From b8cee76fa5f7f98ed355a05bc3d99c2c899517bf Mon Sep 17 00:00:00 2001
From: csoler <retroshare.project@gmail.com>
Date: Sun, 9 Sep 2012 20:25:39 +0000
Subject: [PATCH] added display of IP address for incoming failed connexion
 attempts

git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@5532 b45a01b8-16f6-495d-af2f-9b41ad6348cc
---
 libretroshare/src/pqi/authssl.cc              | 94 ++++++++++++-------
 libretroshare/src/pqi/authssl.h               |  5 +
 libretroshare/src/pqi/p3notify.cc             |  8 ++
 libretroshare/src/pqi/p3notify.h              |  1 +
 libretroshare/src/pqi/pqinotify.h             |  1 +
 libretroshare/src/pqi/pqissllistener.cc       |  4 +-
 libretroshare/src/retroshare/rsnotify.h       |  7 +-
 retroshare-gui/src/gui/NewsFeed.cpp           |  8 +-
 retroshare-gui/src/gui/feeds/SecurityItem.cpp | 13 +--
 retroshare-gui/src/gui/feeds/SecurityItem.h   |  3 +-
 10 files changed, 97 insertions(+), 47 deletions(-)

diff --git a/libretroshare/src/pqi/authssl.cc b/libretroshare/src/pqi/authssl.cc
index 78e542765..b66e7c541 100644
--- a/libretroshare/src/pqi/authssl.cc
+++ b/libretroshare/src/pqi/authssl.cc
@@ -964,21 +964,24 @@ bool    AuthSSLimpl::ValidateCertificate(X509 *x509, std::string &peerId)
 static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx)
 {
 #ifdef AUTHSSL_DEBUG
-        std::cerr << "static verify_x509_callback called.";
-        std::cerr << std::endl;
+	std::cerr << "static verify_x509_callback called.";
+	std::cerr << std::endl;
 #endif
-        int verify = AuthSSL::getAuthSSL()->VerifyX509Callback(preverify_ok, ctx);
-	if (!verify)
-	{
-		/* Process as FAILED Certificate */
-		/* Start as INCOMING, as outgoing is already captured */
-		struct sockaddr_in addr;
-		sockaddr_clear(&addr);
-		
-		AuthSSL::getAuthSSL()->FailedCertificate(X509_STORE_CTX_get_current_cert(ctx), addr, true); 
-	}
+	int verify = AuthSSL::getAuthSSL()->VerifyX509Callback(preverify_ok, ctx);
 
-        return verify;
+	X509 *x509 = X509_STORE_CTX_get_current_cert(ctx) ;
+
+	if(x509 != NULL)
+	{
+		std::string gpgid = getX509CNString(x509->cert_info->issuer);
+		std::string sslcn = getX509CNString(x509->cert_info->subject);
+		std::string sslid ;
+		getX509id(x509,sslid);
+
+		AuthSSL::getAuthSSL()->registerConnexionAttempt_ids(gpgid,sslid,sslcn) ;
+	} 
+
+	return verify;
 }
 
 int AuthSSLimpl::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
@@ -1286,18 +1289,41 @@ bool    AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
 /********************************************************************************/
 /********************************************************************************/
 
-/* store for discovery */
-bool    AuthSSLimpl::FailedCertificate(X509 *x509, const struct sockaddr_in &/*addr*/, bool incoming)
+void AuthSSLimpl::registerConnexionAttempt_ids(const std::string& gpg_id,const std::string& ssl_id,const std::string& ssl_cn)
 {
-        std::string peerId = "UnknownSSLID";
-	if(!getX509id(x509, peerId)) 
-	{
-		std::cerr << "AuthSSLimpl::FailedCertificate() ERROR cannot extract X509id from certificate";
-		std::cerr << std::endl;
-	}
+	std::cerr << "AuthSSL: registering connexion attempt from:" << std::endl;
+	std::cerr << "    GPG id: " << gpg_id << std::endl;
+	std::cerr << "    SSL id: " << ssl_id << std::endl;
+	std::cerr << "    SSL cn: " << ssl_cn << std::endl;
+	_last_gpgid_to_connect = gpg_id ;
+	_last_sslid_to_connect = ssl_id ;
+	_last_sslcn_to_connect = ssl_cn ;
+}
 
-        std::string gpgid = getX509CNString(x509->cert_info->issuer);
-        std::string sslcn = getX509CNString(x509->cert_info->subject);
+/* store for discovery */
+bool    AuthSSLimpl::FailedCertificate(X509 *x509, const struct sockaddr_in& addr, bool incoming)
+{
+	std::string gpgid = "Unknown GPG Id" ;
+	std::string sslcn = "Unknown SSL location" ;
+	std::string sslid = "Unknown SSL Id" ;
+
+	if(x509 != NULL)
+	{
+		if(!getX509id(x509, sslid)) 
+		{
+			std::cerr << "AuthSSLimpl::FailedCertificate() ERROR cannot extract X509id from certificate";
+			std::cerr << std::endl;
+		}
+
+		gpgid = getX509CNString(x509->cert_info->issuer);
+		sslcn = getX509CNString(x509->cert_info->subject);
+	}
+	else if(incoming)
+	{
+		gpgid = _last_gpgid_to_connect ;
+		sslcn = _last_sslcn_to_connect ;
+		sslid = _last_sslid_to_connect ;
+	}
 
 	std::cerr << "AuthSSLimpl::FailedCertificate() ";
 	if (incoming)
@@ -1309,16 +1335,18 @@ bool    AuthSSLimpl::FailedCertificate(X509 *x509, const struct sockaddr_in &/*a
 		std::cerr << " Outgoing to: ";
 	}
 
-	std::cerr << "GpgId: " << gpgid << " SSLcn: " << sslcn << " peerId: " << peerId;
-	std::cerr << std::endl;
-
 	// Hacky - adding IpAddress to SSLId.
-//	rs_sprintf_append(peerId, "/%s:%u", rs_inet_ntoa(addr.sin_addr).c_str(), ntohs(addr.sin_port));
+	
+	std::string ip_address ;
+	rs_sprintf_append(ip_address, "%s:%u", rs_inet_ntoa(addr.sin_addr).c_str(), ntohs(addr.sin_port));
+
+	std::cerr << "GpgId: " << gpgid << " SSLcn: " << sslcn << " peerId: " << sslid << ", ip address: " << ip_address;
+	std::cerr << std::endl;
 
 	uint32_t notifyType = 0;
 
 	/* if auths -> store */
-	if (AuthX509WithGPG(x509))
+	if(x509 != NULL && AuthX509WithGPG(x509))
 	{
 		std::cerr << "AuthSSLimpl::FailedCertificate() Cert Checked Out, so passing to Notify";
 		std::cerr << std::endl;
@@ -1326,14 +1354,14 @@ bool    AuthSSLimpl::FailedCertificate(X509 *x509, const struct sockaddr_in &/*a
 		if (incoming)
 		{
 			notifyType = RS_FEED_ITEM_SEC_CONNECT_ATTEMPT;
-			getPqiNotify()->AddPopupMessage(RS_POPUP_CONNECT_ATTEMPT, gpgid, sslcn, peerId);
+			getPqiNotify()->AddPopupMessage(RS_POPUP_CONNECT_ATTEMPT, gpgid, sslcn, sslid);
 		}
 		else
 		{
 			notifyType = RS_FEED_ITEM_SEC_AUTH_DENIED;
 		}
 
-		getPqiNotify()->AddFeedItem(notifyType, gpgid, peerId, sslcn);
+		getPqiNotify()->AddFeedItem(notifyType, gpgid, sslid, sslcn, ip_address);
 
 		LocalStoreCert(x509);
 		return true;
@@ -1343,15 +1371,15 @@ bool    AuthSSLimpl::FailedCertificate(X509 *x509, const struct sockaddr_in &/*a
 		/* unknown peer! */
 		if (incoming)
 		{
-			notifyType = RS_FEED_ITEM_SEC_UNKNOWN_IN;
-			getPqiNotify()->AddPopupMessage(RS_POPUP_CONNECT_ATTEMPT, gpgid, sslcn, peerId);
+			notifyType = RS_FEED_ITEM_SEC_CONNECT_ATTEMPT;
+			getPqiNotify()->AddPopupMessage(RS_POPUP_CONNECT_ATTEMPT, gpgid, sslcn, sslid);
 		}
 		else
 		{
 			notifyType = RS_FEED_ITEM_SEC_UNKNOWN_OUT;
 		}
 
-		getPqiNotify()->AddFeedItem(notifyType, gpgid, peerId, sslcn);
+		getPqiNotify()->AddFeedItem(notifyType, gpgid, sslid, sslcn, ip_address);
 
 	}
 
diff --git a/libretroshare/src/pqi/authssl.h b/libretroshare/src/pqi/authssl.h
index 5f1c27e85..1ee1b1b5f 100644
--- a/libretroshare/src/pqi/authssl.h
+++ b/libretroshare/src/pqi/authssl.h
@@ -152,6 +152,7 @@ virtual bool 	ValidateCertificate(X509 *x509, std::string &peerId) = 0; /* valid
 virtual SSL_CTX *getCTX() = 0;
 
 /* Restored these functions: */
+virtual void   registerConnexionAttempt_ids(const std::string& gpg_id,const std::string& ssl_id,const std::string& ssl_cn) = 0 ;
 virtual bool    FailedCertificate(X509 *x509, const struct sockaddr_in &addr, bool incoming) = 0; /* store for discovery */
 virtual bool 	CheckCertificate(std::string peerId, X509 *x509) = 0; /* check that they are exact match */
 };
@@ -226,6 +227,7 @@ virtual bool 	ValidateCertificate(X509 *x509, std::string &peerId); /* validate
 virtual SSL_CTX *getCTX();
 
 /* Restored these functions: */
+virtual void   registerConnexionAttempt_ids(const std::string& gpg_id,const std::string& ssl_id,const std::string& ssl_cn) ;
 virtual bool    FailedCertificate(X509 *x509, const struct sockaddr_in &addr, bool incoming); /* store for discovery */
 virtual bool 	CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
 
@@ -257,6 +259,9 @@ bool 	locked_FindCert(std::string id, sslcert **cert);
 
         std::map<std::string, sslcert *> mCerts;
 
+		  std::string _last_gpgid_to_connect ;
+		  std::string _last_sslcn_to_connect ;
+		  std::string _last_sslid_to_connect ;
 };
 
 #endif // MRK_AUTH_SSL_HEADER
diff --git a/libretroshare/src/pqi/p3notify.cc b/libretroshare/src/pqi/p3notify.cc
index e7e3a01a5..a195480a4 100644
--- a/libretroshare/src/pqi/p3notify.cc
+++ b/libretroshare/src/pqi/p3notify.cc
@@ -193,6 +193,14 @@ bool p3Notify::GetFeedItem(RsFeedItem &item)
 }
 
 
+bool p3Notify::AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3, const std::string& id4)
+{
+	RsStackMutex stack(noteMtx); /************* LOCK MUTEX ************/
+	pendingNewsFeed.push_back(RsFeedItem(type, id1, id2, id3, id4));
+
+	return true;
+}
+
 bool p3Notify::AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3)
 {
 	RsStackMutex stack(noteMtx); /************* LOCK MUTEX ************/
diff --git a/libretroshare/src/pqi/p3notify.h b/libretroshare/src/pqi/p3notify.h
index 3b80b0b96..9eb80bb13 100644
--- a/libretroshare/src/pqi/p3notify.h
+++ b/libretroshare/src/pqi/p3notify.h
@@ -88,6 +88,7 @@ virtual bool AddPopupMessage(uint32_t ptype, const std::string& name, const std:
 virtual bool AddSysMessage(uint32_t sysid, uint32_t type, const std::string& title, const std::string& msg);
 virtual bool AddLogMessage(uint32_t sysid, uint32_t type, const std::string& title, const std::string& msg);
 virtual bool AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3);
+virtual bool AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3,const std::string& id4);
 virtual bool ClearFeedItems(uint32_t type);
 
 	private:
diff --git a/libretroshare/src/pqi/pqinotify.h b/libretroshare/src/pqi/pqinotify.h
index 12db382c7..86f8e3862 100644
--- a/libretroshare/src/pqi/pqinotify.h
+++ b/libretroshare/src/pqi/pqinotify.h
@@ -44,6 +44,7 @@ virtual bool AddPopupMessage(uint32_t ptype, const std::string& name, const std:
 virtual bool AddSysMessage(uint32_t sysid, uint32_t type, const std::string& title, const std::string& msg) = 0;
 virtual bool AddLogMessage(uint32_t sysid, uint32_t type, const std::string& title, const std::string& msg) = 0;
 virtual bool AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3) = 0;
+virtual bool AddFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3, const std::string& id4) = 0;
 virtual bool ClearFeedItems(uint32_t type) = 0;
 };
 
diff --git a/libretroshare/src/pqi/pqissllistener.cc b/libretroshare/src/pqi/pqissllistener.cc
index 0bdc721e0..597716eb0 100644
--- a/libretroshare/src/pqi/pqissllistener.cc
+++ b/libretroshare/src/pqi/pqissllistener.cc
@@ -477,6 +477,7 @@ int 	pqissllistenbase::Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_
 		std::string out;
 		rs_sprintf(out, "pqissllistenbase::Extract_Failed_SSL_Certificate() from: %s:%u ERROR Peer didn't give Cert!", rs_inet_ntoa(addr->sin_addr).c_str(), ntohs(addr->sin_port));
 		std::cerr << out << std::endl;
+        AuthSSL::getAuthSSL()->FailedCertificate(peercert, *addr, true);
 
 		pqioutput(PQL_WARNING, pqissllistenzone, out);
 		return -1;
@@ -491,11 +492,12 @@ int 	pqissllistenbase::Extract_Failed_SSL_Certificate(SSL *ssl, struct sockaddr_
 		std::cerr << out << std::endl;
 
 		pqioutput(PQL_WARNING, pqissllistenzone, out);
+		std::cerr << out << std::endl;
 	}
 
 	// save certificate... (and ip locations)
 	// false for outgoing....
-        AuthSSL::getAuthSSL()->FailedCertificate(peercert, *addr, true);
+	AuthSSL::getAuthSSL()->FailedCertificate(peercert, *addr, true);
 
 	return 1;
 }
diff --git a/libretroshare/src/retroshare/rsnotify.h b/libretroshare/src/retroshare/rsnotify.h
index da494e330..b9c2818af 100644
--- a/libretroshare/src/retroshare/rsnotify.h
+++ b/libretroshare/src/retroshare/rsnotify.h
@@ -98,16 +98,19 @@ const uint32_t RS_MESSAGE_CONNECT_ATTEMPT    = 0x0001;
 class RsFeedItem
 {
 public:
-	RsFeedItem(uint32_t type, std::string id1, std::string id2, std::string id3)
+	RsFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3)
 	:mType(type), mId1(id1), mId2(id2), mId3(id3)
 	{
 		return;
 	}
 
+	RsFeedItem(uint32_t type, const std::string& id1, const std::string& id2, const std::string& id3,const std::string& id4)
+	:mType(type), mId1(id1), mId2(id2), mId3(id3), mId4(id4) {}
+
 	RsFeedItem() :mType(0) { return; }
 
 	uint32_t mType;
-	std::string mId1, mId2, mId3;
+	std::string mId1, mId2, mId3, mId4;
 };
 
 
diff --git a/retroshare-gui/src/gui/NewsFeed.cpp b/retroshare-gui/src/gui/NewsFeed.cpp
index d49c099f9..a4c378686 100644
--- a/retroshare-gui/src/gui/NewsFeed.cpp
+++ b/retroshare-gui/src/gui/NewsFeed.cpp
@@ -497,7 +497,7 @@ void	NewsFeed::addFeedItemPeerNew(RsFeedItem &fi)
 void	NewsFeed::addFeedItemSecurityConnectAttempt(RsFeedItem &fi)
 {
 	/* make new widget */
-	SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, SEC_TYPE_CONNECT_ATTEMPT, false);
+	SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, fi.mId4, SEC_TYPE_CONNECT_ATTEMPT, false);
 
 	/* store */
 
@@ -513,7 +513,7 @@ void	NewsFeed::addFeedItemSecurityConnectAttempt(RsFeedItem &fi)
 void	NewsFeed::addFeedItemSecurityAuthDenied(RsFeedItem &fi)
 {
 	/* make new widget */
-	SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, SEC_TYPE_AUTH_DENIED, false);
+	SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, fi.mId4, SEC_TYPE_AUTH_DENIED, false);
 
 	/* store */
 
@@ -529,7 +529,7 @@ void	NewsFeed::addFeedItemSecurityAuthDenied(RsFeedItem &fi)
 void	NewsFeed::addFeedItemSecurityUnknownIn(RsFeedItem &fi)
 {
 	/* make new widget */
-	SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, SEC_TYPE_UNKNOWN_IN, false);
+	SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, fi.mId4, SEC_TYPE_UNKNOWN_IN, false);
 
 	/* store */
 
@@ -545,7 +545,7 @@ void	NewsFeed::addFeedItemSecurityUnknownIn(RsFeedItem &fi)
 void	NewsFeed::addFeedItemSecurityUnknownOut(RsFeedItem &fi)
 {
 	/* make new widget */
-	SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, SEC_TYPE_UNKNOWN_OUT, false);
+	SecurityItem *pi = new SecurityItem(this, NEWSFEED_SECLIST, fi.mId1, fi.mId2, fi.mId4, SEC_TYPE_UNKNOWN_OUT, false);
 	
 	/* store */
 	
diff --git a/retroshare-gui/src/gui/feeds/SecurityItem.cpp b/retroshare-gui/src/gui/feeds/SecurityItem.cpp
index a8c88a130..f76cf6e5b 100644
--- a/retroshare-gui/src/gui/feeds/SecurityItem.cpp
+++ b/retroshare-gui/src/gui/feeds/SecurityItem.cpp
@@ -42,9 +42,9 @@
  ****/
 
 /** Constructor */
-SecurityItem::SecurityItem(FeedHolder *parent, uint32_t feedId, const std::string &gpgId, const std::string &sslId, uint32_t type, bool isHome)
+SecurityItem::SecurityItem(FeedHolder *parent, uint32_t feedId, const std::string &gpgId, const std::string &sslId, const std::string& ip_address,uint32_t type, bool isHome)
 :QWidget(NULL), mParent(parent), mFeedId(feedId),
-	mSslId(sslId), mGpgId(gpgId), mType(type), mIsHome(isHome)
+	mSslId(sslId), mGpgId(gpgId), mType(type), mIsHome(isHome), mIP(ip_address)
 {
     /* Invoke the Qt Designer generated object setup routine */
     setupUi(this);
@@ -187,7 +187,7 @@ void SecurityItem::updateItem()
 				statusLabel->setText(tr("Unknown Peer"));
 				trustLabel->setText(tr("Unknown Peer"));
 				locLabel->setText(tr("Unknown Peer"));
-				ipLabel->setText(tr("Unknown Peer"));
+				ipLabel->setText(QString::fromStdString(mIP)) ; //tr("Unknown Peer"));
 				connLabel->setText(tr("Unknown Peer"));
 
 				chatButton->hide();
@@ -205,8 +205,9 @@ void SecurityItem::updateItem()
 		peerNameLabel->setText(QString::fromUtf8(details.name.c_str()));
 
 		/* expanded Info */
-		nameLabel->setText(QString::fromUtf8(details.name.c_str()));
-		idLabel->setText(QString::fromStdString(details.id));
+		nameLabel->setText(QString::fromUtf8(details.name.c_str()) + " (" + QString::fromStdString(mGpgId) + ")");
+		//idLabel->setText(QString::fromStdString(details.id));
+		idLabel->setText(QString::fromStdString(mSslId));
 		locLabel->setText(QString::fromUtf8(details.location.c_str()));
 
 		/* top Level info */
@@ -223,7 +224,7 @@ void SecurityItem::updateItem()
 		statusLabel->setText(status);
 		trustLabel->setText(QString::fromStdString(RsPeerTrustString(details.trustLvl)));
 
-		ipLabel->setText(QString("%1:%2/%3:%4").arg(QString::fromStdString(details.localAddr)).arg(details.localPort).arg(QString::fromStdString(details.extAddr)).arg(details.extPort));
+		ipLabel->setText(QString::fromStdString(mIP)) ; //QString("%1:%2/%3:%4").arg(QString::fromStdString(details.localAddr)).arg(details.localPort).arg(QString::fromStdString(details.extAddr)).arg(details.extPort));
 
 		connLabel->setText(StatusDefs::connectStateString(details));
 
diff --git a/retroshare-gui/src/gui/feeds/SecurityItem.h b/retroshare-gui/src/gui/feeds/SecurityItem.h
index 739e53eee..d2b87beb4 100644
--- a/retroshare-gui/src/gui/feeds/SecurityItem.h
+++ b/retroshare-gui/src/gui/feeds/SecurityItem.h
@@ -38,7 +38,7 @@ class SecurityItem : public QWidget, private Ui::SecurityItem
 
 public:
 	/** Default Constructor */
-	SecurityItem(FeedHolder *parent, uint32_t feedId, const std::string &gpgId, const std::string &sslId, uint32_t type, bool isHome);
+	SecurityItem(FeedHolder *parent, uint32_t feedId, const std::string &gpgId, const std::string &sslId, const std::string& ip_addr,uint32_t type, bool isHome);
 
 	void updateItemStatic();
 	void small();
@@ -69,6 +69,7 @@ private:
 
 	std::string mSslId;
 	std::string mGpgId;
+	std::string mIP;
 	uint32_t mType;
 	bool mIsHome;
 };