mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-04-11 18:29:16 -04:00
* Added partially completed authssl.cc, as we move towards openpgp authentication.
Once completed this will allow standard ssl authentication and provide the base for the openpgp authenticator, * Tweaks, and removed debug statements. git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@1140 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
drbob
parent
5466c447ae
commit
28df984148
@ -38,7 +38,7 @@ ifdef PQI_USE_XPGP
|
||||
TESTOBJ += xpgp_id.o
|
||||
TESTS += xpgp_id
|
||||
else
|
||||
#SSL_OBJ = sslcert.o
|
||||
SSL_OBJ = authssl.o
|
||||
endif
|
||||
|
||||
|
||||
|
||||
2135
libretroshare/src/pqi/authssl.cc
Normal file
2135
libretroshare/src/pqi/authssl.cc
Normal file
File diff suppressed because it is too large
Load Diff
@ -46,7 +46,30 @@
|
||||
#include "pqi/pqinetwork.h"
|
||||
#include "pqi/p3authmgr.h"
|
||||
|
||||
class AuthXPGP;
|
||||
class AuthSSL;
|
||||
|
||||
class sslcert
|
||||
{
|
||||
public:
|
||||
sslcert(X509 *x509, std::string id);
|
||||
|
||||
/* certificate parameters */
|
||||
std::string id;
|
||||
std::string name;
|
||||
std::string location;
|
||||
std::string org;
|
||||
std::string email;
|
||||
|
||||
std::string fpr;
|
||||
std::list<std::string> signers;
|
||||
|
||||
/* Auth settings */
|
||||
bool authed;
|
||||
|
||||
/* INTERNAL Parameters */
|
||||
X509 *certificate;
|
||||
};
|
||||
|
||||
|
||||
class AuthSSL: public p3AuthMgr
|
||||
{
|
||||
@ -75,6 +98,11 @@ virtual bool isValid(std::string id);
|
||||
virtual bool isAuthenticated(std::string id);
|
||||
virtual std::string getName(std::string id);
|
||||
virtual bool getDetails(std::string id, pqiAuthDetails &details);
|
||||
|
||||
/* first party trust info (dummy) */
|
||||
virtual bool isTrustingMe(std::string id) ;
|
||||
virtual void addTrustingPeer(std::string id) ;
|
||||
|
||||
|
||||
/* High Level Load/Save Configuration */
|
||||
virtual bool FinalSaveCertificates();
|
||||
@ -94,6 +122,8 @@ virtual bool SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *le
|
||||
/* Signatures */
|
||||
|
||||
virtual bool AuthCertificate(std::string uid);
|
||||
|
||||
/* These are dummy functions */
|
||||
virtual bool SignCertificate(std::string id);
|
||||
virtual bool RevokeCertificate(std::string id);
|
||||
virtual bool TrustCertificate(std::string id, bool trust);
|
||||
@ -101,6 +131,10 @@ virtual bool TrustCertificate(std::string id, bool trust);
|
||||
/* Sign / Encrypt / Verify Data (TODO) */
|
||||
virtual bool SignData(std::string input, std::string &sign);
|
||||
virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
|
||||
virtual bool SignDataBin(std::string, unsigned char*, unsigned int*);
|
||||
virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
|
||||
virtual bool VerifySignBin(std::string, const void*, uint32_t, unsigned char*, unsigned int);
|
||||
|
||||
|
||||
/*********** Overloaded Functions from p3AuthMgr **********/
|
||||
|
||||
@ -114,42 +148,39 @@ bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are e
|
||||
/* Special Config Loading (backwards compatibility) */
|
||||
bool loadCertificates(bool &oldFormat, std::map<std::string, std::string> &keyValueMap);
|
||||
|
||||
#if 0
|
||||
private:
|
||||
|
||||
/* Helper Functions */
|
||||
|
||||
bool ProcessXPGP(XPGP *xpgp, std::string &id);
|
||||
bool ProcessX509(X509 *x509, std::string &id);
|
||||
|
||||
XPGP * loadXPGPFromPEM(std::string pem);
|
||||
XPGP * loadXPGPFromFile(std::string fname, std::string hash);
|
||||
bool saveXPGPToFile(XPGP *xpgp, std::string fname, std::string &hash);
|
||||
X509 * loadX509FromPEM(std::string pem);
|
||||
X509 * loadX509FromFile(std::string fname, std::string hash);
|
||||
bool saveX509ToFile(X509 *x509, std::string fname, std::string &hash);
|
||||
|
||||
XPGP * loadXPGPFromDER(const uint8_t *ptr, uint32_t len);
|
||||
bool saveXPGPToDER(XPGP *xpgp, uint8_t **ptr, uint32_t *len);
|
||||
X509 * loadX509FromDER(const uint8_t *ptr, uint32_t len);
|
||||
bool saveX509ToDER(X509 *x509, uint8_t **ptr, uint32_t *len);
|
||||
|
||||
/*********** LOCKED Functions ******/
|
||||
bool locked_FindCert(std::string id, xpgpcert **cert);
|
||||
bool locked_FindCert(std::string id, sslcert **cert);
|
||||
|
||||
|
||||
/* Data */
|
||||
RsMutex xpgpMtx; /**** LOCKING */
|
||||
RsMutex sslMtx; /**** LOCKING */
|
||||
|
||||
int init;
|
||||
std::string mCertConfigFile;
|
||||
std::string mNeighDir;
|
||||
|
||||
SSL_CTX *sslctx;
|
||||
XPGP_KEYRING *pgp_keyring;
|
||||
|
||||
std::string mOwnId;
|
||||
xpgpcert *mOwnCert;
|
||||
sslcert *mOwnCert;
|
||||
EVP_PKEY *pkey;
|
||||
|
||||
bool mToSaveCerts;
|
||||
bool mConfigSaveActive;
|
||||
std::map<std::string, xpgpcert *> mCerts;
|
||||
#endif
|
||||
std::map<std::string, sslcert *> mCerts;
|
||||
|
||||
};
|
||||
|
||||
@ -169,8 +200,8 @@ std::string getXPGPAuthCode(XPGP *xpgp);
|
||||
|
||||
int LoadCheckXPGPandGetName(const char *cert_file,
|
||||
std::string &userName, std::string &userId);
|
||||
bool getXPGPid(XPGP *xpgp, std::string &xpgpid);
|
||||
#endif
|
||||
|
||||
bool getX509id(X509 *x509, std::string &xid);
|
||||
|
||||
#endif // MRK_SSL_XPGP_CERT_HEADER
|
||||
#endif // MRK_AUTH_SSL_HEADER
|
||||
|
||||
@ -59,11 +59,11 @@ xPGP_vfy.h:#define TRUST_SIGN_BAD -1
|
||||
**********/
|
||||
|
||||
// the single instance of this.
|
||||
static AuthXPGP instance_sslroot;
|
||||
static AuthXPGP instance_xpgproot;
|
||||
|
||||
p3AuthMgr *getAuthMgr()
|
||||
{
|
||||
return &instance_sslroot;
|
||||
return &instance_xpgproot;
|
||||
}
|
||||
|
||||
|
||||
|
||||
@ -27,7 +27,7 @@
|
||||
|
||||
|
||||
#include "pqi/pqisecurity.h"
|
||||
#include <stdlib.h> #malloc
|
||||
#include <stdlib.h> // malloc
|
||||
|
||||
|
||||
// Can keep the structure hidden....
|
||||
|
||||
@ -364,9 +364,9 @@ bool RsDiscSerialiser::serialiseReply(RsDiscReply *item, void *data, uint32_
|
||||
if (offset != tlvsize)
|
||||
{
|
||||
ok = false;
|
||||
//#ifdef RSSERIAL_DEBUG
|
||||
#ifdef RSSERIAL_DEBUG
|
||||
std::cerr << "RsDiscSerialiser::serialiseReply() Size Error! " << std::endl;
|
||||
//#endif
|
||||
#endif
|
||||
}
|
||||
|
||||
return ok;
|
||||
|
||||
@ -93,10 +93,10 @@ bool RsChatSerialiser::serialiseItem(RsChatItem *item, void *data, uint32_t
|
||||
|
||||
ok &= setRsItemHeader(data, tlvsize, item->PacketId(), tlvsize);
|
||||
|
||||
//#ifdef RSSERIAL_DEBUG
|
||||
#ifdef RSSERIAL_DEBUG
|
||||
std::cerr << "RsChatSerialiser::serialiseItem() Header: " << ok << std::endl;
|
||||
std::cerr << "RsChatSerialiser::serialiseItem() Size: " << tlvsize << std::endl;
|
||||
//#endif
|
||||
#endif
|
||||
|
||||
/* skip the header */
|
||||
offset += 8;
|
||||
@ -109,11 +109,13 @@ bool RsChatSerialiser::serialiseItem(RsChatItem *item, void *data, uint32_t
|
||||
if (offset != tlvsize)
|
||||
{
|
||||
ok = false;
|
||||
//#ifdef RSSERIAL_DEBUG
|
||||
#ifdef RSSERIAL_DEBUG
|
||||
std::cerr << "RsChatSerialiser::serialiseItem() Size Error! " << std::endl;
|
||||
//#endif
|
||||
#endif
|
||||
}
|
||||
#ifdef RSSERIAL_DEBUG
|
||||
std::cerr << "computed size: " << 256*((unsigned char*)data)[6]+((unsigned char*)data)[7] << std::endl ;
|
||||
#endif
|
||||
|
||||
return ok;
|
||||
}
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user