Added message validation, not enabled at the moment

as msg sync seems to have stopped working. will fix (qos priority change?).
Added validated field to msg meta
Removed serviceString from msg transport.
Added grp flag setting to album create to test msg validation


git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-gxs-b1@5800 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
chrisparker126 2012-11-10 23:42:38 +00:00
parent eeb96c5e62
commit c9831b7bea
14 changed files with 427 additions and 107 deletions

View File

@ -74,90 +74,102 @@ bool GxsSecurity::getSignature(char* data, uint32_t data_len, RsTlvSecurityKey*
return ok; return ok;
} }
bool GxsSecurity::validateNxsMsg(RsNxsMsg *msg, RsTlvKeySignature& sign, RsTlvSecurityKeySet& key) bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSecurityKey& key)
{ {
//#ifdef GXS_SECURITY_DEBUG #ifdef GXS_SECURITY_DEBUG
// std::cerr << "GxsSecurity::validateNxsMsg()"; std::cerr << "GxsSecurity::validateNxsMsg()";
// std::cerr << std::endl; std::cerr << std::endl;
// std::cerr << "RsNxsMsg :"; std::cerr << "RsNxsMsg :";
// std::cerr << std::endl; std::cerr << std::endl;
// msg->print(std::cerr, 10); msg.print(std::cerr, 10);
// std::cerr << std::endl; std::cerr << std::endl;
//#endif #endif
RsGxsMsgMetaData& msgMeta = *(msg.metaData);
// /********************* check signature *******************/ // /********************* check signature *******************/
// /* check signature timeperiod */ /* check signature timeperiod */
// if ((newMsg->timestamp < kit->second.startTS) || if ((msgMeta.mPublishTs < key.startTS) ||
// (newMsg->timestamp > kit->second.endTS)) (msgMeta.mPublishTs > key.endTS))
// { {
//#ifdef DISTRIB_DEBUG #ifdef GXS_SECURITY_DEBUG
// std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() TS out of range"; std::cerr << " GxsSecurity::validateNxsMsg() TS out of range";
// std::cerr << std::endl; std::cerr << std::endl;
//#endif #endif
// return false; return false;
// } }
// /* decode key */ /* decode key */
// const unsigned char *keyptr = (const unsigned char *) kit->second.keyData.bin_data; const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
// long keylen = kit->second.keyData.bin_len; long keylen = key.keyData.bin_len;
// unsigned int siglen = newMsg->publishSignature.signData.bin_len; unsigned int siglen = sign.signData.bin_len;
// unsigned char *sigbuf = (unsigned char *) newMsg->publishSignature.signData.bin_data; unsigned char *sigbuf = (unsigned char *) sign.signData.bin_data;
//#ifdef DISTRIB_DEBUG #ifdef DISTRIB_DEBUG
// std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Decode Key"; std::cerr << "GxsSecurity::validateNxsMsg() Decode Key";
// std::cerr << " keylen: " << keylen << " siglen: " << siglen; std::cerr << " keylen: " << keylen << " siglen: " << siglen;
// std::cerr << std::endl; std::cerr << std::endl;
//#endif #endif
// /* extract admin key */ /* extract admin key */
// RSA *rsakey = d2i_RSAPublicKey(NULL, &(keyptr), keylen); RSA *rsakey = d2i_RSAPublicKey(NULL, &(keyptr), keylen);
// if (!rsakey) if (!rsakey)
// { {
//#ifdef DISTRIB_DEBUG #ifdef GXS_SECURITY_DEBUG
// std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg()"; std::cerr << "GxsSecurity::validateNxsMsg()";
// std::cerr << " Invalid RSA Key"; std::cerr << " Invalid RSA Key";
// std::cerr << std::endl; std::cerr << std::endl;
// unsigned long err = ERR_get_error(); key.print(std::cerr, 10);
// std::cerr << "RSA Load Failed .... CODE(" << err << ")" << std::endl; #endif
// std::cerr << ERR_error_string(err, NULL) << std::endl; }
// kit->second.print(std::cerr, 10);
//#endif
// }
// EVP_PKEY *signKey = EVP_PKEY_new(); RsTlvKeySignatureSet signSet = msgMeta.signSet;
// EVP_PKEY_assign_RSA(signKey, rsakey); msgMeta.signSet.TlvClear();
// /* calc and check signature */ uint32_t metaDataLen = msgMeta.serial_size();
// EVP_MD_CTX *mdctx = EVP_MD_CTX_create(); uint32_t allMsgDataLen = metaDataLen + msg.msg.bin_len;
char* metaData = new char[metaDataLen];
char* allMsgData = new char[allMsgDataLen]; // msgData + metaData
// EVP_VerifyInit(mdctx, EVP_sha1()); msgMeta.serialise(metaData, &metaDataLen);
// EVP_VerifyUpdate(mdctx, newMsg->packet.bin_data, newMsg->packet.bin_len);
// int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
// /* clean up */ // copy msg data and meta in allmsgData buffer
// EVP_PKEY_free(signKey); memcpy(allMsgData, msg.msg.bin_data, msg.msg.bin_len);
// EVP_MD_CTX_destroy(mdctx); memcpy(allMsgData+(msg.msg.bin_len), metaData, metaDataLen);
// if (signOk == 1) EVP_PKEY *signKey = EVP_PKEY_new();
// { EVP_PKEY_assign_RSA(signKey, rsakey);
//#ifdef GXS_SECURITY_DEBUG
// std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Signature OK";
// std::cerr << std::endl;
//#endif
// return true;
// }
//#ifdef DISTRIB_DEBUG /* calc and check signature */
// std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Signature invalid"; EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
// std::cerr << std::endl;
//#endif EVP_VerifyInit(mdctx, EVP_sha1());
EVP_VerifyUpdate(mdctx, allMsgData, allMsgDataLen);
int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
/* clean up */
EVP_PKEY_free(signKey);
EVP_MD_CTX_destroy(mdctx);
if (signOk == 1)
{
#ifdef GXS_SECURITY_DEBUG
std::cerr << "GxsSecurity::validateNxsMsg() Signature OK";
std::cerr << std::endl;
#endif
return true;
}
#ifdef GXS_SECURITY_DEBUG
std::cerr << "GxsSecurity::validateNxsMsg() Signature invalid";
std::cerr << std::endl;
#endif
return false; return false;
} }

View File

@ -129,7 +129,7 @@ public:
* @param key the public key to use to check signature * @param key the public key to use to check signature
* @return false if verfication of signature is not passed * @return false if verfication of signature is not passed
*/ */
static bool validateNxsMsg(RsNxsMsg *msg, RsTlvKeySignature& sign, RsTlvSecurityKeySet& key); static bool validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSecurityKey& key);
/*! /*!

View File

@ -34,10 +34,23 @@
#include "gxssecurity.h" #include "gxssecurity.h"
#include "util/contentvalue.h" #include "util/contentvalue.h"
#include "rsgxsflags.h" #include "rsgxsflags.h"
#include "rsgixs.h"
RsGenExchange::RsGenExchange(RsGeneralDataService *gds,
RsNetworkExchangeService *ns, RsSerialType *serviceSerialiser, uint16_t servType, RsGixs* gixs) #define PUB_GRP_MASK 0x000f
: mGenMtx("GenExchange"), mDataStore(gds), mNetService(ns), mSerialiser(serviceSerialiser), mServType(servType), mGixs(gixs) #define RESTR_GRP_MASK 0x00f0
#define PRIV_GRP_MASK 0x0f00
#define GRP_OPTIONS_MASK 0xf000
#define PUB_GRP_OFFSET 0
#define RESTR_GRP_OFFSET 8
#define PRIV_GRP_OFFSET 16
#define GRP_OPTIONS_OFFSET 24
RsGenExchange::RsGenExchange(RsGeneralDataService *gds, RsNetworkExchangeService *ns,
RsSerialType *serviceSerialiser, uint16_t servType, RsGixs* gixs, uint32_t authenPolicy)
: mGenMtx("GenExchange"), mDataStore(gds), mNetService(ns), mSerialiser(serviceSerialiser),
mServType(servType), mGixs(gixs), mAuthenPolicy(authenPolicy)
{ {
mDataAccess = new RsGxsDataAccess(gds); mDataAccess = new RsGxsDataAccess(gds);
@ -60,7 +73,7 @@ RsGenExchange::~RsGenExchange()
void RsGenExchange::run() void RsGenExchange::run()
{ {
double timeDelta = 0.06; // slow tick double timeDelta = 0.1; // slow tick
while(true) while(true)
{ {
@ -168,13 +181,13 @@ void RsGenExchange::generateGroupKeys(RsTlvSecurityKeySet& keySet)
adminKey.startTS = time(NULL); adminKey.startTS = time(NULL);
adminKey.endTS = 0; /* no end */ adminKey.endTS = 0; /* no end */
privAdminKey.startTS = time(NULL); privAdminKey.startTS = adminKey.startTS;
privAdminKey.endTS = 0; /* no end */ privAdminKey.endTS = 0; /* no end */
pubKey.startTS = time(NULL); pubKey.startTS = adminKey.startTS;
pubKey.endTS = 0; /* no end */ pubKey.endTS = pubKey.startTS + 60 * 60 * 24 * 365 * 5; /* approx 5 years */
privPubKey.startTS = time(NULL); privPubKey.startTS = adminKey.startTS;
privPubKey.endTS = 0; /* no end */ privPubKey.endTS = 0; /* no end */
// for now all public // for now all public
@ -354,6 +367,160 @@ bool RsGenExchange::createMessage(RsNxsMsg* msg)
return ok; return ok;
} }
bool RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, RsTlvSecurityKeySet& grpKeySet)
{
bool isParent = false;
bool checkPublishSign, checkIdentitySign;
bool valid = true;
// publish signature is determined by whether group is public or not
// for private group signature is not needed as it needs decrypting with
// the private publish key anyways
// restricted is a special case which heeds whether publish sign needs to be checked or not
// one may or may not want
if(msg->metaData->mParentId.empty())
{
isParent = false;
}
else
{
isParent = true;
}
if(isParent)
{
checkIdentitySign = false;
checkPublishSign = false;
if(grpFlag & GXS_SERV::FLAG_PRIVACY_PUBLIC)
{
checkPublishSign = false;
if(checkMsgAuthenFlag(PUBLIC_GRP_BITS, GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN))
checkIdentitySign = true;
}
else if(grpFlag & GXS_SERV::FLAG_PRIVACY_RESTRICTED)
{
checkPublishSign = true;
if(checkMsgAuthenFlag(RESTRICTED_GRP_BITS, GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN))
checkIdentitySign = true;
}
else if(grpFlag & GXS_SERV::FLAG_PRIVACY_PRIVATE)
{
checkPublishSign = false;
if(checkMsgAuthenFlag(PRIVATE_GRP_BITS, GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN))
checkIdentitySign = true;
}
}else
{
if(grpFlag & GXS_SERV::FLAG_PRIVACY_PUBLIC)
{
checkPublishSign = false;
if(checkMsgAuthenFlag(PUBLIC_GRP_BITS, GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN))
checkIdentitySign = true;
}
else if(grpFlag & GXS_SERV::FLAG_PRIVACY_RESTRICTED)
{
if(checkMsgAuthenFlag(RESTRICTED_GRP_BITS, GXS_SERV::MSG_AUTHEN_CHILD_PUBLISH_SIGN))
checkPublishSign = true;
if(checkMsgAuthenFlag(RESTRICTED_GRP_BITS, GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN))
checkIdentitySign = true;
}
else if(grpFlag & GXS_SERV::FLAG_PRIVACY_PRIVATE)
{
checkPublishSign = false;
if(checkMsgAuthenFlag(PRIVATE_GRP_BITS, GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN))
checkIdentitySign = true;
}
}
RsGxsMsgMetaData& metaData = *(msg->metaData);
if(checkPublishSign)
{
RsTlvKeySignature sign = metaData.signSet.keySignSet[GXS_SERV::FLAG_AUTHEN_PUBLISH];
if(grpKeySet.keys.find(sign.keyId) != grpKeySet.keys.end())
{
RsTlvSecurityKey publishKey = grpKeySet.keys[sign.keyId];
valid &= GxsSecurity::validateNxsMsg(*msg, sign, publishKey);
}
else
{
valid = false;
}
}
if(checkIdentitySign)
{
bool haveKey = mGixs->haveKey(metaData.mAuthorId);
if(haveKey)
{
std::list<std::string> peers;
mGixs->requestKey(metaData.mAuthorId, peers);
RsTlvSecurityKey authorKey;
double timeDelta = 0.002; // fast polling
time_t now = time(NULL);
// poll immediately but, don't spend more than a second polling
while( (mGixs->getKey(metaData.mAuthorId, authorKey) == -1) &&
((now + 1) >> time(NULL))
)
{
#ifndef WINDOWS_SYS
usleep((int) (timeDelta * 1000000));
#else
Sleep((int) (timeDelta * 1000));
#endif
}
RsTlvKeySignature sign = metaData.signSet.keySignSet[GXS_SERV::FLAG_AUTHEN_PUBLISH];
valid &= GxsSecurity::validateNxsMsg(*msg, sign, authorKey);
}else
{
valid = false;
}
}
return valid;
}
bool RsGenExchange::checkMsgAuthenFlag(const PrivacyBitPos& pos, const uint8_t& flag) const
{
switch(pos)
{
case PUBLIC_GRP_BITS:
return mAuthenPolicy & flag;
break;
case RESTRICTED_GRP_BITS:
return flag & (mAuthenPolicy >> RESTR_GRP_OFFSET);
break;
case PRIVATE_GRP_BITS:
return flag & (mAuthenPolicy >> PRIV_GRP_OFFSET);
break;
case GRP_OPTION_BITS:
return flag & (mAuthenPolicy >> GRP_OPTIONS_OFFSET);
break;
default:
std::cerr << "pos option not recognised";
return false;
}
}
bool RsGenExchange::getGroupList(const uint32_t &token, std::list<RsGxsGroupId> &groupIds) bool RsGenExchange::getGroupList(const uint32_t &token, std::list<RsGxsGroupId> &groupIds)
{ {
@ -494,6 +661,36 @@ RsTokenService* RsGenExchange::getTokenService()
} }
bool RsGenExchange::setAuthenPolicyFlag(const uint8_t &msgFlag, uint32_t& authenFlag, const PrivacyBitPos &pos)
{
uint32_t temp = 0;
temp = msgFlag;
switch(pos)
{
case PUBLIC_GRP_BITS:
authenFlag &= ~PUB_GRP_MASK;
authenFlag |= temp;
break;
case RESTRICTED_GRP_BITS:
authenFlag &= ~RESTR_GRP_MASK;
authenFlag |= (temp << RESTR_GRP_OFFSET);
break;
case PRIVATE_GRP_BITS:
authenFlag &= ~PRIV_GRP_MASK;
authenFlag |= (temp << PRIV_GRP_OFFSET);
break;
case GRP_OPTION_BITS:
authenFlag &= ~GRP_OPTIONS_MASK;
authenFlag |= (temp << GRP_OPTIONS_OFFSET);
break;
default:
std::cerr << "pos option not recognised";
return false;
}
return true;
}
void RsGenExchange::notifyNewGroups(std::vector<RsNxsGrp *> &groups) void RsGenExchange::notifyNewGroups(std::vector<RsNxsGrp *> &groups)
{ {
std::vector<RsNxsGrp*>::iterator vit = groups.begin(); std::vector<RsNxsGrp*>::iterator vit = groups.begin();
@ -953,18 +1150,44 @@ void RsGenExchange::processRecvdMessages()
GxsMsgReq msgIds; GxsMsgReq msgIds;
std::map<RsNxsMsg*, RsGxsMsgMetaData*> msgs; std::map<RsNxsMsg*, RsGxsMsgMetaData*> msgs;
std::map<RsGxsGroupId, RsGxsGrpMetaData*> grpMetas;
// coalesce group meta retrieval for performance
for(; vit != mReceivedMsgs.end(); vit++) for(; vit != mReceivedMsgs.end(); vit++)
{
RsNxsMsg* msg = *vit;
grpMetas.insert(std::make_pair(msg->grpId, (RsGxsGrpMetaData*)NULL));
}
mDataStore->retrieveGxsGrpMetaData(grpMetas);
for(vit = mReceivedMsgs.begin(); vit != mReceivedMsgs.end(); vit++)
{ {
RsNxsMsg* msg = *vit; RsNxsMsg* msg = *vit;
RsGxsMsgMetaData* meta = new RsGxsMsgMetaData(); RsGxsMsgMetaData* meta = new RsGxsMsgMetaData();
bool ok = meta->deserialise(msg->meta.bin_data, &(msg->meta.bin_len)); bool ok = meta->deserialise(msg->meta.bin_data, &(msg->meta.bin_len));
if(ok)
{
std::map<RsGxsGroupId, RsGxsGrpMetaData*>::iterator mit = grpMetas.find(msg->grpId);
// validate msg
if(mit != grpMetas.end()){
RsGxsGrpMetaData* grpMeta = mit->second;
ok = true;
//&= validateMsg(msg, grpMeta->mGroupFlags, grpMeta->keys);
}
else
ok = false;
if(ok) if(ok)
{ {
msgs.insert(std::make_pair(msg, meta)); msgs.insert(std::make_pair(msg, meta));
msgIds[msg->grpId].push_back(msg->msgId); msgIds[msg->grpId].push_back(msg->msgId);
} }
else }
if(!ok)
{ {
#ifdef GXS_GENX_DEBUG #ifdef GXS_GENX_DEBUG
std::cerr << "failed to deserialise incoming meta, grpId: " std::cerr << "failed to deserialise incoming meta, grpId: "
@ -975,6 +1198,14 @@ void RsGenExchange::processRecvdMessages()
} }
} }
std::map<RsGxsGroupId, RsGxsGrpMetaData*>::iterator mit = grpMetas.begin();
// clean up resources
for(; mit != grpMetas.end(); mit++)
{
delete mit->second;
}
if(!msgIds.empty()) if(!msgIds.empty())
{ {
mDataStore->storeMessage(msgs); mDataStore->storeMessage(msgs);

View File

@ -41,7 +41,6 @@ typedef std::map<RsGxsGroupId, std::vector<RsGxsMsgItem*> > GxsMsgDataMap;
typedef std::map<RsGxsGroupId, RsGxsGrpItem*> GxsGroupDataMap; typedef std::map<RsGxsGroupId, RsGxsGrpItem*> GxsGroupDataMap;
typedef std::map<RsGxsGroupId, std::vector<RsMsgMetaData> > GxsMsgMetaMap; typedef std::map<RsGxsGroupId, std::vector<RsMsgMetaData> > GxsMsgMetaMap;
/*! /*!
* This should form the parent class to \n * This should form the parent class to \n
* all gxs services. This provides access to service's msg/grp data \n * all gxs services. This provides access to service's msg/grp data \n
@ -76,10 +75,12 @@ public:
* @param serviceSerialiser The users service needs this \n * @param serviceSerialiser The users service needs this \n
* in order for gen exchange to deal with its data types * in order for gen exchange to deal with its data types
* @param mServType This should be service type used by the serialiser * @param mServType This should be service type used by the serialiser
* @param This is used for verification of msgs and groups received by Gen Exchange using identities, set to NULL if \n * @param gixs This is used for verification of msgs and groups received by Gen Exchange using identities, set to NULL if \n
* identity verification is not wanted * identity verification is not wanted
* @param authenPolicy This determines the authentication used for verfying authorship of msgs and groups
*/ */
RsGenExchange(RsGeneralDataService* gds, RsNetworkExchangeService* ns, RsSerialType* serviceSerialiser, uint16_t mServType, RsGixs* gixs = NULL); RsGenExchange(RsGeneralDataService* gds, RsNetworkExchangeService* ns,
RsSerialType* serviceSerialiser, uint16_t mServType, RsGixs* gixs = NULL, uint32_t authenPolicy = 0);
virtual ~RsGenExchange(); virtual ~RsGenExchange();
@ -119,6 +120,21 @@ public:
void run(); void run();
/*!
* Policy bit pattern portion
*/
enum PrivacyBitPos { PUBLIC_GRP_BITS, RESTRICTED_GRP_BITS, PRIVATE_GRP_BITS, GRP_OPTION_BITS } ;
/*!
* Convenience function for setting bit patterns of the individual privacy level authentication
* policy and group options
* @param flag the bit pattern (and policy) set for the privacy policy
* @param authenFlag Only the policy portion chosen will be modified with 'flag'
* @param pos The policy portion to modify
* @see PrivacyBitPos
*/
static bool setAuthenPolicyFlag(const uint8_t& flag, uint32_t& authenFlag, const PrivacyBitPos& pos);
public: public:
/** data access functions **/ /** data access functions **/
@ -382,7 +398,6 @@ private:
*/ */
bool createMessage(RsNxsMsg* msg); bool createMessage(RsNxsMsg* msg);
/*! /*!
* check meta change is legal * check meta change is legal
* @return false if meta change is not legal * @return false if meta change is not legal
@ -395,6 +410,17 @@ private:
*/ */
void generateGroupKeys(RsTlvSecurityKeySet& keySet); void generateGroupKeys(RsTlvSecurityKeySet& keySet);
/*!
* Attempts to validate msg
* @param msg message to be validated
* @param grpFlag the flag for the group the message belongs to
* @param grpKeySet
* @return true if msg validates, false otherwise
*/
bool validateMsg(RsNxsMsg* msg, const uint32_t& grpFlag, RsTlvSecurityKeySet& grpKeySet);
bool checkMsgAuthenFlag(const PrivacyBitPos& pos, const uint8_t& flag) const;
private: private:
RsMutex mGenMtx; RsMutex mGenMtx;
@ -422,6 +448,9 @@ private:
/// service type /// service type
uint16_t mServType; uint16_t mServType;
/// authentication policy
uint32_t mAuthenPolicy;
private: private:

View File

@ -31,9 +31,6 @@
#include "serialiser/rstlvkeys.h" #include "serialiser/rstlvkeys.h"
//#include <openssl/ssl.h>
//#include <set>
/*! /*!
* GIXP: General Identity Exchange Service. * GIXP: General Identity Exchange Service.
* *

View File

@ -149,7 +149,6 @@ uint32_t RsGxsMsgMetaData::serial_size()
s += GetTlvStringSize(mParentId); s += GetTlvStringSize(mParentId);
s += GetTlvStringSize(mOrigMsgId); s += GetTlvStringSize(mOrigMsgId);
s += GetTlvStringSize(mAuthorId); s += GetTlvStringSize(mAuthorId);
s += GetTlvStringSize(mServiceString);
s += signSet.TlvSize(); s += signSet.TlvSize();
s += GetTlvStringSize(mMsgName); s += GetTlvStringSize(mMsgName);
@ -206,7 +205,6 @@ bool RsGxsMsgMetaData::serialise(void *data, uint32_t *size)
ok &= SetTlvString(data, *size, &offset, 0, mParentId); ok &= SetTlvString(data, *size, &offset, 0, mParentId);
ok &= SetTlvString(data, *size, &offset, 0, mOrigMsgId); ok &= SetTlvString(data, *size, &offset, 0, mOrigMsgId);
ok &= SetTlvString(data, *size, &offset, 0, mAuthorId); ok &= SetTlvString(data, *size, &offset, 0, mAuthorId);
ok &= SetTlvString(data, *size, &offset, 0, mServiceString);
ok &= signSet.SetTlv(data, *size, &offset); ok &= signSet.SetTlv(data, *size, &offset);
ok &= SetTlvString(data, *size, &offset, 0, mMsgName); ok &= SetTlvString(data, *size, &offset, 0, mMsgName);
@ -234,7 +232,6 @@ bool RsGxsMsgMetaData::deserialise(void *data, uint32_t *size)
ok &= GetTlvString(data, *size, &offset, 0, mParentId); ok &= GetTlvString(data, *size, &offset, 0, mParentId);
ok &= GetTlvString(data, *size, &offset, 0, mOrigMsgId); ok &= GetTlvString(data, *size, &offset, 0, mOrigMsgId);
ok &= GetTlvString(data, *size, &offset, 0, mAuthorId); ok &= GetTlvString(data, *size, &offset, 0, mAuthorId);
ok &= GetTlvString(data, *size, &offset, 0, mServiceString);
ok &= signSet.GetTlv(data, *size, &offset); ok &= signSet.GetTlv(data, *size, &offset);
ok &= GetTlvString(data, *size, &offset, 0, mMsgName); ok &= GetTlvString(data, *size, &offset, 0, mMsgName);

View File

@ -112,6 +112,7 @@ public:
uint32_t mMsgStatus; uint32_t mMsgStatus;
time_t mChildTs; time_t mChildTs;
bool validated;
}; };

View File

@ -51,16 +51,35 @@ namespace GXS_SERV {
/** END authentication **/ /** END authentication **/
/** START msg authentication flags **/
static const uint8_t MSG_AUTHEN_MASK = 0x0f;
static const uint8_t MSG_AUTHEN_ROOT_PUBLISH_SIGN = 0x01;
static const uint8_t MSG_AUTHEN_CHILD_PUBLISH_SIGN = 0x02;
static const uint8_t MSG_AUTHEN_ROOT_AUTHOR_SIGN = 0x04;
static const uint8_t MSG_AUTHEN_CHILD_AUTHOR_SIGN = 0x08;
/** END msg authentication flags **/
/** START group options flag **/
static const uint8_t GRP_OPTION_AUTHEN_AUTHOR_SIGN = 0x01;
/** END group options flag **/
/** START Subscription Flags. (LOCAL) **/ /** START Subscription Flags. (LOCAL) **/
static const uint32_t GROUP_SUBSCRIBE_ADMIN = 0x00000001; static const uint32_t GROUP_SUBSCRIBE_ADMIN = 0x01;
static const uint32_t GROUP_SUBSCRIBE_PUBLISH = 0x00000002; static const uint32_t GROUP_SUBSCRIBE_PUBLISH = 0x02;
static const uint32_t GROUP_SUBSCRIBE_SUBSCRIBED = 0x00000004; static const uint32_t GROUP_SUBSCRIBE_SUBSCRIBED = 0x04;
static const uint32_t GROUP_SUBSCRIBE_NOT_SUBSCRIBED = 0x00000008; static const uint32_t GROUP_SUBSCRIBE_NOT_SUBSCRIBED = 0x08;
static const uint32_t GROUP_SUBSCRIBE_MASK = 0x0000000f; static const uint32_t GROUP_SUBSCRIBE_MASK = 0x0000000f;

View File

@ -363,8 +363,8 @@ void RsGxsNetService::run(){
bool RsGxsNetService::locked_checkTransacTimedOut(NxsTransaction* tr) bool RsGxsNetService::locked_checkTransacTimedOut(NxsTransaction* tr)
{ {
return tr->mTimeOut < ((uint32_t) time(NULL)); // return tr->mTimeOut < ((uint32_t) time(NULL));
// return false; return false;
} }
void RsGxsNetService::processTransactions(){ void RsGxsNetService::processTransactions(){

View File

@ -1818,9 +1818,9 @@ RsTurtle *rsTurtle = NULL ;
#ifdef ENABLE_GXS_CORE #ifdef ENABLE_GXS_CORE
#include "gxs/gxscoreserver.h" #include "gxs/gxscoreserver.h"
#include "gxs/rsdataservice.h" #include "gxs/rsdataservice.h"
#include "gxs/rsgxsnetservice.h" #include "gxs/rsgxsnetservice.h"
#include "gxs/rsgxsflags.h"
#endif #endif
#ifdef ENABLE_GXS_SERVICES #ifdef ENABLE_GXS_SERVICES
@ -2319,6 +2319,20 @@ int RsServer::StartupRetroShare()
#if ENABLE_OTHER_GXS_SERVICES #if ENABLE_OTHER_GXS_SERVICES
/**** Photo service ****/ /**** Photo service ****/
// create photo authentication policy
uint32_t photoAuthenPolicy = 0;
uint8_t flag = 0;
flag = GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN;
RsGenExchange::setAuthenPolicyFlag(flag, photoAuthenPolicy,
RsGenExchange::RESTRICTED_GRP_BITS);
flag = GXS_SERV::GRP_OPTION_AUTHEN_AUTHOR_SIGN;
RsGenExchange::setAuthenPolicyFlag(flag, photoAuthenPolicy,
RsGenExchange::GRP_OPTION_BITS);
p3PhotoServiceV2 *mPhotoV2 = NULL; p3PhotoServiceV2 *mPhotoV2 = NULL;
@ -2327,8 +2341,9 @@ int RsServer::StartupRetroShare()
photo_ds->resetDataStore(); //TODO: remove, new service data per RS session, for testing photo_ds->resetDataStore(); //TODO: remove, new service data per RS session, for testing
// init gxs services // init gxs services
mPhotoV2 = new p3PhotoServiceV2(photo_ds, NULL); mPhotoV2 = new p3PhotoServiceV2(photo_ds, NULL, mGxsIdService, photoAuthenPolicy);
// create GXS photo service // create GXS photo service
RsGxsNetService* photo_ns = new RsGxsNetService( RsGxsNetService* photo_ns = new RsGxsNetService(

View File

@ -79,8 +79,10 @@ std::ostream &operator<<(std::ostream &out, const RsPhotoAlbum &album)
return out; return out;
} }
p3PhotoServiceV2::p3PhotoServiceV2(RsGeneralDataService* gds, RsNetworkExchangeService* nes) p3PhotoServiceV2::p3PhotoServiceV2(RsGeneralDataService* gds, RsNetworkExchangeService* nes, RsGixs* gixs,
: RsGenExchange(gds, nes, new RsGxsPhotoSerialiser(), RS_SERVICE_GXSV1_TYPE_PHOTO), mPhotoMutex(std::string("Photo Mutex")) uint32_t authenPolicy)
: RsGenExchange(gds, nes, new RsGxsPhotoSerialiser(), RS_SERVICE_GXSV1_TYPE_PHOTO, gixs, authenPolicy),
mPhotoMutex(std::string("Photo Mutex"))
{ {
// create dummy grps // create dummy grps

View File

@ -34,7 +34,8 @@ class p3PhotoServiceV2 : public RsPhotoV2, public RsGenExchange
{ {
public: public:
p3PhotoServiceV2(RsGeneralDataService* gds, RsNetworkExchangeService* nes); p3PhotoServiceV2(RsGeneralDataService* gds, RsNetworkExchangeService* nes, RsGixs* gixs,
uint32_t authenPolicy);
public: public:

View File

@ -4,6 +4,7 @@
#include "ui_AlbumCreateDialog.h" #include "ui_AlbumCreateDialog.h"
#include "util/misc.h" #include "util/misc.h"
#include "gxs/rsgxsflags.h"
AlbumCreateDialog::AlbumCreateDialog(TokenQueue *photoQueue, RsPhotoV2 *rs_photo, QWidget *parent): AlbumCreateDialog::AlbumCreateDialog(TokenQueue *photoQueue, RsPhotoV2 *rs_photo, QWidget *parent):
QDialog(parent), QDialog(parent),
@ -20,6 +21,10 @@ AlbumCreateDialog::~AlbumCreateDialog()
delete ui; delete ui;
} }
#define PUBLIC_INDEX 0
#define RESTRICTED_INDEX 1
#define PRIVATE_INDEX 2
void AlbumCreateDialog::publishAlbum() void AlbumCreateDialog::publishAlbum()
{ {
// get fields for album to publish, publish and then exit dialog // get fields for album to publish, publish and then exit dialog
@ -33,6 +38,22 @@ void AlbumCreateDialog::publishAlbum()
album.mPhotographer = ui->lineEdit_Photographer->text().toStdString(); album.mPhotographer = ui->lineEdit_Photographer->text().toStdString();
getAlbumThumbnail(album.mThumbnail); getAlbumThumbnail(album.mThumbnail);
int currIndex = ui->privacyComboBox->currentIndex();
switch(currIndex)
{
case PUBLIC_INDEX:
album.mMeta.mGroupFlags |= GXS_SERV::FLAG_PRIVACY_PUBLIC;
break;
case RESTRICTED_INDEX:
album.mMeta.mGroupFlags |= GXS_SERV::FLAG_PRIVACY_RESTRICTED;
break;
case PRIVATE_INDEX:
album.mMeta.mGroupFlags |= GXS_SERV::FLAG_PRIVACY_PRIVATE;
break;
}
uint32_t token; uint32_t token;
mRsPhoto->submitAlbumDetails(token, album); mRsPhoto->submitAlbumDetails(token, album);
mPhotoQueue->queueRequest(token, TOKENREQ_GROUPINFO, RS_TOKREQ_ANSTYPE_ACK, 0); mPhotoQueue->queueRequest(token, TOKENREQ_GROUPINFO, RS_TOKREQ_ANSTYPE_ACK, 0);

View File

@ -7,7 +7,7 @@
<x>0</x> <x>0</x>
<y>0</y> <y>0</y>
<width>465</width> <width>465</width>
<height>356</height> <height>365</height>
</rect> </rect>
</property> </property>
<property name="windowTitle"> <property name="windowTitle">
@ -198,7 +198,7 @@ border-radius: 10px;
</property> </property>
<layout class="QGridLayout" name="gridLayout"> <layout class="QGridLayout" name="gridLayout">
<item row="0" column="0"> <item row="0" column="0">
<widget class="QComboBox" name="comboBox_3"> <widget class="QComboBox" name="privacyComboBox">
<property name="sizePolicy"> <property name="sizePolicy">
<sizepolicy hsizetype="Minimum" vsizetype="Fixed"> <sizepolicy hsizetype="Minimum" vsizetype="Fixed">
<horstretch>0</horstretch> <horstretch>0</horstretch>
@ -210,11 +210,6 @@ border-radius: 10px;
<string>Public</string> <string>Public</string>
</property> </property>
</item> </item>
<item>
<property name="text">
<string>All Friends</string>
</property>
</item>
<item> <item>
<property name="text"> <property name="text">
<string>Restricted</string> <string>Restricted</string>