Switched p3distrib (forums) personal signatures from ssl to pgp.

* Changed calls from AuthSSL to AuthGPG and tested. looks like it works!
 * added extra connect addresses in p3connmgr (current[local/server]addr)
 * added mConnMgr->addFriend() call to pqissllistener to add unknown ssl certs.



git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@3253 b45a01b8-16f6-495d-af2f-9b41ad6348cc

libretroshare/src/pqi/authgpg.cc

@@ -762,15 +762,13 @@ bool AuthGPGimpl::DoOwnSignature(const void *data, unsigned int datalen, void *b
 		return false;
 	}
 
-#ifdef GPG_DEBUG
+	gpgme_sign_result_t res = gpgme_op_sign_result(CTX);
-	gpgme_sign_result_t res =
-#endif
-	gpgme_op_sign_result(CTX);
 
-#ifdef GPG_DEBUG
 	if (res)
 	{
+#ifdef GPG_DEBUG
 		fprintf(stderr, "Sign Got Result\n");
+#endif
 	}
 	else
 	{
@@ -780,6 +778,7 @@ bool AuthGPGimpl::DoOwnSignature(const void *data, unsigned int datalen, void *b
 	gpgme_invalid_key_t ik = res->invalid_signers;
 	gpgme_new_signature_t sg = res->signatures;
 
+#ifdef GPG_DEBUG
 	while(ik != NULL)
 	{
                 fprintf(stderr, "AuthGPGimpl::Sign, Invalid by: %s\n", ik->fpr);

libretroshare/src/pqi/authgpg.h

@@ -54,6 +54,8 @@
 
 const time_t STORE_KEY_TIMEOUT = 60; //store key is call around every 60sec
 
+#define MAX_GPG_SIGNATURE_SIZE  4096
+
 /*!
  * gpgcert is the identifier for a person.
  * It is a wrapper class for a GPGme OpenPGP certificate.
@@ -152,6 +154,7 @@ virtual std::string getGPGEmail(GPG_id pgp_id) = 0;
     /* PGP web of trust management */
 virtual std::string getGPGOwnId() = 0;
 virtual std::string getGPGOwnName() = 0;
+
 //virtual std::string getGPGOwnEmail() = 0;
 virtual bool	getGPGDetails(std::string id, RsPeerDetails &d) = 0;
 virtual bool	getGPGAllList(std::list<std::string> &ids) = 0;
@@ -269,6 +272,7 @@ virtual std::string getGPGEmail(GPG_id pgp_id);
     /* PGP web of trust management */
 virtual std::string getGPGOwnId();
 virtual std::string getGPGOwnName();
+
 //virtual std::string getGPGOwnEmail();
 virtual bool	getGPGDetails(std::string id, RsPeerDetails &d);
 virtual bool	getGPGAllList(std::list<std::string> &ids);

libretroshare/src/pqi/authgpgtest.cc

@@ -148,6 +148,7 @@ std::string AuthGPGtest::getGPGOwnName()
 	return "DUMMY_OWN_NAME";
 }
 
+
 #if 0
 std::string AuthGPGtest::getGPGOwnEmail()
 {

libretroshare/src/pqi/authgpgtest.h

@@ -87,6 +87,7 @@ virtual std::string getGPGEmail(GPG_id pgp_id);
     /* PGP web of trust management */
 virtual std::string getGPGOwnId();
 virtual std::string getGPGOwnName();
+
 //virtual std::string getGPGOwnEmail();
 virtual bool	getGPGDetails(std::string id, RsPeerDetails &d);
 virtual bool	getGPGAllList(std::list<std::string> &ids);

libretroshare/src/pqi/p3connmgr.cc

@@ -72,7 +72,6 @@ const uint32_t PEER_IP_CONNECT_STATE_MAX_LIST_SIZE =     	4;
  * #define CONN_DEBUG_TICK 1
  ***/
 
-
 /****
  * #define P3CONNMGR_NO_TCP_CONNECTIONS 1
  ***/
@@ -2360,6 +2359,42 @@ bool   p3ConnectMgr::retryConnectTCP(std::string id)
 	/* UDP automatically searches -> no need to push start */
 
 	// Just push all the addresses onto the stack.
+	/* try "current addresses" first */
+	if (isValidNet(&(it->second.currentlocaladdr.sin_addr)))
+	{
+#ifdef CONN_DEBUG
+		std::cerr << "Adding tcp connection attempt: ";
+		std::cerr << "Current Local Addr: " << inet_ntoa(it->second.currentlocaladdr.sin_addr);
+		std::cerr << ":" << ntohs(it->second.currentlocaladdr.sin_port);
+		std::cerr << std::endl;
+#endif
+		peerConnectAddress pca;
+		pca.addr = it->second.currentlocaladdr;
+		pca.type = RS_NET_CONN_TCP_LOCAL;
+		pca.delay = P3CONNMGR_TCP_DEFAULT_DELAY;
+		pca.ts = time(NULL);
+		pca.period = P3CONNMGR_TCP_DEFAULT_PERIOD;
+		it->second.connAddrs.push_back(pca);
+	}
+
+	if (isValidNet(&(it->second.currentserveraddr.sin_addr)))
+	{
+#ifdef CONN_DEBUG
+		std::cerr << "Adding tcp connection attempt: ";
+		std::cerr << "Current Ext Addr: " << inet_ntoa(it->second.currentserveraddr.sin_addr);
+		std::cerr << ":" << ntohs(it->second.currentserveraddr.sin_port);
+		std::cerr << std::endl;
+#endif
+		peerConnectAddress pca;
+		pca.addr = it->second.currentserveraddr;
+		pca.type = RS_NET_CONN_TCP_EXTERNAL;
+		pca.delay = P3CONNMGR_TCP_DEFAULT_DELAY;
+		pca.ts = time(NULL);
+		pca.period = P3CONNMGR_TCP_DEFAULT_PERIOD;
+		it->second.connAddrs.push_back(pca);
+	}
+
+	/* now try historical addresses */
 	/* try local addresses first */
 	std::list<pqiIpAddress>::iterator ait;
 	for(ait = it->second.ipAddrs.mLocal.mAddrs.begin(); 

libretroshare/src/pqi/pqissllistener.cc

@@ -687,8 +687,9 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem
 		AuthSSL::getAuthSSL()->CheckCertificate(newPeerId, peercert);
 
 		/* now need to get GPG id too */
-		//mConnMgr->addPeer(newPeerId);
+	        std::string pgpid = getX509CNString(peercert->cert_info->issuer);
-
+		mConnMgr->addFriend(newPeerId, pgpid);
+	
 		X509_free(peercert);
 		return -1;
 	}

libretroshare/src/services/p3distrib.cc

@@ -47,6 +47,8 @@
  * #define DISTRIB_DEBUG 1
  ****/
 
+//#define DISTRIB_DEBUG 1
+
 RSA *extractPublicKey(RsTlvSecurityKey &key);
 RSA *extractPrivateKey(RsTlvSecurityKey &key);
 void 	setRSAPublicKey(RsTlvSecurityKey &key, RSA *rsa_pub);
@@ -2193,15 +2195,12 @@ std::string	p3GroupDistrib::publishMsg(RsDistribMsg *msg, bool personalSign)
 
 		if (personalSign)
 		{
-			unsigned int siglen = EVP_PKEY_size(publishKey);
+			unsigned int siglen = MAX_GPG_SIGNATURE_SIZE;
-				unsigned char sigbuf[siglen];
+			unsigned char sigbuf[siglen];
-                                        if (AuthSSL::getAuthSSL()->SignDataBin(out_data, out_size, sigbuf, &siglen))
+                        if (AuthGPG::getAuthGPG()->SignDataBin(out_data, out_size, sigbuf, &siglen))
 			{
 				signedMsg->personalSignature.signData.setBinData(sigbuf, siglen);
-				signedMsg->personalSignature.keyId = AuthSSL::getAuthSSL()->OwnId();
+				signedMsg->personalSignature.keyId = AuthGPG::getAuthGPG()->getGPGOwnId();
-					
-				// Don't want to send our certificate everywhere.
-				//signedMsg->personalSignature.sslCert = AuthSSL::getAuthSSL()->SaveOwnCertificateToString();
 			}
 		}
 
@@ -3015,17 +3014,25 @@ bool 	p3GroupDistrib::locked_validateDistribSignedMsg(
                                 newMsg->personalSignature.signData.bin_len;
                 unsigned char *personalsigbuf = (unsigned char *)
                                 newMsg->personalSignature.signData.bin_data;
-                bool sslSign = AuthSSL::getAuthSSL()->VerifySignBin(
+
+		RsPeerDetails signerDetails;
+		std::string gpg_fpr;
+		if (AuthGPG::getAuthGPG()->getGPGDetails(newMsg->personalSignature.keyId, signerDetails))
+		{
+			gpg_fpr = signerDetails.fpr;
+		}
+
+                bool gpgSign = AuthGPG::getAuthGPG()->VerifySignBin(
                         newMsg->packet.bin_data, newMsg->packet.bin_len,
-                        personalsigbuf, personalsiglen, newMsg->personalSignature.keyId);
+                        personalsigbuf, personalsiglen, gpg_fpr);
-                if (sslSign) {
+                if (gpgSign) {
                     #ifdef DISTRIB_DEBUG
-                    std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Success for ssl signature." << std::endl;
+                    std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Success for gpg signature." << std::endl;
                     #endif
                     signOk = 1;
                 } else {
                     #ifdef DISTRIB_DEBUG
-                    std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail for ssl signature." << std::endl;
+                    std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Fail for gpg signature." << std::endl;
                     #endif
                     signOk = 0;
                 }