Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-05-05 07:35:12 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

remove the ssl cert storage. Big rewrite of ssl cert and friend management

Browse source 
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2017 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
joss17 2010-01-13 21:22:52 +00:00
parent bb9fb11257
commit 9976b80566
39 changed files with 2056 additions and 1957 deletions
Download patch file Download diff file Expand all files Collapse all files

4
libretroshare/src/dbase/cachestrapper.cc
View file

@ -832,7 +832,9 @@ bool CacheStrapper::loadList(std::list<RsItem *> load)
CacheData cd;
cd.pid = rscc->pid;
cd.pname = AuthSSL::getAuthSSL()->getName(cd.pid);
peerConnectState pca;
mConnMgr->getFriendNetStatus(rscc->pid, pca);
cd.pname = pca.name;
cd.cid.type = rscc->cachetypeid;
cd.cid.subid = rscc->cachesubid;
cd.path = rscc->path;

4
libretroshare/src/ft/ftserver.cc
View file

@ -858,7 +858,9 @@ bool ftServer::handleCacheData()
data.name = ci->file.name;
data.path = ci->file.path;
data.pid = ci->PeerId();
data.pname = AuthSSL::getAuthSSL()->getName(ci->PeerId());
peerConnectState pca;
mConnMgr->getFriendNetStatus(ci->PeerId(), pca);
data.pname = pca.name;
mCacheStrapper->recvCacheResponse(data, time(NULL));
delete ci;

153
libretroshare/src/pqi/authgpg.cc
View file

@ -198,7 +198,7 @@ AuthGPG::AuthGPG()
*
* returns false if GnuPG is not available.
*/
bool AuthGPG::availablePGPCertificatesWithPrivateKeys(std::list<std::string> &ids)
bool AuthGPG::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -281,6 +281,8 @@ int AuthGPG::GPGInit(std::string ownId)
mOwnGpgCert.key = newKey;
mOwnGpgId = ownId;
mOwnGpgName = newKey->uids->name;
mOwnGpgEmail = newKey->uids->email;
gpgmeKeySelected = true;
storeAllKeys_locked();
printAllKeys_locked();
@ -381,6 +383,13 @@ bool AuthGPG::storeAllKeys_locked()
nu.name = mainuid->name;
nu.email = mainuid->email;
gpgme_key_sig_t mainsiglist = mainuid->signatures;
std::map<std::string, bool>::iterator itAccept;
if (mAcceptToConnectMap.end() != (itAccept = mAcceptToConnectMap.find(nu.id))) {
nu.accept_connection = itAccept->second;
} else {
nu.accept_connection = false;
mAcceptToConnectMap[nu.id] = false;
}
nu.ownsign = false;
while(mainsiglist != NULL)
{
@ -738,7 +747,7 @@ bool AuthGPG::DoOwnSignature_locked(const void *data, unsigned int datalen, void
/* import to GnuPG and other Certificates */
bool AuthGPG::VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen)
bool AuthGPG::VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint)
{
gpgme_data_t gpgmeSig;
gpgme_data_t gpgmeData;
@ -793,7 +802,12 @@ bool AuthGPG::VerifySignature_locked(const void *data, int datalen, const void *
if (sg->summary & GPGME_SIGSUM_VALID)
{
fprintf(stderr, "AuthGPG::VerifySignature() OK\n");
valid = true;
if (withfingerprint != "" && withfingerprint == std::string(sg->fpr)) {
fprintf(stderr, "AuthGPG::VerifySignature() for the fingerprint key : ");
std::cerr << withfingerprint;
fprintf(stderr, "\n");
valid = true;
}
}
sg = sg->next;
@ -843,7 +857,7 @@ int AuthGPG::setConfigDirectories(std::string confFile, std::string neighDir
#endif
/**** These Two are common */
std::string AuthGPG::getPGPName(GPG_id id)
std::string AuthGPG::getGPGName(GPG_id id)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -855,7 +869,7 @@ std::string AuthGPG::getPGPName(GPG_id id)
}
/**** These Two are common */
std::string AuthGPG::getPGPEmail(GPG_id id)
std::string AuthGPG::getGPGEmail(GPG_id id)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -868,14 +882,19 @@ std::string AuthGPG::getPGPEmail(GPG_id id)
/**** GPG versions ***/
std::string AuthGPG::PGPOwnId()
std::string AuthGPG::getGPGOwnId()
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
return mOwnGpgId;
}
bool AuthGPG::getPGPAllList(std::list<std::string> &ids)
std::string AuthGPG::getGPGOwnName()
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
return mOwnGpgName;
}
bool AuthGPG::getGPGAllList(std::list<std::string> &ids)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -888,36 +907,24 @@ bool AuthGPG::getPGPAllList(std::list<std::string> &ids)
return true;
}
bool AuthGPG::getPGPValidList(std::list<std::string> &ids)
bool AuthGPG::getGPGDetails(std::string id, RsPeerDetails &d)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
/* add an id for each pgp certificate */
certmap::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
if (it->second.validLvl >= GPGME_VALIDITY_MARGINAL) {
ids.push_back(it->first);
}
}
return true;
}
bool AuthGPG::getPGPDetails(std::string id, RsPeerDetails &d)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
/* add an id for each pgp certificate */
certmap::iterator it;
if (mKeyList.end() != (it = mKeyList.find(id)))
{
d.id = it->second.id;
if (mKeyList.end() != (it = mKeyList.find(id))) {
d.id = it->second.id; //keep, it but can be bug gen
d.gpg_id = it->second.id;
d.name = it->second.name;
d.email = it->second.email;
d.trustLvl = it->second.trustLvl;
d.validLvl = it->second.validLvl;
d.ownsign = it->second.ownsign;
d.gpgSigners = it->second.signers;
d.fpr = it->second.fpr;
d.accept_connection = it->second.accept_connection;
//did the peer signed me ?
d.hasSignedMe = false;
@ -955,7 +962,6 @@ bool AuthGPG::decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) {
bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
gpgme_encrypt_flags_t* flags = new gpgme_encrypt_flags_t();
gpgme_key_t keys[2] = {mOwnGpgCert.key, NULL};
gpgme_set_armor (CTX, 1);
@ -971,18 +977,37 @@ bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
return true;
}
bool AuthGPG::getPGPAcceptedList(std::list<std::string> &ids)
bool AuthGPG::getGPGValidList(std::list<std::string> &ids)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
//TODO : implement a list in config file of accepted GPG key to connect with
return getPGPSignedList(ids);
/* add an id for each pgp certificate */
certmap::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
if (it->second.validLvl >= GPGME_VALIDITY_MARGINAL) {
ids.push_back(it->first);
}
}
return true;
}
bool AuthGPG::getPGPSignedList(std::list<std::string> &ids)
bool AuthGPG::getGPGAcceptedList(std::list<std::string> &ids)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
certmap::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
if (it->second.accept_connection)
{
ids.push_back(it->first);
}
}
return true;
}
bool AuthGPG::getGPGSignedList(std::list<std::string> &ids)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
certmap::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
@ -994,10 +1019,9 @@ bool AuthGPG::getPGPSignedList(std::list<std::string> &ids)
return true;
}
bool AuthGPG::isPGPValid(GPG_id id)
bool AuthGPG::isGPGValid(GPG_id id)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
certmap::iterator it;
if (mKeyList.end() != (it = mKeyList.find(id))) {
return (it->second.validLvl >= GPGME_VALIDITY_MARGINAL);
@ -1008,10 +1032,9 @@ bool AuthGPG::isPGPValid(GPG_id id)
}
bool AuthGPG::isPGPSigned(GPG_id id)
bool AuthGPG::isGPGSigned(GPG_id id)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
certmap::iterator it;
if (mKeyList.end() != (it = mKeyList.find(id)))
{
@ -1020,6 +1043,17 @@ bool AuthGPG::isPGPSigned(GPG_id id)
return false;
}
bool AuthGPG::isGPGAccepted(GPG_id id)
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
certmap::iterator it;
if (mKeyList.end() != (it = mKeyList.find(id)))
{
return (it->second.accept_connection);
}
return false;
}
/****** Large Parts of the p3AuthMgr is provided by AuthSSL ******
* As the majority of functions require SSL Certs
*
@ -1065,7 +1099,7 @@ bool AuthGPG::loadCertificates()
std::string AuthGPG::SaveCertificateToString(std::string id)
{
if (!isPGPValid(id)) {
if (!isGPGValid(id)) {
std::cerr << "AuthGPG::SaveCertificateToString() unknown ID" << std::endl;
std::string emptystr;
return emptystr;
@ -1112,7 +1146,7 @@ std::string AuthGPG::SaveCertificateToString(std::string id)
}
/* import to GnuPG and other Certificates */
bool AuthGPG::LoadCertificateFromString(std::string str)
bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
@ -1130,13 +1164,15 @@ bool AuthGPG::LoadCertificateFromString(std::string str)
if (GPG_ERR_NO_ERROR != gpgme_op_import (CTX,gpgmeData))
{
std::cerr << "AuthGPG::Error Importing Certificate";
std::cerr << "AuthGPG::LoadCertificateFromString() Error Importing Certificate";
std::cerr << std::endl;
return false ;
}
gpgme_import_result_t res = gpgme_op_import_result(CTX);
std::string fingerprint = std::string(res->imports->fpr);
std::cerr << "AuthGPG::LoadCertificateFromString() Importing considered folowing fpr : " << fingerprint << std::endl;
int imported = res->imported;
@ -1144,7 +1180,6 @@ bool AuthGPG::LoadCertificateFromString(std::string str)
res->considered, res->imported);
/* do we need to delete res??? */
gpgme_data_release (gpgmeData);
/* extract id(s)! (only if we actually imported one) */
@ -1152,6 +1187,17 @@ bool AuthGPG::LoadCertificateFromString(std::string str)
{
storeAllKeys_locked();
}
//retrieve the id of the key
certmap::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
{
if (it->second.fpr == fingerprint)
{
gpg_id = it->second.id;
break;
}
}
std::cerr << "AuthGPG::LoadCertificateFromString() returning with gpg_id : " << gpg_id << std::endl;
return true;
}
@ -1169,6 +1215,25 @@ bool AuthGPG::LoadCertificateFromString(std::string str)
/*************************************/
/* These take PGP Ids */
bool AuthGPG::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance)
{
std::cerr << "AuthGPG::markGPGCertificateAsFriends(" << gpg_id << ")";
std::cerr << std::endl;
/* reload stuff now ... */
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
certmap::iterator it;
if (mKeyList.end() == (it = mKeyList.find(gpg_id))) {
return false;
}
it->second.accept_connection = acceptance;
mAcceptToConnectMap[gpg_id] = acceptance;
return true;
}
/* These take PGP Ids */
bool AuthGPG::SignCertificateLevel0(GPG_id id)
{
@ -1235,9 +1300,9 @@ bool AuthGPG::SignDataBin(const void *data, unsigned int datalen, unsigned char
sign, signlen);
}
bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *sign, unsigned int signlen) {
bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *sign, unsigned int signlen, std::string withfingerprint) {
return VerifySignature_locked(data, datalen,
sign, signlen);
sign, signlen, withfingerprint);
}
@ -1298,7 +1363,7 @@ int AuthGPG::privateTrustCertificate(std::string id, int trustlvl)
/* The certificate should be in Peers list ??? */
if(!isPGPSigned(id)) {
if(!isGPGSigned(id)) {
std::cerr << "Invalid Certificate" << std::endl;
return 0;
}

39
libretroshare/src/pqi/authgpg.h
View file

@ -46,6 +46,7 @@
#include "rsiface/rspeers.h"
#include <string>
#include <list>
#include <set>
#include <map>
#define GPG_id std::string
@ -71,6 +72,9 @@ class gpgcert
bool ownsign;
//This is not gpg, but RS data. A gpg peer can be accepted for connecting but not signed.
bool accept_connection;
gpgme_key_t key;
};
@ -85,7 +89,7 @@ class AuthGPG
/* Internal functions */
bool DoOwnSignature_locked(const void *, unsigned int, void *, unsigned int *);
bool VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen);
bool VerifySignature_locked(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint);
/* Sign/Trust stuff */
int privateSignCertificate(GPG_id id);
@ -104,7 +108,7 @@ class AuthGPG
AuthGPG();
~AuthGPG();
bool availablePGPCertificatesWithPrivateKeys(std::list<std::string> &ids);
bool availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids);
int GPGInit(std::string ownId);
@ -145,18 +149,21 @@ class AuthGPG
* provide access to details in cache list.
*
****/
std::string getPGPName(GPG_id pgp_id);
std::string getPGPEmail(GPG_id pgp_id);
std::string getGPGName(GPG_id pgp_id);
std::string getGPGEmail(GPG_id pgp_id);
/* PGP web of trust management */
GPG_id PGPOwnId();
bool getPGPDetails(std::string id, RsPeerDetails &d);
bool getPGPAllList(std::list<std::string> &ids);
bool getPGPValidList(std::list<std::string> &ids);
bool getPGPAcceptedList(std::list<std::string> &ids);
bool getPGPSignedList(std::list<std::string> &ids);
bool isPGPValid(std::string id);
bool isPGPSigned(std::string id);
std::string getGPGOwnId();
std::string getGPGOwnName();
std::string getGPGOwnEmail();
bool getGPGDetails(std::string id, RsPeerDetails &d);
bool getGPGAllList(std::list<std::string> &ids);
bool getGPGValidList(std::list<std::string> &ids);
bool getGPGAcceptedList(std::list<std::string> &ids);
bool getGPGSignedList(std::list<std::string> &ids);
bool isGPGValid(std::string id);
bool isGPGSigned(std::string id);
bool isGPGAccepted(std::string id);
/*********************************************************************************/
/************************* STAGE 4 ***********************************************/
@ -165,7 +172,7 @@ class AuthGPG
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
*
****/
bool LoadCertificateFromString(std::string pem);
bool LoadCertificateFromString(std::string pem, std::string &gpg_id);
std::string SaveCertificateToString(std::string id);
/*********************************************************************************/
@ -178,6 +185,7 @@ class AuthGPG
* done in gpgroot already.
*
****/
bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance); //don't act on the gpg key, use a seperate set
bool SignCertificateLevel0(std::string id);
bool RevokeCertificate(std::string id); /* Particularly hard - leave for later */
bool TrustCertificateNone(std::string id);
@ -198,7 +206,7 @@ class AuthGPG
bool SignData(const void *data, const uint32_t len, std::string &sign);
bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen);
bool SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen);
bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int);
bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint);
bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN);
bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER);
//END of PGP public functions
@ -223,7 +231,10 @@ private:
gpgme_ctx_t CTX;
std::string mOwnGpgId;
std::string mOwnGpgName;
std::string mOwnGpgEmail;
std::string mX509id;
std::map<std::string, bool> mAcceptToConnectMap;
gpgcert mOwnGpgCert;
};

2118
libretroshare/src/pqi/authssl.cc
View file

File diff suppressed because it is too large Load diff

64
libretroshare/src/pqi/authssl.h
View file

@ -27,12 +27,10 @@
#define MRK_AUTH_SSL_HEADER
/*
* This is an implementation of SSL certificate authentication, which can be
* This is an implementation of SSL certificate authentication, which is
* overloaded with pgp style signatures, and web-of-trust authentication.
*
* There are several virtual functions with can be overloaded to acheive this.
* SignCertificate()
* AuthCertificate()
* only the owner ssl cert is store, the rest is jeus callback verification
*
* To use as an SSL authentication system, you must use a common CA certificate.
* and compilation should be done with PQI_USE_XPGP off, and PQI_USE_SSLONLY on
@ -52,6 +50,7 @@
#include "pqi/pqi_base.h"
#include "pqi/pqinetwork.h"
#include "rsiface/rspeers.h"
typedef std::string SSL_id;
@ -75,7 +74,7 @@ class sslcert
std::string issuer;
std::string fpr;
std::list<std::string> signers;
//std::list<std::string> signers;
/* Auth settings */
bool authed;
@ -103,42 +102,43 @@ SSL_CTX * getNewSslCtx();
/*********** Overloaded Functions from p3AuthMgr **********/
/* get Certificate Ids */
/* get Certificate Id */
virtual std::string OwnId();
virtual bool getAllList(std::list<std::string> &ids);
virtual bool getAuthenticatedList(std::list<std::string> &ids);
virtual bool getUnknownList(std::list<std::string> &ids);
virtual bool getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
//virtual bool getAllList(std::list<std::string> &ids);
//virtual bool getAuthenticatedList(std::list<std::string> &ids);
//virtual bool getUnknownList(std::list<std::string> &ids);
//virtual bool getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
/* get Details from the Certificates */
virtual bool isAuthenticated(std::string id);
virtual std::string getName(std::string id);
virtual std::string getIssuerName(std::string id);
virtual std::string getGPGId(SSL_id id);
virtual bool getCertDetails(std::string id, sslcert &cert);
//virtual bool isAuthenticated(std::string id);
//virtual std::string getName(std::string id);
//virtual std::string getIssuerName(std::string id);
//virtual std::string getGPGId(SSL_id id);
//virtual bool getCertDetails(std::string id, sslcert &cert);
/* High Level Load/Save Configuration */
virtual bool FinalSaveCertificates();
virtual bool CheckSaveCertificates();
virtual bool saveCertificates();
virtual bool loadCertificates();
//virtual bool FinalSaveCertificates();
//virtual bool CheckSaveCertificates();
//virtual bool saveCertificates();
//virtual bool loadCertificates();
/* Load/Save certificates */
virtual bool LoadCertificateFromString(std::string pem, std::string &id);
virtual std::string SaveCertificateToString(std::string id);
virtual bool LoadCertificateFromFile(std::string filename, std::string &id);
virtual bool SaveCertificateToFile(std::string id, std::string filename);
bool ProcessX509(X509 *x509, std::string &id);
virtual bool LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id);
virtual bool SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len);
virtual bool LoadDetailsFromStringCert(std::string pem, RsPeerDetails &pd);
virtual std::string SaveOwnCertificateToString();
//virtual bool LoadCertificateFromFile(std::string filename, std::string &id);
//virtual bool SaveCertificateToFile(std::string id, std::string filename);
//bool ProcessX509(X509 *x509, std::string &id);
//
//virtual bool LoadCertificateFromBinary(const uint8_t *ptr, uint32_t len, std::string &id);
//virtual bool SaveCertificateToBinary(std::string id, uint8_t **ptr, uint32_t *len);
/* Sign / Encrypt / Verify Data (TODO) */
virtual bool SignData(std::string input, std::string &sign);
virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
virtual bool SignDataBin(std::string, unsigned char*, unsigned int*);
virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
virtual bool VerifySignBin(std::string, const void*, uint32_t, unsigned char*, unsigned int);
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int);
// return : false if encrypt failed
bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId);
@ -165,11 +165,11 @@ SSL_CTX *getCTX();
static int ex_data_ctx_index; //used to pass the peer id in the ssl context
bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */
bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
//bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */
//bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
/* Special Config Loading (backwards compatibility) */
bool loadCertificates(bool &oldFormat, std::map<std::string, std::string> &keyValueMap);
//bool loadCertificates(bool &oldFormat, std::map<std::string, std::string> &keyValueMap);
static AuthSSL *getAuthSSL() throw() // pour obtenir l'instance
{ return instance_ssl; }
@ -190,7 +190,7 @@ X509 * loadX509FromDER(const uint8_t *ptr, uint32_t len);
bool saveX509ToDER(X509 *x509, uint8_t **ptr, uint32_t *len);
/*********** LOCKED Functions ******/
bool locked_FindCert(std::string id, sslcert **cert);
//bool locked_FindCert(std::string id, sslcert **cert);
/* Data */
@ -208,7 +208,7 @@ bool locked_FindCert(std::string id, sslcert **cert);
bool mToSaveCerts;
bool mConfigSaveActive;
std::map<std::string, sslcert *> mCerts;
//std::map<std::string, sslcert *> mCerts;
};

199
libretroshare/src/pqi/p3connmgr.cc
View file

@ -28,6 +28,8 @@
#include "tcponudp/tou.h"
#include "tcponudp/extaddrfinder.h"
#include "util/rsnet.h"
#include "pqi/authgpg.h"
#include "util/rsprint.h"
#include "util/rsdebug.h"
@ -96,12 +98,14 @@ peerAddrInfo::peerAddrInfo()
peerConnectState::peerConnectState()
:id("unknown"),
gpg_id("unknown"),
netMode(RS_NET_MODE_UNKNOWN), visState(RS_VIS_STATE_STD),
lastcontact(0),
connecttype(0),
lastavailable(0),
lastattempt(time(NULL) - MIN_RETRY_PERIOD + MIN_TIME_BETWEEN_NET_RESET + 2), //start connection 2 second after the possible next one net reset
name("nameless"), state(0), actions(0),
name(""), location(""),
state(0), actions(0),
source(0),
inConnAttempt(0)
{
@ -136,7 +140,7 @@ p3ConnectMgr::p3ConnectMgr()
{
/* setup basics of own state */
ownState.id = AuthSSL::getAuthSSL()->OwnId();
ownState.name = AuthSSL::getAuthSSL()->getName(ownState.id);
ownState.name = AuthGPG::getAuthGPG()->getGPGOwnName();
ownState.netMode = RS_NET_MODE_UDP;
//use_extr_addr_finder = true ;
@ -1442,18 +1446,18 @@ void p3ConnectMgr::getFriendList(std::list<std::string> &peers)
}
void p3ConnectMgr::getOthersList(std::list<std::string> &peers)
{
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
/* check for existing */
std::map<std::string, peerConnectState>::iterator it;
for(it = mOthersList.begin(); it != mOthersList.end(); it++)
{
peers.push_back(it->first);
}
return;
}
//void p3ConnectMgr::getOthersList(std::list<std::string> &peers)
//{
// RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
//
// /* check for existing */
// std::map<std::string, peerConnectState>::iterator it;
// for(it = mOthersList.begin(); it != mOthersList.end(); it++)
// {
// peers.push_back(it->first);
// }
// return;
//}
@ -1984,7 +1988,7 @@ void p3ConnectMgr::peerConnectRequest(std::string id, struct sockaddr_in radd
/*******************************************************************/
/*******************************************************************/
bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState, time_t lastContact)
bool p3ConnectMgr::addFriend(std::string id, std::string gpg_id, uint32_t netMode, uint32_t visState, time_t lastContact)
{
/* so three possibilities
* (1) already exists as friend -> do nothing.
@ -1993,7 +1997,7 @@ bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState
*/
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::addFriend() " << id << std::endl;
std::cerr << "p3ConnectMgr::addFriend() " << id << "; gpg_id : " << gpg_id << std::endl;
#endif
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
@ -2009,19 +2013,21 @@ bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState
return true;
}
/* check with the AuthMgr if its authorised */
if (!AuthSSL::getAuthSSL()->isAuthenticated(id))
{
//Authentication is now tested at connection time, we don't store the ssl cert anymore
if (!AuthGPG::getAuthGPG()->isGPGAccepted(gpg_id))
{
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::addFriend() Failed Authentication" << std::endl;
std::cerr << "p3ConnectMgr::addFriend() gpg is not accepted" << std::endl;
#endif
/* no auth */
return false;
}
/* no auth */
return false;
}
/* check if it is in others */
if (mOthersList.end() != (it = mOthersList.find(id)))
{
/* check if it is in others */
// if (mOthersList.end() != (it = mOthersList.find(id)))
if (false)
{
/* (2) in mOthersList -> move over */
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::addFriend() Move from Others" << std::endl;
@ -2057,19 +2063,7 @@ bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState
IndicateConfigChanged(); /**** INDICATE MSG CONFIG CHANGED! *****/
return true;
}
/* get details from AuthMgr */
sslcert detail;
if (!AuthSSL::getAuthSSL()->getCertDetails(id, detail))
{
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::addFriend() Failed to get Details" << std::endl;
#endif
/* ERROR: no details */
return false;
}
}
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::addFriend() Creating New Entry" << std::endl;
@ -2079,7 +2073,8 @@ bool p3ConnectMgr::addFriend(std::string id, uint32_t netMode, uint32_t visState
peerConnectState pstate;
pstate.id = id;
pstate.name = detail.name;
pstate.gpg_id = gpg_id;
pstate.name = AuthGPG::getAuthGPG()->getGPGName(gpg_id);
pstate.state = RS_PEER_S_FRIEND;
pstate.actions = RS_PEER_NEW;
@ -2145,7 +2140,7 @@ bool p3ConnectMgr::addNeighbour(std::string id)
{
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::addNeighbour() " << id << std::endl;
std::cerr << "p3ConnectMgr::addNeighbour() not implemented anymore." << id << std::endl;
#endif
/* so three possibilities
@ -2154,51 +2149,51 @@ bool p3ConnectMgr::addNeighbour(std::string id)
* (3) is non-existant -> create new one.
*/
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
// RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
//
// std::map<std::string, peerConnectState>::iterator it;
// if (mFriendList.end() == mFriendList.find(id))
// {
// /* (1) already exists */
// return false;
// }
//
// if (mOthersList.end() == mOthersList.find(id))
// {
// /* (2) already exists */
// return true;
// }
//
// /* check with the AuthMgr if its valid */
// if (!AuthSSL::getAuthSSL()->isAuthenticated(id))
// {
// /* no auth */
// return false;
// }
//
// /* get details from AuthMgr */
// sslcert detail;
// if (!AuthSSL::getAuthSSL()->getCertDetails(id, detail))
// {
// /* no details */
// return false;
// }
//
// /* create a new entry */
// peerConnectState pstate;
//
// pstate.id = id;
// pstate.name = detail.name;
//
// pstate.state = 0;
// pstate.actions = 0; //RS_PEER_NEW;
// pstate.visState = RS_VIS_STATE_STD;
// pstate.netMode = RS_NET_MODE_UNKNOWN;
//
// /* addr & timestamps -> auto cleared */
// mOthersList[id] = pstate;
std::map<std::string, peerConnectState>::iterator it;
if (mFriendList.end() == mFriendList.find(id))
{
/* (1) already exists */
return false;
}
if (mOthersList.end() == mOthersList.find(id))
{
/* (2) already exists */
return true;
}
/* check with the AuthMgr if its valid */
if (!AuthSSL::getAuthSSL()->isAuthenticated(id))
{
/* no auth */
return false;
}
/* get details from AuthMgr */
sslcert detail;
if (!AuthSSL::getAuthSSL()->getCertDetails(id, detail))
{
/* no details */
return false;
}
/* create a new entry */
peerConnectState pstate;
pstate.id = id;
pstate.name = detail.name;
pstate.state = 0;
pstate.actions = 0; //RS_PEER_NEW;
pstate.visState = RS_VIS_STATE_STD;
pstate.netMode = RS_NET_MODE_UNKNOWN;
/* addr & timestamps -> auto cleared */
mOthersList[id] = pstate;
return true;
return false;
}
/*******************************************************************/
@ -2633,6 +2628,30 @@ bool p3ConnectMgr::setNetworkMode(std::string id, uint32_t netMode)
return false;
}
bool p3ConnectMgr::setLocation(std::string id, std::string location)
{
#ifdef CONN_DEBUG
std::cerr << "p3ConnectMgr::setLocation() called for id : " << id << "; with location " << location << std::endl;
#endif
if (id == AuthSSL::getAuthSSL()->OwnId())
{
ownState.location = location;
return true;
}
RsStackMutex stack(connMtx); /****** STACK LOCK MUTEX *******/
/* check if it is a friend */
std::map<std::string, peerConnectState>::iterator it;
bool isFriend = false;
if (mFriendList.end() == (it = mFriendList.find(id))) {
return false;
} else {
it->second.location = location;
return true;
}
}
bool p3ConnectMgr::setVisState(std::string id, uint32_t visState)
{
if (id == AuthSSL::getAuthSSL()->OwnId())
@ -2792,6 +2811,8 @@ std::list<RsItem *> p3ConnectMgr::saveList(bool &cleanup)
item->clear();
item->pid = getOwnId();
item->gpg_id = ownState.gpg_id;
item->location = ownState.location;
if (ownState.netMode & RS_NET_MODE_TRY_EXT)
{
item->netMode = RS_NET_MODE_EXT;
@ -2828,7 +2849,9 @@ std::list<RsItem *> p3ConnectMgr::saveList(bool &cleanup)
item->clear();
item->pid = it->first;
item->netMode = (it->second).netMode;
item->gpg_id = (it->second).gpg_id;
item->location = (it->second).location;
item->netMode = (it->second).netMode;
item->visState = (it->second).visState;
item->lastContact = (it->second).lastcontact;
item->currentlocaladdr = (it->second).currentlocaladdr;
@ -2913,6 +2936,7 @@ bool p3ConnectMgr::loadList(std::list<RsItem *> load)
#endif
/* add ownConfig */
setOwnNetConfig(pitem->netMode, pitem->visState);
ownState.gpg_id = AuthGPG::getAuthGPG()->getGPGOwnId();
}
else
{
@ -2922,8 +2946,9 @@ bool p3ConnectMgr::loadList(std::list<RsItem *> load)
std::cerr << std::endl;
#endif
/* ************* */
addFriend(pitem->pid, pitem->netMode, pitem->visState, pitem->lastContact);
addFriend(pitem->pid, pitem->gpg_id, pitem->netMode, pitem->visState, pitem->lastContact);
}
setLocation(pitem->pid, pitem->location);
setLocalAddress(pitem->pid, pitem->currentlocaladdr);
setExtAddress(pitem->pid, pitem->currentremoteaddr);
setAddressList(pitem->pid, pitem->ipAddressList);

20
libretroshare/src/pqi/p3connmgr.h
View file

@ -135,7 +135,8 @@ class peerConnectState
public:
peerConnectState(); /* init */
std::string id;
std::string id;
std::string gpg_id;
uint32_t netMode; /* EXT / UPNP / UDP / INVALID */
uint32_t visState; /* STD, GRAY, DARK */
@ -167,6 +168,7 @@ class peerConnectState
time_t lastattempt;
std::string name;
std::string location;
uint32_t state;
uint32_t actions;
@ -231,11 +233,13 @@ bool setAddressList(std::string id, std::list<IpAddressTimed> IpAddressTimedL
bool setNetworkMode(std::string id, uint32_t netMode);
bool setVisState(std::string id, uint32_t visState);
bool setLocation(std::string pid, std::string location);//location is shown in the gui to differentiate ssl certs
/* add/remove friends */
bool addFriend(std::string id, uint32_t netMode = RS_NET_MODE_UDP,
bool addFriend(std::string ssl_id, std::string gpg_id, uint32_t netMode = RS_NET_MODE_UDP,
uint32_t visState = RS_VIS_STATE_STD , time_t lastContact = 0);
bool removeFriend(std::string);
bool removeFriend(std::string ssl_id);
bool addNeighbour(std::string);
/*************** External Control ****************/
@ -244,14 +248,14 @@ bool addNeighbour(std::string);
const std::string getOwnId();
bool getOwnNetStatus(peerConnectState &state);
bool isFriend(std::string id);
bool isOnline(std::string id);
bool isFriend(std::string ssl_id);
bool isOnline(std::string ssl_id);
bool getFriendNetStatus(std::string id, peerConnectState &state);
bool getOthersNetStatus(std::string id, peerConnectState &state);
void getOnlineList(std::list<std::string> &peers);
void getFriendList(std::list<std::string> &peers);
void getOthersList(std::list<std::string> &peers);
void getOnlineList(std::list<std::string> &ssl_peers);
void getFriendList(std::list<std::string> &ssl_peers);
//void getOthersList(std::list<std::string> &peers); /deprecated
/**************** handle monitors *****************/

59
libretroshare/src/pqi/pqissl.cc
View file

@ -109,16 +109,6 @@ pqissl::pqissl(pqissllistener *l, PQInterface *parent, p3ConnectMgr *cm)
rslog(RSL_ALERT, pqisslzone, out.str());
}
if (!(AuthSSL::getAuthSSL()->isAuthenticated(PeerId())))
{
rslog(RSL_ALERT, pqisslzone,
"pqissl::Warning Certificate Not Approved!");
rslog(RSL_ALERT, pqisslzone,
"\t pqissl will not initialise....");
}
return;
}
@ -1081,14 +1071,14 @@ int pqissl::Extract_Failed_SSL_Certificate()
}
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Extract_Failed_SSL_Certificate() Have Peer Cert - Registering");
"pqissl::Extract_Failed_SSL_Certificate() Have Peer Cert - (Not) Registering (anymore)");
// save certificate... (and ip locations)
// false for outgoing....
// we actually connected to remote_addr,
// which could be
// (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
AuthSSL::getAuthSSL()->FailedCertificate(peercert, false);
//AuthSSL::getAuthSSL()->FailedCertificate(peercert, false);
return 1;
}
@ -1138,33 +1128,36 @@ int pqissl::Authorise_SSL_Connection()
rslog(RSL_DEBUG_BASIC, pqisslzone,
"pqissl::Authorise_SSL_Connection() Have Peer Cert");
accept(ssl_connection, sockfd, remote_addr);
return 1;
// save certificate... (and ip locations)
// false for outgoing....
// we actually connected to remote_addr,
// which could be
// (pqissl's case) sslcert->serveraddr or sslcert->localaddr.
bool certCorrect = false;
certCorrect = AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
// check it's the right one.
if (certCorrect)
{
// then okay...
std::ostringstream out;
out << "pqissl::Authorise_SSL_Connection() Accepting Conn. Peer: " << PeerId();
rslog(RSL_WARNING, pqisslzone, out.str());
accept(ssl_connection, sockfd, remote_addr);
return 1;
}
{
std::ostringstream out;
out << "pqissl::Authorise_SSL_Connection() Something Wrong ... ";
out << " Shutdown. Peer: " << PeerId();
rslog(RSL_WARNING, pqisslzone, out.str());
}
// bool certCorrect = false;
// certCorrect = AuthSSL::getAuthSSL()->CheckCertificate(PeerId(), peercert);
//
// // check it's the right one.
// if (certCorrect)
// {
// // then okay...
// std::ostringstream out;
// out << "pqissl::Authorise_SSL_Connection() Accepting Conn. Peer: " << PeerId();
// rslog(RSL_WARNING, pqisslzone, out.str());
//
// accept(ssl_connection, sockfd, remote_addr);
// return 1;
// }
//
// {
// std::ostringstream out;
// out << "pqissl::Authorise_SSL_Connection() Something Wrong ... ";
// out << " Shutdown. Peer: " << PeerId();
// rslog(RSL_WARNING, pqisslzone, out.str());
// }
// else shutdown ssl connection.

30
libretroshare/src/pqi/pqissllistener.cc
View file

@ -472,11 +472,11 @@ int pqissllistenbase::Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_
}
pqioutput(PQL_DEBUG_BASIC, pqissllistenzone,
"pqissllistenbase::Extract_Failed_SSL_Certificate() Have Peer Cert - Registering");
"pqissllistenbase::Extract_Failed_SSL_Certificate() Have Peer Cert - (Not) Registering (Anymore)");
// save certificate... (and ip locations)
// false for outgoing....
AuthSSL::getAuthSSL()->FailedCertificate(peercert, true);
//AuthSSL::getAuthSSL()->FailedCertificate(peercert, true);
return 1;
}
@ -683,19 +683,19 @@ int pqissllistener::completeConnection(int fd, SSL *ssl, struct sockaddr_in &rem
return -1;
}
/* Certificate consumed! */
bool certKnown = AuthSSL::getAuthSSL()->CheckCertificate(it->first, peercert);
if (certKnown == false)
{
std::ostringstream out;
out << "Failed Final Check";
out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
out << std::endl;
out << "pqissllistenbase: Will shut it down!" << std::endl;
pqioutput(PQL_WARNING, pqissllistenzone, out.str());
return -1;
}
// /* Certificate consumed! */
// bool certKnown = AuthSSL::getAuthSSL()->CheckCertificate(it->first, peercert);
//
// if (certKnown == false)
// {
// std::ostringstream out;
// out << "Failed Final Check";
// out << " for Connection:" << inet_ntoa(remote_addr.sin_addr);
// out << std::endl;
// out << "pqissllistenbase: Will shut it down!" << std::endl;
// pqioutput(PQL_WARNING, pqissllistenzone, out.str());
// return -1;
// }
pqissl *pqis = it -> second;

12
libretroshare/src/pqi/pqissltunnel.cc
View file

@ -102,12 +102,12 @@ pqissltunnel::pqissltunnel(PQInterface *parent, p3ConnectMgr *cm)
rslog(RSL_ALERT, pqisslzone, out.str());
}
if (!(AuthSSL::getAuthSSL()->isAuthenticated(PeerId()))) {
rslog(RSL_ALERT, pqisslzone,
"pqissltunnel::Warning Certificate Not Approved!");
rslog(RSL_ALERT, pqisslzone,
"\t pqissltunnel will not initialise....");
}
// if (!(AuthSSL::getAuthSSL()->isAuthenticated(PeerId()))) {
// rslog(RSL_ALERT, pqisslzone,
// "pqissltunnel::Warning Certificate Not Approved!");
// rslog(RSL_ALERT, pqisslzone,
// "\t pqissltunnel will not initialise....");
// }
mP3tunnel = mConnMgr->getP3tunnel();
current_data_offset = 0;
curent_data_packet.length = 0;

48
libretroshare/src/rsiface/rspeers.h
View file

@ -39,9 +39,10 @@ class RsPeers;
extern RsPeers *rsPeers;
/* Trust Levels */
const uint32_t RS_TRUST_LVL_UNKNOWN = 0x0001;
const uint32_t RS_TRUST_LVL_MARGINAL = 0x0002;
const uint32_t RS_TRUST_LVL_GOOD = 0x0003;
const uint32_t RS_TRUST_LVL_NONE = 2;
const uint32_t RS_TRUST_LVL_MARGINAL = 3;
const uint32_t RS_TRUST_LVL_FULL = 4;
const uint32_t RS_TRUST_LVL_ULTIMATE = 5;
/* Net Mode */
@ -78,6 +79,7 @@ class RsPeerDetails
/* Auth details */
bool isOnlyGPGdetail;
std::string id;
std::string gpg_id;
std::string name;
std::string email;
std::string location;
@ -95,6 +97,8 @@ class RsPeerDetails
bool ownsign; /* we have signed the remote peer GPG key */
bool hasSignedMe; /* the remote peer has signed my GPG key */
bool accept_connection;
/* Network details (only valid if friend) */
uint32_t state;
@ -132,30 +136,33 @@ virtual std::string getOwnId() = 0;
virtual bool getOnlineList(std::list<std::string> &ssl_ids) = 0;
virtual bool getFriendList(std::list<std::string> &ssl_ids) = 0;
virtual bool getOthersList(std::list<std::string> &ssl_ids) = 0;
//virtual bool getOthersList(std::list<std::string> &ssl_ids) = 0;
virtual bool isOnline(std::string ssl_id) = 0;
virtual bool isFriend(std::string ssl_id) = 0;
virtual std::string getPeerName(std::string ssl_id) = 0;
virtual std::string getPeerPGPName(std::string ssl_id) = 0;
virtual bool isGPGAccepted(std::string gpg_id_is_friend) = 0; //
virtual std::string getPeerName(std::string ssl_or_gpg_id) = 0;
virtual std::string getGPGName(std::string gpg_id) = 0;
virtual bool getPeerDetails(std::string ssl_or_gpg_id, RsPeerDetails &d) = 0; //get Peer detail accept SSL and PGP certs
/* Using PGP Ids */
virtual std::string getPGPOwnId() = 0;
virtual std::string getPGPId(std::string ssl_id) = 0;
virtual bool getPGPAcceptedList(std::list<std::string> &gpg_ids) = 0;
virtual bool getPGPSignedList(std::list<std::string> &gpg_ids) = 0;//friends that we accpet to connect with but we don't want to sign their gpg key
virtual bool getPGPValidList(std::list<std::string> &gpg_ids) = 0;
virtual bool getPGPAllList(std::list<std::string> &gpg_ids) = 0;
virtual bool getPGPDetails(std::string gpg_id, RsPeerDetails &d) = 0;
virtual std::string getGPGOwnId() = 0;
virtual std::string getGPGId(std::string ssl_id) = 0;
virtual bool getGPGAcceptedList(std::list<std::string> &gpg_ids) = 0;
virtual bool getGPGSignedList(std::list<std::string> &gpg_ids) = 0;//friends that we accpet to connect with but we don't want to sign their gpg key
virtual bool getGPGValidList(std::list<std::string> &gpg_ids) = 0;
virtual bool getGPGAllList(std::list<std::string> &gpg_ids) = 0;
virtual bool getGPGDetails(std::string gpg_id, RsPeerDetails &d) = 0;
virtual bool getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids) = 0;
/* Add/Remove Friends */
virtual bool addFriend(std::string id) = 0;
virtual bool addFriend(std::string ssl_id, std::string gpg_id) = 0;
virtual bool addDummyFriend(std::string gpg_id) = 0; //we want to add a empty ssl friend for this gpg id
virtual bool removeFriend(std::string id) = 0;
/* Network Stuff */
virtual bool connectAttempt(std::string ssl_id) = 0;
virtual bool setLocation(std::string ssl_id, std::string location) = 0;//location is shown in the gui to differentiate ssl certs
virtual bool setLocalAddress(std::string ssl_id, std::string addr, uint16_t port) = 0;
virtual bool setExtAddress( std::string ssl_id, std::string addr, uint16_t port) = 0;
virtual bool setNetworkMode(std::string ssl_id, uint32_t netMode) = 0;
@ -170,13 +177,14 @@ virtual bool getAllowTunnelConnection() = 0 ;
/* Auth Stuff */
virtual std::string GetRetroshareInvite() = 0;
virtual bool LoadCertificateFromFile(std::string fname, std::string &id) = 0;
virtual bool LoadCertificateFromString(std::string cert, std::string &id) = 0;
virtual bool SaveCertificateToFile(std::string id, std::string fname) = 0;
virtual std::string SaveCertificateToString(std::string id) = 0;
virtual bool loadCertificateFromFile(std::string fname, std::string &id, std::string &gpg_id) = 0;
virtual bool loadDetailsFromStringCert(std::string cert, RsPeerDetails &pd) = 0;
virtual bool saveCertificateToFile(std::string id, std::string fname) = 0;
virtual std::string saveCertificateToString(std::string id) = 0;
virtual bool SignGPGCertificate(std::string gpg_id) = 0;
virtual bool TrustGPGCertificate(std::string gpg_id, uint32_t trustlvl) = 0;
virtual bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance) = 0;
virtual bool signGPGCertificate(std::string gpg_id) = 0;
virtual bool trustGPGCertificate(std::string gpg_id, uint32_t trustlvl) = 0;
};

7
libretroshare/src/rsserver/p3face-config.cc
View file

@ -30,6 +30,7 @@
#include <iostream>
#include <sstream>
#include "pqi/authssl.h"
#include "pqi/authgpg.h"
#include "util/rsdebug.h"
const int p3facemsgzone = 11453;
@ -104,9 +105,9 @@ int RsServer::UpdateAllConfig()
RsConfig &config = iface.mConfig;
config.ownId = AuthSSL::getAuthSSL()->OwnId();
config.ownName = AuthSSL::getAuthSSL()->getName(config.ownId);
config.ownName = AuthGPG::getAuthGPG()->getGPGOwnName();
peerConnectState pstate;
mConnMgr->getOwnNetStatus(pstate);
mConnMgr->getOwnNetStatus(pstate);
/* ports */
config.localAddr = inet_ntoa(pstate.currentlocaladdr.sin_addr);
@ -157,7 +158,7 @@ void RsServer::ConfigFinalSave()
/* force saving of transfers TODO */
//ftserver->saveFileTransferStatus();
AuthSSL::getAuthSSL()->FinalSaveCertificates();
//AuthSSL::getAuthSSL()->FinalSaveCertificates();
mConfigMgr->completeConfiguration();
}

2
libretroshare/src/rsserver/p3face-server.cc
View file

@ -245,7 +245,7 @@ void RsServer::run()
//ftserver->saveFileTransferStatus();
/* see if we need to resave certs */
AuthSSL::getAuthSSL()->CheckSaveCertificates();
//AuthSSL::getAuthSSL()->CheckSaveCertificates();
/* hour loop */
if (++min >= 60)

4
libretroshare/src/rsserver/p3msgs.cc
View file

@ -42,7 +42,7 @@ const int p3facemsgzone = 11453;
#include "services/p3msgservice.h"
#include "services/p3chatservice.h"
#include "pqi/authssl.h"
#include "pqi/authgpg.h"
/* external reference point */
RsMsgs *rsMsgs = NULL;
@ -156,7 +156,7 @@ bool p3Msgs::getNewChat(std::list<ChatInfo> &chats)
void p3Msgs::initRsChatInfo(RsChatMsgItem *c, ChatInfo &i)
{
i.rsid = c -> PeerId();
i.name = AuthSSL::getAuthSSL()->getName(i.rsid);
i.name = rsPeers->getPeerName(c -> PeerId());
i.chatflags = 0 ;
i.msg = c -> message;

361
libretroshare/src/rsserver/p3peers.cc
View file

@ -62,7 +62,6 @@ std::string RsPeerTrustString(uint32_t trustLvl)
std::string str;
#ifdef RS_USE_PGPSSL
switch(trustLvl)
{
default:
@ -86,21 +85,6 @@ std::string RsPeerTrustString(uint32_t trustLvl)
break;
}
return str;
#endif
if (trustLvl == RS_TRUST_LVL_GOOD)
{
str = "Good";
}
else if (trustLvl == RS_TRUST_LVL_MARGINAL)
{
str = "Marginal";
}
else
{
str = "No Trust";
}
return str;
}
@ -230,17 +214,17 @@ bool p3Peers::getFriendList(std::list<std::string> &ids)
return true;
}
bool p3Peers::getOthersList(std::list<std::string> &ids)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getOthersList()";
std::cerr << std::endl;
#endif
/* get from mAuthMgr */
AuthSSL::getAuthSSL()->getAllList(ids);
return true;
}
//bool p3Peers::getOthersList(std::list<std::string> &ids)
//{
//#ifdef P3PEERS_DEBUG
// std::cerr << "p3Peers::getOthersList()";
// std::cerr << std::endl;
//#endif
//
// /* get from mAuthMgr */
// AuthSSL::getAuthSSL()->getAllList(ids);
// return true;
//}
bool p3Peers::isOnline(std::string id)
{
@ -295,65 +279,36 @@ bool p3Peers::getPeerDetails(std::string id, RsPeerDetails &d)
std::cerr << "p3Peers::getPeerDetails() called for id : " << id << std::endl;
#endif
//first, check if it's a gpg or a ssl id.
if (AuthSSL::getAuthSSL()->getGPGId(id) == "") {
//assume is not SSL, because every ssl_id has got a pgp_id
peerConnectState pcs;
if (id != AuthSSL::getAuthSSL()->OwnId() && !mConnMgr->getFriendNetStatus(id, pcs)) {
//assume is not SSL, because every ssl_id has got a friend correspondance in mConnMgr
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getPeerDetails() got a gpg id and is returning GPG details only for id : " << id << std::endl;
#endif
d.isOnlyGPGdetail = true;
return this->getPGPDetails(id, d);
return this->getGPGDetails(id, d);
}
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getPeerDetails() got a SSL id and is returning SSL and GPG details for id : " << id << std::endl;
#endif
if (id == AuthSSL::getAuthSSL()->OwnId())
{
mConnMgr->getOwnNetStatus(pcs);
}
/* get from gpg (first), to fill in the sign and trust details */
/* don't retrun now, we've got fill in the ssl and connection info */
this->getPGPDetails(AuthSSL::getAuthSSL()->getGPGId(id), d);
this->getGPGDetails(pcs.gpg_id, d);
d.isOnlyGPGdetail = false;
//get the ssl details
sslcert authDetail;
if (!AuthSSL::getAuthSSL()->getCertDetails(id, authDetail)) {
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getPeerDetails() got no SSL details, is returning." << std::endl;
#endif
return false;
}
d.fpr = authDetail.fpr;
d.id = authDetail.id;
//d.name = authDetail.name;
//d.email = authDetail.email;
d.location = authDetail.location;
d.org = authDetail.org;
d.issuer = authDetail.issuer;
d.id = id;
d.location = pcs.location;
/* generate */
d.authcode = "AUTHCODE";
/* get from mConnectMgr */
peerConnectState pcs;
if (id == AuthSSL::getAuthSSL()->OwnId())
{
mConnMgr->getOwnNetStatus(pcs);
}
else if (!mConnMgr->getFriendNetStatus(id, pcs))
{
if (!mConnMgr->getOthersNetStatus(id, pcs))
{
/* fill in blank data */
d.localPort = 0;
d.extPort = 0;
d.lastConnect = 0;
d.connectPeriod = 0;
d.state = 0;
d.netMode = 0;
return true;
}
}
//TODO : check use of this details
// From all addresses, show the most recent one if no address is currently in use.
@ -476,36 +431,53 @@ bool p3Peers::getPeerDetails(std::string id, RsPeerDetails &d)
}
std::string p3Peers::getPeerPGPName(std::string id)
std::string p3Peers::getGPGName(std::string gpg_id)
{
/* get from mAuthMgr as it should have more peers? */
return AuthSSL::getAuthSSL()->getIssuerName(id);
return AuthGPG::getAuthGPG()->getGPGName(gpg_id);
}
std::string p3Peers::getPeerName(std::string id)
bool p3Peers::isGPGAccepted(std::string gpg_id_is_friend)
{
/* get from mAuthMgr as it should have more peers? */
return AuthGPG::getAuthGPG()->isGPGAccepted(gpg_id_is_friend);
}
std::string p3Peers::getPeerName(std::string ssl_or_gpg_id)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getPeerName() " << id;
std::cerr << "p3Peers::getPeerName() " << ssl_or_gpg_id;
std::cerr << std::endl;
#endif
std::string name;
if (ssl_or_gpg_id == AuthSSL::getAuthSSL()->OwnId()) {
return AuthGPG::getAuthGPG()->getGPGOwnName();
}
peerConnectState pcs;
if (mConnMgr->getFriendNetStatus(ssl_or_gpg_id, pcs)) {
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getPeerName() got a ssl id. Name is : " << pcs.name;
std::cerr << std::endl;
#endif
return pcs.name;
}
/* get from mAuthMgr as it should have more peers? */
return AuthSSL::getAuthSSL()->getName(id);
return AuthGPG::getAuthGPG()->getGPGName(ssl_or_gpg_id);
}
bool p3Peers::getPGPAllList(std::list<std::string> &ids)
bool p3Peers::getGPGAllList(std::list<std::string> &ids)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getPGPOthersList()";
std::cerr << std::endl;
std::cerr << "p3Peers::getGPGAllList()";
std::cerr << std::endl;
#endif
/* get from mAuthMgr */
AuthGPG::getAuthGPG()->getPGPAllList(ids);
return true;
/* get from mAuthMgr */
AuthGPG::getAuthGPG()->getGPGAllList(ids);
return true;
}
bool p3Peers::getPGPValidList(std::list<std::string> &ids)
bool p3Peers::getGPGValidList(std::list<std::string> &ids)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getPGPOthersList()";
@ -513,11 +485,11 @@ bool p3Peers::getPGPValidList(std::list<std::string> &ids)
#endif
/* get from mAuthMgr */
AuthGPG::getAuthGPG()->getPGPValidList(ids);
AuthGPG::getAuthGPG()->getGPGValidList(ids);
return true;
}
bool p3Peers::getPGPSignedList(std::list<std::string> &ids)
bool p3Peers::getGPGSignedList(std::list<std::string> &ids)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getPGPOthersList()";
@ -525,11 +497,11 @@ bool p3Peers::getPGPSignedList(std::list<std::string> &ids)
#endif
/* get from mAuthMgr */
AuthGPG::getAuthGPG()->getPGPSignedList(ids);
AuthGPG::getAuthGPG()->getGPGSignedList(ids);
return true;
}
bool p3Peers::getPGPAcceptedList(std::list<std::string> &ids)
bool p3Peers::getGPGAcceptedList(std::list<std::string> &ids)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getPGPOthersList()";
@ -537,7 +509,7 @@ bool p3Peers::getPGPAcceptedList(std::list<std::string> &ids)
#endif
//TODO implement an additional list of GPG keys that are accepted even if not signed
AuthGPG::getAuthGPG()->getPGPSignedList(ids);
AuthGPG::getAuthGPG()->getGPGAcceptedList(ids);
return true;
}
@ -547,11 +519,28 @@ bool p3Peers::getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string>
std::cerr << "p3Peers::getSSLChildListOfGPGId() for id : " << gpg_id;
std::cerr << std::endl;
#endif
return AuthSSL::getAuthSSL()->getSSLChildListOfGPGId(gpg_id, ids);;
ids.clear();
if (gpg_id == "" ) {
return false;
}
//let's roll throush the friends
std::list<std::string> friendsIds;
mConnMgr->getFriendList(friendsIds);
peerConnectState pcs;
for (std::list<std::string>::iterator it = friendsIds.begin(); it != friendsIds.end(); it++) {
mConnMgr->getFriendNetStatus(*it, pcs);
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getSSLChildListOfGPGId() iterating over friends status :id : " << gpg_id;
std::cerr << std::endl;
#endif
if (mConnMgr->getFriendNetStatus(*it, pcs) && pcs.gpg_id == gpg_id) {
ids.push_back(pcs.id);
}
}
return true;
}
bool p3Peers::getPGPDetails(std::string id, RsPeerDetails &d)
bool p3Peers::getGPGDetails(std::string id, RsPeerDetails &d)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getPgpDetails() called for id : " << id;
@ -559,10 +548,10 @@ bool p3Peers::getPGPDetails(std::string id, RsPeerDetails &d)
#endif
/* get from mAuthMgr */
return AuthGPG::getAuthGPG()->getPGPDetails(id, d);
return AuthGPG::getAuthGPG()->getGPGDetails(id, d);
}
std::string p3Peers::getPGPOwnId()
std::string p3Peers::getGPGOwnId()
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getPGPOwnId()";
@ -570,10 +559,10 @@ std::string p3Peers::getPGPOwnId()
#endif
/* get from mAuthMgr */
return AuthGPG::getAuthGPG()->PGPOwnId();
return AuthGPG::getAuthGPG()->getGPGOwnId();
}
std::string p3Peers::getPGPId(std::string ssl_id)
std::string p3Peers::getGPGId(std::string ssl_id)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::getPGPId()";
@ -581,20 +570,39 @@ std::string p3Peers::getPGPId(std::string ssl_id)
#endif
/* get from mAuthMgr */
return AuthSSL::getAuthSSL()->getGPGId(ssl_id);
if (ssl_id == AuthSSL::getAuthSSL()->OwnId()) {
return AuthGPG::getAuthGPG()->getGPGOwnId();
}
peerConnectState pcs;
if (mConnMgr->getFriendNetStatus(ssl_id, pcs)) {
return pcs.gpg_id;
} else {
return "";
}
}
/* Add/Remove Friends */
bool p3Peers::addFriend(std::string id)
bool p3Peers::addFriend(std::string id, std::string gpg_id)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::addFriend() " << id;
std::cerr << std::endl;
std::cerr << "p3Peers::addFriend() with : id : " << id << "; gpg_id : " << gpg_id << std::endl;
#endif
if (id == gpg_id) {
return addDummyFriend(gpg_id);
} else {
return mConnMgr->addFriend(id, gpg_id);
}
}
bool p3Peers::addDummyFriend(std::string gpg_id)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::addDummyFriend() not implemented yet" << std::endl;
#endif
return mConnMgr->addFriend(id);
return false;
}
bool p3Peers::removeFriend(std::string id)
@ -670,6 +678,15 @@ bool p3Peers::setLocalAddress(std::string id, std::string addr_str, uint16_t po
return false;
}
bool p3Peers::setLocation(std::string ssl_id, std::string location)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::setLocation() " << ssl_id;
std::cerr << std::endl;
#endif
return mConnMgr->setLocation(ssl_id, location);
}
bool p3Peers::setExtAddress(std::string id, std::string addr_str, uint16_t port)
{
#ifdef P3PEERS_DEBUG
@ -759,10 +776,10 @@ p3Peers::GetRetroshareInvite()
std::cerr << std::endl;
std::string ownId = AuthSSL::getAuthSSL()->OwnId();
std::string certstr = AuthSSL::getAuthSSL()->SaveCertificateToString(ownId);
std::string name = AuthSSL::getAuthSSL()->getName(ownId);
std::string certstr = AuthSSL::getAuthSSL()->SaveOwnCertificateToString();
std::string name = AuthGPG::getAuthGPG()->getGPGOwnName();
std::string pgpownId = AuthGPG::getAuthGPG()->PGPOwnId();
std::string pgpownId = AuthGPG::getAuthGPG()->getGPGOwnId();
std::string pgpcertstr = AuthGPG::getAuthGPG()->SaveCertificateToString(pgpownId);
std::cerr << "p3Peers::GetRetroshareInvite() SSL Cert:";
@ -785,14 +802,14 @@ p3Peers::GetRetroshareInvite()
//===========================================================================
bool p3Peers::LoadCertificateFromFile(std::string fname, std::string &id)
bool p3Peers::loadCertificateFromFile(std::string fname, std::string &id, std::string &gpg_id)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::LoadCertificateFromFile() ";
std::cerr << "p3Peers::LoadCertificateFromFile() not implemented yet";
std::cerr << std::endl;
#endif
return AuthSSL::getAuthSSL()->LoadCertificateFromFile(fname, id);
return false;
}
@ -840,7 +857,7 @@ bool splitCerts(std::string in, std::string &sslcert, std::string &pgpcert)
bool p3Peers::LoadCertificateFromString(std::string cert, std::string &id)
bool p3Peers::loadDetailsFromStringCert(std::string cert, RsPeerDetails &pd)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::LoadCertificateFromString() ";
@ -849,76 +866,112 @@ bool p3Peers::LoadCertificateFromString(std::string cert, std::string &id)
std::string sslcert;
std::string pgpcert;
bool ret = false;
if (splitCerts(cert, sslcert, pgpcert))
{
if (pgpcert != "")
{
std::cerr << "pgpcert .... " << std::endl;
std::cerr << pgpcert << std::endl;
bool retGPG = false;
bool retSSL = false;
std::string gpg_id_from_gpg_cert;
std::string gpg_id_from_ssl_cert;
splitCerts(cert, sslcert, pgpcert);
ret = AuthGPG::getAuthGPG()->LoadCertificateFromString(pgpcert);
}
if (sslcert != "")
{
std::cerr << "sslcert .... " << std::endl;
std::cerr << sslcert << std::endl;
if (pgpcert != "") {
std::cerr << "p3Peers::LoadDetailsFromStringCert() pgpcert .... " << std::endl;
std::cerr << pgpcert << std::endl;
std::string gpg_id;
AuthGPG::getAuthGPG()->LoadCertificateFromString(pgpcert, gpg_id);
retGPG = AuthGPG::getAuthGPG()->getGPGDetails(gpg_id, pd);
gpg_id_from_gpg_cert = pd.gpg_id;
}
if (sslcert != "") {
std::cerr << "p3Peers::LoadDetailsFromStringCert() sslcert .... " << std::endl;
std::cerr << sslcert << std::endl;
retSSL = AuthSSL::getAuthSSL()->LoadDetailsFromStringCert(sslcert, pd);
gpg_id_from_ssl_cert = pd.gpg_id;
}
ret = AuthSSL::getAuthSSL()->LoadCertificateFromString(sslcert, id);
}
}
return ret;
if (retGPG && retSSL) {
//check that the ssl_id and gpg_id are corresponding
if (gpg_id_from_gpg_cert != gpg_id_from_ssl_cert) {
std::cerr << "p3Peers::LoadDetailsFromStringCert() gpgCert and slCert are not corresponding. Load failed." << std::endl;
return false;
}
}
return retGPG || retSSL;
}
bool p3Peers::SaveCertificateToFile(std::string id, std::string fname)
bool p3Peers::saveCertificateToFile(std::string id, std::string fname)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::SaveCertificateToFile() " << id;
std::cerr << "p3Peers::SaveCertificateToFile() not implemented yet " << id;
std::cerr << std::endl;
#endif
ensureExtension(fname, "pqi");
return AuthSSL::getAuthSSL()->SaveCertificateToFile(id, fname);
// ensureExtension(fname, "pqi");
//
// return AuthSSL::getAuthSSL()->SaveCertificateToFile(id, fname);
return false;
}
std::string p3Peers::SaveCertificateToString(std::string id)
std::string p3Peers::saveCertificateToString(std::string id)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::SaveCertificateToString() " << id;
std::cerr << std::endl;
#endif
return AuthSSL::getAuthSSL()->SaveCertificateToString(id);
if (id == AuthSSL::getAuthSSL()->OwnId()) {
return AuthSSL::getAuthSSL()->SaveOwnCertificateToString();
} else {
return "";
}
}
bool p3Peers::SignGPGCertificate(std::string id)
bool p3Peers::signGPGCertificate(std::string id)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::SignCertificate() " << id;
std::cerr << std::endl;
#endif
return AuthGPG::getAuthGPG()->SignCertificateLevel0(id);
if (AuthGPG::getAuthGPG()->SignCertificateLevel0(id)) {
//by default, set the GPG to accept connection
AuthGPG::getAuthGPG()->setAcceptToConnectGPGCertificate(id, true);
return true;
}
return false;
}
bool p3Peers::TrustGPGCertificate(std::string id, uint32_t trustlvl)
bool p3Peers::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::setAcceptToConnectGPGCertificate() called with gpg_id : " << gpg_id << ", acceptance : " << acceptance << std::endl;
#endif
if (gpg_id != "" && acceptance == false) {
//remove the friends from the connect manager
std::list<std::string> sslFriends;
this->getSSLChildListOfGPGId(gpg_id, sslFriends);
for (std::list<std::string>::iterator it = sslFriends.begin(); it != sslFriends.end(); it++) {
mConnMgr->removeFriend(*it);
}
return AuthGPG::getAuthGPG()->setAcceptToConnectGPGCertificate(gpg_id, acceptance);
}
return AuthGPG::getAuthGPG()->setAcceptToConnectGPGCertificate(gpg_id, acceptance);
}
bool p3Peers::trustGPGCertificate(std::string id, uint32_t trustlvl)
{
#ifdef P3PEERS_DEBUG
std::cerr << "p3Peers::TrustCertificate() " << id;
std::cerr << std::endl;
#endif
//check if we've got a ssl or gpg id
if (AuthSSL::getAuthSSL()->getGPGId(id) == "") {
if (getGPGId(id) == "") {
//if no result then it must be a gpg id
return AuthGPG::getAuthGPG()->TrustCertificate(id, trustlvl);
} else {
return AuthGPG::getAuthGPG()->TrustCertificate(AuthSSL::getAuthSSL()->getGPGId(id), trustlvl);
return AuthGPG::getAuthGPG()->TrustCertificate(getGPGId(id), trustlvl);
}
}
@ -1015,39 +1068,3 @@ std::ostream &operator<<(std::ostream &out, const RsPeerDetails &detail)
return out;
}
/********** TRANSLATION ****/
uint32_t RsPeerTranslateTrust(uint32_t trustLvl)
{
/**************** PQI_USE_XPGP ******************/
#if defined(PQI_USE_XPGP)
switch(trustLvl)
{
case TRUST_SIGN_OWN:
case TRUST_SIGN_TRSTED:
case TRUST_SIGN_AUTHEN:
return RS_TRUST_LVL_GOOD;
break;
case TRUST_SIGN_BASIC:
return RS_TRUST_LVL_MARGINAL;
break;
case TRUST_SIGN_UNTRUSTED:
case TRUST_SIGN_UNKNOWN:
case TRUST_SIGN_NONE:
default:
return RS_TRUST_LVL_UNKNOWN;
break;
}
#else /* X509 Certificates */
/**************** PQI_USE_XPGP ******************/
#endif /* X509 Certificates */
/**************** PQI_USE_XPGP ******************/
return RS_TRUST_LVL_UNKNOWN;
}

40
libretroshare/src/rsserver/p3peers.h
View file

@ -45,30 +45,33 @@ virtual std::string getOwnId();
virtual bool getOnlineList(std::list<std::string> &ids);
virtual bool getFriendList(std::list<std::string> &ids);
virtual bool getOthersList(std::list<std::string> &ids);
//virtual bool getOthersList(std::list<std::string> &ids);
virtual bool isOnline(std::string id);
virtual bool isFriend(std::string id);
virtual std::string getPeerPGPName(std::string pgp_id);
virtual std::string getPeerName(std::string id);
virtual bool isGPGAccepted(std::string gpg_id_is_friend); //
virtual std::string getGPGName(std::string gpg_id);
virtual std::string getPeerName(std::string ssl_or_gpg_id);
virtual bool getPeerDetails(std::string id, RsPeerDetails &d);
/* Using PGP Ids */
virtual std::string getPGPOwnId();
virtual std::string getPGPId(std::string ssl_id);
virtual bool getPGPAcceptedList(std::list<std::string> &ids);
virtual bool getPGPSignedList(std::list<std::string> &ids);
virtual bool getPGPValidList(std::list<std::string> &ids);
virtual bool getPGPAllList(std::list<std::string> &ids);
virtual bool getPGPDetails(std::string id, RsPeerDetails &d);
virtual std::string getGPGOwnId();
virtual std::string getGPGId(std::string ssl_id);
virtual bool getGPGAcceptedList(std::list<std::string> &ids);
virtual bool getGPGSignedList(std::list<std::string> &ids);
virtual bool getGPGValidList(std::list<std::string> &ids);
virtual bool getGPGAllList(std::list<std::string> &ids);
virtual bool getGPGDetails(std::string id, RsPeerDetails &d);
virtual bool getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
/* Add/Remove Friends */
virtual bool addFriend(std::string id);
virtual bool removeFriend(std::string id);
virtual bool addFriend(std::string ssl_id, std::string gpg_id);
virtual bool addDummyFriend(std::string gpg_id); //we want to add a empty ssl friend for this gpg id
virtual bool removeFriend(std::string ssl_id);
/* Network Stuff */
virtual bool connectAttempt(std::string id);
virtual bool setLocation(std::string ssl_id, std::string location);//location is shown in the gui to differentiate ssl certs
virtual bool setLocalAddress(std::string id, std::string addr, uint16_t port);
virtual bool setExtAddress(std::string id, std::string addr, uint16_t port);
virtual bool setNetworkMode(std::string id, uint32_t netMode);
@ -83,13 +86,14 @@ virtual bool getAllowTunnelConnection() ;
/* Auth Stuff */
virtual std::string GetRetroshareInvite();
virtual bool LoadCertificateFromFile(std::string fname, std::string &id);
virtual bool LoadCertificateFromString(std::string cert, std::string &id);
virtual bool SaveCertificateToFile(std::string id, std::string fname);
virtual std::string SaveCertificateToString(std::string id);
virtual bool loadCertificateFromFile(std::string fname, std::string &id, std::string &gpg_id);
virtual bool loadDetailsFromStringCert(std::string cert, RsPeerDetails &pd);
virtual bool saveCertificateToFile(std::string id, std::string fname);
virtual std::string saveCertificateToString(std::string id);
virtual bool SignGPGCertificate(std::string id);
virtual bool TrustGPGCertificate(std::string id, uint32_t trustlvl);
virtual bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance);
virtual bool signGPGCertificate(std::string id);
virtual bool trustGPGCertificate(std::string id, uint32_t trustlvl);
private:

18
libretroshare/src/rsserver/rsinit.cc
View file

@ -765,7 +765,7 @@ static bool checkAccount(std::string accountdir, accountId &id)
/* Generating GPGme Account */
int RsInit::GetPGPLogins(std::list<std::string> &pgpIds) {
AuthGPG::getAuthGPG()->availablePGPCertificatesWithPrivateKeys(pgpIds);
AuthGPG::getAuthGPG()->availableGPGCertificatesWithPrivateKeys(pgpIds);
return 1;
}
@ -774,8 +774,8 @@ int RsInit::GetPGPLoginDetails(std::string id, std::string &name, std::stri
std::cerr << "RsInit::GetPGPLoginDetails for \"" << id << "\"";
std::cerr << std::endl;
name = AuthGPG::getAuthGPG()->getPGPName(id);
email = AuthGPG::getAuthGPG()->getPGPEmail(id);
name = AuthGPG::getAuthGPG()->getGPGName(id);
email = AuthGPG::getAuthGPG()->getGPGEmail(id);
if (name != "") {
return 1;
} else {
@ -1875,7 +1875,7 @@ int RsServer::StartupRetroShare()
AuthSSL::getAuthSSL() -> setConfigDirectories(certConfigFile, certNeighDir);
AuthSSL::getAuthSSL() -> loadCertificates();
//AuthSSL::getAuthSSL() -> loadCertificates();
/**************************************************************************/
/* setup classes / structures */
@ -1888,11 +1888,11 @@ int RsServer::StartupRetroShare()
mConnMgr = new p3ConnectMgr();
AuthSSL::getAuthSSL()->mConnMgr = mConnMgr;
//load all the SSL certs as friends
std::list<std::string> sslIds;
AuthSSL::getAuthSSL()->getAuthenticatedList(sslIds);
for (std::list<std::string>::iterator sslIdsIt = sslIds.begin(); sslIdsIt != sslIds.end(); sslIdsIt++) {
mConnMgr->addFriend(*sslIdsIt);
}
// std::list<std::string> sslIds;
// AuthSSL::getAuthSSL()->getAuthenticatedList(sslIds);
// for (std::list<std::string>::iterator sslIdsIt = sslIds.begin(); sslIdsIt != sslIds.end(); sslIdsIt++) {
// mConnMgr->addFriend(*sslIdsIt);
// }
pqiNetAssistFirewall *mUpnpMgr = new upnphandler();
//p3DhtMgr *mDhtMgr = new OpenDHTMgr(ownId, mConnMgr, RsInitConfig::configDir);

20
libretroshare/src/serialiser/rsconfigitems.cc
View file

@ -729,6 +729,8 @@ RsPeerNetItem::~RsPeerNetItem()
void RsPeerNetItem::clear()
{
pid.clear();
gpg_id.clear();
location.clear();
netMode = 0;
visState = 0;
lastContact = 0;
@ -745,6 +747,12 @@ std::ostream &RsPeerNetItem::print(std::ostream &out, uint16_t indent)
printIndent(out, int_Indent);
out << "PeerId: " << pid << std::endl;
printIndent(out, int_Indent);
out << "GPGid: " << gpg_id << std::endl;
printIndent(out, int_Indent);
out << "location: " << location << std::endl;
printIndent(out, int_Indent);
out << "netMode: " << netMode << std::endl;
@ -772,7 +780,9 @@ uint32_t RsPeerConfigSerialiser::sizeNet(RsPeerNetItem *i)
{
uint32_t s = 8; /* header */
s += GetTlvStringSize(i->pid); /* peerid */
s += 4; /* netMode */
s += GetTlvStringSize(i->gpg_id);
s += GetTlvStringSize(i->location);
s += 4; /* netMode */
s += 4; /* visState */
s += 4; /* lastContact */
s += GetTlvIpAddrPortV4Size(); /* localaddr */
@ -813,7 +823,9 @@ bool RsPeerConfigSerialiser::serialiseNet(RsPeerNetItem *item, void *data, uint3
/* add mandatory parts first */
ok &= SetTlvString(data, tlvsize, &offset, TLV_TYPE_STR_PEERID, item->pid); /* Mandatory */
ok &= setRawUInt32(data, tlvsize, &offset, item->netMode); /* Mandatory */
ok &= SetTlvString(data, tlvsize, &offset, TLV_TYPE_STR_GPGID, item->gpg_id); /* Mandatory */
ok &= SetTlvString(data, tlvsize, &offset, TLV_TYPE_STR_LOCATION, item->location); /* Mandatory */
ok &= setRawUInt32(data, tlvsize, &offset, item->netMode); /* Mandatory */
ok &= setRawUInt32(data, tlvsize, &offset, item->visState); /* Mandatory */
ok &= setRawUInt32(data, tlvsize, &offset, item->lastContact); /* Mandatory */
ok &= SetTlvIpAddrPortV4(data, tlvsize, &offset, TLV_TYPE_IPV4_LOCAL, &(item->currentlocaladdr));
@ -871,7 +883,9 @@ RsPeerNetItem *RsPeerConfigSerialiser::deserialiseNet(void *data, uint32_t *size
/* get mandatory parts first */
ok &= GetTlvString(data, rssize, &offset, TLV_TYPE_STR_PEERID, item->pid); /* Mandatory */
ok &= getRawUInt32(data, rssize, &offset, &(item->netMode)); /* Mandatory */
ok &= GetTlvString(data, rssize, &offset, TLV_TYPE_STR_GPGID, item->gpg_id); /* Mandatory */
ok &= GetTlvString(data, rssize, &offset, TLV_TYPE_STR_LOCATION, item->location); /* Mandatory */
ok &= getRawUInt32(data, rssize, &offset, &(item->netMode)); /* Mandatory */
ok &= getRawUInt32(data, rssize, &offset, &(item->visState)); /* Mandatory */
ok &= getRawUInt32(data, rssize, &offset, &(item->lastContact)); /* Mandatory */
ok &= GetTlvIpAddrPortV4(data, rssize, &offset, TLV_TYPE_IPV4_LOCAL, &(item->currentlocaladdr));

4
libretroshare/src/serialiser/rsconfigitems.h
View file

@ -71,7 +71,9 @@ std::ostream &print(std::ostream &out, uint16_t indent = 0);
/* networking information */
std::string pid; /* Mandatory */
uint32_t netMode; /* Mandatory */
std::string gpg_id; /* Mandatory */
std::string location; /* not Mandatory */
uint32_t netMode; /* Mandatory */
uint32_t visState; /* Mandatory */
uint32_t lastContact; /* Mandatory */

22
libretroshare/src/serialiser/rsdiscitems.cc
View file

@ -369,7 +369,7 @@ void RsDiscReply::clear()
contact_tf = 0;
discFlags = 0;
aboutId.clear();
certDER.TlvClear();
certGPG.clear();
ipAddressList.clear();
}
@ -393,6 +393,12 @@ std::ostream &RsDiscReply::print(std::ostream &out, uint16_t indent)
printIndent(out, int_Indent);
out << "DiscFlags: " << discFlags << std::endl;
printIndent(out, int_Indent);
out << "AboutId: " << aboutId << std::endl;
printIndent(out, int_Indent);
out << "certGPG: " << certGPG << std::endl;
printIndent(out, int_Indent);
out << "IpAddressListSize: " << ipAddressList.size() << std::endl;
@ -403,10 +409,6 @@ std::ostream &RsDiscReply::print(std::ostream &out, uint16_t indent)
out << inet_ntoa(ipListIt->ipAddr.sin_addr) << ":" << ntohs(ipListIt->ipAddr.sin_port) << " seenTime : " << ipListIt->seenTime << std::endl;
}
printIndent(out, int_Indent);
out << "AboutId: " << aboutId << std::endl;
certDER.print(out, int_Indent);
printRsItemEnd(out, "RsDiscReply", indent);
return out;
}
@ -420,7 +422,7 @@ uint32_t RsDiscSerialiser::sizeReply(RsDiscReply *item)
s += 2; /* connect_tr */
s += 4; /* discFlags */
s += GetTlvStringSize(item->aboutId);
s += item->certDER.TlvSize();
s += GetTlvStringSize(item->certGPG);
s += 4; /* ipaddress list size */
//add the size of the ip list
@ -448,7 +450,7 @@ bool RsDiscSerialiser::serialiseReply(RsDiscReply *item, void *data, uint32_
#ifdef RSSERIAL_DEBUG
std::cerr << "RsDiscSerialiser::serialiseReply() Header: " << ok << std::endl;
std::cerr << "RsDiscSerialiser::serialiseReply() Size: " << tlvsize << std::endl;
std::cerr << "RsDiscSerialiser::serialiseReply() Size: " << tlvsize << std::endl;
#endif
/* skip the header */
@ -462,7 +464,7 @@ bool RsDiscSerialiser::serialiseReply(RsDiscReply *item, void *data, uint32_
ok &= SetTlvString(data, tlvsize, &offset, TLV_TYPE_STR_PEERID, item->aboutId);
ok &= item->certDER.SetTlv(data, tlvsize, &offset);
ok &= SetTlvString(data, tlvsize, &offset, TLV_TYPE_STR_CERT_GPG, item->certGPG);
ok &= setRawUInt32(data, tlvsize, &offset, item->ipAddressList.size());
@ -533,7 +535,9 @@ RsDiscReply *RsDiscSerialiser::deserialiseReply(void *data, uint32_t *pktsize)
ok &= GetTlvString(data, rssize, &offset,
TLV_TYPE_STR_PEERID, item->aboutId);
ok &= item->certDER.GetTlv(data, rssize, &offset);
ok &= GetTlvString(data, rssize, &offset,
TLV_TYPE_STR_CERT_GPG, item->certGPG);
uint32_t listSize;
ok &= getRawUInt32(data, rssize, &offset, &listSize);

5
libretroshare/src/serialiser/rsdiscitems.h
View file

@ -77,8 +77,7 @@ class RsDiscReply: public RsDiscItem
public:
RsDiscReply()
:RsDiscItem(RS_PKT_SUBTYPE_DISC_REPLY),
certDER(TLV_TYPE_CERT_XPGP_DER)
:RsDiscItem(RS_PKT_SUBTYPE_DISC_REPLY)
{ return; }
virtual ~RsDiscReply();
@ -99,7 +98,7 @@ virtual std::ostream &print(std::ostream &out, uint16_t indent = 0);
uint32_t discFlags;
std::string aboutId;
RsTlvBinaryData certDER;
std::string certGPG;
};
class RsDiscIssuer: public RsDiscItem

3
libretroshare/src/serialiser/rstlvbase.h
View file

@ -130,6 +130,9 @@ const uint16_t TLV_TYPE_STR_MSG = 0x0057;
const uint16_t TLV_TYPE_STR_SUBJECT = 0x0058;
const uint16_t TLV_TYPE_STR_LINK = 0x0059;
const uint16_t TLV_TYPE_STR_GENID = 0x005a;
const uint16_t TLV_TYPE_STR_GPGID = 0x005b;
const uint16_t TLV_TYPE_STR_LOCATION = 0x005c;
const uint16_t TLV_TYPE_STR_CERT_GPG = 0x005d;
/* Wide Chars (4 bytes per char) for internationalisation */
const uint16_t TLV_TYPE_WSTR_PEERID = 0x0060;

67
libretroshare/src/services/p3disc.cc
View file

@ -492,47 +492,11 @@ void p3disc::sendPeerDetails(std::string to, std::string about)
di->discFlags |= P3DISC_FLAGS_PEER_ONLINE;
}
// Add 3rd party trust info
// We look at peers that trust 'to', by looking into 'to''s tigners list. The problem is that
// signers are accessible through their names instead of their id, so there is ambiguity if too peers
// have the same names. @DrBob: that would be cool to save signers using their ids...
//
RsPeerDetails pd ;
std::string name = rsPeers->getPeerName(about) ;
if(rsPeers->getPeerDetails(to,pd))
for(std::list<std::string>::const_iterator it(pd.gpgSigners.begin());it!=pd.gpgSigners.end();++it)
if(*it == name)
{
di->discFlags |= P3DISC_FLAGS_PEER_TRUSTS_ME;
#ifdef P3DISC_DEBUG
std::cerr << " Peer " << about << "(" << name << ")" << " is trusting " << to << ", sending info." << std::endl ;
#endif
}
uint32_t certLen = 0;
unsigned char **binptr = (unsigned char **) &(di -> certDER.bin_data);
di -> certGPG = AuthGPG::getAuthGPG()->SaveCertificateToString(about);
AuthSSL::getAuthSSL()->SaveCertificateToBinary(about, binptr, &certLen);
#ifdef P3DISC_DEBUG
std::cerr << "Saved certificate to binary in p3discReply. Length=" << certLen << std::endl ;
#endif
if (certLen > 0)
{
di -> certDER.bin_len = certLen;
#ifdef P3DISC_DEBUG
std::cerr << "Cert Encoded(" << certLen << ")" << std::endl;
#endif
}
else
{
#ifdef P3DISC_DEBUG
std::cerr << "Failed to Encode Cert" << std::endl;
#endif
di -> certDER.bin_len = 0;
}
// Send off message
// Send off message
#ifdef P3DISC_DEBUG
di->print(std::cerr, 5);
#endif
@ -562,7 +526,7 @@ void p3disc::sendPeerIssuer(std::string to, std::string about)
#endif
}
std::string aboutIssuerId = AuthSSL::getAuthSSL()->getGPGId(about);
std::string aboutIssuerId = rsPeers->getGPGId(about);
if (aboutIssuerId == "")
{
/* major error! */
@ -709,15 +673,6 @@ void p3disc::recvPeerFriendMsg(RsDiscReply *item)
#endif
/* tells us their exact address (mConnectMgr can ignore if it looks wrong) */
/* load certificate */
std::string peerId;
uint8_t *certptr = (uint8_t *) item->certDER.bin_data;
uint32_t len = item->certDER.bin_len;
bool loaded = AuthSSL::getAuthSSL()->LoadCertificateFromBinary(certptr, len, peerId);
uint32_t type = 0;
uint32_t flags = 0;
@ -727,7 +682,7 @@ void p3disc::recvPeerFriendMsg(RsDiscReply *item)
if (item->discFlags & P3DISC_FLAGS_PEER_ONLINE) flags |= RS_NET_FLAGS_ONLINE;
if (item->discFlags & P3DISC_FLAGS_PEER_TRUSTS_ME)
{
std::cerr << " Found a peer that trust me: " << peerId << " (" << rsPeers->getPeerName(peerId) << ")" << std::endl ;
std::cerr << " Found a peer that trust me: " << item->aboutId << " (" << rsPeers->getPeerName(item->aboutId) << ")" << std::endl ;
flags |= RS_NET_FLAGS_TRUSTS_ME;
}
@ -746,16 +701,16 @@ void p3disc::recvPeerFriendMsg(RsDiscReply *item)
}
/* only valid certs, and not ourselves */
if ((loaded) && (peerId != mConnMgr->getOwnId()))
if ((item->aboutId != mConnMgr->getOwnId()))
{
mConnMgr->peerStatus(peerId, item->currentladdr, item->currentsaddr, item->ipAddressList, type, flags, RS_CB_DISC);
mConnMgr->peerStatus(item->aboutId, item->currentladdr, item->currentsaddr, item->ipAddressList, type, flags, RS_CB_DISC);
std::string hashid1 = RsUtil::HashId(peerId, false);
std::string hashid1 = RsUtil::HashId(item->aboutId, false);
mConnMgr->stunStatus(hashid1, item->currentsaddr, type, RS_STUN_FRIEND_OF_FRIEND);
}
/* send Own Ip list to connect manager. It will extract the external ip address from it */
if (peerId == mConnMgr->getOwnId())
if (item->aboutId == mConnMgr->getOwnId())
{
//setAddressList might also set our own external address
mConnMgr->setAddressList(mConnMgr->getOwnId(), item->ipAddressList);
@ -778,7 +733,7 @@ void p3disc::recvPeerFriendMsg(RsDiscReply *item)
}
addDiscoveryData(item->PeerId(), peerId, item->currentladdr, item->currentsaddr, item->discFlags, time(NULL));
addDiscoveryData(item->PeerId(), item->aboutId, item->currentladdr, item->currentsaddr, item->discFlags, time(NULL));
rsicontrol->getNotify().notifyListChange(NOTIFY_LIST_NEIGHBOURS, NOTIFY_TYPE_MOD);
@ -799,8 +754,8 @@ void p3disc::recvPeerIssuerMsg(RsDiscIssuer *item)
/* tells us their exact address (mConnectMgr can ignore if it looks wrong) */
/* load certificate */
std::string peerId;
bool loaded = AuthGPG::getAuthGPG()->LoadCertificateFromString(item->issuerCert);
std::string gpgId;
bool loaded = AuthGPG::getAuthGPG()->LoadCertificateFromString(item->issuerCert, gpgId);
/* cleanup (handled by caller) */

4
libretroshare/src/services/p3distrib.cc
View file

@ -1732,7 +1732,7 @@ std::string p3GroupDistrib::publishMsg(RsDistribMsg *msg, bool personalSign)
if (AuthGPG::getAuthGPG()->SignDataBin(data, size, sigbuf, &siglen))
{
signedMsg->personalSignature.signData.setBinData(sigbuf, siglen);
signedMsg->personalSignature.keyId = AuthGPG::getAuthGPG()->PGPOwnId();
signedMsg->personalSignature.keyId = AuthGPG::getAuthGPG()->getGPGOwnId();
}
}
@ -2451,7 +2451,7 @@ bool p3GroupDistrib::locked_validateDistribSignedMsg(
std::cerr << std::endl;
#endif
if (AuthGPG::getAuthGPG()->isPGPValid(newMsg->personalSignature.keyId))
if (AuthGPG::getAuthGPG()->isGPGValid(newMsg->personalSignature.keyId))
{
#ifdef DISTRIB_DEBUG
std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Peer Known";