Migrate to a new SVR2 enclave.

app/src/main/java/org/thoughtcrime/securesms/jobs/Svr2MirrorJob.kt

@@ -82,7 +82,7 @@ class Svr2MirrorJob private constructor(parameters: Parameters, private var seri
 
       return when (val response: BackupResponse = session.execute()) {
         is BackupResponse.Success -> {
-          Log.i(TAG, "Successfully migrated to SVR2!")
+          Log.i(TAG, "Successfully migrated to SVR2! $svr2")
           SignalStore.svr().appendAuthTokenToList(response.authorization.asBasic())
           ApplicationDependencies.getJobManager().add(RefreshAttributesJob())
           Result.success()

app/src/main/java/org/thoughtcrime/securesms/migrations/ApplicationMigrations.java

@@ -141,9 +141,10 @@ public class ApplicationMigrations {
     static final int THREAD_COUNT_DB_MIGRATION     = 97;
     static final int SYNC_KEYS_MIGRATION           = 98;
     static final int SELF_REGISTERTED_STATE        = 99;
+    static final int SVR2_ENCLAVE_UPDATE           = 100;
   }
 
-  public static final int CURRENT_VERSION = 99;
+  public static final int CURRENT_VERSION = 100;
 
   /**
    * This *must* be called after the {@link JobManager} has been instantiated, but *before* the call
@@ -642,6 +643,10 @@ public class ApplicationMigrations {
       jobs.put(Version.SELF_REGISTERTED_STATE,  new SelfRegisteredStateMigrationJob());
     }
 
+    if (lastSeenVersion < Version.SVR2_ENCLAVE_UPDATE) {
+      jobs.put(Version.SVR2_ENCLAVE_UPDATE,  new Svr2MirrorMigrationJob());
+    }
+
     return jobs;
   }
 

app/src/main/java/org/thoughtcrime/securesms/pin/SvrRepository.kt

@@ -39,10 +39,14 @@ object SvrRepository {
 
   val TAG = Log.tag(SvrRepository::class.java)
 
+  private val svr2Deprecated: SecureValueRecovery = ApplicationDependencies.getSignalServiceAccountManager().getSecureValueRecoveryV2(BuildConfig.SVR2_MRENCLAVE_DEPRECATED)
   private val svr2: SecureValueRecovery = ApplicationDependencies.getSignalServiceAccountManager().getSecureValueRecoveryV2(BuildConfig.SVR2_MRENCLAVE)
 
-  /** An ordered list of SVR implementations. They should be in priority order, with the most important one listed first. */
-  private val implementations: List<SecureValueRecovery> = listOf(svr2)
+  /** An ordered list of SVR implementations to read from. They should be in priority order, with the most important one listed first. */
+  private val readImplementations: List<SecureValueRecovery> = listOf(svr2, svr2Deprecated)
+
+  /** An ordered list of SVR implementations to write to. They should be in priority order, with the most important one listed first. */
+  private val writeImplementations: List<SecureValueRecovery> = listOf(svr2, svr2Deprecated)
 
   /**
    * A lock that ensures that only one thread at a time is altering the various pieces of SVR state.
@@ -122,7 +126,7 @@ object SvrRepository {
     val stopwatch = Stopwatch("pin-submission")
 
     operationLock.withLock {
-      for (implementation in implementations) {
+      for (implementation in readImplementations) {
         when (val response: RestoreResponse = implementation.restoreDataPostRegistration(userPin)) {
           is RestoreResponse.Success -> {
             Log.i(TAG, "[restoreMasterKeyPostRegistration] Successfully restored master key. $implementation", true)
@@ -187,7 +191,7 @@ object SvrRepository {
   }
 
   /**
-   * Sets the user's PIN the one specified, updating local stores as necessary.
+   * Sets the user's PIN to the one specified, updating local stores as necessary.
    * The resulting Single will not throw an error in any expected case, only if there's a runtime exception.
    */
   @WorkerThread
@@ -196,7 +200,7 @@ object SvrRepository {
     return operationLock.withLock {
       val masterKey: MasterKey = SignalStore.svr().getOrCreateMasterKey()
 
-      val responses: List<BackupResponse> = implementations
+      val responses: List<BackupResponse> = writeImplementations
         .filter { it != svr2 || FeatureFlags.svr2() }
         .map { it.setPin(userPin, masterKey) }
         .map { it.execute() }