hs-v3: Decrypt pending descriptors when we get new client auth creds.

4 files changed, 29 insertions, 8 deletions

diff --git a/src/feature/control/control_hs.c b/src/feature/control/control_hs.c
index aa7400c0ce..9f9e709c32 100644
--- a/src/feature/control/control_hs.c
+++ b/src/feature/control/control_hs.c
@@ -140,8 +140,10 @@ handle_control_onion_client_auth_add(control_connection_t *conn,
   if (BUG(register_status == REGISTER_FAIL_BAD_ADDRESS)) {
     /* It's a bug because the service addr has already been validated above */
     control_printf_endreply(conn, 512, "Invalid v3 address \"%s\"", hsaddress);
-  } else if (register_status == REGISTER_FAIL_ALREADY_EXISTS) {
-    control_printf_endreply(conn, 551, "Client already exists");
+  } else if (register_status == REGISTER_SUCCESS_ALREADY_EXISTS) {
+    control_printf_endreply(conn, 251,"Client for onion existed and replaced");
+  } else if (register_status == REGISTER_SUCCESS_ALSO_DECRYPTED) {
+    control_printf_endreply(conn, 252,"Registered client and decrypted desc");
   } else if (register_status == REGISTER_SUCCESS) {
     control_printf_endreply(conn, 250, "OK");
   } else {
diff --git a/src/feature/hs/hs_cache.c b/src/feature/hs/hs_cache.c
index 49d5ade419..9cbef2fa41 100644
--- a/src/feature/hs/hs_cache.c
+++ b/src/feature/hs/hs_cache.c
@@ -954,6 +954,10 @@ hs_cache_client_new_auth_parse(const ed25519_public_key_t *service_pk)
 
   tor_assert(service_pk);
 
+  if (!hs_cache_v3_client) {
+    return false;
+  }
+
   cached_desc = lookup_v3_desc_as_client(service_pk->pubkey);
   if (cached_desc == NULL || cached_desc->desc != NULL) {
     /* No entry for that service or the descriptor is already decoded. */
diff --git a/src/feature/hs/hs_client.c b/src/feature/hs/hs_client.c
index 9edfd13673..34574e4bd4 100644
--- a/src/feature/hs/hs_client.c
+++ b/src/feature/hs/hs_client.c
@@ -1453,6 +1453,8 @@ hs_client_register_auth_status_t
 hs_client_register_auth_credentials(hs_client_service_authorization_t *creds)
 {
   ed25519_public_key_t service_identity_pk;
+  hs_client_service_authorization_t *old_creds = NULL;
+  hs_client_register_auth_status_t retval = REGISTER_SUCCESS;
 
   tor_assert(creds);
 
@@ -1466,13 +1468,22 @@ hs_client_register_auth_credentials(hs_client_service_authorization_t *creds)
     return REGISTER_FAIL_BAD_ADDRESS;
   }
 
-  if (digest256map_get(client_auths, service_identity_pk.pubkey)) {
-    client_service_authorization_free(creds);
-    return REGISTER_FAIL_ALREADY_EXISTS;
+  old_creds = digest256map_get(client_auths, service_identity_pk.pubkey);
+  if (old_creds) {
+    digest256map_remove(client_auths, service_identity_pk.pubkey);
+    client_service_authorization_free(old_creds);
+    retval = REGISTER_SUCCESS_ALREADY_EXISTS;
   }
 
   digest256map_set(client_auths, service_identity_pk.pubkey, creds);
-  return REGISTER_SUCCESS;
+
+  /** Now that we set the new credentials, also try to decrypt any cached
+   *  descriptors. */
+  if (hs_cache_client_new_auth_parse(&service_identity_pk)) {
+    retval = REGISTER_SUCCESS_ALSO_DECRYPTED;
+  }
+
+  return retval;
 }
 
 /** Remove client auth credentials for the service <b>hs_address</b>. */
diff --git a/src/feature/hs/hs_client.h b/src/feature/hs/hs_client.h
index b0122aa14d..a756408e58 100644
--- a/src/feature/hs/hs_client.h
+++ b/src/feature/hs/hs_client.h
@@ -35,8 +35,12 @@ typedef enum {
 typedef enum {
   /* We successfuly registered these credentials */
   REGISTER_SUCCESS,
-  /* We failed to register these credentials, because they already exist. */
-  REGISTER_FAIL_ALREADY_EXISTS,
+  /* We successfully registered these credentials, but had to replace some
+   * existing ones. */
+  REGISTER_SUCCESS_ALREADY_EXISTS,
+  /* We successfuly registered these credentials, and also decrypted a cached
+   * descriptor. */
+  REGISTER_SUCCESS_ALSO_DECRYPTED,
   /* We failed to register these credentials, because of a bad HS address. */
   REGISTER_FAIL_BAD_ADDRESS,
 } hs_client_register_auth_status_t;