Never build a session with oneself

If we detect our own ID is not in our own devicelist on receiving an
update, we reannounce ourselves. This used to have the side effect of
modifying the list of devices we thought were in the update set, causing
us to accidentally build a session with ourselves.

This lead to our own key being set to TRUSTED_INACTIVE, resulting in red
lock icons on messages sent by the own device.

We fix this by having publishOwnDeviceId() operate on a copy of the
original set. This commit also includes a db migration which deletes
sessions with oneself and sets own keys back to TRUSTED.

2 files changed, 12 insertions, 9 deletions

diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
index 2ce62c9ad..77c9d9d7e 100644
--- a/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
+++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/AxolotlService.java
@@ -337,9 +337,10 @@ public class AxolotlService {
 	}
 
 	public void publishOwnDeviceId(Set<Integer> deviceIds) {
-		if (!deviceIds.contains(getOwnDeviceId())) {
+		Set<Integer> deviceIdsCopy = new HashSet<>(deviceIds);
+		if (!deviceIdsCopy.contains(getOwnDeviceId())) {
 			Log.d(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Own device " + getOwnDeviceId() + " not in PEP devicelist.");
-			if (deviceIds.isEmpty()) {
+			if (deviceIdsCopy.isEmpty()) {
 				if (numPublishTriesOnEmptyPep >= publishTriesThreshold) {
 					Log.w(Config.LOGTAG, getLogprefix(account) + "Own device publish attempt threshold exceeded, aborting...");
 					pepBroken = true;
@@ -351,8 +352,8 @@ public class AxolotlService {
 			} else {
 				numPublishTriesOnEmptyPep = 0;
 			}
-			deviceIds.add(getOwnDeviceId());
-			IqPacket publish = mXmppConnectionService.getIqGenerator().publishDeviceIds(deviceIds);
+			deviceIdsCopy.add(getOwnDeviceId());
+			IqPacket publish = mXmppConnectionService.getIqGenerator().publishDeviceIds(deviceIdsCopy);
 			mXmppConnectionService.sendIqPacket(account, publish, new OnIqPacketReceived() {
 				@Override
 				public void onIqPacketReceived(Account account, IqPacket packet) {
@@ -490,7 +491,10 @@ public class AxolotlService {
 	}
 
 	private void buildSessionFromPEP(final AxolotlAddress address) {
-		Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building new sesstion for " + address.getDeviceId());
+		Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Building new sesstion for " + address.toString());
+		if (address.getDeviceId() == getOwnDeviceId()) {
+			throw new AssertionError("We should NEVER build a session with ourselves. What happened here?!");
+		}
 
 		try {
 			IqPacket bundlesPacket = mXmppConnectionService.getIqGenerator().retrieveBundlesForDevice(
diff --git a/src/main/java/eu/siacs/conversations/crypto/axolotl/SQLiteAxolotlStore.java b/src/main/java/eu/siacs/conversations/crypto/axolotl/SQLiteAxolotlStore.java
index 190eb88a8..4d7793023 100644
--- a/src/main/java/eu/siacs/conversations/crypto/axolotl/SQLiteAxolotlStore.java
+++ b/src/main/java/eu/siacs/conversations/crypto/axolotl/SQLiteAxolotlStore.java
@@ -89,15 +89,14 @@ public class SQLiteAxolotlStore implements AxolotlStore {
 
 	private IdentityKeyPair loadIdentityKeyPair() {
 		String ownName = account.getJid().toBareJid().toString();
-		IdentityKeyPair ownKey = mXmppConnectionService.databaseBackend.loadOwnIdentityKeyPair(account,
-				ownName);
+		IdentityKeyPair ownKey = mXmppConnectionService.databaseBackend.loadOwnIdentityKeyPair(account);
 
 		if (ownKey != null) {
 			return ownKey;
 		} else {
-			Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Could not retrieve axolotl key for account " + ownName);
+			Log.i(Config.LOGTAG, AxolotlService.getLogprefix(account) + "Could not retrieve own IdentityKeyPair");
 			ownKey = generateIdentityKeyPair();
-			mXmppConnectionService.databaseBackend.storeOwnIdentityKeyPair(account, ownName, ownKey);
+			mXmppConnectionService.databaseBackend.storeOwnIdentityKeyPair(account, ownKey);
 		}
 		return ownKey;
 	}