Separate PINs from Registration Lock.

You can now have a PIN without having registration lock.

Note: We still need to change the registration flow to allow non-reglock
users to enter their PIN.

app/src/main/java/org/thoughtcrime/securesms/migrations/ApplicationMigrations.java

@@ -39,7 +39,7 @@ public class ApplicationMigrations {
 
   private static final int LEGACY_CANONICAL_VERSION = 455;
 
-  public static final int CURRENT_VERSION = 13;
+  public static final int CURRENT_VERSION = 14;
 
   private static final class Version {
     static final int LEGACY             = 1;
@@ -55,6 +55,7 @@ public class ApplicationMigrations {
     static final int STORAGE_SERVICE    = 11;
     static final int STORAGE_KEY_ROTATE = 12;
     static final int REMOVE_AVATAR_ID   = 13;
+    static final int STORAGE_CAPABILITY = 14;
   }
 
   /**
@@ -212,14 +213,19 @@ public class ApplicationMigrations {
       jobs.put(Version.STORAGE_SERVICE, new StorageServiceMigrationJob());
     }
 
-    if (lastSeenVersion < Version.STORAGE_KEY_ROTATE) {
-      jobs.put(Version.STORAGE_KEY_ROTATE, new StorageKeyRotationMigrationJob());
-    }
+    // Superceded by StorageCapabilityMigrationJob
+//    if (lastSeenVersion < Version.STORAGE_KEY_ROTATE) {
+//      jobs.put(Version.STORAGE_KEY_ROTATE, new StorageKeyRotationMigrationJob());
+//    }
 
     if (lastSeenVersion < Version.REMOVE_AVATAR_ID) {
       jobs.put(Version.REMOVE_AVATAR_ID, new AvatarIdRemovalMigrationJob());
     }
 
+    if (lastSeenVersion < Version.STORAGE_CAPABILITY) {
+      jobs.put(Version.STORAGE_CAPABILITY, new StorageCapabilityMigrationJob());
+    }
+
     return jobs;
   }
 

app/src/main/java/org/thoughtcrime/securesms/migrations/RegistrationPinV2MigrationJob.java

@@ -17,7 +17,7 @@ import org.thoughtcrime.securesms.util.TextSecurePreferences;
 import org.whispersystems.signalservice.api.KeyBackupService;
 import org.whispersystems.signalservice.api.KeyBackupServicePinException;
 import org.whispersystems.signalservice.api.KeyBackupSystemNoDataException;
-import org.whispersystems.signalservice.api.RegistrationLockData;
+import org.whispersystems.signalservice.api.KbsPinData;
 import org.whispersystems.signalservice.api.kbs.HashedPin;
 import org.whispersystems.signalservice.api.kbs.MasterKey;
 import org.whispersystems.signalservice.internal.contacts.crypto.UnauthenticatedResponseException;
@@ -26,6 +26,9 @@ import java.io.IOException;
 import java.util.concurrent.TimeUnit;
 
 /**
+ * Migrates an existing V1 registration lock user to a V2 registration lock that is backed by a
+ * Signal PIN.
+ *
  * Deliberately not a {@link MigrationJob} because it is not something that needs to run at app start.
  * This migration can run at anytime.
  */
@@ -77,10 +80,12 @@ public final class RegistrationPinV2MigrationJob extends BaseJob {
     KeyBackupService                  keyBackupService = ApplicationDependencies.getKeyBackupService();
     KeyBackupService.PinChangeSession pinChangeSession = keyBackupService.newPinChangeSession();
     HashedPin                         hashedPin        = PinHashing.hashPin(pinValue, pinChangeSession);
-    RegistrationLockData              kbsData          = pinChangeSession.setPin(hashedPin, masterKey);
+    KbsPinData                        kbsData          = pinChangeSession.setPin(hashedPin, masterKey);
 
-    kbsValues.setRegistrationLockMasterKey(kbsData, PinHashing.localPinHash(pinValue));
-    TextSecurePreferences.clearOldRegistrationLockPin(context);
+    pinChangeSession.enableRegistrationLock(masterKey);
+
+    kbsValues.setKbsMasterKey(kbsData, PinHashing.localPinHash(pinValue));
+    TextSecurePreferences.clearRegistrationLockV1(context);
 
     Log.i(TAG, "Pin migrated to Key Backup Service");
   }

app/src/main/java/org/thoughtcrime/securesms/migrations/StorageCapabilityMigrationJob.java

@@ -8,23 +8,32 @@ import org.thoughtcrime.securesms.jobmanager.Job;
 import org.thoughtcrime.securesms.jobmanager.JobManager;
 import org.thoughtcrime.securesms.jobs.MultiDeviceKeysUpdateJob;
 import org.thoughtcrime.securesms.jobs.MultiDeviceStorageSyncRequestJob;
+import org.thoughtcrime.securesms.jobs.RefreshAttributesJob;
 import org.thoughtcrime.securesms.jobs.StorageForcePushJob;
-import org.thoughtcrime.securesms.jobs.StorageSyncJob;
 import org.thoughtcrime.securesms.keyvalue.SignalStore;
 import org.thoughtcrime.securesms.logging.Log;
 import org.thoughtcrime.securesms.util.TextSecurePreferences;
 
-public class StorageKeyRotationMigrationJob extends MigrationJob {
+/**
+ * This does a couple things:
+ *   (1) Sets the storage capability for reglockv2 users by refreshing account attributes.
+ *   (2) Force-pushes storage, which is now backed by the KBS master key.
+ *
+ * Note: *All* users need to do this force push, because some people were in the storage service FF
+ *       bucket in the past, and if we don't schedule a force push, they could enter a situation
+ *       where different storage items are encrypted with different keys.
+ */
+public class StorageCapabilityMigrationJob extends MigrationJob {
 
-  private static final String TAG = Log.tag(StorageKeyRotationMigrationJob.class);
+  private static final String TAG = Log.tag(StorageCapabilityMigrationJob.class);
 
-  public static final String KEY = "StorageKeyRotationMigrationJob";
+  public static final String KEY = "StorageCapabilityMigrationJob";
 
-  StorageKeyRotationMigrationJob() {
+  StorageCapabilityMigrationJob() {
     this(new Parameters.Builder().build());
   }
 
-  private StorageKeyRotationMigrationJob(@NonNull Parameters parameters) {
+  private StorageCapabilityMigrationJob(@NonNull Parameters parameters) {
     super(parameters);
   }
 
@@ -41,7 +50,8 @@ public class StorageKeyRotationMigrationJob extends MigrationJob {
   @Override
   public void performMigration() {
     JobManager jobManager = ApplicationDependencies.getJobManager();
-    SignalStore.storageServiceValues().rotateStorageMasterKey();
+
+    jobManager.add(new RefreshAttributesJob());
 
     if (TextSecurePreferences.isMultiDevice(context)) {
       Log.i(TAG, "Multi-device.");
@@ -60,10 +70,10 @@ public class StorageKeyRotationMigrationJob extends MigrationJob {
     return false;
   }
 
-  public static class Factory implements Job.Factory<StorageKeyRotationMigrationJob> {
+  public static class Factory implements Job.Factory<StorageCapabilityMigrationJob> {
     @Override
-    public @NonNull StorageKeyRotationMigrationJob create(@NonNull Parameters parameters, @NonNull Data data) {
-      return new StorageKeyRotationMigrationJob(parameters);
+    public @NonNull StorageCapabilityMigrationJob create(@NonNull Parameters parameters, @NonNull Data data) {
+      return new StorageCapabilityMigrationJob(parameters);
     }
   }
 }