add key generation at startup if no gpg key found

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@2068 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
joss17 2010-01-18 12:30:54 +00:00
parent 28882efe03
commit af68fa36ce
7 changed files with 189 additions and 197 deletions

View File

@ -38,6 +38,9 @@ AuthGPG *AuthGPG::instance_gpg = new AuthGPG();
/* Turn a set of parameters into a string */
static std::string setKeyPairParams(bool useRsa, unsigned int blen,
std::string name, std::string comment, std::string email);
static std::string setKeyPairParams(bool useRsa, unsigned int blen,
std::string name, std::string comment, std::string email,
std::string inPassphrase);
static gpgme_key_t getKey(gpgme_ctx_t, std::string, std::string, std::string);
@ -266,6 +269,7 @@ bool AuthGPG::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &id
int AuthGPG::GPGInit(std::string ownId)
{
RsStackMutex stack(pgpMtx); /******* LOCKED ******/
std::cerr << "AuthGPG::GPGInit() called with own gpg id : " << ownId << std::endl;
gpgme_key_t newKey;
gpg_error_t ERR;
@ -840,13 +844,32 @@ bool AuthGPG::active()
{
//RsStackMutex stack(pgpMtx); /******* LOCKED ******/
return ((gpgmeInit) && (gpgmeKeySelected) && (gpgmeX509Selected));
return ((gpgmeInit) && (gpgmeKeySelected));
}
int AuthGPG::InitAuth()
{
gpgmeX509Selected = true;
return 1;
bool AuthGPG::GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString) {
gpgme_key_t newKey;
gpgme_genkey_result_t result;
gpg_error_t ERR;
if(GPG_ERR_NO_ERROR != (ERR = gpgme_op_genkey(CTX, setKeyPairParams(true, 2048, name, "generated by Retroshare", email, \
passwd).c_str(), NULL, NULL))) {
ProcessPGPmeError(ERR);
std::cerr << "Error generating the key" << std::endl;
return 0;
}
if((result = gpgme_op_genkey_result(CTX)) == NULL)
return 0;
if(GPG_ERR_NO_ERROR != (ERR = gpgme_get_key(CTX, result->fpr, &newKey, 1))) {
std::cerr << "Error reading own key" << std::endl;
return 0;
}
pgpId = newKey->subkeys->keyid;
return true;
}
bool AuthGPG::CloseAuth()
@ -1514,6 +1537,39 @@ static std::string setKeyPairParams(bool useRsa, unsigned int blen,
return params.str();
}
static std::string setKeyPairParams(bool useRsa, unsigned int blen,
std::string name, std::string comment, std::string email,
std::string inPassphrase)
{
std::ostringstream params;
params << "<GnupgKeyParms format=\"internal\">"<< std::endl;
if (useRsa)
{
params << "Key-Type: RSA"<< std::endl;
if (blen < 1024)
{
std::cerr << "Weak Key... strengthing..."<< std::endl;
blen = 1024;
}
blen = ((blen / 512) * 512); /* make multiple of 512 */
params << "Key-Length: "<< blen << std::endl;
}
else
{
params << "Key-Type: DSA"<< std::endl;
params << "Key-Length: 1024"<< std::endl;
params << "Subkey-Type: ELG-E"<< std::endl;
params << "Subkey-Length: 1024"<< std::endl;
}
params << "Name-Real: "<< name << std::endl;
params << "Name-Comment: "<< comment << std::endl;
params << "Name-Email: "<< email << std::endl;
params << "Expire-Date: 0"<< std::endl;
params << "Passphrase: "<< inPassphrase << std::endl;
params << "</GnupgKeyParms>"<< std::endl;
return params.str();
}
/* Author: Shiva

View File

@ -111,8 +111,6 @@ class AuthGPG : public p3Config
bool availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids);
int GPGInit(std::string ownId);
/* SKTAN */
void showData(gpgme_data_t dh);
void createDummyFriends(void); //NYI
@ -135,9 +133,9 @@ class AuthGPG : public p3Config
bool active();
/* Init by generating new Own PGP Cert, or selecting existing PGP Cert */
int InitAuth();
int GPGInit(std::string ownId);
bool CloseAuth();
bool GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString);
/*********************************************************************************/
/************************* STAGE 3 ***********************************************/

View File

@ -59,7 +59,7 @@ class RsInit
/* Generating GPGme Account */
static int GetPGPLogins(std::list<std::string> &pgpIds);
static int GetPGPLoginDetails(std::string id, std::string &name, std::string &email);
static bool GeneratePGPCertificate(std::string name, std::string comment, std::string email, std::string passwd, std::string &pgpId, std::string &errString);
static bool GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString);
/* Login PGP */
static bool SelectGPGAccount(std::string id);

View File

@ -828,14 +828,13 @@ bool RsInit::SelectGPGAccount(std::string id)
//}
bool GeneratePGPCertificate(std::string name, std::string comment, std::string email, std::string passwd, std::string &pgpId, std::string &errString)
{
return true;
bool RsInit::GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString) {
AuthGPG::getAuthGPG()->GeneratePGPCertificate(name, email, passwd, pgpId, errString);
}
/* Create SSL Certificates */
bool RsInit::GenerateSSLCertificate(std::string name, std::string org, std::string loc, std::string country, std::string passwd, std::string &sslId, std::string &errString)
bool RsInit::GenerateSSLCertificate(std::string gpg_id, std::string org, std::string loc, std::string country, std::string passwd, std::string &sslId, std::string &errString)
{
// generate the private_key / certificate.
// save to file.
@ -849,14 +848,10 @@ bool RsInit::GenerateSSLCertificate(std::string name, std::string org, std::
return false;
}
if (name.length() < 3)
{
errString = "Name is too short (must be 3+ chars)";
return false;
}
int nbits = 2048;
std::string name = AuthGPG::getAuthGPG()->getGPGName(gpg_id);
// Create the filename .....
// Temporary Directory for creating files....
std::string tmpdir = "TMPCFG";
@ -874,102 +869,6 @@ bool RsInit::GenerateSSLCertificate(std::string name, std::string org, std::
bool gen_ok = false;
#if defined(PQI_USE_SSLONLY)
X509_REQ *req = GenerateX509Req(
key_name.c_str(),
password.c_str(),
name.c_str(),
"", //ui -> gen_email -> value(),
org.c_str(),
loc.c_str(),
"", //ui -> gen_state -> value(),
country.c_str(),
nbits, errString);
/* load private key */
/* now convert to a self-signed certificate */
EVP_PKEY *privkey = NULL;
long days = 3000;
gen_ok = true;
/********** Test Loading the private Key.... ************/
FILE *tst_in = NULL;
if (NULL == (tst_in = fopen(key_name.c_str(), "rb")))
{
fprintf(stderr,"RsGenerateCert() Couldn't Open Private Key");
fprintf(stderr," : %s\n", key_name.c_str());
gen_ok = false;
}
if ((gen_ok) && (NULL == (privkey =
PEM_read_PrivateKey(tst_in,NULL,NULL,(void *) password.c_str()))))
{
fprintf(stderr,"RsGenerateCert() Couldn't Read Private Key");
fprintf(stderr," : %s\n", key_name.c_str());
gen_ok = false;
}
X509 *cert = NULL;
if (gen_ok)
{
cert = SignX509Certificate(X509_REQ_get_subject_name(req),
privkey,req,days);
/* Print the signed Certificate! */
BIO *bio_out = NULL;
bio_out = BIO_new(BIO_s_file());
BIO_set_fp(bio_out,stdout,BIO_NOCLOSE);
/* Print it out */
int nmflag = 0;
int reqflag = 0;
X509_print_ex(bio_out, cert, nmflag, reqflag);
BIO_flush(bio_out);
BIO_free(bio_out);
}
else
{
fprintf(stderr,"RsGenerateCert() Didn't Sign Certificate\n");
gen_ok = false;
}
/* Save cert to file */
// open the file.
FILE *out = NULL;
if (NULL == (out = fopen(cert_name.c_str(), "w")))
{
fprintf(stderr,"RsGenerateCert() Couldn't create Cert File");
fprintf(stderr," : %s\n", cert_name.c_str());
return 0;
}
if (!PEM_write_X509(out,cert))
{
fprintf(stderr,"RsGenerateCert() Couldn't Save Cert");
fprintf(stderr," : %s\n", cert_name.c_str());
return 0;
}
if (cert)
{
gen_ok = true;
}
X509_free(cert);
X509_REQ_free(req);
fclose(tst_in);
fclose(out);
EVP_PKEY_free(privkey);
#else /* X509 Certificates */
/**************** PQI_USE_PGP ******************/
/* Extra step required for SSL + PGP, user must have selected
* or generated a suitable key so the signing can happen.
*/
@ -1042,9 +941,6 @@ bool RsInit::GenerateSSLCertificate(std::string name, std::string org, std::
X509_free(x509);
}
#endif /* X509 Certificates */
if (!gen_ok)
{
errString = "Generation of Certificate Failed";

View File

@ -50,20 +50,15 @@ GenCertDialog::GenCertDialog(QWidget *parent, Qt::WFlags flags)
//ui.genName->setFocus(Qt::OtherFocusReason);
ui.genCountry->hide();
ui.label_6->hide();
ui.genOrg->hide();
ui.label_8->hide();
/* get all available pgp private certificates....
* mark last one as default.
*/
std::cerr << "Finding PGPUsers" << std::endl;
foundGPGKeys = false;
std::list<std::string> pgpIds;
std::list<std::string>::iterator it;
if (RsInit::GetPGPLogins(pgpIds))
{
if (RsInit::GetPGPLogins(pgpIds)) {
for(it = pgpIds.begin(); it != pgpIds.end(); it++)
{
const QVariant & userData = QVariant(QString::fromStdString(*it));
@ -71,10 +66,22 @@ GenCertDialog::GenCertDialog(QWidget *parent, Qt::WFlags flags)
RsInit::GetPGPLoginDetails(*it, name, email);
std::cerr << "Adding PGPUser: " << name << " id: " << *it << std::endl;
ui.genPGPuser->addItem(QString::fromStdString(name), userData);
foundGPGKeys = true;
}
}
if (foundGPGKeys) {
ui.no_gpg_key_label->hide();
ui.name_label->hide();
ui.name_input->hide();
ui.email_label->hide();
ui.email_input->hide();
ui.password_label->hide();
ui.password_input->hide();
} else {
ui.genPGPuserlabel->hide();
ui.genPGPuser->hide();
}
}
/** Destructor. */
@ -111,11 +118,10 @@ void GenCertDialog::genPerson()
{
/* Check the data from the GUI. */
std::string genOrg = ui.genOrg->text().toStdString();
std::string genLoc = ui.genLoc->text().toStdString();
std::string genCountry = ui.genCountry->text().toStdString();
std::string err;
std::string PGPId;
if (foundGPGKeys) {
int pgpidx = ui.genPGPuser->currentIndex();
if (pgpidx < 0)
{
@ -126,9 +132,33 @@ void GenCertDialog::genPerson()
QMessageBox::Ok);
return;
}
QVariant data = ui.genPGPuser->itemData(pgpidx);
std::string PGPId = (data.toString()).toStdString();
PGPId = (data.toString()).toStdString();
} else {
//generate a new gpg key
std::string err_string;
ui.no_gpg_key_label->setText(tr("Generating new GPG key, please be patient. Fill in your GPG password when asked."));
ui.no_gpg_key_label->show();
ui.name_label->hide();
ui.name_input->hide();
ui.email_label->hide();
ui.email_input->hide();
ui.password_label->hide();
ui.password_input->hide();
ui.genPGPuserlabel->hide();
ui.genPGPuser->hide();
ui.location_label->hide();
ui.genLoc->hide();
ui.infopushButton->hide();
ui.genButton->hide();
QMessageBox::StandardButton info = QMessageBox::information( NULL,
"Generating GPG key",
"This process can take some time, please be patient after pressing the OK button",
QMessageBox::Ok);
//info->
RsInit::GeneratePGPCertificate(ui.name_input->text().toStdString(), ui.email_input->text().toStdString(), ui.password_input->text().toStdString(), PGPId, err_string);
}
//generate a random ssl password
std::cerr << " generating sslPasswd." << std::endl;
@ -146,8 +176,9 @@ void GenCertDialog::genPerson()
//RsInit::LoadGPGPassword(PGPpasswd);
std::string sslId;
std::cerr << "Generating SSL cert with name : " << ui.genPGPuser->itemText(pgpidx).toStdString() << std::endl;
bool okGen = RsInit::GenerateSSLCertificate(ui.genPGPuser->itemText(pgpidx).toStdString(), genOrg, genLoc, genCountry, sslPasswd, sslId, err);
std::cerr << "Generating SSL cert with gpg id : " << PGPId << std::endl;
std::string err;
bool okGen = RsInit::GenerateSSLCertificate(PGPId, "", genLoc, "", sslPasswd, sslId, err);
if (okGen)
{

View File

@ -64,6 +64,8 @@ private:
/** Qt Designer generated object */
Ui::GenCertDialog ui;
bool foundGPGKeys;
};
#endif

View File

@ -1010,12 +1010,14 @@
&lt;html&gt;&lt;head&gt;&lt;meta name=&quot;qrichtext&quot; content=&quot;1&quot; /&gt;&lt;style type=&quot;text/css&quot;&gt;
p, li { white-space: pre-wrap; }
&lt;/style&gt;&lt;/head&gt;&lt;body style=&quot; font-family:'Arial'; font-size:8pt; font-weight:400; font-style:normal;&quot;&gt;
&lt;p style=&quot; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;&quot;&gt;&lt;span style=&quot; font-size:16pt;&quot;&gt;Create a new RetroShare profile&lt;/span&gt;&lt;br /&gt;&lt;br /&gt;&lt;span style=&quot; font-size:9pt;&quot;&gt;Please fill in the information which will&lt;br /&gt;allow your RetroShare to connect to&lt;/span&gt;&lt;/p&gt;
&lt;p style=&quot; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;&quot;&gt;&lt;span style=&quot; font-size:9pt;&quot;&gt;Friends.&lt;/span&gt;&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
&lt;p style=&quot; margin-top:0px; margin-bottom:0px; margin-left:0px; margin-right:0px; -qt-block-indent:0; text-indent:0px;&quot;&gt;&lt;span style=&quot; font-size:16pt;&quot;&gt;Create a new RetroShare profile&lt;/span&gt;&lt;br /&gt;&lt;br /&gt;Retroshare uses gpg keys. Please fill in the location field, it will be permanently attached to this retroshare installation. You can generate a new retroshare location profile with the same gpg key on another computer.&lt;/p&gt;&lt;/body&gt;&lt;/html&gt;</string>
</property>
<property name="alignment">
<set>Qt::AlignLeading|Qt::AlignLeft|Qt::AlignVCenter</set>
</property>
<property name="wordWrap">
<bool>true</bool>
</property>
<property name="indent">
<number>100</number>
</property>
@ -1028,65 +1030,69 @@ p, li { white-space: pre-wrap; }
</property>
<layout class="QGridLayout" name="gridLayout_2">
<item row="0" column="0">
<layout class="QGridLayout">
<property name="margin">
<number>9</number>
<widget class="QLabel" name="no_gpg_key_label">
<property name="text">
<string>It looks like you don't own any GPG keys. Please fill in the form below to generate one, or use your favorite gnupg keys manager.</string>
</property>
<property name="spacing">
<number>6</number>
<property name="wordWrap">
<bool>true</bool>
</property>
</widget>
</item>
<item row="2" column="0">
<widget class="QLabel" name="label_6">
<property name="text">
<string>Organisation:</string>
<layout class="QFormLayout" name="formLayout">
<property name="fieldGrowthPolicy">
<enum>QFormLayout::AllNonFixedFieldsGrow</enum>
</property>
</widget>
</item>
<item row="2" column="1" colspan="2">
<widget class="QLineEdit" name="genOrg"/>
</item>
<item row="3" column="0">
<widget class="QLabel" name="label_7">
<property name="text">
<string>Location:</string>
</property>
</widget>
</item>
<item row="3" column="1" colspan="2">
<widget class="QLineEdit" name="genLoc"/>
</item>
<item row="4" column="0">
<widget class="QLabel" name="label_8">
<property name="text">
<string>Country:</string>
</property>
</widget>
</item>
<item row="4" column="1" colspan="2">
<widget class="QLineEdit" name="genCountry"/>
</item>
<item row="0" column="1" colspan="2">
<widget class="QComboBox" name="genPGPuser"/>
</item>
<item row="0" column="0">
<widget class="QLabel" name="label">
<item row="1" column="0">
<widget class="QLabel" name="genPGPuserlabel">
<property name="text">
<string>OpenPGP User</string>
</property>
</widget>
</item>
<item row="1" column="1">
<widget class="QComboBox" name="genPGPuser"/>
</item>
<item row="2" column="0">
<widget class="QLabel" name="name_label">
<property name="text">
<string>Name</string>
</property>
</widget>
</item>
<item row="2" column="1">
<widget class="QLineEdit" name="name_input"/>
</item>
<item row="5" column="0">
<widget class="QLabel" name="location_label">
<property name="text">
<string>Location:</string>
</property>
</widget>
</item>
<item row="5" column="1">
<spacer name="verticalSpacer">
<property name="orientation">
<enum>Qt::Vertical</enum>
<widget class="QLineEdit" name="genLoc"/>
</item>
<item row="3" column="0">
<widget class="QLabel" name="email_label">
<property name="text">
<string>Email</string>
</property>
<property name="sizeHint" stdset="0">
<size>
<width>20</width>
<height>40</height>
</size>
</widget>
</item>
<item row="3" column="1">
<widget class="QLineEdit" name="email_input"/>
</item>
<item row="4" column="0">
<widget class="QLabel" name="password_label">
<property name="text">
<string>GPG Password</string>
</property>
</spacer>
</widget>
</item>
<item row="4" column="1">
<widget class="QLineEdit" name="password_input"/>
</item>
</layout>
</item>
@ -1124,9 +1130,12 @@ p, li { white-space: pre-wrap; }
</widget>
<tabstops>
<tabstop>genPGPuser</tabstop>
<tabstop>genOrg</tabstop>
<tabstop>name_input</tabstop>
<tabstop>email_input</tabstop>
<tabstop>password_input</tabstop>
<tabstop>genLoc</tabstop>
<tabstop>genCountry</tabstop>
<tabstop>genButton</tabstop>
<tabstop>infopushButton</tabstop>
</tabstops>
<resources>
<include location="images.qrc"/>