2012-03-26 17:17:04 -04:00
# include <stdexcept>
# include <sstream>
# include <iostream>
# include <iomanip>
# include <stdlib.h>
2012-03-27 16:48:21 -04:00
# include <string.h>
2012-06-29 15:38:19 -04:00
# include <sys/stat.h>
2012-03-26 17:17:04 -04:00
2012-07-01 16:08:28 -04:00
# ifdef WINDOWS_SYS
# include "util/rsstring.h"
# endif
2012-03-26 17:17:04 -04:00
extern " C " {
# include <openpgpsdk/util.h>
2012-03-27 16:48:21 -04:00
# include <openpgpsdk/crypto.h>
2012-03-27 17:45:43 -04:00
# include <openpgpsdk/armour.h>
2012-03-27 16:48:21 -04:00
# include <openpgpsdk/keyring.h>
2012-03-27 17:45:43 -04:00
# include <openpgpsdk/readerwriter.h>
2012-04-01 17:10:54 -04:00
# include <openpgpsdk/validate.h>
2012-07-01 09:15:36 -04:00
# include <openpgpsdk/parse_local.h>
2012-03-26 17:17:04 -04:00
}
# include "pgphandler.h"
2012-04-29 07:57:03 -04:00
# include "retroshare/rsiface.h" // For rsicontrol.
2012-06-29 15:38:19 -04:00
# include "util/rsdir.h"
# include "util/pgpkey.h"
# define DEBUG_PGPHANDLER
2012-03-26 17:17:04 -04:00
2012-05-01 04:53:32 -04:00
PassphraseCallback PGPHandler : : _passphrase_callback = NULL ;
2012-04-01 08:52:15 -04:00
ops_keyring_t * PGPHandler : : allocateOPSKeyring ( )
{
ops_keyring_t * kr = ( ops_keyring_t * ) malloc ( sizeof ( ops_keyring_t ) ) ;
kr - > nkeys = 0 ;
kr - > nkeys_allocated = 0 ;
kr - > keys = 0 ;
return kr ;
}
2012-05-13 15:04:13 -04:00
ops_parse_cb_return_t cb_get_passphrase ( const ops_parser_content_t * content_ , ops_parse_cb_info_t * cbinfo ) // __attribute__((unused)))
{
const ops_parser_content_union_t * content = & content_ - > content ;
// validate_key_cb_arg_t *arg=ops_parse_cb_get_arg(cbinfo);
// ops_error_t **errors=ops_parse_cb_get_errors(cbinfo);
bool prev_was_bad = false ;
switch ( content_ - > tag )
{
case OPS_PARSER_CMD_GET_SK_PASSPHRASE_PREV_WAS_BAD : prev_was_bad = true ;
case OPS_PARSER_CMD_GET_SK_PASSPHRASE :
{
std : : string passwd ;
std : : string uid_hint = std : : string ( ( const char * ) cbinfo - > cryptinfo . keydata - > uids [ 0 ] . user_id ) ;
uid_hint + = " ( " + PGPIdType ( cbinfo - > cryptinfo . keydata - > key_id ) . toStdString ( ) + " ) " ;
passwd = PGPHandler : : passphraseCallback ( ) ( NULL , uid_hint . c_str ( ) , NULL , prev_was_bad ) ;
// if (rsicontrol->getNotify().askForPassword(uid_hint, prev_was_bad, passwd) == false)
// return OPS_RELEASE_MEMORY;
* ( content - > secret_key_passphrase . passphrase ) = ( char * ) ops_mallocz ( passwd . length ( ) + 1 ) ;
memcpy ( * ( content - > secret_key_passphrase . passphrase ) , passwd . c_str ( ) , passwd . length ( ) ) ;
return OPS_KEEP_MEMORY ;
}
break ;
default :
break ;
}
return OPS_RELEASE_MEMORY ;
}
2012-05-01 04:53:32 -04:00
void PGPHandler : : setPassphraseCallback ( PassphraseCallback cb )
{
_passphrase_callback = cb ;
}
2012-06-20 17:59:04 -04:00
PGPHandler : : PGPHandler ( const std : : string & pubring , const std : : string & secring , const std : : string & trustdb , const std : : string & pgp_lock_filename )
: pgphandlerMtx ( std : : string ( " PGPHandler " ) ) , _pubring_path ( pubring ) , _secring_path ( secring ) , _trustdb_path ( trustdb ) , _pgp_lock_filename ( pgp_lock_filename )
2012-03-26 17:17:04 -04:00
{
2012-06-12 16:31:13 -04:00
_pubring_changed = false ;
2012-06-20 17:59:04 -04:00
_trustdb_changed = false ;
2012-06-12 16:31:13 -04:00
RsStackFileLock flck ( _pgp_lock_filename ) ; // lock access to PGP directory.
2012-05-01 04:53:32 -04:00
if ( _passphrase_callback = = NULL )
{
std : : cerr < < " WARNING: before created a PGPHandler, you need to init the passphrase callback using PGPHandler::setPassphraseCallback() " < < std : : endl ;
exit ( - 1 ) ;
}
2012-03-26 17:17:04 -04:00
// Allocate public and secret keyrings.
//
2012-04-01 08:52:15 -04:00
_pubring = allocateOPSKeyring ( ) ;
_secring = allocateOPSKeyring ( ) ;
2012-03-26 17:17:04 -04:00
2012-06-09 17:01:22 -04:00
// Check that the file exists. If not, create a void keyring.
FILE * ftest ;
ftest = fopen ( pubring . c_str ( ) , " rb " ) ;
bool pubring_exist = ( ftest ! = NULL ) ;
if ( ftest ! = NULL )
fclose ( ftest ) ;
ftest = fopen ( secring . c_str ( ) , " rb " ) ;
bool secring_exist = ( ftest ! = NULL ) ;
if ( ftest ! = NULL )
fclose ( ftest ) ;
2012-03-26 17:17:04 -04:00
// Read public and secret keyrings from supplied files.
//
2012-06-09 17:01:22 -04:00
if ( pubring_exist )
{
if ( ops_false = = ops_keyring_read_from_file ( _pubring , false , pubring . c_str ( ) ) )
throw std : : runtime_error ( " PGPHandler::readKeyRing(): cannot read pubring. File corrupted. " ) ;
}
else
std : : cerr < < " pubring file \" " < < pubring < < " \" not found. Creating a void keyring. " < < std : : endl ;
2012-03-26 17:17:04 -04:00
2012-04-01 08:52:15 -04:00
const ops_keydata_t * keydata ;
int i = 0 ;
while ( ( keydata = ops_keyring_get_key_by_index ( _pubring , i ) ) ! = NULL )
{
2012-05-13 15:04:13 -04:00
PGPCertificateInfo & cert ( _public_keyring_map [ PGPIdType ( keydata - > key_id ) . toStdString ( ) ] ) ;
// Init all certificates.
initCertificateInfo ( cert , keydata , i ) ;
// Validate signatures.
validateAndUpdateSignatures ( cert , keydata ) ;
2012-04-01 08:52:15 -04:00
+ + i ;
}
2012-06-29 15:38:19 -04:00
_pubring_last_update_time = time ( NULL ) ;
2012-03-26 17:17:04 -04:00
std : : cerr < < " Pubring read successfully. " < < std : : endl ;
2012-06-09 17:01:22 -04:00
if ( secring_exist )
{
if ( ops_false = = ops_keyring_read_from_file ( _secring , false , secring . c_str ( ) ) )
throw std : : runtime_error ( " PGPHandler::readKeyRing(): cannot read secring. File corrupted. " ) ;
}
else
std : : cerr < < " secring file \" " < < secring < < " \" not found. Creating a void keyring. " < < std : : endl ;
2012-03-26 17:17:04 -04:00
2012-04-01 08:52:15 -04:00
i = 0 ;
while ( ( keydata = ops_keyring_get_key_by_index ( _secring , i ) ) ! = NULL )
{
2012-04-09 13:03:47 -04:00
initCertificateInfo ( _secret_keyring_map [ PGPIdType ( keydata - > key_id ) . toStdString ( ) ] , keydata , i ) ;
2012-04-01 08:52:15 -04:00
+ + i ;
}
2012-06-29 15:38:19 -04:00
_secring_last_update_time = time ( NULL ) ;
2012-04-01 08:52:15 -04:00
2012-03-26 17:17:04 -04:00
std : : cerr < < " Secring read successfully. " < < std : : endl ;
2012-06-20 17:59:04 -04:00
locked_readPrivateTrustDatabase ( ) ;
2012-03-26 17:17:04 -04:00
}
2012-04-09 13:03:47 -04:00
void PGPHandler : : initCertificateInfo ( PGPCertificateInfo & cert , const ops_keydata_t * keydata , uint32_t index )
{
// Parse certificate name
//
2012-04-22 07:36:34 -04:00
if ( keydata - > uids ! = NULL )
{
std : : string namestring ( ( char * ) keydata - > uids [ 0 ] . user_id ) ;
cert . _name = " " ;
2012-04-29 07:57:03 -04:00
uint32_t i = 0 ;
2012-04-22 07:36:34 -04:00
while ( i < namestring . length ( ) & & namestring [ i ] ! = ' ( ' & & namestring [ i ] ! = ' < ' ) { cert . _name + = namestring [ i ] ; + + i ; }
2012-04-09 13:03:47 -04:00
2012-04-22 07:36:34 -04:00
std : : string & next = ( namestring [ i ] = = ' ( ' ) ? cert . _comment : cert . _email ;
+ + i ;
next = " " ;
while ( i < namestring . length ( ) & & namestring [ i ] ! = ' ) ' & & namestring [ i ] ! = ' > ' ) { next + = namestring [ i ] ; + + i ; }
2012-04-09 13:03:47 -04:00
2012-04-22 07:36:34 -04:00
while ( i < namestring . length ( ) & & namestring [ i ] ! = ' ( ' & & namestring [ i ] ! = ' < ' ) { next + = namestring [ i ] ; + + i ; }
2012-04-26 15:37:15 -04:00
if ( i < namestring . length ( ) )
{
std : : string & next2 = ( namestring [ i ] = = ' ( ' ) ? cert . _comment : cert . _email ;
+ + i ;
next2 = " " ;
while ( i < namestring . length ( ) & & namestring [ i ] ! = ' ) ' & & namestring [ i ] ! = ' > ' ) { next2 + = namestring [ i ] ; + + i ; }
}
2012-04-22 07:36:34 -04:00
}
2012-04-09 13:03:47 -04:00
cert . _trustLvl = 1 ; // to be setup accordingly
2012-05-01 04:53:32 -04:00
cert . _validLvl = 1 ; // to be setup accordingly
2012-04-09 13:03:47 -04:00
cert . _key_index = index ;
2012-04-26 15:37:15 -04:00
cert . _flags = 0 ;
2012-04-09 13:03:47 -04:00
2012-04-22 07:36:34 -04:00
ops_fingerprint_t f ;
ops_fingerprint ( & f , & keydata - > key . pkey ) ;
cert . _fpr = PGPFingerprintType ( f . fingerprint ) ;
2012-06-14 16:13:31 -04:00
if ( keydata - > key . pkey . algorithm ! = OPS_PKA_RSA )
cert . _flags | = PGPCertificateInfo : : PGP_CERTIFICATE_FLAG_UNSUPPORTED_ALGORITHM ;
2012-05-13 15:04:13 -04:00
}
2012-07-02 16:46:14 -04:00
bool PGPHandler : : validateAndUpdateSignatures ( PGPCertificateInfo & cert , const ops_keydata_t * keydata )
2012-05-13 15:04:13 -04:00
{
ops_validate_result_t * result = ( ops_validate_result_t * ) ops_mallocz ( sizeof * result ) ;
ops_boolean_t res = ops_validate_key_signatures ( result , keydata , _pubring , cb_get_passphrase ) ;
2012-05-01 14:45:24 -04:00
2012-06-29 15:38:19 -04:00
if ( res = = ops_false )
std : : cerr < < " (EE) Error in PGPHandler::validateAndUpdateSignatures(). Validation failed for at least some signatures. " < < std : : endl ;
2012-07-02 16:46:14 -04:00
bool ret = false ;
2012-05-01 14:45:24 -04:00
// Parse signers.
//
2012-05-13 15:04:13 -04:00
if ( result ! = NULL )
for ( size_t i = 0 ; i < result - > valid_count ; + + i )
2012-07-02 16:46:14 -04:00
{
std : : string signer_str = PGPIdType ( result - > valid_sigs [ i ] . signer_id ) . toStdString ( ) ;
if ( cert . signers . find ( signer_str ) = = cert . signers . end ( ) )
{
cert . signers . insert ( signer_str ) ;
ret = true ;
}
}
2012-05-13 15:04:13 -04:00
ops_validate_result_free ( result ) ;
2012-07-02 16:46:14 -04:00
return ret ;
2012-04-09 13:03:47 -04:00
}
2012-03-26 17:17:04 -04:00
PGPHandler : : ~ PGPHandler ( )
{
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-03-26 17:17:04 -04:00
std : : cerr < < " Freeing PGPHandler. Deleting keyrings. " < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-03-26 17:17:04 -04:00
2012-04-01 08:52:15 -04:00
// no need to free the the _map_ elements. They will be freed by the following calls:
//
2012-03-26 17:17:04 -04:00
ops_keyring_free ( _pubring ) ;
ops_keyring_free ( _secring ) ;
free ( _pubring ) ;
free ( _secring ) ;
}
2012-03-27 16:48:21 -04:00
2012-04-09 13:03:47 -04:00
bool PGPHandler : : printKeys ( ) const
{
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-04-22 07:36:34 -04:00
std : : cerr < < " Printing details of all " < < std : : dec < < _public_keyring_map . size ( ) < < " keys: " < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-04-22 07:36:34 -04:00
2012-04-09 13:03:47 -04:00
for ( std : : map < std : : string , PGPCertificateInfo > : : const_iterator it ( _public_keyring_map . begin ( ) ) ; it ! = _public_keyring_map . end ( ) ; it + + )
{
std : : cerr < < " PGP Key: " < < it - > first < < std : : endl ;
std : : cerr < < " \t Name : " < < it - > second . _name < < std : : endl ;
std : : cerr < < " \t Email : " < < it - > second . _email < < std : : endl ;
std : : cerr < < " \t OwnSign : " < < ( it - > second . _flags & PGPCertificateInfo : : PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE ) < < std : : endl ;
2012-06-14 16:13:31 -04:00
std : : cerr < < " \t Accept Connect: " < < ( it - > second . _flags & PGPCertificateInfo : : PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION ) < < std : : endl ;
2012-04-09 13:03:47 -04:00
std : : cerr < < " \t trustLvl : " < < it - > second . _trustLvl < < std : : endl ;
std : : cerr < < " \t validLvl : " < < it - > second . _validLvl < < std : : endl ;
2012-04-22 07:36:34 -04:00
std : : cerr < < " \t fingerprint : " < < it - > second . _fpr . toStdString ( ) < < std : : endl ;
2012-05-01 14:45:24 -04:00
std : : cerr < < " \t Signers : " < < it - > second . signers . size ( ) < < std : : endl ;
2012-04-09 13:03:47 -04:00
std : : set < std : : string > : : const_iterator sit ;
for ( sit = it - > second . signers . begin ( ) ; sit ! = it - > second . signers . end ( ) ; sit + + )
{
std : : cerr < < " \t \t Signer ID: " < < * sit < < " , Name: " ;
2012-06-06 16:31:19 -04:00
const PGPCertificateInfo * info = PGPHandler : : getCertificateInfo ( PGPIdType ( * sit ) ) ;
2012-04-09 13:03:47 -04:00
if ( info ! = NULL )
std : : cerr < < info - > _name ;
std : : cerr < < std : : endl ;
}
}
2012-05-01 14:45:24 -04:00
std : : cerr < < " Public keyring list from OPS: " < < std : : endl ;
ops_keyring_list ( _pubring ) ;
2012-04-09 13:03:47 -04:00
return true ;
}
const PGPCertificateInfo * PGPHandler : : getCertificateInfo ( const PGPIdType & id ) const
2012-03-27 16:48:21 -04:00
{
2012-04-09 13:03:47 -04:00
std : : map < std : : string , PGPCertificateInfo > : : const_iterator it ( _public_keyring_map . find ( id . toStdString ( ) ) ) ;
2012-03-27 16:48:21 -04:00
2012-04-09 13:03:47 -04:00
if ( it ! = _public_keyring_map . end ( ) )
return & it - > second ;
else
return NULL ;
2012-03-27 16:48:21 -04:00
}
bool PGPHandler : : availableGPGCertificatesWithPrivateKeys ( std : : list < PGPIdType > & ids )
{
// go through secret keyring, and check that we have the pubkey as well.
//
const ops_keydata_t * keydata = NULL ;
int i = 0 ;
while ( ( keydata = ops_keyring_get_key_by_index ( _secring , i + + ) ) ! = NULL )
2012-06-29 15:38:19 -04:00
if ( ops_keyring_find_key_by_id ( _pubring , keydata - > key_id ) ! = NULL ) // check that the key is in the pubring as well
{
2012-06-14 16:13:31 -04:00
if ( keydata - > key . pkey . algorithm = = OPS_PKA_RSA )
ids . push_back ( PGPIdType ( keydata - > key_id ) ) ;
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-06-14 16:13:31 -04:00
else
std : : cerr < < " Skipping keypair " < < PGPIdType ( keydata - > key_id ) . toStdString ( ) < < " , unsupported algorithm: " < < keydata - > key . pkey . algorithm < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
}
2012-03-27 16:48:21 -04:00
return true ;
}
2012-07-01 10:34:11 -04:00
bool PGPHandler : : GeneratePGPCertificate ( const std : : string & name , const std : : string & email , const std : : string & passphrase , PGPIdType & pgpId , std : : string & errString )
2012-03-27 16:48:21 -04:00
{
2012-07-01 18:24:37 -04:00
RsStackFileLock flck ( _pgp_lock_filename ) ; // lock access to PGP directory.
2012-03-27 16:48:21 -04:00
static const int KEY_NUMBITS = 2048 ;
2012-07-01 10:34:11 -04:00
// 1 - generate keypair - RSA-2048
//
2012-03-27 16:48:21 -04:00
ops_user_id_t uid ;
2012-04-01 12:43:23 -04:00
char * s = strdup ( ( name + " " + email + " (Generated by RetroShare) " ) . c_str ( ) ) ;
2012-03-27 16:48:21 -04:00
uid . user_id = ( unsigned char * ) s ;
2012-07-01 17:40:44 -04:00
unsigned long int e = 65537 ; // some prime number
2012-03-27 16:48:21 -04:00
ops_keydata_t * key = ops_rsa_create_selfsigned_keypair ( KEY_NUMBITS , e , & uid ) ;
2012-04-01 12:43:23 -04:00
free ( s ) ;
2012-03-27 16:48:21 -04:00
if ( ! key )
return false ;
2012-07-01 17:40:44 -04:00
// 2 - save the private key encrypted to a temporary memory buffer, so as to read an encrypted key to memory
2012-04-01 08:52:15 -04:00
ops_create_info_t * cinfo = NULL ;
ops_memory_t * buf = NULL ;
ops_setup_memory_write ( & cinfo , & buf , 0 ) ;
2012-07-01 17:40:44 -04:00
if ( ! ops_write_transferable_secret_key ( key , ( unsigned char * ) passphrase . c_str ( ) , passphrase . length ( ) , ops_false , cinfo ) )
{
std : : cerr < < " (EE) Cannot encode secret key to memory!! " < < std : : endl ;
return false ;
}
2012-04-01 08:52:15 -04:00
2012-07-01 17:40:44 -04:00
// 3 - read the memory chunk into an encrypted keyring
2012-04-01 08:52:15 -04:00
2012-07-01 10:34:11 -04:00
ops_keyring_t * tmp_secring = allocateOPSKeyring ( ) ;
2012-07-01 17:40:44 -04:00
2012-07-01 10:34:11 -04:00
if ( ! ops_keyring_read_from_mem ( tmp_secring , ops_false , buf ) )
2012-04-01 08:52:15 -04:00
{
2012-06-29 15:38:19 -04:00
std : : cerr < < " (EE) Cannot re-read key from memory!! " < < std : : endl ;
2012-04-01 08:52:15 -04:00
return false ;
}
ops_teardown_memory_write ( cinfo , buf ) ; // cleanup memory
2012-07-01 17:40:44 -04:00
// 4 - copy the encrypted private key to the private keyring
2012-04-01 08:52:15 -04:00
2012-07-01 10:34:11 -04:00
pgpId = PGPIdType ( tmp_secring - > keys [ 0 ] . key_id ) ;
addNewKeyToOPSKeyring ( _secring , tmp_secring - > keys [ 0 ] ) ;
initCertificateInfo ( _secret_keyring_map [ pgpId . toStdString ( ) ] , & tmp_secring - > keys [ 0 ] , _secring - > nkeys - 1 ) ;
2012-04-01 08:52:15 -04:00
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-04-01 08:52:15 -04:00
std : : cerr < < " Added new secret key with id " < < pgpId . toStdString ( ) < < " to secret keyring. " < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-07-01 10:34:11 -04:00
ops_keyring_free ( tmp_secring ) ;
free ( tmp_secring ) ;
2012-04-01 08:52:15 -04:00
2012-07-01 17:50:48 -04:00
// 5 - add key to secret keyring on disk.
2012-04-01 17:10:54 -04:00
2012-07-01 18:24:37 -04:00
cinfo = NULL ;
int fd = ops_setup_file_append ( & cinfo , _secring_path . c_str ( ) ) ;
2012-07-01 17:50:48 -04:00
2012-07-01 18:24:37 -04:00
if ( ! ops_write_transferable_secret_key ( key , ( unsigned char * ) passphrase . c_str ( ) , passphrase . length ( ) , ops_false , cinfo ) )
{
std : : cerr < < " (EE) Cannot encode secret key to disk!! Disk full? Out of disk quota? " < < std : : endl ;
return false ;
2012-07-01 17:40:44 -04:00
}
2012-07-01 18:24:37 -04:00
ops_teardown_file_write ( cinfo , fd ) ;
2012-07-01 17:40:44 -04:00
2012-07-02 16:46:14 -04:00
// 6 - copy the public key to the public keyring on disk
2012-07-01 17:40:44 -04:00
2012-07-02 16:46:14 -04:00
cinfo = NULL ;
fd = ops_setup_file_append ( & cinfo , _pubring_path . c_str ( ) ) ;
2012-07-01 17:40:44 -04:00
if ( ! ops_write_transferable_public_key ( key , ops_false , cinfo ) )
{
std : : cerr < < " (EE) Cannot encode secret key to memory!! " < < std : : endl ;
return false ;
}
2012-07-02 16:46:14 -04:00
ops_teardown_file_write ( cinfo , fd ) ;
2012-07-01 10:34:11 -04:00
2012-07-02 16:46:14 -04:00
// 7 - clean
ops_keydata_free ( key ) ;
2012-07-01 10:34:11 -04:00
2012-07-02 16:46:14 -04:00
// 8 - re-read the key from the public keyring, and add it to memory.
_pubring_last_update_time = 0 ; // force update pubring from disk.
locked_syncPublicKeyring ( ) ;
2012-04-01 17:10:54 -04:00
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-04-01 17:10:54 -04:00
std : : cerr < < " Added new public key with id " < < pgpId . toStdString ( ) < < " to public keyring. " < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-04-01 17:10:54 -04:00
2012-07-02 16:46:14 -04:00
// 9 - Update some flags.
2012-05-13 15:04:13 -04:00
2012-07-01 17:50:48 -04:00
privateTrustCertificate ( pgpId , PGPCertificateInfo : : PGP_CERTIFICATE_TRUST_ULTIMATE ) ;
2012-06-12 16:31:13 -04:00
2012-03-29 17:51:37 -04:00
return true ;
}
std : : string PGPHandler : : makeRadixEncodedPGPKey ( const ops_keydata_t * key )
{
2012-03-27 17:45:43 -04:00
ops_boolean_t armoured = ops_true ;
ops_create_info_t * cinfo ;
2012-04-01 08:52:15 -04:00
ops_memory_t * buf = NULL ;
2012-03-27 17:45:43 -04:00
ops_setup_memory_write ( & cinfo , & buf , 0 ) ;
2012-07-02 17:45:43 -04:00
if ( ops_write_transferable_public_key_from_packet_data ( key , armoured , cinfo ) ! = ops_true )
2012-06-13 16:54:39 -04:00
return " ERROR: This key cannot be processed by RetroShare because \n DSA certificates are not yet handled. " ;
2012-03-29 17:51:37 -04:00
ops_writer_close ( cinfo ) ;
2012-03-27 17:45:43 -04:00
2012-03-29 17:51:37 -04:00
std : : string akey ( ( char * ) ops_memory_get_data ( buf ) , ops_memory_get_length ( buf ) ) ;
2012-03-27 17:45:43 -04:00
2012-03-29 17:51:37 -04:00
ops_teardown_memory_write ( cinfo , buf ) ;
2012-03-27 17:45:43 -04:00
2012-03-29 17:51:37 -04:00
return akey ;
}
2012-04-01 08:52:15 -04:00
const ops_keydata_t * PGPHandler : : getSecretKey ( const PGPIdType & id ) const
{
2012-04-09 13:03:47 -04:00
std : : map < std : : string , PGPCertificateInfo > : : const_iterator res = _secret_keyring_map . find ( id . toStdString ( ) ) ;
2012-04-01 08:52:15 -04:00
if ( res = = _secret_keyring_map . end ( ) )
return NULL ;
else
2012-04-09 13:03:47 -04:00
return ops_keyring_get_key_by_index ( _secring , res - > second . _key_index ) ;
2012-04-01 08:52:15 -04:00
}
const ops_keydata_t * PGPHandler : : getPublicKey ( const PGPIdType & id ) const
{
2012-04-09 13:03:47 -04:00
std : : map < std : : string , PGPCertificateInfo > : : const_iterator res = _public_keyring_map . find ( id . toStdString ( ) ) ;
2012-04-01 08:52:15 -04:00
if ( res = = _public_keyring_map . end ( ) )
return NULL ;
else
2012-04-09 13:03:47 -04:00
return ops_keyring_get_key_by_index ( _pubring , res - > second . _key_index ) ;
2012-04-01 08:52:15 -04:00
}
2012-03-29 17:51:37 -04:00
std : : string PGPHandler : : SaveCertificateToString ( const PGPIdType & id , bool include_signatures )
{
2012-04-01 08:52:15 -04:00
const ops_keydata_t * key = getPublicKey ( id ) ;
2012-03-29 17:51:37 -04:00
if ( key = = NULL )
{
std : : cerr < < " Cannot output key " < < id . toStdString ( ) < < " : not found in keyring. " < < std : : endl ;
return " " ;
}
return makeRadixEncodedPGPKey ( key ) ;
2012-03-27 16:48:21 -04:00
}
2012-04-01 08:52:15 -04:00
void PGPHandler : : addNewKeyToOPSKeyring ( ops_keyring_t * kr , const ops_keydata_t & key )
{
kr - > keys = ( ops_keydata_t * ) realloc ( kr - > keys , ( kr - > nkeys + 1 ) * sizeof ( ops_keydata_t ) ) ;
memset ( & kr - > keys [ kr - > nkeys ] , 0 , sizeof ( ops_keydata_t ) ) ;
ops_keydata_copy ( & kr - > keys [ kr - > nkeys ] , & key ) ;
kr - > nkeys + + ;
}
bool PGPHandler : : LoadCertificateFromString ( const std : : string & pgp_cert , PGPIdType & id , std : : string & error_string )
{
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-06-15 17:58:46 -04:00
std : : cerr < < " Reading new key from string: " < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-06-15 17:58:46 -04:00
2012-04-01 08:52:15 -04:00
ops_keyring_t * tmp_keyring = allocateOPSKeyring ( ) ;
ops_memory_t * mem = ops_memory_new ( ) ;
ops_memory_add ( mem , ( unsigned char * ) pgp_cert . c_str ( ) , pgp_cert . length ( ) ) ;
if ( ! ops_keyring_read_from_mem ( tmp_keyring , ops_true , mem ) )
{
ops_keyring_free ( tmp_keyring ) ;
2012-04-01 12:43:23 -04:00
free ( tmp_keyring ) ;
2012-04-01 08:52:15 -04:00
ops_memory_release ( mem ) ;
2012-04-01 12:43:23 -04:00
free ( mem ) ;
2012-04-01 08:52:15 -04:00
std : : cerr < < " Could not read key. Format error? " < < std : : endl ;
error_string = std : : string ( " Could not read key. Format error? " ) ;
return false ;
}
ops_memory_release ( mem ) ;
2012-04-01 12:43:23 -04:00
free ( mem ) ;
2012-04-01 08:52:15 -04:00
error_string . clear ( ) ;
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-06-15 17:58:46 -04:00
std : : cerr < < " Key read correctly: " < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-04-01 08:52:15 -04:00
ops_keyring_list ( tmp_keyring ) ;
const ops_keydata_t * keydata = NULL ;
int i = 0 ;
while ( ( keydata = ops_keyring_get_key_by_index ( tmp_keyring , i + + ) ) ! = NULL )
2012-06-29 15:38:19 -04:00
if ( addOrMergeKey ( _pubring , _public_keyring_map , keydata ) )
2012-07-01 18:24:37 -04:00
{
2012-06-29 15:38:19 -04:00
_pubring_changed = true ;
# ifdef DEBUG_PGPHANDLER
2012-07-01 18:24:37 -04:00
std : : cerr < < " Added the key in the main public keyring. " < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-07-01 18:24:37 -04:00
}
else
std : : cerr < < " Key already in public keyring. " < < std : : endl ;
2012-04-01 08:52:15 -04:00
2012-07-01 18:24:37 -04:00
id = PGPIdType ( tmp_keyring - > keys [ 0 ] . key_id ) ;
2012-04-01 08:52:15 -04:00
ops_keyring_free ( tmp_keyring ) ;
2012-04-01 12:43:23 -04:00
free ( tmp_keyring ) ;
2012-06-12 16:31:13 -04:00
_pubring_changed = true ;
2012-04-01 08:52:15 -04:00
return true ;
}
2012-06-29 15:38:19 -04:00
bool PGPHandler : : addOrMergeKey ( ops_keyring_t * keyring , std : : map < std : : string , PGPCertificateInfo > & kmap , const ops_keydata_t * keydata )
2012-04-08 10:52:01 -04:00
{
2012-06-29 15:38:19 -04:00
bool ret = false ;
PGPIdType id ( keydata - > key_id ) ;
# ifdef DEBUG_PGPHANDLER
std : : cerr < < " AddOrMergeKey(): " < < std : : endl ;
std : : cerr < < " id: " < < id . toStdString ( ) < < std : : endl ;
# endif
// See if the key is already in the keyring
const ops_keydata_t * existing_key = NULL ;
std : : map < std : : string , PGPCertificateInfo > : : const_iterator res = kmap . find ( id . toStdString ( ) ) ;
// Checks that
// - the key is referenced by keyid
// - the map is initialized
// - the fingerprint matches!
//
if ( res = = kmap . end ( ) | | ( existing_key = ops_keyring_get_key_by_index ( keyring , res - > second . _key_index ) ) = = NULL )
{
# ifdef DEBUG_PGPHANDLER
std : : cerr < < " Key is new. Adding it to keyring " < < std : : endl ;
# endif
addNewKeyToOPSKeyring ( keyring , * keydata ) ; // the key is new.
initCertificateInfo ( kmap [ id . toStdString ( ) ] , keydata , keyring - > nkeys - 1 ) ;
existing_key = & ( keyring - > keys [ keyring - > nkeys - 1 ] ) ;
ret = true ;
}
else
{
if ( memcmp ( existing_key - > fingerprint . fingerprint , keydata - > fingerprint . fingerprint , KEY_FINGERPRINT_SIZE ) )
{
std : : cerr < < " (EE) attempt to merge key with identical id, but different fingerprint! " < < std : : endl ;
return false ;
}
2012-06-12 16:31:13 -04:00
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
std : : cerr < < " Key exists. Merging signatures. " < < std : : endl ;
# endif
ret = mergeKeySignatures ( const_cast < ops_keydata_t * > ( existing_key ) , keydata ) ;
2012-06-12 16:31:13 -04:00
2012-06-29 15:38:19 -04:00
if ( ret )
initCertificateInfo ( kmap [ id . toStdString ( ) ] , existing_key , res - > second . _key_index ) ;
}
2012-06-12 16:31:13 -04:00
2012-06-29 15:38:19 -04:00
if ( ret )
validateAndUpdateSignatures ( kmap [ id . toStdString ( ) ] , existing_key ) ;
return ret ;
2012-05-01 14:45:24 -04:00
}
2012-04-08 10:52:01 -04:00
2012-05-01 14:45:24 -04:00
bool PGPHandler : : encryptTextToFile ( const PGPIdType & key_id , const std : : string & text , const std : : string & outfile )
{
2012-04-08 10:52:01 -04:00
ops_create_info_t * info ;
int fd = ops_setup_file_write ( & info , outfile . c_str ( ) , ops_true ) ;
const ops_keydata_t * public_key = getPublicKey ( key_id ) ;
if ( public_key = = NULL )
{
std : : cerr < < " Cannot get public key of id " < < key_id . toStdString ( ) < < std : : endl ;
return false ;
}
2012-07-01 10:34:11 -04:00
if ( public_key - > type ! = OPS_PTAG_CT_PUBLIC_KEY )
{
std : : cerr < < " PGPHandler::encryptTextToFile(): ERROR: supplied id did not return a public key! " < < outfile < < std : : endl ;
return false ;
}
2012-04-08 10:52:01 -04:00
if ( fd < 0 )
{
2012-05-01 14:45:24 -04:00
std : : cerr < < " PGPHandler::encryptTextToFile(): ERROR: Cannot write to " < < outfile < < std : : endl ;
2012-04-08 10:52:01 -04:00
return false ;
}
ops_encrypt_stream ( info , public_key , NULL , ops_false , ops_true ) ;
ops_write ( text . c_str ( ) , text . length ( ) , info ) ;
ops_writer_close ( info ) ;
ops_create_info_delete ( info ) ;
return true ;
}
bool PGPHandler : : decryptTextFromFile ( const PGPIdType & key_id , std : : string & text , const std : : string & inputfile )
{
unsigned char * out_buf = NULL ;
std : : string buf ;
FILE * f = fopen ( inputfile . c_str ( ) , " rb " ) ;
2012-06-14 18:53:02 -04:00
if ( f = = NULL )
{
return false ;
}
2012-04-08 10:52:01 -04:00
char c ;
while ( ( c = getc ( f ) ) ! = EOF )
buf + = c ;
fclose ( f ) ;
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-04-22 07:36:34 -04:00
std : : cerr < < " PGPHandler::decryptTextFromFile: read a file of length " < < std : : dec < < buf . length ( ) < < std : : endl ;
std : : cerr < < " buf= \" " < < buf < < " \" " < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-04-08 10:52:01 -04:00
int out_length ;
ops_boolean_t res = ops_decrypt_memory ( ( const unsigned char * ) buf . c_str ( ) , buf . length ( ) , & out_buf , & out_length , _secring , ops_true , cb_get_passphrase ) ;
text = std : : string ( ( char * ) out_buf , out_length ) ;
2012-06-14 18:53:02 -04:00
free ( out_buf ) ;
2012-04-08 10:52:01 -04:00
return ( bool ) res ;
}
2012-04-01 08:52:15 -04:00
bool PGPHandler : : SignDataBin ( const PGPIdType & id , const void * data , const uint32_t len , unsigned char * sign , unsigned int * signlen )
{
// need to find the key and to decrypt it.
const ops_keydata_t * key = getSecretKey ( id ) ;
if ( ! key )
{
std : : cerr < < " Cannot sign: no secret key with id " < < id . toStdString ( ) < < std : : endl ;
return false ;
}
2012-04-08 10:52:01 -04:00
std : : string passphrase = _passphrase_callback ( NULL , PGPIdType ( key - > key_id ) . toStdString ( ) . c_str ( ) , " Please enter passwd for encrypting your key : " , false ) ;
2012-04-01 08:52:15 -04:00
ops_secret_key_t * secret_key = ops_decrypt_secret_key_from_data ( key , passphrase . c_str ( ) ) ;
if ( ! secret_key )
{
std : : cerr < < " Key decryption went wrong. Wrong passwd? " < < std : : endl ;
return false ;
}
// then do the signature.
2012-05-01 04:53:32 -04:00
ops_memory_t * memres = ops_sign_buf ( data , len , ( ops_sig_type_t ) 0x00 , secret_key , ops_false , ops_false ) ;
2012-04-01 08:52:15 -04:00
if ( ! memres )
return false ;
uint32_t tlen = std : : min ( * signlen , ( uint32_t ) ops_memory_get_length ( memres ) ) ;
memcpy ( sign , ops_memory_get_data ( memres ) , tlen ) ;
* signlen = tlen ;
2012-04-01 12:43:23 -04:00
ops_memory_release ( memres ) ;
free ( memres ) ;
ops_secret_key_free ( secret_key ) ;
free ( secret_key ) ;
2012-04-01 08:52:15 -04:00
return true ;
}
2012-04-04 15:27:07 -04:00
bool PGPHandler : : getKeyFingerprint ( const PGPIdType & id , PGPFingerprintType & fp ) const
2012-04-01 17:10:54 -04:00
{
2012-04-04 15:27:07 -04:00
const ops_keydata_t * key = getPublicKey ( id ) ;
2012-04-01 17:10:54 -04:00
2012-04-04 15:27:07 -04:00
if ( key = = NULL )
return false ;
2012-04-01 17:10:54 -04:00
2012-04-04 15:27:07 -04:00
ops_fingerprint_t f ;
ops_fingerprint ( & f , & key - > key . pkey ) ;
2012-04-01 17:10:54 -04:00
2012-04-04 15:27:07 -04:00
fp = PGPFingerprintType ( f . fingerprint ) ;
2012-04-01 17:10:54 -04:00
2012-04-04 15:27:07 -04:00
return true ;
}
2012-04-26 15:37:15 -04:00
bool PGPHandler : : VerifySignBin ( const void * literal_data , uint32_t literal_data_length , unsigned char * sign , unsigned int sign_len , const PGPFingerprintType & key_fingerprint )
2012-04-04 15:27:07 -04:00
{
2012-06-06 16:31:19 -04:00
PGPIdType id = PGPIdType ( key_fingerprint . toByteArray ( ) + PGPFingerprintType : : SIZE_IN_BYTES - PGPIdType : : SIZE_IN_BYTES ) ;
2012-04-04 15:27:07 -04:00
const ops_keydata_t * key = getPublicKey ( id ) ;
if ( key = = NULL )
{
std : : cerr < < " No key returned by fingerprint " < < key_fingerprint . toStdString ( ) < < " , and ID " < < id . toStdString ( ) < < " , signature verification failed! " < < std : : endl ;
return false ;
}
// Check that fingerprint is the same.
const ops_public_key_t * pkey = & key - > key . pkey ;
ops_fingerprint_t fp ;
ops_fingerprint ( & fp , pkey ) ;
if ( key_fingerprint ! = PGPFingerprintType ( fp . fingerprint ) )
{
std : : cerr < < " Key fingerprint does not match " < < key_fingerprint . toStdString ( ) < < " , for ID " < < id . toStdString ( ) < < " , signature verification failed! " < < std : : endl ;
return false ;
}
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-04-26 17:39:45 -04:00
std : : cerr < < " Verifying signature from fingerprint " < < key_fingerprint . toStdString ( ) < < " , length " < < std : : dec < < sign_len < < " , literal data length = " < < literal_data_length < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-04-04 15:27:07 -04:00
2012-04-26 15:37:15 -04:00
return ops_validate_detached_signature ( literal_data , literal_data_length , sign , sign_len , key ) ;
2012-04-01 17:10:54 -04:00
}
2012-04-09 13:03:47 -04:00
void PGPHandler : : setAcceptConnexion ( const PGPIdType & id , bool b )
{
std : : map < std : : string , PGPCertificateInfo > : : iterator res = _public_keyring_map . find ( id . toStdString ( ) ) ;
if ( res ! = _public_keyring_map . end ( ) )
2012-04-29 07:57:03 -04:00
{
2012-04-09 13:03:47 -04:00
if ( b )
res - > second . _flags | = PGPCertificateInfo : : PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION ;
else
res - > second . _flags & = ~ PGPCertificateInfo : : PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION ;
2012-04-29 07:57:03 -04:00
}
2012-04-09 13:03:47 -04:00
}
bool PGPHandler : : getGPGFilteredList ( std : : list < PGPIdType > & list , bool ( * filter ) ( const PGPCertificateInfo & ) ) const
{
list . clear ( ) ;
for ( std : : map < std : : string , PGPCertificateInfo > : : const_iterator it ( _public_keyring_map . begin ( ) ) ; it ! = _public_keyring_map . end ( ) ; + + it )
if ( filter = = NULL | | ( * filter ) ( it - > second ) )
2012-06-06 16:31:19 -04:00
list . push_back ( PGPIdType ( it - > first ) ) ;
2012-04-09 13:03:47 -04:00
return true ;
}
bool PGPHandler : : isGPGId ( const std : : string & id )
{
return _public_keyring_map . find ( id ) ! = _public_keyring_map . end ( ) ;
}
bool PGPHandler : : isGPGSigned ( const std : : string & id )
{
std : : map < std : : string , PGPCertificateInfo > : : const_iterator res = _public_keyring_map . find ( id ) ;
return res ! = _public_keyring_map . end ( ) & & ( res - > second . _flags & PGPCertificateInfo : : PGP_CERTIFICATE_FLAG_HAS_OWN_SIGNATURE ) ;
}
bool PGPHandler : : isGPGAccepted ( const std : : string & id )
{
std : : map < std : : string , PGPCertificateInfo > : : const_iterator res = _public_keyring_map . find ( id ) ;
2012-04-26 17:39:45 -04:00
return ( res ! = _public_keyring_map . end ( ) ) & & ( res - > second . _flags & PGPCertificateInfo : : PGP_CERTIFICATE_FLAG_ACCEPT_CONNEXION ) ;
2012-04-09 13:03:47 -04:00
}
2012-06-15 17:58:46 -04:00
// Lexicographic order on signature packets
//
bool operator < ( const ops_packet_t & p1 , const ops_packet_t & p2 )
{
if ( p1 . length < p2 . length )
return true ;
if ( p1 . length > p2 . length )
return false ;
2012-06-29 15:38:19 -04:00
for ( uint32_t i = 0 ; i < p1 . length ; + + i )
2012-06-15 17:58:46 -04:00
{
if ( p1 . raw [ i ] < p2 . raw [ i ] )
return true ;
if ( p1 . raw [ i ] > p2 . raw [ i ] )
return false ;
}
return false ;
}
bool PGPHandler : : mergeKeySignatures ( ops_keydata_t * dst , const ops_keydata_t * src )
{
// First sort all signatures into lists to see which is new, which is not new
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-06-15 17:58:46 -04:00
std : : cerr < < " Merging signatures for key " < < PGPIdType ( dst - > key_id ) . toStdString ( ) < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-06-15 17:58:46 -04:00
std : : set < ops_packet_t > dst_packets ;
2012-06-29 15:38:19 -04:00
for ( uint32_t i = 0 ; i < dst - > npackets ; + + i ) dst_packets . insert ( dst - > packets [ i ] ) ;
2012-06-15 17:58:46 -04:00
std : : set < ops_packet_t > to_add ;
2012-06-29 15:38:19 -04:00
for ( uint32_t i = 0 ; i < src - > npackets ; + + i )
2012-06-15 17:58:46 -04:00
if ( dst_packets . find ( src - > packets [ i ] ) = = dst_packets . end ( ) )
{
uint8_t tag ;
uint32_t length ;
PGPKeyParser : : read_packetHeader ( src - > packets [ i ] . raw , tag , length ) ;
if ( tag = = PGPKeyParser : : PGP_PACKET_TAG_SIGNATURE )
to_add . insert ( src - > packets [ i ] ) ;
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-06-15 17:58:46 -04:00
else
std : : cerr < < " Packet with tag 0x " < < std : : hex < < ( int ) ( src - > packets [ i ] . raw [ 0 ] ) < < std : : dec < < " not merged, because it is not a signature. " < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-06-15 17:58:46 -04:00
}
for ( std : : set < ops_packet_t > : : const_iterator it ( to_add . begin ( ) ) ; it ! = to_add . end ( ) ; + + it )
{
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-06-15 17:58:46 -04:00
std : : cerr < < " Adding packet with tag 0x " < < std : : hex < < ( int ) ( * it ) . raw [ 0 ] < < std : : dec < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-06-15 17:58:46 -04:00
ops_add_packet_to_keydata ( dst , & * it ) ;
}
return to_add . size ( ) > 0 ;
}
2012-06-29 15:38:19 -04:00
bool PGPHandler : : privateTrustCertificate ( const PGPIdType & id , int trustlvl )
2012-06-20 17:59:04 -04:00
{
2012-06-29 15:38:19 -04:00
if ( trustlvl < 0 | | trustlvl > = 6 | | trustlvl = = 1 )
2012-06-20 17:59:04 -04:00
{
std : : cerr < < " Invalid trust level " < < trustlvl < < " passed to privateTrustCertificate. " < < std : : endl ;
2012-06-29 15:38:19 -04:00
return false ;
2012-06-20 17:59:04 -04:00
}
std : : map < std : : string , PGPCertificateInfo > : : iterator it = _public_keyring_map . find ( id . toStdString ( ) ) ;
if ( it = = _public_keyring_map . end ( ) )
{
std : : cerr < < " (EE) Key id " < < id . toStdString ( ) < < " not in the keyring. Can't setup trust level. " < < std : : endl ;
2012-06-29 15:38:19 -04:00
return false ;
2012-06-20 17:59:04 -04:00
}
2012-07-01 10:34:11 -04:00
if ( ( int ) it - > second . _validLvl ! = trustlvl )
2012-06-20 17:59:04 -04:00
_trustdb_changed = true ;
it - > second . _validLvl = trustlvl ;
2012-06-29 15:38:19 -04:00
return true ;
2012-06-20 17:59:04 -04:00
}
struct PrivateTrustPacket
{
unsigned char user_id [ KEY_ID_SIZE ] ; // pgp id in unsigned char format.
uint8_t trust_level ; // trust level. From 0 to 6.
uint32_t flags ; // not used yet, but who knows?
} ;
void PGPHandler : : locked_readPrivateTrustDatabase ( )
{
FILE * fdb = fopen ( _trustdb_path . c_str ( ) , " rb " ) ;
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-06-20 17:59:04 -04:00
std : : cerr < < " PGPHandler: Reading private trust database. " < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-06-20 17:59:04 -04:00
if ( fdb = = NULL )
{
std : : cerr < < " private trust database not found. No trust info loaded. " < < std : : endl ;
return ;
}
std : : map < std : : string , PGPCertificateInfo > : : iterator it ;
PrivateTrustPacket trustpacket ;
while ( fread ( ( void * ) & trustpacket , sizeof ( PrivateTrustPacket ) , 1 , fdb ) = = 1 )
{
it = _public_keyring_map . find ( PGPIdType ( trustpacket . user_id ) . toStdString ( ) ) ;
if ( it = = _public_keyring_map . end ( ) )
{
std : : cerr < < " (WW) Trust packet found for unknown key id " < < PGPIdType ( trustpacket . user_id ) . toStdString ( ) < < std : : endl ;
continue ;
}
if ( trustpacket . trust_level > 6 )
{
std : : cerr < < " (WW) Trust packet found with unexpected trust level " < < trustpacket . trust_level < < std : : endl ;
continue ;
}
it - > second . _validLvl = trustpacket . trust_level ;
}
fclose ( fdb ) ;
}
2012-06-29 15:38:19 -04:00
bool PGPHandler : : locked_writePrivateTrustDatabase ( )
2012-06-20 17:59:04 -04:00
{
FILE * fdb = fopen ( ( _trustdb_path + " .tmp " ) . c_str ( ) , " wb " ) ;
2012-06-29 15:38:19 -04:00
# ifdef DEBUG_PGPHANDLER
2012-06-20 17:59:04 -04:00
std : : cerr < < " PGPHandler: Reading private trust database. " < < std : : endl ;
2012-06-29 15:38:19 -04:00
# endif
2012-06-20 17:59:04 -04:00
if ( fdb = = NULL )
{
std : : cerr < < " (EE) Can't open private trust database file " < < _trustdb_path < < " for write. Giving up! " < < std : : endl ;
2012-06-29 15:38:19 -04:00
return false ;
2012-06-20 17:59:04 -04:00
}
PrivateTrustPacket trustpacket ;
for ( std : : map < std : : string , PGPCertificateInfo > : : iterator it = _public_keyring_map . begin ( ) ; it ! = _public_keyring_map . end ( ) ; + + it )
{
memcpy ( & trustpacket . user_id , PGPIdType ( it - > first ) . toByteArray ( ) , KEY_ID_SIZE ) ;
trustpacket . trust_level = it - > second . _validLvl ;
if ( fwrite ( ( void * ) & trustpacket , sizeof ( PrivateTrustPacket ) , 1 , fdb ) ! = 1 )
{
std : : cerr < < " (EE) Cannot write to trust database " < < _trustdb_path < < " . Disc full, or quota exceeded ? Leaving database untouched. " < < std : : endl ;
fclose ( fdb ) ;
2012-06-29 15:38:19 -04:00
return false ;
2012-06-20 17:59:04 -04:00
}
}
fclose ( fdb ) ;
if ( ! RsDirUtil : : renameFile ( _trustdb_path + " .tmp " , _trustdb_path ) )
2012-06-29 15:38:19 -04:00
{
2012-06-20 17:59:04 -04:00
std : : cerr < < " (EE) Cannot move temp file " < < _trustdb_path + " .tmp " < < " . Bad write permissions? " < < std : : endl ;
2012-06-29 15:38:19 -04:00
return false ;
}
else
return true ;
}
bool PGPHandler : : syncDatabase ( )
{
RsStackFileLock flck ( _pgp_lock_filename ) ; // lock access to PGP directory.
# ifdef DEBUG_PGPHANDLER
std : : cerr < < " Sync-ing keyrings. " < < std : : endl ;
# endif
locked_syncPublicKeyring ( ) ;
2012-07-01 17:40:44 -04:00
//locked_syncSecretKeyring() ;
2012-06-29 15:38:19 -04:00
// Now sync the trust database as well.
//
locked_syncTrustDatabase ( ) ;
# ifdef DEBUG_PGPHANDLER
std : : cerr < < " Done. " < < std : : endl ;
# endif
return true ;
2012-06-20 17:59:04 -04:00
}
2012-06-15 17:58:46 -04:00
2012-06-29 15:38:19 -04:00
bool PGPHandler : : locked_syncPublicKeyring ( )
{
struct stat64 buf ;
# ifdef WINDOWS_SYS
std : : wstring wfullname ;
librs : : util : : ConvertUtf8ToUtf16 ( _pubring_path , wfullname ) ;
if ( - 1 = = _wstati64 ( wfullname . c_str ( ) , & buf ) )
# else
2012-07-01 10:34:11 -04:00
if ( - 1 = = stat64 ( _pubring_path . c_str ( ) , & buf ) )
2012-06-29 15:38:19 -04:00
# endif
2012-07-01 10:34:11 -04:00
std : : cerr < < " PGPHandler::syncDatabase(): can't stat file " < < _pubring_path < < " . Can't sync public keyring. " < < std : : endl ;
2012-06-29 15:38:19 -04:00
if ( _pubring_last_update_time < buf . st_mtime )
{
std : : cerr < < " Detected change on disk of public keyring. Merging! " < < std : : endl ;
mergeKeyringFromDisk ( _pubring , _public_keyring_map , _pubring_path ) ;
_pubring_last_update_time = buf . st_mtime ;
}
// Now check if the pubring was locally modified, which needs saving it again
if ( _pubring_changed )
{
std : : cerr < < " Local changes in public keyring. Writing to disk... " < < std : : endl ;
if ( ! ops_write_keyring_to_file ( _pubring , ops_false , _pubring_path . c_str ( ) ) )
std : : cerr < < " Cannot write public keyring. Disk full? Disk quota exceeded? " < < std : : endl ;
else
{
std : : cerr < < " Done. " < < std : : endl ;
_pubring_last_update_time = time ( NULL ) ; // should we get this value from the disk instead??
_pubring_changed = false ;
}
}
return true ;
}
bool PGPHandler : : locked_syncTrustDatabase ( )
{
struct stat64 buf ;
std : : wstring wfullname ;
# ifdef WINDOWS_SYS
librs : : util : : ConvertUtf8ToUtf16 ( _trustdb_path , wfullname ) ;
if ( - 1 = = _wstati64 ( wfullname . c_str ( ) , & buf ) )
# else
if ( - 1 = = stat64 ( _trustdb_path . c_str ( ) , & buf ) )
# endif
{
std : : cerr < < " PGPHandler::syncDatabase(): can't stat file " < < _trustdb_path < < " . Will force write it. " < < std : : endl ;
_trustdb_changed = true ; // we force write of trust database if it does not exist.
}
if ( _trustdb_last_update_time < buf . st_mtime )
{
std : : cerr < < " Detected change on disk of trust database. " < < std : : endl ;
locked_readPrivateTrustDatabase ( ) ;
_trustdb_last_update_time = time ( NULL ) ;
}
if ( _trustdb_changed )
{
std : : cerr < < " Local changes in trust database. Writing to disk... " < < std : : endl ;
if ( ! locked_writePrivateTrustDatabase ( ) )
std : : cerr < < " Cannot write trust database. Disk full? Disk quota exceeded? " < < std : : endl ;
else
{
std : : cerr < < " Done. " < < std : : endl ;
_trustdb_last_update_time = time ( NULL ) ;
_trustdb_changed = false ;
}
}
return true ;
}
void PGPHandler : : mergeKeyringFromDisk ( ops_keyring_t * keyring ,
std : : map < std : : string , PGPCertificateInfo > & kmap ,
const std : : string & keyring_file )
{
# ifdef DEBUG_PGPHANDLER
std : : cerr < < " Merging keyring " < < keyring_file < < " from disk to memory. " < < std : : endl ;
# endif
// 1 - load keyring into a temporary keyring list.
ops_keyring_t * tmp_keyring = PGPHandler : : allocateOPSKeyring ( ) ;
if ( ops_false = = ops_keyring_read_from_file ( tmp_keyring , false , keyring_file . c_str ( ) ) )
{
std : : cerr < < " PGPHandler::mergeKeyringFromDisk(): cannot read keyring. File corrupted? " ;
ops_keyring_free ( tmp_keyring ) ;
return ;
}
// 2 - load new keys and merge existing key signatures
for ( int i = 0 ; i < tmp_keyring - > nkeys ; + + i )
addOrMergeKey ( keyring , kmap , & tmp_keyring - > keys [ i ] ) ; // we dont' account for the return value. This is disk merging, not local changes.
// 4 - clean
ops_keyring_free ( tmp_keyring ) ;
}