mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-29 01:16:20 -05:00
restriction to only accept self-signed certificates for friend keys
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6928 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
68138fc1c8
commit
b2bea751aa
@ -954,12 +954,51 @@ bool PGPHandler::LoadCertificateFromString(const std::string& pgp_cert,PGPIdType
|
||||
free(mem) ;
|
||||
error_string.clear() ;
|
||||
|
||||
// Check that there is exactly one key in this data packet.
|
||||
//
|
||||
if(tmp_keyring->nkeys != 1)
|
||||
{
|
||||
std::cerr << "Loaded certificate contains more than one PGP key. This is not allowed." << std::endl;
|
||||
error_string = "Loaded certificate contains more than one PGP key. This is not allowed." ;
|
||||
return false ;
|
||||
}
|
||||
|
||||
// Check that the key is correctly self-signed.
|
||||
//
|
||||
const ops_keydata_t *keydata = ops_keyring_get_key_by_index(tmp_keyring,0);
|
||||
|
||||
ops_validate_result_t* result=(ops_validate_result_t*)ops_mallocz(sizeof *result);
|
||||
|
||||
if(!ops_validate_key_signatures(result,keydata,tmp_keyring,cb_get_passphrase))
|
||||
{
|
||||
std::cerr << "Cannot validate self-signature for this certificate. Format error?" << std::endl;
|
||||
error_string = "Cannot validate self signature for this certificate. Format error?" ;
|
||||
return false ;
|
||||
}
|
||||
|
||||
bool found = false ;
|
||||
|
||||
for(uint32_t i=0;i<result->valid_count;++i)
|
||||
if(!memcmp((unsigned char*)result->valid_sigs[i].signer_id,keydata->key_id,KEY_ID_SIZE))
|
||||
{
|
||||
found = true ;
|
||||
break ;
|
||||
}
|
||||
|
||||
if(!found)
|
||||
{
|
||||
error_string = "This key is not self-signed. This is required by Retroshare." ;
|
||||
std::cerr << "This key is not self-signed. This is required by Retroshare." << std::endl;
|
||||
ops_validate_result_free(result);
|
||||
return false ;
|
||||
}
|
||||
ops_validate_result_free(result);
|
||||
|
||||
#ifdef DEBUG_PGPHANDLER
|
||||
std::cerr << " Key read correctly: " << std::endl;
|
||||
#endif
|
||||
ops_keyring_list(tmp_keyring) ;
|
||||
#endif
|
||||
|
||||
const ops_keydata_t *keydata = NULL ;
|
||||
int i=0 ;
|
||||
|
||||
while( (keydata = ops_keyring_get_key_by_index(tmp_keyring,i++)) != NULL )
|
||||
|
@ -85,6 +85,7 @@ int main(int argc,char *argv[])
|
||||
std::string name ;
|
||||
std::list<std::string> signers ;
|
||||
|
||||
PGPHandler::setPassphraseCallback(pgp_pwd_cb) ;
|
||||
PGPHandler handler("toto1","toto2","toto3","toto4") ;
|
||||
handler.getGPGDetailsFromBinaryBlock(cert.pgp_key(),cert.pgp_key_size(),key_id,name,signers) ;
|
||||
|
||||
@ -114,10 +115,7 @@ int main(int argc,char *argv[])
|
||||
std::string error_string ;
|
||||
PGPIdType found_id ;
|
||||
|
||||
PGPHandler::setPassphraseCallback(pgp_pwd_cb) ;
|
||||
PGPHandler pgph("pubring.pgp","secring.pgp","trustdb.pgp","lock") ;
|
||||
|
||||
bool result = pgph.LoadCertificateFromString(res,found_id,error_string) ;
|
||||
bool result = handler.LoadCertificateFromString(res,found_id,error_string) ;
|
||||
|
||||
if(!result)
|
||||
std::cerr << "Certificate error: " << error_string << std::endl;
|
||||
|
Loading…
Reference in New Issue
Block a user