mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-29 17:36:19 -05:00
encrypt and decrypt ssl password
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@1550 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
128aa9ceda
commit
0a28f35eea
@ -1343,6 +1343,36 @@ bool GPGAuthMgr::getPGPAllList(std::list<std::string> &ids)
|
|||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
bool GPGAuthMgr::decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) {
|
||||||
|
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
|
||||||
|
|
||||||
|
if (GPG_ERR_NO_ERROR != gpgme_op_decrypt (CTX, CIPHER, PLAIN))
|
||||||
|
{
|
||||||
|
std::cerr << "Error decrypting text";
|
||||||
|
std::cerr << std::endl;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
bool GPGAuthMgr::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
|
||||||
|
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
|
||||||
|
|
||||||
|
gpgme_encrypt_flags_t* flags = new gpgme_encrypt_flags_t();
|
||||||
|
|
||||||
|
if (GPG_ERR_NO_ERROR != gpgme_op_encrypt(CTX, NULL, *flags, PLAIN, CIPHER))
|
||||||
|
{
|
||||||
|
std::cerr << "Error encrypting text";
|
||||||
|
std::cerr << std::endl;
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
bool GPGAuthMgr::getPGPAuthenticatedList(std::list<std::string> &ids)
|
bool GPGAuthMgr::getPGPAuthenticatedList(std::list<std::string> &ids)
|
||||||
{
|
{
|
||||||
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
|
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
|
||||||
|
@ -176,6 +176,8 @@ class GPGAuthMgr: public AuthSSL
|
|||||||
bool isPGPValid(std::string id);
|
bool isPGPValid(std::string id);
|
||||||
bool isPGPAuthenticated(std::string id);
|
bool isPGPAuthenticated(std::string id);
|
||||||
bool getPGPDetails(std::string id, pqiAuthDetails &details);
|
bool getPGPDetails(std::string id, pqiAuthDetails &details);
|
||||||
|
bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN);
|
||||||
|
bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER);
|
||||||
|
|
||||||
/*********************************************************************************/
|
/*********************************************************************************/
|
||||||
/************************* STAGE 4 ***********************************************/
|
/************************* STAGE 4 ***********************************************/
|
||||||
|
@ -29,6 +29,7 @@
|
|||||||
#include <list>
|
#include <list>
|
||||||
#include <map>
|
#include <map>
|
||||||
#include <string>
|
#include <string>
|
||||||
|
#include <gpgme.h>
|
||||||
|
|
||||||
/************** GENERIC AUTHENTICATION MANAGER ***********
|
/************** GENERIC AUTHENTICATION MANAGER ***********
|
||||||
* Provides a common interface for certificates.
|
* Provides a common interface for certificates.
|
||||||
@ -111,8 +112,9 @@ virtual void addTrustingPeer(std::string id) = 0;
|
|||||||
|
|
||||||
/* Extra Fns for PGP, call std versions if not overloaded */
|
/* Extra Fns for PGP, call std versions if not overloaded */
|
||||||
virtual std::string PGPOwnId() { return OwnId(); }
|
virtual std::string PGPOwnId() { return OwnId(); }
|
||||||
virtual bool getPGPAllList(std::list<std::string> &ids) { return getAllList(ids); };
|
virtual bool getPGPAllList(std::list<std::string> &ids) { return getAllList(ids); }
|
||||||
|
virtual bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) { return 0; }
|
||||||
|
virtual bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) { return 0; }
|
||||||
/* Load/Save certificates */
|
/* Load/Save certificates */
|
||||||
|
|
||||||
virtual bool LoadCertificateFromString(std::string pem, std::string &id) = 0;
|
virtual bool LoadCertificateFromString(std::string pem, std::string &id) = 0;
|
||||||
|
@ -97,7 +97,9 @@ class RsInitConfig
|
|||||||
static std::string configDir;
|
static std::string configDir;
|
||||||
static std::string load_cert;
|
static std::string load_cert;
|
||||||
static std::string load_key;
|
static std::string load_key;
|
||||||
static std::string passwd;
|
static std::string ssl_passphrase_file;
|
||||||
|
|
||||||
|
static std::string passwd;
|
||||||
|
|
||||||
static bool havePasswd; /* for Commandline password */
|
static bool havePasswd; /* for Commandline password */
|
||||||
static bool autoLogin; /* autoLogin allowed */
|
static bool autoLogin; /* autoLogin allowed */
|
||||||
@ -145,6 +147,8 @@ std::string RsInitConfig::preferedId;
|
|||||||
std::string RsInitConfig::configDir;
|
std::string RsInitConfig::configDir;
|
||||||
std::string RsInitConfig::load_cert;
|
std::string RsInitConfig::load_cert;
|
||||||
std::string RsInitConfig::load_key;
|
std::string RsInitConfig::load_key;
|
||||||
|
std::string RsInitConfig::ssl_passphrase_file;
|
||||||
|
|
||||||
std::string RsInitConfig::passwd;
|
std::string RsInitConfig::passwd;
|
||||||
//std::string RsInitConfig::gpgPasswd;
|
//std::string RsInitConfig::gpgPasswd;
|
||||||
|
|
||||||
@ -1230,7 +1234,8 @@ bool RsInit::LoadPassword(std::string id, std::string inPwd)
|
|||||||
// Create the filename.
|
// Create the filename.
|
||||||
std::string basename = RsInitConfig::configDir + RsInitConfig::dirSeperator;
|
std::string basename = RsInitConfig::configDir + RsInitConfig::dirSeperator;
|
||||||
basename += configKeyDir + RsInitConfig::dirSeperator;
|
basename += configKeyDir + RsInitConfig::dirSeperator;
|
||||||
basename += "user";
|
RsInitConfig::ssl_passphrase_file = basename + "ssl_passphrase.pgp";
|
||||||
|
basename += "user";
|
||||||
|
|
||||||
RsInitConfig::load_key = basename + "_pk.pem";
|
RsInitConfig::load_key = basename + "_pk.pem";
|
||||||
RsInitConfig::load_cert = basename + "_cert.pem";
|
RsInitConfig::load_cert = basename + "_cert.pem";
|
||||||
@ -1260,12 +1265,6 @@ int RsInit::LoadCertificates(bool autoLoginNT)
|
|||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
if ((!RsInitConfig::havePasswd) || (RsInitConfig::passwd == ""))
|
|
||||||
{
|
|
||||||
std::cerr << "RetroShare needs a Password" << std::endl;
|
|
||||||
return 0;
|
|
||||||
}
|
|
||||||
|
|
||||||
//std::string ca_loc = RsInitConfig::basedir + RsInitConfig::dirSeperator;
|
//std::string ca_loc = RsInitConfig::basedir + RsInitConfig::dirSeperator;
|
||||||
//ca_loc += configCaFile;
|
//ca_loc += configCaFile;
|
||||||
|
|
||||||
@ -1296,7 +1295,57 @@ int RsInit::LoadCertificates(bool autoLoginNT)
|
|||||||
#else /* X509 Certificates */
|
#else /* X509 Certificates */
|
||||||
/**************** PQI_USE_XPGP ******************/
|
/**************** PQI_USE_XPGP ******************/
|
||||||
/* The SSL / SSL + PGP version requires, SSL init + PGP init. */
|
/* The SSL / SSL + PGP version requires, SSL init + PGP init. */
|
||||||
if (0 < authMgr -> InitAuth(RsInitConfig::load_cert.c_str(), RsInitConfig::load_key.c_str(),RsInitConfig::passwd.c_str()))
|
const char* sslPassword;
|
||||||
|
sslPassword = RsInitConfig::passwd.c_str();
|
||||||
|
//check if password is already in memory
|
||||||
|
if ((RsInitConfig::havePasswd) && (RsInitConfig::passwd != ""))
|
||||||
|
{
|
||||||
|
std::cerr << "RetroShare have a ssl Password" << std::endl;
|
||||||
|
sslPassword = RsInitConfig::passwd.c_str();
|
||||||
|
|
||||||
|
std::cerr << "let's store the ssl Password into a pgp ecrypted file" << std::endl;
|
||||||
|
FILE *sslPassphraseFile = fopen(RsInitConfig::ssl_passphrase_file.c_str(), "w");
|
||||||
|
std::cerr << "opening sslPassphraseFile. : " << RsInitConfig::ssl_passphrase_file.c_str() << std::endl;
|
||||||
|
gpgme_data_t cipher;
|
||||||
|
gpgme_data_t plain;
|
||||||
|
gpgme_data_new_from_mem(&plain, sslPassword, sizeof(sslPassword), 0);
|
||||||
|
gpgme_error_t error_reading_file = gpgme_data_new_from_stream (&cipher, sslPassphraseFile);
|
||||||
|
if (0 < authMgr->encryptText(plain, cipher)) {
|
||||||
|
std::cerr << "Encrypting went ok !" << std::endl;
|
||||||
|
}
|
||||||
|
gpgme_data_release (cipher);
|
||||||
|
gpgme_data_release (plain);
|
||||||
|
fclose(sslPassphraseFile);
|
||||||
|
std::cerr << "sslPassword : " << sslPassword << std::endl;
|
||||||
|
|
||||||
|
} else {
|
||||||
|
//let's read the password from an encrypted file
|
||||||
|
//let's check if there's a ssl_passpharese_file that we can decrypt with PGP
|
||||||
|
FILE *sslPassphraseFile = fopen(RsInitConfig::ssl_passphrase_file.c_str(), "r");
|
||||||
|
if (sslPassphraseFile == NULL)
|
||||||
|
{
|
||||||
|
std::cerr << "No password povided, and no sslPassphraseFile." << std::endl;
|
||||||
|
return 0;
|
||||||
|
} else {
|
||||||
|
std::cerr << "opening sslPassphraseFile." << std::endl;
|
||||||
|
gpgme_data_t cipher;
|
||||||
|
gpgme_data_t plain;
|
||||||
|
gpgme_data_new (&plain);
|
||||||
|
gpgme_error_t error_reading_file = gpgme_data_new_from_stream (&cipher, sslPassphraseFile);
|
||||||
|
if (0 < authMgr->decryptText(cipher, plain)) {
|
||||||
|
std::cerr << "Decrypting went ok !" << std::endl;
|
||||||
|
sslPassword = gpgme_data_release_and_get_mem(plain, NULL);
|
||||||
|
} else {
|
||||||
|
gpgme_data_release (plain);
|
||||||
|
std::cerr << "Error : decrypting went wrong !" << std::endl;
|
||||||
|
}
|
||||||
|
gpgme_data_release (cipher);
|
||||||
|
fclose(sslPassphraseFile);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
std::cerr << "RsInitConfig::load_key.c_str() : " << RsInitConfig::load_key.c_str() << std::endl;
|
||||||
|
if (0 < authMgr -> InitAuth(RsInitConfig::load_cert.c_str(), RsInitConfig::load_key.c_str(), sslPassword))
|
||||||
{
|
{
|
||||||
ok = true;
|
ok = true;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user