mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-26 07:59:35 -05:00
Added group validation code.
Tested and seems to work fine Reverted back setAuthenPolicy static function to overwrite semantics and modified wiki and channels policy to equivalents statements git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@6201 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
3fe1bf78be
commit
bc8c569db3
@ -362,9 +362,105 @@ std::string GxsSecurity::getRsaKeySign(RSA *pubkey)
|
|||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
bool GxsSecurity::validateNxsGrp(RsNxsGrp *newGrp, RsTlvKeySignature& sign, RsTlvSecurityKey& key)
|
bool GxsSecurity::validateNxsGrp(RsNxsGrp& grp, RsTlvKeySignature& sign, RsTlvSecurityKey& key)
|
||||||
{
|
{
|
||||||
return false;
|
#ifdef GXS_SECURITY_DEBUG
|
||||||
|
std::cerr << "GxsSecurity::validateNxsGrp()";
|
||||||
|
std::cerr << std::endl;
|
||||||
|
std::cerr << "RsNxsGrp :";
|
||||||
|
std::cerr << std::endl;
|
||||||
|
grp.print(std::cerr, 10);
|
||||||
|
std::cerr << std::endl;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
RsGxsGrpMetaData& grpMeta = *(grp.metaData);
|
||||||
|
|
||||||
|
/********************* check signature *******************/
|
||||||
|
|
||||||
|
/* check signature timeperiod */
|
||||||
|
if ((grpMeta.mPublishTs < key.startTS) ||
|
||||||
|
(grpMeta.mPublishTs > key.endTS))
|
||||||
|
{
|
||||||
|
#ifdef GXS_SECURITY_DEBUG
|
||||||
|
std::cerr << " GxsSecurity::validateNxsMsg() TS out of range";
|
||||||
|
std::cerr << std::endl;
|
||||||
|
#endif
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
|
/* decode key */
|
||||||
|
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
|
||||||
|
long keylen = key.keyData.bin_len;
|
||||||
|
unsigned int siglen = sign.signData.bin_len;
|
||||||
|
unsigned char *sigbuf = (unsigned char *) sign.signData.bin_data;
|
||||||
|
|
||||||
|
#ifdef DISTRIB_DEBUG
|
||||||
|
std::cerr << "GxsSecurity::validateNxsMsg() Decode Key";
|
||||||
|
std::cerr << " keylen: " << keylen << " siglen: " << siglen;
|
||||||
|
std::cerr << std::endl;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
/* extract admin key */
|
||||||
|
RSA *rsakey = d2i_RSAPublicKey(NULL, &(keyptr), keylen);
|
||||||
|
|
||||||
|
if (!rsakey)
|
||||||
|
{
|
||||||
|
#ifdef GXS_SECURITY_DEBUG
|
||||||
|
std::cerr << "GxsSecurity::validateNxsGrp()";
|
||||||
|
std::cerr << " Invalid RSA Key";
|
||||||
|
std::cerr << std::endl;
|
||||||
|
|
||||||
|
key.print(std::cerr, 10);
|
||||||
|
#endif
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
RsTlvKeySignatureSet signSet = grpMeta.signSet;
|
||||||
|
grpMeta.signSet.TlvClear();
|
||||||
|
|
||||||
|
uint32_t metaDataLen = grpMeta.serial_size();
|
||||||
|
uint32_t allGrpDataLen = metaDataLen + grp.grp.bin_len;
|
||||||
|
char* metaData = new char[metaDataLen];
|
||||||
|
char* allGrpData = new char[allGrpDataLen]; // msgData + metaData
|
||||||
|
|
||||||
|
grpMeta.serialise(metaData, metaDataLen);
|
||||||
|
|
||||||
|
// copy msg data and meta in allmsgData buffer
|
||||||
|
memcpy(allGrpData, grp.grp.bin_data, grp.grp.bin_len);
|
||||||
|
memcpy(allGrpData+(grp.grp.bin_len), metaData, metaDataLen);
|
||||||
|
|
||||||
|
|
||||||
|
EVP_PKEY *signKey = EVP_PKEY_new();
|
||||||
|
EVP_PKEY_assign_RSA(signKey, rsakey);
|
||||||
|
|
||||||
|
/* calc and check signature */
|
||||||
|
EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
|
||||||
|
|
||||||
|
EVP_VerifyInit(mdctx, EVP_sha1());
|
||||||
|
EVP_VerifyUpdate(mdctx, allGrpData, allGrpDataLen);
|
||||||
|
int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
|
||||||
|
|
||||||
|
/* clean up */
|
||||||
|
EVP_PKEY_free(signKey);
|
||||||
|
EVP_MD_CTX_destroy(mdctx);
|
||||||
|
|
||||||
|
grpMeta.signSet = signSet;
|
||||||
|
|
||||||
|
if (signOk == 1)
|
||||||
|
{
|
||||||
|
#ifdef GXS_SECURITY_DEBUG
|
||||||
|
std::cerr << "GxsSecurity::validateNxsGrp() Signature OK";
|
||||||
|
std::cerr << std::endl;
|
||||||
|
#endif
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
#ifdef GXS_SECURITY_DEBUG
|
||||||
|
std::cerr << "GxsSecurity::validateNxsGrp() Signature invalid";
|
||||||
|
std::cerr << std::endl;
|
||||||
|
#endif
|
||||||
|
|
||||||
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
void GxsSecurity::setRSAPublicKey(RsTlvSecurityKey & key, RSA *rsa_pub)
|
void GxsSecurity::setRSAPublicKey(RsTlvSecurityKey & key, RSA *rsa_pub)
|
||||||
|
@ -120,7 +120,7 @@ public:
|
|||||||
* @param key the public key to use to check signature
|
* @param key the public key to use to check signature
|
||||||
* @return true if group valid false otherwise
|
* @return true if group valid false otherwise
|
||||||
*/
|
*/
|
||||||
static bool validateNxsGrp(RsNxsGrp *newGrp, RsTlvKeySignature& sign, RsTlvSecurityKey& key);
|
static bool validateNxsGrp(RsNxsGrp& grp, RsTlvKeySignature& sign, RsTlvSecurityKey& key);
|
||||||
|
|
||||||
/*!
|
/*!
|
||||||
* Validate a msg's signature using the given public key
|
* Validate a msg's signature using the given public key
|
||||||
|
@ -286,15 +286,6 @@ uint8_t RsGenExchange::createGroup(RsNxsGrp *grp, RsTlvSecurityKeySet& privateKe
|
|||||||
|
|
||||||
uint8_t ret = createGroupSignatures(meta->signSet, grpData, *(grp->metaData));
|
uint8_t ret = createGroupSignatures(meta->signSet, grpData, *(grp->metaData));
|
||||||
|
|
||||||
// set meta to be transported as meta without private
|
|
||||||
// key components
|
|
||||||
grp->meta.setBinData(metaData, metaDataLen);
|
|
||||||
|
|
||||||
// but meta that is stored locally
|
|
||||||
// has private keys
|
|
||||||
// nxs net transports only bin data
|
|
||||||
meta->keys = privateKeySet;
|
|
||||||
|
|
||||||
// clean up
|
// clean up
|
||||||
delete[] allGrpData;
|
delete[] allGrpData;
|
||||||
delete[] metaData;
|
delete[] metaData;
|
||||||
@ -333,7 +324,7 @@ int RsGenExchange::createGroupSignatures(RsTlvKeySignatureSet& signSet, RsTlvBin
|
|||||||
PrivacyBitPos pos = GRP_OPTION_BITS;
|
PrivacyBitPos pos = GRP_OPTION_BITS;
|
||||||
|
|
||||||
// Check required permissions, and allow them to sign it - if they want too - as well!
|
// Check required permissions, and allow them to sign it - if they want too - as well!
|
||||||
if (checkAuthenFlag(pos, author_flag))
|
if ((!grpMeta.mAuthorId.empty()) || checkAuthenFlag(pos, author_flag))
|
||||||
{
|
{
|
||||||
needIdentitySign = true;
|
needIdentitySign = true;
|
||||||
std::cerr << "Needs Identity sign! (Service Flags)";
|
std::cerr << "Needs Identity sign! (Service Flags)";
|
||||||
@ -577,41 +568,40 @@ int RsGenExchange::createMessage(RsNxsMsg* msg)
|
|||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
// get publish key
|
// get publish key
|
||||||
|
|
||||||
RsGxsGrpMetaData* grpMeta = metaMap[id];
|
RsGxsGrpMetaData* grpMeta = metaMap[id];
|
||||||
|
|
||||||
uint32_t metaDataLen = meta.serial_size();
|
uint32_t metaDataLen = meta.serial_size();
|
||||||
uint32_t allMsgDataLen = metaDataLen + msg->msg.bin_len;
|
uint32_t allMsgDataLen = metaDataLen + msg->msg.bin_len;
|
||||||
char* metaData = new char[metaDataLen];
|
char* metaData = new char[metaDataLen];
|
||||||
char* allMsgData = new char[allMsgDataLen]; // msgData + metaData
|
char* allMsgData = new char[allMsgDataLen]; // msgData + metaData
|
||||||
|
|
||||||
meta.serialise(metaData, &metaDataLen);
|
meta.serialise(metaData, &metaDataLen);
|
||||||
|
|
||||||
// copy msg data and meta in allmsgData buffer
|
// copy msg data and meta in allmsgData buffer
|
||||||
memcpy(allMsgData, msg->msg.bin_data, msg->msg.bin_len);
|
memcpy(allMsgData, msg->msg.bin_data, msg->msg.bin_len);
|
||||||
memcpy(allMsgData+(msg->msg.bin_len), metaData, metaDataLen);
|
memcpy(allMsgData+(msg->msg.bin_len), metaData, metaDataLen);
|
||||||
|
|
||||||
RsTlvBinaryData msgData(0);
|
RsTlvBinaryData msgData(0);
|
||||||
|
|
||||||
msgData.setBinData(allMsgData, allMsgDataLen);
|
msgData.setBinData(allMsgData, allMsgDataLen);
|
||||||
|
|
||||||
// create signatures
|
// create signatures
|
||||||
ret_val = createMsgSignatures(meta.signSet, msgData, meta, *grpMeta);
|
ret_val = createMsgSignatures(meta.signSet, msgData, meta, *grpMeta);
|
||||||
|
|
||||||
|
|
||||||
// get hash of msg data to create msg id
|
// get hash of msg data to create msg id
|
||||||
pqihash hash;
|
pqihash hash;
|
||||||
hash.addData(allMsgData, allMsgDataLen);
|
hash.addData(allMsgData, allMsgDataLen);
|
||||||
hash.Complete(msg->msgId);
|
hash.Complete(msg->msgId);
|
||||||
|
|
||||||
// assign msg id to msg meta
|
// assign msg id to msg meta
|
||||||
msg->metaData->mMsgId = msg->msgId;
|
msg->metaData->mMsgId = msg->msgId;
|
||||||
|
|
||||||
delete[] metaData;
|
delete[] metaData;
|
||||||
delete[] allMsgData;
|
delete[] allMsgData;
|
||||||
|
|
||||||
delete grpMeta;
|
delete grpMeta;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(ret_val == SIGN_FAIL)
|
if(ret_val == SIGN_FAIL)
|
||||||
@ -752,6 +742,79 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, RsTlvSecu
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int RsGenExchange::validateGrp(RsNxsGrp* grp, RsTlvSecurityKeySet& grpKeySet)
|
||||||
|
{
|
||||||
|
|
||||||
|
bool needIdentitySign = false, idValidate = false;
|
||||||
|
RsGxsGrpMetaData& metaData = *(grp->metaData);
|
||||||
|
|
||||||
|
int id_ret;
|
||||||
|
|
||||||
|
uint8_t author_flag = GXS_SERV::GRP_OPTION_AUTHEN_AUTHOR_SIGN;
|
||||||
|
|
||||||
|
PrivacyBitPos pos = GRP_OPTION_BITS;
|
||||||
|
|
||||||
|
// Check required permissions, and allow them to sign it - if they want too - as well!
|
||||||
|
if (!(metaData.mAuthorId.empty()) || checkAuthenFlag(pos, author_flag))
|
||||||
|
{
|
||||||
|
needIdentitySign = true;
|
||||||
|
std::cerr << "Needs Identity sign! (Service Flags)";
|
||||||
|
std::cerr << std::endl;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(needIdentitySign)
|
||||||
|
{
|
||||||
|
if(mGixs)
|
||||||
|
{
|
||||||
|
bool haveKey = mGixs->haveKey(metaData.mAuthorId);
|
||||||
|
|
||||||
|
if(haveKey)
|
||||||
|
{
|
||||||
|
|
||||||
|
RsTlvSecurityKey authorKey;
|
||||||
|
bool auth_key_fetched = mGixs->getKey(metaData.mAuthorId, authorKey) == 1;
|
||||||
|
|
||||||
|
if (auth_key_fetched)
|
||||||
|
{
|
||||||
|
|
||||||
|
RsTlvKeySignature sign = metaData.signSet.keySignSet[GXS_SERV::FLAG_AUTHEN_IDENTITY];
|
||||||
|
idValidate = GxsSecurity::validateNxsGrp(*grp, sign, authorKey);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
std::cerr << "RsGenExchange::validateGrp()";
|
||||||
|
std::cerr << " ERROR Cannot Retrieve AUTHOR KEY for Group Sign Validation";
|
||||||
|
std::cerr << std::endl;
|
||||||
|
idValidate = false;
|
||||||
|
}
|
||||||
|
|
||||||
|
}else
|
||||||
|
{
|
||||||
|
std::list<std::string> peers;
|
||||||
|
mGixs->requestKey(metaData.mAuthorId, peers);
|
||||||
|
return VALIDATE_FAIL_TRY_LATER;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
#ifdef GEN_EXHANGE_DEBUG
|
||||||
|
std::cerr << "Gixs not enabled while request identity signature validation!" << std::endl;
|
||||||
|
#endif
|
||||||
|
idValidate = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
idValidate = true;
|
||||||
|
}
|
||||||
|
|
||||||
|
if(idValidate)
|
||||||
|
return VALIDATE_SUCCESS;
|
||||||
|
else
|
||||||
|
return VALIDATE_FAIL;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
bool RsGenExchange::checkAuthenFlag(const PrivacyBitPos& pos, const uint8_t& flag) const
|
bool RsGenExchange::checkAuthenFlag(const PrivacyBitPos& pos, const uint8_t& flag) const
|
||||||
{
|
{
|
||||||
std::cerr << "RsGenExchange::checkMsgAuthenFlag(pos: " << pos << " flag: ";
|
std::cerr << "RsGenExchange::checkMsgAuthenFlag(pos: " << pos << " flag: ";
|
||||||
@ -1130,19 +1193,19 @@ bool RsGenExchange::setAuthenPolicyFlag(const uint8_t &msgFlag, uint32_t& authen
|
|||||||
switch(pos)
|
switch(pos)
|
||||||
{
|
{
|
||||||
case PUBLIC_GRP_BITS:
|
case PUBLIC_GRP_BITS:
|
||||||
//authenFlag &= ~PUB_GRP_MASK;
|
authenFlag &= ~PUB_GRP_MASK;
|
||||||
authenFlag |= temp;
|
authenFlag |= temp;
|
||||||
break;
|
break;
|
||||||
case RESTRICTED_GRP_BITS:
|
case RESTRICTED_GRP_BITS:
|
||||||
//authenFlag &= ~RESTR_GRP_MASK;
|
authenFlag &= ~RESTR_GRP_MASK;
|
||||||
authenFlag |= (temp << RESTR_GRP_OFFSET);
|
authenFlag |= (temp << RESTR_GRP_OFFSET);
|
||||||
break;
|
break;
|
||||||
case PRIVATE_GRP_BITS:
|
case PRIVATE_GRP_BITS:
|
||||||
//authenFlag &= ~PRIV_GRP_MASK;
|
authenFlag &= ~PRIV_GRP_MASK;
|
||||||
authenFlag |= (temp << PRIV_GRP_OFFSET);
|
authenFlag |= (temp << PRIV_GRP_OFFSET);
|
||||||
break;
|
break;
|
||||||
case GRP_OPTION_BITS:
|
case GRP_OPTION_BITS:
|
||||||
//authenFlag &= ~GRP_OPTIONS_MASK;
|
authenFlag &= ~GRP_OPTIONS_MASK;
|
||||||
authenFlag |= (temp << GRP_OPTIONS_OFFSET);
|
authenFlag |= (temp << GRP_OPTIONS_OFFSET);
|
||||||
break;
|
break;
|
||||||
default:
|
default:
|
||||||
@ -1160,7 +1223,23 @@ void RsGenExchange::notifyNewGroups(std::vector<RsNxsGrp *> &groups)
|
|||||||
|
|
||||||
// store these for tick() to pick them up
|
// store these for tick() to pick them up
|
||||||
for(; vit != groups.end(); vit++)
|
for(; vit != groups.end(); vit++)
|
||||||
mReceivedGrps.push_back(*vit);
|
{
|
||||||
|
RsNxsGrp* grp = *vit;
|
||||||
|
NxsGrpPendValidVect::iterator received = std::find(mReceivedGrps.begin(),
|
||||||
|
mReceivedGrps.end(), grp->grpId);
|
||||||
|
|
||||||
|
// drop group if you already have them
|
||||||
|
// TODO: move this to nxs layer to save bandwidth
|
||||||
|
if(received == mReceivedGrps.end())
|
||||||
|
{
|
||||||
|
GxsPendingSignItem<RsNxsGrp*, RsGxsGroupId> gpsi(grp, grp->grpId);
|
||||||
|
mReceivedGrps.push_back(gpsi);
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
delete grp;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -1674,11 +1753,13 @@ void RsGenExchange::publishGrps()
|
|||||||
ServiceCreate_Return ret = service_CreateGroup(grpItem, privatekeySet);
|
ServiceCreate_Return ret = service_CreateGroup(grpItem, privatekeySet);
|
||||||
|
|
||||||
uint32_t size = mSerialiser->size(grpItem);
|
uint32_t size = mSerialiser->size(grpItem);
|
||||||
char gData[size];
|
char *gData = new char[size];
|
||||||
bool serialOk = mSerialiser->serialise(grpItem, gData, &size);
|
|
||||||
|
|
||||||
|
bool serialOk = mSerialiser->serialise(grpItem, gData, &size);
|
||||||
grp->grp.setBinData(gData, size);
|
grp->grp.setBinData(gData, size);
|
||||||
|
|
||||||
|
delete[] gData;
|
||||||
|
|
||||||
if(serialOk)
|
if(serialOk)
|
||||||
{
|
{
|
||||||
grp->metaData = new RsGxsGrpMetaData();
|
grp->metaData = new RsGxsGrpMetaData();
|
||||||
@ -1690,11 +1771,23 @@ void RsGenExchange::publishGrps()
|
|||||||
|
|
||||||
if(create == CREATE_SUCCESS)
|
if(create == CREATE_SUCCESS)
|
||||||
{
|
{
|
||||||
if(mDataStore->validSize(grp))
|
|
||||||
|
uint32_t mdSize = grp->metaData->serial_size();
|
||||||
|
char* metaData = new char[mdSize];
|
||||||
|
serialOk = grp->metaData->serialise(metaData, mdSize);
|
||||||
|
grp->meta.setBinData(metaData, mdSize);
|
||||||
|
delete[] metaData;
|
||||||
|
|
||||||
|
// place back private keys for publisher
|
||||||
|
grp->metaData->keys = privatekeySet;
|
||||||
|
|
||||||
|
if(mDataStore->validSize(grp) && serialOk)
|
||||||
{
|
{
|
||||||
RsGxsGroupId grpId = grp->grpId;
|
RsGxsGroupId grpId = grp->grpId;
|
||||||
mDataAccess->addGroupData(grp);
|
mDataAccess->addGroupData(grp);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
std::cerr << "RsGenExchange::publishGrps() ok -> pushing to notifies" << std::endl;
|
std::cerr << "RsGenExchange::publishGrps() ok -> pushing to notifies" << std::endl;
|
||||||
|
|
||||||
// add to published to allow acknowledgement
|
// add to published to allow acknowledgement
|
||||||
@ -1982,7 +2075,7 @@ void RsGenExchange::processRecvdMessages()
|
|||||||
getMsgIdPair(*msg));
|
getMsgIdPair(*msg));
|
||||||
|
|
||||||
if(failed_entry != mMsgPendingValidate.end()) mMsgPendingValidate.erase(failed_entry);
|
if(failed_entry != mMsgPendingValidate.end()) mMsgPendingValidate.erase(failed_entry);
|
||||||
delete msg;
|
delete msg;
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
@ -2024,37 +2117,69 @@ void RsGenExchange::processRecvdMessages()
|
|||||||
mReceivedMsgs.clear();
|
mReceivedMsgs.clear();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
void RsGenExchange::processRecvdGroups()
|
void RsGenExchange::processRecvdGroups()
|
||||||
{
|
{
|
||||||
RsStackMutex stack(mGenMtx);
|
RsStackMutex stack(mGenMtx);
|
||||||
|
|
||||||
std::vector<RsNxsGrp*>::iterator vit = mReceivedGrps.begin();
|
NxsGrpPendValidVect::iterator vit = mReceivedGrps.begin();
|
||||||
std::map<RsNxsGrp*, RsGxsGrpMetaData*> grps;
|
std::map<RsNxsGrp*, RsGxsGrpMetaData*> grps;
|
||||||
|
|
||||||
std::list<RsGxsGroupId> grpIds;
|
std::list<RsGxsGroupId> grpIds;
|
||||||
|
|
||||||
for(; vit != mReceivedGrps.end(); vit++)
|
while( vit != mReceivedGrps.end())
|
||||||
{
|
{
|
||||||
RsNxsGrp* grp = *vit;
|
GxsPendingSignItem<RsNxsGrp*, RsGxsGroupId>& gpsi = *vit;
|
||||||
|
RsNxsGrp* grp = gpsi.mItem;
|
||||||
RsGxsGrpMetaData* meta = new RsGxsGrpMetaData();
|
RsGxsGrpMetaData* meta = new RsGxsGrpMetaData();
|
||||||
bool ok = meta->deserialise(grp->meta.bin_data, grp->meta.bin_len);
|
bool deserialOk = meta->deserialise(grp->meta.bin_data, grp->meta.bin_len);
|
||||||
|
bool erase = true;
|
||||||
|
|
||||||
if(ok)
|
if(deserialOk)
|
||||||
{
|
{
|
||||||
meta->mGroupStatus = GXS_SERV::GXS_GRP_STATUS_UNPROCESSED | GXS_SERV::GXS_GRP_STATUS_UNREAD;
|
grp->metaData = meta;
|
||||||
grps.insert(std::make_pair(grp, meta));
|
uint8_t ret = validateGrp(grp, meta->keys);
|
||||||
grpIds.push_back(grp->grpId);
|
|
||||||
|
|
||||||
|
if(ret == VALIDATE_SUCCESS)
|
||||||
|
{
|
||||||
|
meta->mGroupStatus = GXS_SERV::GXS_GRP_STATUS_UNPROCESSED | GXS_SERV::GXS_GRP_STATUS_UNREAD;
|
||||||
|
grps.insert(std::make_pair(grp, meta));
|
||||||
|
grpIds.push_back(grp->grpId);
|
||||||
|
|
||||||
|
erase = true;
|
||||||
|
}
|
||||||
|
else if(ret == VALIDATE_FAIL)
|
||||||
|
{
|
||||||
|
#ifdef GXS_GENX_DEBUG
|
||||||
|
std::cerr << "failed to deserialise incoming meta, grpId: "
|
||||||
|
<< grp->grpId << std::endl;
|
||||||
|
#endif
|
||||||
|
delete grp;
|
||||||
|
erase = true;
|
||||||
|
}
|
||||||
|
else if(ret == VALIDATE_FAIL_TRY_LATER)
|
||||||
|
{
|
||||||
|
if(gpsi.mAttempts == VALIDATE_MAX_ATTEMPTS)
|
||||||
|
{
|
||||||
|
delete grp;
|
||||||
|
erase = true;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
erase = false;
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
else
|
else
|
||||||
{
|
{
|
||||||
#ifdef GXS_GENX_DEBUG
|
delete grp;
|
||||||
std::cerr << "failed to deserialise incoming meta, grpId: "
|
erase = true;
|
||||||
<< grp->grpId << std::endl;
|
|
||||||
#endif
|
|
||||||
delete grp;
|
|
||||||
delete meta;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if(erase)
|
||||||
|
vit = mReceivedGrps.erase(vit);
|
||||||
|
else
|
||||||
|
vit++;
|
||||||
}
|
}
|
||||||
|
|
||||||
if(!grpIds.empty())
|
if(!grpIds.empty())
|
||||||
@ -2064,8 +2189,4 @@ void RsGenExchange::processRecvdGroups()
|
|||||||
mNotifications.push_back(c);
|
mNotifications.push_back(c);
|
||||||
mDataStore->storeGroup(grps);
|
mDataStore->storeGroup(grps);
|
||||||
}
|
}
|
||||||
|
|
||||||
mReceivedGrps.clear();
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -550,7 +550,6 @@ private:
|
|||||||
/*!
|
/*!
|
||||||
* This completes the creation of an instance on RsNxsGrp
|
* This completes the creation of an instance on RsNxsGrp
|
||||||
* by assigning it a groupId and signature via SHA1 and EVP_sign respectively \n
|
* by assigning it a groupId and signature via SHA1 and EVP_sign respectively \n
|
||||||
* Meta is serialised and stored in group at this point also
|
|
||||||
* @param grp Nxs group to create
|
* @param grp Nxs group to create
|
||||||
* @return CREATE_SUCCESS for success, CREATE_FAIL for fail,
|
* @return CREATE_SUCCESS for success, CREATE_FAIL for fail,
|
||||||
* CREATE_FAIL_TRY_LATER for Id sign key not avail (but requested)
|
* CREATE_FAIL_TRY_LATER for Id sign key not avail (but requested)
|
||||||
@ -606,15 +605,24 @@ private:
|
|||||||
void generateGroupKeys(RsTlvSecurityKeySet& privatekeySet, RsTlvSecurityKeySet& publickeySet, bool genPublishKeys);
|
void generateGroupKeys(RsTlvSecurityKeySet& privatekeySet, RsTlvSecurityKeySet& publickeySet, bool genPublishKeys);
|
||||||
|
|
||||||
/*!
|
/*!
|
||||||
* Attempts to validate msg
|
* Attempts to validate msg signatures
|
||||||
* @param msg message to be validated
|
* @param msg message to be validated
|
||||||
* @param grpFlag the flag for the group the message belongs to
|
* @param grpFlag the flag for the group the message belongs to
|
||||||
* @param grpKeySet
|
* @param grpKeySet the key set user has for the message's group
|
||||||
* @return VALIDATE_SUCCESS for success, VALIDATE_FAIL for fail,
|
* @return VALIDATE_SUCCESS for success, VALIDATE_FAIL for fail,
|
||||||
* VALIDATE_ID_SIGN_NOT_AVAIL for Id sign key not avail (but requested)
|
* VALIDATE_ID_SIGN_NOT_AVAIL for Id sign key not avail (but requested)
|
||||||
*/
|
*/
|
||||||
int validateMsg(RsNxsMsg* msg, const uint32_t& grpFlag, RsTlvSecurityKeySet& grpKeySet);
|
int validateMsg(RsNxsMsg* msg, const uint32_t& grpFlag, RsTlvSecurityKeySet& grpKeySet);
|
||||||
|
|
||||||
|
/*!
|
||||||
|
* Attempts to validate group signatures
|
||||||
|
* @param grp group to be validated
|
||||||
|
* @param grpKeySet the keys set user has for the group
|
||||||
|
* @return VALIDATE_SUCCESS for success, VALIDATE_FAIL for fail,
|
||||||
|
* VALIDATE_ID_SIGN_NOT_AVAIL for Id sign key not avail (but requested)
|
||||||
|
*/
|
||||||
|
int validateGrp(RsNxsGrp* grp, RsTlvSecurityKeySet& grpKeySet);
|
||||||
|
|
||||||
/*!
|
/*!
|
||||||
* Checks flag against a given privacy bit block
|
* Checks flag against a given privacy bit block
|
||||||
* @param pos Determines 8 bit wide privacy block to check
|
* @param pos Determines 8 bit wide privacy block to check
|
||||||
@ -637,7 +645,9 @@ private:
|
|||||||
RsGixs* mGixs;
|
RsGixs* mGixs;
|
||||||
|
|
||||||
std::vector<RsNxsMsg*> mReceivedMsgs;
|
std::vector<RsNxsMsg*> mReceivedMsgs;
|
||||||
std::vector<RsNxsGrp*> mReceivedGrps;
|
|
||||||
|
typedef std::vector<GxsPendingSignItem<RsNxsGrp*, RsGxsGroupId> > NxsGrpPendValidVect;
|
||||||
|
NxsGrpPendValidVect mReceivedGrps;
|
||||||
|
|
||||||
std::map<uint32_t, RsGxsGrpItem*> mGrpsToPublish;
|
std::map<uint32_t, RsGxsGrpItem*> mGrpsToPublish;
|
||||||
std::map<uint32_t, RsGxsMsgItem*> mMsgsToPublish;
|
std::map<uint32_t, RsGxsMsgItem*> mMsgsToPublish;
|
||||||
@ -662,10 +672,6 @@ private:
|
|||||||
std::vector<GxsPendingSignItem<RsNxsMsg*, RsGxsGrpMsgIdPair> > mMsgPendingValidate;
|
std::vector<GxsPendingSignItem<RsNxsMsg*, RsGxsGrpMsgIdPair> > mMsgPendingValidate;
|
||||||
typedef std::vector<GxsPendingSignItem<RsNxsMsg*, RsGxsGrpMsgIdPair> > NxsMsgPendingVect;
|
typedef std::vector<GxsPendingSignItem<RsNxsMsg*, RsGxsGrpMsgIdPair> > NxsMsgPendingVect;
|
||||||
|
|
||||||
|
|
||||||
std::vector<GxsPendingSignItem<RsGxsGrpItem*, RsGxsGroupId> >
|
|
||||||
mGrpPendingValidation;
|
|
||||||
|
|
||||||
std::vector<GxsPendingSignItem<RsGxsGrpItem*, uint32_t> > mGrpPendingSign;
|
std::vector<GxsPendingSignItem<RsGxsGrpItem*, uint32_t> > mGrpPendingSign;
|
||||||
typedef std::vector<GxsPendingSignItem<RsGxsGrpItem*, uint32_t> > NxsGrpSignPendVect;
|
typedef std::vector<GxsPendingSignItem<RsGxsGrpItem*, uint32_t> > NxsGrpSignPendVect;
|
||||||
|
|
||||||
|
@ -58,38 +58,24 @@ p3GxsChannels::p3GxsChannels(RsGeneralDataService *gds, RsNetworkExchangeService
|
|||||||
mGenActive = false;
|
mGenActive = false;
|
||||||
mCommentService = new p3GxsCommentService(this, RS_SERVICE_GXSV1_TYPE_CHANNELS);
|
mCommentService = new p3GxsCommentService(this, RS_SERVICE_GXSV1_TYPE_CHANNELS);
|
||||||
|
|
||||||
//#ifndef GXS_DEV_TESTNET // NO RESET, OR DUMMYDATA for TESTNET
|
#ifndef GXS_DEV_TESTNET // NO RESET, OR DUMMYDATA for TESTNET
|
||||||
|
|
||||||
RsTickEvent::schedule_in(CHANNEL_TESTEVENT_DUMMYDATA, DUMMYDATA_PERIOD);
|
RsTickEvent::schedule_in(CHANNEL_TESTEVENT_DUMMYDATA, DUMMYDATA_PERIOD);
|
||||||
|
|
||||||
//#endif
|
#endif
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
uint32_t p3GxsChannels::channelsAuthenPolicy()
|
uint32_t p3GxsChannels::channelsAuthenPolicy()
|
||||||
{
|
{
|
||||||
uint32_t policy = 0;
|
uint32_t policy = 0;
|
||||||
uint32_t flag = 0;
|
uint32_t flag = 0;
|
||||||
|
|
||||||
flag = GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN;
|
flag = GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN | GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN;
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS);
|
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS);
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PUBLIC_GRP_BITS);
|
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS);
|
|
||||||
|
|
||||||
flag = GXS_SERV::MSG_AUTHEN_CHILD_PUBLISH_SIGN;
|
flag |= GXS_SERV::MSG_AUTHEN_CHILD_PUBLISH_SIGN;
|
||||||
//RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PUBLIC_GRP_BITS);
|
//flag |= GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN;
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS);
|
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS);
|
|
||||||
|
|
||||||
flag = GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN;
|
|
||||||
//RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS);
|
|
||||||
//RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PUBLIC_GRP_BITS);
|
|
||||||
//RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS);
|
|
||||||
|
|
||||||
flag = GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN;
|
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS);
|
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PUBLIC_GRP_BITS);
|
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PUBLIC_GRP_BITS);
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS);
|
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS);
|
||||||
|
|
||||||
@ -98,8 +84,6 @@ uint32_t p3GxsChannels::channelsAuthenPolicy()
|
|||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
void p3GxsChannels::notifyChanges(std::vector<RsGxsNotify *> &changes)
|
void p3GxsChannels::notifyChanges(std::vector<RsGxsNotify *> &changes)
|
||||||
{
|
{
|
||||||
RsGxsIfaceHelper::receiveChanges(changes);
|
RsGxsIfaceHelper::receiveChanges(changes);
|
||||||
|
@ -69,7 +69,9 @@ uint32_t p3Wiki::wikiAuthenPolicy()
|
|||||||
uint32_t policy = 0;
|
uint32_t policy = 0;
|
||||||
uint8_t flag = 0;
|
uint8_t flag = 0;
|
||||||
|
|
||||||
flag = GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN;
|
// Edits generally need an authors signature.
|
||||||
|
|
||||||
|
flag = GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN | GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN;
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PUBLIC_GRP_BITS);
|
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PUBLIC_GRP_BITS);
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS);
|
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS);
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS);
|
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS);
|
||||||
@ -85,12 +87,6 @@ uint32_t p3Wiki::wikiAuthenPolicy()
|
|||||||
//RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS);
|
//RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS);
|
||||||
//RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS);
|
//RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS);
|
||||||
|
|
||||||
// Edits generally need an authors signature.
|
|
||||||
flag = GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN;
|
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PUBLIC_GRP_BITS);
|
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::RESTRICTED_GRP_BITS);
|
|
||||||
RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::PRIVATE_GRP_BITS);
|
|
||||||
|
|
||||||
//flag = GXS_SERV::GRP_OPTION_AUTHEN_AUTHOR_SIGN;
|
//flag = GXS_SERV::GRP_OPTION_AUTHEN_AUTHOR_SIGN;
|
||||||
//RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::GRP_OPTION_BITS);
|
//RsGenExchange::setAuthenPolicyFlag(flag, policy, RsGenExchange::GRP_OPTION_BITS);
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user