mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-30 18:06:18 -05:00
First stage in abstracting GXS identities usage cases (half done)
This commit is contained in:
parent
f8ac391a28
commit
17fc89e3c0
@ -220,7 +220,7 @@ bool DistributedChatService::checkSignature(RsChatLobbyBouncingObject *obj,const
|
|||||||
|
|
||||||
// network pre-request key to allow message authentication.
|
// network pre-request key to allow message authentication.
|
||||||
|
|
||||||
mGixs->requestKey(obj->signature.keyId,peer_list,"Needed for chat lobby "+RsUtil::NumberToString(obj->lobby_id,true));
|
mGixs->requestKey(obj->signature.keyId,peer_list,RsIdentityUsage(RS_SERVICE_TYPE_CHAT,RsIdentityUsage::CHAT_LOBBY_MSG_VALIDATION,RsGxsGroupId(),RsGxsMessageId(),obj->lobby_id));
|
||||||
|
|
||||||
uint32_t size = obj->signed_serial_size() ;
|
uint32_t size = obj->signed_serial_size() ;
|
||||||
RsTemporaryMemory memory(size) ;
|
RsTemporaryMemory memory(size) ;
|
||||||
|
@ -472,7 +472,7 @@ int RsGenExchange::createGroupSignatures(RsTlvKeySignatureSet& signSet, RsTlvBin
|
|||||||
if(GxsSecurity::getSignature((char*)grpData.bin_data, grpData.bin_len, authorKey, sign))
|
if(GxsSecurity::getSignature((char*)grpData.bin_data, grpData.bin_len, authorKey, sign))
|
||||||
{
|
{
|
||||||
id_ret = SIGN_SUCCESS;
|
id_ret = SIGN_SUCCESS;
|
||||||
mGixs->timeStampKey(grpMeta.mAuthorId,"Creation of group author signature for GrpId" + grpMeta.mGroupId.toStdString()) ;
|
mGixs->timeStampKey(grpMeta.mAuthorId,RsIdentityUsage(mServType,RsIdentityUsage::GROUP_AUTHOR_SIGNATURE_CREATION,grpMeta.mGroupId)) ;
|
||||||
signSet.keySignSet[INDEX_AUTHEN_IDENTITY] = sign;
|
signSet.keySignSet[INDEX_AUTHEN_IDENTITY] = sign;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -640,7 +640,7 @@ int RsGenExchange::createMsgSignatures(RsTlvKeySignatureSet& signSet, RsTlvBinar
|
|||||||
if(GxsSecurity::getSignature((char*)msgData.bin_data, msgData.bin_len, authorKey, sign))
|
if(GxsSecurity::getSignature((char*)msgData.bin_data, msgData.bin_len, authorKey, sign))
|
||||||
{
|
{
|
||||||
id_ret = SIGN_SUCCESS;
|
id_ret = SIGN_SUCCESS;
|
||||||
mGixs->timeStampKey(msgMeta.mAuthorId,"Creating author signature in group " + msgMeta.mGroupId.toStdString() + ", msg " + msgMeta.mMsgId.toStdString()) ;
|
mGixs->timeStampKey(msgMeta.mAuthorId,RsIdentityUsage(mServType,RsIdentityUsage::MESSAGE_AUTHOR_SIGNATURE_CREATION,msgMeta.mGroupId,msgMeta.mMsgId)) ;
|
||||||
signSet.keySignSet[INDEX_AUTHEN_IDENTITY] = sign;
|
signSet.keySignSet[INDEX_AUTHEN_IDENTITY] = sign;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
@ -857,7 +857,7 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
|
|||||||
{
|
{
|
||||||
RsTlvKeySignature sign = metaData.signSet.keySignSet[INDEX_AUTHEN_IDENTITY];
|
RsTlvKeySignature sign = metaData.signSet.keySignSet[INDEX_AUTHEN_IDENTITY];
|
||||||
idValidate &= GxsSecurity::validateNxsMsg(*msg, sign, authorKey);
|
idValidate &= GxsSecurity::validateNxsMsg(*msg, sign, authorKey);
|
||||||
mGixs->timeStampKey(metaData.mAuthorId,"Validation of author signature, service: " + rsServiceControl->getServiceName(serviceFullType()) + ". Grp="+metaData.mGroupId.toStdString()+", msg="+metaData.mMsgId.toStdString()) ;
|
mGixs->timeStampKey(metaData.mAuthorId,RsIdentityUsage(mServType,RsIdentityUsage::MESSAGE_AUTHOR_SIGNATURE_VALIDATION,metaData.mGroupId,metaData.mMsgId)) ;
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -981,7 +981,7 @@ int RsGenExchange::validateGrp(RsNxsGrp* grp)
|
|||||||
#ifdef GEN_EXCH_DEBUG
|
#ifdef GEN_EXCH_DEBUG
|
||||||
std::cerr << " key ID validation result: " << idValidate << std::endl;
|
std::cerr << " key ID validation result: " << idValidate << std::endl;
|
||||||
#endif
|
#endif
|
||||||
mGixs->timeStampKey(metaData.mAuthorId,"Group author signature validation. GrpId=" + metaData.mGroupId.toStdString()) ;
|
mGixs->timeStampKey(metaData.mAuthorId,RsIdentityUsage(mServType,RsIdentityUsage::GROUP_AUTHOR_SIGNATURE_VALIDATION,metaData.mGroupId));
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
@ -3132,7 +3132,8 @@ bool RsGenExchange::updateValid(RsGxsGrpMetaData& oldGrpMeta, RsNxsGrp& newGrp)
|
|||||||
// also check this is the latest published group
|
// also check this is the latest published group
|
||||||
bool latest = newGrp.metaData->mPublishTs > oldGrpMeta.mPublishTs;
|
bool latest = newGrp.metaData->mPublishTs > oldGrpMeta.mPublishTs;
|
||||||
|
|
||||||
mGixs->timeStampKey(newGrp.metaData->mAuthorId,"Validation of signature for updated grp " + oldGrpMeta.mGroupId.toStdString()) ;
|
mGixs->timeStampKey(newGrp.metaData->mAuthorId, RsIdentityUsage(mServType,RsIdentityUsage::GROUP_ADMIN_SIGNATURE_CREATION, oldGrpMeta.mGroupId)) ;
|
||||||
|
|
||||||
return GxsSecurity::validateNxsGrp(newGrp, adminSign, keyMit->second) && latest;
|
return GxsSecurity::validateNxsGrp(newGrp, adminSign, keyMit->second) && latest;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -125,7 +125,7 @@ public:
|
|||||||
virtual bool getOwnIds(std::list<RsGxsId>& ids) = 0;
|
virtual bool getOwnIds(std::list<RsGxsId>& ids) = 0;
|
||||||
virtual bool isOwnId(const RsGxsId& key_id) = 0 ;
|
virtual bool isOwnId(const RsGxsId& key_id) = 0 ;
|
||||||
|
|
||||||
virtual void timeStampKey(const RsGxsId& key_id,const std::string& reason) = 0 ;
|
virtual void timeStampKey(const RsGxsId& key_id,const RsIdentityUsage& reason) = 0 ;
|
||||||
|
|
||||||
// Key related interface - used for validating msgs and groups.
|
// Key related interface - used for validating msgs and groups.
|
||||||
/*!
|
/*!
|
||||||
@ -149,7 +149,7 @@ public:
|
|||||||
* @param keyref the KeyRef of the key being requested
|
* @param keyref the KeyRef of the key being requested
|
||||||
* @return will
|
* @return will
|
||||||
*/
|
*/
|
||||||
virtual bool requestKey(const RsGxsId &id, const std::list<RsPeerId> &peers,const std::string& info) = 0;
|
virtual bool requestKey(const RsGxsId &id, const std::list<RsPeerId> &peers,const RsIdentityUsage& info) = 0;
|
||||||
virtual bool requestPrivateKey(const RsGxsId &id) = 0;
|
virtual bool requestPrivateKey(const RsGxsId &id) = 0;
|
||||||
|
|
||||||
|
|
||||||
|
@ -139,7 +139,7 @@ bool RsGxsIntegrityCheck::check()
|
|||||||
GxsMsgReq msgIds;
|
GxsMsgReq msgIds;
|
||||||
GxsMsgReq grps;
|
GxsMsgReq grps;
|
||||||
|
|
||||||
std::map<RsGxsId,RsGxsGroupId> used_gxs_ids ;
|
std::map<RsGxsId,RsIdentityUsage> used_gxs_ids ;
|
||||||
std::set<RsGxsGroupId> subscribed_groups ;
|
std::set<RsGxsGroupId> subscribed_groups ;
|
||||||
|
|
||||||
// compute hash and compare to stored value, if it fails then simply add it
|
// compute hash and compare to stored value, if it fails then simply add it
|
||||||
@ -172,7 +172,7 @@ bool RsGxsIntegrityCheck::check()
|
|||||||
#endif
|
#endif
|
||||||
|
|
||||||
if(rsIdentity!=NULL && rsIdentity->overallReputationLevel(grp->metaData->mAuthorId) > RsReputations::REPUTATION_LOCALLY_NEGATIVE)
|
if(rsIdentity!=NULL && rsIdentity->overallReputationLevel(grp->metaData->mAuthorId) > RsReputations::REPUTATION_LOCALLY_NEGATIVE)
|
||||||
used_gxs_ids.insert(std::make_pair(grp->metaData->mAuthorId,grp->grpId)) ;
|
used_gxs_ids.insert(std::make_pair(grp->metaData->mAuthorId,RsIdentityUsage(mGenExchangeClient->serviceType(),RsIdentityUsage::GROUP_AUTHOR_KEEP_ALIVE,grp->grpId))) ;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
@ -270,7 +270,7 @@ bool RsGxsIntegrityCheck::check()
|
|||||||
GXSUTIL_DEBUG() << "TimeStamping message authors' key ID " << msg->metaData->mAuthorId << " in message " << msg->msgId << ", group ID " << msg->grpId<< std::endl;
|
GXSUTIL_DEBUG() << "TimeStamping message authors' key ID " << msg->metaData->mAuthorId << " in message " << msg->msgId << ", group ID " << msg->grpId<< std::endl;
|
||||||
#endif
|
#endif
|
||||||
if(rsIdentity!=NULL && rsIdentity->overallReputationLevel(msg->metaData->mAuthorId) > RsReputations::REPUTATION_LOCALLY_NEGATIVE)
|
if(rsIdentity!=NULL && rsIdentity->overallReputationLevel(msg->metaData->mAuthorId) > RsReputations::REPUTATION_LOCALLY_NEGATIVE)
|
||||||
used_gxs_ids.insert(std::make_pair(msg->metaData->mAuthorId,msg->metaData->mGroupId)) ;
|
used_gxs_ids.insert(std::make_pair(msg->metaData->mAuthorId,std::make_pair(msg->metaData->mGroupId,msg->metaData->mMsgId))) ;
|
||||||
}
|
}
|
||||||
|
|
||||||
delete msg;
|
delete msg;
|
||||||
@ -297,9 +297,9 @@ bool RsGxsIntegrityCheck::check()
|
|||||||
std::list<RsPeerId> connected_friends ;
|
std::list<RsPeerId> connected_friends ;
|
||||||
rsPeers->getOnlineList(connected_friends) ;
|
rsPeers->getOnlineList(connected_friends) ;
|
||||||
|
|
||||||
std::vector<std::pair<RsGxsId,RsGxsGroupId> > gxs_ids ;
|
std::vector<std::pair<RsGxsId,RsIdentityUsage> > gxs_ids ;
|
||||||
|
|
||||||
for(std::map<RsGxsId,RsGxsGroupId>::const_iterator it(used_gxs_ids.begin());it!=used_gxs_ids.end();++it)
|
for(std::map<RsGxsId,RsIdentityUsage>::const_iterator it(used_gxs_ids.begin());it!=used_gxs_ids.end();++it)
|
||||||
{
|
{
|
||||||
gxs_ids.push_back(*it) ;
|
gxs_ids.push_back(*it) ;
|
||||||
#ifdef DEBUG_GXSUTIL
|
#ifdef DEBUG_GXSUTIL
|
||||||
@ -323,7 +323,7 @@ bool RsGxsIntegrityCheck::check()
|
|||||||
|
|
||||||
if(!mGixs->haveKey(gxs_ids[n].first)) // checks if we have it already in the cache (conservative way to ensure that we atually have it)
|
if(!mGixs->haveKey(gxs_ids[n].first)) // checks if we have it already in the cache (conservative way to ensure that we atually have it)
|
||||||
{
|
{
|
||||||
mGixs->requestKey(gxs_ids[n].first,connected_friends,"Author in service \"" + rsServiceControl->getServiceName(mGenExchangeClient->serviceFullType())+"\" (group ID " + gxs_ids[n].second.toStdString() + ")" ) ;
|
mGixs->requestKey(gxs_ids[n].first,connected_friends,gxs_ids[n].second);
|
||||||
|
|
||||||
++nb_requested_not_in_cache ;
|
++nb_requested_not_in_cache ;
|
||||||
#ifdef DEBUG_GXSUTIL
|
#ifdef DEBUG_GXSUTIL
|
||||||
@ -336,7 +336,7 @@ bool RsGxsIntegrityCheck::check()
|
|||||||
GXSUTIL_DEBUG() << " ... already in cache" << std::endl;
|
GXSUTIL_DEBUG() << " ... already in cache" << std::endl;
|
||||||
#endif
|
#endif
|
||||||
}
|
}
|
||||||
mGixs->timeStampKey(gxs_ids[n].first,"Author in service \"" + rsServiceControl->getServiceName(mGenExchangeClient->serviceFullType())+"\" (group ID " + gxs_ids[n].second.toStdString() + ")");
|
mGixs->timeStampKey(gxs_ids[n].first,gxs_ids[n].second);
|
||||||
|
|
||||||
gxs_ids[n] = gxs_ids[gxs_ids.size()-1] ;
|
gxs_ids[n] = gxs_ids[gxs_ids.size()-1] ;
|
||||||
gxs_ids.pop_back() ;
|
gxs_ids.pop_back() ;
|
||||||
|
@ -212,6 +212,34 @@ class RsIdentityParameters
|
|||||||
RsGxsImage mImage ;
|
RsGxsImage mImage ;
|
||||||
};
|
};
|
||||||
|
|
||||||
|
class RsIdentityUsage
|
||||||
|
{
|
||||||
|
public:
|
||||||
|
enum UsageCode { UNKNOWN_USAGE = 0x00,
|
||||||
|
GROUP_ADMIN_SIGNATURE_CREATION = 0x01, // These 2 are normally not normal GXS identities, but nothing prevents it to happen either.
|
||||||
|
GROUP_ADMIN_SIGNATURE_VALIDATION = 0x02,
|
||||||
|
GROUP_AUTHOR_SIGNATURE_CREATION = 0x03, // not typically used, since most services do not require group author signatures
|
||||||
|
GROUP_AUTHOR_SIGNATURE_VALIDATION = 0x04,
|
||||||
|
MESSAGE_AUTHOR_SIGNATURE_CREATION = 0x05, // most common use case. Messages are signed by authors in e.g. forums.
|
||||||
|
MESSAGE_AUTHOR_SIGNATURE_VALIDATION = 0x06,
|
||||||
|
GROUP_AUTHOR_KEEP_ALIVE = 0x07, // Identities are stamped regularly by crawlign the set of messages for all groups. That helps keepign the useful identities in hand.
|
||||||
|
MESSAGE_AUTHOR_KEEP_ALIVE = 0x08, // Identities are stamped regularly by crawlign the set of messages for all groups. That helps keepign the useful identities in hand.
|
||||||
|
CHAT_LOBBY_MSG_VALIDATION = 0x09 // Chat lobby msgs are signed, so each time one comes, or a chat lobby event comes, a signature verificaiton happens.
|
||||||
|
} ;
|
||||||
|
|
||||||
|
RsIdentityUsage(uint16_t service,const RsIdentityUsage::UsageCode& code,const RsGxsGroupId& gid,const RsGxsMessageId& mid=RsGxsMessageId(),uint64_t additional_id=0,const std::string& comment = std::string())
|
||||||
|
: mServiceId(service), mUsageCode(code), mGrpId(gid), mMsgId(mid),mAdditionalId(additional_id),mComment(comment) {}
|
||||||
|
|
||||||
|
uint16_t mServiceId; // Id of the service using that identity
|
||||||
|
UsageCode mUsageCode; // Specific code to use. Will allow forming the correct translated message in the GUI if necessary.
|
||||||
|
RsGxsGroupId mGrpId; // Group ID using the identity
|
||||||
|
|
||||||
|
RsGxsMessageId mMsgId; // Message ID using the identity
|
||||||
|
uint64_t mAdditionalId; // Some additional ID. Can be used for e.g. chat lobbies.
|
||||||
|
std::string mComment ; // additional comment to be used mainly for debugging, but not GUI display
|
||||||
|
};
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
class RsIdentity: public RsGxsIfaceHelper
|
class RsIdentity: public RsGxsIfaceHelper
|
||||||
{
|
{
|
||||||
|
@ -263,14 +263,16 @@ time_t p3IdService::locked_getLastUsageTS(const RsGxsId& gxs_id)
|
|||||||
else
|
else
|
||||||
return it->second.TS ;
|
return it->second.TS ;
|
||||||
}
|
}
|
||||||
void p3IdService::timeStampKey(const RsGxsId& gxs_id, const std::string& reason)
|
void p3IdService::timeStampKey(const RsGxsId& gxs_id, const RsIdentityUsage& reason)
|
||||||
{
|
{
|
||||||
if(rsReputations->isIdentityBanned(gxs_id) )
|
if(rsReputations->isIdentityBanned(gxs_id) )
|
||||||
{
|
{
|
||||||
std::cerr << "(II) p3IdService:timeStampKey(): refusing to time stamp key " << gxs_id << " because it is banned." << std::endl;
|
std::cerr << "(II) p3IdService:timeStampKey(): refusing to time stamp key " << gxs_id << " because it is banned." << std::endl;
|
||||||
return ;
|
return ;
|
||||||
}
|
}
|
||||||
|
#ifdef DEBUG_IDS
|
||||||
std::cerr << "(II) time stamping key " << gxs_id << " for the following reason: " << reason << std::endl;
|
std::cerr << "(II) time stamping key " << gxs_id << " for the following reason: " << reason << std::endl;
|
||||||
|
#endif
|
||||||
|
|
||||||
RS_STACK_MUTEX(mIdMtx) ;
|
RS_STACK_MUTEX(mIdMtx) ;
|
||||||
|
|
||||||
@ -786,7 +788,7 @@ static void mergeIds(std::map<RsGxsId,std::list<RsPeerId> >& idmap,const RsGxsId
|
|||||||
old_peers.push_back(*it) ;
|
old_peers.push_back(*it) ;
|
||||||
}
|
}
|
||||||
|
|
||||||
bool p3IdService::requestKey(const RsGxsId &id, const std::list<RsPeerId>& peers,const std::string& info)
|
bool p3IdService::requestKey(const RsGxsId &id, const std::list<RsPeerId>& peers,const RsIdentityUsage& info)
|
||||||
{
|
{
|
||||||
if(id.isNull())
|
if(id.isNull())
|
||||||
{
|
{
|
||||||
@ -2262,6 +2264,9 @@ bool p3IdService::cache_load_for_token(uint32_t token)
|
|||||||
for(std::map<RsGxsId,std::list<RsPeerId> >::const_iterator itt(mPendingCache.begin());itt!=mPendingCache.end();++itt)
|
for(std::map<RsGxsId,std::list<RsPeerId> >::const_iterator itt(mPendingCache.begin());itt!=mPendingCache.end();++itt)
|
||||||
if(!itt->second.empty())
|
if(!itt->second.empty())
|
||||||
mergeIds(mIdsNotPresent,itt->first,itt->second) ;
|
mergeIds(mIdsNotPresent,itt->first,itt->second) ;
|
||||||
|
else
|
||||||
|
std::cerr << "(WW) empty list of peers to request ID " << itt->first << ": cannot request" << std::endl;
|
||||||
|
|
||||||
|
|
||||||
mPendingCache.clear();
|
mPendingCache.clear();
|
||||||
|
|
||||||
|
@ -212,7 +212,6 @@ private:
|
|||||||
void init(const RsGxsIdGroupItem *item, const RsTlvPublicRSAKey& in_pub_key, const RsTlvPrivateRSAKey& in_priv_key,const std::list<RsRecognTag> &tagList);
|
void init(const RsGxsIdGroupItem *item, const RsTlvPublicRSAKey& in_pub_key, const RsTlvPrivateRSAKey& in_priv_key,const std::list<RsRecognTag> &tagList);
|
||||||
};
|
};
|
||||||
|
|
||||||
|
|
||||||
// Not sure exactly what should be inherited here?
|
// Not sure exactly what should be inherited here?
|
||||||
// Chris - please correct as necessary.
|
// Chris - please correct as necessary.
|
||||||
|
|
||||||
@ -298,7 +297,7 @@ public:
|
|||||||
virtual bool getKey(const RsGxsId &id, RsTlvPublicRSAKey &key);
|
virtual bool getKey(const RsGxsId &id, RsTlvPublicRSAKey &key);
|
||||||
virtual bool getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey &key);
|
virtual bool getPrivateKey(const RsGxsId &id, RsTlvPrivateRSAKey &key);
|
||||||
|
|
||||||
virtual bool requestKey(const RsGxsId &id, const std::list<RsPeerId> &peers, const std::string &info);
|
virtual bool requestKey(const RsGxsId &id, const std::list<RsPeerId> &peers, const RsIdentityUsage &info);
|
||||||
virtual bool requestPrivateKey(const RsGxsId &id);
|
virtual bool requestPrivateKey(const RsGxsId &id);
|
||||||
|
|
||||||
|
|
||||||
@ -467,7 +466,7 @@ private:
|
|||||||
void cleanUnusedKeys() ;
|
void cleanUnusedKeys() ;
|
||||||
void slowIndicateConfigChanged() ;
|
void slowIndicateConfigChanged() ;
|
||||||
|
|
||||||
virtual void timeStampKey(const RsGxsId& id,const std::string& reason) ;
|
virtual void timeStampKey(const RsGxsId& id, const RsIdentityUsage& reason) ;
|
||||||
time_t locked_getLastUsageTS(const RsGxsId& gxs_id);
|
time_t locked_getLastUsageTS(const RsGxsId& gxs_id);
|
||||||
|
|
||||||
std::string genRandomId(int len = 20);
|
std::string genRandomId(int len = 20);
|
||||||
@ -512,7 +511,7 @@ private:
|
|||||||
keyTSInfo() : TS(0) {}
|
keyTSInfo() : TS(0) {}
|
||||||
|
|
||||||
time_t TS ;
|
time_t TS ;
|
||||||
std::map<std::string,time_t> usage_map ;
|
std::map<RsIdentityUsage,time_t> usage_map ;
|
||||||
};
|
};
|
||||||
friend class IdCacheEntryCleaner;
|
friend class IdCacheEntryCleaner;
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user