filippodb/SchildiChat-android
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Rework UpdateTrustWorker, should have better perf.

Browse Source
This commit is contained in:
Benoit Marty 2021-03-12 18:41:31 +01:00 committed by Benoit Marty
parent e8d4fab305
commit e3d2186c25
2 changed files with 176 additions and 162 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

326
matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/crypto/crosssigning/UpdateTrustWorker.kt
View File

@ -36,12 +36,14 @@ import org.matrix.android.sdk.internal.crypto.store.db.model.UserEntityFields
import org.matrix.android.sdk.internal.database.model.RoomMemberSummaryEntity import org.matrix.android.sdk.internal.database.model.RoomMemberSummaryEntity
import org.matrix.android.sdk.internal.database.model.RoomMemberSummaryEntityFields import org.matrix.android.sdk.internal.database.model.RoomMemberSummaryEntityFields
import org.matrix.android.sdk.internal.database.model.RoomSummaryEntity import org.matrix.android.sdk.internal.database.model.RoomSummaryEntity
import org.matrix.android.sdk.internal.database.model.RoomSummaryEntityFields
import org.matrix.android.sdk.internal.database.query.where import org.matrix.android.sdk.internal.database.query.where
import org.matrix.android.sdk.internal.di.CryptoDatabase import org.matrix.android.sdk.internal.di.CryptoDatabase
import org.matrix.android.sdk.internal.di.SessionDatabase import org.matrix.android.sdk.internal.di.SessionDatabase
import org.matrix.android.sdk.internal.di.UserId import org.matrix.android.sdk.internal.di.UserId
import org.matrix.android.sdk.internal.session.SessionComponent import org.matrix.android.sdk.internal.session.SessionComponent
import org.matrix.android.sdk.internal.session.room.membership.RoomMemberHelper import org.matrix.android.sdk.internal.session.room.membership.RoomMemberHelper
import org.matrix.android.sdk.internal.util.logLimit
import org.matrix.android.sdk.internal.worker.SessionSafeCoroutineWorker import org.matrix.android.sdk.internal.worker.SessionSafeCoroutineWorker
import org.matrix.android.sdk.internal.worker.SessionWorkerParams import org.matrix.android.sdk.internal.worker.SessionWorkerParams
import timber.log.Timber import timber.log.Timber
@ -65,11 +67,14 @@ internal class UpdateTrustWorker(context: Context,
@Inject lateinit var crossSigningService: DefaultCrossSigningService @Inject lateinit var crossSigningService: DefaultCrossSigningService
// It breaks the crypto store contract, but we need to batch things :/ // It breaks the crypto store contract, but we need to batch things :/
@CryptoDatabase @Inject lateinit var realmConfiguration: RealmConfiguration @CryptoDatabase
@UserId @Inject lateinit var myUserId: String @Inject lateinit var cryptoRealmConfiguration: RealmConfiguration
@SessionDatabase
@Inject lateinit var sessionRealmConfiguration: RealmConfiguration
@UserId
@Inject lateinit var myUserId: String
@Inject lateinit var crossSigningKeysMapper: CrossSigningKeysMapper @Inject lateinit var crossSigningKeysMapper: CrossSigningKeysMapper
@Inject lateinit var updateTrustWorkerDataRepository: UpdateTrustWorkerDataRepository @Inject lateinit var updateTrustWorkerDataRepository: UpdateTrustWorkerDataRepository
@SessionDatabase @Inject lateinit var sessionRealmConfiguration: RealmConfiguration
// @Inject lateinit var roomSummaryUpdater: RoomSummaryUpdater // @Inject lateinit var roomSummaryUpdater: RoomSummaryUpdater
@Inject lateinit var cryptoStore: IMXCryptoStore @Inject lateinit var cryptoStore: IMXCryptoStore
@ -79,118 +84,115 @@ internal class UpdateTrustWorker(context: Context,
} }
override suspend fun doSafeWork(params: Params): Result { override suspend fun doSafeWork(params: Params): Result {
var userList = params.filename val userList = params.filename
?.let { updateTrustWorkerDataRepository.getParam(it) } ?.let { updateTrustWorkerDataRepository.getParam(it) }
?.userIds ?.userIds
?: params.updatedUserIds.orEmpty() ?: params.updatedUserIds.orEmpty()
if (userList.isEmpty()) { // List should not be empty, but let's avoid go further in case of empty list
// This should not happen, but let's avoid go further in case of empty list if (userList.isNotEmpty()) {
cleanup(params) // Unfortunately we don't have much info on what did exactly changed (is it the cross signing keys of that user,
return Result.success() // or a new device?) So we check all again :/
Timber.d("## CrossSigning - Updating trust for users: ${userList.logLimit()}")
Realm.getInstance(cryptoRealmConfiguration).use { cryptoRealm ->
Realm.getInstance(sessionRealmConfiguration).use { sessionRealm ->
updateTrust(userList, cryptoRealm, sessionRealm)
}
}
} }
// Unfortunately we don't have much info on what did exactly changed (is it the cross signing keys of that user, cleanup(params)
// or a new device?) So we check all again :/ return Result.success()
}
Timber.d("## CrossSigning - Updating trust for $userList")
private fun updateTrust(userListParam: List<String>,
cRealm: Realm,
sRealm: Realm) {
var userList = userListParam
var myCrossSigningInfo: MXCrossSigningInfo? = null
// First we check that the users MSK are trusted by mine // First we check that the users MSK are trusted by mine
// After that we check the trust chain for each devices of each users // After that we check the trust chain for each devices of each users
Realm.getInstance(realmConfiguration).use { realm -> cRealm.executeTransaction { cryptoRealm ->
realm.executeTransaction { // By mapping here to model, this object is not live
// By mapping here to model, this object is not live // I should update it if needed
// I should update it if needed myCrossSigningInfo = getCrossSigningInfo(cryptoRealm, myUserId)
var myCrossSigningInfo = realm.where(CrossSigningInfoEntity::class.java)
.equalTo(CrossSigningInfoEntityFields.USER_ID, myUserId)
.findFirst()?.let { mapCrossSigningInfoEntity(it) }
var myTrustResult: UserTrustResult? = null var myTrustResult: UserTrustResult? = null
if (userList.contains(myUserId)) { if (userList.contains(myUserId)) {
Timber.d("## CrossSigning - Clear all trust as a change on my user was detected") Timber.d("## CrossSigning - Clear all trust as a change on my user was detected")
// i am in the list.. but i don't know exactly the delta of change :/ // i am in the list.. but i don't know exactly the delta of change :/
// If it's my cross signing keys we should refresh all trust // If it's my cross signing keys we should refresh all trust
// do it anyway ? // do it anyway ?
userList = realm.where(CrossSigningInfoEntity::class.java) userList = cryptoRealm.where(CrossSigningInfoEntity::class.java)
.findAll().mapNotNull { it.userId } .findAll()
Timber.d("## CrossSigning - Updating trust for all $userList") .mapNotNull { it.userId }
// check right now my keys and mark it as trusted as other trust depends on it // check right now my keys and mark it as trusted as other trust depends on it
val myDevices = realm.where<UserEntity>() val myDevices = cryptoRealm.where<UserEntity>()
.equalTo(UserEntityFields.USER_ID, myUserId) .equalTo(UserEntityFields.USER_ID, myUserId)
.findFirst() .findFirst()
?.devices ?.devices
?.map { deviceInfo -> ?.map { CryptoMapper.mapToModel(it) }
CryptoMapper.mapToModel(deviceInfo)
}
myTrustResult = crossSigningService.checkSelfTrust(myCrossSigningInfo, myDevices).also {
updateCrossSigningKeysTrust(realm, myUserId, it.isVerified())
// update model reference
myCrossSigningInfo = realm.where(CrossSigningInfoEntity::class.java)
.equalTo(CrossSigningInfoEntityFields.USER_ID, myUserId)
.findFirst()?.let { mapCrossSigningInfoEntity(it) }
}
}
val otherInfos = userList.map { myTrustResult = crossSigningService.checkSelfTrust(myCrossSigningInfo, myDevices)
it to realm.where(CrossSigningInfoEntity::class.java) updateCrossSigningKeysTrust(cryptoRealm, myUserId, myTrustResult.isVerified())
.equalTo(CrossSigningInfoEntityFields.USER_ID, it) // update model reference
.findFirst()?.let { mapCrossSigningInfoEntity(it) } myCrossSigningInfo = getCrossSigningInfo(cryptoRealm, myUserId)
} }
.toMap()
val trusts = otherInfos.map { infoEntry -> val otherInfos = userList.associateWith { userId ->
infoEntry.key to when (infoEntry.key) { getCrossSigningInfo(cryptoRealm, userId)
myUserId -> myTrustResult }
else -> {
crossSigningService.checkOtherMSKTrusted(myCrossSigningInfo, infoEntry.value).also { val trusts = otherInfos.mapValues { entry ->
Timber.d("## CrossSigning - user:${infoEntry.key} result:$it") when (entry.key) {
} myUserId -> myTrustResult
else -> {
crossSigningService.checkOtherMSKTrusted(myCrossSigningInfo, entry.value).also {
Timber.d("## CrossSigning - user:${entry.key} result:$it")
} }
} }
}.toMap() }
}
// TODO! if it's me and my keys has changed... I have to reset trust for everyone! // TODO! if it's me and my keys has changed... I have to reset trust for everyone!
// i have all the new trusts, update DB // i have all the new trusts, update DB
trusts.forEach { trusts.forEach {
val verified = it.value?.isVerified() == true val verified = it.value?.isVerified() == true
updateCrossSigningKeysTrust(realm, it.key, verified) updateCrossSigningKeysTrust(cryptoRealm, it.key, verified)
}
// Ok so now we have to check device trust for all these users..
Timber.v("## CrossSigning - Updating devices cross trust users: ${trusts.keys.logLimit()}")
trusts.keys.forEach { userId ->
val devicesEntities = cryptoRealm.where<UserEntity>()
.equalTo(UserEntityFields.USER_ID, userId)
.findFirst()
?.devices
val trustMap = devicesEntities?.associateWith { device ->
// get up to date from DB has could have been updated
val otherInfo = getCrossSigningInfo(cryptoRealm, userId)
crossSigningService.checkDeviceTrust(myCrossSigningInfo, otherInfo, CryptoMapper.mapToModel(device))
} }
// Ok so now we have to check device trust for all these users.. // Update trust if needed
Timber.v("## CrossSigning - Updating devices cross trust users ${trusts.keys}") devicesEntities?.forEach { device ->
trusts.keys.forEach { val crossSignedVerified = trustMap?.get(device)?.isCrossSignedVerified()
val devicesEntities = realm.where<UserEntity>() Timber.d("## CrossSigning - Trust for ${device.userId}|${device.deviceId} : cross verified: ${trustMap?.get(device)}")
.equalTo(UserEntityFields.USER_ID, it) if (device.trustLevelEntity?.crossSignedVerified != crossSignedVerified) {
.findFirst() Timber.d("## CrossSigning - Trust change detected for ${device.userId}|${device.deviceId} : cross verified: $crossSignedVerified")
?.devices // need to save
val trustEntity = device.trustLevelEntity
val trustMap = devicesEntities?.map { device -> if (trustEntity == null) {
// get up to date from DB has could have been updated device.trustLevelEntity = cryptoRealm.createObject(TrustLevelEntity::class.java).also {
val otherInfo = realm.where(CrossSigningInfoEntity::class.java) it.locallyVerified = false
.equalTo(CrossSigningInfoEntityFields.USER_ID, it) it.crossSignedVerified = crossSignedVerified
.findFirst()?.let { mapCrossSigningInfoEntity(it) }
device to crossSigningService.checkDeviceTrust(myCrossSigningInfo, otherInfo, CryptoMapper.mapToModel(device))
}?.toMap()
// Update trust if needed
devicesEntities?.forEach { device ->
val crossSignedVerified = trustMap?.get(device)?.isCrossSignedVerified()
Timber.d("## CrossSigning - Trust for ${device.userId}|${device.deviceId} : cross verified: ${trustMap?.get(device)}")
if (device.trustLevelEntity?.crossSignedVerified != crossSignedVerified) {
Timber.d("## CrossSigning - Trust change detected for ${device.userId}|${device.deviceId} : cross verified: $crossSignedVerified")
// need to save
val trustEntity = device.trustLevelEntity
if (trustEntity == null) {
realm.createObject(TrustLevelEntity::class.java).let {
it.locallyVerified = false
it.crossSignedVerified = crossSignedVerified
device.trustLevelEntity = it
}
} else {
trustEntity.crossSignedVerified = crossSignedVerified
} }
} else {
trustEntity.crossSignedVerified = crossSignedVerified
} }
} }
} }
@ -201,35 +203,44 @@ internal class UpdateTrustWorker(context: Context,
// We can now update room shields? in the session DB? // We can now update room shields? in the session DB?
Timber.d("## CrossSigning - Updating shields for impacted rooms...") Timber.d("## CrossSigning - Updating shields for impacted rooms...")
Realm.getInstance(sessionRealmConfiguration).use { it -> sRealm.executeTransaction { sessionRealm ->
it.executeTransaction { realm -> sessionRealm.where(RoomMemberSummaryEntity::class.java)
val distinctRoomIds = realm.where(RoomMemberSummaryEntity::class.java) .`in`(RoomMemberSummaryEntityFields.USER_ID, userList.toTypedArray())
.`in`(RoomMemberSummaryEntityFields.USER_ID, userList.toTypedArray()) .distinct(RoomMemberSummaryEntityFields.ROOM_ID)
.distinct(RoomMemberSummaryEntityFields.ROOM_ID) .findAll()
.findAll() .map { it.roomId }
.map { it.roomId } .also { Timber.d("## CrossSigning - ... impacted rooms ${it.logLimit()}") }
Timber.d("## CrossSigning - ... impacted rooms $distinctRoomIds") .forEach { roomId ->
distinctRoomIds.forEach { roomId -> RoomSummaryEntity.where(sessionRealm, roomId)
val roomSummary = RoomSummaryEntity.where(realm, roomId).findFirst() .equalTo(RoomSummaryEntityFields.IS_ENCRYPTED, true)
if (roomSummary?.isEncrypted == true) { .findFirst()
Timber.d("## CrossSigning - Check shield state for room $roomId") ?.let { roomSummary ->
val allActiveRoomMembers = RoomMemberHelper(realm, roomId).getActiveRoomMemberIds() Timber.d("## CrossSigning - Check shield state for room $roomId")
try { val allActiveRoomMembers = RoomMemberHelper(sessionRealm, roomId).getActiveRoomMemberIds()
val updatedTrust = computeRoomShield(allActiveRoomMembers, roomSummary) try {
if (roomSummary.roomEncryptionTrustLevel != updatedTrust) { val updatedTrust = computeRoomShield(
Timber.d("## CrossSigning - Shield change detected for $roomId -> $updatedTrust") myCrossSigningInfo,
roomSummary.roomEncryptionTrustLevel = updatedTrust cRealm,
} allActiveRoomMembers,
} catch (failure: Throwable) { roomSummary
Timber.e(failure) )
} if (roomSummary.roomEncryptionTrustLevel != updatedTrust) {
Timber.d("## CrossSigning - Shield change detected for $roomId -> $updatedTrust")
roomSummary.roomEncryptionTrustLevel = updatedTrust
}
} catch (failure: Throwable) {
Timber.e(failure)
}
}
} }
}
}
} }
}
cleanup(params) private fun getCrossSigningInfo(cryptoRealm: Realm, userId: String): MXCrossSigningInfo? {
return Result.success() return cryptoRealm.where(CrossSigningInfoEntity::class.java)
.equalTo(CrossSigningInfoEntityFields.USER_ID, userId)
.findFirst()
?.let { mapCrossSigningInfoEntity(it) }
} }
private fun cleanup(params: Params) { private fun cleanup(params: Params) {
@ -237,30 +248,34 @@ internal class UpdateTrustWorker(context: Context,
?.let { updateTrustWorkerDataRepository.delete(it) } ?.let { updateTrustWorkerDataRepository.delete(it) }
} }
private fun updateCrossSigningKeysTrust(realm: Realm, userId: String, verified: Boolean) { private fun updateCrossSigningKeysTrust(cryptoRealm: Realm, userId: String, verified: Boolean) {
val xInfoEntity = realm.where(CrossSigningInfoEntity::class.java) cryptoRealm.where(CrossSigningInfoEntity::class.java)
.equalTo(CrossSigningInfoEntityFields.USER_ID, userId) .equalTo(CrossSigningInfoEntityFields.USER_ID, userId)
.findFirst() .findFirst()
xInfoEntity?.crossSigningKeys?.forEach { info -> ?.crossSigningKeys
// optimization to avoid trigger updates when there is no change.. ?.forEach { info ->
if (info.trustLevelEntity?.isVerified() != verified) { // optimization to avoid trigger updates when there is no change..
Timber.d("## CrossSigning - Trust change for $userId : $verified") if (info.trustLevelEntity?.isVerified() != verified) {
val level = info.trustLevelEntity Timber.d("## CrossSigning - Trust change for $userId : $verified")
if (level == null) { val level = info.trustLevelEntity
val newLevel = realm.createObject(TrustLevelEntity::class.java) if (level == null) {
newLevel.locallyVerified = verified info.trustLevelEntity = cryptoRealm.createObject(TrustLevelEntity::class.java).also {
newLevel.crossSignedVerified = verified it.locallyVerified = verified
info.trustLevelEntity = newLevel it.crossSignedVerified = verified
} else { }
level.locallyVerified = verified } else {
level.crossSignedVerified = verified level.locallyVerified = verified
level.crossSignedVerified = verified
}
}
} }
}
}
} }
private fun computeRoomShield(activeMemberUserIds: List<String>, roomSummaryEntity: RoomSummaryEntity): RoomEncryptionTrustLevel { private fun computeRoomShield(myCrossSigningInfo: MXCrossSigningInfo?,
Timber.d("## CrossSigning - computeRoomShield ${roomSummaryEntity.roomId} -> $activeMemberUserIds") cryptoRealm: Realm,
activeMemberUserIds: List<String>,
roomSummaryEntity: RoomSummaryEntity): RoomEncryptionTrustLevel {
Timber.d("## CrossSigning - computeRoomShield ${roomSummaryEntity.roomId} -> ${activeMemberUserIds.logLimit()}")
// The set of “all users” depends on the type of room: // The set of “all users” depends on the type of room:
// For regular / topic rooms which have more than 2 members (including yourself) are considered when decorating a room // For regular / topic rooms which have more than 2 members (including yourself) are considered when decorating a room
// For 1:1 and group DM rooms, all other users (i.e. excluding yourself) are considered when decorating a room // For 1:1 and group DM rooms, all other users (i.e. excluding yourself) are considered when decorating a room
@ -272,17 +287,8 @@ internal class UpdateTrustWorker(context: Context,
val allTrustedUserIds = listToCheck val allTrustedUserIds = listToCheck
.filter { userId -> .filter { userId ->
Realm.getInstance(realmConfiguration).use { getCrossSigningInfo(cryptoRealm, userId)?.isTrusted() == true
it.where(CrossSigningInfoEntity::class.java)
.equalTo(CrossSigningInfoEntityFields.USER_ID, userId)
.findFirst()?.let { mapCrossSigningInfoEntity(it) }?.isTrusted() == true
}
} }
val myCrossKeys = Realm.getInstance(realmConfiguration).use {
it.where(CrossSigningInfoEntity::class.java)
.equalTo(CrossSigningInfoEntityFields.USER_ID, myUserId)
.findFirst()?.let { mapCrossSigningInfoEntity(it) }
}
return if (allTrustedUserIds.isEmpty()) { return if (allTrustedUserIds.isEmpty()) {
RoomEncryptionTrustLevel.Default RoomEncryptionTrustLevel.Default
@ -291,21 +297,17 @@ internal class UpdateTrustWorker(context: Context,
// If all devices of all verified users are trusted -> green // If all devices of all verified users are trusted -> green
// else -> black // else -> black
allTrustedUserIds allTrustedUserIds
.mapNotNull { uid -> .mapNotNull { userId ->
Realm.getInstance(realmConfiguration).use { cryptoRealm.where<UserEntity>()
it.where<UserEntity>() .equalTo(UserEntityFields.USER_ID, userId)
.equalTo(UserEntityFields.USER_ID, uid) .findFirst()
.findFirst() ?.devices
?.devices ?.map { CryptoMapper.mapToModel(it) }
?.map {
CryptoMapper.mapToModel(it)
}
}
} }
.flatten() .flatten()
.let { allDevices -> .let { allDevices ->
Timber.v("## CrossSigning - computeRoomShield ${roomSummaryEntity.roomId} devices ${allDevices.map { it.deviceId }}") Timber.v("## CrossSigning - computeRoomShield ${roomSummaryEntity.roomId} devices ${allDevices.map { it.deviceId }.logLimit()}")
if (myCrossKeys != null) { if (myCrossSigningInfo != null) {
allDevices.any { !it.trustLevel?.crossSigningVerified.orFalse() } allDevices.any { !it.trustLevel?.crossSigningVerified.orFalse() }
} else { } else {
// Legacy method // Legacy method

12
matrix-sdk-android/src/main/java/org/matrix/android/sdk/internal/util/LogUtil.kt
View File

@ -19,6 +19,18 @@ package org.matrix.android.sdk.internal.util
import org.matrix.android.sdk.BuildConfig import org.matrix.android.sdk.BuildConfig
import timber.log.Timber import timber.log.Timber
internal fun <T> Collection<T>.logLimit(maxQuantity: Int = 5): String {
return buildString {
append(size)
append(" item(s)")
if (size > maxQuantity) {
append(", first $maxQuantity items")
}
append(": ")
append(this@logLimit.take(maxQuantity))
}
}
internal suspend fun <T> logDuration(message: String, internal suspend fun <T> logDuration(message: String,
block: suspend () -> T): T { block: suspend () -> T): T {
Timber.v("$message -- BEGIN") Timber.v("$message -- BEGIN")