implemented the sign, trust and validitty functionnality in authGPG. Fix a singleton bug for authGPG and authSSL

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2007 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2025-06-13 09:03:33 -04:00 · 2010-01-13 21:05:38 +00:00 · 2010-01-13 21:05:38 +00:00 · 9c17aced37
commit 9c17aced37
parent 6055c30832
8 changed files with 103 additions and 204 deletions
--- a/libretroshare/src/pqi/authssl.cc
+++ b/libretroshare/src/pqi/authssl.cc
@ -49,6 +49,9 @@
 /********************************************************************************/
 /********************************************************************************/

+// initialisation du pointeur de singleton à zéro
+AuthSSL *AuthSSL::instance_ssl = new AuthSSL();
+
 sslcert::sslcert(X509 *x509, std::string pid)
 {
 	certificate = x509;
@ -399,12 +402,6 @@ AuthSSL::AuthSSL()
 {
 }

-AuthSSL *AuthSSL::getAuthSSL()
-{
-        return &instance_sslroot;
-        //return NULL;
-}
-
 bool AuthSSL::active()
 {
 	return init;
@ -2041,10 +2038,11 @@ bool AuthSSL::AuthX509(X509 *x509)
                sigoutl = 0;
                goto err;
        }
-
+        std::cerr << "AuthSSL::AuthX509() X509 authenticated" << std::endl;
        return true;

  err:
+        std::cerr << "AuthSSL::AuthX509() X509 NOT authenticated" << std::endl;
        return false;
 }
 	/* validate + get id */
@ -2200,11 +2198,13 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
                        /* do the REAL Authentication */
                        if (!AuthX509(X509_STORE_CTX_get_current_cert(ctx)))
                        {
+                                fprintf(stderr, "AuthSSL::VerifyX509Callback() X509 not authenticated.\n");
                                return false;
                        }
                        std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
-                        if (!AuthGPG::getAuthGPG()->isPGPAuthenticated(pgpid))
+                        if (!AuthGPG::getAuthGPG()->isPGPSigned(pgpid))
                        {
+                                fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself.\n");
                                return false;
                        }
                        preverify_ok = true;
@ -2213,8 +2213,9 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
                        (err == X509_V_ERR_UNABLE_TO_VERIFY_LEAF_SIGNATURE))
                {
                        std::string pgpid = getX509CNString(X509_STORE_CTX_get_current_cert(ctx)->cert_info->issuer);
-                        if (!AuthGPG::getAuthGPG()->isPGPAuthenticated(pgpid))
+                        if (!AuthGPG::getAuthGPG()->isPGPSigned(pgpid))
                        {
+                                fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not signed by ourself.\n");
                                return false;
                        }
                        preverify_ok = true;