switched security items to new notification system

libretroshare/src/pqi/authssl.cc

@@ -1189,6 +1189,8 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx)
 		if(rsEvents)
 		{
 			ev->mErrorMsg = errMsg;
+			ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::NO_CERTIFICATE_SUPPLIED;
+
 			rsEvents->postEvent(std::move(ev));
 		}
 
@@ -1218,7 +1220,8 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx)
 		{
 			ev->mSslCn = sslCn;
 			ev->mPgpId = pgpId;
-			ev->mErrorMsg = errMsg;
+			ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::MISSING_AUTHENTICATION_INFO;
+
 			rsEvents->postEvent(std::move(ev));
 		}
 
@@ -1237,6 +1240,8 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx)
 			ev->mSslId = sslId;
 			ev->mSslCn = sslCn;
 			ev->mErrorMsg = errMsg;
+			ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::MISSING_AUTHENTICATION_INFO;
+
 			rsEvents->postEvent(std::move(ev));
 		}
 
@@ -1266,6 +1271,7 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx)
 				ev->mSslCn = sslCn;
 				ev->mPgpId = pgpId;
 				ev->mErrorMsg = errorMsg;
+				ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::MISMATCHED_PGP_ID;
 				rsEvents->postEvent(std::move(ev));
 			}
 
@@ -1290,6 +1296,7 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx)
 			ev->mSslId = sslId;
 			ev->mSslCn = sslCn;
 			ev->mPgpId = pgpId;
+			ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::PGP_SIGNATURE_VALIDATION_FAILED;
 			ev->mErrorMsg = errMsg;
 			rsEvents->postEvent(std::move(ev));
 		}
@@ -1311,6 +1318,7 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx)
 			ev->mSslCn = sslCn;
 			ev->mPgpId = pgpId;
 			ev->mErrorMsg = errMsg;
+			ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::NOT_A_FRIEND;
 			rsEvents->postEvent(std::move(ev));
 		}
 
@@ -1330,6 +1338,8 @@ int AuthSSLimpl::VerifyX509Callback(int /*preverify_ok*/, X509_STORE_CTX* ctx)
 		ev->mSslId = sslId;
 		ev->mSslCn = sslCn;
 		ev->mPgpId = pgpId;
+		ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::NO_ERROR;
+
 		rsEvents->postEvent(std::move(ev));
 	}
 

libretroshare/src/pqi/authssl.h

@@ -52,34 +52,6 @@ RsPeerId getCertSslId(const X509& x509);
 const EVP_PKEY* getPubKey(const X509& x509);
 };
 
-/**
- * Event triggered by AuthSSL when authentication of a connection attempt either
- * fail or success
- */
-struct RsAuthSslConnectionAutenticationEvent : RsEvent
-{
-	RsAuthSslConnectionAutenticationEvent();
-
-	bool mSuccess;
-	RsPeerId mSslId;
-	std::string mSslCn;
-	RsPgpId mPgpId;
-	std::string mErrorMsg;
-
-	///* @see RsEvent @see RsSerializable
-	void serial_process( RsGenericSerializer::SerializeJob j,
-	                     RsGenericSerializer::SerializeContext& ctx) override
-	{
-		RsEvent::serial_process(j, ctx);
-		RS_SERIAL_PROCESS(mSuccess);
-		RS_SERIAL_PROCESS(mSslId);
-		RS_SERIAL_PROCESS(mSslCn);
-		RS_SERIAL_PROCESS(mPgpId);
-		RS_SERIAL_PROCESS(mErrorMsg);
-	}
-};
-
-
 /**
  * This is an implementation of SSL certificate authentication with PGP
  * signatures, instead of centralized certification authority.

libretroshare/src/pqi/p3notify.cc

@@ -236,7 +236,6 @@ void p3Notify::notifyOwnStatusMessageChanged()
 void p3Notify::notifyDiskFull               (uint32_t           location  , uint32_t                         size_limit_in_MB ) { FOR_ALL_NOTIFY_CLIENTS (*it)->notifyDiskFull          (location,size_limit_in_MB) ; }
 void p3Notify::notifyPeerStatusChanged      (const std::string& peer_id   , uint32_t                         status           ) { FOR_ALL_NOTIFY_CLIENTS (*it)->notifyPeerStatusChanged (peer_id,status) ; }
 void p3Notify::notifyGxsChange              (const RsGxsChanges& changes) {FOR_ALL_NOTIFY_CLIENTS (*it)->notifyGxsChange(changes) ;}
-void p3Notify::notifyConnectionWithoutCert  ()                                                                                  { FOR_ALL_NOTIFY_CLIENTS (*it)->notifyConnectionWithoutCert(); }
 
 void p3Notify::notifyPeerStatusChangedSummary   ()                                                                              { FOR_ALL_NOTIFY_CLIENTS (*it)->notifyPeerStatusChangedSummary() ; }
 void p3Notify::notifyDiscInfoChanged            ()                                                                              { FOR_ALL_NOTIFY_CLIENTS (*it)->notifyDiscInfoChanged         () ; } 

libretroshare/src/pqi/pqissllistener.cc

@@ -486,6 +486,20 @@ int	pqissllistenbase::continueSSL(IncomingSSLInfo& incoming_connexion_info, bool
 			break;
 		}
 
+		if(rsEvents)
+		{
+			auto ev = std::unique_ptr<RsAuthSslConnectionAutenticationEvent>(new RsAuthSslConnectionAutenticationEvent);
+
+			ev->mSslId = incoming_connexion_info.sslid;
+			ev->mPgpId = incoming_connexion_info.gpgid;
+			ev->mSslCn = incoming_connexion_info.sslcn;
+			ev->mLocator = RsUrl(sockaddr_storage_iptostring(incoming_connexion_info.addr));
+			ev->mSuccess = false;
+			ev->mErrorCode = RsAuthSslConnectionAutenticationEvent::MISSING_AUTHENTICATION_INFO;
+
+			rsEvents->postEvent(std::move(ev));
+		}
+
 		closeConnection(fd, incoming_connexion_info.ssl) ;
 
 		pqioutput(PQL_WARNING, pqissllistenzone, "Read Error on the SSL Socket\nShutting it down!");

libretroshare/src/retroshare/rsevents.h

@@ -25,6 +25,7 @@
 #include <cstdint>
 
 #include "util/rsmemory.h"
+#include "util/rsurl.h"
 #include "serialiser/rsserializable.h"
 #include "serialiser/rstypeserializer.h"
 
@@ -170,3 +171,51 @@ public:
 
 	virtual ~RsEvents();
 };
+
+//===================================================================================================//
+//                                            Connexion events                                       //
+//===================================================================================================//
+
+/**
+ * Event triggered by AuthSSL when authentication of a connection attempt either
+ * fail or success
+ */
+struct RsAuthSslConnectionAutenticationEvent : RsEvent
+{
+	RsAuthSslConnectionAutenticationEvent();
+
+    enum ConnextionErrorCode: uint8_t {
+        UNKNOWN_ERROR                   = 0x00,
+        MISSING_AUTHENTICATION_INFO     = 0x01,
+        PGP_SIGNATURE_VALIDATION_FAILED = 0x02,
+        MISMATCHED_PGP_ID               = 0x03,
+        NO_CERTIFICATE_SUPPLIED         = 0x04,
+        NOT_A_FRIEND                    = 0x05,
+        MISSING_CERTIFICATE             = 0x06,
+        IP_IS_BLACKLISTED               = 0x07,
+        NO_ERROR                        = 0x08,
+    };
+
+	bool mSuccess;
+	RsPeerId mSslId;
+	std::string mSslCn;
+	RsPgpId mPgpId;
+    RsUrl mLocator;
+	std::string mErrorMsg;
+	ConnextionErrorCode mErrorCode;
+
+	///* @see RsEvent @see RsSerializable
+	void serial_process( RsGenericSerializer::SerializeJob j,
+	                     RsGenericSerializer::SerializeContext& ctx) override
+	{
+		RsEvent::serial_process(j, ctx);
+		RS_SERIAL_PROCESS(mSuccess);
+		RS_SERIAL_PROCESS(mSslId);
+		RS_SERIAL_PROCESS(mSslCn);
+		RS_SERIAL_PROCESS(mPgpId);
+		RS_SERIAL_PROCESS(mLocator);
+		RS_SERIAL_PROCESS(mErrorMsg);
+		RS_SERIAL_PROCESS(mErrorCode);
+	}
+};
+

libretroshare/src/retroshare/rsnotify.h

@@ -231,7 +231,6 @@ public:
 	virtual void notifyDiskFull                   (uint32_t           /* location  */, uint32_t                         /* size limit in MB */) {}
 	virtual void notifyPeerStatusChanged          (const std::string& /* peer_id   */, uint32_t                         /* status           */) {}
 	virtual void notifyGxsChange                  (const RsGxsChanges& /* changes  */) {}
-	virtual void notifyConnectionWithoutCert      () {}
 
 	/* one or more peers has changed the states */
 	virtual void notifyPeerStatusChangedSummary   () {}