mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-08-22 04:39:55 -04:00
Major change to the way certificates are stored now defaults to ~/.retroshare/SSLID/
* supports Multiple Accounts on same computer. * Enabled libretroshare tests using Makefiles. * restructured RsInit functions: Config Data is now private. * switch OpenPGP on by default (added #define to rsinit). git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@1451 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
drbob
parent
a7209f1001
commit
a023a0bfcd
14 changed files with 1372 additions and 968 deletions
|
|
@ -57,10 +57,13 @@
|
|||
#include <iostream>
|
||||
#include <sstream>
|
||||
|
||||
#define AUTHGPG_DEBUG 1
|
||||
|
||||
|
||||
/* Turn a set of parameters into a string */
|
||||
static std::string setKeyPairParams(bool useRsa, unsigned int blen,
|
||||
std::string name, std::string comment, std::string email,
|
||||
std::string passphrase);
|
||||
std::string inPassphrase);
|
||||
|
||||
static gpgme_key_t getKey(gpgme_ctx_t, std::string, std::string, std::string);
|
||||
|
||||
|
|
@ -132,6 +135,7 @@ bool GPGAuthMgr::setPGPPassword_locked(std::string pwd)
|
|||
memcpy(PgpPassword, pwd.c_str(), pwd.length());
|
||||
PgpPassword[pwd.length()] = '\0';
|
||||
|
||||
fprintf(stderr, "GPGAuthMgr::setPGPPassword_locked() called\n");
|
||||
gpgme_set_passphrase_cb(CTX, pgp_pwd_callback, (void *) PgpPassword);
|
||||
|
||||
return true;
|
||||
|
|
@ -257,7 +261,7 @@ bool GPGAuthMgr::availablePGPCertificates(std::list<std::string> &ids)
|
|||
* This function must be called successfully (return == 1)
|
||||
* before anything else can be done. (except above fn).
|
||||
*/
|
||||
int GPGAuthMgr::GPGInit(std::string ownId, std::string name, std::string passphrase)
|
||||
int GPGAuthMgr::GPGInit(std::string ownId)
|
||||
{
|
||||
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
|
||||
|
||||
|
|
@ -280,23 +284,24 @@ int GPGAuthMgr::GPGInit(std::string ownId, std::string name, std::string passphr
|
|||
return 0;
|
||||
}
|
||||
|
||||
mOwnGpgCert.user.name = name;
|
||||
mOwnGpgCert.user.name = newKey->uids->name;
|
||||
mOwnGpgCert.user.email = newKey->uids->email;
|
||||
mOwnGpgCert.user.fpr = newKey->subkeys->fpr;
|
||||
mOwnGpgCert.user.id = ownId;
|
||||
mOwnGpgCert.key = newKey;
|
||||
this->passphrase = passphrase;
|
||||
|
||||
mOwnId = ownId;
|
||||
gpgmeKeySelected = true;
|
||||
|
||||
setPGPPassword_locked(passphrase);
|
||||
// Password set in different fn.
|
||||
//this->passphrase = passphrase;
|
||||
//setPGPPassword_locked(passphrase);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
int GPGAuthMgr::GPGInit(std::string name, std::string comment,
|
||||
std::string email, std::string passphrase)
|
||||
std::string email, std::string inPassphrase)
|
||||
{
|
||||
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
|
||||
|
||||
|
|
@ -329,8 +334,8 @@ int GPGAuthMgr::GPGInit(std::string name, std::string comment,
|
|||
mOwnGpgCert.user.id = newKey->subkeys->keyid;
|
||||
mOwnGpgCert.key = newKey;
|
||||
|
||||
this->passphrase = passphrase;
|
||||
setPGPPassword_locked(passphrase);
|
||||
this->passphrase = inPassphrase;
|
||||
setPGPPassword_locked(inPassphrase);
|
||||
|
||||
mOwnId = mOwnGpgCert.user.id;
|
||||
gpgmeKeySelected = true;
|
||||
|
|
@ -342,6 +347,21 @@ int GPGAuthMgr::GPGInit(std::string name, std::string comment,
|
|||
{
|
||||
}
|
||||
|
||||
int GPGAuthMgr::LoadGPGPassword(std::string pwd)
|
||||
{
|
||||
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
|
||||
|
||||
if (!gpgmeInit) {
|
||||
return 0;
|
||||
}
|
||||
|
||||
this->passphrase = pwd;
|
||||
setPGPPassword_locked(pwd);
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
|
||||
// store all keys in map mKeyList to avoid callin gpgme exe repeatedly
|
||||
bool GPGAuthMgr::storeAllKeys_locked()
|
||||
|
|
@ -637,6 +657,12 @@ bool GPGAuthMgr::printOwnKeys_locked()
|
|||
return true;
|
||||
}
|
||||
|
||||
bool GPGAuthMgr::printKeys()
|
||||
{
|
||||
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
|
||||
printAllKeys_locked();
|
||||
return printOwnKeys_locked();
|
||||
}
|
||||
|
||||
X509 *GPGAuthMgr::SignX509Req(X509_REQ *req, long days, std::string gpg_passwd)
|
||||
{
|
||||
|
|
@ -820,7 +846,7 @@ X509 *GPGAuthMgr::SignX509Req(X509_REQ *req, long days, std::string gpg_passwd)
|
|||
goto err;
|
||||
}
|
||||
|
||||
passphrase = "NULL";
|
||||
//passphrase = "NULL";
|
||||
|
||||
std::cerr << "Signature done: len:" << sigoutl << std::endl;
|
||||
|
||||
|
|
@ -1258,6 +1284,10 @@ bool GPGAuthMgr::getDetails(std::string id, pqiAuthDetails &details)
|
|||
* Ids are the SSL id cert ids, so we have to get issuer id (pgpid)
|
||||
* before we can add any gpg details
|
||||
****/
|
||||
#ifdef AUTHGPG_DEBUG
|
||||
std::cerr << "GPGAuthMgr::getDetails() \"" << id << "\"";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
||||
if (AuthSSL::getDetails(id, details))
|
||||
{
|
||||
|
|
@ -1906,7 +1936,7 @@ void GPGAuthMgr::createDummyFriends()
|
|||
|
||||
static std::string setKeyPairParams(bool useRsa, unsigned int blen,
|
||||
std::string name, std::string comment, std::string email,
|
||||
std::string passphrase)
|
||||
std::string inPassphrase)
|
||||
{
|
||||
std::ostringstream params;
|
||||
params << "<GnupgKeyParms format=\"internal\">"<< std::endl;
|
||||
|
|
@ -1932,7 +1962,7 @@ static std::string setKeyPairParams(bool useRsa, unsigned int blen,
|
|||
params << "Name-Comment: "<< comment << std::endl;
|
||||
params << "Name-Email: "<< email << std::endl;
|
||||
params << "Expire-Date: 0"<< std::endl;
|
||||
params << "Passphrase: "<< passphrase << std::endl;
|
||||
params << "Passphrase: "<< inPassphrase << std::endl;
|
||||
params << "</GnupgKeyParms>"<< std::endl;
|
||||
|
||||
return params.str();
|
||||
|
|
|
|||
|
|
@ -82,9 +82,12 @@ class GPGAuthMgr: public AuthSSL
|
|||
|
||||
bool availablePGPCertificates(std::list<std::string> &ids);
|
||||
|
||||
int GPGInit(std::string ownId, std::string name, std::string passwd);
|
||||
int GPGInit(std::string ownId);
|
||||
int GPGInit(std::string name, std::string comment,
|
||||
std::string email, std::string passwd);
|
||||
std::string email, std::string passwd); /* create it */
|
||||
|
||||
int LoadGPGPassword(std::string pwd);
|
||||
|
||||
/* Sign/Trust stuff */
|
||||
int signCertificate(std::string id);
|
||||
int revokeCertificate(std::string id); /* revoke the signature on Certificate */
|
||||
|
|
@ -94,6 +97,8 @@ class GPGAuthMgr: public AuthSSL
|
|||
void showData(gpgme_data_t dh);
|
||||
void createDummyFriends(void); //NYI
|
||||
|
||||
bool printKeys();
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 1 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
|
|
|
|||
|
|
@ -803,7 +803,7 @@ std::string AuthSSL::getIssuerName(std::string id)
|
|||
bool AuthSSL::getDetails(std::string id, pqiAuthDetails &details)
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::getDetails() " << id;
|
||||
std::cerr << "AuthSSL::getDetails() \"" << id << "\"";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
sslMtx.lock(); /***** LOCK *****/
|
||||
|
|
@ -1964,6 +1964,59 @@ int LoadCheckX509andGetName(const char *cert_file, std::string &userName, std::s
|
|||
}
|
||||
}
|
||||
|
||||
|
||||
// Not dependent on sslroot. load, and detroys the X509 memory.
|
||||
|
||||
int LoadCheckX509andGetIssuerName(const char *cert_file, std::string &issuerName, std::string &userId)
|
||||
{
|
||||
/* This function loads the X509 certificate from the file,
|
||||
* and checks the certificate
|
||||
*/
|
||||
|
||||
FILE *tmpfp = fopen(cert_file, "r");
|
||||
if (tmpfp == NULL)
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "sslroot::LoadCheckAndGetX509Name()";
|
||||
std::cerr << " Failed to open Certificate File:" << cert_file;
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
// get xPGP certificate.
|
||||
X509 *x509 = PEM_read_X509(tmpfp, NULL, NULL, NULL);
|
||||
fclose(tmpfp);
|
||||
|
||||
// check the certificate.
|
||||
bool valid = false;
|
||||
if (x509)
|
||||
{
|
||||
valid = ((AuthSSL *) getAuthMgr())->ValidateCertificate(x509, userId);
|
||||
}
|
||||
|
||||
if (valid)
|
||||
{
|
||||
// extract the name.
|
||||
issuerName = getX509CNString(x509->cert_info->issuer);
|
||||
}
|
||||
|
||||
std::cout << getX509Info(x509) << std::endl ;
|
||||
// clean up.
|
||||
X509_free(x509);
|
||||
|
||||
if (valid)
|
||||
{
|
||||
// happy!
|
||||
return 1;
|
||||
}
|
||||
else
|
||||
{
|
||||
// something went wrong!
|
||||
return 0;
|
||||
}
|
||||
}
|
||||
|
||||
std::string getX509NameString(X509_NAME *name)
|
||||
{
|
||||
std::string namestr;
|
||||
|
|
|
|||
|
|
@ -236,6 +236,8 @@ std::string getXPGPAuthCode(XPGP *xpgp);
|
|||
std::string getX509Info(X509 *cert);
|
||||
bool getX509id(X509 *x509, std::string &xid);
|
||||
|
||||
int LoadCheckX509andGetIssuerName(const char *cert_file,
|
||||
std::string &issuerName, std::string &userId);
|
||||
int LoadCheckX509andGetName(const char *cert_file,
|
||||
std::string &userName, std::string &userId);
|
||||
|
||||
|
|
|
|||
|
|
@ -21,8 +21,7 @@ int main()
|
|||
/* Select which GPG Keys we use */
|
||||
|
||||
/* print all keys */
|
||||
mgr.printAllKeys();
|
||||
mgr.printOwnKeys();
|
||||
mgr.printKeys();
|
||||
|
||||
std::list<std::string> idList;
|
||||
mgr.availablePGPCertificates(idList);
|
||||
|
|
@ -36,7 +35,8 @@ int main()
|
|||
fprintf(stderr, "Using GPG Certificate:%s \n", id.c_str());
|
||||
|
||||
std::string noname;
|
||||
mgr.GPGInit(id, "noname", gpg_passwd);
|
||||
mgr.GPGInit(id);
|
||||
mgr.LoadGPGPassword(gpg_passwd);
|
||||
|
||||
/* Init SSL library */
|
||||
mgr.InitAuth(NULL, NULL, NULL);
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue