mirror of
https://github.com/RetroShare/RetroShare.git
synced 2025-01-27 07:47:03 -05:00
Networking REWORK: Major cleanup of p3ConnectMgr.
(Sorry for the ridiculously large check-in, wants to fix lots of stuff.) Other Changes: * Added SSL Test Harness. (authssltest) * Added GPG Test Harness. (authssltest) * Reworked SSL/GPG startup to enable test harnesses * pqiperson: added notify of FAIL if connection method unavailable. * added p3tunnel to pqissltunnel init. * pqimonitor: added ipHistory to connect callback. p3ConnectMgr Changes: * removed STUN system - wasn't operating correctly anyway without DHT. * switched to new IpAddress history data types. (removed lots of code) * Added Addr history for both Local and Ext addresses. * removed p3tunnel references in p3connmgr * fixed up mUseTunnelConnection flags (now used!) * fixed up mUseExtFinder flags (now used!) * added improved Net Status. * corrected UPNP / EXT / UDP startup. (was always UPNP). * fixed netReset() and netStartup(). * removed unnecessary DEBUG code. * added UPNP timeout code (600 secs - why does it take so long?) * added improved netExtCheck(). * removed wierd netConsistencyCheck() ... to rework. * corrected connect / reconnect code. * removed DHT notify code. git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@3247 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
parent
85e1b4b111
commit
f4331da483
@ -36,8 +36,26 @@
|
||||
|
||||
//#define GPG_DEBUG 1
|
||||
|
||||
// initializing the singleton pointer
|
||||
AuthGPG *AuthGPG::instance_gpg = new AuthGPG();
|
||||
static AuthGPG *instance_gpg = NULL;
|
||||
|
||||
void setAuthGPG(AuthGPG *newgpg)
|
||||
{
|
||||
instance_gpg = newgpg;
|
||||
}
|
||||
|
||||
void AuthGPGInit()
|
||||
{
|
||||
instance_gpg = new AuthGPGimpl();
|
||||
}
|
||||
|
||||
AuthGPG *AuthGPG::getAuthGPG()
|
||||
{
|
||||
return instance_gpg;
|
||||
}
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/* Turn a set of parameters into a string */
|
||||
static std::string setKeyPairParams(bool useRsa, unsigned int blen,
|
||||
@ -107,7 +125,7 @@ gpg_error_t pgp_pwd_callback(void *hook, const char *uid_hint, const char *passp
|
||||
return 0;
|
||||
}
|
||||
|
||||
AuthGPG::AuthGPG()
|
||||
AuthGPGimpl::AuthGPGimpl()
|
||||
:p3Config(CONFIG_TYPE_AUTHGPG),gpgmeInit(false),gpgmeKeySelected(false)
|
||||
{
|
||||
{
|
||||
@ -171,7 +189,7 @@ AuthGPG::AuthGPG()
|
||||
}
|
||||
|
||||
/* Initialize */
|
||||
bool AuthGPG::InitAuth ()
|
||||
bool AuthGPGimpl::InitAuth ()
|
||||
{
|
||||
std::string HomeDir;
|
||||
|
||||
@ -212,7 +230,7 @@ bool AuthGPG::InitAuth ()
|
||||
*
|
||||
* returns false if GnuPG is not available.
|
||||
*/
|
||||
bool AuthGPG::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids)
|
||||
bool AuthGPGimpl::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids)
|
||||
{
|
||||
int i = 0;
|
||||
gpgme_key_t KEY = NULL;
|
||||
@ -242,13 +260,13 @@ bool AuthGPG::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &id
|
||||
{
|
||||
ids.push_back(KEY->subkeys->keyid);
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::availablePGPCertificates() Added: " << KEY->subkeys->keyid << std::endl;
|
||||
std::cerr << "AuthGPGimpl::availablePGPCertificates() Added: " << KEY->subkeys->keyid << std::endl;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
{
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::availablePGPCertificates() Missing subkey" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::availablePGPCertificates() Missing subkey" << std::endl;
|
||||
#endif
|
||||
}
|
||||
}
|
||||
@ -259,7 +277,7 @@ bool AuthGPG::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &id
|
||||
return false;
|
||||
}
|
||||
|
||||
std::cerr << "AuthGPG::availablePGPCertificates() Secret Key Count: " << i << std::endl;
|
||||
std::cerr << "AuthGPGimpl::availablePGPCertificates() Secret Key Count: " << i << std::endl;
|
||||
|
||||
/* return false if there are no private keys */
|
||||
return (i > 0);
|
||||
@ -272,10 +290,10 @@ bool AuthGPG::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &id
|
||||
* This function must be called successfully (return == 1)
|
||||
* before anything else can be done. (except above fn).
|
||||
*/
|
||||
int AuthGPG::GPGInit(std::string ownId)
|
||||
int AuthGPGimpl::GPGInit(std::string ownId)
|
||||
{
|
||||
|
||||
std::cerr << "AuthGPG::GPGInit() called with own gpg id : " << ownId << std::endl;
|
||||
std::cerr << "AuthGPGimpl::GPGInit() called with own gpg id : " << ownId << std::endl;
|
||||
|
||||
{
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
@ -294,7 +312,7 @@ int AuthGPG::GPGInit(std::string ownId)
|
||||
{
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
if (mOwnGpgCert.id != mOwnGpgId) {
|
||||
std::cerr << "AuthGPG::GPGInit() failed to find your id." << std::endl;
|
||||
std::cerr << "AuthGPGimpl::GPGInit() failed to find your id." << std::endl;
|
||||
return 0;
|
||||
}
|
||||
|
||||
@ -308,18 +326,18 @@ int AuthGPG::GPGInit(std::string ownId)
|
||||
|
||||
//printAllKeys_locked();
|
||||
|
||||
std::cerr << "AuthGPG::GPGInit finished." << std::endl;
|
||||
std::cerr << "AuthGPGimpl::GPGInit finished." << std::endl;
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
AuthGPG::~AuthGPG()
|
||||
AuthGPGimpl::~AuthGPGimpl()
|
||||
{
|
||||
}
|
||||
|
||||
bool AuthGPG::storeAllKeys_tick() {
|
||||
bool AuthGPGimpl::storeAllKeys_tick() {
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::storeAllKeys_tick() called." << std::endl;
|
||||
std::cerr << "AuthGPGimpl::storeAllKeys_tick() called." << std::endl;
|
||||
#endif
|
||||
time_t timeSinceStore = 0;
|
||||
{
|
||||
@ -335,10 +353,10 @@ bool AuthGPG::storeAllKeys_tick() {
|
||||
}
|
||||
|
||||
// store all keys in map mKeyList to avoid callin gpgme exe repeatedly
|
||||
bool AuthGPG::storeAllKeys()
|
||||
bool AuthGPGimpl::storeAllKeys()
|
||||
{
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::storeAllKeys()" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::storeAllKeys()" << std::endl;
|
||||
#endif
|
||||
|
||||
std::list<std::string> gpg_change_trust_list;
|
||||
@ -348,12 +366,12 @@ bool AuthGPG::storeAllKeys()
|
||||
gpg_error_t ERR;
|
||||
if (!gpgmeInit)
|
||||
{
|
||||
std::cerr << "AuthGPG::storeAllKeys() Error since GPG is not initialised" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::storeAllKeys() Error since GPG is not initialised" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::storeAllKeys() clearing existing ones" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::storeAllKeys() clearing existing ones" << std::endl;
|
||||
#endif
|
||||
|
||||
/* enable SIG mode */
|
||||
@ -368,7 +386,7 @@ bool AuthGPG::storeAllKeys()
|
||||
/* Initiates a key listing 0 = All Keys */
|
||||
if (GPG_ERR_NO_ERROR != gpgme_op_keylist_start (CTX, "", 0))
|
||||
{
|
||||
std::cerr << "AuthGPG::storeAllKeys() Error iterating through KeyList" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::storeAllKeys() Error iterating through KeyList" << std::endl;
|
||||
// if (rsicontrol != NULL) {
|
||||
// rsicontrol->getNotify().notifyErrorMsg(0,0,"Error reading gpg keyring, cannot acess key list.");
|
||||
// }
|
||||
@ -380,7 +398,7 @@ bool AuthGPG::storeAllKeys()
|
||||
mStoreKeyTime = time(NULL);
|
||||
ERR = gpgme_op_keylist_next (CTX, &KEY);
|
||||
if (GPG_ERR_NO_ERROR != ERR) {
|
||||
std::cerr << "AuthGPG::storeAllKeys() didn't find any gpg key in the keyring" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::storeAllKeys() didn't find any gpg key in the keyring" << std::endl;
|
||||
// if (rsicontrol != NULL) {
|
||||
// rsicontrol->getNotify().notifyErrorMsg(0,0,"Error reading gpg keyring, cannot find any key in the list.");
|
||||
// }
|
||||
@ -402,7 +420,7 @@ bool AuthGPG::storeAllKeys()
|
||||
|
||||
if ((!KEY->subkeys) || (!KEY->uids))
|
||||
{
|
||||
std::cerr << "AuthGPG::storeAllKeys() Invalid Key in List... skipping" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::storeAllKeys() Invalid Key in List... skipping" << std::endl;
|
||||
continue;
|
||||
}
|
||||
|
||||
@ -541,7 +559,7 @@ bool AuthGPG::storeAllKeys()
|
||||
}
|
||||
|
||||
// update trust on all available keys. Not used anymore
|
||||
//bool AuthGPG::updateTrustAllKeys_locked()
|
||||
//bool AuthGPGimpl::updateTrustAllKeys_locked()
|
||||
//{
|
||||
// gpg_error_t ERR;
|
||||
// if (!gpgmeInit)
|
||||
@ -610,7 +628,7 @@ bool AuthGPG::storeAllKeys()
|
||||
//
|
||||
//}
|
||||
|
||||
bool AuthGPG::printAllKeys_locked()
|
||||
bool AuthGPGimpl::printAllKeys_locked()
|
||||
{
|
||||
certmap::const_iterator it;
|
||||
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
|
||||
@ -644,7 +662,7 @@ bool AuthGPG::printAllKeys_locked()
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPG::printOwnKeys_locked()
|
||||
bool AuthGPGimpl::printOwnKeys_locked()
|
||||
{
|
||||
certmap::iterator it;
|
||||
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
|
||||
@ -660,7 +678,7 @@ bool AuthGPG::printOwnKeys_locked()
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPG::printKeys()
|
||||
bool AuthGPGimpl::printKeys()
|
||||
{
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
printAllKeys_locked();
|
||||
@ -708,14 +726,14 @@ void print_pgpme_verify_summary(unsigned int summary)
|
||||
}
|
||||
|
||||
|
||||
bool AuthGPG::DoOwnSignature(const void *data, unsigned int datalen, void *buf_sigout, unsigned int *outl)
|
||||
bool AuthGPGimpl::DoOwnSignature(const void *data, unsigned int datalen, void *buf_sigout, unsigned int *outl)
|
||||
{
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
/* setup signers */
|
||||
gpgme_signers_clear(CTX);
|
||||
if (GPG_ERR_NO_ERROR != gpgme_signers_add(CTX, mOwnGpgCert.key))
|
||||
{
|
||||
std::cerr << "AuthGPG::DoOwnSignature() Error Adding Signer" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::DoOwnSignature() Error Adding Signer" << std::endl;
|
||||
}
|
||||
|
||||
gpgme_data_t gpgmeData;
|
||||
@ -738,7 +756,7 @@ bool AuthGPG::DoOwnSignature(const void *data, unsigned int datalen, void *buf_s
|
||||
if (GPG_ERR_NO_ERROR != (ERR = gpgme_op_sign(CTX,gpgmeData, gpgmeSig, mode)))
|
||||
{
|
||||
ProcessPGPmeError(ERR);
|
||||
std::cerr << "AuthGPG::Sign FAILED ERR: " << ERR << std::endl;
|
||||
std::cerr << "AuthGPGimpl::Sign FAILED ERR: " << ERR << std::endl;
|
||||
gpgme_data_release(gpgmeSig);
|
||||
gpgme_data_release(gpgmeData);
|
||||
return false;
|
||||
@ -764,13 +782,13 @@ bool AuthGPG::DoOwnSignature(const void *data, unsigned int datalen, void *buf_s
|
||||
|
||||
while(ik != NULL)
|
||||
{
|
||||
fprintf(stderr, "AuthGPG::Sign, Invalid by: %s\n", ik->fpr);
|
||||
fprintf(stderr, "AuthGPGimpl::Sign, Invalid by: %s\n", ik->fpr);
|
||||
ik = ik->next;
|
||||
}
|
||||
|
||||
while(sg != NULL)
|
||||
{
|
||||
fprintf(stderr, "AuthGPG::Signed by: %s\n", sg->fpr);
|
||||
fprintf(stderr, "AuthGPGimpl::Signed by: %s\n", sg->fpr);
|
||||
sg = sg->next;
|
||||
}
|
||||
#endif
|
||||
@ -780,7 +798,7 @@ bool AuthGPG::DoOwnSignature(const void *data, unsigned int datalen, void *buf_s
|
||||
// gpgme_data_write (gpgmeSig, "", 1); // to be able to convert it into a string
|
||||
char *export_sig = gpgme_data_release_and_get_mem(gpgmeSig, &len);
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::Signature len: " << len << std::endl;
|
||||
std::cerr << "AuthGPGimpl::Signature len: " << len << std::endl;
|
||||
#endif
|
||||
|
||||
if (len < *outl) // -1 because we added a 0 at the end.
|
||||
@ -798,7 +816,7 @@ bool AuthGPG::DoOwnSignature(const void *data, unsigned int datalen, void *buf_s
|
||||
|
||||
|
||||
/* import to GnuPG and other Certificates */
|
||||
bool AuthGPG::VerifySignature(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint)
|
||||
bool AuthGPGimpl::VerifySignature(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint)
|
||||
{
|
||||
gpgme_data_t gpgmeSig;
|
||||
gpgme_data_t gpgmeData;
|
||||
@ -835,7 +853,7 @@ bool AuthGPG::VerifySignature(const void *data, int datalen, const void *sig, un
|
||||
if (GPG_ERR_NO_ERROR != (ERR = gpgme_op_verify(CTX,gpgmeSig, gpgmeData, NULL)))
|
||||
{
|
||||
ProcessPGPmeError(ERR);
|
||||
std::cerr << "AuthGPG::Verify FAILED" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::Verify FAILED" << std::endl;
|
||||
}
|
||||
|
||||
gpgme_verify_result_t res = gpgme_op_verify_result(CTX);
|
||||
@ -862,18 +880,18 @@ bool AuthGPG::VerifySignature(const void *data, int datalen, const void *sig, un
|
||||
while(sg != NULL)
|
||||
{
|
||||
#ifdef GPG_DEBUG
|
||||
fprintf(stderr, "AuthGPG::Verify Sig by: %s, status: %d\n", sg->fpr, sg->status);
|
||||
fprintf(stderr, "AuthGPGimpl::Verify Sig by: %s, status: %d\n", sg->fpr, sg->status);
|
||||
print_pgpme_verify_summary(sg->summary);
|
||||
#endif
|
||||
|
||||
if (sg->status == GPG_ERR_NO_ERROR)
|
||||
{
|
||||
#ifdef GPG_DEBUG
|
||||
fprintf(stderr, "AuthGPG::VerifySignature() OK\n");
|
||||
fprintf(stderr, "AuthGPGimpl::VerifySignature() OK\n");
|
||||
#endif
|
||||
if (withfingerprint != "" && withfingerprint == std::string(sg->fpr)) {
|
||||
#ifdef GPG_DEBUG
|
||||
fprintf(stderr, "AuthGPG::VerifySignature() for the fingerprint key : ");
|
||||
fprintf(stderr, "AuthGPGimpl::VerifySignature() for the fingerprint key : ");
|
||||
std::cerr << withfingerprint;
|
||||
fprintf(stderr, "\n");
|
||||
#endif
|
||||
@ -890,7 +908,7 @@ bool AuthGPG::VerifySignature(const void *data, int datalen, const void *sig, un
|
||||
/* extract id(s)! */
|
||||
if (!valid)
|
||||
{
|
||||
fprintf(stderr, "AuthGPG::VerifySignature() FAILED\n");
|
||||
fprintf(stderr, "AuthGPGimpl::VerifySignature() FAILED\n");
|
||||
}
|
||||
|
||||
return valid;
|
||||
@ -899,14 +917,14 @@ bool AuthGPG::VerifySignature(const void *data, int datalen, const void *sig, un
|
||||
|
||||
|
||||
|
||||
bool AuthGPG::active()
|
||||
bool AuthGPGimpl::active()
|
||||
{
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
|
||||
return ((gpgmeInit) && (gpgmeKeySelected));
|
||||
}
|
||||
|
||||
bool AuthGPG::GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString) {
|
||||
bool AuthGPGimpl::GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString) {
|
||||
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
|
||||
@ -934,13 +952,13 @@ bool AuthGPG::GeneratePGPCertificate(std::string name, std::string email, std
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPG::CloseAuth()
|
||||
bool AuthGPGimpl::CloseAuth()
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
/**** These Two are common */
|
||||
std::string AuthGPG::getGPGName(GPG_id id)
|
||||
std::string AuthGPGimpl::getGPGName(GPG_id id)
|
||||
{
|
||||
storeAllKeys_tick();
|
||||
|
||||
@ -954,7 +972,7 @@ std::string AuthGPG::getGPGName(GPG_id id)
|
||||
}
|
||||
|
||||
/**** These Two are common */
|
||||
std::string AuthGPG::getGPGEmail(GPG_id id)
|
||||
std::string AuthGPGimpl::getGPGEmail(GPG_id id)
|
||||
{
|
||||
storeAllKeys_tick();
|
||||
|
||||
@ -969,19 +987,19 @@ std::string AuthGPG::getGPGEmail(GPG_id id)
|
||||
|
||||
/**** GPG versions ***/
|
||||
|
||||
std::string AuthGPG::getGPGOwnId()
|
||||
std::string AuthGPGimpl::getGPGOwnId()
|
||||
{
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
return mOwnGpgId;
|
||||
}
|
||||
|
||||
std::string AuthGPG::getGPGOwnName()
|
||||
std::string AuthGPGimpl::getGPGOwnName()
|
||||
{
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
return mOwnGpgCert.name;
|
||||
}
|
||||
|
||||
bool AuthGPG::getGPGAllList(std::list<std::string> &ids)
|
||||
bool AuthGPGimpl::getGPGAllList(std::list<std::string> &ids)
|
||||
{
|
||||
storeAllKeys_tick();
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
@ -995,10 +1013,10 @@ bool AuthGPG::getGPGAllList(std::list<std::string> &ids)
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPG::getGPGDetails(std::string id, RsPeerDetails &d)
|
||||
bool AuthGPGimpl::getGPGDetails(std::string id, RsPeerDetails &d)
|
||||
{
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::getPGPDetails() called for : " << id << std::endl;
|
||||
std::cerr << "AuthGPGimpl::getPGPDetails() called for : " << id << std::endl;
|
||||
#endif
|
||||
|
||||
storeAllKeys_tick();
|
||||
@ -1033,28 +1051,28 @@ bool AuthGPG::getGPGDetails(std::string id, RsPeerDetails &d)
|
||||
}
|
||||
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::getPGPDetails() Name : " << cert.name << std::endl;
|
||||
std::cerr << "AuthGPGimpl::getPGPDetails() Name : " << cert.name << std::endl;
|
||||
#endif
|
||||
return true;
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthGPG::decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) {
|
||||
bool AuthGPGimpl::decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) {
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
gpgme_set_armor (CTX, 1);
|
||||
gpg_error_t ERR;
|
||||
if (GPG_ERR_NO_ERROR != (ERR = gpgme_op_decrypt (CTX, CIPHER, PLAIN)))
|
||||
{
|
||||
ProcessPGPmeError(ERR);
|
||||
std::cerr << "AuthGPG::decryptText() Error decrypting text." << std::endl;
|
||||
std::cerr << "AuthGPGimpl::decryptText() Error decrypting text." << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
|
||||
bool AuthGPGimpl::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
gpgme_encrypt_flags_t* flags = new gpgme_encrypt_flags_t();
|
||||
gpgme_key_t keys[2] = {mOwnGpgCert.key, NULL};
|
||||
@ -1063,14 +1081,14 @@ bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
|
||||
if (GPG_ERR_NO_ERROR != (ERR = gpgme_op_encrypt(CTX, keys, *flags, PLAIN, CIPHER)))
|
||||
{
|
||||
ProcessPGPmeError(ERR);
|
||||
std::cerr << "AuthGPG::encryptText() Error encrypting text." << std::endl;
|
||||
std::cerr << "AuthGPGimpl::encryptText() Error encrypting text." << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPG::getGPGValidList(std::list<std::string> &ids)
|
||||
bool AuthGPGimpl::getGPGValidList(std::list<std::string> &ids)
|
||||
{
|
||||
storeAllKeys_tick();
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
@ -1085,7 +1103,7 @@ bool AuthGPG::getGPGValidList(std::list<std::string> &ids)
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPG::getGPGAcceptedList(std::list<std::string> &ids)
|
||||
bool AuthGPGimpl::getGPGAcceptedList(std::list<std::string> &ids)
|
||||
{
|
||||
storeAllKeys_tick();
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
@ -1100,7 +1118,7 @@ bool AuthGPG::getGPGAcceptedList(std::list<std::string> &ids)
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPG::getGPGSignedList(std::list<std::string> &ids)
|
||||
bool AuthGPGimpl::getGPGSignedList(std::list<std::string> &ids)
|
||||
{
|
||||
storeAllKeys_tick();
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
@ -1115,7 +1133,7 @@ bool AuthGPG::getGPGSignedList(std::list<std::string> &ids)
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPG::isGPGValid(GPG_id id)
|
||||
bool AuthGPGimpl::isGPGValid(GPG_id id)
|
||||
{
|
||||
storeAllKeys_tick();
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
@ -1128,7 +1146,7 @@ bool AuthGPG::isGPGValid(GPG_id id)
|
||||
|
||||
}
|
||||
|
||||
bool AuthGPG::isGPGId(GPG_id id)
|
||||
bool AuthGPGimpl::isGPGId(GPG_id id)
|
||||
{
|
||||
storeAllKeys_tick();
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
@ -1141,7 +1159,7 @@ bool AuthGPG::isGPGId(GPG_id id)
|
||||
}
|
||||
|
||||
|
||||
bool AuthGPG::isGPGSigned(GPG_id id)
|
||||
bool AuthGPGimpl::isGPGSigned(GPG_id id)
|
||||
{
|
||||
storeAllKeys_tick();
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
@ -1153,7 +1171,7 @@ bool AuthGPG::isGPGSigned(GPG_id id)
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthGPG::isGPGAccepted(GPG_id id)
|
||||
bool AuthGPGimpl::isGPGAccepted(GPG_id id)
|
||||
{
|
||||
storeAllKeys_tick();
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
@ -1175,11 +1193,11 @@ bool AuthGPG::isGPGAccepted(GPG_id id)
|
||||
|
||||
|
||||
/* SKTAN : do not know how to use std::string id */
|
||||
std::string AuthGPG::SaveCertificateToString(std::string id)
|
||||
std::string AuthGPGimpl::SaveCertificateToString(std::string id)
|
||||
{
|
||||
|
||||
if (!isGPGId(id)) {
|
||||
std::cerr << "AuthGPG::SaveCertificateToString() unknown ID" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::SaveCertificateToString() unknown ID" << std::endl;
|
||||
return "";
|
||||
}
|
||||
|
||||
@ -1226,11 +1244,11 @@ std::string AuthGPG::SaveCertificateToString(std::string id)
|
||||
}
|
||||
|
||||
/* import to GnuPG and other Certificates */
|
||||
bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
|
||||
bool AuthGPGimpl::LoadCertificateFromString(std::string str, std::string &gpg_id)
|
||||
{
|
||||
if (str == "") {
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::LoadCertificateFromString() cert is empty string, returning false." << std::endl;
|
||||
std::cerr << "AuthGPGimpl::LoadCertificateFromString() cert is empty string, returning false." << std::endl;
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
@ -1243,7 +1261,7 @@ bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
|
||||
std::string cleancert = str;
|
||||
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::LoadCertificateFromString() cleancert : " << cleancert;
|
||||
std::cerr << "AuthGPGimpl::LoadCertificateFromString() cleancert : " << cleancert;
|
||||
#endif
|
||||
|
||||
gpgme_data_t gpgmeData;
|
||||
@ -1258,7 +1276,7 @@ bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
|
||||
gpgme_set_armor (CTX, 1);
|
||||
if (GPG_ERR_NO_ERROR != gpgme_op_import (CTX,gpgmeData))
|
||||
{
|
||||
std::cerr << "AuthGPG::LoadCertificateFromString() Error Importing Certificate" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::LoadCertificateFromString() Error Importing Certificate" << std::endl;
|
||||
gpgme_data_release (gpgmeData);
|
||||
return false ;
|
||||
}
|
||||
@ -1273,7 +1291,7 @@ bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
|
||||
|
||||
fingerprint = std::string(res->imports->fpr);
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::LoadCertificateFromString() Importing considered folowing fpr : " << fingerprint << std::endl;
|
||||
std::cerr << "AuthGPGimpl::LoadCertificateFromString() Importing considered folowing fpr : " << fingerprint << std::endl;
|
||||
#endif
|
||||
imported = res->imported;
|
||||
|
||||
@ -1303,7 +1321,7 @@ bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
|
||||
}
|
||||
}
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::LoadCertificateFromString() returning with gpg_id : " << gpg_id << std::endl;
|
||||
std::cerr << "AuthGPGimpl::LoadCertificateFromString() returning with gpg_id : " << gpg_id << std::endl;
|
||||
#endif
|
||||
if (gpg_id == "") {
|
||||
return false;
|
||||
@ -1326,11 +1344,11 @@ bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
|
||||
/*************************************/
|
||||
|
||||
/* These take PGP Ids */
|
||||
bool AuthGPG::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance)
|
||||
bool AuthGPGimpl::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance)
|
||||
{
|
||||
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::markGPGCertificateAsFriends(" << gpg_id << ")" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::markGPGCertificateAsFriends(" << gpg_id << ")" << std::endl;
|
||||
#endif
|
||||
|
||||
/* reload stuff now ... */
|
||||
@ -1352,11 +1370,11 @@ bool AuthGPG::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptan
|
||||
}
|
||||
|
||||
/* These take PGP Ids */
|
||||
bool AuthGPG::SignCertificateLevel0(GPG_id id)
|
||||
bool AuthGPGimpl::SignCertificateLevel0(GPG_id id)
|
||||
{
|
||||
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::SignCertificat(" << id << ")" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::SignCertificat(" << id << ")" << std::endl;
|
||||
#endif
|
||||
|
||||
if (1 != privateSignCertificate(id))
|
||||
@ -1370,21 +1388,21 @@ bool AuthGPG::SignCertificateLevel0(GPG_id id)
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPG::RevokeCertificate(std::string id)
|
||||
bool AuthGPGimpl::RevokeCertificate(std::string id)
|
||||
{
|
||||
//RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::RevokeCertificate(" << id << ") not implemented yet" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::RevokeCertificate(" << id << ") not implemented yet" << std::endl;
|
||||
#endif
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthGPG::TrustCertificate(std::string id, int trustlvl)
|
||||
bool AuthGPGimpl::TrustCertificate(std::string id, int trustlvl)
|
||||
{
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::TrustCertificate(" << id << ", " << trustlvl << ")" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::TrustCertificate(" << id << ", " << trustlvl << ")" << std::endl;
|
||||
#endif
|
||||
if (1 != privateTrustCertificate(id, trustlvl))
|
||||
{
|
||||
@ -1399,29 +1417,29 @@ bool AuthGPG::TrustCertificate(std::string id, int trustlvl)
|
||||
|
||||
#if 0
|
||||
/* remove otherwise will cause bugs */
|
||||
bool AuthGPG::SignData(std::string input, std::string &sign)
|
||||
bool AuthGPGimpl::SignData(std::string input, std::string &sign)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthGPG::SignData(const void *data, const uint32_t len, std::string &sign)
|
||||
bool AuthGPGimpl::SignData(const void *data, const uint32_t len, std::string &sign)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
bool AuthGPG::SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen)
|
||||
bool AuthGPGimpl::SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen)
|
||||
{
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
bool AuthGPG::SignDataBin(const void *data, unsigned int datalen, unsigned char *sign, unsigned int *signlen) {
|
||||
bool AuthGPGimpl::SignDataBin(const void *data, unsigned int datalen, unsigned char *sign, unsigned int *signlen) {
|
||||
return DoOwnSignature(data, datalen,
|
||||
sign, signlen);
|
||||
}
|
||||
|
||||
bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *sign, unsigned int signlen, std::string withfingerprint) {
|
||||
bool AuthGPGimpl::VerifySignBin(const void *data, uint32_t datalen, unsigned char *sign, unsigned int signlen, std::string withfingerprint) {
|
||||
return VerifySignature(data, datalen,
|
||||
sign, signlen, withfingerprint);
|
||||
}
|
||||
@ -1429,7 +1447,7 @@ bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *s
|
||||
|
||||
/* Sign/Trust stuff */
|
||||
|
||||
int AuthGPG::privateSignCertificate(std::string id)
|
||||
int AuthGPGimpl::privateSignCertificate(std::string id)
|
||||
{
|
||||
/* The key should be in Others list and not in Peers list ??
|
||||
* Once the key is signed, it moves from Others to Peers list ???
|
||||
@ -1472,14 +1490,14 @@ int AuthGPG::privateSignCertificate(std::string id)
|
||||
}
|
||||
|
||||
/* revoke the signature on Certificate */
|
||||
int AuthGPG::privateRevokeCertificate(std::string id)
|
||||
int AuthGPGimpl::privateRevokeCertificate(std::string id)
|
||||
{
|
||||
//RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int AuthGPG::privateTrustCertificate(std::string id, int trustlvl)
|
||||
int AuthGPGimpl::privateTrustCertificate(std::string id, int trustlvl)
|
||||
{
|
||||
/* The certificate should be in Peers list ??? */
|
||||
if(!isGPGAccepted(id)) {
|
||||
@ -1522,7 +1540,8 @@ int AuthGPG::privateTrustCertificate(std::string id, int trustlvl)
|
||||
|
||||
|
||||
/* This function to print Data */
|
||||
void AuthGPG::showData(gpgme_data_t dh)
|
||||
#if 0
|
||||
void showData(gpgme_data_t dh)
|
||||
{
|
||||
#define BUF_SIZE 512
|
||||
char buf[BUF_SIZE + 1];
|
||||
@ -1544,47 +1563,7 @@ void AuthGPG::showData(gpgme_data_t dh)
|
||||
//fail_if_err (gpgme_err_code_from_errno (errno));
|
||||
}
|
||||
}
|
||||
|
||||
/******************************************************************************/
|
||||
/* TEST/DEBUG */
|
||||
/******************************************************************************/
|
||||
/*
|
||||
* Create a number of friends and add them to the Map of peers.
|
||||
* Create a number of friends and add them to the Map of "others" -- people who
|
||||
* are known but are not allowed to access retroshare
|
||||
*/
|
||||
void AuthGPG::createDummyFriends()
|
||||
{
|
||||
const unsigned int DUMMY_KEY_LEN = 2048;
|
||||
|
||||
// create key params for a few dummies
|
||||
std::string friend1 = setKeyPairParams(true, DUMMY_KEY_LEN, "friend89",
|
||||
"I am your first friend", "friend1@friend.com");
|
||||
std::string friend2 = setKeyPairParams(true, DUMMY_KEY_LEN, "friend2",
|
||||
"I am your second friend", "friend2@friend.com");
|
||||
std::string friend3 = setKeyPairParams(true, DUMMY_KEY_LEN, "friend3",
|
||||
"I am your third friend", "friend3@friend.com");
|
||||
|
||||
// params for others
|
||||
std::string other1 = setKeyPairParams(true, DUMMY_KEY_LEN, "other89",
|
||||
"I am your first other", "other@other.com");
|
||||
std::string other2 = setKeyPairParams(true, DUMMY_KEY_LEN, "other2",
|
||||
"I am your second other", "other2@other.com");
|
||||
std::string other3 = setKeyPairParams(true, DUMMY_KEY_LEN, "other3",
|
||||
"I am your third other", "other3@other.com");
|
||||
|
||||
gpgme_error_t rc = GPG_ERR_NO_ERROR; // assume OK
|
||||
rc = gpgme_op_genkey(CTX, friend1.c_str(), NULL, NULL);
|
||||
rc = gpgme_op_genkey(CTX, friend2.c_str(), NULL, NULL);
|
||||
rc = gpgme_op_genkey(CTX, friend3.c_str(), NULL, NULL);
|
||||
|
||||
rc = gpgme_op_genkey(CTX, other1.c_str(), NULL, NULL);
|
||||
rc = gpgme_op_genkey(CTX, other2.c_str(), NULL, NULL);
|
||||
rc = gpgme_op_genkey(CTX, other3.c_str(), NULL, NULL);
|
||||
|
||||
std::cout << "createDummyFriends(): exit" << std::endl;
|
||||
return;
|
||||
}
|
||||
#endif
|
||||
|
||||
static std::string setKeyPairParams(bool useRsa, unsigned int blen,
|
||||
std::string name, std::string comment, std::string email)
|
||||
@ -2164,17 +2143,17 @@ static gpgme_error_t trustCallback(void *opaque, gpgme_status_code_t status, \
|
||||
// -------------------------------- Config functions ------------------------------ //
|
||||
// -----------------------------------------------------------------------------------//
|
||||
//
|
||||
RsSerialiser *AuthGPG::setupSerialiser()
|
||||
RsSerialiser *AuthGPGimpl::setupSerialiser()
|
||||
{
|
||||
RsSerialiser *rss = new RsSerialiser ;
|
||||
rss->addSerialType(new RsGeneralConfigSerialiser());
|
||||
return rss ;
|
||||
}
|
||||
|
||||
std::list<RsItem*> AuthGPG::saveList(bool& cleanup)
|
||||
std::list<RsItem*> AuthGPGimpl::saveList(bool& cleanup)
|
||||
{
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::saveList() called" << std::endl ;
|
||||
std::cerr << "AuthGPGimpl::saveList() called" << std::endl ;
|
||||
#endif
|
||||
|
||||
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
|
||||
@ -2193,7 +2172,7 @@ std::list<RsItem*> AuthGPG::saveList(bool& cleanup)
|
||||
RsTlvKeyValue kv;
|
||||
kv.key = mapIt->first;
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::saveList() called (mapIt->second) : " << (mapIt->second) << std::endl ;
|
||||
std::cerr << "AuthGPGimpl::saveList() called (mapIt->second) : " << (mapIt->second) << std::endl ;
|
||||
#endif
|
||||
kv.value = (mapIt->second)?"TRUE":"FALSE" ;
|
||||
vitem->tlvkvs.pairs.push_back(kv) ;
|
||||
@ -2203,10 +2182,10 @@ std::list<RsItem*> AuthGPG::saveList(bool& cleanup)
|
||||
return lst ;
|
||||
}
|
||||
|
||||
bool AuthGPG::loadList(std::list<RsItem*> load)
|
||||
bool AuthGPGimpl::loadList(std::list<RsItem*> load)
|
||||
{
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::loadList() Item Count: " << load.size() << std::endl;
|
||||
std::cerr << "AuthGPGimpl::loadList() Item Count: " << load.size() << std::endl;
|
||||
#endif
|
||||
|
||||
storeAllKeys();
|
||||
@ -2219,7 +2198,7 @@ bool AuthGPG::loadList(std::list<RsItem*> load)
|
||||
|
||||
if(vitem) {
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::loadList() General Variable Config Item:" << std::endl;
|
||||
std::cerr << "AuthGPGimpl::loadList() General Variable Config Item:" << std::endl;
|
||||
vitem->print(std::cerr, 10);
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
@ -2234,7 +2213,7 @@ bool AuthGPG::loadList(std::list<RsItem*> load)
|
||||
certmap::iterator it;
|
||||
if (mKeyList.end() != (it = mKeyList.find(kit->key))) {
|
||||
#ifdef GPG_DEBUG
|
||||
std::cerr << "AuthGPG::loadList() setting accept to : " << (kit->value == "TRUE");
|
||||
std::cerr << "AuthGPGimpl::loadList() setting accept to : " << (kit->value == "TRUE");
|
||||
std::cerr << " for gpg key id : " << kit->key << std::endl;
|
||||
#endif
|
||||
it->second.accept_connection = (kit->value == "TRUE");
|
||||
|
@ -58,6 +58,8 @@ const time_t STORE_KEY_TIMEOUT = 60; //store key is call around every 60sec
|
||||
* gpgcert is the identifier for a person.
|
||||
* It is a wrapper class for a GPGme OpenPGP certificate.
|
||||
*/
|
||||
class AuthGPG;
|
||||
|
||||
class gpgcert
|
||||
{
|
||||
public:
|
||||
@ -93,10 +95,254 @@ typedef std::map<std::string, gpgcert> certmap;
|
||||
* This provides retroshare basic gpg functionality and
|
||||
* key/web-of-trust management, also handle cert intialisation for retroshare
|
||||
*/
|
||||
class AuthGPG : public p3Config
|
||||
|
||||
extern void AuthGPGInit();
|
||||
|
||||
class AuthGPG
|
||||
{
|
||||
|
||||
public:
|
||||
//AuthGPG();
|
||||
|
||||
static AuthGPG *getAuthGPG();
|
||||
|
||||
/**
|
||||
* @param ids list of gpg certificate ids (note, not the actual certificates)
|
||||
*/
|
||||
virtual bool availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids) = 0;
|
||||
virtual bool printKeys() = 0;
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 1 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
|
||||
* will be different. Just move the initialisation functions over....
|
||||
*
|
||||
* As GPGMe requires external calls to the GPG executable, which could potentially
|
||||
* be expensive, We'll want to cache the GPG keys in this class.
|
||||
* This should be done at initialisation, and saved in a map.
|
||||
* (see storage at the end of the class)
|
||||
*
|
||||
****/
|
||||
virtual bool active() = 0;
|
||||
|
||||
/* Initialize */
|
||||
virtual bool InitAuth () = 0;
|
||||
|
||||
/* Init by generating new Own PGP Cert, or selecting existing PGP Cert */
|
||||
virtual int GPGInit(std::string ownId) = 0;
|
||||
virtual bool CloseAuth() = 0;
|
||||
virtual bool GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString) = 0;
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 3 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 3: These are some of the most commonly used functions in Retroshare.
|
||||
*
|
||||
* More commonly used functions.
|
||||
*
|
||||
* provide access to details in cache list.
|
||||
*
|
||||
****/
|
||||
virtual std::string getGPGName(GPG_id pgp_id) = 0;
|
||||
virtual std::string getGPGEmail(GPG_id pgp_id) = 0;
|
||||
|
||||
/* PGP web of trust management */
|
||||
virtual std::string getGPGOwnId() = 0;
|
||||
virtual std::string getGPGOwnName() = 0;
|
||||
//virtual std::string getGPGOwnEmail() = 0;
|
||||
virtual bool getGPGDetails(std::string id, RsPeerDetails &d) = 0;
|
||||
virtual bool getGPGAllList(std::list<std::string> &ids) = 0;
|
||||
virtual bool getGPGValidList(std::list<std::string> &ids) = 0;
|
||||
virtual bool getGPGAcceptedList(std::list<std::string> &ids) = 0;
|
||||
virtual bool getGPGSignedList(std::list<std::string> &ids) = 0;
|
||||
virtual bool isGPGValid(std::string id) = 0;
|
||||
virtual bool isGPGSigned(std::string id) = 0;
|
||||
virtual bool isGPGAccepted(std::string id) = 0;
|
||||
virtual bool isGPGId(GPG_id id) = 0;
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 4 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
|
||||
*
|
||||
****/
|
||||
virtual bool LoadCertificateFromString(std::string pem, std::string &gpg_id) = 0;
|
||||
virtual std::string SaveCertificateToString(std::string id) = 0;
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 6 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 6: Authentication, Trust and Signing.
|
||||
*
|
||||
* This is some of the harder functions, but they should have been
|
||||
* done in gpgroot already.
|
||||
*
|
||||
****/
|
||||
virtual bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance) = 0; //don't act on the gpg key, use a seperate set
|
||||
virtual bool SignCertificateLevel0(std::string id) = 0;
|
||||
virtual bool RevokeCertificate(std::string id) = 0; /* Particularly hard - leave for later */
|
||||
//virtual bool TrustCertificateNone(std::string id) = 0;
|
||||
//virtual bool TrustCertificateMarginally(std::string id) = 0;
|
||||
//virtual bool TrustCertificateFully(std::string id) = 0;
|
||||
virtual bool TrustCertificate(std::string id, int trustlvl) = 0; //trustlvl is 2 for none, 3 for marginal and 4 for full trust
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 7 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 7: Signing Data.
|
||||
*
|
||||
* There should also be Encryption Functions... (do later).
|
||||
*
|
||||
****/
|
||||
//virtual bool SignData(std::string input, std::string &sign) = 0;
|
||||
//virtual bool SignData(const void *data, const uint32_t len, std::string &sign) = 0;
|
||||
//virtual bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen) = 0;
|
||||
virtual bool SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen) = 0;
|
||||
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint) = 0;
|
||||
virtual bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) = 0;
|
||||
virtual bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) = 0;
|
||||
//END of PGP public functions
|
||||
|
||||
|
||||
};
|
||||
|
||||
/* The real implementation! */
|
||||
|
||||
|
||||
class AuthGPGimpl : public AuthGPG, public p3Config
|
||||
{
|
||||
public:
|
||||
|
||||
AuthGPGimpl();
|
||||
~AuthGPGimpl();
|
||||
|
||||
/**
|
||||
* @param ids list of gpg certificate ids (note, not the actual certificates)
|
||||
*/
|
||||
virtual bool availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids);
|
||||
|
||||
virtual bool printKeys();
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 1 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
|
||||
* will be different. Just move the initialisation functions over....
|
||||
*
|
||||
* As GPGMe requires external calls to the GPG executable, which could potentially
|
||||
* be expensive, We'll want to cache the GPG keys in this class.
|
||||
* This should be done at initialisation, and saved in a map.
|
||||
* (see storage at the end of the class)
|
||||
*
|
||||
****/
|
||||
virtual bool active();
|
||||
|
||||
/* Initialize */
|
||||
virtual bool InitAuth ();
|
||||
|
||||
/* Init by generating new Own PGP Cert, or selecting existing PGP Cert */
|
||||
virtual int GPGInit(std::string ownId);
|
||||
virtual bool CloseAuth();
|
||||
virtual bool GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString);
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 3 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 3: These are some of the most commonly used functions in Retroshare.
|
||||
*
|
||||
* More commonly used functions.
|
||||
*
|
||||
* provide access to details in cache list.
|
||||
*
|
||||
****/
|
||||
virtual std::string getGPGName(GPG_id pgp_id);
|
||||
virtual std::string getGPGEmail(GPG_id pgp_id);
|
||||
|
||||
/* PGP web of trust management */
|
||||
virtual std::string getGPGOwnId();
|
||||
virtual std::string getGPGOwnName();
|
||||
//virtual std::string getGPGOwnEmail();
|
||||
virtual bool getGPGDetails(std::string id, RsPeerDetails &d);
|
||||
virtual bool getGPGAllList(std::list<std::string> &ids);
|
||||
virtual bool getGPGValidList(std::list<std::string> &ids);
|
||||
virtual bool getGPGAcceptedList(std::list<std::string> &ids);
|
||||
virtual bool getGPGSignedList(std::list<std::string> &ids);
|
||||
virtual bool isGPGValid(std::string id);
|
||||
virtual bool isGPGSigned(std::string id);
|
||||
virtual bool isGPGAccepted(std::string id);
|
||||
virtual bool isGPGId(GPG_id id);
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 4 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
|
||||
*
|
||||
****/
|
||||
virtual bool LoadCertificateFromString(std::string pem, std::string &gpg_id);
|
||||
virtual std::string SaveCertificateToString(std::string id);
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 6 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 6: Authentication, Trust and Signing.
|
||||
*
|
||||
* This is some of the harder functions, but they should have been
|
||||
* done in gpgroot already.
|
||||
*
|
||||
****/
|
||||
virtual bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance); //don't act on the gpg key, use a seperate set
|
||||
virtual bool SignCertificateLevel0(std::string id);
|
||||
virtual bool RevokeCertificate(std::string id); /* Particularly hard - leave for later */
|
||||
|
||||
//virtual bool TrustCertificateNone(std::string id);
|
||||
//virtual bool TrustCertificateMarginally(std::string id);
|
||||
//virtual bool TrustCertificateFully(std::string id);
|
||||
virtual bool TrustCertificate(std::string id, int trustlvl); //trustlvl is 2 for none, 3 for marginal and 4 for full trust
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 7 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 7: Signing Data.
|
||||
*
|
||||
* There should also be Encryption Functions... (do later).
|
||||
*
|
||||
****/
|
||||
//virtual bool SignData(std::string input, std::string &sign);
|
||||
//virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
|
||||
//virtual bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen);
|
||||
virtual bool SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen);
|
||||
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint);
|
||||
virtual bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN);
|
||||
virtual bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER);
|
||||
//END of PGP public functions
|
||||
|
||||
protected:
|
||||
/*****************************************************************/
|
||||
/*********************** p3config ******************************/
|
||||
/* Key Functions to be overloaded for Full Configuration */
|
||||
virtual RsSerialiser *setupSerialiser();
|
||||
virtual std::list<RsItem *> saveList(bool &cleanup);
|
||||
virtual bool loadList(std::list<RsItem *> load);
|
||||
/*****************************************************************/
|
||||
|
||||
private:
|
||||
|
||||
/* SKTAN */
|
||||
//void showData(gpgme_data_t dh);
|
||||
//void createDummyFriends(void); //NYI
|
||||
|
||||
|
||||
/* Internal functions */
|
||||
bool DoOwnSignature(const void *, unsigned int, void *, unsigned int *);
|
||||
bool VerifySignature(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint);
|
||||
@ -116,130 +362,6 @@ class AuthGPG : public p3Config
|
||||
bool printAllKeys_locked();
|
||||
bool printOwnKeys_locked();
|
||||
|
||||
public:
|
||||
|
||||
AuthGPG();
|
||||
~AuthGPG();
|
||||
|
||||
/**
|
||||
* @param ids list of gpg certificate ids (note, not the actual certificates)
|
||||
*/
|
||||
bool availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids);
|
||||
|
||||
/* SKTAN */
|
||||
void showData(gpgme_data_t dh);
|
||||
void createDummyFriends(void); //NYI
|
||||
|
||||
bool printKeys();
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 1 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
|
||||
* will be different. Just move the initialisation functions over....
|
||||
*
|
||||
* As GPGMe requires external calls to the GPG executable, which could potentially
|
||||
* be expensive, We'll want to cache the GPG keys in this class.
|
||||
* This should be done at initialisation, and saved in a map.
|
||||
* (see storage at the end of the class)
|
||||
*
|
||||
****/
|
||||
bool active();
|
||||
|
||||
/* Initialize */
|
||||
bool InitAuth ();
|
||||
|
||||
/* Init by generating new Own PGP Cert, or selecting existing PGP Cert */
|
||||
int GPGInit(std::string ownId);
|
||||
bool CloseAuth();
|
||||
bool GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString);
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 3 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 3: These are some of the most commonly used functions in Retroshare.
|
||||
*
|
||||
* More commonly used functions.
|
||||
*
|
||||
* provide access to details in cache list.
|
||||
*
|
||||
****/
|
||||
std::string getGPGName(GPG_id pgp_id);
|
||||
std::string getGPGEmail(GPG_id pgp_id);
|
||||
|
||||
/* PGP web of trust management */
|
||||
std::string getGPGOwnId();
|
||||
std::string getGPGOwnName();
|
||||
std::string getGPGOwnEmail();
|
||||
bool getGPGDetails(std::string id, RsPeerDetails &d);
|
||||
bool getGPGAllList(std::list<std::string> &ids);
|
||||
bool getGPGValidList(std::list<std::string> &ids);
|
||||
bool getGPGAcceptedList(std::list<std::string> &ids);
|
||||
bool getGPGSignedList(std::list<std::string> &ids);
|
||||
bool isGPGValid(std::string id);
|
||||
bool isGPGSigned(std::string id);
|
||||
bool isGPGAccepted(std::string id);
|
||||
bool isGPGId(GPG_id id);
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 4 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
|
||||
*
|
||||
****/
|
||||
bool LoadCertificateFromString(std::string pem, std::string &gpg_id);
|
||||
std::string SaveCertificateToString(std::string id);
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 6 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 6: Authentication, Trust and Signing.
|
||||
*
|
||||
* This is some of the harder functions, but they should have been
|
||||
* done in gpgroot already.
|
||||
*
|
||||
****/
|
||||
bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance); //don't act on the gpg key, use a seperate set
|
||||
bool SignCertificateLevel0(std::string id);
|
||||
bool RevokeCertificate(std::string id); /* Particularly hard - leave for later */
|
||||
bool TrustCertificateNone(std::string id);
|
||||
bool TrustCertificateMarginally(std::string id);
|
||||
bool TrustCertificateFully(std::string id);
|
||||
bool TrustCertificate(std::string id, int trustlvl); //trustlvl is 2 for none, 3 for marginal and 4 for full trust
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 7 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 7: Signing Data.
|
||||
*
|
||||
* There should also be Encryption Functions... (do later).
|
||||
*
|
||||
****/
|
||||
bool SignData(std::string input, std::string &sign);
|
||||
bool SignData(const void *data, const uint32_t len, std::string &sign);
|
||||
bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen);
|
||||
bool SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen);
|
||||
bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint);
|
||||
bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN);
|
||||
bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER);
|
||||
//END of PGP public functions
|
||||
|
||||
static AuthGPG *getAuthGPG() throw() // pour obtenir l'instance
|
||||
{ return instance_gpg; }
|
||||
|
||||
protected:
|
||||
/*****************************************************************/
|
||||
/*********************** p3config ******************************/
|
||||
/* Key Functions to be overloaded for Full Configuration */
|
||||
virtual RsSerialiser *setupSerialiser();
|
||||
virtual std::list<RsItem *> saveList(bool &cleanup);
|
||||
virtual bool loadList(std::list<RsItem *> load);
|
||||
/*****************************************************************/
|
||||
|
||||
private:
|
||||
|
||||
|
368
libretroshare/src/pqi/authgpgtest.cc
Normal file
368
libretroshare/src/pqi/authgpgtest.cc
Normal file
@ -0,0 +1,368 @@
|
||||
/*
|
||||
* libretroshare/src/ : authgpgtest.cc
|
||||
*
|
||||
* GPG interface for RetroShare.
|
||||
*
|
||||
* Copyright 2009-2010 by Robert Fernie.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Library General Public
|
||||
* License Version 2 as published by the Free Software Foundation.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Library General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Library General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA.
|
||||
*
|
||||
* Please report all bugs and problems to "retroshare@lunamutt.com".
|
||||
*
|
||||
* This is *THE* auth manager. It provides the web-of-trust via
|
||||
* gpgme, and authenticates the certificates that are managed
|
||||
* by the sublayer AuthSSL.
|
||||
*
|
||||
*/
|
||||
|
||||
#include "pqi/authgpgtest.h"
|
||||
|
||||
AuthGPGtest::AuthGPGtest()
|
||||
{
|
||||
mOwnGPGId = "TEST_DUMMY_OWN_GPG_ID";
|
||||
return;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param ids list of gpg certificate ids (note, not the actual certificates)
|
||||
*/
|
||||
bool AuthGPGtest::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::availableGPGCertificatesWithPrivateKeys()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::printKeys()
|
||||
{
|
||||
std::cerr << "AuthGPGtest::printKeys()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 1 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
|
||||
* will be different. Just move the initialisation functions over....
|
||||
*
|
||||
* As GPGMe requires external calls to the GPG executable, which could potentially
|
||||
* be expensive, We'll want to cache the GPG keys in this class.
|
||||
* This should be done at initialisation, and saved in a map.
|
||||
* (see storage at the end of the class)
|
||||
*
|
||||
****/
|
||||
bool AuthGPGtest::active()
|
||||
{
|
||||
std::cerr << "AuthGPGtest::active()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/* Initialize */
|
||||
bool AuthGPGtest::InitAuth()
|
||||
{
|
||||
std::cerr << "AuthGPGtest::InitAuth()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/* Init by generating new Own PGP Cert, or selecting existing PGP Cert */
|
||||
int AuthGPGtest::GPGInit(std::string ownId)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::GPGInit(): new OwnId: " << ownId;
|
||||
std::cerr << std::endl;
|
||||
mOwnGPGId = ownId;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::CloseAuth()
|
||||
{
|
||||
std::cerr << "AuthGPGtest::CloseAuth()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::GeneratePGPCertificate()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 3 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 3: These are some of the most commonly used functions in Retroshare.
|
||||
*
|
||||
* More commonly used functions.
|
||||
*
|
||||
* provide access to details in cache list.
|
||||
*
|
||||
****/
|
||||
std::string AuthGPGtest::getGPGName(GPG_id pgp_id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::getGPGName()";
|
||||
std::cerr << std::endl;
|
||||
return "DUMMY_NAME";
|
||||
}
|
||||
|
||||
std::string AuthGPGtest::getGPGEmail(GPG_id pgp_id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::getGPGEmail()";
|
||||
std::cerr << std::endl;
|
||||
return "DUMMY_EMAIL";
|
||||
}
|
||||
|
||||
|
||||
/* PGP web of trust management */
|
||||
std::string AuthGPGtest::getGPGOwnId()
|
||||
{
|
||||
std::cerr << "AuthGPGtest::getGPGOwnId()";
|
||||
std::cerr << std::endl;
|
||||
return mOwnGPGId;
|
||||
}
|
||||
|
||||
std::string AuthGPGtest::getGPGOwnName()
|
||||
{
|
||||
std::cerr << "AuthGPGtest::getGPGOwnName()";
|
||||
std::cerr << std::endl;
|
||||
return "DUMMY_OWN_NAME";
|
||||
}
|
||||
|
||||
#if 0
|
||||
std::string AuthGPGtest::getGPGOwnEmail()
|
||||
{
|
||||
std::cerr << "AuthGPGtest::getGPGOwnEmail()";
|
||||
std::cerr << std::endl;
|
||||
return "DUMMY_OWN_EMAIL";
|
||||
}
|
||||
#endif
|
||||
|
||||
bool AuthGPGtest::getGPGDetails(std::string id, RsPeerDetails &d)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::getGPGDetails()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::getGPGAllList(std::list<std::string> &ids)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::getGPGAllList()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::getGPGValidList(std::list<std::string> &ids)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::getGPGValidList()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::getGPGAcceptedList(std::list<std::string> &ids)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::getGPGAcceptedList()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::getGPGSignedList(std::list<std::string> &ids)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::getGPGSignedList()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::isGPGValid(std::string id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::isGPGValid()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::isGPGSigned(std::string id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::isGPGSigned()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::isGPGAccepted(std::string id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::isGPGAccepted()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::isGPGId(GPG_id id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::isGPGId()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 4 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
|
||||
*
|
||||
****/
|
||||
bool AuthGPGtest::LoadCertificateFromString(std::string pem, std::string &gpg_id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::LoadCertificateFromString()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
std::string AuthGPGtest::SaveCertificateToString(std::string id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::SaveCertificateToString()";
|
||||
std::cerr << std::endl;
|
||||
return "NOT_A_CERTIFICATE";
|
||||
}
|
||||
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 6 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 6: Authentication, Trust and Signing.
|
||||
*
|
||||
* This is some of the harder functions, but they should have been
|
||||
* done in gpgroot already.
|
||||
*
|
||||
****/
|
||||
bool AuthGPGtest::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::setAcceptToConnectGPGCertificate()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::SignCertificateLevel0(std::string id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::SignCertificateLevel0()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::RevokeCertificate(std::string id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::RevokeCertificate()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
#if 0
|
||||
bool AuthGPGtest::TrustCertificateNone(std::string id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::TrustCertificateNone()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::TrustCertificateMarginally(std::string id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::TrustCertificateMarginally()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::TrustCertificateFully(std::string id)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::TrustCertificateFully()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
#endif
|
||||
|
||||
bool AuthGPGtest::TrustCertificate(std::string id, int trustlvl)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::TrustCertificate()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 7 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 7: Signing Data.
|
||||
*
|
||||
* There should also be Encryption Functions... (do later).
|
||||
*
|
||||
****/
|
||||
#if 0
|
||||
bool AuthGPGtest::SignData(std::string input, std::string &sign)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::SignData()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::SignData(const void *data, const uint32_t len, std::string &sign)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::SignData()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::SignDataBin()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
#endif
|
||||
|
||||
bool AuthGPGtest::SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::SignDataBin()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::VerifySignBin()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::decryptText()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthGPGtest::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER)
|
||||
{
|
||||
std::cerr << "AuthGPGtest::encryptText()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
153
libretroshare/src/pqi/authgpgtest.h
Normal file
153
libretroshare/src/pqi/authgpgtest.h
Normal file
@ -0,0 +1,153 @@
|
||||
/*
|
||||
* libretroshare/src/ : authgpgtest.h
|
||||
*
|
||||
* GPG interface for RetroShare.
|
||||
*
|
||||
* Copyright 2009-2010 by Robert Fernie.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Library General Public
|
||||
* License Version 2 as published by the Free Software Foundation.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Library General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Library General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA.
|
||||
*
|
||||
* Please report all bugs and problems to "retroshare@lunamutt.com".
|
||||
*
|
||||
* This is *THE* auth manager. It provides the web-of-trust via
|
||||
* gpgme, and authenticates the certificates that are managed
|
||||
* by the sublayer AuthSSL.
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef RS_GPG_AUTH_TEST_HEADER
|
||||
#define RS_GPG_AUTH_TEST_HEADER
|
||||
|
||||
#include "pqi/authgpg.h"
|
||||
|
||||
/* override the default AuthGPG */
|
||||
void setAuthGPG(AuthGPG *newgpg);
|
||||
|
||||
class AuthGPGtest: public AuthGPG
|
||||
{
|
||||
|
||||
public:
|
||||
AuthGPGtest();
|
||||
|
||||
/**
|
||||
* @param ids list of gpg certificate ids (note, not the actual certificates)
|
||||
*/
|
||||
virtual bool availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids);
|
||||
virtual bool printKeys();
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 1 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
|
||||
* will be different. Just move the initialisation functions over....
|
||||
*
|
||||
* As GPGMe requires external calls to the GPG executable, which could potentially
|
||||
* be expensive, We'll want to cache the GPG keys in this class.
|
||||
* This should be done at initialisation, and saved in a map.
|
||||
* (see storage at the end of the class)
|
||||
*
|
||||
****/
|
||||
virtual bool active();
|
||||
|
||||
/* Initialize */
|
||||
virtual bool InitAuth ();
|
||||
|
||||
/* Init by generating new Own PGP Cert, or selecting existing PGP Cert */
|
||||
virtual int GPGInit(std::string ownId);
|
||||
virtual bool CloseAuth();
|
||||
virtual bool GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString);
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 3 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 3: These are some of the most commonly used functions in Retroshare.
|
||||
*
|
||||
* More commonly used functions.
|
||||
*
|
||||
* provide access to details in cache list.
|
||||
*
|
||||
****/
|
||||
virtual std::string getGPGName(GPG_id pgp_id);
|
||||
virtual std::string getGPGEmail(GPG_id pgp_id);
|
||||
|
||||
/* PGP web of trust management */
|
||||
virtual std::string getGPGOwnId();
|
||||
virtual std::string getGPGOwnName();
|
||||
//virtual std::string getGPGOwnEmail();
|
||||
virtual bool getGPGDetails(std::string id, RsPeerDetails &d);
|
||||
virtual bool getGPGAllList(std::list<std::string> &ids);
|
||||
virtual bool getGPGValidList(std::list<std::string> &ids);
|
||||
virtual bool getGPGAcceptedList(std::list<std::string> &ids);
|
||||
virtual bool getGPGSignedList(std::list<std::string> &ids);
|
||||
virtual bool isGPGValid(std::string id);
|
||||
virtual bool isGPGSigned(std::string id);
|
||||
virtual bool isGPGAccepted(std::string id);
|
||||
virtual bool isGPGId(GPG_id id);
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 4 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
|
||||
*
|
||||
****/
|
||||
virtual bool LoadCertificateFromString(std::string pem, std::string &gpg_id);
|
||||
virtual std::string SaveCertificateToString(std::string id);
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 6 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 6: Authentication, Trust and Signing.
|
||||
*
|
||||
* This is some of the harder functions, but they should have been
|
||||
* done in gpgroot already.
|
||||
*
|
||||
****/
|
||||
virtual bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance); //don't act on the gpg key, use a seperate set
|
||||
virtual bool SignCertificateLevel0(std::string id);
|
||||
virtual bool RevokeCertificate(std::string id); /* Particularly hard - leave for later */
|
||||
//virtual bool TrustCertificateNone(std::string id);
|
||||
//virtual bool TrustCertificateMarginally(std::string id);
|
||||
//virtual bool TrustCertificateFully(std::string id);
|
||||
virtual bool TrustCertificate(std::string id, int trustlvl); //trustlvl is 2 for none, 3 for marginal and 4 for full trust
|
||||
|
||||
/*********************************************************************************/
|
||||
/************************* STAGE 7 ***********************************************/
|
||||
/*********************************************************************************/
|
||||
/*****
|
||||
* STAGE 7: Signing Data.
|
||||
*
|
||||
* There should also be Encryption Functions... (do later).
|
||||
*
|
||||
****/
|
||||
//virtual bool SignData(std::string input, std::string &sign);
|
||||
//virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
|
||||
//virtual bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen);
|
||||
virtual bool SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen);
|
||||
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint);
|
||||
virtual bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN);
|
||||
virtual bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER);
|
||||
//END of PGP public functions
|
||||
|
||||
private:
|
||||
|
||||
std::string mOwnGPGId;
|
||||
};
|
||||
|
||||
|
||||
#endif
|
@ -35,6 +35,7 @@
|
||||
#include "pqinetwork.h"
|
||||
#include "authgpg.h"
|
||||
#include "pqi/p3connmgr.h"
|
||||
#include "serialiser/rsconfigitems.h"
|
||||
|
||||
/******************** notify of new Cert **************************/
|
||||
#include "pqinotify.h"
|
||||
@ -52,6 +53,31 @@
|
||||
* #define AUTHSSL_DEBUG 1
|
||||
***/
|
||||
|
||||
// initialisation du pointeur de singleton à zéro
|
||||
static AuthSSL *instance_ssl = NULL;
|
||||
|
||||
/* hidden function - for testing purposes() */
|
||||
void setAuthSSL(AuthSSL *newssl)
|
||||
{
|
||||
instance_ssl = newssl;
|
||||
}
|
||||
|
||||
void AuthSSLInit()
|
||||
{
|
||||
instance_ssl = new AuthSSLimpl();
|
||||
}
|
||||
|
||||
AuthSSL *AuthSSL::getAuthSSL()
|
||||
{
|
||||
return instance_ssl;
|
||||
}
|
||||
|
||||
AuthSSL::AuthSSL()
|
||||
{
|
||||
return;
|
||||
}
|
||||
|
||||
|
||||
/********************************************************************************/
|
||||
/********************************************************************************/
|
||||
/********************* Cert Search / Add / Remove **************************/
|
||||
@ -61,10 +87,6 @@
|
||||
static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx);
|
||||
|
||||
|
||||
// initialisation du pointeur de singleton à zéro
|
||||
AuthSSL *AuthSSL::instance_ssl = new AuthSSL();
|
||||
|
||||
|
||||
sslcert::sslcert(X509 *x509, std::string pid)
|
||||
{
|
||||
certificate = x509;
|
||||
@ -99,23 +121,23 @@ sslcert::sslcert(X509 *x509, std::string pid)
|
||||
/********************************************************************************/
|
||||
|
||||
|
||||
AuthSSL::AuthSSL()
|
||||
AuthSSLimpl::AuthSSLimpl()
|
||||
: p3Config(CONFIG_TYPE_AUTHSSL), sslctx(NULL),
|
||||
mOwnCert(NULL), mOwnPrivateKey(NULL), mOwnPublicKey(NULL), init(0)
|
||||
{
|
||||
}
|
||||
|
||||
bool AuthSSL::active()
|
||||
bool AuthSSLimpl::active()
|
||||
{
|
||||
return init;
|
||||
}
|
||||
|
||||
|
||||
int AuthSSL::InitAuth(const char *cert_file, const char *priv_key_file,
|
||||
int AuthSSLimpl::InitAuth(const char *cert_file, const char *priv_key_file,
|
||||
const char *passwd)
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::InitAuth()";
|
||||
std::cerr << "AuthSSLimpl::InitAuth()";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
||||
@ -131,7 +153,7 @@ static int initLib = 0;
|
||||
|
||||
if (init == 1)
|
||||
{
|
||||
std::cerr << "AuthSSL::InitAuth already initialized." << std::endl;
|
||||
std::cerr << "AuthSSLimpl::InitAuth already initialized." << std::endl;
|
||||
return 1;
|
||||
}
|
||||
|
||||
@ -171,7 +193,7 @@ static int initLib = 0;
|
||||
|
||||
if (x509 == NULL)
|
||||
{
|
||||
std::cerr << "AuthSSL::InitAuth() PEM_read_X509() Failed";
|
||||
std::cerr << "AuthSSLimpl::InitAuth() PEM_read_X509() Failed";
|
||||
std::cerr << std::endl;
|
||||
return -1;
|
||||
}
|
||||
@ -192,7 +214,7 @@ static int initLib = 0;
|
||||
|
||||
if (mOwnPrivateKey == NULL)
|
||||
{
|
||||
std::cerr << "AuthSSL::InitAuth() PEM_read_PrivateKey() Failed";
|
||||
std::cerr << "AuthSSLimpl::InitAuth() PEM_read_PrivateKey() Failed";
|
||||
std::cerr << std::endl;
|
||||
return -1;
|
||||
}
|
||||
@ -210,7 +232,7 @@ static int initLib = 0;
|
||||
|
||||
if (!getX509id(x509, mOwnId))
|
||||
{
|
||||
std::cerr << "AuthSSL::InitAuth() getX509id() Failed";
|
||||
std::cerr << "AuthSSLimpl::InitAuth() getX509id() Failed";
|
||||
std::cerr << std::endl;
|
||||
|
||||
/* bad certificate */
|
||||
@ -224,7 +246,7 @@ static int initLib = 0;
|
||||
|
||||
if (!validateOwnCertificate(x509, mOwnPrivateKey))
|
||||
{
|
||||
std::cerr << "AuthSSL::InitAuth() validateOwnCertificate() Failed";
|
||||
std::cerr << "AuthSSLimpl::InitAuth() validateOwnCertificate() Failed";
|
||||
std::cerr << std::endl;
|
||||
|
||||
/* bad certificate */
|
||||
@ -249,7 +271,7 @@ static int initLib = 0;
|
||||
}
|
||||
|
||||
/* Dummy function to be overloaded by real implementation */
|
||||
bool AuthSSL::validateOwnCertificate(X509 *x509, EVP_PKEY *pkey)
|
||||
bool AuthSSLimpl::validateOwnCertificate(X509 *x509, EVP_PKEY *pkey)
|
||||
{
|
||||
(void) pkey; /* remove unused parameter warning */
|
||||
|
||||
@ -261,10 +283,10 @@ bool AuthSSL::validateOwnCertificate(X509 *x509, EVP_PKEY *pkey)
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthSSL::CloseAuth()
|
||||
bool AuthSSLimpl::CloseAuth()
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::CloseAuth()";
|
||||
std::cerr << "AuthSSLimpl::CloseAuth()";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
SSL_CTX_free(sslctx);
|
||||
@ -276,35 +298,35 @@ bool AuthSSL::CloseAuth()
|
||||
}
|
||||
|
||||
/* Context handling */
|
||||
SSL_CTX *AuthSSL::getCTX()
|
||||
SSL_CTX *AuthSSLimpl::getCTX()
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::getCTX()";
|
||||
std::cerr << "AuthSSLimpl::getCTX()";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
return sslctx;
|
||||
}
|
||||
|
||||
std::string AuthSSL::OwnId()
|
||||
std::string AuthSSLimpl::OwnId()
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
// std::cerr << "AuthSSL::OwnId()" << std::endl;
|
||||
// std::cerr << "AuthSSLimpl::OwnId()" << std::endl;
|
||||
#endif
|
||||
return mOwnId;
|
||||
}
|
||||
|
||||
std::string AuthSSL::getOwnLocation()
|
||||
std::string AuthSSLimpl::getOwnLocation()
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::OwnId()" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::OwnId()" << std::endl;
|
||||
#endif
|
||||
return mOwnCert->location;
|
||||
}
|
||||
|
||||
std::string AuthSSL::SaveOwnCertificateToString()
|
||||
std::string AuthSSLimpl::SaveOwnCertificateToString()
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::SaveOwnCertificateToString() " << std::endl;
|
||||
std::cerr << "AuthSSLimpl::SaveOwnCertificateToString() " << std::endl;
|
||||
#endif
|
||||
return saveX509ToPEM(mOwnCert->certificate);
|
||||
}
|
||||
@ -315,12 +337,12 @@ std::string AuthSSL::SaveOwnCertificateToString()
|
||||
/********************************************************************************/
|
||||
/********************************************************************************/
|
||||
|
||||
bool AuthSSL::SignData(std::string input, std::string &sign)
|
||||
bool AuthSSLimpl::SignData(std::string input, std::string &sign)
|
||||
{
|
||||
return SignData(input.c_str(), input.length(), sign);
|
||||
}
|
||||
|
||||
bool AuthSSL::SignData(const void *data, const uint32_t len, std::string &sign)
|
||||
bool AuthSSLimpl::SignData(const void *data, const uint32_t len, std::string &sign)
|
||||
{
|
||||
|
||||
RsStackMutex stack(sslMtx); /***** STACK LOCK MUTEX *****/
|
||||
@ -369,12 +391,12 @@ bool AuthSSL::SignData(const void *data, const uint32_t len, std::string &sign)
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthSSL::SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen)
|
||||
bool AuthSSLimpl::SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen)
|
||||
{
|
||||
return SignDataBin(input.c_str(), input.length(), sign, signlen);
|
||||
}
|
||||
|
||||
bool AuthSSL::SignDataBin(const void *data, const uint32_t len,
|
||||
bool AuthSSLimpl::SignDataBin(const void *data, const uint32_t len,
|
||||
unsigned char *sign, unsigned int *signlen)
|
||||
{
|
||||
RsStackMutex stack(sslMtx); /***** STACK LOCK MUTEX *****/
|
||||
@ -382,7 +404,7 @@ bool AuthSSL::SignDataBin(const void *data, const uint32_t len,
|
||||
}
|
||||
|
||||
|
||||
bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
|
||||
bool AuthSSLimpl::VerifySignBin(const void *data, const uint32_t len,
|
||||
unsigned char *sign, unsigned int signlen, SSL_id sslId)
|
||||
{
|
||||
/* find certificate.
|
||||
@ -406,7 +428,7 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
|
||||
return SSL_VerifySignBin(data, len, sign, signlen, peer->certificate);
|
||||
}
|
||||
|
||||
bool AuthSSL::VerifyOwnSignBin(const void *data, const uint32_t len,
|
||||
bool AuthSSLimpl::VerifyOwnSignBin(const void *data, const uint32_t len,
|
||||
unsigned char *sign, unsigned int signlen)
|
||||
{
|
||||
return SSL_VerifySignBin(data, len, sign, signlen, mOwnCert->certificate);
|
||||
@ -423,7 +445,7 @@ bool AuthSSL::VerifyOwnSignBin(const void *data, const uint32_t len,
|
||||
* only using GPG functions - which lock themselves
|
||||
*/
|
||||
|
||||
X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
|
||||
X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long days)
|
||||
{
|
||||
/* Transform the X509_REQ into a suitable format to
|
||||
* generate DIGEST hash. (for SSL to do grunt work)
|
||||
@ -437,7 +459,7 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
|
||||
X509 *x509 = X509_new();
|
||||
if (x509 == NULL)
|
||||
{
|
||||
std::cerr << "AuthSSL::SignX509Req() FAIL" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::SignX509Req() FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -455,24 +477,24 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
|
||||
(unsigned char *) "loc", -1, -1, 0);
|
||||
****/
|
||||
|
||||
std::cerr << "AuthSSL::SignX509Req() Issuer name: " << AuthGPG::getAuthGPG()->getGPGOwnId() << std::endl;
|
||||
std::cerr << "AuthSSLimpl::SignX509Req() Issuer name: " << AuthGPG::getAuthGPG()->getGPGOwnId() << std::endl;
|
||||
|
||||
BIGNUM *btmp = BN_new();
|
||||
if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
|
||||
{
|
||||
std::cerr << "AuthSSL::SignX509Req() rand FAIL" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::SignX509Req() rand FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
if (!BN_to_ASN1_INTEGER(btmp, serial))
|
||||
{
|
||||
std::cerr << "AuthSSL::SignX509Req() asn1 FAIL" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::SignX509Req() asn1 FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
BN_free(btmp);
|
||||
|
||||
if (!X509_set_serialNumber(x509, serial))
|
||||
{
|
||||
std::cerr << "AuthSSL::SignX509Req() serial FAIL" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::SignX509Req() serial FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
ASN1_INTEGER_free(serial);
|
||||
@ -483,7 +505,7 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
|
||||
|
||||
if (!X509_set_issuer_name(x509, issuer_name))
|
||||
{
|
||||
std::cerr << "AuthSSL::SignX509Req() issue FAIL" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::SignX509Req() issue FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
X509_NAME_free(issuer_name);
|
||||
@ -491,26 +513,26 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
|
||||
|
||||
if (!X509_gmtime_adj(X509_get_notBefore(x509),0))
|
||||
{
|
||||
std::cerr << "AuthSSL::SignX509Req() notbefore FAIL" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::SignX509Req() notbefore FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!X509_gmtime_adj(X509_get_notAfter(x509), (long)60*60*24*days))
|
||||
{
|
||||
std::cerr << "AuthSSL::SignX509Req() notafter FAIL" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::SignX509Req() notafter FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
if (!X509_set_subject_name(x509, X509_REQ_get_subject_name(req)))
|
||||
{
|
||||
std::cerr << "AuthSSL::SignX509Req() sub FAIL" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::SignX509Req() sub FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
tmppkey = X509_REQ_get_pubkey(req);
|
||||
if (!tmppkey || !X509_set_pubkey(x509,tmppkey))
|
||||
{
|
||||
std::cerr << "AuthSSL::SignX509Req() pub FAIL" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::SignX509Req() pub FAIL" << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
@ -569,7 +591,7 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
|
||||
{
|
||||
hashoutl=0;
|
||||
sigoutl=0;
|
||||
fprintf(stderr, "AuthSSL::SignX509Req: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE)\n");
|
||||
fprintf(stderr, "AuthSSLimpl::SignX509Req: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE)\n");
|
||||
goto err;
|
||||
}
|
||||
p=buf_in;
|
||||
@ -584,7 +606,7 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
|
||||
(unsigned int *)&hashoutl))
|
||||
{
|
||||
hashoutl=0;
|
||||
fprintf(stderr, "AuthSSL::SignX509Req: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB)\n");
|
||||
fprintf(stderr, "AuthSSLimpl::SignX509Req: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB)\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -636,15 +658,15 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
|
||||
* this is important - as it allows non-friends messages to be validated.
|
||||
*/
|
||||
|
||||
bool AuthSSL::AuthX509WithGPG(X509 *x509)
|
||||
bool AuthSSLimpl::AuthX509WithGPG(X509 *x509)
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
fprintf(stderr, "AuthSSL::AuthX509WithGPG() called\n");
|
||||
fprintf(stderr, "AuthSSLimpl::AuthX509WithGPG() called\n");
|
||||
#endif
|
||||
|
||||
if (!CheckX509Certificate(x509))
|
||||
{
|
||||
std::cerr << "AuthSSL::AuthX509() X509 NOT authenticated : Certificate failed basic checks" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::AuthX509() X509 NOT authenticated : Certificate failed basic checks" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -655,7 +677,7 @@ bool AuthSSL::AuthX509WithGPG(X509 *x509)
|
||||
std::cerr << "Checking GPG issuer : " << issuer << std::endl ;
|
||||
#endif
|
||||
if (!AuthGPG::getAuthGPG()->getGPGDetails(issuer, pd)) {
|
||||
std::cerr << "AuthSSL::AuthX509() X509 NOT authenticated : AuthGPG::getAuthGPG()->getGPGDetails() returned false." << std::endl;
|
||||
std::cerr << "AuthSSLimpl::AuthX509() X509 NOT authenticated : AuthGPG::getAuthGPG()->getGPGDetails() returned false." << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -696,7 +718,7 @@ bool AuthSSL::AuthX509WithGPG(X509 *x509)
|
||||
if ((buf_in == NULL) || (buf_hashout == NULL) || (buf_sigout == NULL)) {
|
||||
hashoutl=0;
|
||||
sigoutl=0;
|
||||
fprintf(stderr, "AuthSSL::AuthX509: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE)\n");
|
||||
fprintf(stderr, "AuthSSLimpl::AuthX509: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE)\n");
|
||||
goto err;
|
||||
}
|
||||
p=buf_in;
|
||||
@ -713,7 +735,7 @@ bool AuthSSL::AuthX509WithGPG(X509 *x509)
|
||||
(unsigned int *)&hashoutl))
|
||||
{
|
||||
hashoutl=0;
|
||||
fprintf(stderr, "AuthSSL::AuthX509: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB)\n");
|
||||
fprintf(stderr, "AuthSSLimpl::AuthX509: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB)\n");
|
||||
goto err;
|
||||
}
|
||||
|
||||
@ -728,7 +750,7 @@ bool AuthSSL::AuthX509WithGPG(X509 *x509)
|
||||
/* NOW check sign via GPG Functions */
|
||||
//get the fingerprint of the key that is supposed to sign
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::AuthX509() verifying the gpg sig with keyprint : " << pd.fpr << std::endl;
|
||||
std::cerr << "AuthSSLimpl::AuthX509() verifying the gpg sig with keyprint : " << pd.fpr << std::endl;
|
||||
std::cerr << "Sigoutl = " << sigoutl << std::endl ;
|
||||
std::cerr << "pd.fpr = " << pd.fpr << std::endl ;
|
||||
std::cerr << "hashoutl = " << hashoutl << std::endl ;
|
||||
@ -740,26 +762,26 @@ bool AuthSSL::AuthX509WithGPG(X509 *x509)
|
||||
}
|
||||
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::AuthX509() X509 authenticated" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::AuthX509() X509 authenticated" << std::endl;
|
||||
#endif
|
||||
|
||||
return true;
|
||||
|
||||
err:
|
||||
std::cerr << "AuthSSL::AuthX509() X509 NOT authenticated" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::AuthX509() X509 NOT authenticated" << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/* validate + get id */
|
||||
bool AuthSSL::ValidateCertificate(X509 *x509, std::string &peerId)
|
||||
bool AuthSSLimpl::ValidateCertificate(X509 *x509, std::string &peerId)
|
||||
{
|
||||
/* check self signed */
|
||||
if (!AuthX509WithGPG(x509))
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::ValidateCertificate() bad certificate.";
|
||||
std::cerr << "AuthSSLimpl::ValidateCertificate() bad certificate.";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
return false;
|
||||
@ -767,14 +789,14 @@ bool AuthSSL::ValidateCertificate(X509 *x509, std::string &peerId)
|
||||
if(!getX509id(x509, peerId))
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::ValidateCertificate() Cannot retrieve peer id from certificate..";
|
||||
std::cerr << "AuthSSLimpl::ValidateCertificate() Cannot retrieve peer id from certificate..";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::ValidateCertificate() good certificate.";
|
||||
std::cerr << "AuthSSLimpl::ValidateCertificate() good certificate.";
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
||||
@ -798,7 +820,7 @@ static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
|
||||
}
|
||||
|
||||
int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
int AuthSSLimpl::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
{
|
||||
char buf[256];
|
||||
X509 *err_cert;
|
||||
@ -809,7 +831,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
depth = X509_STORE_CTX_get_error_depth(ctx);
|
||||
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::VerifyX509Callback(preverify_ok: " << preverify_ok
|
||||
std::cerr << "AuthSSLimpl::VerifyX509Callback(preverify_ok: " << preverify_ok
|
||||
<< " Err: " << err << " Depth: " << depth << std::endl;
|
||||
#endif
|
||||
|
||||
@ -821,7 +843,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
|
||||
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::VerifyX509Callback: depth: " << depth << ":" << buf << std::endl;
|
||||
std::cerr << "AuthSSLimpl::VerifyX509Callback: depth: " << depth << ":" << buf << std::endl;
|
||||
#endif
|
||||
|
||||
|
||||
@ -852,7 +874,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
if (!AuthX509WithGPG(X509_STORE_CTX_get_current_cert(ctx)))
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
fprintf(stderr, "AuthSSL::VerifyX509Callback() X509 not authenticated.\n");
|
||||
fprintf(stderr, "AuthSSLimpl::VerifyX509Callback() X509 not authenticated.\n");
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
@ -860,7 +882,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid))
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not accepted : \n");
|
||||
fprintf(stderr, "AuthSSLimpl::VerifyX509Callback() pgp key not accepted : \n");
|
||||
fprintf(stderr, "issuer pgpid : ");
|
||||
fprintf(stderr, "%s\n",pgpid.c_str());
|
||||
fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
|
||||
@ -889,9 +911,9 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
if (preverify_ok) {
|
||||
fprintf(stderr, "AuthSSL::VerifyX509Callback returned true.\n");
|
||||
fprintf(stderr, "AuthSSLimpl::VerifyX509Callback returned true.\n");
|
||||
} else {
|
||||
fprintf(stderr, "AuthSSL::VerifyX509Callback returned false.\n");
|
||||
fprintf(stderr, "AuthSSLimpl::VerifyX509Callback returned false.\n");
|
||||
}
|
||||
#endif
|
||||
|
||||
@ -906,12 +928,12 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
/********************************************************************************/
|
||||
|
||||
|
||||
bool AuthSSL::encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId)
|
||||
bool AuthSSLimpl::encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId)
|
||||
{
|
||||
RsStackMutex stack(sslMtx); /******* LOCKED ******/
|
||||
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::encrypt() called for peerId : " << peerId << " with inlen : " << inlen << std::endl;
|
||||
std::cerr << "AuthSSLimpl::encrypt() called for peerId : " << peerId << " with inlen : " << inlen << std::endl;
|
||||
#endif
|
||||
//TODO : use ssl to crypt the binary input buffer
|
||||
// out = malloc(inlen);
|
||||
@ -924,7 +946,7 @@ bool AuthSSL::encrypt(void *&out, int &outlen, const void *in, int inlen, std
|
||||
} else {
|
||||
if (!mCerts[peerId]) {
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::encrypt() public key not found." << std::endl;
|
||||
std::cerr << "AuthSSLimpl::encrypt() public key not found." << std::endl;
|
||||
#endif
|
||||
return false;
|
||||
} else {
|
||||
@ -1000,7 +1022,7 @@ bool AuthSSL::encrypt(void *&out, int &outlen, const void *in, int inlen, std
|
||||
delete[] ek;
|
||||
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::encrypt() finished with outlen : " << outlen << std::endl;
|
||||
std::cerr << "AuthSSLimpl::encrypt() finished with outlen : " << outlen << std::endl;
|
||||
#endif
|
||||
|
||||
//free(ek);
|
||||
@ -1010,14 +1032,14 @@ bool AuthSSL::encrypt(void *&out, int &outlen, const void *in, int inlen, std
|
||||
return true;
|
||||
}
|
||||
|
||||
bool AuthSSL::decrypt(void *&out, int &outlen, const void *in, int inlen)
|
||||
bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
|
||||
{
|
||||
RsStackMutex stack(sslMtx); /******* LOCKED ******/
|
||||
|
||||
|
||||
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::decrypt() called with inlen : " << inlen << std::endl;
|
||||
std::cerr << "AuthSSLimpl::decrypt() called with inlen : " << inlen << std::endl;
|
||||
#endif
|
||||
//TODO : use ssl to decrypt the binary input buffer
|
||||
// out = malloc(inlen);
|
||||
@ -1112,7 +1134,7 @@ bool AuthSSL::decrypt(void *&out, int &outlen, const void *in, int inlen)
|
||||
delete[] encryptKey;
|
||||
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::decrypt() finished with outlen : " << outlen << std::endl;
|
||||
std::cerr << "AuthSSLimpl::decrypt() finished with outlen : " << outlen << std::endl;
|
||||
#endif
|
||||
|
||||
return true;
|
||||
@ -1126,7 +1148,7 @@ bool AuthSSL::decrypt(void *&out, int &outlen, const void *in, int inlen)
|
||||
/********************************************************************************/
|
||||
|
||||
/* store for discovery */
|
||||
bool AuthSSL::FailedCertificate(X509 *x509, bool incoming)
|
||||
bool AuthSSLimpl::FailedCertificate(X509 *x509, bool incoming)
|
||||
{
|
||||
(void) incoming; /* remove unused parameter warning */
|
||||
|
||||
@ -1139,7 +1161,7 @@ bool AuthSSL::FailedCertificate(X509 *x509, bool incoming)
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthSSL::CheckCertificate(std::string id, X509 *x509)
|
||||
bool AuthSSLimpl::CheckCertificate(std::string id, X509 *x509)
|
||||
{
|
||||
(void) id; /* remove unused parameter warning */
|
||||
|
||||
@ -1155,7 +1177,7 @@ bool AuthSSL::CheckCertificate(std::string id, X509 *x509)
|
||||
|
||||
|
||||
/* Locked search -> internal help function */
|
||||
bool AuthSSL::locked_FindCert(std::string id, sslcert **cert)
|
||||
bool AuthSSLimpl::locked_FindCert(std::string id, sslcert **cert)
|
||||
{
|
||||
std::map<std::string, sslcert *>::iterator it;
|
||||
|
||||
@ -1170,7 +1192,7 @@ bool AuthSSL::locked_FindCert(std::string id, sslcert **cert)
|
||||
|
||||
/* Remove Certificate */
|
||||
|
||||
bool AuthSSL::RemoveX509(std::string id)
|
||||
bool AuthSSLimpl::RemoveX509(std::string id)
|
||||
{
|
||||
std::map<std::string, sslcert *>::iterator it;
|
||||
|
||||
@ -1193,13 +1215,13 @@ bool AuthSSL::RemoveX509(std::string id)
|
||||
}
|
||||
|
||||
|
||||
bool AuthSSL::LocalStoreCert(X509* x509)
|
||||
bool AuthSSLimpl::LocalStoreCert(X509* x509)
|
||||
{
|
||||
//store the certificate in the local cert list
|
||||
std::string peerId;
|
||||
if(!getX509id(x509, peerId))
|
||||
{
|
||||
std::cerr << "AuthSSL::LocalStoreCert() Cannot retrieve peer id from certificate." << std::endl;
|
||||
std::cerr << "AuthSSLimpl::LocalStoreCert() Cannot retrieve peer id from certificate." << std::endl;
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
#endif
|
||||
return false;
|
||||
@ -1211,7 +1233,7 @@ bool AuthSSL::LocalStoreCert(X509* x509)
|
||||
if (peerId == mOwnId)
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::LocalStoreCert() not storing own certificate" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::LocalStoreCert() not storing own certificate" << std::endl;
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
@ -1228,7 +1250,7 @@ bool AuthSSL::LocalStoreCert(X509* x509)
|
||||
if (0 != X509_cmp(cert->certificate, x509))
|
||||
{
|
||||
/* MAJOR ERROR */
|
||||
std::cerr << "ERROR : AuthSSL::LocalStoreCert() got two ssl certificates with identical ids -> dropping second";
|
||||
std::cerr << "ERROR : AuthSSLimpl::LocalStoreCert() got two ssl certificates with identical ids -> dropping second";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
@ -1237,7 +1259,7 @@ bool AuthSSL::LocalStoreCert(X509* x509)
|
||||
}
|
||||
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::LocalStoreCert() storing certificate for " << peerId << std::endl;
|
||||
std::cerr << "AuthSSLimpl::LocalStoreCert() storing certificate for " << peerId << std::endl;
|
||||
#endif
|
||||
mCerts[peerId] = new sslcert(X509_dup(x509), peerId);
|
||||
|
||||
@ -1254,17 +1276,17 @@ bool AuthSSL::LocalStoreCert(X509* x509)
|
||||
/********************************************************************************/
|
||||
|
||||
|
||||
RsSerialiser *AuthSSL::setupSerialiser()
|
||||
RsSerialiser *AuthSSLimpl::setupSerialiser()
|
||||
{
|
||||
RsSerialiser *rss = new RsSerialiser ;
|
||||
RsSerialiser *rss = new RsSerialiser();
|
||||
rss->addSerialType(new RsGeneralConfigSerialiser());
|
||||
return rss ;
|
||||
}
|
||||
|
||||
std::list<RsItem*> AuthSSL::saveList(bool& cleanup)
|
||||
std::list<RsItem*> AuthSSLimpl::saveList(bool& cleanup)
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::saveList() called" << std::endl ;
|
||||
std::cerr << "AuthSSLimpl::saveList() called" << std::endl ;
|
||||
#endif
|
||||
|
||||
RsStackMutex stack(sslMtx); /******* LOCKED ******/
|
||||
@ -1283,7 +1305,7 @@ std::list<RsItem*> AuthSSL::saveList(bool& cleanup)
|
||||
RsTlvKeyValue kv;
|
||||
kv.key = mapIt->first;
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::saveList() called (mapIt->first) : " << (mapIt->first) << std::endl ;
|
||||
std::cerr << "AuthSSLimpl::saveList() called (mapIt->first) : " << (mapIt->first) << std::endl ;
|
||||
#endif
|
||||
kv.value = saveX509ToPEM(mapIt->second->certificate);
|
||||
vitem->tlvkvs.pairs.push_back(kv) ;
|
||||
@ -1293,10 +1315,10 @@ std::list<RsItem*> AuthSSL::saveList(bool& cleanup)
|
||||
return lst ;
|
||||
}
|
||||
|
||||
bool AuthSSL::loadList(std::list<RsItem*> load)
|
||||
bool AuthSSLimpl::loadList(std::list<RsItem*> load)
|
||||
{
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::loadList() Item Count: " << load.size() << std::endl;
|
||||
std::cerr << "AuthSSLimpl::loadList() Item Count: " << load.size() << std::endl;
|
||||
#endif
|
||||
|
||||
/* load the list of accepted gpg keys */
|
||||
@ -1306,7 +1328,7 @@ bool AuthSSL::loadList(std::list<RsItem*> load)
|
||||
|
||||
if(vitem) {
|
||||
#ifdef AUTHSSL_DEBUG
|
||||
std::cerr << "AuthSSL::loadList() General Variable Config Item:" << std::endl;
|
||||
std::cerr << "AuthSSLimpl::loadList() General Variable Config Item:" << std::endl;
|
||||
vitem->print(std::cerr, 10);
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
|
@ -49,7 +49,7 @@
|
||||
|
||||
#include "pqi/pqi_base.h"
|
||||
#include "pqi/pqinetwork.h"
|
||||
#include "rsiface/rspeers.h"
|
||||
//#include "rsiface/rspeers.h"
|
||||
#include "pqi/p3cfgmgr.h"
|
||||
|
||||
typedef std::string SSL_id;
|
||||
@ -86,13 +86,82 @@ class sslcert
|
||||
X509* certificate;
|
||||
};
|
||||
|
||||
/* required to install instance */
|
||||
extern void AuthSSLInit();
|
||||
|
||||
class AuthSSL : public p3Config
|
||||
class AuthSSL
|
||||
{
|
||||
public:
|
||||
AuthSSL();
|
||||
|
||||
static AuthSSL *getAuthSSL();
|
||||
|
||||
/* Initialisation Functions (Unique) */
|
||||
virtual bool validateOwnCertificate(X509 *x509, EVP_PKEY *pkey) = 0;
|
||||
|
||||
virtual bool active() = 0;
|
||||
virtual int InitAuth(const char *srvr_cert, const char *priv_key,
|
||||
const char *passwd) = 0;
|
||||
virtual bool CloseAuth() = 0;
|
||||
|
||||
/*********** Overloaded Functions from p3AuthMgr **********/
|
||||
|
||||
/* get Certificate Id */
|
||||
virtual std::string OwnId() = 0;
|
||||
virtual std::string getOwnLocation() = 0;
|
||||
//virtual bool getAllList(std::list<std::string> &ids);
|
||||
//virtual bool getAuthenticatedList(std::list<std::string> &ids);
|
||||
//virtual bool getUnknownList(std::list<std::string> &ids);
|
||||
//virtual bool getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
|
||||
|
||||
/* get Details from the Certificates */
|
||||
//virtual bool isAuthenticated(std::string id);
|
||||
//virtual std::string getName(std::string id);
|
||||
//virtual std::string getIssuerName(std::string id);
|
||||
//virtual std::string getGPGId(SSL_id id);
|
||||
//virtual bool getCertDetails(std::string id, sslcert &cert);
|
||||
|
||||
/* Load/Save certificates */
|
||||
virtual std::string SaveOwnCertificateToString() = 0;
|
||||
|
||||
/* Sign / Encrypt / Verify Data */
|
||||
virtual bool SignData(std::string input, std::string &sign) = 0;
|
||||
virtual bool SignData(const void *data, const uint32_t len, std::string &sign) = 0;
|
||||
|
||||
virtual bool SignDataBin(std::string, unsigned char*, unsigned int*) = 0;
|
||||
virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*) = 0;
|
||||
virtual bool VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int) = 0;
|
||||
virtual bool VerifySignBin(const void *data, const uint32_t len,
|
||||
unsigned char *sign, unsigned int signlen, SSL_id sslId) = 0;
|
||||
|
||||
// return : false if encrypt failed
|
||||
virtual bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId) = 0;
|
||||
// return : false if decrypt fails
|
||||
virtual bool decrypt(void *&out, int &outlen, const void *in, int inlen) = 0;
|
||||
|
||||
|
||||
virtual X509* SignX509ReqWithGPG(X509_REQ *req, long days) = 0;
|
||||
virtual bool AuthX509WithGPG(X509 *x509) = 0;
|
||||
|
||||
|
||||
virtual int VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx) = 0;
|
||||
virtual bool ValidateCertificate(X509 *x509, std::string &peerId) = 0; /* validate + get id */
|
||||
|
||||
public: /* SSL specific functions used in pqissl/pqissllistener */
|
||||
virtual SSL_CTX *getCTX() = 0;
|
||||
|
||||
/* Restored these functions: */
|
||||
virtual bool FailedCertificate(X509 *x509, bool incoming) = 0; /* store for discovery */
|
||||
virtual bool CheckCertificate(std::string peerId, X509 *x509) = 0; /* check that they are exact match */
|
||||
};
|
||||
|
||||
|
||||
class AuthSSLimpl : public AuthSSL, public p3Config
|
||||
{
|
||||
public:
|
||||
|
||||
/* Initialisation Functions (Unique) */
|
||||
AuthSSL();
|
||||
AuthSSLimpl();
|
||||
bool validateOwnCertificate(X509 *x509, EVP_PKEY *pkey);
|
||||
|
||||
virtual bool active();
|
||||
@ -121,27 +190,27 @@ virtual std::string getOwnLocation();
|
||||
virtual std::string SaveOwnCertificateToString();
|
||||
|
||||
/* Sign / Encrypt / Verify Data */
|
||||
bool SignData(std::string input, std::string &sign);
|
||||
bool SignData(const void *data, const uint32_t len, std::string &sign);
|
||||
virtual bool SignData(std::string input, std::string &sign);
|
||||
virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
|
||||
|
||||
bool SignDataBin(std::string, unsigned char*, unsigned int*);
|
||||
bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
|
||||
bool VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int);
|
||||
bool VerifySignBin(const void *data, const uint32_t len,
|
||||
virtual bool SignDataBin(std::string, unsigned char*, unsigned int*);
|
||||
virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
|
||||
virtual bool VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int);
|
||||
virtual bool VerifySignBin(const void *data, const uint32_t len,
|
||||
unsigned char *sign, unsigned int signlen, SSL_id sslId);
|
||||
|
||||
// return : false if encrypt failed
|
||||
bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId);
|
||||
virtual bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId);
|
||||
// return : false if decrypt fails
|
||||
bool decrypt(void *&out, int &outlen, const void *in, int inlen);
|
||||
virtual bool decrypt(void *&out, int &outlen, const void *in, int inlen);
|
||||
|
||||
|
||||
X509* SignX509ReqWithGPG(X509_REQ *req, long days);
|
||||
bool AuthX509WithGPG(X509 *x509);
|
||||
virtual X509* SignX509ReqWithGPG(X509_REQ *req, long days);
|
||||
virtual bool AuthX509WithGPG(X509 *x509);
|
||||
|
||||
|
||||
int VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx);
|
||||
bool ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id */
|
||||
virtual int VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx);
|
||||
virtual bool ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id */
|
||||
|
||||
|
||||
/*****************************************************************/
|
||||
@ -153,14 +222,12 @@ bool ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id
|
||||
/*****************************************************************/
|
||||
|
||||
public: /* SSL specific functions used in pqissl/pqissllistener */
|
||||
SSL_CTX *getCTX();
|
||||
virtual SSL_CTX *getCTX();
|
||||
|
||||
/* Restored these functions: */
|
||||
bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */
|
||||
bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
|
||||
virtual bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */
|
||||
virtual bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
|
||||
|
||||
static AuthSSL *getAuthSSL() throw() // pour obtenir l'instance
|
||||
{ return instance_ssl; }
|
||||
|
||||
private:
|
||||
|
||||
|
223
libretroshare/src/pqi/authssltest.cc
Normal file
223
libretroshare/src/pqi/authssltest.cc
Normal file
@ -0,0 +1,223 @@
|
||||
/*
|
||||
* libretroshare/src/pqi: authssltest.cc
|
||||
*
|
||||
* 3P/PQI network interface for RetroShare.
|
||||
*
|
||||
* Copyright 2004-2008 by Robert Fernie.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Library General Public
|
||||
* License Version 2 as published by the Free Software Foundation.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Library General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Library General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA.
|
||||
*
|
||||
* Please report all bugs and problems to "retroshare@lunamutt.com".
|
||||
*
|
||||
*/
|
||||
|
||||
#include "pqi/authssltest.h"
|
||||
|
||||
AuthSSLtest::AuthSSLtest()
|
||||
{
|
||||
mOwnId = "abcdtestid12345678";
|
||||
}
|
||||
|
||||
|
||||
/* Initialisation Functions (Unique) */
|
||||
bool AuthSSLtest::validateOwnCertificate(X509 *x509, EVP_PKEY *pkey)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::validateOwnCertificate()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
bool AuthSSLtest::active()
|
||||
{
|
||||
std::cerr << "AuthSSLtest::active()";
|
||||
std::cerr << std::endl;
|
||||
return true;
|
||||
}
|
||||
|
||||
int AuthSSLtest::InitAuth(const char *srvr_cert, const char *priv_key,
|
||||
const char *passwd)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::InitAuth()";
|
||||
std::cerr << std::endl;
|
||||
return 1;
|
||||
}
|
||||
|
||||
bool AuthSSLtest::CloseAuth()
|
||||
{
|
||||
std::cerr << "AuthSSLtest::AuthSSLtest::CloseAuth()";
|
||||
std::cerr << std::endl;
|
||||
return 1;
|
||||
}
|
||||
|
||||
|
||||
/*********** Overloaded Functions from p3AuthMgr **********/
|
||||
|
||||
/* get Certificate Id */
|
||||
std::string AuthSSLtest::OwnId()
|
||||
{
|
||||
std::cerr << "AuthSSLtest::OwnId";
|
||||
std::cerr << std::endl;
|
||||
return mOwnId;
|
||||
}
|
||||
|
||||
std::string AuthSSLtest::getOwnLocation()
|
||||
{
|
||||
std::cerr << "AuthSSLtest::getOwnLocation";
|
||||
std::cerr << std::endl;
|
||||
return "TestVersion";
|
||||
}
|
||||
|
||||
//bool getAllList(std::list<std::string> &ids);
|
||||
//bool getAuthenticatedList(std::list<std::string> &ids);
|
||||
//bool getUnknownList(std::list<std::string> &ids);
|
||||
//bool getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
|
||||
|
||||
/* get Details from the Certificates */
|
||||
//bool isAuthenticated(std::string id);
|
||||
//virtual std::string getName(std::string id);
|
||||
//std::string getIssuerName(std::string id);
|
||||
//std::string getGPGId(SSL_id id);
|
||||
//bool getCertDetails(std::string id, sslcert &cert);
|
||||
|
||||
/* Load/Save certificates */
|
||||
std::string AuthSSLtest::SaveOwnCertificateToString()
|
||||
{
|
||||
std::cerr << "AuthSSLtest::SaveOwnCertificateToString()";
|
||||
std::cerr << std::endl;
|
||||
return std::string();
|
||||
}
|
||||
|
||||
|
||||
/* Sign / Encrypt / Verify Data */
|
||||
bool AuthSSLtest::SignData(std::string input, std::string &sign)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::SignData()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthSSLtest::SignData(const void *data, const uint32_t len, std::string &sign)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::SignData()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
bool AuthSSLtest::SignDataBin(std::string, unsigned char*, unsigned int*)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::SignDataBin()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthSSLtest::SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::SignDataBin()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthSSLtest::VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::VerifyOwnSignBin()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthSSLtest::VerifySignBin(const void *data, const uint32_t len,
|
||||
unsigned char *sign, unsigned int signlen, SSL_id sslId)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::VerifySignBin()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
// return : false if encrypt failed
|
||||
bool AuthSSLtest::encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::encrypt()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
// return : false if decrypt fails
|
||||
bool AuthSSLtest::decrypt(void *&out, int &outlen, const void *in, int inlen)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::decrypt()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
X509* AuthSSLtest::SignX509ReqWithGPG(X509_REQ *req, long days)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::SignX509ReqWithGPG";
|
||||
std::cerr << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
bool AuthSSLtest::AuthX509WithGPG(X509 *x509)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::AuthX509WithGPG()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
int AuthSSLtest::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::VerifyX509Callback()";
|
||||
std::cerr << std::endl;
|
||||
return 0;
|
||||
}
|
||||
|
||||
bool AuthSSLtest::ValidateCertificate(X509 *x509, std::string &peerId)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::ValidateCertificate()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
|
||||
SSL_CTX *AuthSSLtest::getCTX()
|
||||
{
|
||||
std::cerr << "AuthSSLtest::getCTX()";
|
||||
std::cerr << std::endl;
|
||||
return NULL;
|
||||
}
|
||||
|
||||
|
||||
/* Restored these functions: */
|
||||
bool AuthSSLtest::FailedCertificate(X509 *x509, bool incoming)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::FailedCertificate()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
||||
bool AuthSSLtest::CheckCertificate(std::string peerId, X509 *x509)
|
||||
{
|
||||
std::cerr << "AuthSSLtest::CheckCertificate()";
|
||||
std::cerr << std::endl;
|
||||
return false;
|
||||
}
|
||||
|
101
libretroshare/src/pqi/authssltest.h
Normal file
101
libretroshare/src/pqi/authssltest.h
Normal file
@ -0,0 +1,101 @@
|
||||
/*
|
||||
* libretroshare/src/pqi: authssltest.h
|
||||
*
|
||||
* 3P/PQI network interface for RetroShare.
|
||||
*
|
||||
* Copyright 2009-2010 by Robert Fernie.
|
||||
*
|
||||
* This library is free software; you can redistribute it and/or
|
||||
* modify it under the terms of the GNU Library General Public
|
||||
* License Version 2 as published by the Free Software Foundation.
|
||||
*
|
||||
* This library is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* Library General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Library General Public
|
||||
* License along with this library; if not, write to the Free Software
|
||||
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
||||
* USA.
|
||||
*
|
||||
* Please report all bugs and problems to "retroshare@lunamutt.com".
|
||||
*
|
||||
*/
|
||||
|
||||
#ifndef MRK_AUTH_SSL_TEST_HEADER
|
||||
#define MRK_AUTH_SSL_TEST_HEADER
|
||||
|
||||
#include "pqi/authssl.h"
|
||||
|
||||
void setAuthSSL(AuthSSL *newssl);
|
||||
|
||||
class AuthSSLtest: public AuthSSL
|
||||
{
|
||||
public:
|
||||
|
||||
AuthSSLtest();
|
||||
/* Initialisation Functions (Unique) */
|
||||
virtual bool validateOwnCertificate(X509 *x509, EVP_PKEY *pkey);
|
||||
|
||||
virtual bool active();
|
||||
virtual int InitAuth(const char *srvr_cert, const char *priv_key,
|
||||
const char *passwd);
|
||||
virtual bool CloseAuth();
|
||||
|
||||
/*********** Overloaded Functions from p3AuthMgr **********/
|
||||
|
||||
/* get Certificate Id */
|
||||
virtual std::string OwnId();
|
||||
virtual std::string getOwnLocation();
|
||||
//virtual bool getAllList(std::list<std::string> &ids);
|
||||
//virtual bool getAuthenticatedList(std::list<std::string> &ids);
|
||||
//virtual bool getUnknownList(std::list<std::string> &ids);
|
||||
//virtual bool getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
|
||||
|
||||
/* get Details from the Certificates */
|
||||
//virtual bool isAuthenticated(std::string id);
|
||||
//virtual std::string getName(std::string id);
|
||||
//virtual std::string getIssuerName(std::string id);
|
||||
//virtual std::string getGPGId(SSL_id id);
|
||||
//virtual bool getCertDetails(std::string id, sslcert &cert);
|
||||
|
||||
/* Load/Save certificates */
|
||||
virtual std::string SaveOwnCertificateToString();
|
||||
|
||||
/* Sign / Encrypt / Verify Data */
|
||||
virtual bool SignData(std::string input, std::string &sign);
|
||||
virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
|
||||
|
||||
virtual bool SignDataBin(std::string, unsigned char*, unsigned int*);
|
||||
virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
|
||||
virtual bool VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int);
|
||||
virtual bool VerifySignBin(const void *data, const uint32_t len,
|
||||
unsigned char *sign, unsigned int signlen, SSL_id sslId);
|
||||
|
||||
// return : false if encrypt failed
|
||||
virtual bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId);
|
||||
// return : false if decrypt fails
|
||||
virtual bool decrypt(void *&out, int &outlen, const void *in, int inlen);
|
||||
|
||||
|
||||
virtual X509* SignX509ReqWithGPG(X509_REQ *req, long days);
|
||||
virtual bool AuthX509WithGPG(X509 *x509);
|
||||
|
||||
|
||||
virtual int VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx);
|
||||
virtual bool ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id */
|
||||
|
||||
public: /* SSL specific functions used in pqissl/pqissllistener */
|
||||
virtual SSL_CTX *getCTX();
|
||||
|
||||
/* Restored these functions: */
|
||||
virtual bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */
|
||||
virtual bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
|
||||
|
||||
private:
|
||||
|
||||
std::string mOwnId;
|
||||
};
|
||||
|
||||
#endif // MRK_AUTH_SSL_TEST_HEADER
|
File diff suppressed because it is too large
Load Diff
@ -27,12 +27,11 @@
|
||||
#define MRK_PQI_CONNECTION_MANAGER_HEADER
|
||||
|
||||
#include "pqi/pqimonitor.h"
|
||||
#include "serialiser/rsconfigitems.h"
|
||||
#include "pqi/pqiipset.h"
|
||||
|
||||
//#include "pqi/p3dhtmgr.h"
|
||||
//#include "pqi/p3upnpmgr.h"
|
||||
#include "pqi/pqiassist.h"
|
||||
#include "services/p3tunnel.h"
|
||||
|
||||
#include "pqi/p3cfgmgr.h"
|
||||
|
||||
@ -84,8 +83,9 @@ const uint32_t RS_NET_CONN_TUNNEL = 0x0f00;
|
||||
|
||||
const uint32_t RS_NET_CONN_TCP_LOCAL = 0x0001;
|
||||
const uint32_t RS_NET_CONN_TCP_EXTERNAL = 0x0002;
|
||||
const uint32_t RS_NET_CONN_TCP_UNKNOW_TOPOLOGY = 0x0003;
|
||||
const uint32_t RS_NET_CONN_UDP = 0x0010;
|
||||
const uint32_t RS_NET_CONN_TCP_UNKNOW_TOPOLOGY = 0x0004;
|
||||
const uint32_t RS_NET_CONN_UDP_DHT_SYNC = 0x0010;
|
||||
const uint32_t RS_NET_CONN_UDP_PEER_SYNC = 0x0020; /* coming soon */
|
||||
|
||||
/* extra flags */
|
||||
// not sure if needed yet.
|
||||
@ -111,7 +111,7 @@ class peerAddrInfo
|
||||
|
||||
bool found;
|
||||
uint32_t type;
|
||||
struct sockaddr_in laddr, raddr;
|
||||
pqiIpAddrSet addrs;
|
||||
time_t ts;
|
||||
};
|
||||
|
||||
@ -129,9 +129,6 @@ class peerConnectAddress
|
||||
|
||||
class peerConnectState
|
||||
{
|
||||
private:
|
||||
std::list<IpAddressTimed> ipAddressList;
|
||||
|
||||
public:
|
||||
peerConnectState(); /* init */
|
||||
|
||||
@ -141,21 +138,7 @@ class peerConnectState
|
||||
uint32_t netMode; /* EXT / UPNP / UDP / INVALID */
|
||||
uint32_t visState; /* STD, GRAY, DARK */
|
||||
|
||||
//used to store friends ip lists
|
||||
void sortIpAddressListBySeenTime(); //Sort the ip list ordering by seen time
|
||||
std::list<IpAddressTimed> getIpAddressList(); //return the sorted ant purged list.
|
||||
|
||||
// The function that takes a list, can either merge the list into the
|
||||
// existing list (default behavior), or only set the list to the new data,
|
||||
// which might be used if the info is from an authoritative source.
|
||||
//
|
||||
void updateIpAddressList(const std::list<IpAddressTimed>& ipTimedList,bool merge=true);
|
||||
void updateIpAddressList(const IpAddressTimed& ipTimed);
|
||||
void printIpAddressList();
|
||||
|
||||
static bool is_same_address (const IpAddressTimed& first, const IpAddressTimed& second);
|
||||
static void printIpAddressList(std::list<IpAddressTimed> ipTimedList);
|
||||
static bool extractExtAddress(const std::list<IpAddressTimed>& ipAddressList, IpAddressTimed &resultAddress); //extract the last seen external address from the list
|
||||
struct sockaddr_in localaddr, serveraddr;
|
||||
|
||||
//used to store current ip (for config and connection management)
|
||||
struct sockaddr_in currentlocaladdr; /* Mandatory */
|
||||
@ -164,6 +147,9 @@ class peerConnectState
|
||||
|
||||
time_t lastcontact;
|
||||
|
||||
/* list of addresses from various sources */
|
||||
pqiIpAddrSet ipAddrs;
|
||||
|
||||
/***** Below here not stored permanently *****/
|
||||
|
||||
uint32_t connecttype; // RS_NET_CONN_TCP_ALL / RS_NET_CONN_UDP_ALL
|
||||
@ -186,8 +172,37 @@ class peerConnectState
|
||||
peerConnectAddress currentConnAddrAttempt;
|
||||
std::list<peerConnectAddress> connAddrs;
|
||||
|
||||
|
||||
};
|
||||
|
||||
class pqiNetStatus
|
||||
{
|
||||
public:
|
||||
|
||||
pqiNetStatus();
|
||||
|
||||
bool mLocalAddrOk; // Local address is not loopback.
|
||||
bool mExtAddrOk; // have external address.
|
||||
bool mExtAddrStableOk; // stable external address.
|
||||
bool mUpnpOk; // upnp is ok.
|
||||
bool mDhtOk; // dht is ok.
|
||||
|
||||
struct sockaddr_in mLocalAddr; // percieved ext addr.
|
||||
struct sockaddr_in mExtAddr; // percieved ext addr.
|
||||
|
||||
bool mResetReq; // Not Used yet!.
|
||||
|
||||
void print(std::ostream &out);
|
||||
|
||||
bool NetOk() // minimum to believe network is okay.`
|
||||
{
|
||||
return (mLocalAddrOk && mExtAddrOk);
|
||||
}
|
||||
};
|
||||
|
||||
class p3tunnel;
|
||||
|
||||
|
||||
std::string textPeerConnectState(peerConnectState &state);
|
||||
|
||||
|
||||
@ -203,10 +218,10 @@ void tick();
|
||||
void addNetAssistConnect(uint32_t type, pqiNetAssistConnect *);
|
||||
void addNetAssistFirewall(uint32_t type, pqiNetAssistFirewall *);
|
||||
|
||||
bool checkNetAddress(); /* check our address is sensible */
|
||||
|
||||
void addNetListener(pqiNetListener *listener);
|
||||
|
||||
bool checkNetAddress(); /* check our address is sensible */
|
||||
|
||||
/*************** External Control ****************/
|
||||
bool shutdown(); /* blocking shutdown call */
|
||||
|
||||
@ -216,11 +231,12 @@ bool getUPnPState();
|
||||
bool getUPnPEnabled();
|
||||
bool getDHTEnabled();
|
||||
|
||||
bool getIPServersEnabled() { return use_extr_addr_finder ;}
|
||||
bool getIPServersEnabled();
|
||||
void setIPServersEnabled(bool b) ;
|
||||
void getIPServersList(std::list<std::string>& ip_servers) ;
|
||||
|
||||
void setTunnelConnection(bool b);
|
||||
bool getTunnelConnection() { return allow_tunnel_connection ;}
|
||||
bool getTunnelConnection();
|
||||
|
||||
bool getNetStatusLocalOk();
|
||||
bool getNetStatusUpnpOk();
|
||||
@ -228,11 +244,15 @@ bool getNetStatusDhtOk();
|
||||
bool getNetStatusStunOk();
|
||||
bool getNetStatusExtraAddressCheckOk();
|
||||
|
||||
bool getUpnpExtAddress(struct sockaddr_in &addr);
|
||||
bool getExtFinderAddress(struct sockaddr_in &addr);
|
||||
void getNetStatus(pqiNetStatus &status);
|
||||
|
||||
void setOwnNetConfig(uint32_t netMode, uint32_t visState);
|
||||
bool setLocalAddress(std::string id, struct sockaddr_in addr);
|
||||
bool setExtAddress(std::string id, struct sockaddr_in addr);
|
||||
bool setDynDNS(std::string id, std::string dyndns);
|
||||
bool updateAddressList(const std::string& id, const std::list<IpAddressTimed>& IpAddressTimedList,bool merge = true);
|
||||
bool updateAddressList(const std::string& id, const pqiIpAddrSet &addrs);
|
||||
|
||||
bool setNetworkMode(std::string id, uint32_t netMode);
|
||||
bool setVisState(std::string id, uint32_t visState);
|
||||
@ -268,25 +288,17 @@ void addMonitor(pqiMonitor *mon);
|
||||
void removeMonitor(pqiMonitor *mon);
|
||||
|
||||
/******* overloaded from pqiConnectCb *************/
|
||||
virtual void peerStatus(std::string id,
|
||||
struct sockaddr_in laddr, struct sockaddr_in raddr,
|
||||
virtual void peerStatus(std::string id, const pqiIpAddrSet &addrs,
|
||||
uint32_t type, uint32_t flags, uint32_t source);
|
||||
virtual void peerConnectRequest(std::string id,
|
||||
struct sockaddr_in raddr, uint32_t source);
|
||||
virtual void stunStatus(std::string id, struct sockaddr_in raddr, uint32_t type, uint32_t flags);
|
||||
//virtual void stunStatus(std::string id, struct sockaddr_in raddr, uint32_t type, uint32_t flags);
|
||||
|
||||
/****************** Connections *******************/
|
||||
bool connectAttempt(std::string id, struct sockaddr_in &addr,
|
||||
uint32_t &delay, uint32_t &period, uint32_t &type);
|
||||
bool connectResult(std::string id, bool success, uint32_t flags, struct sockaddr_in remote_peer_address);
|
||||
bool doNextAttempt(std::string id);
|
||||
|
||||
p3tunnel* getP3tunnel();
|
||||
void setP3tunnel(p3tunnel *p3tun);
|
||||
|
||||
bool getUpnpExtAddress(struct sockaddr_in &addr);
|
||||
bool getStunExtAddress(struct sockaddr_in &addr);
|
||||
bool getExtFinderExtAddress(struct sockaddr_in &addr);
|
||||
|
||||
|
||||
protected:
|
||||
@ -307,9 +319,6 @@ bool netAssistFirewallPorts(uint16_t iport, uint16_t eport);
|
||||
|
||||
/* Assist Connect */
|
||||
virtual bool netAssistFriend(std::string id, bool on);
|
||||
virtual bool netAssistAddStun(std::string id);
|
||||
virtual bool netAssistStun(bool on);
|
||||
virtual bool netAssistNotify(std::string id);
|
||||
virtual bool netAssistSetAddress( struct sockaddr_in &laddr,
|
||||
struct sockaddr_in &eaddr,
|
||||
uint32_t mode);
|
||||
@ -327,7 +336,6 @@ void netDhtInit();
|
||||
void netUdpInit();
|
||||
void netStunInit();
|
||||
|
||||
void netStatusReset();
|
||||
|
||||
|
||||
void netInit();
|
||||
@ -338,17 +346,8 @@ void netExtCheck();
|
||||
void netUpnpInit();
|
||||
void netUpnpCheck();
|
||||
|
||||
void netExtFinderAddressCheck();
|
||||
void netUnreachableCheck();
|
||||
|
||||
/* Udp / Stun functions */
|
||||
void udpStunPeer(std::string id, struct sockaddr_in &addr);
|
||||
|
||||
void stunInit();
|
||||
bool stunCheck();
|
||||
void stunCollect(std::string id, struct sockaddr_in addr, uint32_t flags);
|
||||
bool addBootstrapStunPeers();
|
||||
|
||||
void networkConsistencyCheck();
|
||||
|
||||
/* monitor control */
|
||||
@ -356,10 +355,6 @@ void tickMonitors();
|
||||
|
||||
/* connect attempts */
|
||||
bool retryConnectTCP(std::string id);
|
||||
bool retryConnectNotify(std::string id);
|
||||
|
||||
/* temporary for testing */
|
||||
//virtual void loadConfiguration() { return; }
|
||||
|
||||
protected:
|
||||
/*****************************************************************/
|
||||
@ -370,74 +365,47 @@ bool retryConnectNotify(std::string id);
|
||||
virtual bool loadList(std::list<RsItem *> load);
|
||||
/*****************************************************************/
|
||||
|
||||
|
||||
#if 0
|
||||
|
||||
void setupOwnNetConfig(RsPeerConfigItem *item);
|
||||
void addPeer(RsPeerConfigItem *item);
|
||||
|
||||
#endif
|
||||
//void setupOwnNetConfig(RsPeerConfigItem *item);
|
||||
//void addPeer(RsPeerConfigItem *item);
|
||||
|
||||
private:
|
||||
// These should have there own Mutex Protection,
|
||||
//p3tunnel *mP3tunnel;
|
||||
ExtAddrFinder *mExtAddrFinder ;
|
||||
|
||||
p3tunnel *mP3tunnel;
|
||||
|
||||
uint32_t retry_period;
|
||||
|
||||
/* These are considered static from a MUTEX perspective */
|
||||
std::map<uint32_t, pqiNetAssistFirewall *> mFwAgents;
|
||||
std::map<uint32_t, pqiNetAssistConnect *> mDhts;
|
||||
|
||||
std::list<pqiNetListener *> mNetListeners;
|
||||
|
||||
|
||||
RsMutex connMtx; /* protects below */
|
||||
|
||||
std::list<pqiNetListener *> mNetListeners;
|
||||
void stopListeners();
|
||||
void startListeners();
|
||||
void netStatusReset_locked();
|
||||
|
||||
uint32_t mRetryPeriod;
|
||||
|
||||
time_t mNetInitTS;
|
||||
uint32_t mNetStatus;
|
||||
bool mListenerActive;
|
||||
|
||||
uint32_t mStunStatus;
|
||||
uint32_t mStunFound;
|
||||
bool mStunMoreRequired;
|
||||
|
||||
bool mStatusChanged;
|
||||
|
||||
std::list<pqiMonitor *> clients;
|
||||
|
||||
ExtAddrFinder *mExtAddrFinder ;
|
||||
bool use_extr_addr_finder ;
|
||||
bool allow_tunnel_connection ;
|
||||
bool mUseExtAddrFinder;
|
||||
bool mAllowTunnelConnection;
|
||||
|
||||
/* external Address determination */
|
||||
//bool mUpnpAddrValid, mStunAddrValid;
|
||||
//bool mStunAddrStable;
|
||||
//struct sockaddr_in mUpnpExtAddr;
|
||||
struct sockaddr_in mStunExtAddr;
|
||||
|
||||
/* network status flags (read by rsiface) */
|
||||
bool netFlagLocalOk;
|
||||
bool netFlagUpnpOk;
|
||||
bool netFlagDhtOk;
|
||||
bool netFlagStunOk;
|
||||
bool netFlagExtraAddressCheckOk;
|
||||
pqiNetStatus mNetFlags;
|
||||
pqiNetStatus mOldNetFlags;
|
||||
|
||||
/* old network status flags in order to detect changes */
|
||||
bool oldnetFlagLocalOk;
|
||||
bool oldnetFlagUpnpOk;
|
||||
bool oldnetFlagDhtOk;
|
||||
bool oldnetFlagStunOk;
|
||||
bool oldnetFlagExtraAddressCheckOk;
|
||||
peerConnectState mOwnState;
|
||||
|
||||
public:
|
||||
peerConnectState ownState;
|
||||
|
||||
protected:
|
||||
|
||||
void addPeer(std::string id, std::string name); /* tmp fn */
|
||||
|
||||
|
||||
std::list<std::string> mStunList;
|
||||
std::map<std::string, peerConnectState> mFriendList;
|
||||
std::map<std::string, peerConnectState> mOthersList;
|
||||
};
|
||||
|
@ -1756,14 +1756,28 @@ bool p3DhtMgr::dhtResultSearch(std::string idhash,
|
||||
|
||||
if (doCb)
|
||||
{
|
||||
std::list<IpAddressTimed> ipAddressList;
|
||||
mConnCb->peerStatus(ent.id, ent.laddr, ent.raddr,
|
||||
ent.type, 0, RS_CB_DHT);
|
||||
pqiIpAddrSet addrs;
|
||||
|
||||
pqiIpAddress laddr;
|
||||
laddr.mAddr = ent.laddr;
|
||||
laddr.mSeenTime = time(NULL);
|
||||
laddr.mSrc = RS_CB_DHT;
|
||||
|
||||
addrs.updateLocalAddrs(laddr);
|
||||
|
||||
pqiIpAddress eaddr;
|
||||
eaddr.mAddr = ent.raddr;
|
||||
eaddr.mSeenTime = time(NULL);
|
||||
eaddr.mSrc = RS_CB_DHT;
|
||||
|
||||
addrs.updateExtAddrs(eaddr);
|
||||
|
||||
mConnCb->peerStatus(ent.id, addrs, ent.type, 0, RS_CB_DHT);
|
||||
}
|
||||
|
||||
if (doStun)
|
||||
{
|
||||
mConnCb->stunStatus(idhash, raddr, type, stunFlags);
|
||||
//mConnCb->stunStatus(idhash, raddr, type, stunFlags);
|
||||
}
|
||||
|
||||
return true;
|
||||
|
@ -25,6 +25,7 @@
|
||||
|
||||
#include "pqi/pqimonitor.h"
|
||||
#include "pqi/pqinetwork.h"
|
||||
#include "pqi/pqiipset.h"
|
||||
#include "util/rsprint.h"
|
||||
|
||||
/***** DUMMY Connect CB for testing *****/
|
||||
@ -43,22 +44,20 @@ pqiConnectCbDummy::~pqiConnectCbDummy()
|
||||
return;
|
||||
}
|
||||
|
||||
void pqiConnectCbDummy::peerStatus(std::string id,
|
||||
struct sockaddr_in laddr, struct sockaddr_in raddr,
|
||||
void pqiConnectCbDummy::peerStatus(std::string id, const pqiIpAddrSet &addrs,
|
||||
uint32_t type, uint32_t mode, uint32_t source)
|
||||
{
|
||||
std::cerr << "pqiConnectCbDummy::peerStatus()";
|
||||
std::cerr << " id: " << id;
|
||||
|
||||
std::cerr << " laddr: " << inet_ntoa(laddr.sin_addr);
|
||||
std::cerr << " lport: " << ntohs(laddr.sin_port);
|
||||
std::cerr << " raddr: " << inet_ntoa(raddr.sin_addr);
|
||||
std::cerr << " rport: " << ntohs(raddr.sin_port);
|
||||
|
||||
std::cerr << " type: " << type;
|
||||
std::cerr << " mode: " << mode;
|
||||
std::cerr << " source: " << source;
|
||||
std::cerr << std::endl;
|
||||
|
||||
std::cerr << " addrs: ";
|
||||
std::cerr << std::endl;
|
||||
addrs.printAddrs(std::cerr);
|
||||
std::cerr << std::endl;
|
||||
}
|
||||
|
||||
void pqiConnectCbDummy::peerConnectRequest(std::string id,
|
||||
@ -72,6 +71,7 @@ void pqiConnectCbDummy::peerConnectRequest(std::string id,
|
||||
std::cerr << std::endl;
|
||||
}
|
||||
|
||||
#if 0
|
||||
void pqiConnectCbDummy::stunStatus(std::string id, struct sockaddr_in raddr,
|
||||
uint32_t type, uint32_t flags)
|
||||
{
|
||||
@ -82,5 +82,6 @@ void pqiConnectCbDummy::stunStatus(std::string id, struct sockaddr_in raddr,
|
||||
std::cerr << " flags: " << flags;
|
||||
std::cerr << std::endl;
|
||||
}
|
||||
#endif
|
||||
|
||||
|
||||
|
@ -34,6 +34,7 @@
|
||||
#include <inttypes.h>
|
||||
#include <string>
|
||||
#include <list>
|
||||
#include "pqi/pqiipset.h"
|
||||
|
||||
/************** Define Type/Mode/Source ***************/
|
||||
|
||||
@ -93,7 +94,7 @@ virtual ~pqiMonitor() { return; }
|
||||
|
||||
void setConnectionMgr(p3ConnectMgr *cm) { mConnMgr = cm; }
|
||||
virtual void statusChange(const std::list<pqipeer> &plist) = 0;
|
||||
|
||||
//virtual void ownStatusChange(pqipeer &) { return; } // SIGNAL reset or similar.
|
||||
//virtual void peerStatus(std::string id, uint32_t mode) = 0;
|
||||
|
||||
protected:
|
||||
@ -107,14 +108,13 @@ class pqiConnectCb
|
||||
{
|
||||
public:
|
||||
virtual ~pqiConnectCb() { return; }
|
||||
virtual void peerStatus(std::string id,
|
||||
struct sockaddr_in laddr, struct sockaddr_in raddr,
|
||||
virtual void peerStatus(std::string id, const pqiIpAddrSet &addrs,
|
||||
uint32_t type, uint32_t flags, uint32_t source) = 0;
|
||||
|
||||
virtual void peerConnectRequest(std::string id,
|
||||
struct sockaddr_in raddr, uint32_t source) = 0;
|
||||
|
||||
virtual void stunStatus(std::string id, struct sockaddr_in raddr, uint32_t type, uint32_t flags) = 0;
|
||||
//virtual void stunStatus(std::string id, struct sockaddr_in raddr, uint32_t type, uint32_t flags) = 0;
|
||||
};
|
||||
|
||||
|
||||
@ -124,14 +124,13 @@ class pqiConnectCbDummy: public pqiConnectCb
|
||||
public:
|
||||
pqiConnectCbDummy();
|
||||
virtual ~pqiConnectCbDummy();
|
||||
virtual void peerStatus(std::string id,
|
||||
struct sockaddr_in laddr, struct sockaddr_in raddr,
|
||||
virtual void peerStatus(std::string id, const pqiIpAddrSet &addrs,
|
||||
uint32_t type, uint32_t mode, uint32_t source);
|
||||
|
||||
virtual void peerConnectRequest(std::string id,
|
||||
struct sockaddr_in raddr, uint32_t source);
|
||||
|
||||
virtual void stunStatus(std::string id, struct sockaddr_in raddr, uint32_t type, uint32_t flags);
|
||||
//virtual void stunStatus(std::string id, struct sockaddr_in raddr, uint32_t type, uint32_t flags);
|
||||
};
|
||||
|
||||
|
||||
|
@ -408,6 +408,10 @@ int pqiperson::connect(uint32_t type, struct sockaddr_in raddr, uint32_t delay,
|
||||
std::cerr << out.str();
|
||||
//pqioutput(PQL_DEBUG_BASIC, pqipersonzone, out.str());
|
||||
#endif
|
||||
/* notify of fail! */
|
||||
|
||||
pqipg->notifyConnect(PeerId(), type, false, raddr);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
@ -50,7 +50,7 @@ class pqiconnect: public pqistreamer, public NetInterface
|
||||
public:
|
||||
pqiconnect(RsSerialiser *rss, NetBinInterface *ni_in)
|
||||
:pqistreamer(rss, ni_in->PeerId(), ni_in, 0), // pqistreamer will cleanup NetInterface.
|
||||
NetInterface(NULL, ni_in->PeerId()), // No need for callback.
|
||||
NetInterface(NULL, ni_in->PeerId()), // No need for callback
|
||||
ni(ni_in)
|
||||
{
|
||||
if (!ni_in)
|
||||
|
@ -479,12 +479,18 @@ int pqipersongrp::connectPeer(std::string id)
|
||||
ptype = PQI_CONNECT_TUNNEL;
|
||||
timeout = period * 2;
|
||||
#ifdef PGRP_DEBUG
|
||||
std::cerr << " pqipersongrp::connectPeer() connecting with UDP: Timeout :" << timeout;
|
||||
std::cerr << " pqipersongrp::connectPeer() connecting with Tunnel: Timeout :" << timeout;
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
}
|
||||
else
|
||||
{
|
||||
#ifdef PGRP_DEBUG
|
||||
std::cerr << " pqipersongrp::connectPeer() Ignoring Unknown Type:" << type;
|
||||
std::cerr << std::endl;
|
||||
#endif
|
||||
return 0;
|
||||
}
|
||||
|
||||
p->connect(ptype, addr, delay, period, timeout);
|
||||
|
||||
|
@ -90,7 +90,7 @@ const int pqisslzone = 37714;
|
||||
*
|
||||
*/
|
||||
|
||||
pqissltunnel::pqissltunnel(PQInterface *parent, p3ConnectMgr *cm)
|
||||
pqissltunnel::pqissltunnel(PQInterface *parent, p3ConnectMgr *cm, p3tunnel *p3t)
|
||||
:NetBinInterface(parent, parent->PeerId()), mConnMgr(cm)
|
||||
{
|
||||
active = false;
|
||||
@ -108,7 +108,7 @@ pqissltunnel::pqissltunnel(PQInterface *parent, p3ConnectMgr *cm)
|
||||
// rslog(RSL_ALERT, pqisslzone,
|
||||
// "\t pqissltunnel will not initialise....");
|
||||
// }
|
||||
mP3tunnel = mConnMgr->getP3tunnel();
|
||||
mP3tunnel = p3t;
|
||||
current_data_offset = 0;
|
||||
curent_data_packet.length = 0;
|
||||
|
||||
|
@ -74,7 +74,7 @@ struct data_with_length {
|
||||
class pqissltunnel: public NetBinInterface
|
||||
{
|
||||
public:
|
||||
pqissltunnel(PQInterface *parent, p3ConnectMgr *cm);
|
||||
pqissltunnel(PQInterface *parent, p3ConnectMgr *cm, p3tunnel *p3t);
|
||||
virtual ~pqissltunnel();
|
||||
|
||||
// NetInterface
|
||||
|
Loading…
x
Reference in New Issue
Block a user