Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-05-07 00:25:16 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

don't store name, location name and date in new SSL certs. Location name is now stored in an extra file. Backwards compatible to old locations and old peers.

Browse source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@8072 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
electron128 2015-03-25 08:19:45 +00:00
parent 4fa3d00f26
commit 7e03f3944b
8 changed files with 75 additions and 13 deletions
Download patch file Download diff file Expand all files Collapse all files

14
libretroshare/src/pqi/authssl.cc
View file

@ -288,7 +288,7 @@ bool AuthSSLimpl::active()
int AuthSSLimpl::InitAuth(const char *cert_file, const char *priv_key_file, int AuthSSLimpl::InitAuth(const char *cert_file, const char *priv_key_file,
const char *passwd) const char *passwd, std::string alternative_location_name)
{ {
#ifdef AUTHSSL_DEBUG #ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSLimpl::InitAuth()"; std::cerr << "AuthSSLimpl::InitAuth()";
@ -469,6 +469,11 @@ static int initLib = 0;
mOwnCert = new sslcert(x509, mOwnId); mOwnCert = new sslcert(x509, mOwnId);
// new locations don't store the name in the cert
// if empty, use the external supplied value
if(mOwnCert->location == "")
mOwnCert->location = alternative_location_name;
std::cerr << "Inited SSL context: " << std::endl; std::cerr << "Inited SSL context: " << std::endl;
std::cerr << " Certificate: " << mOwnId << std::endl; std::cerr << " Certificate: " << mOwnId << std::endl;
std::cerr << " cipher list: " << cipherString << std::endl; std::cerr << " cipher list: " << cipherString << std::endl;
@ -728,7 +733,13 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long days)
} }
X509_NAME_free(issuer_name); X509_NAME_free(issuer_name);
// NEW code, set validity time between null and null
// (does not leak the key creation date to the outside anymore. for more privacy)
ASN1_TIME_set(X509_get_notBefore(x509), 0);
ASN1_TIME_set(X509_get_notAfter(x509), 0);
// OLD code, sets validity time of cert to be between now and some days in the future
/*
if (!X509_gmtime_adj(X509_get_notBefore(x509),0)) if (!X509_gmtime_adj(X509_get_notBefore(x509),0))
{ {
std::cerr << "AuthSSLimpl::SignX509Req() notbefore FAIL" << std::endl; std::cerr << "AuthSSLimpl::SignX509Req() notbefore FAIL" << std::endl;
@ -740,6 +751,7 @@ X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long days)
std::cerr << "AuthSSLimpl::SignX509Req() notafter FAIL" << std::endl; std::cerr << "AuthSSLimpl::SignX509Req() notafter FAIL" << std::endl;
return NULL; return NULL;
} }
*/
if (!X509_set_subject_name(x509, X509_REQ_get_subject_name(req))) if (!X509_set_subject_name(x509, X509_REQ_get_subject_name(req)))
{ {

4
libretroshare/src/pqi/authssl.h
View file

@ -96,7 +96,7 @@ virtual bool validateOwnCertificate(X509 *x509, EVP_PKEY *pkey) = 0;
virtual bool active() = 0; virtual bool active() = 0;
virtual int InitAuth(const char *srvr_cert, const char *priv_key, virtual int InitAuth(const char *srvr_cert, const char *priv_key,
const char *passwd) = 0; const char *passwd, std::string alternative_location_name) = 0;
virtual bool CloseAuth() = 0; virtual bool CloseAuth() = 0;
/*********** Overloaded Functions from p3AuthMgr **********/ /*********** Overloaded Functions from p3AuthMgr **********/
@ -156,7 +156,7 @@ bool validateOwnCertificate(X509 *x509, EVP_PKEY *pkey);
virtual bool active(); virtual bool active();
virtual int InitAuth(const char *srvr_cert, const char *priv_key, virtual int InitAuth(const char *srvr_cert, const char *priv_key,
const char *passwd); const char *passwd, std::string alternative_location_name);
virtual bool CloseAuth(); virtual bool CloseAuth();
/*********** Overloaded Functions from p3AuthMgr **********/ /*********** Overloaded Functions from p3AuthMgr **********/

28
libretroshare/src/rsserver/rsaccounts.cc
View file

@ -187,6 +187,7 @@ const std::string kPathConfigDirectory = "config";
const std::string kFilenamePreferredAccount = "default_cert.txt"; const std::string kFilenamePreferredAccount = "default_cert.txt";
const std::string kFilenameKey = "user_pk.pem"; const std::string kFilenameKey = "user_pk.pem";
const std::string kFilenameCert = "user_cert.pem"; const std::string kFilenameCert = "user_cert.pem";
const std::string kFilenameLocation = "location_name.txt";
/********************************************************************* /*********************************************************************
@ -250,12 +251,22 @@ std::string RsAccountsDetail::PathCertFile()
std::string path = PathAccountKeysDirectory(); std::string path = PathAccountKeysDirectory();
if (path.empty()) if (path.empty())
{ {
return path; return path;
} }
path += "/" + kFilenameCert; path += "/" + kFilenameCert;
return path; return path;
} }
std::string RsAccountsDetail::LocationName()
{
std::map<RsPeerId, AccountDetails>::const_iterator it;
it = mAccounts.find(mPreferredId);
if (it == mAccounts.end())
{
return "";
}
return it->second.mLocation;
}
/********************************************************************* /*********************************************************************
@ -621,9 +632,10 @@ static bool checkAccount(std::string accountdir, AccountDetails &account,std::ma
/* check if the cert/key file exists */ /* check if the cert/key file exists */
// Create the filename. // Create the filename.
// TODO: use kFilenameKey
std::string basename = accountdir + "/"; std::string basename = accountdir + "/";
basename += kPathKeyDirectory + "/"; basename += kPathKeyDirectory + "/";
basename += "user"; basename += "user";
std::string cert_name = basename + "_cert.pem"; std::string cert_name = basename + "_cert.pem";
std::string userName; std::string userName;
@ -636,6 +648,10 @@ static bool checkAccount(std::string accountdir, AccountDetails &account,std::ma
/* check against authmanagers private keys */ /* check against authmanagers private keys */
if (LoadCheckX509(cert_name.c_str(), account.mPgpId, account.mLocation, account.mSslId)) if (LoadCheckX509(cert_name.c_str(), account.mPgpId, account.mLocation, account.mSslId))
{ {
// new locations store the name in an extra file
if(account.mLocation == "")
RsDirUtil::loadStringFromFile(accountdir + "/" + kPathKeyDirectory + "/" + kFilenameLocation,
account.mLocation);
#ifdef AUTHSSL_DEBUG #ifdef AUTHSSL_DEBUG
std::cerr << "location: " << account.mLocation << " id: " << account.mSslId << std::endl; std::cerr << "location: " << account.mLocation << " id: " << account.mSslId << std::endl;
std::cerr << "issuerName: " << account.mPgpId << " id: " << account.mSslId << std::endl; std::cerr << "issuerName: " << account.mPgpId << " id: " << account.mSslId << std::endl;
@ -968,10 +984,10 @@ bool RsAccountsDetail::GenerateSSLCertificate(const RsPgpId& pgp_id, const s
X509_REQ *req = GenerateX509Req( X509_REQ *req = GenerateX509Req(
key_name.c_str(), key_name.c_str(),
passwd.c_str(), passwd.c_str(),
pgp_name.c_str(), "-", //pgp_name.c_str(), // does not allow empty name, set to constant instead
"", //ui -> gen_email -> value(), "", //ui -> gen_email -> value(),
org.c_str(), org.c_str(),
loc.c_str(), "", //loc.c_str(),
"", //ui -> gen_state -> value(), "", //ui -> gen_state -> value(),
country.c_str(), country.c_str(),
nbits, errString); nbits, errString);
@ -1037,6 +1053,10 @@ bool RsAccountsDetail::GenerateSSLCertificate(const RsPgpId& pgp_id, const s
fclose(out); fclose(out);
X509_free(x509); X509_free(x509);
// store location name in a file
if(!RsDirUtil::saveStringToFile(keypath + kFilenameLocation, loc))
std::cerr << "RsInit::GenerateSSLCertificate() failed to save location name to into file." << std::endl;
} }
if (!gen_ok) if (!gen_ok)

1
libretroshare/src/rsserver/rsaccounts.h
View file

@ -84,6 +84,7 @@ class RsAccountsDetail
std::string PathAccountKeysDirectory(); std::string PathAccountKeysDirectory();
std::string PathKeyFile(); std::string PathKeyFile();
std::string PathCertFile(); std::string PathCertFile();
std::string LocationName();
// PGP Accounts. // PGP Accounts.

6
libretroshare/src/rsserver/rsinit.cc
View file

@ -503,7 +503,7 @@ int RsInit::InitRetroShare(int argcIgnored, char **argvIgnored, bool strictCheck
*/ */
/* create singletons */ /* create singletons */
AuthSSL::AuthSSLInit(); AuthSSL::AuthSSLInit();
AuthSSL::getAuthSSL() -> InitAuth(NULL, NULL, NULL); AuthSSL::getAuthSSL() -> InitAuth(NULL, NULL, NULL, "");
rsAccounts = new RsAccountsDetail() ; rsAccounts = new RsAccountsDetail() ;
@ -708,7 +708,7 @@ int RsInit::LoadCertificates(bool autoLoginNT)
std::cerr << "rsAccounts->PathKeyFile() : " << rsAccounts->PathKeyFile() << std::endl; std::cerr << "rsAccounts->PathKeyFile() : " << rsAccounts->PathKeyFile() << std::endl;
if(0 == AuthSSL::getAuthSSL() -> InitAuth(rsAccounts->PathCertFile().c_str(), rsAccounts->PathKeyFile().c_str(), rsInitConfig->passwd.c_str())) if(0 == AuthSSL::getAuthSSL() -> InitAuth(rsAccounts->PathCertFile().c_str(), rsAccounts->PathKeyFile().c_str(), rsInitConfig->passwd.c_str(), rsAccounts->LocationName()))
{ {
std::cerr << "SSL Auth Failed!"; std::cerr << "SSL Auth Failed!";
return 0 ; return 0 ;
@ -955,7 +955,7 @@ int RsServer::StartupRetroShare()
/* (1) Load up own certificate (DONE ALREADY) - just CHECK */ /* (1) Load up own certificate (DONE ALREADY) - just CHECK */
/**************************************************************************/ /**************************************************************************/
if (1 != AuthSSL::getAuthSSL() -> InitAuth(NULL, NULL, NULL)) if (1 != AuthSSL::getAuthSSL() -> InitAuth(NULL, NULL, NULL, ""))
{ {
std::cerr << "main() - Fatal Error....." << std::endl; std::cerr << "main() - Fatal Error....." << std::endl;
std::cerr << "Invalid Certificate configuration!" << std::endl; std::cerr << "Invalid Certificate configuration!" << std::endl;

26
libretroshare/src/util/rsdir.cc
View file

@ -41,6 +41,7 @@
#include <dirent.h> #include <dirent.h>
#include <openssl/sha.h> #include <openssl/sha.h>
#include <iomanip> #include <iomanip>
#include <sstream>
#include <fstream> #include <fstream>
#include <stdexcept> #include <stdexcept>
@ -722,6 +723,31 @@ Sha1CheckSum RsDirUtil::sha1sum(const unsigned char *data, uint32_t size)
return Sha1CheckSum(sha_buf) ; return Sha1CheckSum(sha_buf) ;
} }
bool RsDirUtil::saveStringToFile(const std::string &file, const std::string &str)
{
std::ofstream out(file.c_str(), std::ios_base::out | std::ios_base::binary);
if(!out.is_open())
{
std::cerr << "RsDirUtil::saveStringToFile() ERROR: can't open file " << file << std::endl;
return false;
}
out << str;
}
bool RsDirUtil::loadStringFromFile(const std::string &file, std::string &str)
{
std::ifstream in(file.c_str(), std::ios_base::in | std::ios_base::binary);
if(!in.is_open())
{
std::cerr << "RsDirUtil::loadStringFromFile() ERROR: can't open file " << file << std::endl;
return false;
}
std::stringstream buffer;
buffer << in.rdbuf();
str = buffer.str();
return true;
}
bool RsDirUtil::renameFile(const std::string& from, const std::string& to) bool RsDirUtil::renameFile(const std::string& from, const std::string& to)
{ {
int loops = 0; int loops = 0;

3
libretroshare/src/util/rsdir.h
View file

@ -97,6 +97,9 @@ bool getFileHash(const std::string& filepath,RsFileHash &hash, uint64_t &size,
Sha1CheckSum sha1sum(const uint8_t *data,uint32_t size) ; Sha1CheckSum sha1sum(const uint8_t *data,uint32_t size) ;
bool saveStringToFile(const std::string& file, const std::string& str);
bool loadStringFromFile(const std::string& file, std::string& str);
// Creates a lock file with given path, and returns the lock handle // Creates a lock file with given path, and returns the lock handle
// returns: // returns:
// 0: Success // 0: Success

6
retroshare-gui/src/gui/msgs/MessageComposer.cpp
View file

@ -497,7 +497,7 @@ void MessageComposer::recommendFriend(const std::list <RsPeerId> &sslIds, const
/* window will destroy itself! */ /* window will destroy itself! */
} }
void MessageComposer::sendConnectAttemptMsg(const RsPgpId &gpgId, const RsPeerId &sslId, const QString &sslName) void MessageComposer::sendConnectAttemptMsg(const RsPgpId &gpgId, const RsPeerId &sslId, const QString &/*sslName*/)
{ {
if (gpgId.isNull()) { if (gpgId.isNull()) {
return; return;
@ -508,7 +508,7 @@ void MessageComposer::sendConnectAttemptMsg(const RsPgpId &gpgId, const RsPeerId
return; return;
} }
QString title = QString("%1 %2").arg(sslName, tr("wants to be friends with you on RetroShare")); QString title = QString("%1 %2").arg(link.name(), tr("wants to be friends with you on RetroShare"));
/* search for an exisiting message in the inbox */ /* search for an exisiting message in the inbox */
std::list<MsgInfoSummary> msgList; std::list<MsgInfoSummary> msgList;
@ -531,7 +531,7 @@ void MessageComposer::sendConnectAttemptMsg(const RsPgpId &gpgId, const RsPeerId
} }
/* create a message */ /* create a message */
QString msgText = tr("Hi %1,<br><br>%2 wants to be friends with you on RetroShare.<br><br>Respond now:<br>%3<br><br>Thanks,<br>The RetroShare Team").arg(QString::fromUtf8(rsPeers->getGPGName(rsPeers->getGPGOwnId()).c_str()), sslName, link.toHtml()); QString msgText = tr("Hi %1,<br><br>%2 wants to be friends with you on RetroShare.<br><br>Respond now:<br>%3<br><br>Thanks,<br>The RetroShare Team").arg(QString::fromUtf8(rsPeers->getGPGName(rsPeers->getGPGOwnId()).c_str()), link.name(), link.toHtml());
rsMail->SystemMessage(title.toUtf8().constData(), msgText.toUtf8().constData(), RS_MSG_USER_REQUEST); rsMail->SystemMessage(title.toUtf8().constData(), msgText.toUtf8().constData(), RS_MSG_USER_REQUEST);
} }