Git-Mirrors/RetroShare
1
0
Fork 0
mirror of https://github.com/RetroShare/RetroShare.git synced 2025-01-27 07:47:03 -05:00
Code Issues Actions Packages Projects Releases Wiki Activity

Networking REWORK: Major cleanup of p3ConnectMgr.

Browse Source 
(Sorry for the ridiculously large check-in, wants to fix lots of stuff.)

Other Changes:
 * Added SSL Test Harness. (authssltest)
 * Added GPG Test Harness. (authssltest)
 * Reworked SSL/GPG startup to enable test harnesses
 * pqiperson: added notify of FAIL if connection method unavailable.
 * added p3tunnel to pqissltunnel init.
 * pqimonitor: added ipHistory to connect callback.
 
p3ConnectMgr Changes:
 * removed STUN system - wasn't operating correctly anyway without DHT.
 * switched to new IpAddress history data types. (removed lots of code)
 * Added Addr history for both Local and Ext addresses.
 * removed p3tunnel references in p3connmgr
 * fixed up mUseTunnelConnection flags (now used!)
 * fixed up mUseExtFinder flags (now used!)
 * added improved Net Status.
 * corrected UPNP / EXT / UDP startup. (was always UPNP).
 * fixed netReset() and netStartup().
 * removed unnecessary DEBUG code.
 * added UPNP timeout code (600 secs - why does it take so long?)
 * added improved netExtCheck().
 * removed wierd netConsistencyCheck() ... to rework.
 * corrected connect / reconnect code.
 * removed DHT notify code.



git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@3247 b45a01b8-16f6-495d-af2f-9b41ad6348cc
This commit is contained in:
drbob 2010-07-04 10:35:38 +00:00
parent 85e1b4b111
commit f4331da483
18 changed files with 2345 additions and 1840 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

247
libretroshare/src/pqi/authgpg.cc
View File

@ -36,8 +36,26 @@
//#define GPG_DEBUG 1
// initializing the singleton pointer
AuthGPG *AuthGPG::instance_gpg = new AuthGPG();
static AuthGPG *instance_gpg = NULL;
void setAuthGPG(AuthGPG *newgpg)
{
instance_gpg = newgpg;
}
void AuthGPGInit()
{
instance_gpg = new AuthGPGimpl();
}
AuthGPG *AuthGPG::getAuthGPG()
{
return instance_gpg;
}
/* Turn a set of parameters into a string */
static std::string setKeyPairParams(bool useRsa, unsigned int blen,
@ -107,7 +125,7 @@ gpg_error_t pgp_pwd_callback(void *hook, const char *uid_hint, const char *passp
return 0;
}
AuthGPG::AuthGPG()
AuthGPGimpl::AuthGPGimpl()
:p3Config(CONFIG_TYPE_AUTHGPG),gpgmeInit(false),gpgmeKeySelected(false)
{
{
@ -171,7 +189,7 @@ AuthGPG::AuthGPG()
}
/* Initialize */
bool AuthGPG::InitAuth ()
bool AuthGPGimpl::InitAuth ()
{
std::string HomeDir;
@ -212,7 +230,7 @@ bool AuthGPG::InitAuth ()
*
* returns false if GnuPG is not available.
*/
bool AuthGPG::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids)
bool AuthGPGimpl::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids)
{
int i = 0;
gpgme_key_t KEY = NULL;
@ -242,13 +260,13 @@ bool AuthGPG::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &id
{
ids.push_back(KEY->subkeys->keyid);
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::availablePGPCertificates() Added: " << KEY->subkeys->keyid << std::endl;
std::cerr << "AuthGPGimpl::availablePGPCertificates() Added: " << KEY->subkeys->keyid << std::endl;
#endif
}
else
{
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::availablePGPCertificates() Missing subkey" << std::endl;
std::cerr << "AuthGPGimpl::availablePGPCertificates() Missing subkey" << std::endl;
#endif
}
}
@ -259,7 +277,7 @@ bool AuthGPG::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &id
return false;
}
std::cerr << "AuthGPG::availablePGPCertificates() Secret Key Count: " << i << std::endl;
std::cerr << "AuthGPGimpl::availablePGPCertificates() Secret Key Count: " << i << std::endl;
/* return false if there are no private keys */
return (i > 0);
@ -272,10 +290,10 @@ bool AuthGPG::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &id
* This function must be called successfully (return == 1)
* before anything else can be done. (except above fn).
*/
int AuthGPG::GPGInit(std::string ownId)
int AuthGPGimpl::GPGInit(std::string ownId)
{
std::cerr << "AuthGPG::GPGInit() called with own gpg id : " << ownId << std::endl;
std::cerr << "AuthGPGimpl::GPGInit() called with own gpg id : " << ownId << std::endl;
{
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
@ -294,7 +312,7 @@ int AuthGPG::GPGInit(std::string ownId)
{
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
if (mOwnGpgCert.id != mOwnGpgId) {
std::cerr << "AuthGPG::GPGInit() failed to find your id." << std::endl;
std::cerr << "AuthGPGimpl::GPGInit() failed to find your id." << std::endl;
return 0;
}
@ -308,18 +326,18 @@ int AuthGPG::GPGInit(std::string ownId)
//printAllKeys_locked();
std::cerr << "AuthGPG::GPGInit finished." << std::endl;
std::cerr << "AuthGPGimpl::GPGInit finished." << std::endl;
return 1;
}
AuthGPG::~AuthGPG()
AuthGPGimpl::~AuthGPGimpl()
{
}
bool AuthGPG::storeAllKeys_tick() {
bool AuthGPGimpl::storeAllKeys_tick() {
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::storeAllKeys_tick() called." << std::endl;
std::cerr << "AuthGPGimpl::storeAllKeys_tick() called." << std::endl;
#endif
time_t timeSinceStore = 0;
{
@ -335,10 +353,10 @@ bool AuthGPG::storeAllKeys_tick() {
}
// store all keys in map mKeyList to avoid callin gpgme exe repeatedly
bool AuthGPG::storeAllKeys()
bool AuthGPGimpl::storeAllKeys()
{
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::storeAllKeys()" << std::endl;
std::cerr << "AuthGPGimpl::storeAllKeys()" << std::endl;
#endif
std::list<std::string> gpg_change_trust_list;
@ -348,12 +366,12 @@ bool AuthGPG::storeAllKeys()
gpg_error_t ERR;
if (!gpgmeInit)
{
std::cerr << "AuthGPG::storeAllKeys() Error since GPG is not initialised" << std::endl;
std::cerr << "AuthGPGimpl::storeAllKeys() Error since GPG is not initialised" << std::endl;
return false;
}
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::storeAllKeys() clearing existing ones" << std::endl;
std::cerr << "AuthGPGimpl::storeAllKeys() clearing existing ones" << std::endl;
#endif
/* enable SIG mode */
@ -368,7 +386,7 @@ bool AuthGPG::storeAllKeys()
/* Initiates a key listing 0 = All Keys */
if (GPG_ERR_NO_ERROR != gpgme_op_keylist_start (CTX, "", 0))
{
std::cerr << "AuthGPG::storeAllKeys() Error iterating through KeyList" << std::endl;
std::cerr << "AuthGPGimpl::storeAllKeys() Error iterating through KeyList" << std::endl;
// if (rsicontrol != NULL) {
// rsicontrol->getNotify().notifyErrorMsg(0,0,"Error reading gpg keyring, cannot acess key list.");
// }
@ -380,7 +398,7 @@ bool AuthGPG::storeAllKeys()
mStoreKeyTime = time(NULL);
ERR = gpgme_op_keylist_next (CTX, &KEY);
if (GPG_ERR_NO_ERROR != ERR) {
std::cerr << "AuthGPG::storeAllKeys() didn't find any gpg key in the keyring" << std::endl;
std::cerr << "AuthGPGimpl::storeAllKeys() didn't find any gpg key in the keyring" << std::endl;
// if (rsicontrol != NULL) {
// rsicontrol->getNotify().notifyErrorMsg(0,0,"Error reading gpg keyring, cannot find any key in the list.");
// }
@ -402,7 +420,7 @@ bool AuthGPG::storeAllKeys()
if ((!KEY->subkeys) || (!KEY->uids))
{
std::cerr << "AuthGPG::storeAllKeys() Invalid Key in List... skipping" << std::endl;
std::cerr << "AuthGPGimpl::storeAllKeys() Invalid Key in List... skipping" << std::endl;
continue;
}
@ -541,7 +559,7 @@ bool AuthGPG::storeAllKeys()
}
// update trust on all available keys. Not used anymore
//bool AuthGPG::updateTrustAllKeys_locked()
//bool AuthGPGimpl::updateTrustAllKeys_locked()
//{
// gpg_error_t ERR;
// if (!gpgmeInit)
@ -610,7 +628,7 @@ bool AuthGPG::storeAllKeys()
//
//}
bool AuthGPG::printAllKeys_locked()
bool AuthGPGimpl::printAllKeys_locked()
{
certmap::const_iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
@ -644,7 +662,7 @@ bool AuthGPG::printAllKeys_locked()
return true;
}
bool AuthGPG::printOwnKeys_locked()
bool AuthGPGimpl::printOwnKeys_locked()
{
certmap::iterator it;
for(it = mKeyList.begin(); it != mKeyList.end(); it++)
@ -660,7 +678,7 @@ bool AuthGPG::printOwnKeys_locked()
return true;
}
bool AuthGPG::printKeys()
bool AuthGPGimpl::printKeys()
{
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
printAllKeys_locked();
@ -708,14 +726,14 @@ void print_pgpme_verify_summary(unsigned int summary)
}
bool AuthGPG::DoOwnSignature(const void *data, unsigned int datalen, void *buf_sigout, unsigned int *outl)
bool AuthGPGimpl::DoOwnSignature(const void *data, unsigned int datalen, void *buf_sigout, unsigned int *outl)
{
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
/* setup signers */
gpgme_signers_clear(CTX);
if (GPG_ERR_NO_ERROR != gpgme_signers_add(CTX, mOwnGpgCert.key))
{
std::cerr << "AuthGPG::DoOwnSignature() Error Adding Signer" << std::endl;
std::cerr << "AuthGPGimpl::DoOwnSignature() Error Adding Signer" << std::endl;
}
gpgme_data_t gpgmeData;
@ -738,7 +756,7 @@ bool AuthGPG::DoOwnSignature(const void *data, unsigned int datalen, void *buf_s
if (GPG_ERR_NO_ERROR != (ERR = gpgme_op_sign(CTX,gpgmeData, gpgmeSig, mode)))
{
ProcessPGPmeError(ERR);
std::cerr << "AuthGPG::Sign FAILED ERR: " << ERR << std::endl;
std::cerr << "AuthGPGimpl::Sign FAILED ERR: " << ERR << std::endl;
gpgme_data_release(gpgmeSig);
gpgme_data_release(gpgmeData);
return false;
@ -764,13 +782,13 @@ bool AuthGPG::DoOwnSignature(const void *data, unsigned int datalen, void *buf_s
while(ik != NULL)
{
fprintf(stderr, "AuthGPG::Sign, Invalid by: %s\n", ik->fpr);
fprintf(stderr, "AuthGPGimpl::Sign, Invalid by: %s\n", ik->fpr);
ik = ik->next;
}
while(sg != NULL)
{
fprintf(stderr, "AuthGPG::Signed by: %s\n", sg->fpr);
fprintf(stderr, "AuthGPGimpl::Signed by: %s\n", sg->fpr);
sg = sg->next;
}
#endif
@ -780,7 +798,7 @@ bool AuthGPG::DoOwnSignature(const void *data, unsigned int datalen, void *buf_s
// gpgme_data_write (gpgmeSig, "", 1); // to be able to convert it into a string
char *export_sig = gpgme_data_release_and_get_mem(gpgmeSig, &len);
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::Signature len: " << len << std::endl;
std::cerr << "AuthGPGimpl::Signature len: " << len << std::endl;
#endif
if (len < *outl) // -1 because we added a 0 at the end.
@ -798,7 +816,7 @@ bool AuthGPG::DoOwnSignature(const void *data, unsigned int datalen, void *buf_s
/* import to GnuPG and other Certificates */
bool AuthGPG::VerifySignature(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint)
bool AuthGPGimpl::VerifySignature(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint)
{
gpgme_data_t gpgmeSig;
gpgme_data_t gpgmeData;
@ -835,7 +853,7 @@ bool AuthGPG::VerifySignature(const void *data, int datalen, const void *sig, un
if (GPG_ERR_NO_ERROR != (ERR = gpgme_op_verify(CTX,gpgmeSig, gpgmeData, NULL)))
{
ProcessPGPmeError(ERR);
std::cerr << "AuthGPG::Verify FAILED" << std::endl;
std::cerr << "AuthGPGimpl::Verify FAILED" << std::endl;
}
gpgme_verify_result_t res = gpgme_op_verify_result(CTX);
@ -862,18 +880,18 @@ bool AuthGPG::VerifySignature(const void *data, int datalen, const void *sig, un
while(sg != NULL)
{
#ifdef GPG_DEBUG
fprintf(stderr, "AuthGPG::Verify Sig by: %s, status: %d\n", sg->fpr, sg->status);
fprintf(stderr, "AuthGPGimpl::Verify Sig by: %s, status: %d\n", sg->fpr, sg->status);
print_pgpme_verify_summary(sg->summary);
#endif
if (sg->status == GPG_ERR_NO_ERROR)
{
#ifdef GPG_DEBUG
fprintf(stderr, "AuthGPG::VerifySignature() OK\n");
fprintf(stderr, "AuthGPGimpl::VerifySignature() OK\n");
#endif
if (withfingerprint != "" && withfingerprint == std::string(sg->fpr)) {
#ifdef GPG_DEBUG
fprintf(stderr, "AuthGPG::VerifySignature() for the fingerprint key : ");
fprintf(stderr, "AuthGPGimpl::VerifySignature() for the fingerprint key : ");
std::cerr << withfingerprint;
fprintf(stderr, "\n");
#endif
@ -890,7 +908,7 @@ bool AuthGPG::VerifySignature(const void *data, int datalen, const void *sig, un
/* extract id(s)! */
if (!valid)
{
fprintf(stderr, "AuthGPG::VerifySignature() FAILED\n");
fprintf(stderr, "AuthGPGimpl::VerifySignature() FAILED\n");
}
return valid;
@ -899,14 +917,14 @@ bool AuthGPG::VerifySignature(const void *data, int datalen, const void *sig, un
bool AuthGPG::active()
bool AuthGPGimpl::active()
{
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
return ((gpgmeInit) && (gpgmeKeySelected));
}
bool AuthGPG::GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString) {
bool AuthGPGimpl::GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString) {
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
@ -934,13 +952,13 @@ bool AuthGPG::GeneratePGPCertificate(std::string name, std::string email, std
return true;
}
bool AuthGPG::CloseAuth()
bool AuthGPGimpl::CloseAuth()
{
return true;
}
/**** These Two are common */
std::string AuthGPG::getGPGName(GPG_id id)
std::string AuthGPGimpl::getGPGName(GPG_id id)
{
storeAllKeys_tick();
@ -954,7 +972,7 @@ std::string AuthGPG::getGPGName(GPG_id id)
}
/**** These Two are common */
std::string AuthGPG::getGPGEmail(GPG_id id)
std::string AuthGPGimpl::getGPGEmail(GPG_id id)
{
storeAllKeys_tick();
@ -969,19 +987,19 @@ std::string AuthGPG::getGPGEmail(GPG_id id)
/**** GPG versions ***/
std::string AuthGPG::getGPGOwnId()
std::string AuthGPGimpl::getGPGOwnId()
{
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
return mOwnGpgId;
}
std::string AuthGPG::getGPGOwnName()
std::string AuthGPGimpl::getGPGOwnName()
{
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
return mOwnGpgCert.name;
}
bool AuthGPG::getGPGAllList(std::list<std::string> &ids)
bool AuthGPGimpl::getGPGAllList(std::list<std::string> &ids)
{
storeAllKeys_tick();
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
@ -995,10 +1013,10 @@ bool AuthGPG::getGPGAllList(std::list<std::string> &ids)
return true;
}
bool AuthGPG::getGPGDetails(std::string id, RsPeerDetails &d)
bool AuthGPGimpl::getGPGDetails(std::string id, RsPeerDetails &d)
{
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::getPGPDetails() called for : " << id << std::endl;
std::cerr << "AuthGPGimpl::getPGPDetails() called for : " << id << std::endl;
#endif
storeAllKeys_tick();
@ -1033,28 +1051,28 @@ bool AuthGPG::getGPGDetails(std::string id, RsPeerDetails &d)
}
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::getPGPDetails() Name : " << cert.name << std::endl;
std::cerr << "AuthGPGimpl::getPGPDetails() Name : " << cert.name << std::endl;
#endif
return true;
}
return false;
}
bool AuthGPG::decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) {
bool AuthGPGimpl::decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) {
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
gpgme_set_armor (CTX, 1);
gpg_error_t ERR;
if (GPG_ERR_NO_ERROR != (ERR = gpgme_op_decrypt (CTX, CIPHER, PLAIN)))
{
ProcessPGPmeError(ERR);
std::cerr << "AuthGPG::decryptText() Error decrypting text." << std::endl;
std::cerr << "AuthGPGimpl::decryptText() Error decrypting text." << std::endl;
return false;
}
return true;
}
bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
bool AuthGPGimpl::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
gpgme_encrypt_flags_t* flags = new gpgme_encrypt_flags_t();
gpgme_key_t keys[2] = {mOwnGpgCert.key, NULL};
@ -1063,14 +1081,14 @@ bool AuthGPG::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) {
if (GPG_ERR_NO_ERROR != (ERR = gpgme_op_encrypt(CTX, keys, *flags, PLAIN, CIPHER)))
{
ProcessPGPmeError(ERR);
std::cerr << "AuthGPG::encryptText() Error encrypting text." << std::endl;
std::cerr << "AuthGPGimpl::encryptText() Error encrypting text." << std::endl;
return false;
}
return true;
}
bool AuthGPG::getGPGValidList(std::list<std::string> &ids)
bool AuthGPGimpl::getGPGValidList(std::list<std::string> &ids)
{
storeAllKeys_tick();
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
@ -1085,7 +1103,7 @@ bool AuthGPG::getGPGValidList(std::list<std::string> &ids)
return true;
}
bool AuthGPG::getGPGAcceptedList(std::list<std::string> &ids)
bool AuthGPGimpl::getGPGAcceptedList(std::list<std::string> &ids)
{
storeAllKeys_tick();
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
@ -1100,7 +1118,7 @@ bool AuthGPG::getGPGAcceptedList(std::list<std::string> &ids)
return true;
}
bool AuthGPG::getGPGSignedList(std::list<std::string> &ids)
bool AuthGPGimpl::getGPGSignedList(std::list<std::string> &ids)
{
storeAllKeys_tick();
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
@ -1115,7 +1133,7 @@ bool AuthGPG::getGPGSignedList(std::list<std::string> &ids)
return true;
}
bool AuthGPG::isGPGValid(GPG_id id)
bool AuthGPGimpl::isGPGValid(GPG_id id)
{
storeAllKeys_tick();
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
@ -1128,7 +1146,7 @@ bool AuthGPG::isGPGValid(GPG_id id)
}
bool AuthGPG::isGPGId(GPG_id id)
bool AuthGPGimpl::isGPGId(GPG_id id)
{
storeAllKeys_tick();
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
@ -1141,7 +1159,7 @@ bool AuthGPG::isGPGId(GPG_id id)
}
bool AuthGPG::isGPGSigned(GPG_id id)
bool AuthGPGimpl::isGPGSigned(GPG_id id)
{
storeAllKeys_tick();
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
@ -1153,7 +1171,7 @@ bool AuthGPG::isGPGSigned(GPG_id id)
return false;
}
bool AuthGPG::isGPGAccepted(GPG_id id)
bool AuthGPGimpl::isGPGAccepted(GPG_id id)
{
storeAllKeys_tick();
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
@ -1175,11 +1193,11 @@ bool AuthGPG::isGPGAccepted(GPG_id id)
/* SKTAN : do not know how to use std::string id */
std::string AuthGPG::SaveCertificateToString(std::string id)
std::string AuthGPGimpl::SaveCertificateToString(std::string id)
{
if (!isGPGId(id)) {
std::cerr << "AuthGPG::SaveCertificateToString() unknown ID" << std::endl;
std::cerr << "AuthGPGimpl::SaveCertificateToString() unknown ID" << std::endl;
return "";
}
@ -1226,11 +1244,11 @@ std::string AuthGPG::SaveCertificateToString(std::string id)
}
/* import to GnuPG and other Certificates */
bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
bool AuthGPGimpl::LoadCertificateFromString(std::string str, std::string &gpg_id)
{
if (str == "") {
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::LoadCertificateFromString() cert is empty string, returning false." << std::endl;
std::cerr << "AuthGPGimpl::LoadCertificateFromString() cert is empty string, returning false." << std::endl;
#endif
return false;
}
@ -1243,7 +1261,7 @@ bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
std::string cleancert = str;
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::LoadCertificateFromString() cleancert : " << cleancert;
std::cerr << "AuthGPGimpl::LoadCertificateFromString() cleancert : " << cleancert;
#endif
gpgme_data_t gpgmeData;
@ -1258,7 +1276,7 @@ bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
gpgme_set_armor (CTX, 1);
if (GPG_ERR_NO_ERROR != gpgme_op_import (CTX,gpgmeData))
{
std::cerr << "AuthGPG::LoadCertificateFromString() Error Importing Certificate" << std::endl;
std::cerr << "AuthGPGimpl::LoadCertificateFromString() Error Importing Certificate" << std::endl;
gpgme_data_release (gpgmeData);
return false ;
}
@ -1273,7 +1291,7 @@ bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
fingerprint = std::string(res->imports->fpr);
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::LoadCertificateFromString() Importing considered folowing fpr : " << fingerprint << std::endl;
std::cerr << "AuthGPGimpl::LoadCertificateFromString() Importing considered folowing fpr : " << fingerprint << std::endl;
#endif
imported = res->imported;
@ -1303,7 +1321,7 @@ bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
}
}
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::LoadCertificateFromString() returning with gpg_id : " << gpg_id << std::endl;
std::cerr << "AuthGPGimpl::LoadCertificateFromString() returning with gpg_id : " << gpg_id << std::endl;
#endif
if (gpg_id == "") {
return false;
@ -1326,11 +1344,11 @@ bool AuthGPG::LoadCertificateFromString(std::string str, std::string &gpg_id)
/*************************************/
/* These take PGP Ids */
bool AuthGPG::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance)
bool AuthGPGimpl::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance)
{
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::markGPGCertificateAsFriends(" << gpg_id << ")" << std::endl;
std::cerr << "AuthGPGimpl::markGPGCertificateAsFriends(" << gpg_id << ")" << std::endl;
#endif
/* reload stuff now ... */
@ -1352,11 +1370,11 @@ bool AuthGPG::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptan
}
/* These take PGP Ids */
bool AuthGPG::SignCertificateLevel0(GPG_id id)
bool AuthGPGimpl::SignCertificateLevel0(GPG_id id)
{
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::SignCertificat(" << id << ")" << std::endl;
std::cerr << "AuthGPGimpl::SignCertificat(" << id << ")" << std::endl;
#endif
if (1 != privateSignCertificate(id))
@ -1370,21 +1388,21 @@ bool AuthGPG::SignCertificateLevel0(GPG_id id)
return true;
}
bool AuthGPG::RevokeCertificate(std::string id)
bool AuthGPGimpl::RevokeCertificate(std::string id)
{
//RsStackMutex stack(gpgMtx); /******* LOCKED ******/
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::RevokeCertificate(" << id << ") not implemented yet" << std::endl;
std::cerr << "AuthGPGimpl::RevokeCertificate(" << id << ") not implemented yet" << std::endl;
#endif
return false;
}
bool AuthGPG::TrustCertificate(std::string id, int trustlvl)
bool AuthGPGimpl::TrustCertificate(std::string id, int trustlvl)
{
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::TrustCertificate(" << id << ", " << trustlvl << ")" << std::endl;
std::cerr << "AuthGPGimpl::TrustCertificate(" << id << ", " << trustlvl << ")" << std::endl;
#endif
if (1 != privateTrustCertificate(id, trustlvl))
{
@ -1399,29 +1417,29 @@ bool AuthGPG::TrustCertificate(std::string id, int trustlvl)
#if 0
/* remove otherwise will cause bugs */
bool AuthGPG::SignData(std::string input, std::string &sign)
bool AuthGPGimpl::SignData(std::string input, std::string &sign)
{
return false;
}
bool AuthGPG::SignData(const void *data, const uint32_t len, std::string &sign)
bool AuthGPGimpl::SignData(const void *data, const uint32_t len, std::string &sign)
{
return false;
}
bool AuthGPG::SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen)
bool AuthGPGimpl::SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen)
{
return false;
}
#endif
bool AuthGPG::SignDataBin(const void *data, unsigned int datalen, unsigned char *sign, unsigned int *signlen) {
bool AuthGPGimpl::SignDataBin(const void *data, unsigned int datalen, unsigned char *sign, unsigned int *signlen) {
return DoOwnSignature(data, datalen,
sign, signlen);
}
bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *sign, unsigned int signlen, std::string withfingerprint) {
bool AuthGPGimpl::VerifySignBin(const void *data, uint32_t datalen, unsigned char *sign, unsigned int signlen, std::string withfingerprint) {
return VerifySignature(data, datalen,
sign, signlen, withfingerprint);
}
@ -1429,7 +1447,7 @@ bool AuthGPG::VerifySignBin(const void *data, uint32_t datalen, unsigned char *s
/* Sign/Trust stuff */
int AuthGPG::privateSignCertificate(std::string id)
int AuthGPGimpl::privateSignCertificate(std::string id)
{
/* The key should be in Others list and not in Peers list ??
* Once the key is signed, it moves from Others to Peers list ???
@ -1472,14 +1490,14 @@ int AuthGPG::privateSignCertificate(std::string id)
}
/* revoke the signature on Certificate */
int AuthGPG::privateRevokeCertificate(std::string id)
int AuthGPGimpl::privateRevokeCertificate(std::string id)
{
//RsStackMutex stack(gpgMtx); /******* LOCKED ******/
return 0;
}
int AuthGPG::privateTrustCertificate(std::string id, int trustlvl)
int AuthGPGimpl::privateTrustCertificate(std::string id, int trustlvl)
{
/* The certificate should be in Peers list ??? */
if(!isGPGAccepted(id)) {
@ -1522,7 +1540,8 @@ int AuthGPG::privateTrustCertificate(std::string id, int trustlvl)
/* This function to print Data */
void AuthGPG::showData(gpgme_data_t dh)
#if 0
void showData(gpgme_data_t dh)
{
#define BUF_SIZE 512
char buf[BUF_SIZE + 1];
@ -1544,47 +1563,7 @@ void AuthGPG::showData(gpgme_data_t dh)
//fail_if_err (gpgme_err_code_from_errno (errno));
}
}
/******************************************************************************/
/* TEST/DEBUG */
/******************************************************************************/
/*
* Create a number of friends and add them to the Map of peers.
* Create a number of friends and add them to the Map of "others" -- people who
* are known but are not allowed to access retroshare
*/
void AuthGPG::createDummyFriends()
{
const unsigned int DUMMY_KEY_LEN = 2048;
// create key params for a few dummies
std::string friend1 = setKeyPairParams(true, DUMMY_KEY_LEN, "friend89",
"I am your first friend", "friend1@friend.com");
std::string friend2 = setKeyPairParams(true, DUMMY_KEY_LEN, "friend2",
"I am your second friend", "friend2@friend.com");
std::string friend3 = setKeyPairParams(true, DUMMY_KEY_LEN, "friend3",
"I am your third friend", "friend3@friend.com");
// params for others
std::string other1 = setKeyPairParams(true, DUMMY_KEY_LEN, "other89",
"I am your first other", "other@other.com");
std::string other2 = setKeyPairParams(true, DUMMY_KEY_LEN, "other2",
"I am your second other", "other2@other.com");
std::string other3 = setKeyPairParams(true, DUMMY_KEY_LEN, "other3",
"I am your third other", "other3@other.com");
gpgme_error_t rc = GPG_ERR_NO_ERROR; // assume OK
rc = gpgme_op_genkey(CTX, friend1.c_str(), NULL, NULL);
rc = gpgme_op_genkey(CTX, friend2.c_str(), NULL, NULL);
rc = gpgme_op_genkey(CTX, friend3.c_str(), NULL, NULL);
rc = gpgme_op_genkey(CTX, other1.c_str(), NULL, NULL);
rc = gpgme_op_genkey(CTX, other2.c_str(), NULL, NULL);
rc = gpgme_op_genkey(CTX, other3.c_str(), NULL, NULL);
std::cout << "createDummyFriends(): exit" << std::endl;
return;
}
#endif
static std::string setKeyPairParams(bool useRsa, unsigned int blen,
std::string name, std::string comment, std::string email)
@ -2164,17 +2143,17 @@ static gpgme_error_t trustCallback(void *opaque, gpgme_status_code_t status, \
// -------------------------------- Config functions ------------------------------ //
// -----------------------------------------------------------------------------------//
//
RsSerialiser *AuthGPG::setupSerialiser()
RsSerialiser *AuthGPGimpl::setupSerialiser()
{
RsSerialiser *rss = new RsSerialiser ;
rss->addSerialType(new RsGeneralConfigSerialiser());
return rss ;
}
std::list<RsItem*> AuthGPG::saveList(bool& cleanup)
std::list<RsItem*> AuthGPGimpl::saveList(bool& cleanup)
{
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::saveList() called" << std::endl ;
std::cerr << "AuthGPGimpl::saveList() called" << std::endl ;
#endif
RsStackMutex stack(gpgMtx); /******* LOCKED ******/
@ -2193,7 +2172,7 @@ std::list<RsItem*> AuthGPG::saveList(bool& cleanup)
RsTlvKeyValue kv;
kv.key = mapIt->first;
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::saveList() called (mapIt->second) : " << (mapIt->second) << std::endl ;
std::cerr << "AuthGPGimpl::saveList() called (mapIt->second) : " << (mapIt->second) << std::endl ;
#endif
kv.value = (mapIt->second)?"TRUE":"FALSE" ;
vitem->tlvkvs.pairs.push_back(kv) ;
@ -2203,10 +2182,10 @@ std::list<RsItem*> AuthGPG::saveList(bool& cleanup)
return lst ;
}
bool AuthGPG::loadList(std::list<RsItem*> load)
bool AuthGPGimpl::loadList(std::list<RsItem*> load)
{
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::loadList() Item Count: " << load.size() << std::endl;
std::cerr << "AuthGPGimpl::loadList() Item Count: " << load.size() << std::endl;
#endif
storeAllKeys();
@ -2219,7 +2198,7 @@ bool AuthGPG::loadList(std::list<RsItem*> load)
if(vitem) {
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::loadList() General Variable Config Item:" << std::endl;
std::cerr << "AuthGPGimpl::loadList() General Variable Config Item:" << std::endl;
vitem->print(std::cerr, 10);
std::cerr << std::endl;
#endif
@ -2234,7 +2213,7 @@ bool AuthGPG::loadList(std::list<RsItem*> load)
certmap::iterator it;
if (mKeyList.end() != (it = mKeyList.find(kit->key))) {
#ifdef GPG_DEBUG
std::cerr << "AuthGPG::loadList() setting accept to : " << (kit->value == "TRUE");
std::cerr << "AuthGPGimpl::loadList() setting accept to : " << (kit->value == "TRUE");
std::cerr << " for gpg key id : " << kit->key << std::endl;
#endif
it->second.accept_connection = (kit->value == "TRUE");

372
libretroshare/src/pqi/authgpg.h
View File

@ -58,6 +58,8 @@ const time_t STORE_KEY_TIMEOUT = 60; //store key is call around every 60sec
* gpgcert is the identifier for a person.
* It is a wrapper class for a GPGme OpenPGP certificate.
*/
class AuthGPG;
class gpgcert
{
public:
@ -93,10 +95,254 @@ typedef std::map<std::string, gpgcert> certmap;
* This provides retroshare basic gpg functionality and
* key/web-of-trust management, also handle cert intialisation for retroshare
*/
class AuthGPG : public p3Config
extern void AuthGPGInit();
class AuthGPG
{
public:
//AuthGPG();
static AuthGPG *getAuthGPG();
/**
* @param ids list of gpg certificate ids (note, not the actual certificates)
*/
virtual bool availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids) = 0;
virtual bool printKeys() = 0;
/*********************************************************************************/
/************************* STAGE 1 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
* will be different. Just move the initialisation functions over....
*
* As GPGMe requires external calls to the GPG executable, which could potentially
* be expensive, We'll want to cache the GPG keys in this class.
* This should be done at initialisation, and saved in a map.
* (see storage at the end of the class)
*
****/
virtual bool active() = 0;
/* Initialize */
virtual bool InitAuth () = 0;
/* Init by generating new Own PGP Cert, or selecting existing PGP Cert */
virtual int GPGInit(std::string ownId) = 0;
virtual bool CloseAuth() = 0;
virtual bool GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString) = 0;
/*********************************************************************************/
/************************* STAGE 3 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 3: These are some of the most commonly used functions in Retroshare.
*
* More commonly used functions.
*
* provide access to details in cache list.
*
****/
virtual std::string getGPGName(GPG_id pgp_id) = 0;
virtual std::string getGPGEmail(GPG_id pgp_id) = 0;
/* PGP web of trust management */
virtual std::string getGPGOwnId() = 0;
virtual std::string getGPGOwnName() = 0;
//virtual std::string getGPGOwnEmail() = 0;
virtual bool getGPGDetails(std::string id, RsPeerDetails &d) = 0;
virtual bool getGPGAllList(std::list<std::string> &ids) = 0;
virtual bool getGPGValidList(std::list<std::string> &ids) = 0;
virtual bool getGPGAcceptedList(std::list<std::string> &ids) = 0;
virtual bool getGPGSignedList(std::list<std::string> &ids) = 0;
virtual bool isGPGValid(std::string id) = 0;
virtual bool isGPGSigned(std::string id) = 0;
virtual bool isGPGAccepted(std::string id) = 0;
virtual bool isGPGId(GPG_id id) = 0;
/*********************************************************************************/
/************************* STAGE 4 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
*
****/
virtual bool LoadCertificateFromString(std::string pem, std::string &gpg_id) = 0;
virtual std::string SaveCertificateToString(std::string id) = 0;
/*********************************************************************************/
/************************* STAGE 6 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 6: Authentication, Trust and Signing.
*
* This is some of the harder functions, but they should have been
* done in gpgroot already.
*
****/
virtual bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance) = 0; //don't act on the gpg key, use a seperate set
virtual bool SignCertificateLevel0(std::string id) = 0;
virtual bool RevokeCertificate(std::string id) = 0; /* Particularly hard - leave for later */
//virtual bool TrustCertificateNone(std::string id) = 0;
//virtual bool TrustCertificateMarginally(std::string id) = 0;
//virtual bool TrustCertificateFully(std::string id) = 0;
virtual bool TrustCertificate(std::string id, int trustlvl) = 0; //trustlvl is 2 for none, 3 for marginal and 4 for full trust
/*********************************************************************************/
/************************* STAGE 7 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 7: Signing Data.
*
* There should also be Encryption Functions... (do later).
*
****/
//virtual bool SignData(std::string input, std::string &sign) = 0;
//virtual bool SignData(const void *data, const uint32_t len, std::string &sign) = 0;
//virtual bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen) = 0;
virtual bool SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen) = 0;
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint) = 0;
virtual bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN) = 0;
virtual bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER) = 0;
//END of PGP public functions
};
/* The real implementation! */
class AuthGPGimpl : public AuthGPG, public p3Config
{
public:
AuthGPGimpl();
~AuthGPGimpl();
/**
* @param ids list of gpg certificate ids (note, not the actual certificates)
*/
virtual bool availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids);
virtual bool printKeys();
/*********************************************************************************/
/************************* STAGE 1 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
* will be different. Just move the initialisation functions over....
*
* As GPGMe requires external calls to the GPG executable, which could potentially
* be expensive, We'll want to cache the GPG keys in this class.
* This should be done at initialisation, and saved in a map.
* (see storage at the end of the class)
*
****/
virtual bool active();
/* Initialize */
virtual bool InitAuth ();
/* Init by generating new Own PGP Cert, or selecting existing PGP Cert */
virtual int GPGInit(std::string ownId);
virtual bool CloseAuth();
virtual bool GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString);
/*********************************************************************************/
/************************* STAGE 3 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 3: These are some of the most commonly used functions in Retroshare.
*
* More commonly used functions.
*
* provide access to details in cache list.
*
****/
virtual std::string getGPGName(GPG_id pgp_id);
virtual std::string getGPGEmail(GPG_id pgp_id);
/* PGP web of trust management */
virtual std::string getGPGOwnId();
virtual std::string getGPGOwnName();
//virtual std::string getGPGOwnEmail();
virtual bool getGPGDetails(std::string id, RsPeerDetails &d);
virtual bool getGPGAllList(std::list<std::string> &ids);
virtual bool getGPGValidList(std::list<std::string> &ids);
virtual bool getGPGAcceptedList(std::list<std::string> &ids);
virtual bool getGPGSignedList(std::list<std::string> &ids);
virtual bool isGPGValid(std::string id);
virtual bool isGPGSigned(std::string id);
virtual bool isGPGAccepted(std::string id);
virtual bool isGPGId(GPG_id id);
/*********************************************************************************/
/************************* STAGE 4 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
*
****/
virtual bool LoadCertificateFromString(std::string pem, std::string &gpg_id);
virtual std::string SaveCertificateToString(std::string id);
/*********************************************************************************/
/************************* STAGE 6 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 6: Authentication, Trust and Signing.
*
* This is some of the harder functions, but they should have been
* done in gpgroot already.
*
****/
virtual bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance); //don't act on the gpg key, use a seperate set
virtual bool SignCertificateLevel0(std::string id);
virtual bool RevokeCertificate(std::string id); /* Particularly hard - leave for later */
//virtual bool TrustCertificateNone(std::string id);
//virtual bool TrustCertificateMarginally(std::string id);
//virtual bool TrustCertificateFully(std::string id);
virtual bool TrustCertificate(std::string id, int trustlvl); //trustlvl is 2 for none, 3 for marginal and 4 for full trust
/*********************************************************************************/
/************************* STAGE 7 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 7: Signing Data.
*
* There should also be Encryption Functions... (do later).
*
****/
//virtual bool SignData(std::string input, std::string &sign);
//virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
//virtual bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen);
virtual bool SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen);
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint);
virtual bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN);
virtual bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER);
//END of PGP public functions
protected:
/*****************************************************************/
/*********************** p3config ******************************/
/* Key Functions to be overloaded for Full Configuration */
virtual RsSerialiser *setupSerialiser();
virtual std::list<RsItem *> saveList(bool &cleanup);
virtual bool loadList(std::list<RsItem *> load);
/*****************************************************************/
private:
/* SKTAN */
//void showData(gpgme_data_t dh);
//void createDummyFriends(void); //NYI
/* Internal functions */
bool DoOwnSignature(const void *, unsigned int, void *, unsigned int *);
bool VerifySignature(const void *data, int datalen, const void *sig, unsigned int siglen, std::string withfingerprint);
@ -116,130 +362,6 @@ class AuthGPG : public p3Config
bool printAllKeys_locked();
bool printOwnKeys_locked();
public:
AuthGPG();
~AuthGPG();
/**
* @param ids list of gpg certificate ids (note, not the actual certificates)
*/
bool availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids);
/* SKTAN */
void showData(gpgme_data_t dh);
void createDummyFriends(void); //NYI
bool printKeys();
/*********************************************************************************/
/************************* STAGE 1 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
* will be different. Just move the initialisation functions over....
*
* As GPGMe requires external calls to the GPG executable, which could potentially
* be expensive, We'll want to cache the GPG keys in this class.
* This should be done at initialisation, and saved in a map.
* (see storage at the end of the class)
*
****/
bool active();
/* Initialize */
bool InitAuth ();
/* Init by generating new Own PGP Cert, or selecting existing PGP Cert */
int GPGInit(std::string ownId);
bool CloseAuth();
bool GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString);
/*********************************************************************************/
/************************* STAGE 3 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 3: These are some of the most commonly used functions in Retroshare.
*
* More commonly used functions.
*
* provide access to details in cache list.
*
****/
std::string getGPGName(GPG_id pgp_id);
std::string getGPGEmail(GPG_id pgp_id);
/* PGP web of trust management */
std::string getGPGOwnId();
std::string getGPGOwnName();
std::string getGPGOwnEmail();
bool getGPGDetails(std::string id, RsPeerDetails &d);
bool getGPGAllList(std::list<std::string> &ids);
bool getGPGValidList(std::list<std::string> &ids);
bool getGPGAcceptedList(std::list<std::string> &ids);
bool getGPGSignedList(std::list<std::string> &ids);
bool isGPGValid(std::string id);
bool isGPGSigned(std::string id);
bool isGPGAccepted(std::string id);
bool isGPGId(GPG_id id);
/*********************************************************************************/
/************************* STAGE 4 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
*
****/
bool LoadCertificateFromString(std::string pem, std::string &gpg_id);
std::string SaveCertificateToString(std::string id);
/*********************************************************************************/
/************************* STAGE 6 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 6: Authentication, Trust and Signing.
*
* This is some of the harder functions, but they should have been
* done in gpgroot already.
*
****/
bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance); //don't act on the gpg key, use a seperate set
bool SignCertificateLevel0(std::string id);
bool RevokeCertificate(std::string id); /* Particularly hard - leave for later */
bool TrustCertificateNone(std::string id);
bool TrustCertificateMarginally(std::string id);
bool TrustCertificateFully(std::string id);
bool TrustCertificate(std::string id, int trustlvl); //trustlvl is 2 for none, 3 for marginal and 4 for full trust
/*********************************************************************************/
/************************* STAGE 7 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 7: Signing Data.
*
* There should also be Encryption Functions... (do later).
*
****/
bool SignData(std::string input, std::string &sign);
bool SignData(const void *data, const uint32_t len, std::string &sign);
bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen);
bool SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen);
bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint);
bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN);
bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER);
//END of PGP public functions
static AuthGPG *getAuthGPG() throw() // pour obtenir l'instance
{ return instance_gpg; }
protected:
/*****************************************************************/
/*********************** p3config ******************************/
/* Key Functions to be overloaded for Full Configuration */
virtual RsSerialiser *setupSerialiser();
virtual std::list<RsItem *> saveList(bool &cleanup);
virtual bool loadList(std::list<RsItem *> load);
/*****************************************************************/
private:

368
libretroshare/src/pqi/authgpgtest.cc Normal file
View File

@ -0,0 +1,368 @@
/*
* libretroshare/src/ : authgpgtest.cc
*
* GPG interface for RetroShare.
*
* Copyright 2009-2010 by Robert Fernie.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License Version 2 as published by the Free Software Foundation.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA.
*
* Please report all bugs and problems to "retroshare@lunamutt.com".
*
* This is *THE* auth manager. It provides the web-of-trust via
* gpgme, and authenticates the certificates that are managed
* by the sublayer AuthSSL.
*
*/
#include "pqi/authgpgtest.h"
AuthGPGtest::AuthGPGtest()
{
mOwnGPGId = "TEST_DUMMY_OWN_GPG_ID";
return;
}
/**
* @param ids list of gpg certificate ids (note, not the actual certificates)
*/
bool AuthGPGtest::availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids)
{
std::cerr << "AuthGPGtest::availableGPGCertificatesWithPrivateKeys()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::printKeys()
{
std::cerr << "AuthGPGtest::printKeys()";
std::cerr << std::endl;
return true;
}
/*********************************************************************************/
/************************* STAGE 1 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
* will be different. Just move the initialisation functions over....
*
* As GPGMe requires external calls to the GPG executable, which could potentially
* be expensive, We'll want to cache the GPG keys in this class.
* This should be done at initialisation, and saved in a map.
* (see storage at the end of the class)
*
****/
bool AuthGPGtest::active()
{
std::cerr << "AuthGPGtest::active()";
std::cerr << std::endl;
return true;
}
/* Initialize */
bool AuthGPGtest::InitAuth()
{
std::cerr << "AuthGPGtest::InitAuth()";
std::cerr << std::endl;
return true;
}
/* Init by generating new Own PGP Cert, or selecting existing PGP Cert */
int AuthGPGtest::GPGInit(std::string ownId)
{
std::cerr << "AuthGPGtest::GPGInit(): new OwnId: " << ownId;
std::cerr << std::endl;
mOwnGPGId = ownId;
return true;
}
bool AuthGPGtest::CloseAuth()
{
std::cerr << "AuthGPGtest::CloseAuth()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString)
{
std::cerr << "AuthGPGtest::GeneratePGPCertificate()";
std::cerr << std::endl;
return true;
}
/*********************************************************************************/
/************************* STAGE 3 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 3: These are some of the most commonly used functions in Retroshare.
*
* More commonly used functions.
*
* provide access to details in cache list.
*
****/
std::string AuthGPGtest::getGPGName(GPG_id pgp_id)
{
std::cerr << "AuthGPGtest::getGPGName()";
std::cerr << std::endl;
return "DUMMY_NAME";
}
std::string AuthGPGtest::getGPGEmail(GPG_id pgp_id)
{
std::cerr << "AuthGPGtest::getGPGEmail()";
std::cerr << std::endl;
return "DUMMY_EMAIL";
}
/* PGP web of trust management */
std::string AuthGPGtest::getGPGOwnId()
{
std::cerr << "AuthGPGtest::getGPGOwnId()";
std::cerr << std::endl;
return mOwnGPGId;
}
std::string AuthGPGtest::getGPGOwnName()
{
std::cerr << "AuthGPGtest::getGPGOwnName()";
std::cerr << std::endl;
return "DUMMY_OWN_NAME";
}
#if 0
std::string AuthGPGtest::getGPGOwnEmail()
{
std::cerr << "AuthGPGtest::getGPGOwnEmail()";
std::cerr << std::endl;
return "DUMMY_OWN_EMAIL";
}
#endif
bool AuthGPGtest::getGPGDetails(std::string id, RsPeerDetails &d)
{
std::cerr << "AuthGPGtest::getGPGDetails()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::getGPGAllList(std::list<std::string> &ids)
{
std::cerr << "AuthGPGtest::getGPGAllList()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::getGPGValidList(std::list<std::string> &ids)
{
std::cerr << "AuthGPGtest::getGPGValidList()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::getGPGAcceptedList(std::list<std::string> &ids)
{
std::cerr << "AuthGPGtest::getGPGAcceptedList()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::getGPGSignedList(std::list<std::string> &ids)
{
std::cerr << "AuthGPGtest::getGPGSignedList()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::isGPGValid(std::string id)
{
std::cerr << "AuthGPGtest::isGPGValid()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::isGPGSigned(std::string id)
{
std::cerr << "AuthGPGtest::isGPGSigned()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::isGPGAccepted(std::string id)
{
std::cerr << "AuthGPGtest::isGPGAccepted()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::isGPGId(GPG_id id)
{
std::cerr << "AuthGPGtest::isGPGId()";
std::cerr << std::endl;
return true;
}
/*********************************************************************************/
/************************* STAGE 4 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
*
****/
bool AuthGPGtest::LoadCertificateFromString(std::string pem, std::string &gpg_id)
{
std::cerr << "AuthGPGtest::LoadCertificateFromString()";
std::cerr << std::endl;
return false;
}
std::string AuthGPGtest::SaveCertificateToString(std::string id)
{
std::cerr << "AuthGPGtest::SaveCertificateToString()";
std::cerr << std::endl;
return "NOT_A_CERTIFICATE";
}
/*********************************************************************************/
/************************* STAGE 6 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 6: Authentication, Trust and Signing.
*
* This is some of the harder functions, but they should have been
* done in gpgroot already.
*
****/
bool AuthGPGtest::setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance)
{
std::cerr << "AuthGPGtest::setAcceptToConnectGPGCertificate()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::SignCertificateLevel0(std::string id)
{
std::cerr << "AuthGPGtest::SignCertificateLevel0()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::RevokeCertificate(std::string id)
{
std::cerr << "AuthGPGtest::RevokeCertificate()";
std::cerr << std::endl;
return true;
}
#if 0
bool AuthGPGtest::TrustCertificateNone(std::string id)
{
std::cerr << "AuthGPGtest::TrustCertificateNone()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::TrustCertificateMarginally(std::string id)
{
std::cerr << "AuthGPGtest::TrustCertificateMarginally()";
std::cerr << std::endl;
return true;
}
bool AuthGPGtest::TrustCertificateFully(std::string id)
{
std::cerr << "AuthGPGtest::TrustCertificateFully()";
std::cerr << std::endl;
return true;
}
#endif
bool AuthGPGtest::TrustCertificate(std::string id, int trustlvl)
{
std::cerr << "AuthGPGtest::TrustCertificate()";
std::cerr << std::endl;
return true;
}
/*********************************************************************************/
/************************* STAGE 7 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 7: Signing Data.
*
* There should also be Encryption Functions... (do later).
*
****/
#if 0
bool AuthGPGtest::SignData(std::string input, std::string &sign)
{
std::cerr << "AuthGPGtest::SignData()";
std::cerr << std::endl;
return false;
}
bool AuthGPGtest::SignData(const void *data, const uint32_t len, std::string &sign)
{
std::cerr << "AuthGPGtest::SignData()";
std::cerr << std::endl;
return false;
}
bool AuthGPGtest::SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen)
{
std::cerr << "AuthGPGtest::SignDataBin()";
std::cerr << std::endl;
return false;
}
#endif
bool AuthGPGtest::SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen)
{
std::cerr << "AuthGPGtest::SignDataBin()";
std::cerr << std::endl;
return false;
}
bool AuthGPGtest::VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint)
{
std::cerr << "AuthGPGtest::VerifySignBin()";
std::cerr << std::endl;
return false;
}
bool AuthGPGtest::decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN)
{
std::cerr << "AuthGPGtest::decryptText()";
std::cerr << std::endl;
return false;
}
bool AuthGPGtest::encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER)
{
std::cerr << "AuthGPGtest::encryptText()";
std::cerr << std::endl;
return false;
}

153
libretroshare/src/pqi/authgpgtest.h Normal file
View File

@ -0,0 +1,153 @@
/*
* libretroshare/src/ : authgpgtest.h
*
* GPG interface for RetroShare.
*
* Copyright 2009-2010 by Robert Fernie.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License Version 2 as published by the Free Software Foundation.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA.
*
* Please report all bugs and problems to "retroshare@lunamutt.com".
*
* This is *THE* auth manager. It provides the web-of-trust via
* gpgme, and authenticates the certificates that are managed
* by the sublayer AuthSSL.
*
*/
#ifndef RS_GPG_AUTH_TEST_HEADER
#define RS_GPG_AUTH_TEST_HEADER
#include "pqi/authgpg.h"
/* override the default AuthGPG */
void setAuthGPG(AuthGPG *newgpg);
class AuthGPGtest: public AuthGPG
{
public:
AuthGPGtest();
/**
* @param ids list of gpg certificate ids (note, not the actual certificates)
*/
virtual bool availableGPGCertificatesWithPrivateKeys(std::list<std::string> &ids);
virtual bool printKeys();
/*********************************************************************************/
/************************* STAGE 1 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 1: Initialisation.... As we are switching to OpenPGP the init functions
* will be different. Just move the initialisation functions over....
*
* As GPGMe requires external calls to the GPG executable, which could potentially
* be expensive, We'll want to cache the GPG keys in this class.
* This should be done at initialisation, and saved in a map.
* (see storage at the end of the class)
*
****/
virtual bool active();
/* Initialize */
virtual bool InitAuth ();
/* Init by generating new Own PGP Cert, or selecting existing PGP Cert */
virtual int GPGInit(std::string ownId);
virtual bool CloseAuth();
virtual bool GeneratePGPCertificate(std::string name, std::string email, std::string passwd, std::string &pgpId, std::string &errString);
/*********************************************************************************/
/************************* STAGE 3 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 3: These are some of the most commonly used functions in Retroshare.
*
* More commonly used functions.
*
* provide access to details in cache list.
*
****/
virtual std::string getGPGName(GPG_id pgp_id);
virtual std::string getGPGEmail(GPG_id pgp_id);
/* PGP web of trust management */
virtual std::string getGPGOwnId();
virtual std::string getGPGOwnName();
//virtual std::string getGPGOwnEmail();
virtual bool getGPGDetails(std::string id, RsPeerDetails &d);
virtual bool getGPGAllList(std::list<std::string> &ids);
virtual bool getGPGValidList(std::list<std::string> &ids);
virtual bool getGPGAcceptedList(std::list<std::string> &ids);
virtual bool getGPGSignedList(std::list<std::string> &ids);
virtual bool isGPGValid(std::string id);
virtual bool isGPGSigned(std::string id);
virtual bool isGPGAccepted(std::string id);
virtual bool isGPGId(GPG_id id);
/*********************************************************************************/
/************************* STAGE 4 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 4: Loading and Saving Certificates. (Strings and Files)
*
****/
virtual bool LoadCertificateFromString(std::string pem, std::string &gpg_id);
virtual std::string SaveCertificateToString(std::string id);
/*********************************************************************************/
/************************* STAGE 6 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 6: Authentication, Trust and Signing.
*
* This is some of the harder functions, but they should have been
* done in gpgroot already.
*
****/
virtual bool setAcceptToConnectGPGCertificate(std::string gpg_id, bool acceptance); //don't act on the gpg key, use a seperate set
virtual bool SignCertificateLevel0(std::string id);
virtual bool RevokeCertificate(std::string id); /* Particularly hard - leave for later */
//virtual bool TrustCertificateNone(std::string id);
//virtual bool TrustCertificateMarginally(std::string id);
//virtual bool TrustCertificateFully(std::string id);
virtual bool TrustCertificate(std::string id, int trustlvl); //trustlvl is 2 for none, 3 for marginal and 4 for full trust
/*********************************************************************************/
/************************* STAGE 7 ***********************************************/
/*********************************************************************************/
/*****
* STAGE 7: Signing Data.
*
* There should also be Encryption Functions... (do later).
*
****/
//virtual bool SignData(std::string input, std::string &sign);
//virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
//virtual bool SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen);
virtual bool SignDataBin(const void *data, const uint32_t len, unsigned char *sign, unsigned int *signlen);
virtual bool VerifySignBin(const void*, uint32_t, unsigned char*, unsigned int, std::string withfingerprint);
virtual bool decryptText(gpgme_data_t CIPHER, gpgme_data_t PLAIN);
virtual bool encryptText(gpgme_data_t PLAIN, gpgme_data_t CIPHER);
//END of PGP public functions
private:
std::string mOwnGPGId;
};
#endif

196
libretroshare/src/pqi/authssl.cc
View File

@ -35,6 +35,7 @@
#include "pqinetwork.h"
#include "authgpg.h"
#include "pqi/p3connmgr.h"
#include "serialiser/rsconfigitems.h"
/******************** notify of new Cert **************************/
#include "pqinotify.h"
@ -52,6 +53,31 @@
* #define AUTHSSL_DEBUG 1
***/
// initialisation du pointeur de singleton à zéro
static AuthSSL *instance_ssl = NULL;
/* hidden function - for testing purposes() */
void setAuthSSL(AuthSSL *newssl)
{
instance_ssl = newssl;
}
void AuthSSLInit()
{
instance_ssl = new AuthSSLimpl();
}
AuthSSL *AuthSSL::getAuthSSL()
{
return instance_ssl;
}
AuthSSL::AuthSSL()
{
return;
}
/********************************************************************************/
/********************************************************************************/
/********************* Cert Search / Add / Remove **************************/
@ -61,10 +87,6 @@
static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx);
// initialisation du pointeur de singleton à zéro
AuthSSL *AuthSSL::instance_ssl = new AuthSSL();
sslcert::sslcert(X509 *x509, std::string pid)
{
certificate = x509;
@ -99,23 +121,23 @@ sslcert::sslcert(X509 *x509, std::string pid)
/********************************************************************************/
AuthSSL::AuthSSL()
AuthSSLimpl::AuthSSLimpl()
: p3Config(CONFIG_TYPE_AUTHSSL), sslctx(NULL),
mOwnCert(NULL), mOwnPrivateKey(NULL), mOwnPublicKey(NULL), init(0)
{
}
bool AuthSSL::active()
bool AuthSSLimpl::active()
{
return init;
}
int AuthSSL::InitAuth(const char *cert_file, const char *priv_key_file,
int AuthSSLimpl::InitAuth(const char *cert_file, const char *priv_key_file,
const char *passwd)
{
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::InitAuth()";
std::cerr << "AuthSSLimpl::InitAuth()";
std::cerr << std::endl;
#endif
@ -131,7 +153,7 @@ static int initLib = 0;
if (init == 1)
{
std::cerr << "AuthSSL::InitAuth already initialized." << std::endl;
std::cerr << "AuthSSLimpl::InitAuth already initialized." << std::endl;
return 1;
}
@ -171,7 +193,7 @@ static int initLib = 0;
if (x509 == NULL)
{
std::cerr << "AuthSSL::InitAuth() PEM_read_X509() Failed";
std::cerr << "AuthSSLimpl::InitAuth() PEM_read_X509() Failed";
std::cerr << std::endl;
return -1;
}
@ -192,7 +214,7 @@ static int initLib = 0;
if (mOwnPrivateKey == NULL)
{
std::cerr << "AuthSSL::InitAuth() PEM_read_PrivateKey() Failed";
std::cerr << "AuthSSLimpl::InitAuth() PEM_read_PrivateKey() Failed";
std::cerr << std::endl;
return -1;
}
@ -210,7 +232,7 @@ static int initLib = 0;
if (!getX509id(x509, mOwnId))
{
std::cerr << "AuthSSL::InitAuth() getX509id() Failed";
std::cerr << "AuthSSLimpl::InitAuth() getX509id() Failed";
std::cerr << std::endl;
/* bad certificate */
@ -224,7 +246,7 @@ static int initLib = 0;
if (!validateOwnCertificate(x509, mOwnPrivateKey))
{
std::cerr << "AuthSSL::InitAuth() validateOwnCertificate() Failed";
std::cerr << "AuthSSLimpl::InitAuth() validateOwnCertificate() Failed";
std::cerr << std::endl;
/* bad certificate */
@ -249,7 +271,7 @@ static int initLib = 0;
}
/* Dummy function to be overloaded by real implementation */
bool AuthSSL::validateOwnCertificate(X509 *x509, EVP_PKEY *pkey)
bool AuthSSLimpl::validateOwnCertificate(X509 *x509, EVP_PKEY *pkey)
{
(void) pkey; /* remove unused parameter warning */
@ -261,10 +283,10 @@ bool AuthSSL::validateOwnCertificate(X509 *x509, EVP_PKEY *pkey)
return true;
}
bool AuthSSL::CloseAuth()
bool AuthSSLimpl::CloseAuth()
{
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::CloseAuth()";
std::cerr << "AuthSSLimpl::CloseAuth()";
std::cerr << std::endl;
#endif
SSL_CTX_free(sslctx);
@ -276,35 +298,35 @@ bool AuthSSL::CloseAuth()
}
/* Context handling */
SSL_CTX *AuthSSL::getCTX()
SSL_CTX *AuthSSLimpl::getCTX()
{
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::getCTX()";
std::cerr << "AuthSSLimpl::getCTX()";
std::cerr << std::endl;
#endif
return sslctx;
}
std::string AuthSSL::OwnId()
std::string AuthSSLimpl::OwnId()
{
#ifdef AUTHSSL_DEBUG
// std::cerr << "AuthSSL::OwnId()" << std::endl;
// std::cerr << "AuthSSLimpl::OwnId()" << std::endl;
#endif
return mOwnId;
}
std::string AuthSSL::getOwnLocation()
std::string AuthSSLimpl::getOwnLocation()
{
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::OwnId()" << std::endl;
std::cerr << "AuthSSLimpl::OwnId()" << std::endl;
#endif
return mOwnCert->location;
}
std::string AuthSSL::SaveOwnCertificateToString()
std::string AuthSSLimpl::SaveOwnCertificateToString()
{
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::SaveOwnCertificateToString() " << std::endl;
std::cerr << "AuthSSLimpl::SaveOwnCertificateToString() " << std::endl;
#endif
return saveX509ToPEM(mOwnCert->certificate);
}
@ -315,12 +337,12 @@ std::string AuthSSL::SaveOwnCertificateToString()
/********************************************************************************/
/********************************************************************************/
bool AuthSSL::SignData(std::string input, std::string &sign)
bool AuthSSLimpl::SignData(std::string input, std::string &sign)
{
return SignData(input.c_str(), input.length(), sign);
}
bool AuthSSL::SignData(const void *data, const uint32_t len, std::string &sign)
bool AuthSSLimpl::SignData(const void *data, const uint32_t len, std::string &sign)
{
RsStackMutex stack(sslMtx); /***** STACK LOCK MUTEX *****/
@ -369,12 +391,12 @@ bool AuthSSL::SignData(const void *data, const uint32_t len, std::string &sign)
return true;
}
bool AuthSSL::SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen)
bool AuthSSLimpl::SignDataBin(std::string input, unsigned char *sign, unsigned int *signlen)
{
return SignDataBin(input.c_str(), input.length(), sign, signlen);
}
bool AuthSSL::SignDataBin(const void *data, const uint32_t len,
bool AuthSSLimpl::SignDataBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int *signlen)
{
RsStackMutex stack(sslMtx); /***** STACK LOCK MUTEX *****/
@ -382,7 +404,7 @@ bool AuthSSL::SignDataBin(const void *data, const uint32_t len,
}
bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
bool AuthSSLimpl::VerifySignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen, SSL_id sslId)
{
/* find certificate.
@ -406,7 +428,7 @@ bool AuthSSL::VerifySignBin(const void *data, const uint32_t len,
return SSL_VerifySignBin(data, len, sign, signlen, peer->certificate);
}
bool AuthSSL::VerifyOwnSignBin(const void *data, const uint32_t len,
bool AuthSSLimpl::VerifyOwnSignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen)
{
return SSL_VerifySignBin(data, len, sign, signlen, mOwnCert->certificate);
@ -423,7 +445,7 @@ bool AuthSSL::VerifyOwnSignBin(const void *data, const uint32_t len,
* only using GPG functions - which lock themselves
*/
X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
X509 *AuthSSLimpl::SignX509ReqWithGPG(X509_REQ *req, long days)
{
/* Transform the X509_REQ into a suitable format to
* generate DIGEST hash. (for SSL to do grunt work)
@ -437,7 +459,7 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
X509 *x509 = X509_new();
if (x509 == NULL)
{
std::cerr << "AuthSSL::SignX509Req() FAIL" << std::endl;
std::cerr << "AuthSSLimpl::SignX509Req() FAIL" << std::endl;
return NULL;
}
@ -455,24 +477,24 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
(unsigned char *) "loc", -1, -1, 0);
****/
std::cerr << "AuthSSL::SignX509Req() Issuer name: " << AuthGPG::getAuthGPG()->getGPGOwnId() << std::endl;
std::cerr << "AuthSSLimpl::SignX509Req() Issuer name: " << AuthGPG::getAuthGPG()->getGPGOwnId() << std::endl;
BIGNUM *btmp = BN_new();
if (!BN_pseudo_rand(btmp, SERIAL_RAND_BITS, 0, 0))
{
std::cerr << "AuthSSL::SignX509Req() rand FAIL" << std::endl;
std::cerr << "AuthSSLimpl::SignX509Req() rand FAIL" << std::endl;
return NULL;
}
if (!BN_to_ASN1_INTEGER(btmp, serial))
{
std::cerr << "AuthSSL::SignX509Req() asn1 FAIL" << std::endl;
std::cerr << "AuthSSLimpl::SignX509Req() asn1 FAIL" << std::endl;
return NULL;
}
BN_free(btmp);
if (!X509_set_serialNumber(x509, serial))
{
std::cerr << "AuthSSL::SignX509Req() serial FAIL" << std::endl;
std::cerr << "AuthSSLimpl::SignX509Req() serial FAIL" << std::endl;
return NULL;
}
ASN1_INTEGER_free(serial);
@ -483,7 +505,7 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
if (!X509_set_issuer_name(x509, issuer_name))
{
std::cerr << "AuthSSL::SignX509Req() issue FAIL" << std::endl;
std::cerr << "AuthSSLimpl::SignX509Req() issue FAIL" << std::endl;
return NULL;
}
X509_NAME_free(issuer_name);
@ -491,26 +513,26 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
if (!X509_gmtime_adj(X509_get_notBefore(x509),0))
{
std::cerr << "AuthSSL::SignX509Req() notbefore FAIL" << std::endl;
std::cerr << "AuthSSLimpl::SignX509Req() notbefore FAIL" << std::endl;
return NULL;
}
if (!X509_gmtime_adj(X509_get_notAfter(x509), (long)60*60*24*days))
{
std::cerr << "AuthSSL::SignX509Req() notafter FAIL" << std::endl;
std::cerr << "AuthSSLimpl::SignX509Req() notafter FAIL" << std::endl;
return NULL;
}
if (!X509_set_subject_name(x509, X509_REQ_get_subject_name(req)))
{
std::cerr << "AuthSSL::SignX509Req() sub FAIL" << std::endl;
std::cerr << "AuthSSLimpl::SignX509Req() sub FAIL" << std::endl;
return NULL;
}
tmppkey = X509_REQ_get_pubkey(req);
if (!tmppkey || !X509_set_pubkey(x509,tmppkey))
{
std::cerr << "AuthSSL::SignX509Req() pub FAIL" << std::endl;
std::cerr << "AuthSSLimpl::SignX509Req() pub FAIL" << std::endl;
return NULL;
}
@ -569,7 +591,7 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
{
hashoutl=0;
sigoutl=0;
fprintf(stderr, "AuthSSL::SignX509Req: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE)\n");
fprintf(stderr, "AuthSSLimpl::SignX509Req: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE)\n");
goto err;
}
p=buf_in;
@ -584,7 +606,7 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
(unsigned int *)&hashoutl))
{
hashoutl=0;
fprintf(stderr, "AuthSSL::SignX509Req: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB)\n");
fprintf(stderr, "AuthSSLimpl::SignX509Req: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB)\n");
goto err;
}
@ -636,15 +658,15 @@ X509 *AuthSSL::SignX509ReqWithGPG(X509_REQ *req, long days)
* this is important - as it allows non-friends messages to be validated.
*/
bool AuthSSL::AuthX509WithGPG(X509 *x509)
bool AuthSSLimpl::AuthX509WithGPG(X509 *x509)
{
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "AuthSSL::AuthX509WithGPG() called\n");
fprintf(stderr, "AuthSSLimpl::AuthX509WithGPG() called\n");
#endif
if (!CheckX509Certificate(x509))
{
std::cerr << "AuthSSL::AuthX509() X509 NOT authenticated : Certificate failed basic checks" << std::endl;
std::cerr << "AuthSSLimpl::AuthX509() X509 NOT authenticated : Certificate failed basic checks" << std::endl;
return false;
}
@ -655,7 +677,7 @@ bool AuthSSL::AuthX509WithGPG(X509 *x509)
std::cerr << "Checking GPG issuer : " << issuer << std::endl ;
#endif
if (!AuthGPG::getAuthGPG()->getGPGDetails(issuer, pd)) {
std::cerr << "AuthSSL::AuthX509() X509 NOT authenticated : AuthGPG::getAuthGPG()->getGPGDetails() returned false." << std::endl;
std::cerr << "AuthSSLimpl::AuthX509() X509 NOT authenticated : AuthGPG::getAuthGPG()->getGPGDetails() returned false." << std::endl;
return false;
}
@ -696,7 +718,7 @@ bool AuthSSL::AuthX509WithGPG(X509 *x509)
if ((buf_in == NULL) || (buf_hashout == NULL) || (buf_sigout == NULL)) {
hashoutl=0;
sigoutl=0;
fprintf(stderr, "AuthSSL::AuthX509: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE)\n");
fprintf(stderr, "AuthSSLimpl::AuthX509: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_MALLOC_FAILURE)\n");
goto err;
}
p=buf_in;
@ -713,7 +735,7 @@ bool AuthSSL::AuthX509WithGPG(X509 *x509)
(unsigned int *)&hashoutl))
{
hashoutl=0;
fprintf(stderr, "AuthSSL::AuthX509: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB)\n");
fprintf(stderr, "AuthSSLimpl::AuthX509: ASN1err(ASN1_F_ASN1_SIGN,ERR_R_EVP_LIB)\n");
goto err;
}
@ -728,7 +750,7 @@ bool AuthSSL::AuthX509WithGPG(X509 *x509)
/* NOW check sign via GPG Functions */
//get the fingerprint of the key that is supposed to sign
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::AuthX509() verifying the gpg sig with keyprint : " << pd.fpr << std::endl;
std::cerr << "AuthSSLimpl::AuthX509() verifying the gpg sig with keyprint : " << pd.fpr << std::endl;
std::cerr << "Sigoutl = " << sigoutl << std::endl ;
std::cerr << "pd.fpr = " << pd.fpr << std::endl ;
std::cerr << "hashoutl = " << hashoutl << std::endl ;
@ -740,26 +762,26 @@ bool AuthSSL::AuthX509WithGPG(X509 *x509)
}
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::AuthX509() X509 authenticated" << std::endl;
std::cerr << "AuthSSLimpl::AuthX509() X509 authenticated" << std::endl;
#endif
return true;
err:
std::cerr << "AuthSSL::AuthX509() X509 NOT authenticated" << std::endl;
std::cerr << "AuthSSLimpl::AuthX509() X509 NOT authenticated" << std::endl;
return false;
}
/* validate + get id */
bool AuthSSL::ValidateCertificate(X509 *x509, std::string &peerId)
bool AuthSSLimpl::ValidateCertificate(X509 *x509, std::string &peerId)
{
/* check self signed */
if (!AuthX509WithGPG(x509))
{
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::ValidateCertificate() bad certificate.";
std::cerr << "AuthSSLimpl::ValidateCertificate() bad certificate.";
std::cerr << std::endl;
#endif
return false;
@ -767,14 +789,14 @@ bool AuthSSL::ValidateCertificate(X509 *x509, std::string &peerId)
if(!getX509id(x509, peerId))
{
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::ValidateCertificate() Cannot retrieve peer id from certificate..";
std::cerr << "AuthSSLimpl::ValidateCertificate() Cannot retrieve peer id from certificate..";
std::cerr << std::endl;
#endif
return false;
}
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::ValidateCertificate() good certificate.";
std::cerr << "AuthSSLimpl::ValidateCertificate() good certificate.";
std::cerr << std::endl;
#endif
@ -798,7 +820,7 @@ static int verify_x509_callback(int preverify_ok, X509_STORE_CTX *ctx)
}
int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
int AuthSSLimpl::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
{
char buf[256];
X509 *err_cert;
@ -809,7 +831,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
depth = X509_STORE_CTX_get_error_depth(ctx);
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::VerifyX509Callback(preverify_ok: " << preverify_ok
std::cerr << "AuthSSLimpl::VerifyX509Callback(preverify_ok: " << preverify_ok
<< " Err: " << err << " Depth: " << depth << std::endl;
#endif
@ -821,7 +843,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
X509_NAME_oneline(X509_get_subject_name(err_cert), buf, 256);
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::VerifyX509Callback: depth: " << depth << ":" << buf << std::endl;
std::cerr << "AuthSSLimpl::VerifyX509Callback: depth: " << depth << ":" << buf << std::endl;
#endif
@ -852,7 +874,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
if (!AuthX509WithGPG(X509_STORE_CTX_get_current_cert(ctx)))
{
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "AuthSSL::VerifyX509Callback() X509 not authenticated.\n");
fprintf(stderr, "AuthSSLimpl::VerifyX509Callback() X509 not authenticated.\n");
#endif
return false;
}
@ -860,7 +882,7 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
if (!AuthGPG::getAuthGPG()->isGPGAccepted(pgpid))
{
#ifdef AUTHSSL_DEBUG
fprintf(stderr, "AuthSSL::VerifyX509Callback() pgp key not accepted : \n");
fprintf(stderr, "AuthSSLimpl::VerifyX509Callback() pgp key not accepted : \n");
fprintf(stderr, "issuer pgpid : ");
fprintf(stderr, "%s\n",pgpid.c_str());
fprintf(stderr, "\n AuthGPG::getAuthGPG()->getGPGOwnId() : ");
@ -889,9 +911,9 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
#ifdef AUTHSSL_DEBUG
if (preverify_ok) {
fprintf(stderr, "AuthSSL::VerifyX509Callback returned true.\n");
fprintf(stderr, "AuthSSLimpl::VerifyX509Callback returned true.\n");
} else {
fprintf(stderr, "AuthSSL::VerifyX509Callback returned false.\n");
fprintf(stderr, "AuthSSLimpl::VerifyX509Callback returned false.\n");
}
#endif
@ -906,12 +928,12 @@ int AuthSSL::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
/********************************************************************************/
bool AuthSSL::encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId)
bool AuthSSLimpl::encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId)
{
RsStackMutex stack(sslMtx); /******* LOCKED ******/
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::encrypt() called for peerId : " << peerId << " with inlen : " << inlen << std::endl;
std::cerr << "AuthSSLimpl::encrypt() called for peerId : " << peerId << " with inlen : " << inlen << std::endl;
#endif
//TODO : use ssl to crypt the binary input buffer
// out = malloc(inlen);
@ -924,7 +946,7 @@ bool AuthSSL::encrypt(void *&out, int &outlen, const void *in, int inlen, std
} else {
if (!mCerts[peerId]) {
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::encrypt() public key not found." << std::endl;
std::cerr << "AuthSSLimpl::encrypt() public key not found." << std::endl;
#endif
return false;
} else {
@ -1000,7 +1022,7 @@ bool AuthSSL::encrypt(void *&out, int &outlen, const void *in, int inlen, std
delete[] ek;
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::encrypt() finished with outlen : " << outlen << std::endl;
std::cerr << "AuthSSLimpl::encrypt() finished with outlen : " << outlen << std::endl;
#endif
//free(ek);
@ -1010,14 +1032,14 @@ bool AuthSSL::encrypt(void *&out, int &outlen, const void *in, int inlen, std
return true;
}
bool AuthSSL::decrypt(void *&out, int &outlen, const void *in, int inlen)
bool AuthSSLimpl::decrypt(void *&out, int &outlen, const void *in, int inlen)
{
RsStackMutex stack(sslMtx); /******* LOCKED ******/
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::decrypt() called with inlen : " << inlen << std::endl;
std::cerr << "AuthSSLimpl::decrypt() called with inlen : " << inlen << std::endl;
#endif
//TODO : use ssl to decrypt the binary input buffer
// out = malloc(inlen);
@ -1112,7 +1134,7 @@ bool AuthSSL::decrypt(void *&out, int &outlen, const void *in, int inlen)
delete[] encryptKey;
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::decrypt() finished with outlen : " << outlen << std::endl;
std::cerr << "AuthSSLimpl::decrypt() finished with outlen : " << outlen << std::endl;
#endif
return true;
@ -1126,7 +1148,7 @@ bool AuthSSL::decrypt(void *&out, int &outlen, const void *in, int inlen)
/********************************************************************************/
/* store for discovery */
bool AuthSSL::FailedCertificate(X509 *x509, bool incoming)
bool AuthSSLimpl::FailedCertificate(X509 *x509, bool incoming)
{
(void) incoming; /* remove unused parameter warning */
@ -1139,7 +1161,7 @@ bool AuthSSL::FailedCertificate(X509 *x509, bool incoming)
return false;
}
bool AuthSSL::CheckCertificate(std::string id, X509 *x509)
bool AuthSSLimpl::CheckCertificate(std::string id, X509 *x509)
{
(void) id; /* remove unused parameter warning */
@ -1155,7 +1177,7 @@ bool AuthSSL::CheckCertificate(std::string id, X509 *x509)
/* Locked search -> internal help function */
bool AuthSSL::locked_FindCert(std::string id, sslcert **cert)
bool AuthSSLimpl::locked_FindCert(std::string id, sslcert **cert)
{
std::map<std::string, sslcert *>::iterator it;
@ -1170,7 +1192,7 @@ bool AuthSSL::locked_FindCert(std::string id, sslcert **cert)
/* Remove Certificate */
bool AuthSSL::RemoveX509(std::string id)
bool AuthSSLimpl::RemoveX509(std::string id)
{
std::map<std::string, sslcert *>::iterator it;
@ -1193,13 +1215,13 @@ bool AuthSSL::RemoveX509(std::string id)
}
bool AuthSSL::LocalStoreCert(X509* x509)
bool AuthSSLimpl::LocalStoreCert(X509* x509)
{
//store the certificate in the local cert list
std::string peerId;
if(!getX509id(x509, peerId))
{
std::cerr << "AuthSSL::LocalStoreCert() Cannot retrieve peer id from certificate." << std::endl;
std::cerr << "AuthSSLimpl::LocalStoreCert() Cannot retrieve peer id from certificate." << std::endl;
#ifdef AUTHSSL_DEBUG
#endif
return false;
@ -1211,7 +1233,7 @@ bool AuthSSL::LocalStoreCert(X509* x509)
if (peerId == mOwnId)
{
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::LocalStoreCert() not storing own certificate" << std::endl;
std::cerr << "AuthSSLimpl::LocalStoreCert() not storing own certificate" << std::endl;
#endif
return false;
}
@ -1228,7 +1250,7 @@ bool AuthSSL::LocalStoreCert(X509* x509)
if (0 != X509_cmp(cert->certificate, x509))
{
/* MAJOR ERROR */
std::cerr << "ERROR : AuthSSL::LocalStoreCert() got two ssl certificates with identical ids -> dropping second";
std::cerr << "ERROR : AuthSSLimpl::LocalStoreCert() got two ssl certificates with identical ids -> dropping second";
std::cerr << std::endl;
return false;
}
@ -1237,7 +1259,7 @@ bool AuthSSL::LocalStoreCert(X509* x509)
}
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::LocalStoreCert() storing certificate for " << peerId << std::endl;
std::cerr << "AuthSSLimpl::LocalStoreCert() storing certificate for " << peerId << std::endl;
#endif
mCerts[peerId] = new sslcert(X509_dup(x509), peerId);
@ -1254,17 +1276,17 @@ bool AuthSSL::LocalStoreCert(X509* x509)
/********************************************************************************/
RsSerialiser *AuthSSL::setupSerialiser()
RsSerialiser *AuthSSLimpl::setupSerialiser()
{
RsSerialiser *rss = new RsSerialiser ;
RsSerialiser *rss = new RsSerialiser();
rss->addSerialType(new RsGeneralConfigSerialiser());
return rss ;
}
std::list<RsItem*> AuthSSL::saveList(bool& cleanup)
std::list<RsItem*> AuthSSLimpl::saveList(bool& cleanup)
{
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::saveList() called" << std::endl ;
std::cerr << "AuthSSLimpl::saveList() called" << std::endl ;
#endif
RsStackMutex stack(sslMtx); /******* LOCKED ******/
@ -1283,7 +1305,7 @@ std::list<RsItem*> AuthSSL::saveList(bool& cleanup)
RsTlvKeyValue kv;
kv.key = mapIt->first;
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::saveList() called (mapIt->first) : " << (mapIt->first) << std::endl ;
std::cerr << "AuthSSLimpl::saveList() called (mapIt->first) : " << (mapIt->first) << std::endl ;
#endif
kv.value = saveX509ToPEM(mapIt->second->certificate);
vitem->tlvkvs.pairs.push_back(kv) ;
@ -1293,10 +1315,10 @@ std::list<RsItem*> AuthSSL::saveList(bool& cleanup)
return lst ;
}
bool AuthSSL::loadList(std::list<RsItem*> load)
bool AuthSSLimpl::loadList(std::list<RsItem*> load)
{
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::loadList() Item Count: " << load.size() << std::endl;
std::cerr << "AuthSSLimpl::loadList() Item Count: " << load.size() << std::endl;
#endif
/* load the list of accepted gpg keys */
@ -1306,7 +1328,7 @@ bool AuthSSL::loadList(std::list<RsItem*> load)
if(vitem) {
#ifdef AUTHSSL_DEBUG
std::cerr << "AuthSSL::loadList() General Variable Config Item:" << std::endl;
std::cerr << "AuthSSLimpl::loadList() General Variable Config Item:" << std::endl;
vitem->print(std::cerr, 10);
std::cerr << std::endl;
#endif

107
libretroshare/src/pqi/authssl.h
View File

@ -49,7 +49,7 @@
#include "pqi/pqi_base.h"
#include "pqi/pqinetwork.h"
#include "rsiface/rspeers.h"
//#include "rsiface/rspeers.h"
#include "pqi/p3cfgmgr.h"
typedef std::string SSL_id;
@ -86,13 +86,82 @@ class sslcert
X509* certificate;
};
/* required to install instance */
extern void AuthSSLInit();
class AuthSSL : public p3Config
class AuthSSL
{
public:
AuthSSL();
static AuthSSL *getAuthSSL();
/* Initialisation Functions (Unique) */
virtual bool validateOwnCertificate(X509 *x509, EVP_PKEY *pkey) = 0;
virtual bool active() = 0;
virtual int InitAuth(const char *srvr_cert, const char *priv_key,
const char *passwd) = 0;
virtual bool CloseAuth() = 0;
/*********** Overloaded Functions from p3AuthMgr **********/
/* get Certificate Id */
virtual std::string OwnId() = 0;
virtual std::string getOwnLocation() = 0;
//virtual bool getAllList(std::list<std::string> &ids);
//virtual bool getAuthenticatedList(std::list<std::string> &ids);
//virtual bool getUnknownList(std::list<std::string> &ids);
//virtual bool getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
/* get Details from the Certificates */
//virtual bool isAuthenticated(std::string id);
//virtual std::string getName(std::string id);
//virtual std::string getIssuerName(std::string id);
//virtual std::string getGPGId(SSL_id id);
//virtual bool getCertDetails(std::string id, sslcert &cert);
/* Load/Save certificates */
virtual std::string SaveOwnCertificateToString() = 0;
/* Sign / Encrypt / Verify Data */
virtual bool SignData(std::string input, std::string &sign) = 0;
virtual bool SignData(const void *data, const uint32_t len, std::string &sign) = 0;
virtual bool SignDataBin(std::string, unsigned char*, unsigned int*) = 0;
virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*) = 0;
virtual bool VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int) = 0;
virtual bool VerifySignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen, SSL_id sslId) = 0;
// return : false if encrypt failed
virtual bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId) = 0;
// return : false if decrypt fails
virtual bool decrypt(void *&out, int &outlen, const void *in, int inlen) = 0;
virtual X509* SignX509ReqWithGPG(X509_REQ *req, long days) = 0;
virtual bool AuthX509WithGPG(X509 *x509) = 0;
virtual int VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx) = 0;
virtual bool ValidateCertificate(X509 *x509, std::string &peerId) = 0; /* validate + get id */
public: /* SSL specific functions used in pqissl/pqissllistener */
virtual SSL_CTX *getCTX() = 0;
/* Restored these functions: */
virtual bool FailedCertificate(X509 *x509, bool incoming) = 0; /* store for discovery */
virtual bool CheckCertificate(std::string peerId, X509 *x509) = 0; /* check that they are exact match */
};
class AuthSSLimpl : public AuthSSL, public p3Config
{
public:
/* Initialisation Functions (Unique) */
AuthSSL();
AuthSSLimpl();
bool validateOwnCertificate(X509 *x509, EVP_PKEY *pkey);
virtual bool active();
@ -121,27 +190,27 @@ virtual std::string getOwnLocation();
virtual std::string SaveOwnCertificateToString();
/* Sign / Encrypt / Verify Data */
bool SignData(std::string input, std::string &sign);
bool SignData(const void *data, const uint32_t len, std::string &sign);
virtual bool SignData(std::string input, std::string &sign);
virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
bool SignDataBin(std::string, unsigned char*, unsigned int*);
bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
bool VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int);
bool VerifySignBin(const void *data, const uint32_t len,
virtual bool SignDataBin(std::string, unsigned char*, unsigned int*);
virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
virtual bool VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int);
virtual bool VerifySignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen, SSL_id sslId);
// return : false if encrypt failed
bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId);
virtual bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId);
// return : false if decrypt fails
bool decrypt(void *&out, int &outlen, const void *in, int inlen);
virtual bool decrypt(void *&out, int &outlen, const void *in, int inlen);
X509* SignX509ReqWithGPG(X509_REQ *req, long days);
bool AuthX509WithGPG(X509 *x509);
virtual X509* SignX509ReqWithGPG(X509_REQ *req, long days);
virtual bool AuthX509WithGPG(X509 *x509);
int VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx);
bool ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id */
virtual int VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx);
virtual bool ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id */
/*****************************************************************/
@ -153,14 +222,12 @@ bool ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id
/*****************************************************************/
public: /* SSL specific functions used in pqissl/pqissllistener */
SSL_CTX *getCTX();
virtual SSL_CTX *getCTX();
/* Restored these functions: */
bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */
bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
virtual bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */
virtual bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
static AuthSSL *getAuthSSL() throw() // pour obtenir l'instance
{ return instance_ssl; }
private:

223
libretroshare/src/pqi/authssltest.cc Normal file
View File

@ -0,0 +1,223 @@
/*
* libretroshare/src/pqi: authssltest.cc
*
* 3P/PQI network interface for RetroShare.
*
* Copyright 2004-2008 by Robert Fernie.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License Version 2 as published by the Free Software Foundation.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA.
*
* Please report all bugs and problems to "retroshare@lunamutt.com".
*
*/
#include "pqi/authssltest.h"
AuthSSLtest::AuthSSLtest()
{
mOwnId = "abcdtestid12345678";
}
/* Initialisation Functions (Unique) */
bool AuthSSLtest::validateOwnCertificate(X509 *x509, EVP_PKEY *pkey)
{
std::cerr << "AuthSSLtest::validateOwnCertificate()";
std::cerr << std::endl;
return false;
}
bool AuthSSLtest::active()
{
std::cerr << "AuthSSLtest::active()";
std::cerr << std::endl;
return true;
}
int AuthSSLtest::InitAuth(const char *srvr_cert, const char *priv_key,
const char *passwd)
{
std::cerr << "AuthSSLtest::InitAuth()";
std::cerr << std::endl;
return 1;
}
bool AuthSSLtest::CloseAuth()
{
std::cerr << "AuthSSLtest::AuthSSLtest::CloseAuth()";
std::cerr << std::endl;
return 1;
}
/*********** Overloaded Functions from p3AuthMgr **********/
/* get Certificate Id */
std::string AuthSSLtest::OwnId()
{
std::cerr << "AuthSSLtest::OwnId";
std::cerr << std::endl;
return mOwnId;
}
std::string AuthSSLtest::getOwnLocation()
{
std::cerr << "AuthSSLtest::getOwnLocation";
std::cerr << std::endl;
return "TestVersion";
}
//bool getAllList(std::list<std::string> &ids);
//bool getAuthenticatedList(std::list<std::string> &ids);
//bool getUnknownList(std::list<std::string> &ids);
//bool getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
/* get Details from the Certificates */
//bool isAuthenticated(std::string id);
//virtual std::string getName(std::string id);
//std::string getIssuerName(std::string id);
//std::string getGPGId(SSL_id id);
//bool getCertDetails(std::string id, sslcert &cert);
/* Load/Save certificates */
std::string AuthSSLtest::SaveOwnCertificateToString()
{
std::cerr << "AuthSSLtest::SaveOwnCertificateToString()";
std::cerr << std::endl;
return std::string();
}
/* Sign / Encrypt / Verify Data */
bool AuthSSLtest::SignData(std::string input, std::string &sign)
{
std::cerr << "AuthSSLtest::SignData()";
std::cerr << std::endl;
return false;
}
bool AuthSSLtest::SignData(const void *data, const uint32_t len, std::string &sign)
{
std::cerr << "AuthSSLtest::SignData()";
std::cerr << std::endl;
return false;
}
bool AuthSSLtest::SignDataBin(std::string, unsigned char*, unsigned int*)
{
std::cerr << "AuthSSLtest::SignDataBin()";
std::cerr << std::endl;
return false;
}
bool AuthSSLtest::SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*)
{
std::cerr << "AuthSSLtest::SignDataBin()";
std::cerr << std::endl;
return false;
}
bool AuthSSLtest::VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int)
{
std::cerr << "AuthSSLtest::VerifyOwnSignBin()";
std::cerr << std::endl;
return false;
}
bool AuthSSLtest::VerifySignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen, SSL_id sslId)
{
std::cerr << "AuthSSLtest::VerifySignBin()";
std::cerr << std::endl;
return false;
}
// return : false if encrypt failed
bool AuthSSLtest::encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId)
{
std::cerr << "AuthSSLtest::encrypt()";
std::cerr << std::endl;
return false;
}
// return : false if decrypt fails
bool AuthSSLtest::decrypt(void *&out, int &outlen, const void *in, int inlen)
{
std::cerr << "AuthSSLtest::decrypt()";
std::cerr << std::endl;
return false;
}
X509* AuthSSLtest::SignX509ReqWithGPG(X509_REQ *req, long days)
{
std::cerr << "AuthSSLtest::SignX509ReqWithGPG";
std::cerr << std::endl;
return NULL;
}
bool AuthSSLtest::AuthX509WithGPG(X509 *x509)
{
std::cerr << "AuthSSLtest::AuthX509WithGPG()";
std::cerr << std::endl;
return false;
}
int AuthSSLtest::VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx)
{
std::cerr << "AuthSSLtest::VerifyX509Callback()";
std::cerr << std::endl;
return 0;
}
bool AuthSSLtest::ValidateCertificate(X509 *x509, std::string &peerId)
{
std::cerr << "AuthSSLtest::ValidateCertificate()";
std::cerr << std::endl;
return false;
}
SSL_CTX *AuthSSLtest::getCTX()
{
std::cerr << "AuthSSLtest::getCTX()";
std::cerr << std::endl;
return NULL;
}
/* Restored these functions: */
bool AuthSSLtest::FailedCertificate(X509 *x509, bool incoming)
{
std::cerr << "AuthSSLtest::FailedCertificate()";
std::cerr << std::endl;
return false;
}
bool AuthSSLtest::CheckCertificate(std::string peerId, X509 *x509)
{
std::cerr << "AuthSSLtest::CheckCertificate()";
std::cerr << std::endl;
return false;
}

101
libretroshare/src/pqi/authssltest.h Normal file
View File

@ -0,0 +1,101 @@
/*
* libretroshare/src/pqi: authssltest.h
*
* 3P/PQI network interface for RetroShare.
*
* Copyright 2009-2010 by Robert Fernie.
*
* This library is free software; you can redistribute it and/or
* modify it under the terms of the GNU Library General Public
* License Version 2 as published by the Free Software Foundation.
*
* This library is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
* Library General Public License for more details.
*
* You should have received a copy of the GNU Library General Public
* License along with this library; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA.
*
* Please report all bugs and problems to "retroshare@lunamutt.com".
*
*/
#ifndef MRK_AUTH_SSL_TEST_HEADER
#define MRK_AUTH_SSL_TEST_HEADER
#include "pqi/authssl.h"
void setAuthSSL(AuthSSL *newssl);
class AuthSSLtest: public AuthSSL
{
public:
AuthSSLtest();
/* Initialisation Functions (Unique) */
virtual bool validateOwnCertificate(X509 *x509, EVP_PKEY *pkey);
virtual bool active();
virtual int InitAuth(const char *srvr_cert, const char *priv_key,
const char *passwd);
virtual bool CloseAuth();
/*********** Overloaded Functions from p3AuthMgr **********/
/* get Certificate Id */
virtual std::string OwnId();
virtual std::string getOwnLocation();
//virtual bool getAllList(std::list<std::string> &ids);
//virtual bool getAuthenticatedList(std::list<std::string> &ids);
//virtual bool getUnknownList(std::list<std::string> &ids);
//virtual bool getSSLChildListOfGPGId(std::string gpg_id, std::list<std::string> &ids);
/* get Details from the Certificates */
//virtual bool isAuthenticated(std::string id);
//virtual std::string getName(std::string id);
//virtual std::string getIssuerName(std::string id);
//virtual std::string getGPGId(SSL_id id);
//virtual bool getCertDetails(std::string id, sslcert &cert);
/* Load/Save certificates */
virtual std::string SaveOwnCertificateToString();
/* Sign / Encrypt / Verify Data */
virtual bool SignData(std::string input, std::string &sign);
virtual bool SignData(const void *data, const uint32_t len, std::string &sign);
virtual bool SignDataBin(std::string, unsigned char*, unsigned int*);
virtual bool SignDataBin(const void*, uint32_t, unsigned char*, unsigned int*);
virtual bool VerifyOwnSignBin(const void*, uint32_t, unsigned char*, unsigned int);
virtual bool VerifySignBin(const void *data, const uint32_t len,
unsigned char *sign, unsigned int signlen, SSL_id sslId);
// return : false if encrypt failed
virtual bool encrypt(void *&out, int &outlen, const void *in, int inlen, std::string peerId);
// return : false if decrypt fails
virtual bool decrypt(void *&out, int &outlen, const void *in, int inlen);
virtual X509* SignX509ReqWithGPG(X509_REQ *req, long days);
virtual bool AuthX509WithGPG(X509 *x509);
virtual int VerifyX509Callback(int preverify_ok, X509_STORE_CTX *ctx);
virtual bool ValidateCertificate(X509 *x509, std::string &peerId); /* validate + get id */
public: /* SSL specific functions used in pqissl/pqissllistener */
virtual SSL_CTX *getCTX();
/* Restored these functions: */
virtual bool FailedCertificate(X509 *x509, bool incoming); /* store for discovery */
virtual bool CheckCertificate(std::string peerId, X509 *x509); /* check that they are exact match */
private:
std::string mOwnId;
};
#endif // MRK_AUTH_SSL_TEST_HEADER

2170
libretroshare/src/pqi/p3connmgr.cc
View File

File diff suppressed because it is too large Load Diff

176
libretroshare/src/pqi/p3connmgr.h
View File

@ -27,12 +27,11 @@
#define MRK_PQI_CONNECTION_MANAGER_HEADER
#include "pqi/pqimonitor.h"
#include "serialiser/rsconfigitems.h"
#include "pqi/pqiipset.h"
//#include "pqi/p3dhtmgr.h"
//#include "pqi/p3upnpmgr.h"
#include "pqi/pqiassist.h"
#include "services/p3tunnel.h"
#include "pqi/p3cfgmgr.h"
@ -84,8 +83,9 @@ const uint32_t RS_NET_CONN_TUNNEL = 0x0f00;
const uint32_t RS_NET_CONN_TCP_LOCAL = 0x0001;
const uint32_t RS_NET_CONN_TCP_EXTERNAL = 0x0002;
const uint32_t RS_NET_CONN_TCP_UNKNOW_TOPOLOGY = 0x0003;
const uint32_t RS_NET_CONN_UDP = 0x0010;
const uint32_t RS_NET_CONN_TCP_UNKNOW_TOPOLOGY = 0x0004;
const uint32_t RS_NET_CONN_UDP_DHT_SYNC = 0x0010;
const uint32_t RS_NET_CONN_UDP_PEER_SYNC = 0x0020; /* coming soon */
/* extra flags */
// not sure if needed yet.
@ -96,8 +96,8 @@ const uint32_t RS_NET_CONN_UDP = 0x0010;
/* flags of peerStatus */
const uint32_t RS_NET_FLAGS_USE_DISC = 0x0001;
const uint32_t RS_NET_FLAGS_USE_DHT = 0x0002;
const uint32_t RS_NET_FLAGS_ONLINE = 0x0004;
const uint32_t RS_NET_FLAGS_USE_DHT = 0x0002;
const uint32_t RS_NET_FLAGS_ONLINE = 0x0004;
const uint32_t RS_NET_FLAGS_EXTERNAL_ADDR = 0x0008;
const uint32_t RS_NET_FLAGS_STABLE_UDP = 0x0010;
const uint32_t RS_NET_FLAGS_TRUSTS_ME = 0x0020;
@ -111,7 +111,7 @@ class peerAddrInfo
bool found;
uint32_t type;
struct sockaddr_in laddr, raddr;
pqiIpAddrSet addrs;
time_t ts;
};
@ -129,33 +129,16 @@ class peerConnectAddress
class peerConnectState
{
private:
std::list<IpAddressTimed> ipAddressList;
public:
peerConnectState(); /* init */
std::string id;
std::string gpg_id;
std::string id;
std::string gpg_id;
uint32_t netMode; /* EXT / UPNP / UDP / INVALID */
uint32_t visState; /* STD, GRAY, DARK */
//used to store friends ip lists
void sortIpAddressListBySeenTime(); //Sort the ip list ordering by seen time
std::list<IpAddressTimed> getIpAddressList(); //return the sorted ant purged list.
// The function that takes a list, can either merge the list into the
// existing list (default behavior), or only set the list to the new data,
// which might be used if the info is from an authoritative source.
//
void updateIpAddressList(const std::list<IpAddressTimed>& ipTimedList,bool merge=true);
void updateIpAddressList(const IpAddressTimed& ipTimed);
void printIpAddressList();
static bool is_same_address (const IpAddressTimed& first, const IpAddressTimed& second);
static void printIpAddressList(std::list<IpAddressTimed> ipTimedList);
static bool extractExtAddress(const std::list<IpAddressTimed>& ipAddressList, IpAddressTimed &resultAddress); //extract the last seen external address from the list
struct sockaddr_in localaddr, serveraddr;
//used to store current ip (for config and connection management)
struct sockaddr_in currentlocaladdr; /* Mandatory */
@ -164,6 +147,9 @@ class peerConnectState
time_t lastcontact;
/* list of addresses from various sources */
pqiIpAddrSet ipAddrs;
/***** Below here not stored permanently *****/
uint32_t connecttype; // RS_NET_CONN_TCP_ALL / RS_NET_CONN_UDP_ALL
@ -186,8 +172,37 @@ class peerConnectState
peerConnectAddress currentConnAddrAttempt;
std::list<peerConnectAddress> connAddrs;
};
class pqiNetStatus
{
public:
pqiNetStatus();
bool mLocalAddrOk; // Local address is not loopback.
bool mExtAddrOk; // have external address.
bool mExtAddrStableOk; // stable external address.
bool mUpnpOk; // upnp is ok.
bool mDhtOk; // dht is ok.
struct sockaddr_in mLocalAddr; // percieved ext addr.
struct sockaddr_in mExtAddr; // percieved ext addr.
bool mResetReq; // Not Used yet!.
void print(std::ostream &out);
bool NetOk() // minimum to believe network is okay.`
{
return (mLocalAddrOk && mExtAddrOk);
}
};
class p3tunnel;
std::string textPeerConnectState(peerConnectState &state);
@ -203,9 +218,9 @@ void tick();
void addNetAssistConnect(uint32_t type, pqiNetAssistConnect *);
void addNetAssistFirewall(uint32_t type, pqiNetAssistFirewall *);
bool checkNetAddress(); /* check our address is sensible */
void addNetListener(pqiNetListener *listener);
void addNetListener(pqiNetListener *listener);
bool checkNetAddress(); /* check our address is sensible */
/*************** External Control ****************/
bool shutdown(); /* blocking shutdown call */
@ -216,11 +231,12 @@ bool getUPnPState();
bool getUPnPEnabled();
bool getDHTEnabled();
bool getIPServersEnabled() { return use_extr_addr_finder ;}
bool getIPServersEnabled();
void setIPServersEnabled(bool b) ;
void getIPServersList(std::list<std::string>& ip_servers) ;
void setTunnelConnection(bool b) ;
bool getTunnelConnection() { return allow_tunnel_connection ;}
void setTunnelConnection(bool b);
bool getTunnelConnection();
bool getNetStatusLocalOk();
bool getNetStatusUpnpOk();
@ -228,11 +244,15 @@ bool getNetStatusDhtOk();
bool getNetStatusStunOk();
bool getNetStatusExtraAddressCheckOk();
bool getUpnpExtAddress(struct sockaddr_in &addr);
bool getExtFinderAddress(struct sockaddr_in &addr);
void getNetStatus(pqiNetStatus &status);
void setOwnNetConfig(uint32_t netMode, uint32_t visState);
bool setLocalAddress(std::string id, struct sockaddr_in addr);
bool setExtAddress(std::string id, struct sockaddr_in addr);
bool setDynDNS(std::string id, std::string dyndns);
bool updateAddressList(const std::string& id, const std::list<IpAddressTimed>& IpAddressTimedList,bool merge = true);
bool updateAddressList(const std::string& id, const pqiIpAddrSet &addrs);
bool setNetworkMode(std::string id, uint32_t netMode);
bool setVisState(std::string id, uint32_t visState);
@ -268,25 +288,17 @@ void addMonitor(pqiMonitor *mon);
void removeMonitor(pqiMonitor *mon);
/******* overloaded from pqiConnectCb *************/
virtual void peerStatus(std::string id,
struct sockaddr_in laddr, struct sockaddr_in raddr,
virtual void peerStatus(std::string id, const pqiIpAddrSet &addrs,
uint32_t type, uint32_t flags, uint32_t source);
virtual void peerConnectRequest(std::string id,
struct sockaddr_in raddr, uint32_t source);
virtual void stunStatus(std::string id, struct sockaddr_in raddr, uint32_t type, uint32_t flags);
//virtual void stunStatus(std::string id, struct sockaddr_in raddr, uint32_t type, uint32_t flags);
/****************** Connections *******************/
bool connectAttempt(std::string id, struct sockaddr_in &addr,
uint32_t &delay, uint32_t &period, uint32_t &type);
bool connectResult(std::string id, bool success, uint32_t flags, struct sockaddr_in remote_peer_address);
bool doNextAttempt(std::string id);
p3tunnel* getP3tunnel();
void setP3tunnel(p3tunnel *p3tun);
bool getUpnpExtAddress(struct sockaddr_in &addr);
bool getStunExtAddress(struct sockaddr_in &addr);
bool getExtFinderExtAddress(struct sockaddr_in &addr);
protected:
@ -307,9 +319,6 @@ bool netAssistFirewallPorts(uint16_t iport, uint16_t eport);
/* Assist Connect */
virtual bool netAssistFriend(std::string id, bool on);
virtual bool netAssistAddStun(std::string id);
virtual bool netAssistStun(bool on);
virtual bool netAssistNotify(std::string id);
virtual bool netAssistSetAddress( struct sockaddr_in &laddr,
struct sockaddr_in &eaddr,
uint32_t mode);
@ -327,7 +336,6 @@ void netDhtInit();
void netUdpInit();
void netStunInit();
void netStatusReset();
void netInit();
@ -338,17 +346,8 @@ void netExtCheck();
void netUpnpInit();
void netUpnpCheck();
void netExtFinderAddressCheck();
void netUnreachableCheck();
/* Udp / Stun functions */
void udpStunPeer(std::string id, struct sockaddr_in &addr);
void stunInit();
bool stunCheck();
void stunCollect(std::string id, struct sockaddr_in addr, uint32_t flags);
bool addBootstrapStunPeers();
void networkConsistencyCheck();
/* monitor control */
@ -356,10 +355,6 @@ void tickMonitors();
/* connect attempts */
bool retryConnectTCP(std::string id);
bool retryConnectNotify(std::string id);
/* temporary for testing */
//virtual void loadConfiguration() { return; }
protected:
/*****************************************************************/
@ -370,74 +365,47 @@ bool retryConnectNotify(std::string id);
virtual bool loadList(std::list<RsItem *> load);
/*****************************************************************/
#if 0
void setupOwnNetConfig(RsPeerConfigItem *item);
void addPeer(RsPeerConfigItem *item);
#endif
//void setupOwnNetConfig(RsPeerConfigItem *item);
//void addPeer(RsPeerConfigItem *item);
private:
// These should have there own Mutex Protection,
//p3tunnel *mP3tunnel;
ExtAddrFinder *mExtAddrFinder ;
p3tunnel *mP3tunnel;
uint32_t retry_period;
/* These are considered static from a MUTEX perspective */
std::map<uint32_t, pqiNetAssistFirewall *> mFwAgents;
std::map<uint32_t, pqiNetAssistConnect *> mDhts;
std::list<pqiNetListener *> mNetListeners;
RsMutex connMtx; /* protects below */
std::list<pqiNetListener *> mNetListeners;
void stopListeners();
void startListeners();
void netStatusReset_locked();
uint32_t mRetryPeriod;
time_t mNetInitTS;
uint32_t mNetStatus;
bool mListenerActive;
uint32_t mStunStatus;
uint32_t mStunFound;
bool mStunMoreRequired;
bool mStatusChanged;
std::list<pqiMonitor *> clients;
ExtAddrFinder *mExtAddrFinder ;
bool use_extr_addr_finder ;
bool allow_tunnel_connection ;
bool mUseExtAddrFinder;
bool mAllowTunnelConnection;
/* external Address determination */
//bool mUpnpAddrValid, mStunAddrValid;
//bool mStunAddrStable;
//struct sockaddr_in mUpnpExtAddr;
struct sockaddr_in mStunExtAddr;
/* network status flags (read by rsiface) */
bool netFlagLocalOk;
bool netFlagUpnpOk;
bool netFlagDhtOk;
bool netFlagStunOk;
bool netFlagExtraAddressCheckOk;
pqiNetStatus mNetFlags;
pqiNetStatus mOldNetFlags;
/* old network status flags in order to detect changes */
bool oldnetFlagLocalOk;
bool oldnetFlagUpnpOk;
bool oldnetFlagDhtOk;
bool oldnetFlagStunOk;
bool oldnetFlagExtraAddressCheckOk;
peerConnectState mOwnState;
public:
peerConnectState ownState;
protected:
void addPeer(std::string id, std::string name); /* tmp fn */
std::list<std::string> mStunList;
std::map<std::string, peerConnectState> mFriendList;
std::map<std::string, peerConnectState> mOthersList;
};

22
libretroshare/src/pqi/p3dhtmgr.cc
View File

@ -1756,14 +1756,28 @@ bool p3DhtMgr::dhtResultSearch(std::string idhash,
if (doCb)
{
std::list<IpAddressTimed> ipAddressList;
mConnCb->peerStatus(ent.id, ent.laddr, ent.raddr,
ent.type, 0, RS_CB_DHT);
pqiIpAddrSet addrs;
pqiIpAddress laddr;
laddr.mAddr = ent.laddr;
laddr.mSeenTime = time(NULL);
laddr.mSrc = RS_CB_DHT;
addrs.updateLocalAddrs(laddr);
pqiIpAddress eaddr;
eaddr.mAddr = ent.raddr;
eaddr.mSeenTime = time(NULL);
eaddr.mSrc = RS_CB_DHT;
addrs.updateExtAddrs(eaddr);
mConnCb->peerStatus(ent.id, addrs, ent.type, 0, RS_CB_DHT);
}
if (doStun)
{
mConnCb->stunStatus(idhash, raddr, type, stunFlags);
//mConnCb->stunStatus(idhash, raddr, type, stunFlags);
}
return true;

17
libretroshare/src/pqi/pqimonitor.cc
View File

@ -25,6 +25,7 @@
#include "pqi/pqimonitor.h"
#include "pqi/pqinetwork.h"
#include "pqi/pqiipset.h"
#include "util/rsprint.h"
/***** DUMMY Connect CB for testing *****/
@ -43,22 +44,20 @@ pqiConnectCbDummy::~pqiConnectCbDummy()
return;
}
void pqiConnectCbDummy::peerStatus(std::string id,
struct sockaddr_in laddr, struct sockaddr_in raddr,
void pqiConnectCbDummy::peerStatus(std::string id, const pqiIpAddrSet &addrs,
uint32_t type, uint32_t mode, uint32_t source)
{
std::cerr << "pqiConnectCbDummy::peerStatus()";
std::cerr << " id: " << id;
std::cerr << " laddr: " << inet_ntoa(laddr.sin_addr);
std::cerr << " lport: " << ntohs(laddr.sin_port);
std::cerr << " raddr: " << inet_ntoa(raddr.sin_addr);
std::cerr << " rport: " << ntohs(raddr.sin_port);
std::cerr << " type: " << type;
std::cerr << " mode: " << mode;
std::cerr << " source: " << source;
std::cerr << std::endl;
std::cerr << " addrs: ";
std::cerr << std::endl;
addrs.printAddrs(std::cerr);
std::cerr << std::endl;
}
void pqiConnectCbDummy::peerConnectRequest(std::string id,
@ -72,6 +71,7 @@ void pqiConnectCbDummy::peerConnectRequest(std::string id,
std::cerr << std::endl;
}
#if 0
void pqiConnectCbDummy::stunStatus(std::string id, struct sockaddr_in raddr,
uint32_t type, uint32_t flags)
{
@ -82,5 +82,6 @@ void pqiConnectCbDummy::stunStatus(std::string id, struct sockaddr_in raddr,
std::cerr << " flags: " << flags;
std::cerr << std::endl;
}
#endif

13
libretroshare/src/pqi/pqimonitor.h
View File

@ -34,6 +34,7 @@
#include <inttypes.h>
#include <string>
#include <list>
#include "pqi/pqiipset.h"
/************** Define Type/Mode/Source ***************/
@ -93,7 +94,7 @@ virtual ~pqiMonitor() { return; }
void setConnectionMgr(p3ConnectMgr *cm) { mConnMgr = cm; }
virtual void statusChange(const std::list<pqipeer> &plist) = 0;
//virtual void ownStatusChange(pqipeer &) { return; } // SIGNAL reset or similar.
//virtual void peerStatus(std::string id, uint32_t mode) = 0;
protected:
@ -107,14 +108,13 @@ class pqiConnectCb
{
public:
virtual ~pqiConnectCb() { return; }
virtual void peerStatus(std::string id,
struct sockaddr_in laddr, struct sockaddr_in raddr,
virtual void peerStatus(std::string id, const pqiIpAddrSet &addrs,
uint32_t type, uint32_t flags, uint32_t source) = 0;
virtual void peerConnectRequest(std::string id,
struct sockaddr_in raddr, uint32_t source) = 0;
virtual void stunStatus(std::string id, struct sockaddr_in raddr, uint32_t type, uint32_t flags) = 0;
//virtual void stunStatus(std::string id, struct sockaddr_in raddr, uint32_t type, uint32_t flags) = 0;
};
@ -124,14 +124,13 @@ class pqiConnectCbDummy: public pqiConnectCb
public:
pqiConnectCbDummy();
virtual ~pqiConnectCbDummy();
virtual void peerStatus(std::string id,
struct sockaddr_in laddr, struct sockaddr_in raddr,
virtual void peerStatus(std::string id, const pqiIpAddrSet &addrs,
uint32_t type, uint32_t mode, uint32_t source);
virtual void peerConnectRequest(std::string id,
struct sockaddr_in raddr, uint32_t source);
virtual void stunStatus(std::string id, struct sockaddr_in raddr, uint32_t type, uint32_t flags);
//virtual void stunStatus(std::string id, struct sockaddr_in raddr, uint32_t type, uint32_t flags);
};

4
libretroshare/src/pqi/pqiperson.cc
View File

@ -408,6 +408,10 @@ int pqiperson::connect(uint32_t type, struct sockaddr_in raddr, uint32_t delay,
std::cerr << out.str();
//pqioutput(PQL_DEBUG_BASIC, pqipersonzone, out.str());
#endif
/* notify of fail! */
pqipg->notifyConnect(PeerId(), type, false, raddr);
return 0;
}

2
libretroshare/src/pqi/pqiperson.h
View File

@ -50,7 +50,7 @@ class pqiconnect: public pqistreamer, public NetInterface
public:
pqiconnect(RsSerialiser *rss, NetBinInterface *ni_in)
:pqistreamer(rss, ni_in->PeerId(), ni_in, 0), // pqistreamer will cleanup NetInterface.
NetInterface(NULL, ni_in->PeerId()), // No need for callback.
NetInterface(NULL, ni_in->PeerId()), // No need for callback
ni(ni_in)
{
if (!ni_in)

8
libretroshare/src/pqi/pqipersongrp.cc
View File

@ -479,12 +479,18 @@ int pqipersongrp::connectPeer(std::string id)
ptype = PQI_CONNECT_TUNNEL;
timeout = period * 2;
#ifdef PGRP_DEBUG
std::cerr << " pqipersongrp::connectPeer() connecting with UDP: Timeout :" << timeout;
std::cerr << " pqipersongrp::connectPeer() connecting with Tunnel: Timeout :" << timeout;
std::cerr << std::endl;
#endif
}
else
{
#ifdef PGRP_DEBUG
std::cerr << " pqipersongrp::connectPeer() Ignoring Unknown Type:" << type;
std::cerr << std::endl;
#endif
return 0;
}
p->connect(ptype, addr, delay, period, timeout);

4
libretroshare/src/pqi/pqissltunnel.cc
View File

@ -90,7 +90,7 @@ const int pqisslzone = 37714;
*
*/
pqissltunnel::pqissltunnel(PQInterface *parent, p3ConnectMgr *cm)
pqissltunnel::pqissltunnel(PQInterface *parent, p3ConnectMgr *cm, p3tunnel *p3t)
:NetBinInterface(parent, parent->PeerId()), mConnMgr(cm)
{
active = false;
@ -108,7 +108,7 @@ pqissltunnel::pqissltunnel(PQInterface *parent, p3ConnectMgr *cm)
// rslog(RSL_ALERT, pqisslzone,
// "\t pqissltunnel will not initialise....");
// }
mP3tunnel = mConnMgr->getP3tunnel();
mP3tunnel = p3t;
current_data_offset = 0;
curent_data_packet.length = 0;

2
libretroshare/src/pqi/pqissltunnel.h
View File

@ -74,7 +74,7 @@ struct data_with_length {
class pqissltunnel: public NetBinInterface
{
public:
pqissltunnel(PQInterface *parent, p3ConnectMgr *cm);
pqissltunnel(PQInterface *parent, p3ConnectMgr *cm, p3tunnel *p3t);
virtual ~pqissltunnel();
// NetInterface