From bbc1b63695b63e3316314c0a962d6b62903a5c6d Mon Sep 17 00:00:00 2001
From: Sorunome <mail@sorunome.de>
Date: Thu, 10 Sep 2020 12:56:50 +0200
Subject: [PATCH] feat: Auto-verify own master key, if there is a valid
 signature chain within the same account

---
 lib/encryption/encryption.dart      | 16 ++++++++++++++++
 lib/src/utils/device_keys_list.dart | 23 +++++++++++++++++++----
 2 files changed, 35 insertions(+), 4 deletions(-)

diff --git a/lib/encryption/encryption.dart b/lib/encryption/encryption.dart
index b56dd1e..8675974 100644
--- a/lib/encryption/encryption.dart
+++ b/lib/encryption/encryption.dart
@@ -316,6 +316,20 @@ class Encryption {
     return await olmManager.encryptToDeviceMessage(deviceKeys, type, payload);
   }
 
+  Future<void> autovalidateMasterOwnKey() async {
+    // check if we can set our own master key as verified, if it isn't yet
+    if (client.database != null &&
+        client.userDeviceKeys.containsKey(client.userID)) {
+      final masterKey = client.userDeviceKeys[client.userID].masterKey;
+      if (masterKey != null &&
+          !masterKey.directVerified &&
+          masterKey
+              .hasValidSignatureChain(onlyValidateUserIds: {client.userID})) {
+        await masterKey.setVerified(true);
+      }
+    }
+  }
+
   // this method is responsible for all background tasks, such as uploading online key backups
   bool _backgroundTasksRunning = true;
   void _backgroundTasks() {
@@ -325,6 +339,8 @@ class Encryption {
 
     keyManager.backgroundTasks();
 
+    autovalidateMasterOwnKey();
+
     if (_backgroundTasksRunning) {
       Timer(Duration(seconds: 10), _backgroundTasks);
     }
diff --git a/lib/src/utils/device_keys_list.dart b/lib/src/utils/device_keys_list.dart
index cc8b79c..9fb8f8b 100644
--- a/lib/src/utils/device_keys_list.dart
+++ b/lib/src/utils/device_keys_list.dart
@@ -157,14 +157,20 @@ abstract class SignableKey extends MatrixSignableKey {
     return valid;
   }
 
-  bool hasValidSignatureChain({bool verifiedOnly = true, Set<String> visited}) {
+  bool hasValidSignatureChain(
+      {bool verifiedOnly = true,
+      Set<String> visited,
+      Set<String> onlyValidateUserIds}) {
     if (!client.encryptionEnabled) {
       return false;
     }
     visited ??= <String>{};
+    onlyValidateUserIds ??= <String>{};
     final setKey = '${userId};${identifier}';
-    if (visited.contains(setKey)) {
-      return false; // prevent recursion
+    if (visited.contains(setKey) ||
+        (onlyValidateUserIds.isNotEmpty &&
+            !onlyValidateUserIds.contains(userId))) {
+      return false; // prevent recursion & validate hasValidSignatureChain
     }
     visited.add(setKey);
     for (final signatureEntries in signatures.entries) {
@@ -189,6 +195,13 @@ abstract class SignableKey extends MatrixSignableKey {
         } else {
           continue;
         }
+
+        if (onlyValidateUserIds.isNotEmpty &&
+            !onlyValidateUserIds.contains(key.userId)) {
+          // we don't want to verify keys from this user
+          continue;
+        }
+
         if (key.blocked) {
           continue; // we can't be bothered about this keys signatures
         }
@@ -228,7 +241,9 @@ abstract class SignableKey extends MatrixSignableKey {
         }
         // or else we just recurse into that key and chack if it works out
         final haveChain = key.hasValidSignatureChain(
-            verifiedOnly: verifiedOnly, visited: visited);
+            verifiedOnly: verifiedOnly,
+            visited: visited,
+            onlyValidateUserIds: onlyValidateUserIds);
         if (haveChain) {
           return true;
         }