Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2024-10-01 02:35:48 -04:00
Code Issues Actions Packages Projects Releases Wiki Activity

don't store name, location name and date in new SSL certs. Location name is now stored in an extra file. Backwards compatible to old locations and old peers.

Browse Source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8072 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
electron128 2015-03-25 08:19:45 +00:00
parent 4fa3d00f26
commit 7e03f3944b
8 changed files with 75 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
libretroshare/src/pqi/authssl.cc
View File

@ -288,7 +288,7 @@ bool AuthSSLimpl::active()
int AuthSSLimpl::InitAuth(const char *cert_file, const char *priv_key_file,
const char *passwd)
const char *passwd, std::string alternative_location_name)
{
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSLimpl::InitAuth()";
@ -469,6 +469,11 @@ static int initLib = 0;
mOwnCert = new sslcert(x509, mOwnId);
// new locations don't store the name in the cert
// if empty, use the external supplied value
if(mOwnCert->location == "")
mOwnCert->location = alternative_location_name;
std::cerr << "Inited SSL context: " << std::endl;
std::cerr << " Certificate: " << mOwnId << std::endl;
std::cerr << " cipher list: " << cipherString << std::endl;
@ -728,7 +733,13 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long days)
}
X509_NAME_free(issuer_name);
// NEW code, set validity time between null and null
// (does not leak the key creation date to the outside anymore. for more privacy)
ASN1_TIME_set(X509_get_notBefore(x509), 0);
ASN1_TIME_set(X509_get_notAfter(x509), 0);
// OLD code, sets validity time of cert to be between now and some days in the future
/*
if (!X509_gmtime_adj(X509_get_notBefore(x509),0))
{
std::cerr << "AuthSSLimpl::SignX509Req() notbefore FAIL" << std::endl;
@ -740,6 +751,7 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long days)
std::cerr << "AuthSSLimpl::SignX509Req() notafter FAIL" << std::endl;
return NULL;
}
*/
if (!X509_set_subject_name(x509, X509_REQ_get_subject_name(req)))
{

4
libretroshare/src/pqi/authssl.h
View File

@ -96,7 +96,7 @@ virtual bool validateOwnCertificate(X509 *x509, EVP_PKEY *pkey) = 0;
virtual bool active() = 0;
virtual int InitAuth(const char *srvr_cert, const char *priv_key,
const char *passwd) = 0;
const char *passwd, std::string alternative_location_name) = 0;
virtual bool CloseAuth() = 0;
/*********** Overloaded Functions from p3AuthMgr **********/
@ -156,7 +156,7 @@ bool validateOwnCertificate(X509 *x509, EVP_PKEY *pkey);
virtual bool active();
virtual int InitAuth(const char *srvr_cert, const char *priv_key,
const char *passwd);
const char *passwd, std::string alternative_location_name);
virtual bool CloseAuth();
/*********** Overloaded Functions from p3AuthMgr **********/

28
libretroshare/src/rsserver/rsaccounts.cc
View File

@ -187,6 +187,7 @@ const std::string kPathConfigDirectory = "config";
const std::string kFilenamePreferredAccount = "default_cert.txt";
const std::string kFilenameKey = "user_pk.pem";
const std::string kFilenameCert = "user_cert.pem";
const std::string kFilenameLocation = "location_name.txt";
/*********************************************************************
@ -250,12 +251,22 @@ std::string RsAccountsDetail::PathCertFile()
std::string path = PathAccountKeysDirectory();
if (path.empty())
{
return path;
return path;
}
path += "/" + kFilenameCert;
return path;
}
std::string RsAccountsDetail::LocationName()
{
std::map<RsPeerId, AccountDetails>::const_iterator it;
it = mAccounts.find(mPreferredId);
if (it == mAccounts.end())
{
return "";
}
return it->second.mLocation;
}
/*********************************************************************
@ -621,9 +632,10 @@ static bool checkAccount(std::string accountdir, AccountDetails &account,std::ma
/* check if the cert/key file exists */
// Create the filename.
// TODO: use kFilenameKey
std::string basename = accountdir + "/";
basename += kPathKeyDirectory + "/";
basename += "user";
basename += "user";
std::string cert_name = basename + "_cert.pem";
std::string userName;
@ -636,6 +648,10 @@ static bool checkAccount(std::string accountdir, AccountDetails &account,std::ma
/* check against authmanagers private keys */
if (LoadCheckX509(cert_name.c_str(), account.mPgpId, account.mLocation, account.mSslId))
{
// new locations store the name in an extra file
if(account.mLocation == "")
RsDirUtil::loadStringFromFile(accountdir + "/" + kPathKeyDirectory + "/" + kFilenameLocation,
account.mLocation);
#ifdef AUTHSSL_DEBUG
std::cerr << "location: " << account.mLocation << " id: " << account.mSslId << std::endl;
std::cerr << "issuerName: " << account.mPgpId << " id: " << account.mSslId << std::endl;
@ -968,10 +984,10 @@ bool RsAccountsDetail::GenerateSSLCertificate(const RsPgpId& pgp_id, const s
X509_REQ *req = GenerateX509Req(
key_name.c_str(),
passwd.c_str(),
pgp_name.c_str(),
"-", //pgp_name.c_str(), // does not allow empty name, set to constant instead
"", //ui -> gen_email -> value(),
org.c_str(),
loc.c_str(),
"", //loc.c_str(),
"", //ui -> gen_state -> value(),
country.c_str(),
nbits, errString);
@ -1037,6 +1053,10 @@ bool RsAccountsDetail::GenerateSSLCertificate(const RsPgpId& pgp_id, const s
fclose(out);
X509_free(x509);
// store location name in a file
if(!RsDirUtil::saveStringToFile(keypath + kFilenameLocation, loc))
std::cerr << "RsInit::GenerateSSLCertificate() failed to save location name to into file." << std::endl;
}
if (!gen_ok)

1
libretroshare/src/rsserver/rsaccounts.h
View File

@ -84,6 +84,7 @@ class RsAccountsDetail
std::string PathAccountKeysDirectory();
std::string PathKeyFile();
std::string PathCertFile();
std::string LocationName();
// PGP Accounts.

6
libretroshare/src/rsserver/rsinit.cc
View File

@ -503,7 +503,7 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored, bool strictCheck
*/
/* create singletons */
AuthSSL::AuthSSLInit();
AuthSSL::getAuthSSL() -> InitAuth(NULL, NULL, NULL);
AuthSSL::getAuthSSL() -> InitAuth(NULL, NULL, NULL, "");
rsAccounts = new RsAccountsDetail() ;
@ -708,7 +708,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)
std::cerr << "rsAccounts->PathKeyFile() : " << rsAccounts->PathKeyFile() << std::endl;
if(0 == AuthSSL::getAuthSSL() -> InitAuth(rsAccounts->PathCertFile().c_str(), rsAccounts->PathKeyFile().c_str(), rsInitConfig->passwd.c_str()))
if(0 == AuthSSL::getAuthSSL() -> InitAuth(rsAccounts->PathCertFile().c_str(), rsAccounts->PathKeyFile().c_str(), rsInitConfig->passwd.c_str(), rsAccounts->LocationName()))
{
std::cerr << "SSL Auth Failed!";
return 0 ;
@ -955,7 +955,7 @@ int RsServer::StartupRetroShare()
/* (1) Load up own certificate (DONE ALREADY) - just CHECK */
/**************************************************************************/
if (1 != AuthSSL::getAuthSSL() -> InitAuth(NULL, NULL, NULL))
if (1 != AuthSSL::getAuthSSL() -> InitAuth(NULL, NULL, NULL, ""))
{
std::cerr << "main() - Fatal Error....." << std::endl;
std::cerr << "Invalid Certificate configuration!" << std::endl;

26
libretroshare/src/util/rsdir.cc
View File

@ -41,6 +41,7 @@
#include <dirent.h>
#include <openssl/sha.h>
#include <iomanip>
#include <sstream>
#include <fstream>
#include <stdexcept>
@ -722,6 +723,31 @@ Sha1CheckSum RsDirUtil::sha1sum(const unsigned char *data, uint32_t size)
return Sha1CheckSum(sha_buf) ;
}
bool RsDirUtil::saveStringToFile(const std::string &file, const std::string &str)
{
std::ofstream out(file.c_str(), std::ios_base::out | std::ios_base::binary);
if(!out.is_open())
{
std::cerr << "RsDirUtil::saveStringToFile() ERROR: can't open file " << file << std::endl;
return false;
}
out << str;
}
bool RsDirUtil::loadStringFromFile(const std::string &file, std::string &str)
{
std::ifstream in(file.c_str(), std::ios_base::in | std::ios_base::binary);
if(!in.is_open())
{
std::cerr << "RsDirUtil::loadStringFromFile() ERROR: can't open file " << file << std::endl;
return false;
}
std::stringstream buffer;
buffer << in.rdbuf();
str = buffer.str();
return true;
}
bool RsDirUtil::renameFile(const std::string& from, const std::string& to)
{
int loops = 0;

3
libretroshare/src/util/rsdir.h
View File

@ -97,6 +97,9 @@ bool getFileHash(const std::string& filepath,RsFileHash &hash, uint64_t &size,
Sha1CheckSum sha1sum(const uint8_t *data,uint32_t size) ;
bool saveStringToFile(const std::string& file, const std::string& str);
bool loadStringFromFile(const std::string& file, std::string& str);
// Creates a lock file with given path, and returns the lock handle
// returns:
// 0: Success

6
retroshare-gui/src/gui/msgs/MessageComposer.cpp
View File

@ -497,7 +497,7 @@ void MessageComposer::recommendFriend(const std::list <RsPeerId> &sslIds, const
/* window will destroy itself! */
}
void MessageComposer::sendConnectAttemptMsg(const RsPgpId &gpgId, const RsPeerId &sslId, const QString &sslName)
void MessageComposer::sendConnectAttemptMsg(const RsPgpId &gpgId, const RsPeerId &sslId, const QString &/*sslName*/)
{
if (gpgId.isNull()) {
return;
@ -508,7 +508,7 @@ void MessageComposer::sendConnectAttemptMsg(const RsPgpId &gpgId, const RsPeerId
return;
}
QString title = QString("%1 %2").arg(sslName, tr("wants to be friends with you on RetroShare"));
QString title = QString("%1 %2").arg(link.name(), tr("wants to be friends with you on RetroShare"));
/* search for an exisiting message in the inbox */
std::list<MsgInfoSummary> msgList;
@ -531,7 +531,7 @@ void MessageComposer::sendConnectAttemptMsg(const RsPgpId &gpgId, const RsPeerId
}
/* create a message */
QString msgText = tr("Hi %1,<br><br>%2 wants to be friends with you on RetroShare.<br><br>Respond now:<br>%3<br><br>Thanks,<br>The RetroShare Team").arg(QString::fromUtf8(rsPeers->getGPGName(rsPeers->getGPGOwnId()).c_str()), sslName, link.toHtml());
QString msgText = tr("Hi %1,<br><br>%2 wants to be friends with you on RetroShare.<br><br>Respond now:<br>%3<br><br>Thanks,<br>The RetroShare Team").arg(QString::fromUtf8(rsPeers->getGPGName(rsPeers->getGPGOwnId()).c_str()), link.name(), link.toHtml());
rsMail->SystemMessage(title.toUtf8().constData(), msgText.toUtf8().constData(), RS_MSG_USER_REQUEST);
}