diff --git a/libretroshare/src/gxs/gxssecurity.cc b/libretroshare/src/gxs/gxssecurity.cc index 35c5ba796..f0e4b9be7 100644 --- a/libretroshare/src/gxs/gxssecurity.cc +++ b/libretroshare/src/gxs/gxssecurity.cc @@ -74,90 +74,102 @@ bool GxsSecurity::getSignature(char* data, uint32_t data_len, RsTlvSecurityKey* return ok; } -bool GxsSecurity::validateNxsMsg(RsNxsMsg *msg, RsTlvKeySignature& sign, RsTlvSecurityKeySet& key) +bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSecurityKey& key) { - //#ifdef GXS_SECURITY_DEBUG - // std::cerr << "GxsSecurity::validateNxsMsg()"; - // std::cerr << std::endl; - // std::cerr << "RsNxsMsg :"; - // std::cerr << std::endl; - // msg->print(std::cerr, 10); - // std::cerr << std::endl; - //#endif + #ifdef GXS_SECURITY_DEBUG + std::cerr << "GxsSecurity::validateNxsMsg()"; + std::cerr << std::endl; + std::cerr << "RsNxsMsg :"; + std::cerr << std::endl; + msg.print(std::cerr, 10); + std::cerr << std::endl; + #endif + RsGxsMsgMetaData& msgMeta = *(msg.metaData); // /********************* check signature *******************/ - // /* check signature timeperiod */ - // if ((newMsg->timestamp < kit->second.startTS) || - // (newMsg->timestamp > kit->second.endTS)) - // { - //#ifdef DISTRIB_DEBUG - // std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() TS out of range"; - // std::cerr << std::endl; - //#endif - // return false; - // } + /* check signature timeperiod */ + if ((msgMeta.mPublishTs < key.startTS) || + (msgMeta.mPublishTs > key.endTS)) + { + #ifdef GXS_SECURITY_DEBUG + std::cerr << " GxsSecurity::validateNxsMsg() TS out of range"; + std::cerr << std::endl; + #endif + return false; + } - // /* decode key */ - // const unsigned char *keyptr = (const unsigned char *) kit->second.keyData.bin_data; - // long keylen = kit->second.keyData.bin_len; - // unsigned int siglen = newMsg->publishSignature.signData.bin_len; - // unsigned char *sigbuf = (unsigned char *) newMsg->publishSignature.signData.bin_data; + /* decode key */ + const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data; + long keylen = key.keyData.bin_len; + unsigned int siglen = sign.signData.bin_len; + unsigned char *sigbuf = (unsigned char *) sign.signData.bin_data; - //#ifdef DISTRIB_DEBUG - // std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Decode Key"; - // std::cerr << " keylen: " << keylen << " siglen: " << siglen; - // std::cerr << std::endl; - //#endif + #ifdef DISTRIB_DEBUG + std::cerr << "GxsSecurity::validateNxsMsg() Decode Key"; + std::cerr << " keylen: " << keylen << " siglen: " << siglen; + std::cerr << std::endl; + #endif - // /* extract admin key */ - // RSA *rsakey = d2i_RSAPublicKey(NULL, &(keyptr), keylen); + /* extract admin key */ + RSA *rsakey = d2i_RSAPublicKey(NULL, &(keyptr), keylen); - // if (!rsakey) - // { - //#ifdef DISTRIB_DEBUG - // std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg()"; - // std::cerr << " Invalid RSA Key"; - // std::cerr << std::endl; + if (!rsakey) + { + #ifdef GXS_SECURITY_DEBUG + std::cerr << "GxsSecurity::validateNxsMsg()"; + std::cerr << " Invalid RSA Key"; + std::cerr << std::endl; - // unsigned long err = ERR_get_error(); - // std::cerr << "RSA Load Failed .... CODE(" << err << ")" << std::endl; - // std::cerr << ERR_error_string(err, NULL) << std::endl; - - // kit->second.print(std::cerr, 10); - //#endif - // } + key.print(std::cerr, 10); + #endif + } - // EVP_PKEY *signKey = EVP_PKEY_new(); - // EVP_PKEY_assign_RSA(signKey, rsakey); + RsTlvKeySignatureSet signSet = msgMeta.signSet; + msgMeta.signSet.TlvClear(); - // /* calc and check signature */ - // EVP_MD_CTX *mdctx = EVP_MD_CTX_create(); + uint32_t metaDataLen = msgMeta.serial_size(); + uint32_t allMsgDataLen = metaDataLen + msg.msg.bin_len; + char* metaData = new char[metaDataLen]; + char* allMsgData = new char[allMsgDataLen]; // msgData + metaData - // EVP_VerifyInit(mdctx, EVP_sha1()); - // EVP_VerifyUpdate(mdctx, newMsg->packet.bin_data, newMsg->packet.bin_len); - // int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey); + msgMeta.serialise(metaData, &metaDataLen); - // /* clean up */ - // EVP_PKEY_free(signKey); - // EVP_MD_CTX_destroy(mdctx); + // copy msg data and meta in allmsgData buffer + memcpy(allMsgData, msg.msg.bin_data, msg.msg.bin_len); + memcpy(allMsgData+(msg.msg.bin_len), metaData, metaDataLen); - // if (signOk == 1) - // { - //#ifdef GXS_SECURITY_DEBUG - // std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Signature OK"; - // std::cerr << std::endl; - //#endif - // return true; - // } + EVP_PKEY *signKey = EVP_PKEY_new(); + EVP_PKEY_assign_RSA(signKey, rsakey); - //#ifdef DISTRIB_DEBUG - // std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Signature invalid"; - // std::cerr << std::endl; - //#endif + /* calc and check signature */ + EVP_MD_CTX *mdctx = EVP_MD_CTX_create(); + + EVP_VerifyInit(mdctx, EVP_sha1()); + EVP_VerifyUpdate(mdctx, allMsgData, allMsgDataLen); + int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey); + + /* clean up */ + EVP_PKEY_free(signKey); + EVP_MD_CTX_destroy(mdctx); + + + if (signOk == 1) + { + #ifdef GXS_SECURITY_DEBUG + std::cerr << "GxsSecurity::validateNxsMsg() Signature OK"; + std::cerr << std::endl; + #endif + return true; + } + + #ifdef GXS_SECURITY_DEBUG + std::cerr << "GxsSecurity::validateNxsMsg() Signature invalid"; + std::cerr << std::endl; + #endif return false; } diff --git a/libretroshare/src/gxs/gxssecurity.h b/libretroshare/src/gxs/gxssecurity.h index 826072e6a..889006017 100644 --- a/libretroshare/src/gxs/gxssecurity.h +++ b/libretroshare/src/gxs/gxssecurity.h @@ -129,7 +129,7 @@ public: * @param key the public key to use to check signature * @return false if verfication of signature is not passed */ - static bool validateNxsMsg(RsNxsMsg *msg, RsTlvKeySignature& sign, RsTlvSecurityKeySet& key); + static bool validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSecurityKey& key); /*! diff --git a/libretroshare/src/gxs/rsgenexchange.cc b/libretroshare/src/gxs/rsgenexchange.cc index 54ca3a115..4e04d7788 100644 --- a/libretroshare/src/gxs/rsgenexchange.cc +++ b/libretroshare/src/gxs/rsgenexchange.cc @@ -34,10 +34,23 @@ #include "gxssecurity.h" #include "util/contentvalue.h" #include "rsgxsflags.h" +#include "rsgixs.h" -RsGenExchange::RsGenExchange(RsGeneralDataService *gds, - RsNetworkExchangeService *ns, RsSerialType *serviceSerialiser, uint16_t servType, RsGixs* gixs) -: mGenMtx("GenExchange"), mDataStore(gds), mNetService(ns), mSerialiser(serviceSerialiser), mServType(servType), mGixs(gixs) + +#define PUB_GRP_MASK 0x000f +#define RESTR_GRP_MASK 0x00f0 +#define PRIV_GRP_MASK 0x0f00 +#define GRP_OPTIONS_MASK 0xf000 + +#define PUB_GRP_OFFSET 0 +#define RESTR_GRP_OFFSET 8 +#define PRIV_GRP_OFFSET 16 +#define GRP_OPTIONS_OFFSET 24 + +RsGenExchange::RsGenExchange(RsGeneralDataService *gds, RsNetworkExchangeService *ns, + RsSerialType *serviceSerialiser, uint16_t servType, RsGixs* gixs, uint32_t authenPolicy) +: mGenMtx("GenExchange"), mDataStore(gds), mNetService(ns), mSerialiser(serviceSerialiser), + mServType(servType), mGixs(gixs), mAuthenPolicy(authenPolicy) { mDataAccess = new RsGxsDataAccess(gds); @@ -60,7 +73,7 @@ RsGenExchange::~RsGenExchange() void RsGenExchange::run() { - double timeDelta = 0.06; // slow tick + double timeDelta = 0.1; // slow tick while(true) { @@ -145,7 +158,7 @@ void RsGenExchange::generateGroupKeys(RsTlvSecurityKeySet& keySet) { /* create Keys */ - // admin keys + // admin keys RSA *rsa_admin = RSA_generate_key(2048, 65537, NULL, NULL); RSA *rsa_admin_pub = RSAPublicKey_dup(rsa_admin); @@ -168,13 +181,13 @@ void RsGenExchange::generateGroupKeys(RsTlvSecurityKeySet& keySet) adminKey.startTS = time(NULL); adminKey.endTS = 0; /* no end */ - privAdminKey.startTS = time(NULL); + privAdminKey.startTS = adminKey.startTS; privAdminKey.endTS = 0; /* no end */ - pubKey.startTS = time(NULL); - pubKey.endTS = 0; /* no end */ + pubKey.startTS = adminKey.startTS; + pubKey.endTS = pubKey.startTS + 60 * 60 * 24 * 365 * 5; /* approx 5 years */ - privPubKey.startTS = time(NULL); + privPubKey.startTS = adminKey.startTS; privPubKey.endTS = 0; /* no end */ // for now all public @@ -354,6 +367,160 @@ bool RsGenExchange::createMessage(RsNxsMsg* msg) return ok; } +bool RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, RsTlvSecurityKeySet& grpKeySet) +{ + bool isParent = false; + bool checkPublishSign, checkIdentitySign; + bool valid = true; + + // publish signature is determined by whether group is public or not + // for private group signature is not needed as it needs decrypting with + // the private publish key anyways + + // restricted is a special case which heeds whether publish sign needs to be checked or not + // one may or may not want + + if(msg->metaData->mParentId.empty()) + { + isParent = false; + } + else + { + isParent = true; + } + + + if(isParent) + { + checkIdentitySign = false; + checkPublishSign = false; + + if(grpFlag & GXS_SERV::FLAG_PRIVACY_PUBLIC) + { + checkPublishSign = false; + + if(checkMsgAuthenFlag(PUBLIC_GRP_BITS, GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN)) + checkIdentitySign = true; + + } + else if(grpFlag & GXS_SERV::FLAG_PRIVACY_RESTRICTED) + { + checkPublishSign = true; + + if(checkMsgAuthenFlag(RESTRICTED_GRP_BITS, GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN)) + checkIdentitySign = true; + } + else if(grpFlag & GXS_SERV::FLAG_PRIVACY_PRIVATE) + { + checkPublishSign = false; + + if(checkMsgAuthenFlag(PRIVATE_GRP_BITS, GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN)) + checkIdentitySign = true; + } + + }else + { + if(grpFlag & GXS_SERV::FLAG_PRIVACY_PUBLIC) + { + checkPublishSign = false; + + if(checkMsgAuthenFlag(PUBLIC_GRP_BITS, GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN)) + checkIdentitySign = true; + + } + else if(grpFlag & GXS_SERV::FLAG_PRIVACY_RESTRICTED) + { + if(checkMsgAuthenFlag(RESTRICTED_GRP_BITS, GXS_SERV::MSG_AUTHEN_CHILD_PUBLISH_SIGN)) + checkPublishSign = true; + + if(checkMsgAuthenFlag(RESTRICTED_GRP_BITS, GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN)) + checkIdentitySign = true; + } + else if(grpFlag & GXS_SERV::FLAG_PRIVACY_PRIVATE) + { + checkPublishSign = false; + + if(checkMsgAuthenFlag(PRIVATE_GRP_BITS, GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN)) + checkIdentitySign = true; + } + } + + RsGxsMsgMetaData& metaData = *(msg->metaData); + + if(checkPublishSign) + { + RsTlvKeySignature sign = metaData.signSet.keySignSet[GXS_SERV::FLAG_AUTHEN_PUBLISH]; + + if(grpKeySet.keys.find(sign.keyId) != grpKeySet.keys.end()) + { + RsTlvSecurityKey publishKey = grpKeySet.keys[sign.keyId]; + valid &= GxsSecurity::validateNxsMsg(*msg, sign, publishKey); + } + else + { + valid = false; + } + + } + + + if(checkIdentitySign) + { + bool haveKey = mGixs->haveKey(metaData.mAuthorId); + + if(haveKey) + { + std::list peers; + mGixs->requestKey(metaData.mAuthorId, peers); + + RsTlvSecurityKey authorKey; + + double timeDelta = 0.002; // fast polling + time_t now = time(NULL); + // poll immediately but, don't spend more than a second polling + while( (mGixs->getKey(metaData.mAuthorId, authorKey) == -1) && + ((now + 1) >> time(NULL)) + ) + { +#ifndef WINDOWS_SYS + usleep((int) (timeDelta * 1000000)); +#else + Sleep((int) (timeDelta * 1000)); +#endif + } + + RsTlvKeySignature sign = metaData.signSet.keySignSet[GXS_SERV::FLAG_AUTHEN_PUBLISH]; + valid &= GxsSecurity::validateNxsMsg(*msg, sign, authorKey); + }else + { + valid = false; + } + } + + return valid; +} + +bool RsGenExchange::checkMsgAuthenFlag(const PrivacyBitPos& pos, const uint8_t& flag) const +{ + switch(pos) + { + case PUBLIC_GRP_BITS: + return mAuthenPolicy & flag; + break; + case RESTRICTED_GRP_BITS: + return flag & (mAuthenPolicy >> RESTR_GRP_OFFSET); + break; + case PRIVATE_GRP_BITS: + return flag & (mAuthenPolicy >> PRIV_GRP_OFFSET); + break; + case GRP_OPTION_BITS: + return flag & (mAuthenPolicy >> GRP_OPTIONS_OFFSET); + break; + default: + std::cerr << "pos option not recognised"; + return false; + } +} bool RsGenExchange::getGroupList(const uint32_t &token, std::list &groupIds) { @@ -494,6 +661,36 @@ RsTokenService* RsGenExchange::getTokenService() } +bool RsGenExchange::setAuthenPolicyFlag(const uint8_t &msgFlag, uint32_t& authenFlag, const PrivacyBitPos &pos) +{ + uint32_t temp = 0; + temp = msgFlag; + + switch(pos) + { + case PUBLIC_GRP_BITS: + authenFlag &= ~PUB_GRP_MASK; + authenFlag |= temp; + break; + case RESTRICTED_GRP_BITS: + authenFlag &= ~RESTR_GRP_MASK; + authenFlag |= (temp << RESTR_GRP_OFFSET); + break; + case PRIVATE_GRP_BITS: + authenFlag &= ~PRIV_GRP_MASK; + authenFlag |= (temp << PRIV_GRP_OFFSET); + break; + case GRP_OPTION_BITS: + authenFlag &= ~GRP_OPTIONS_MASK; + authenFlag |= (temp << GRP_OPTIONS_OFFSET); + break; + default: + std::cerr << "pos option not recognised"; + return false; + } + return true; +} + void RsGenExchange::notifyNewGroups(std::vector &groups) { std::vector::iterator vit = groups.begin(); @@ -953,7 +1150,18 @@ void RsGenExchange::processRecvdMessages() GxsMsgReq msgIds; std::map msgs; + std::map grpMetas; + + // coalesce group meta retrieval for performance for(; vit != mReceivedMsgs.end(); vit++) + { + RsNxsMsg* msg = *vit; + grpMetas.insert(std::make_pair(msg->grpId, (RsGxsGrpMetaData*)NULL)); + } + + mDataStore->retrieveGxsGrpMetaData(grpMetas); + + for(vit = mReceivedMsgs.begin(); vit != mReceivedMsgs.end(); vit++) { RsNxsMsg* msg = *vit; RsGxsMsgMetaData* meta = new RsGxsMsgMetaData(); @@ -961,10 +1169,25 @@ void RsGenExchange::processRecvdMessages() if(ok) { - msgs.insert(std::make_pair(msg, meta)); - msgIds[msg->grpId].push_back(msg->msgId); + std::map::iterator mit = grpMetas.find(msg->grpId); + + // validate msg + if(mit != grpMetas.end()){ + RsGxsGrpMetaData* grpMeta = mit->second; + ok = true; + //&= validateMsg(msg, grpMeta->mGroupFlags, grpMeta->keys); + } + else + ok = false; + + if(ok) + { + msgs.insert(std::make_pair(msg, meta)); + msgIds[msg->grpId].push_back(msg->msgId); + } } - else + + if(!ok) { #ifdef GXS_GENX_DEBUG std::cerr << "failed to deserialise incoming meta, grpId: " @@ -975,6 +1198,14 @@ void RsGenExchange::processRecvdMessages() } } + std::map::iterator mit = grpMetas.begin(); + + // clean up resources + for(; mit != grpMetas.end(); mit++) + { + delete mit->second; + } + if(!msgIds.empty()) { mDataStore->storeMessage(msgs); diff --git a/libretroshare/src/gxs/rsgenexchange.h b/libretroshare/src/gxs/rsgenexchange.h index fe18fc74d..232deab1b 100644 --- a/libretroshare/src/gxs/rsgenexchange.h +++ b/libretroshare/src/gxs/rsgenexchange.h @@ -41,7 +41,6 @@ typedef std::map > GxsMsgDataMap; typedef std::map GxsGroupDataMap; typedef std::map > GxsMsgMetaMap; - /*! * This should form the parent class to \n * all gxs services. This provides access to service's msg/grp data \n @@ -76,10 +75,12 @@ public: * @param serviceSerialiser The users service needs this \n * in order for gen exchange to deal with its data types * @param mServType This should be service type used by the serialiser - * @param This is used for verification of msgs and groups received by Gen Exchange using identities, set to NULL if \n + * @param gixs This is used for verification of msgs and groups received by Gen Exchange using identities, set to NULL if \n * identity verification is not wanted + * @param authenPolicy This determines the authentication used for verfying authorship of msgs and groups */ - RsGenExchange(RsGeneralDataService* gds, RsNetworkExchangeService* ns, RsSerialType* serviceSerialiser, uint16_t mServType, RsGixs* gixs = NULL); + RsGenExchange(RsGeneralDataService* gds, RsNetworkExchangeService* ns, + RsSerialType* serviceSerialiser, uint16_t mServType, RsGixs* gixs = NULL, uint32_t authenPolicy = 0); virtual ~RsGenExchange(); @@ -119,6 +120,21 @@ public: void run(); + /*! + * Policy bit pattern portion + */ + enum PrivacyBitPos { PUBLIC_GRP_BITS, RESTRICTED_GRP_BITS, PRIVATE_GRP_BITS, GRP_OPTION_BITS } ; + + /*! + * Convenience function for setting bit patterns of the individual privacy level authentication + * policy and group options + * @param flag the bit pattern (and policy) set for the privacy policy + * @param authenFlag Only the policy portion chosen will be modified with 'flag' + * @param pos The policy portion to modify + * @see PrivacyBitPos + */ + static bool setAuthenPolicyFlag(const uint8_t& flag, uint32_t& authenFlag, const PrivacyBitPos& pos); + public: /** data access functions **/ @@ -382,7 +398,6 @@ private: */ bool createMessage(RsNxsMsg* msg); - /*! * check meta change is legal * @return false if meta change is not legal @@ -395,6 +410,17 @@ private: */ void generateGroupKeys(RsTlvSecurityKeySet& keySet); + /*! + * Attempts to validate msg + * @param msg message to be validated + * @param grpFlag the flag for the group the message belongs to + * @param grpKeySet + * @return true if msg validates, false otherwise + */ + bool validateMsg(RsNxsMsg* msg, const uint32_t& grpFlag, RsTlvSecurityKeySet& grpKeySet); + + bool checkMsgAuthenFlag(const PrivacyBitPos& pos, const uint8_t& flag) const; + private: RsMutex mGenMtx; @@ -422,6 +448,9 @@ private: /// service type uint16_t mServType; + /// authentication policy + uint32_t mAuthenPolicy; + private: diff --git a/libretroshare/src/gxs/rsgixs.h b/libretroshare/src/gxs/rsgixs.h index 4c01d5b96..b7f37768d 100644 --- a/libretroshare/src/gxs/rsgixs.h +++ b/libretroshare/src/gxs/rsgixs.h @@ -31,9 +31,6 @@ #include "serialiser/rstlvkeys.h" -//#include -//#include - /*! * GIXP: General Identity Exchange Service. * diff --git a/libretroshare/src/gxs/rsgxsdata.cc b/libretroshare/src/gxs/rsgxsdata.cc index d77ad1dbd..3e5ee08fa 100644 --- a/libretroshare/src/gxs/rsgxsdata.cc +++ b/libretroshare/src/gxs/rsgxsdata.cc @@ -149,7 +149,6 @@ uint32_t RsGxsMsgMetaData::serial_size() s += GetTlvStringSize(mParentId); s += GetTlvStringSize(mOrigMsgId); s += GetTlvStringSize(mAuthorId); - s += GetTlvStringSize(mServiceString); s += signSet.TlvSize(); s += GetTlvStringSize(mMsgName); @@ -206,7 +205,6 @@ bool RsGxsMsgMetaData::serialise(void *data, uint32_t *size) ok &= SetTlvString(data, *size, &offset, 0, mParentId); ok &= SetTlvString(data, *size, &offset, 0, mOrigMsgId); ok &= SetTlvString(data, *size, &offset, 0, mAuthorId); - ok &= SetTlvString(data, *size, &offset, 0, mServiceString); ok &= signSet.SetTlv(data, *size, &offset); ok &= SetTlvString(data, *size, &offset, 0, mMsgName); @@ -234,7 +232,6 @@ bool RsGxsMsgMetaData::deserialise(void *data, uint32_t *size) ok &= GetTlvString(data, *size, &offset, 0, mParentId); ok &= GetTlvString(data, *size, &offset, 0, mOrigMsgId); ok &= GetTlvString(data, *size, &offset, 0, mAuthorId); - ok &= GetTlvString(data, *size, &offset, 0, mServiceString); ok &= signSet.GetTlv(data, *size, &offset); ok &= GetTlvString(data, *size, &offset, 0, mMsgName); diff --git a/libretroshare/src/gxs/rsgxsdata.h b/libretroshare/src/gxs/rsgxsdata.h index 78dd3c8e4..88d4044f1 100644 --- a/libretroshare/src/gxs/rsgxsdata.h +++ b/libretroshare/src/gxs/rsgxsdata.h @@ -112,6 +112,7 @@ public: uint32_t mMsgStatus; time_t mChildTs; + bool validated; }; diff --git a/libretroshare/src/gxs/rsgxsflags.h b/libretroshare/src/gxs/rsgxsflags.h index c769b06cc..ba352171b 100644 --- a/libretroshare/src/gxs/rsgxsflags.h +++ b/libretroshare/src/gxs/rsgxsflags.h @@ -51,16 +51,35 @@ namespace GXS_SERV { /** END authentication **/ + /** START msg authentication flags **/ + + static const uint8_t MSG_AUTHEN_MASK = 0x0f; + + static const uint8_t MSG_AUTHEN_ROOT_PUBLISH_SIGN = 0x01; + + static const uint8_t MSG_AUTHEN_CHILD_PUBLISH_SIGN = 0x02; + + static const uint8_t MSG_AUTHEN_ROOT_AUTHOR_SIGN = 0x04; + + static const uint8_t MSG_AUTHEN_CHILD_AUTHOR_SIGN = 0x08; + + /** END msg authentication flags **/ + + /** START group options flag **/ + + static const uint8_t GRP_OPTION_AUTHEN_AUTHOR_SIGN = 0x01; + + /** END group options flag **/ /** START Subscription Flags. (LOCAL) **/ - static const uint32_t GROUP_SUBSCRIBE_ADMIN = 0x00000001; + static const uint32_t GROUP_SUBSCRIBE_ADMIN = 0x01; - static const uint32_t GROUP_SUBSCRIBE_PUBLISH = 0x00000002; + static const uint32_t GROUP_SUBSCRIBE_PUBLISH = 0x02; - static const uint32_t GROUP_SUBSCRIBE_SUBSCRIBED = 0x00000004; + static const uint32_t GROUP_SUBSCRIBE_SUBSCRIBED = 0x04; - static const uint32_t GROUP_SUBSCRIBE_NOT_SUBSCRIBED = 0x00000008; + static const uint32_t GROUP_SUBSCRIBE_NOT_SUBSCRIBED = 0x08; static const uint32_t GROUP_SUBSCRIBE_MASK = 0x0000000f; diff --git a/libretroshare/src/gxs/rsgxsnetservice.cc b/libretroshare/src/gxs/rsgxsnetservice.cc index 0723b7ed1..f1a60973c 100644 --- a/libretroshare/src/gxs/rsgxsnetservice.cc +++ b/libretroshare/src/gxs/rsgxsnetservice.cc @@ -363,8 +363,8 @@ void RsGxsNetService::run(){ bool RsGxsNetService::locked_checkTransacTimedOut(NxsTransaction* tr) { - return tr->mTimeOut < ((uint32_t) time(NULL)); - // return false; + // return tr->mTimeOut < ((uint32_t) time(NULL)); + return false; } void RsGxsNetService::processTransactions(){ diff --git a/libretroshare/src/rsserver/rsinit.cc b/libretroshare/src/rsserver/rsinit.cc index 925c303cc..240a5b1f2 100644 --- a/libretroshare/src/rsserver/rsinit.cc +++ b/libretroshare/src/rsserver/rsinit.cc @@ -1818,9 +1818,9 @@ RsTurtle *rsTurtle = NULL ; #ifdef ENABLE_GXS_CORE #include "gxs/gxscoreserver.h" - #include "gxs/rsdataservice.h" #include "gxs/rsgxsnetservice.h" +#include "gxs/rsgxsflags.h" #endif #ifdef ENABLE_GXS_SERVICES @@ -2319,6 +2319,20 @@ int RsServer::StartupRetroShare() #if ENABLE_OTHER_GXS_SERVICES /**** Photo service ****/ + // create photo authentication policy + + uint32_t photoAuthenPolicy = 0; + + uint8_t flag = 0; + + flag = GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN; + RsGenExchange::setAuthenPolicyFlag(flag, photoAuthenPolicy, + RsGenExchange::RESTRICTED_GRP_BITS); + + flag = GXS_SERV::GRP_OPTION_AUTHEN_AUTHOR_SIGN; + RsGenExchange::setAuthenPolicyFlag(flag, photoAuthenPolicy, + RsGenExchange::GRP_OPTION_BITS); + p3PhotoServiceV2 *mPhotoV2 = NULL; @@ -2327,8 +2341,9 @@ int RsServer::StartupRetroShare() photo_ds->resetDataStore(); //TODO: remove, new service data per RS session, for testing + // init gxs services - mPhotoV2 = new p3PhotoServiceV2(photo_ds, NULL); + mPhotoV2 = new p3PhotoServiceV2(photo_ds, NULL, mGxsIdService, photoAuthenPolicy); // create GXS photo service RsGxsNetService* photo_ns = new RsGxsNetService( diff --git a/libretroshare/src/services/p3photoserviceV2.cc b/libretroshare/src/services/p3photoserviceV2.cc index f14691210..82d871d8f 100644 --- a/libretroshare/src/services/p3photoserviceV2.cc +++ b/libretroshare/src/services/p3photoserviceV2.cc @@ -79,8 +79,10 @@ std::ostream &operator<<(std::ostream &out, const RsPhotoAlbum &album) return out; } -p3PhotoServiceV2::p3PhotoServiceV2(RsGeneralDataService* gds, RsNetworkExchangeService* nes) - : RsGenExchange(gds, nes, new RsGxsPhotoSerialiser(), RS_SERVICE_GXSV1_TYPE_PHOTO), mPhotoMutex(std::string("Photo Mutex")) +p3PhotoServiceV2::p3PhotoServiceV2(RsGeneralDataService* gds, RsNetworkExchangeService* nes, RsGixs* gixs, + uint32_t authenPolicy) + : RsGenExchange(gds, nes, new RsGxsPhotoSerialiser(), RS_SERVICE_GXSV1_TYPE_PHOTO, gixs, authenPolicy), + mPhotoMutex(std::string("Photo Mutex")) { // create dummy grps diff --git a/libretroshare/src/services/p3photoserviceV2.h b/libretroshare/src/services/p3photoserviceV2.h index 0401ad4d7..0ddccf4db 100644 --- a/libretroshare/src/services/p3photoserviceV2.h +++ b/libretroshare/src/services/p3photoserviceV2.h @@ -34,7 +34,8 @@ class p3PhotoServiceV2 : public RsPhotoV2, public RsGenExchange { public: - p3PhotoServiceV2(RsGeneralDataService* gds, RsNetworkExchangeService* nes); + p3PhotoServiceV2(RsGeneralDataService* gds, RsNetworkExchangeService* nes, RsGixs* gixs, + uint32_t authenPolicy); public: diff --git a/retroshare-gui/src/gui/PhotoShare/AlbumCreateDialog.cpp b/retroshare-gui/src/gui/PhotoShare/AlbumCreateDialog.cpp index c76286d1c..a8712322b 100644 --- a/retroshare-gui/src/gui/PhotoShare/AlbumCreateDialog.cpp +++ b/retroshare-gui/src/gui/PhotoShare/AlbumCreateDialog.cpp @@ -4,6 +4,7 @@ #include "ui_AlbumCreateDialog.h" #include "util/misc.h" +#include "gxs/rsgxsflags.h" AlbumCreateDialog::AlbumCreateDialog(TokenQueue *photoQueue, RsPhotoV2 *rs_photo, QWidget *parent): QDialog(parent), @@ -20,6 +21,10 @@ AlbumCreateDialog::~AlbumCreateDialog() delete ui; } +#define PUBLIC_INDEX 0 +#define RESTRICTED_INDEX 1 +#define PRIVATE_INDEX 2 + void AlbumCreateDialog::publishAlbum() { // get fields for album to publish, publish and then exit dialog @@ -33,6 +38,22 @@ void AlbumCreateDialog::publishAlbum() album.mPhotographer = ui->lineEdit_Photographer->text().toStdString(); getAlbumThumbnail(album.mThumbnail); + + int currIndex = ui->privacyComboBox->currentIndex(); + + switch(currIndex) + { + case PUBLIC_INDEX: + album.mMeta.mGroupFlags |= GXS_SERV::FLAG_PRIVACY_PUBLIC; + break; + case RESTRICTED_INDEX: + album.mMeta.mGroupFlags |= GXS_SERV::FLAG_PRIVACY_RESTRICTED; + break; + case PRIVATE_INDEX: + album.mMeta.mGroupFlags |= GXS_SERV::FLAG_PRIVACY_PRIVATE; + break; + } + uint32_t token; mRsPhoto->submitAlbumDetails(token, album); mPhotoQueue->queueRequest(token, TOKENREQ_GROUPINFO, RS_TOKREQ_ANSTYPE_ACK, 0); diff --git a/retroshare-gui/src/gui/PhotoShare/AlbumCreateDialog.ui b/retroshare-gui/src/gui/PhotoShare/AlbumCreateDialog.ui index 5c881bfb9..4e0e3dcb4 100644 --- a/retroshare-gui/src/gui/PhotoShare/AlbumCreateDialog.ui +++ b/retroshare-gui/src/gui/PhotoShare/AlbumCreateDialog.ui @@ -7,7 +7,7 @@ 0 0 465 - 356 + 365 @@ -198,7 +198,7 @@ border-radius: 10px; - + 0 @@ -210,11 +210,6 @@ border-radius: 10px; Public - - - All Friends - - Restricted