mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-12-27 00:19:25 -05:00
Added message validation, not enabled at the moment
as msg sync seems to have stopped working. will fix (qos priority change?). Added validated field to msg meta Removed serviceString from msg transport. Added grp flag setting to album create to test msg validation git-svn-id: http://svn.code.sf.net/p/retroshare/code/branches/v0.5-gxs-b1@5800 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
eeb96c5e62
commit
c9831b7bea
@ -74,90 +74,102 @@ bool GxsSecurity::getSignature(char* data, uint32_t data_len, RsTlvSecurityKey*
|
||||
return ok;
|
||||
}
|
||||
|
||||
bool GxsSecurity::validateNxsMsg(RsNxsMsg *msg, RsTlvKeySignature& sign, RsTlvSecurityKeySet& key)
|
||||
bool GxsSecurity::validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSecurityKey& key)
|
||||
{
|
||||
//#ifdef GXS_SECURITY_DEBUG
|
||||
// std::cerr << "GxsSecurity::validateNxsMsg()";
|
||||
// std::cerr << std::endl;
|
||||
// std::cerr << "RsNxsMsg :";
|
||||
// std::cerr << std::endl;
|
||||
// msg->print(std::cerr, 10);
|
||||
// std::cerr << std::endl;
|
||||
//#endif
|
||||
#ifdef GXS_SECURITY_DEBUG
|
||||
std::cerr << "GxsSecurity::validateNxsMsg()";
|
||||
std::cerr << std::endl;
|
||||
std::cerr << "RsNxsMsg :";
|
||||
std::cerr << std::endl;
|
||||
msg.print(std::cerr, 10);
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
||||
RsGxsMsgMetaData& msgMeta = *(msg.metaData);
|
||||
|
||||
// /********************* check signature *******************/
|
||||
|
||||
// /* check signature timeperiod */
|
||||
// if ((newMsg->timestamp < kit->second.startTS) ||
|
||||
// (newMsg->timestamp > kit->second.endTS))
|
||||
// {
|
||||
//#ifdef DISTRIB_DEBUG
|
||||
// std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() TS out of range";
|
||||
// std::cerr << std::endl;
|
||||
//#endif
|
||||
// return false;
|
||||
// }
|
||||
/* check signature timeperiod */
|
||||
if ((msgMeta.mPublishTs < key.startTS) ||
|
||||
(msgMeta.mPublishTs > key.endTS))
|
||||
{
|
||||
#ifdef GXS_SECURITY_DEBUG
|
||||
std::cerr << " GxsSecurity::validateNxsMsg() TS out of range";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
|
||||
// /* decode key */
|
||||
// const unsigned char *keyptr = (const unsigned char *) kit->second.keyData.bin_data;
|
||||
// long keylen = kit->second.keyData.bin_len;
|
||||
// unsigned int siglen = newMsg->publishSignature.signData.bin_len;
|
||||
// unsigned char *sigbuf = (unsigned char *) newMsg->publishSignature.signData.bin_data;
|
||||
/* decode key */
|
||||
const unsigned char *keyptr = (const unsigned char *) key.keyData.bin_data;
|
||||
long keylen = key.keyData.bin_len;
|
||||
unsigned int siglen = sign.signData.bin_len;
|
||||
unsigned char *sigbuf = (unsigned char *) sign.signData.bin_data;
|
||||
|
||||
//#ifdef DISTRIB_DEBUG
|
||||
// std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Decode Key";
|
||||
// std::cerr << " keylen: " << keylen << " siglen: " << siglen;
|
||||
// std::cerr << std::endl;
|
||||
//#endif
|
||||
#ifdef DISTRIB_DEBUG
|
||||
std::cerr << "GxsSecurity::validateNxsMsg() Decode Key";
|
||||
std::cerr << " keylen: " << keylen << " siglen: " << siglen;
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
||||
// /* extract admin key */
|
||||
// RSA *rsakey = d2i_RSAPublicKey(NULL, &(keyptr), keylen);
|
||||
/* extract admin key */
|
||||
RSA *rsakey = d2i_RSAPublicKey(NULL, &(keyptr), keylen);
|
||||
|
||||
// if (!rsakey)
|
||||
// {
|
||||
//#ifdef DISTRIB_DEBUG
|
||||
// std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg()";
|
||||
// std::cerr << " Invalid RSA Key";
|
||||
// std::cerr << std::endl;
|
||||
if (!rsakey)
|
||||
{
|
||||
#ifdef GXS_SECURITY_DEBUG
|
||||
std::cerr << "GxsSecurity::validateNxsMsg()";
|
||||
std::cerr << " Invalid RSA Key";
|
||||
std::cerr << std::endl;
|
||||
|
||||
// unsigned long err = ERR_get_error();
|
||||
// std::cerr << "RSA Load Failed .... CODE(" << err << ")" << std::endl;
|
||||
// std::cerr << ERR_error_string(err, NULL) << std::endl;
|
||||
|
||||
// kit->second.print(std::cerr, 10);
|
||||
//#endif
|
||||
// }
|
||||
key.print(std::cerr, 10);
|
||||
#endif
|
||||
}
|
||||
|
||||
|
||||
// EVP_PKEY *signKey = EVP_PKEY_new();
|
||||
// EVP_PKEY_assign_RSA(signKey, rsakey);
|
||||
RsTlvKeySignatureSet signSet = msgMeta.signSet;
|
||||
msgMeta.signSet.TlvClear();
|
||||
|
||||
// /* calc and check signature */
|
||||
// EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
|
||||
uint32_t metaDataLen = msgMeta.serial_size();
|
||||
uint32_t allMsgDataLen = metaDataLen + msg.msg.bin_len;
|
||||
char* metaData = new char[metaDataLen];
|
||||
char* allMsgData = new char[allMsgDataLen]; // msgData + metaData
|
||||
|
||||
// EVP_VerifyInit(mdctx, EVP_sha1());
|
||||
// EVP_VerifyUpdate(mdctx, newMsg->packet.bin_data, newMsg->packet.bin_len);
|
||||
// int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
|
||||
msgMeta.serialise(metaData, &metaDataLen);
|
||||
|
||||
// /* clean up */
|
||||
// EVP_PKEY_free(signKey);
|
||||
// EVP_MD_CTX_destroy(mdctx);
|
||||
// copy msg data and meta in allmsgData buffer
|
||||
memcpy(allMsgData, msg.msg.bin_data, msg.msg.bin_len);
|
||||
memcpy(allMsgData+(msg.msg.bin_len), metaData, metaDataLen);
|
||||
|
||||
|
||||
// if (signOk == 1)
|
||||
// {
|
||||
//#ifdef GXS_SECURITY_DEBUG
|
||||
// std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Signature OK";
|
||||
// std::cerr << std::endl;
|
||||
//#endif
|
||||
// return true;
|
||||
// }
|
||||
EVP_PKEY *signKey = EVP_PKEY_new();
|
||||
EVP_PKEY_assign_RSA(signKey, rsakey);
|
||||
|
||||
//#ifdef DISTRIB_DEBUG
|
||||
// std::cerr << "p3GroupDistrib::locked_validateDistribSignedMsg() Signature invalid";
|
||||
// std::cerr << std::endl;
|
||||
//#endif
|
||||
/* calc and check signature */
|
||||
EVP_MD_CTX *mdctx = EVP_MD_CTX_create();
|
||||
|
||||
EVP_VerifyInit(mdctx, EVP_sha1());
|
||||
EVP_VerifyUpdate(mdctx, allMsgData, allMsgDataLen);
|
||||
int signOk = EVP_VerifyFinal(mdctx, sigbuf, siglen, signKey);
|
||||
|
||||
/* clean up */
|
||||
EVP_PKEY_free(signKey);
|
||||
EVP_MD_CTX_destroy(mdctx);
|
||||
|
||||
|
||||
if (signOk == 1)
|
||||
{
|
||||
#ifdef GXS_SECURITY_DEBUG
|
||||
std::cerr << "GxsSecurity::validateNxsMsg() Signature OK";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
return true;
|
||||
}
|
||||
|
||||
#ifdef GXS_SECURITY_DEBUG
|
||||
std::cerr << "GxsSecurity::validateNxsMsg() Signature invalid";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
||||
return false;
|
||||
}
|
||||
|
@ -129,7 +129,7 @@ public:
|
||||
* @param key the public key to use to check signature
|
||||
* @return false if verfication of signature is not passed
|
||||
*/
|
||||
static bool validateNxsMsg(RsNxsMsg *msg, RsTlvKeySignature& sign, RsTlvSecurityKeySet& key);
|
||||
static bool validateNxsMsg(RsNxsMsg& msg, RsTlvKeySignature& sign, RsTlvSecurityKey& key);
|
||||
|
||||
|
||||
/*!
|
||||
|
@ -34,10 +34,23 @@
|
||||
#include "gxssecurity.h"
|
||||
#include "util/contentvalue.h"
|
||||
#include "rsgxsflags.h"
|
||||
#include "rsgixs.h"
|
||||
|
||||
RsGenExchange::RsGenExchange(RsGeneralDataService *gds,
|
||||
RsNetworkExchangeService *ns, RsSerialType *serviceSerialiser, uint16_t servType, RsGixs* gixs)
|
||||
: mGenMtx("GenExchange"), mDataStore(gds), mNetService(ns), mSerialiser(serviceSerialiser), mServType(servType), mGixs(gixs)
|
||||
|
||||
#define PUB_GRP_MASK 0x000f
|
||||
#define RESTR_GRP_MASK 0x00f0
|
||||
#define PRIV_GRP_MASK 0x0f00
|
||||
#define GRP_OPTIONS_MASK 0xf000
|
||||
|
||||
#define PUB_GRP_OFFSET 0
|
||||
#define RESTR_GRP_OFFSET 8
|
||||
#define PRIV_GRP_OFFSET 16
|
||||
#define GRP_OPTIONS_OFFSET 24
|
||||
|
||||
RsGenExchange::RsGenExchange(RsGeneralDataService *gds, RsNetworkExchangeService *ns,
|
||||
RsSerialType *serviceSerialiser, uint16_t servType, RsGixs* gixs, uint32_t authenPolicy)
|
||||
: mGenMtx("GenExchange"), mDataStore(gds), mNetService(ns), mSerialiser(serviceSerialiser),
|
||||
mServType(servType), mGixs(gixs), mAuthenPolicy(authenPolicy)
|
||||
{
|
||||
|
||||
mDataAccess = new RsGxsDataAccess(gds);
|
||||
@ -60,7 +73,7 @@ RsGenExchange::~RsGenExchange()
|
||||
void RsGenExchange::run()
|
||||
{
|
||||
|
||||
double timeDelta = 0.06; // slow tick
|
||||
double timeDelta = 0.1; // slow tick
|
||||
|
||||
while(true)
|
||||
{
|
||||
@ -145,7 +158,7 @@ void RsGenExchange::generateGroupKeys(RsTlvSecurityKeySet& keySet)
|
||||
{
|
||||
/* create Keys */
|
||||
|
||||
// admin keys
|
||||
// admin keys
|
||||
RSA *rsa_admin = RSA_generate_key(2048, 65537, NULL, NULL);
|
||||
RSA *rsa_admin_pub = RSAPublicKey_dup(rsa_admin);
|
||||
|
||||
@ -168,13 +181,13 @@ void RsGenExchange::generateGroupKeys(RsTlvSecurityKeySet& keySet)
|
||||
adminKey.startTS = time(NULL);
|
||||
adminKey.endTS = 0; /* no end */
|
||||
|
||||
privAdminKey.startTS = time(NULL);
|
||||
privAdminKey.startTS = adminKey.startTS;
|
||||
privAdminKey.endTS = 0; /* no end */
|
||||
|
||||
pubKey.startTS = time(NULL);
|
||||
pubKey.endTS = 0; /* no end */
|
||||
pubKey.startTS = adminKey.startTS;
|
||||
pubKey.endTS = pubKey.startTS + 60 * 60 * 24 * 365 * 5; /* approx 5 years */
|
||||
|
||||
privPubKey.startTS = time(NULL);
|
||||
privPubKey.startTS = adminKey.startTS;
|
||||
privPubKey.endTS = 0; /* no end */
|
||||
|
||||
// for now all public
|
||||
@ -354,6 +367,160 @@ bool RsGenExchange::createMessage(RsNxsMsg* msg)
|
||||
return ok;
|
||||
}
|
||||
|
||||
bool RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, RsTlvSecurityKeySet& grpKeySet)
|
||||
{
|
||||
bool isParent = false;
|
||||
bool checkPublishSign, checkIdentitySign;
|
||||
bool valid = true;
|
||||
|
||||
// publish signature is determined by whether group is public or not
|
||||
// for private group signature is not needed as it needs decrypting with
|
||||
// the private publish key anyways
|
||||
|
||||
// restricted is a special case which heeds whether publish sign needs to be checked or not
|
||||
// one may or may not want
|
||||
|
||||
if(msg->metaData->mParentId.empty())
|
||||
{
|
||||
isParent = false;
|
||||
}
|
||||
else
|
||||
{
|
||||
isParent = true;
|
||||
}
|
||||
|
||||
|
||||
if(isParent)
|
||||
{
|
||||
checkIdentitySign = false;
|
||||
checkPublishSign = false;
|
||||
|
||||
if(grpFlag & GXS_SERV::FLAG_PRIVACY_PUBLIC)
|
||||
{
|
||||
checkPublishSign = false;
|
||||
|
||||
if(checkMsgAuthenFlag(PUBLIC_GRP_BITS, GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN))
|
||||
checkIdentitySign = true;
|
||||
|
||||
}
|
||||
else if(grpFlag & GXS_SERV::FLAG_PRIVACY_RESTRICTED)
|
||||
{
|
||||
checkPublishSign = true;
|
||||
|
||||
if(checkMsgAuthenFlag(RESTRICTED_GRP_BITS, GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN))
|
||||
checkIdentitySign = true;
|
||||
}
|
||||
else if(grpFlag & GXS_SERV::FLAG_PRIVACY_PRIVATE)
|
||||
{
|
||||
checkPublishSign = false;
|
||||
|
||||
if(checkMsgAuthenFlag(PRIVATE_GRP_BITS, GXS_SERV::MSG_AUTHEN_ROOT_AUTHOR_SIGN))
|
||||
checkIdentitySign = true;
|
||||
}
|
||||
|
||||
}else
|
||||
{
|
||||
if(grpFlag & GXS_SERV::FLAG_PRIVACY_PUBLIC)
|
||||
{
|
||||
checkPublishSign = false;
|
||||
|
||||
if(checkMsgAuthenFlag(PUBLIC_GRP_BITS, GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN))
|
||||
checkIdentitySign = true;
|
||||
|
||||
}
|
||||
else if(grpFlag & GXS_SERV::FLAG_PRIVACY_RESTRICTED)
|
||||
{
|
||||
if(checkMsgAuthenFlag(RESTRICTED_GRP_BITS, GXS_SERV::MSG_AUTHEN_CHILD_PUBLISH_SIGN))
|
||||
checkPublishSign = true;
|
||||
|
||||
if(checkMsgAuthenFlag(RESTRICTED_GRP_BITS, GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN))
|
||||
checkIdentitySign = true;
|
||||
}
|
||||
else if(grpFlag & GXS_SERV::FLAG_PRIVACY_PRIVATE)
|
||||
{
|
||||
checkPublishSign = false;
|
||||
|
||||
if(checkMsgAuthenFlag(PRIVATE_GRP_BITS, GXS_SERV::MSG_AUTHEN_CHILD_AUTHOR_SIGN))
|
||||
checkIdentitySign = true;
|
||||
}
|
||||
}
|
||||
|
||||
RsGxsMsgMetaData& metaData = *(msg->metaData);
|
||||
|
||||
if(checkPublishSign)
|
||||
{
|
||||
RsTlvKeySignature sign = metaData.signSet.keySignSet[GXS_SERV::FLAG_AUTHEN_PUBLISH];
|
||||
|
||||
if(grpKeySet.keys.find(sign.keyId) != grpKeySet.keys.end())
|
||||
{
|
||||
RsTlvSecurityKey publishKey = grpKeySet.keys[sign.keyId];
|
||||
valid &= GxsSecurity::validateNxsMsg(*msg, sign, publishKey);
|
||||
}
|
||||
else
|
||||
{
|
||||
valid = false;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
|
||||
if(checkIdentitySign)
|
||||
{
|
||||
bool haveKey = mGixs->haveKey(metaData.mAuthorId);
|
||||
|
||||
if(haveKey)
|
||||
{
|
||||
std::list<std::string> peers;
|
||||
mGixs->requestKey(metaData.mAuthorId, peers);
|
||||
|
||||
RsTlvSecurityKey authorKey;
|
||||
|
||||
double timeDelta = 0.002; // fast polling
|
||||
time_t now = time(NULL);
|
||||
// poll immediately but, don't spend more than a second polling
|
||||
while( (mGixs->getKey(metaData.mAuthorId, authorKey) == -1) &&
|
||||
((now + 1) >> time(NULL))
|
||||
)
|
||||
{
|
||||
#ifndef WINDOWS_SYS
|
||||
usleep((int) (timeDelta * 1000000));
|
||||
#else
|
||||
Sleep((int) (timeDelta * 1000));
|
||||
#endif
|
||||
}
|
||||
|
||||
RsTlvKeySignature sign = metaData.signSet.keySignSet[GXS_SERV::FLAG_AUTHEN_PUBLISH];
|
||||
valid &= GxsSecurity::validateNxsMsg(*msg, sign, authorKey);
|
||||
}else
|
||||
{
|
||||
valid = false;
|
||||
}
|
||||
}
|
||||
|
||||
return valid;
|
||||
}
|
||||
|
||||
bool RsGenExchange::checkMsgAuthenFlag(const PrivacyBitPos& pos, const uint8_t& flag) const
|
||||
{
|
||||
switch(pos)
|
||||
{
|
||||
case PUBLIC_GRP_BITS:
|
||||
return mAuthenPolicy & flag;
|
||||
break;
|
||||
case RESTRICTED_GRP_BITS:
|
||||
return flag & (mAuthenPolicy >> RESTR_GRP_OFFSET);
|
||||
break;
|
||||
case PRIVATE_GRP_BITS:
|
||||
return flag & (mAuthenPolicy >> PRIV_GRP_OFFSET);
|
||||
break;
|
||||
case GRP_OPTION_BITS:
|
||||
return flag & (mAuthenPolicy >> GRP_OPTIONS_OFFSET);
|
||||
break;
|
||||
default:
|
||||
std::cerr << "pos option not recognised";
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
bool RsGenExchange::getGroupList(const uint32_t &token, std::list<RsGxsGroupId> &groupIds)
|
||||
{
|
||||
@ -494,6 +661,36 @@ RsTokenService* RsGenExchange::getTokenService()
|
||||
}
|
||||
|
||||
|
||||
bool RsGenExchange::setAuthenPolicyFlag(const uint8_t &msgFlag, uint32_t& authenFlag, const PrivacyBitPos &pos)
|
||||
{
|
||||
uint32_t temp = 0;
|
||||
temp = msgFlag;
|
||||
|
||||
switch(pos)
|
||||
{
|
||||
case PUBLIC_GRP_BITS:
|
||||
authenFlag &= ~PUB_GRP_MASK;
|
||||
authenFlag |= temp;
|
||||
break;
|
||||
case RESTRICTED_GRP_BITS:
|
||||
authenFlag &= ~RESTR_GRP_MASK;
|
||||
authenFlag |= (temp << RESTR_GRP_OFFSET);
|
||||
break;
|
||||
case PRIVATE_GRP_BITS:
|
||||
authenFlag &= ~PRIV_GRP_MASK;
|
||||
authenFlag |= (temp << PRIV_GRP_OFFSET);
|
||||
break;
|
||||
case GRP_OPTION_BITS:
|
||||
authenFlag &= ~GRP_OPTIONS_MASK;
|
||||
authenFlag |= (temp << GRP_OPTIONS_OFFSET);
|
||||
break;
|
||||
default:
|
||||
std::cerr << "pos option not recognised";
|
||||
return false;
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
void RsGenExchange::notifyNewGroups(std::vector<RsNxsGrp *> &groups)
|
||||
{
|
||||
std::vector<RsNxsGrp*>::iterator vit = groups.begin();
|
||||
@ -953,7 +1150,18 @@ void RsGenExchange::processRecvdMessages()
|
||||
GxsMsgReq msgIds;
|
||||
std::map<RsNxsMsg*, RsGxsMsgMetaData*> msgs;
|
||||
|
||||
std::map<RsGxsGroupId, RsGxsGrpMetaData*> grpMetas;
|
||||
|
||||
// coalesce group meta retrieval for performance
|
||||
for(; vit != mReceivedMsgs.end(); vit++)
|
||||
{
|
||||
RsNxsMsg* msg = *vit;
|
||||
grpMetas.insert(std::make_pair(msg->grpId, (RsGxsGrpMetaData*)NULL));
|
||||
}
|
||||
|
||||
mDataStore->retrieveGxsGrpMetaData(grpMetas);
|
||||
|
||||
for(vit = mReceivedMsgs.begin(); vit != mReceivedMsgs.end(); vit++)
|
||||
{
|
||||
RsNxsMsg* msg = *vit;
|
||||
RsGxsMsgMetaData* meta = new RsGxsMsgMetaData();
|
||||
@ -961,10 +1169,25 @@ void RsGenExchange::processRecvdMessages()
|
||||
|
||||
if(ok)
|
||||
{
|
||||
msgs.insert(std::make_pair(msg, meta));
|
||||
msgIds[msg->grpId].push_back(msg->msgId);
|
||||
std::map<RsGxsGroupId, RsGxsGrpMetaData*>::iterator mit = grpMetas.find(msg->grpId);
|
||||
|
||||
// validate msg
|
||||
if(mit != grpMetas.end()){
|
||||
RsGxsGrpMetaData* grpMeta = mit->second;
|
||||
ok = true;
|
||||
//&= validateMsg(msg, grpMeta->mGroupFlags, grpMeta->keys);
|
||||
}
|
||||
else
|
||||
ok = false;
|
||||
|
||||
if(ok)
|
||||
{
|
||||
msgs.insert(std::make_pair(msg, meta));
|
||||
msgIds[msg->grpId].push_back(msg->msgId);
|
||||
}
|
||||
}
|
||||
else
|
||||
|
||||
if(!ok)
|
||||
{
|
||||
#ifdef GXS_GENX_DEBUG
|
||||
std::cerr << "failed to deserialise incoming meta, grpId: "
|
||||
@ -975,6 +1198,14 @@ void RsGenExchange::processRecvdMessages()
|
||||
}
|
||||
}
|
||||
|
||||
std::map<RsGxsGroupId, RsGxsGrpMetaData*>::iterator mit = grpMetas.begin();
|
||||
|
||||
// clean up resources
|
||||
for(; mit != grpMetas.end(); mit++)
|
||||
{
|
||||
delete mit->second;
|
||||
}
|
||||
|
||||
if(!msgIds.empty())
|
||||
{
|
||||
mDataStore->storeMessage(msgs);
|
||||
|
@ -41,7 +41,6 @@ typedef std::map<RsGxsGroupId, std::vector<RsGxsMsgItem*> > GxsMsgDataMap;
|
||||
typedef std::map<RsGxsGroupId, RsGxsGrpItem*> GxsGroupDataMap;
|
||||
typedef std::map<RsGxsGroupId, std::vector<RsMsgMetaData> > GxsMsgMetaMap;
|
||||
|
||||
|
||||
/*!
|
||||
* This should form the parent class to \n
|
||||
* all gxs services. This provides access to service's msg/grp data \n
|
||||
@ -76,10 +75,12 @@ public:
|
||||
* @param serviceSerialiser The users service needs this \n
|
||||
* in order for gen exchange to deal with its data types
|
||||
* @param mServType This should be service type used by the serialiser
|
||||
* @param This is used for verification of msgs and groups received by Gen Exchange using identities, set to NULL if \n
|
||||
* @param gixs This is used for verification of msgs and groups received by Gen Exchange using identities, set to NULL if \n
|
||||
* identity verification is not wanted
|
||||
* @param authenPolicy This determines the authentication used for verfying authorship of msgs and groups
|
||||
*/
|
||||
RsGenExchange(RsGeneralDataService* gds, RsNetworkExchangeService* ns, RsSerialType* serviceSerialiser, uint16_t mServType, RsGixs* gixs = NULL);
|
||||
RsGenExchange(RsGeneralDataService* gds, RsNetworkExchangeService* ns,
|
||||
RsSerialType* serviceSerialiser, uint16_t mServType, RsGixs* gixs = NULL, uint32_t authenPolicy = 0);
|
||||
|
||||
virtual ~RsGenExchange();
|
||||
|
||||
@ -119,6 +120,21 @@ public:
|
||||
|
||||
void run();
|
||||
|
||||
/*!
|
||||
* Policy bit pattern portion
|
||||
*/
|
||||
enum PrivacyBitPos { PUBLIC_GRP_BITS, RESTRICTED_GRP_BITS, PRIVATE_GRP_BITS, GRP_OPTION_BITS } ;
|
||||
|
||||
/*!
|
||||
* Convenience function for setting bit patterns of the individual privacy level authentication
|
||||
* policy and group options
|
||||
* @param flag the bit pattern (and policy) set for the privacy policy
|
||||
* @param authenFlag Only the policy portion chosen will be modified with 'flag'
|
||||
* @param pos The policy portion to modify
|
||||
* @see PrivacyBitPos
|
||||
*/
|
||||
static bool setAuthenPolicyFlag(const uint8_t& flag, uint32_t& authenFlag, const PrivacyBitPos& pos);
|
||||
|
||||
public:
|
||||
|
||||
/** data access functions **/
|
||||
@ -382,7 +398,6 @@ private:
|
||||
*/
|
||||
bool createMessage(RsNxsMsg* msg);
|
||||
|
||||
|
||||
/*!
|
||||
* check meta change is legal
|
||||
* @return false if meta change is not legal
|
||||
@ -395,6 +410,17 @@ private:
|
||||
*/
|
||||
void generateGroupKeys(RsTlvSecurityKeySet& keySet);
|
||||
|
||||
/*!
|
||||
* Attempts to validate msg
|
||||
* @param msg message to be validated
|
||||
* @param grpFlag the flag for the group the message belongs to
|
||||
* @param grpKeySet
|
||||
* @return true if msg validates, false otherwise
|
||||
*/
|
||||
bool validateMsg(RsNxsMsg* msg, const uint32_t& grpFlag, RsTlvSecurityKeySet& grpKeySet);
|
||||
|
||||
bool checkMsgAuthenFlag(const PrivacyBitPos& pos, const uint8_t& flag) const;
|
||||
|
||||
private:
|
||||
|
||||
RsMutex mGenMtx;
|
||||
@ -422,6 +448,9 @@ private:
|
||||
/// service type
|
||||
uint16_t mServType;
|
||||
|
||||
/// authentication policy
|
||||
uint32_t mAuthenPolicy;
|
||||
|
||||
|
||||
private:
|
||||
|
||||
|
@ -31,9 +31,6 @@
|
||||
|
||||
#include "serialiser/rstlvkeys.h"
|
||||
|
||||
//#include <openssl/ssl.h>
|
||||
//#include <set>
|
||||
|
||||
/*!
|
||||
* GIXP: General Identity Exchange Service.
|
||||
*
|
||||
|
@ -149,7 +149,6 @@ uint32_t RsGxsMsgMetaData::serial_size()
|
||||
s += GetTlvStringSize(mParentId);
|
||||
s += GetTlvStringSize(mOrigMsgId);
|
||||
s += GetTlvStringSize(mAuthorId);
|
||||
s += GetTlvStringSize(mServiceString);
|
||||
|
||||
s += signSet.TlvSize();
|
||||
s += GetTlvStringSize(mMsgName);
|
||||
@ -206,7 +205,6 @@ bool RsGxsMsgMetaData::serialise(void *data, uint32_t *size)
|
||||
ok &= SetTlvString(data, *size, &offset, 0, mParentId);
|
||||
ok &= SetTlvString(data, *size, &offset, 0, mOrigMsgId);
|
||||
ok &= SetTlvString(data, *size, &offset, 0, mAuthorId);
|
||||
ok &= SetTlvString(data, *size, &offset, 0, mServiceString);
|
||||
|
||||
ok &= signSet.SetTlv(data, *size, &offset);
|
||||
ok &= SetTlvString(data, *size, &offset, 0, mMsgName);
|
||||
@ -234,7 +232,6 @@ bool RsGxsMsgMetaData::deserialise(void *data, uint32_t *size)
|
||||
ok &= GetTlvString(data, *size, &offset, 0, mParentId);
|
||||
ok &= GetTlvString(data, *size, &offset, 0, mOrigMsgId);
|
||||
ok &= GetTlvString(data, *size, &offset, 0, mAuthorId);
|
||||
ok &= GetTlvString(data, *size, &offset, 0, mServiceString);
|
||||
|
||||
ok &= signSet.GetTlv(data, *size, &offset);
|
||||
ok &= GetTlvString(data, *size, &offset, 0, mMsgName);
|
||||
|
@ -112,6 +112,7 @@ public:
|
||||
|
||||
uint32_t mMsgStatus;
|
||||
time_t mChildTs;
|
||||
bool validated;
|
||||
|
||||
};
|
||||
|
||||
|
@ -51,16 +51,35 @@ namespace GXS_SERV {
|
||||
|
||||
/** END authentication **/
|
||||
|
||||
/** START msg authentication flags **/
|
||||
|
||||
static const uint8_t MSG_AUTHEN_MASK = 0x0f;
|
||||
|
||||
static const uint8_t MSG_AUTHEN_ROOT_PUBLISH_SIGN = 0x01;
|
||||
|
||||
static const uint8_t MSG_AUTHEN_CHILD_PUBLISH_SIGN = 0x02;
|
||||
|
||||
static const uint8_t MSG_AUTHEN_ROOT_AUTHOR_SIGN = 0x04;
|
||||
|
||||
static const uint8_t MSG_AUTHEN_CHILD_AUTHOR_SIGN = 0x08;
|
||||
|
||||
/** END msg authentication flags **/
|
||||
|
||||
/** START group options flag **/
|
||||
|
||||
static const uint8_t GRP_OPTION_AUTHEN_AUTHOR_SIGN = 0x01;
|
||||
|
||||
/** END group options flag **/
|
||||
|
||||
/** START Subscription Flags. (LOCAL) **/
|
||||
|
||||
static const uint32_t GROUP_SUBSCRIBE_ADMIN = 0x00000001;
|
||||
static const uint32_t GROUP_SUBSCRIBE_ADMIN = 0x01;
|
||||
|
||||
static const uint32_t GROUP_SUBSCRIBE_PUBLISH = 0x00000002;
|
||||
static const uint32_t GROUP_SUBSCRIBE_PUBLISH = 0x02;
|
||||
|
||||
static const uint32_t GROUP_SUBSCRIBE_SUBSCRIBED = 0x00000004;
|
||||
static const uint32_t GROUP_SUBSCRIBE_SUBSCRIBED = 0x04;
|
||||
|
||||
static const uint32_t GROUP_SUBSCRIBE_NOT_SUBSCRIBED = 0x00000008;
|
||||
static const uint32_t GROUP_SUBSCRIBE_NOT_SUBSCRIBED = 0x08;
|
||||
|
||||
static const uint32_t GROUP_SUBSCRIBE_MASK = 0x0000000f;
|
||||
|
||||
|
@ -363,8 +363,8 @@ void RsGxsNetService::run(){
|
||||
|
||||
bool RsGxsNetService::locked_checkTransacTimedOut(NxsTransaction* tr)
|
||||
{
|
||||
return tr->mTimeOut < ((uint32_t) time(NULL));
|
||||
// return false;
|
||||
// return tr->mTimeOut < ((uint32_t) time(NULL));
|
||||
return false;
|
||||
}
|
||||
|
||||
void RsGxsNetService::processTransactions(){
|
||||
|
@ -1818,9 +1818,9 @@ RsTurtle *rsTurtle = NULL ;
|
||||
|
||||
#ifdef ENABLE_GXS_CORE
|
||||
#include "gxs/gxscoreserver.h"
|
||||
|
||||
#include "gxs/rsdataservice.h"
|
||||
#include "gxs/rsgxsnetservice.h"
|
||||
#include "gxs/rsgxsflags.h"
|
||||
#endif
|
||||
|
||||
#ifdef ENABLE_GXS_SERVICES
|
||||
@ -2319,6 +2319,20 @@ int RsServer::StartupRetroShare()
|
||||
#if ENABLE_OTHER_GXS_SERVICES
|
||||
/**** Photo service ****/
|
||||
|
||||
// create photo authentication policy
|
||||
|
||||
uint32_t photoAuthenPolicy = 0;
|
||||
|
||||
uint8_t flag = 0;
|
||||
|
||||
flag = GXS_SERV::MSG_AUTHEN_ROOT_PUBLISH_SIGN;
|
||||
RsGenExchange::setAuthenPolicyFlag(flag, photoAuthenPolicy,
|
||||
RsGenExchange::RESTRICTED_GRP_BITS);
|
||||
|
||||
flag = GXS_SERV::GRP_OPTION_AUTHEN_AUTHOR_SIGN;
|
||||
RsGenExchange::setAuthenPolicyFlag(flag, photoAuthenPolicy,
|
||||
RsGenExchange::GRP_OPTION_BITS);
|
||||
|
||||
p3PhotoServiceV2 *mPhotoV2 = NULL;
|
||||
|
||||
|
||||
@ -2327,8 +2341,9 @@ int RsServer::StartupRetroShare()
|
||||
|
||||
photo_ds->resetDataStore(); //TODO: remove, new service data per RS session, for testing
|
||||
|
||||
|
||||
// init gxs services
|
||||
mPhotoV2 = new p3PhotoServiceV2(photo_ds, NULL);
|
||||
mPhotoV2 = new p3PhotoServiceV2(photo_ds, NULL, mGxsIdService, photoAuthenPolicy);
|
||||
|
||||
// create GXS photo service
|
||||
RsGxsNetService* photo_ns = new RsGxsNetService(
|
||||
|
@ -79,8 +79,10 @@ std::ostream &operator<<(std::ostream &out, const RsPhotoAlbum &album)
|
||||
return out;
|
||||
}
|
||||
|
||||
p3PhotoServiceV2::p3PhotoServiceV2(RsGeneralDataService* gds, RsNetworkExchangeService* nes)
|
||||
: RsGenExchange(gds, nes, new RsGxsPhotoSerialiser(), RS_SERVICE_GXSV1_TYPE_PHOTO), mPhotoMutex(std::string("Photo Mutex"))
|
||||
p3PhotoServiceV2::p3PhotoServiceV2(RsGeneralDataService* gds, RsNetworkExchangeService* nes, RsGixs* gixs,
|
||||
uint32_t authenPolicy)
|
||||
: RsGenExchange(gds, nes, new RsGxsPhotoSerialiser(), RS_SERVICE_GXSV1_TYPE_PHOTO, gixs, authenPolicy),
|
||||
mPhotoMutex(std::string("Photo Mutex"))
|
||||
{
|
||||
|
||||
// create dummy grps
|
||||
|
@ -34,7 +34,8 @@ class p3PhotoServiceV2 : public RsPhotoV2, public RsGenExchange
|
||||
{
|
||||
public:
|
||||
|
||||
p3PhotoServiceV2(RsGeneralDataService* gds, RsNetworkExchangeService* nes);
|
||||
p3PhotoServiceV2(RsGeneralDataService* gds, RsNetworkExchangeService* nes, RsGixs* gixs,
|
||||
uint32_t authenPolicy);
|
||||
|
||||
public:
|
||||
|
||||
|
@ -4,6 +4,7 @@
|
||||
#include "ui_AlbumCreateDialog.h"
|
||||
|
||||
#include "util/misc.h"
|
||||
#include "gxs/rsgxsflags.h"
|
||||
|
||||
AlbumCreateDialog::AlbumCreateDialog(TokenQueue *photoQueue, RsPhotoV2 *rs_photo, QWidget *parent):
|
||||
QDialog(parent),
|
||||
@ -20,6 +21,10 @@ AlbumCreateDialog::~AlbumCreateDialog()
|
||||
delete ui;
|
||||
}
|
||||
|
||||
#define PUBLIC_INDEX 0
|
||||
#define RESTRICTED_INDEX 1
|
||||
#define PRIVATE_INDEX 2
|
||||
|
||||
void AlbumCreateDialog::publishAlbum()
|
||||
{
|
||||
// get fields for album to publish, publish and then exit dialog
|
||||
@ -33,6 +38,22 @@ void AlbumCreateDialog::publishAlbum()
|
||||
album.mPhotographer = ui->lineEdit_Photographer->text().toStdString();
|
||||
getAlbumThumbnail(album.mThumbnail);
|
||||
|
||||
|
||||
int currIndex = ui->privacyComboBox->currentIndex();
|
||||
|
||||
switch(currIndex)
|
||||
{
|
||||
case PUBLIC_INDEX:
|
||||
album.mMeta.mGroupFlags |= GXS_SERV::FLAG_PRIVACY_PUBLIC;
|
||||
break;
|
||||
case RESTRICTED_INDEX:
|
||||
album.mMeta.mGroupFlags |= GXS_SERV::FLAG_PRIVACY_RESTRICTED;
|
||||
break;
|
||||
case PRIVATE_INDEX:
|
||||
album.mMeta.mGroupFlags |= GXS_SERV::FLAG_PRIVACY_PRIVATE;
|
||||
break;
|
||||
}
|
||||
|
||||
uint32_t token;
|
||||
mRsPhoto->submitAlbumDetails(token, album);
|
||||
mPhotoQueue->queueRequest(token, TOKENREQ_GROUPINFO, RS_TOKREQ_ANSTYPE_ACK, 0);
|
||||
|
@ -7,7 +7,7 @@
|
||||
<x>0</x>
|
||||
<y>0</y>
|
||||
<width>465</width>
|
||||
<height>356</height>
|
||||
<height>365</height>
|
||||
</rect>
|
||||
</property>
|
||||
<property name="windowTitle">
|
||||
@ -198,7 +198,7 @@ border-radius: 10px;
|
||||
</property>
|
||||
<layout class="QGridLayout" name="gridLayout">
|
||||
<item row="0" column="0">
|
||||
<widget class="QComboBox" name="comboBox_3">
|
||||
<widget class="QComboBox" name="privacyComboBox">
|
||||
<property name="sizePolicy">
|
||||
<sizepolicy hsizetype="Minimum" vsizetype="Fixed">
|
||||
<horstretch>0</horstretch>
|
||||
@ -210,11 +210,6 @@ border-radius: 10px;
|
||||
<string>Public</string>
|
||||
</property>
|
||||
</item>
|
||||
<item>
|
||||
<property name="text">
|
||||
<string>All Friends</string>
|
||||
</property>
|
||||
</item>
|
||||
<item>
|
||||
<property name="text">
|
||||
<string>Restricted</string>
|
||||
|
Loading…
Reference in New Issue
Block a user