;
+    }
+}
diff --git a/domain-server/src/DomainServer.h b/domain-server/src/DomainServer.h
index 611385ecde..a95b7e57a3 100644
--- a/domain-server/src/DomainServer.h
+++ b/domain-server/src/DomainServer.h
@@ -61,6 +61,7 @@ public slots:
     void processNodeJSONStatsPacket(QSharedPointer<ReceivedMessage> packetList, SharedNodePointer sendingNode);
     void processPathQueryPacket(QSharedPointer<ReceivedMessage> packet);
     void processNodeDisconnectRequestPacket(QSharedPointer<ReceivedMessage> message);
+    void processICEServerHeartbeatDenialPacket(QSharedPointer<ReceivedMessage> message);
     
 private slots:
     void aboutToQuit();
diff --git a/ice-server/src/IceServer.cpp b/ice-server/src/IceServer.cpp
index a452ad8296..f38923b873 100644
--- a/ice-server/src/IceServer.cpp
+++ b/ice-server/src/IceServer.cpp
@@ -82,7 +82,7 @@ void IceServer::processPacket(std::unique_ptr<udt::Packet> packet) {
             } else {
                 // we couldn't verify this peer - respond back to them so they know they may need to perform keypair re-generation
                 static auto deniedPacket = NLPacket::create(PacketType::ICEServerHeartbeatDenied);
-                _serverSocket.writePacket(*deniedPacket, packet->getSenderSockAddr());
+                _serverSocket.writePacket(*deniedPacket, nlPacket->getSenderSockAddr());
             }
         } else if (nlPacket->getType() == PacketType::ICEServerQuery) {
             QDataStream heartbeatStream(nlPacket.get());