added a tooltip and read color for unsecure GXS identities. These are still supported for a few weeks at most. So get rid of them

libretroshare/src/gxs/gxssecurity.cc

@@ -122,6 +122,14 @@ static void setRSAPrivateKeyData(RsTlvPrivateRSAKey& key, RSA *rsa_priv)
 
 	free(data) ;
 }
+bool GxsSecurity::checkFingerprint(const RsTlvPublicRSAKey& key)
+{
+    RSA *rsa_pub = ::extractPublicKey(key) ;
+    bool res = (key.keyId == getRsaKeyFingerprint(rsa_pub)) ;
+    RSA_free(rsa_pub) ;
+    return res ;
+}
+
 bool GxsSecurity::checkPrivateKey(const RsTlvPrivateRSAKey& key)
 {
 #ifdef GXS_SECURITY_DEBUG
@@ -152,22 +160,29 @@ bool GxsSecurity::checkPrivateKey(const RsTlvPrivateRSAKey& key)
 
     if(recomputed_key_id != key.keyId)
     {
-        std::cerr << "(WW) GxsSecurity::checkPrivateKey(): key " << key.keyId << " has wrong fingerprint " << recomputed_key_id << std::endl;
-        
         if(key.keyId == getRsaKeyFingerprint_old_insecure_method(rsa_pub))
         {
-        	std::cerr << "(WW) fingerprint was derived using old---insecure---format. It can be faked easily. You should get rid of it!" << std::endl;
+#ifdef GXS_SECURITY_DEBUG
+        	std::cerr << "(WW) fingerprint of key " << key.keyId << " was derived using old---insecure---format. It can be faked easily. You should get rid of this key!" << std::endl;
+#endif
 		RSA_free(rsa_pub) ;
+        
+		// The policy is to *accept* these private keys, but the public key that corresponds will be rejected anyway, as it can easily be faked.
 		return true ;
         }
-            
+        else
-	RSA_free(rsa_pub) ;
+	{
-        return false ;
+		std::cerr << "(WW) GxsSecurity::checkPrivateKey(): key " << key.keyId << " has wrong fingerprint " << recomputed_key_id << std::endl;
+
+		RSA_free(rsa_pub) ;
+		return false ;
+	}
     }
 
     RSA_free(rsa_pub) ;
     return true ;
 }
+
 bool GxsSecurity::checkPublicKey(const RsTlvPublicRSAKey &key)
 {
 #ifdef GXS_SECURITY_DEBUG
@@ -209,6 +224,9 @@ bool GxsSecurity::checkPublicKey(const RsTlvPublicRSAKey &key)
         	std::cerr << "(WW) fingerprint was derived using old---insecure---format. It can be faked easily." << std::endl;
 #endif
 	    RSA_free(rsa_pub) ;
+        
+	    // The policy is to accept these public keys, but warn the owner, since they might be fake keys. They will be soon rejected here, by replacing
+            // the return value by false.
 	    return true ;
         }
         else

libretroshare/src/gxs/gxssecurity.h

@@ -125,6 +125,7 @@ class GxsSecurity
 
         static bool checkPublicKey(const RsTlvPublicRSAKey &key);
         static bool checkPrivateKey(const RsTlvPrivateRSAKey &key);
+	static bool checkFingerprint(const RsTlvPublicRSAKey& key);	// helper function to only check the fingerprint
         
         /*!
          * Adds possibly missing public keys when private keys are present.

libretroshare/src/retroshare/rsidentity.h

@@ -69,6 +69,7 @@ static const uint32_t RS_IDENTITY_FLAGS_IS_A_CONTACT = 0x0001;
 static const uint32_t RS_IDENTITY_FLAGS_PGP_LINKED   = 0x0002;
 static const uint32_t RS_IDENTITY_FLAGS_PGP_KNOWN    = 0x0004;
 static const uint32_t RS_IDENTITY_FLAGS_IS_OWN_ID    = 0x0008;
+static const uint32_t RS_IDENTITY_FLAGS_IS_DEPRECATED= 0x0010;	// used to denote keys with deprecated fingerprint format.
 
 class GxsReputation
 {

libretroshare/src/services/p3idservice.cc

@@ -1701,9 +1701,13 @@ void RsGxsIdCache::init(const RsGxsIdGroupItem *item, const RsTlvPublicRSAKey& i
         {
             if(!priv_key.checkKey())
                 std::cerr << "(EE) Private key missing for own identity " << pub_key.keyId << std::endl;
+            
         }
 	if(!pub_key.checkKey())
 		std::cerr << "(EE) Public key missing for identity " << pub_key.keyId << std::endl;
+    
+	    if(!GxsSecurity::checkFingerprint(pub_key))
+		    details.mFlags |= RS_IDENTITY_FLAGS_IS_DEPRECATED;
                     
 	/* rest must be retrived from ServiceString */
 	updateServiceString(item->meta.mServiceString);

retroshare-gui/src/gui/Identity/IdDialog.cpp

@@ -1373,19 +1373,33 @@ bool IdDialog::fillIdListItem(const RsGxsIdGroup& data, QTreeWidgetItem *&item,
     item->setTextAlignment(RSID_COL_VOTES, Qt::AlignRight);
     item->setData(RSID_COL_VOTES,Qt::DisplayRole, QString::number(info.mOverallReputationScore - 1.0f,'f',3));
 
-	 if(isOwnId)
+    if(isOwnId)
-	 {
+    {
-        QFont font = item->font(RSID_COL_NICKNAME) ;
+	    RsIdentityDetails idd ;
-		font.setBold(true) ;
+	    rsIdentity->getIdDetails(RsGxsId(data.mMeta.mGroupId),idd) ;
-		item->setFont(RSID_COL_NICKNAME,font) ;
-		item->setFont(RSID_COL_IDTYPE,font) ;
-		item->setFont(RSID_COL_KEYID,font) ;
 
-		QString tooltip = tr("This identity is owned by you");
+	    QFont font = item->font(RSID_COL_NICKNAME) ;
-		item->setToolTip(RSID_COL_NICKNAME, tooltip) ;
+
-		item->setToolTip(RSID_COL_KEYID, tooltip) ;
+	    font.setBold(true) ;
-		item->setToolTip(RSID_COL_IDTYPE, tooltip) ;
+	    item->setFont(RSID_COL_NICKNAME,font) ;
-	 }
+	    item->setFont(RSID_COL_IDTYPE,font) ;
+	    item->setFont(RSID_COL_KEYID,font) ;
+
+	    QString tooltip = tr("This identity is owned by you");
+
+	    if(idd.mFlags & RS_IDENTITY_FLAGS_IS_DEPRECATED)
+	    {
+		    item->setForeground(RSID_COL_NICKNAME,QBrush(Qt::red));
+		    item->setForeground(RSID_COL_KEYID,QBrush(Qt::red));
+		    item->setForeground(RSID_COL_IDTYPE,QBrush(Qt::red));
+
+		    tooltip += tr("\nThis identity has a unsecure fingerprint (It's probably quite old).\nYou should get rid of it now and use a new one.\nThese identities will soon be not supported anymore.") ;
+	    }
+
+	    item->setToolTip(RSID_COL_NICKNAME, tooltip) ;
+	    item->setToolTip(RSID_COL_KEYID, tooltip) ;
+	    item->setToolTip(RSID_COL_IDTYPE, tooltip) ;
+    }
 
     QPixmap pixmap ;