added recording system for usage cases of GXS ids

2024-12-29 09:26:18 -05:00 · 2016-12-19 20:44:15 +01:00 · 2016-12-19 20:44:15 +01:00 · ef0850e65b
commit ef0850e65b
parent 94d099f43b
6 changed files with 54 additions and 30 deletions
--- a/libretroshare/src/gxs/rsgenexchange.cc
+++ b/libretroshare/src/gxs/rsgenexchange.cc
@ -470,8 +470,8 @@ int RsGenExchange::createGroupSignatures(RsTlvKeySignatureSet& signSet, RsTlvBin
                if(GxsSecurity::getSignature((char*)grpData.bin_data, grpData.bin_len, authorKey, sign))
                {
                	id_ret = SIGN_SUCCESS;
-                    	mGixs->timeStampKey(grpMeta.mAuthorId) ;
+					mGixs->timeStampKey(grpMeta.mAuthorId,"Creation of group author signature for GrpId" + grpMeta.mGroupId.toStdString()) ;
-			signSet.keySignSet[INDEX_AUTHEN_IDENTITY] = sign;
+					signSet.keySignSet[INDEX_AUTHEN_IDENTITY] = sign;
                }
                else
                	id_ret = SIGN_FAIL;
@ -638,7 +638,7 @@ int RsGenExchange::createMsgSignatures(RsTlvKeySignatureSet& signSet, RsTlvBinar
 		    if(GxsSecurity::getSignature((char*)msgData.bin_data, msgData.bin_len, authorKey, sign))
 		    {
 			    id_ret = SIGN_SUCCESS;
-			    mGixs->timeStampKey(msgMeta.mAuthorId) ;
+			    mGixs->timeStampKey(msgMeta.mAuthorId,"Creating author signature in group " + msgMeta.mGroupId.toStdString() + ", msg " + msgMeta.mMsgId.toStdString()) ;
 			    signSet.keySignSet[INDEX_AUTHEN_IDENTITY] = sign;
 		    }
 		    else
@ -855,7 +855,7 @@ int RsGenExchange::validateMsg(RsNxsMsg *msg, const uint32_t& grpFlag, const uin
 		    {
 			    RsTlvKeySignature sign = metaData.signSet.keySignSet[INDEX_AUTHEN_IDENTITY];
 			    idValidate &= GxsSecurity::validateNxsMsg(*msg, sign, authorKey);
-			    mGixs->timeStampKey(metaData.mAuthorId) ;
+			    mGixs->timeStampKey(metaData.mAuthorId,"Validation of author signature. Grp="+metaData.mGroupId.toStdString()+", msg="+metaData.mMsgId.toStdString()) ;
 		    }
 		    else
 		    {
@ -986,7 +986,7 @@ int RsGenExchange::validateGrp(RsNxsGrp* grp)
 #ifdef GEN_EXCH_DEBUG
 				    std::cerr << "  key ID validation result: " << idValidate << std::endl;
 #endif
-				    mGixs->timeStampKey(metaData.mAuthorId) ;
+				    mGixs->timeStampKey(metaData.mAuthorId,"Group author signature validation. GrpId=" + metaData.mGroupId.toStdString()) ;
 			    }
 			    else
 			    {
@ -3145,7 +3145,7 @@ bool RsGenExchange::updateValid(RsGxsGrpMetaData& oldGrpMeta, RsNxsGrp& newGrp)
 	// also check this is the latest published group
 	bool latest = newGrp.metaData->mPublishTs > oldGrpMeta.mPublishTs;
-    mGixs->timeStampKey(newGrp.metaData->mAuthorId) ;
+    mGixs->timeStampKey(newGrp.metaData->mAuthorId,"Validation of signature for updated grp " + oldGrpMeta.mGroupId.toStdString()) ;
    return GxsSecurity::validateNxsGrp(newGrp, adminSign, keyMit->second) && latest;
 }
--- a/libretroshare/src/gxs/rsgixs.h
+++ b/libretroshare/src/gxs/rsgixs.h
@ -125,7 +125,7 @@ public:
    virtual bool getOwnIds(std::list<RsGxsId>& ids) = 0;
    virtual bool isOwnId(const RsGxsId& key_id) = 0 ;
-    virtual void timeStampKey(const RsGxsId& key_id) = 0 ;
+    virtual void timeStampKey(const RsGxsId& key_id,const std::string& reason) = 0 ;
    // Key related interface - used for validating msgs and groups.
    /*!
--- a/libretroshare/src/gxs/rsgxsutil.cc
+++ b/libretroshare/src/gxs/rsgxsutil.cc
@ -339,7 +339,7 @@ bool RsGxsIntegrityCheck::check()
 		    // Note: we could time_stamp even in the case where the id is not cached. Anyway, it's not really a problem here, since IDs have a high chance of
 		    // behing eventually stamped.
-		    mGixs->timeStampKey(gxs_ids[n]) ;
+		    mGixs->timeStampKey(gxs_ids[n],"Used in service (Integrity check)") ;
 	    }
 	    gxs_ids[n] = gxs_ids[gxs_ids.size()-1] ;
--- a/libretroshare/src/gxstunnel/p3gxstunnel.cc
+++ b/libretroshare/src/gxstunnel/p3gxstunnel.cc
@ -937,7 +937,7 @@ void p3GxsTunnelService::handleRecvDHPublicKey(RsGxsTunnelDHPublicKeyItem *item)
        std::cerr << "(SS) Signature was verified and it doesn't check! This is a security issue!" << std::endl;
        return ;
    }
-    mGixs->timeStampKey(item->signature.keyId) ;
+    mGixs->timeStampKey(item->signature.keyId,"Used to validate GXS tunnel DH half-key.") ;
 #ifdef DEBUG_GXS_TUNNEL
    std::cerr << "  Signature checks! Sender's ID = " << senders_id << std::endl;
--- a/libretroshare/src/services/p3idservice.cc
+++ b/libretroshare/src/services/p3idservice.cc
@ -128,8 +128,9 @@ RsIdentity *rsIdentity = NULL;
 /* delays */
-#define CACHETEST_PERIOD	        60
+#define CACHETEST_PERIOD	            60
 #define DELAY_BETWEEN_CONFIG_UPDATES   300
 #define GXS_MAX_KEY_TS_USAGE_MAP_SIZE    5
 #define OWNID_RELOAD_DELAY		10
@ -255,23 +256,33 @@ void p3IdService::slowIndicateConfigChanged()
 }
 time_t p3IdService::locked_getLastUsageTS(const RsGxsId& gxs_id)
 {
-    std::map<RsGxsId,time_t>::const_iterator it = mKeysTS.find(gxs_id) ;
+    std::map<RsGxsId,keyTSInfo>::const_iterator it = mKeysTS.find(gxs_id) ;
    if(it == mKeysTS.end())
        return 0 ;
    else
-        return it->second ;
+        return it->second.TS ;
 }
-void p3IdService::timeStampKey(const RsGxsId& gxs_id)
+void p3IdService::timeStampKey(const RsGxsId& gxs_id, const std::string& reason)
 {
    if(rsReputations->isIdentityBanned(gxs_id) )
    {
        std::cerr << "(II) p3IdService:timeStampKey(): refusing to time stamp key " << gxs_id << " because it is banned." << std::endl;
        return ;
    }
    std::cerr << "(II) time stamping key " << gxs_id << " for the following reason: " << reason << std::endl;
    RS_STACK_MUTEX(mIdMtx) ;
-    mKeysTS[gxs_id] = time(NULL) ;
+
    time_t now = time(NULL) ;
    keyTSInfo& info(mKeysTS[gxs_id]) ;
    info.TS = now ;
    info.usage_map[now] = reason ;
    while(info.usage_map.size() > GXS_MAX_KEY_TS_USAGE_MAP_SIZE)
        info.usage_map.erase(info.usage_map.begin());
    slowIndicateConfigChanged() ;
 }
@ -286,7 +297,7 @@ bool p3IdService::loadList(std::list<RsItem*>& items)
        if( (lii = dynamic_cast<RsGxsIdLocalInfoItem*>(*it)) != NULL)
        {
            for(std::map<RsGxsId,time_t>::const_iterator it2 = lii->mTimeStamps.begin();it2!=lii->mTimeStamps.end();++it2)
-                mKeysTS.insert(*it2) ;
+                mKeysTS[it2->first].TS = it2->second;
            mContacts = lii->mContacts ;
        }
@ -307,7 +318,10 @@ bool p3IdService::saveList(bool& cleanup,std::list<RsItem*>& items)
    RS_STACK_MUTEX(mIdMtx) ;
    cleanup = true ;
    RsGxsIdLocalInfoItem *item = new RsGxsIdLocalInfoItem ;
-    item->mTimeStamps = mKeysTS ;
+
    for(std::map<RsGxsId,keyTSInfo>::const_iterator it(mKeysTS.begin());it!=mKeysTS.end();++it)
 		item->mTimeStamps[it->first] = it->second.TS;
    item->mContacts = mContacts ;
    items.push_back(item) ;
@ -317,7 +331,7 @@ bool p3IdService::saveList(bool& cleanup,std::list<RsItem*>& items)
 class IdCacheEntryCleaner
 {
 public:
-    IdCacheEntryCleaner(const std::map<RsGxsId,time_t>& last_usage_TSs) : mLastUsageTS(last_usage_TSs) {}
+    IdCacheEntryCleaner(const std::map<RsGxsId,p3IdService::keyTSInfo>& last_usage_TSs) : mLastUsageTS(last_usage_TSs) {}
    bool processEntry(RsGxsIdCache& entry)
    {
@ -338,11 +352,11 @@ public:
            return true ;
        }
-        std::map<RsGxsId,time_t>::const_iterator it = mLastUsageTS.find(gxs_id) ;
+        std::map<RsGxsId,p3IdService::keyTSInfo>::const_iterator it = mLastUsageTS.find(gxs_id) ;
        bool no_ts = (it == mLastUsageTS.end()) ;
-        time_t last_usage_ts = no_ts?0:(it->second);
+        time_t last_usage_ts = no_ts?0:(it->second.TS);
        time_t max_keep_time ;
        if(no_ts)
@ -370,7 +384,7 @@ public:
    }
    std::list<RsGxsId> ids_to_delete ;
-    const std::map<RsGxsId,time_t>& mLastUsageTS;
+    const std::map<RsGxsId,p3IdService::keyTSInfo>& mLastUsageTS;
 };
 void p3IdService::cleanUnusedKeys()
@ -495,7 +509,7 @@ void p3IdService::notifyChanges(std::vector<RsGxsNotify *> &changes)
                    // also time_stamp the key that this group represents
-                    timeStampKey(RsGxsId(*git)) ;
+                    timeStampKey(RsGxsId(*git),"Group info changed") ;
                    ++git;
                }
@ -892,7 +906,7 @@ bool p3IdService::signData(const uint8_t *data,uint32_t data_size,const RsGxsId&
        return false ;
    }
    error_status = RS_GIXS_ERROR_NO_ERROR ;
-    timeStampKey(own_gxs_id) ;
+    timeStampKey(own_gxs_id,"own GXS id") ;
    return true ;
 }
 bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTlvKeySignature& signature,bool force_load,uint32_t& signing_error)
@ -929,7 +943,7 @@ bool p3IdService::validateData(const uint8_t *data,uint32_t data_size,const RsTl
    }
    signing_error = RS_GIXS_ERROR_NO_ERROR ;
-    timeStampKey(signature.keyId) ;
+    timeStampKey(signature.keyId,"Used in signature checking." ) ;
    return true ;
 }
 bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_data_size,uint8_t *& encrypted_data,uint32_t& encrypted_data_size,const RsGxsId& encryption_key_id,bool force_load,uint32_t& error_status)
@ -957,7 +971,7 @@ bool p3IdService::encryptData(const uint8_t *decrypted_data,uint32_t decrypted_d
        return false ;
    }
    error_status = RS_GIXS_ERROR_NO_ERROR ;
-    timeStampKey(encryption_key_id) ;
+    timeStampKey(encryption_key_id,"Used to encrypt data") ;
    return true ;
 }
@ -989,7 +1003,7 @@ bool p3IdService::decryptData(const uint8_t *encrypted_data,uint32_t encrypted_d
        return false ;
    }
    error_status = RS_GIXS_ERROR_NO_ERROR ;
-    timeStampKey(key_id) ;
+    timeStampKey(key_id,"Used to decrypt data") ;
    return true ;
 }
@ -2399,7 +2413,8 @@ bool p3IdService::cache_load_ownids(uint32_t token)
                    // This prevents automatic deletion to get rid of them.
                    // In other words, own ids are always used.
-                    mKeysTS[RsGxsId(item->meta.mGroupId)] = time(NULL) ;
+
                    mKeysTS[RsGxsId(item->meta.mGroupId)].TS = time(NULL) ;
 				}
 				delete item ;
            }
@ -2691,7 +2706,7 @@ RsGenExchange::ServiceCreate_Return p3IdService::service_CreateGroup(RsGxsGrpIte
        std::cerr << std::endl;
        return SERVICE_CREATE_FAIL;
    }
-    mKeysTS[RsGxsId(item->meta.mGroupId)] = time(NULL) ;
+    mKeysTS[RsGxsId(item->meta.mGroupId)].TS = time(NULL) ;
    /********************* TEMP HACK UNTIL GXS FILLS IN GROUP_ID *****************/
@ -2851,7 +2866,7 @@ RsGenExchange::ServiceCreate_Return p3IdService::service_CreateGroup(RsGxsGrpIte
        if (std::find(mOwnIds.begin(), mOwnIds.end(), gxsId) == mOwnIds.end())
        {
            mOwnIds.push_back(gxsId);
-            mKeysTS[gxsId] = time(NULL) ;
+            mKeysTS[gxsId].TS = time(NULL) ;
        }
    }
--- a/libretroshare/src/services/p3idservice.h
+++ b/libretroshare/src/services/p3idservice.h
@ -467,7 +467,7 @@ private:
 	void cleanUnusedKeys() ;
 	void slowIndicateConfigChanged() ;
-	virtual void timeStampKey(const RsGxsId& id) ;
+	virtual void timeStampKey(const RsGxsId& id,const std::string& reason) ;
 	time_t locked_getLastUsageTS(const RsGxsId& gxs_id);
 	std::string genRandomId(int len = 20);
@ -507,10 +507,19 @@ private:
 private:
    struct keyTSInfo
    {
        keyTSInfo() : TS(0) {}
        time_t TS ;
        std::map<std::string,time_t> usage_map ;
    };
 	friend class IdCacheEntryCleaner;
 	std::map<uint32_t, std::set<RsGxsGroupId> > mIdsPendingCache;
 	std::map<uint32_t, std::list<RsGxsGroupId> > mGroupNotPresent;
 	std::map<RsGxsId, std::list<RsPeerId> > mIdsNotPresent;
-	std::map<RsGxsId,time_t> mKeysTS ;
+	std::map<RsGxsId,keyTSInfo> mKeysTS ;
 	// keep a list of regular contacts. This is useful to sort IDs, and allow some services to priviledged ids only.
 	std::set<RsGxsId> mContacts;