mirror of
https://github.com/RetroShare/RetroShare.git
synced 2024-10-01 02:35:48 -04:00
935745a08e
git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@246 b45a01b8-16f6-495d-af2f-9b41ad6348cc
196 lines
4.8 KiB
C++
196 lines
4.8 KiB
C++
#ifndef MRK_SSL_CERT_HEADER
|
|
#define MRK_SSL_CERT_HEADER
|
|
|
|
/*
|
|
* Core PQI networking: sslcert.h
|
|
*
|
|
* 3P/PQI network interface for RetroShare.
|
|
*
|
|
* Copyright 2004-2006 by Robert Fernie.
|
|
*
|
|
* This library is free software; you can redistribute it and/or
|
|
* modify it under the terms of the GNU Library General Public
|
|
* License Version 2 as published by the Free Software Foundation.
|
|
*
|
|
* This library is distributed in the hope that it will be useful,
|
|
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
* Library General Public License for more details.
|
|
*
|
|
* You should have received a copy of the GNU Library General Public
|
|
* License along with this library; if not, write to the Free Software
|
|
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
|
|
* USA.
|
|
*
|
|
* Please report all bugs and problems to "retroshare@lunamutt.com".
|
|
*
|
|
*/
|
|
|
|
#include <openssl/ssl.h>
|
|
#include <openssl/evp.h>
|
|
|
|
#include <string>
|
|
#include <map>
|
|
|
|
#include "pqi_base.h"
|
|
#include "pqinetwork.h"
|
|
|
|
#include "pqiindic.h"
|
|
|
|
|
|
// helper fns.
|
|
int printSSLError(SSL *ssl, int retval, int err, unsigned long err2, std::ostream &out);
|
|
std::string getX509NameString(X509_NAME *name);
|
|
std::string getX509CNString(X509_NAME *name);
|
|
|
|
std::string getX509OrgString(X509_NAME *name);
|
|
std::string getX509LocString(X509_NAME *name);
|
|
std::string getX509CountryString(X509_NAME *name);
|
|
|
|
|
|
/* definitions -> functions to be defined */
|
|
std::string convert_to_str(certsign &sign);
|
|
bool convert_to_certsign(std::string id, certsign &sign);
|
|
|
|
class sslroot;
|
|
|
|
class cert: public Person
|
|
{
|
|
public:
|
|
cert();
|
|
virtual ~cert();
|
|
|
|
virtual std::string Signature();
|
|
std::string Hash();
|
|
void Hash(std::string);
|
|
|
|
X509 *certificate;
|
|
std::string hash;
|
|
};
|
|
|
|
|
|
// returns pointer to static variable.
|
|
// which must be inited..
|
|
sslroot *getSSLRoot();
|
|
|
|
class sslroot
|
|
{
|
|
public:
|
|
sslroot();
|
|
int active();
|
|
int setcertdir(char *path);
|
|
int initssl(const char *srvr_cert, const char *priv_key,
|
|
const char *CA_file, const char *passwd);
|
|
int closessl();
|
|
|
|
/* Context handling */
|
|
SSL_CTX *getCTX();
|
|
|
|
/* Certificate handling */
|
|
int compareCerts(cert *a, cert *b);
|
|
|
|
// network interface.
|
|
|
|
// program interface.
|
|
int addCertificate(cert *c);
|
|
int addUntrustedCertificate(cert *c);
|
|
int removeCertificate(cert *);
|
|
|
|
// Creation of Certificates.... (From X509)
|
|
// Core functions....
|
|
cert *checkDuplicateX509(X509 *x);
|
|
cert *checkPeerX509(X509 *x);
|
|
cert *makeCertificate(X509 *c);
|
|
cert *registerCertificate(X509 *nc, struct sockaddr_in, bool in);
|
|
|
|
int validateCertificate(cert *c);
|
|
|
|
// depreciated...
|
|
cert *findpeercert(const char *name);
|
|
//int loadpeercert(const char *fname);
|
|
//int savepeercert(const char *fname);
|
|
|
|
// Configuration Handling...
|
|
int setConfigDirs(const char *cdir, const char *ndir);
|
|
|
|
// these save both the certificates + the settings.
|
|
int saveCertificates(const char *fname);
|
|
int saveCertificates();
|
|
int loadCertificates(const char *fname);
|
|
|
|
// with a hash check/recalc in there for good measure.
|
|
cert * loadcertificate(const char* fname, std::string hash);
|
|
int savecertificate(cert *c, const char* fname);
|
|
|
|
// digest hashing /signing or encrypting interface.
|
|
int hashFile(std::string fname, unsigned char *hash, unsigned int hlen);
|
|
int hashDigest(char *data, unsigned int dlen, unsigned char *hash, unsigned int hlen);
|
|
int signDigest(EVP_PKEY *key, char *data, unsigned int dlen, unsigned char *hash, unsigned int hlen);
|
|
int verifyDigest(EVP_PKEY *key, char *data, unsigned int dlen, unsigned char *enc, unsigned int elen);
|
|
int generateKeyPair(EVP_PKEY *keypair, unsigned int keylen);
|
|
|
|
|
|
|
|
int printCertificate(cert *, std::ostream &out);
|
|
/****** REMOVED!
|
|
*
|
|
*
|
|
std::list<std::string> listCertificates();
|
|
*
|
|
*
|
|
****/
|
|
|
|
std::list<cert *> &getCertList();
|
|
|
|
cert * getOwnCert();
|
|
int checkNetAddress();
|
|
|
|
// extra list for certs that aren't in main list.
|
|
cert * getCollectedCert();
|
|
bool collectedCerts();
|
|
|
|
bool CertsChanged();
|
|
bool CertsMajorChanged();
|
|
void IndicateCertsChanged();
|
|
|
|
std::string getSetting(std::string opt);
|
|
void setSetting(std::string opt, std::string val);
|
|
|
|
|
|
/* Fns for relating cert signatures to structures */
|
|
cert *findcertsign(certsign &sign);
|
|
int getcertsign(cert *c, certsign &sign);
|
|
int addtosignmap(cert *);
|
|
|
|
private: /* data */
|
|
std::list<cert *> peercerts;
|
|
std::list<cert *> allcerts;
|
|
std::list<cert *> collectedcerts;
|
|
|
|
// whenever a cert is added, it should also be put in the map.
|
|
std::map<certsign, cert *> signmap;
|
|
|
|
|
|
|
|
// General Configuration System
|
|
// easy it put it here - so it can be signed easily.
|
|
std::map<std::string, std::string> settings;
|
|
|
|
std::string certdir;
|
|
std::string neighbourdir;
|
|
std::string certfile;
|
|
|
|
SSL_CTX *sslctx;
|
|
int init;
|
|
|
|
Indicator certsChanged;
|
|
Indicator certsMajorChanged;
|
|
|
|
EVP_PKEY *pkey;
|
|
|
|
cert *own_cert;
|
|
|
|
};
|
|
|
|
#endif // MRK_SSL_CERT_HEADER
|