diff --git a/MSVC/ring-daemon.vcxproj b/MSVC/ring-daemon.vcxproj index a5d3abc5f..10d1263f3 100644 --- a/MSVC/ring-daemon.vcxproj +++ b/MSVC/ring-daemon.vcxproj @@ -718,6 +718,8 @@ + + @@ -876,6 +878,9 @@ + + + diff --git a/MSVC/ring-daemon.vcxproj.filters b/MSVC/ring-daemon.vcxproj.filters index 2324c271d..6efcfd311 100644 --- a/MSVC/ring-daemon.vcxproj.filters +++ b/MSVC/ring-daemon.vcxproj.filters @@ -421,6 +421,12 @@ Source Files + + Source Files\jamidht + + + Source Files\jamidht + @@ -867,6 +873,15 @@ Source Files + + Source Files\jamidht + + + Source Files\jamidht + + + Source Files\jamidht + diff --git a/bin/Makefile.am b/bin/Makefile.am index 7ba240018..63f86319d 100644 --- a/bin/Makefile.am +++ b/bin/Makefile.am @@ -34,6 +34,6 @@ dring_CXXFLAGS= -I$(top_srcdir)/src ${DBUSCPP_CFLAGS} \ dring_LDADD = dbus/libclient_dbus.la ${DBUSCPP_LIBS} $(top_builddir)/src/libring.la -ldl endif -if RING_NODEJS +if ENABLE_NODEJS SUBDIRS+=nodejs endif diff --git a/configure.ac b/configure.ac index 6cb5ae83b..208a8b854 100644 --- a/configure.ac +++ b/configure.ac @@ -421,16 +421,16 @@ AC_DEFINE_UNQUOTED([HAVE_RINGNS], `if test "x$enable_ringns" != "xno"; then echo dnl nodejs module AC_ARG_WITH([nodejs], AS_HELP_STRING([--with-nodejs], [Enable NodeJS module])) -AM_CONDITIONAL([RING_NODEJS], test "x$enable_nodejs" != "xno", [Define if you use the NodeJS module]) +AM_CONDITIONAL([ENABLE_NODEJS], test "x$enable_nodejs" != "xno", [Define if you use the NodeJS module]) AC_DEFINE_UNQUOTED([HAVE_NODEJS], `if test "x$enable_ringns" != "xno"; then echo 1; else echo 0; fi`, [Define if you use the NodeJS module]) AS_IF([test "x$with_nodejs" = "xyes"], [ AC_PATH_PROG(SWIG, swig, "") AS_AC_EXPAND(SBINDIR, $sbindir) AC_SUBST(SBINDIR) AC_CONFIG_FILES([bin/nodejs/Makefile]) - AM_CONDITIONAL(RING_NODEJS, true) + AM_CONDITIONAL(ENABLE_NODEJS, true) ], - AM_CONDITIONAL(RING_NODEJS, false) + AM_CONDITIONAL(ENABLE_NODEJS, false) ); AS_IF([test "x$enable_ringns" != "xno"], [ diff --git a/src/im/message_engine.cpp b/src/im/message_engine.cpp index 033fdec71..956710919 100644 --- a/src/im/message_engine.cpp +++ b/src/im/message_engine.cpp @@ -211,7 +211,7 @@ MessageEngine::load() } JAMI_DBG("[Account %s] loaded %lu messages from %s", account_.getAccountID().c_str(), loaded, savePath_.c_str()); } catch (const std::exception& e) { - JAMI_ERR("[Account %s] couldn't load messages from %s: %s", account_.getAccountID().c_str(), savePath_.c_str(), e.what()); + JAMI_DBG("[Account %s] couldn't load messages from %s: %s", account_.getAccountID().c_str(), savePath_.c_str(), e.what()); } } diff --git a/src/jamidht/Makefile.am b/src/jamidht/Makefile.am index 36014ec78..21f0493f7 100644 --- a/src/jamidht/Makefile.am +++ b/src/jamidht/Makefile.am @@ -19,10 +19,16 @@ libringacc_la_SOURCES = \ accountarchive.cpp \ accountarchive.h \ p2p.cpp \ - p2p.h + p2p.h \ + contact_list.h \ + contact_list.cpp \ + account_manager.h \ + account_manager.cpp if RINGNS libringacc_la_SOURCES += \ namedirectory.cpp \ namedirectory.h endif + +nobase_include_HEADERS= jami_contact.h diff --git a/src/jamidht/account_manager.cpp b/src/jamidht/account_manager.cpp new file mode 100644 index 000000000..ff69f0ddd --- /dev/null +++ b/src/jamidht/account_manager.cpp @@ -0,0 +1,1095 @@ +/* + * Copyright (C) 2014-2019 Savoir-faire Linux Inc. + * Author : Adrien Béraud + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +#include "account_manager.h" +#include "accountarchive.h" +#include "jamiaccount.h" +#include "base64.h" +#include "dring/account_const.h" +#include "account_schema.h" +#include "archiver.h" + +#include "libdevcrypto/Common.h" + +#include + +#include +#include +#include + +namespace jami { + +const constexpr auto EXPORT_KEY_RENEWAL_TIME = std::chrono::minutes(20); +constexpr static const char* const DHT_TYPE_NS = "cx.ring"; + +template +std::unique_ptr dynamic_unique_cast(std::unique_ptr&& p) { + if (auto cast = dynamic_cast(p.get())) { + std::unique_ptr result(cast); + p.release(); + return result; + } + return {}; +} + +void +ArchiveAccountManager::initAuthentication( + CertRequest request, + std::unique_ptr credentials, + AuthSuccessCallback onSuccess, + AuthFailureCallback onFailure, + OnChangeCallback onChange) +{ + auto ctx = std::make_shared(); + ctx->request = std::move(request); + ctx->credentials = dynamic_unique_cast(std::move(credentials)); + ctx->onSuccess = std::move(onSuccess); + ctx->onFailure = std::move(onFailure); + + if (not ctx->credentials) { + onFailure(AuthError::INVALID_ARGUMENTS, "invalid credentials"); + return; + } + + onChange_ = std::move(onChange); + + if (ctx->credentials->scheme == "dht") { + loadFromDHT(ctx); + return; + } + + dht::ThreadPool::computation().run([ + ctx = std::move(ctx), + onAsync = onAsync_ + ]() mutable { + onAsync([ctx = std::move(ctx)](AccountManager& accountManager) mutable { + auto& this_ = *static_cast(&accountManager); + try { + if (ctx->credentials->scheme == "file") { + this_.loadFromFile(ctx); + return; + } else { + if (ctx->credentials->updateIdentity.first and ctx->credentials->updateIdentity.second) { + auto future_keypair = dht::ThreadPool::computation().get(&dev::KeyPair::create); + AccountArchive a; + JAMI_WARN("[Auth] converting certificate from old account %s", ctx->credentials->updateIdentity.first->getPublicKey().getId().toString().c_str()); + a.id = std::move(ctx->credentials->updateIdentity); + try { + a.ca_key = std::make_shared(fileutils::loadFile("ca.key", this_.path_)); + } catch (...) {} + this_.updateCertificates(a, ctx->credentials->updateIdentity); + auto keypair = future_keypair.get(); + a.eth_key = keypair.secret().makeInsecure().asBytes(); + this_.onArchiveLoaded(*ctx, std::move(a)); + } else { + this_.createAccount(ctx); + } + } + } catch (const std::exception& e) { + ctx->onFailure(AuthError::UNKNOWN, e.what()); + } + }); + }); +} + +bool +ArchiveAccountManager::updateCertificates(AccountArchive& archive, dht::crypto::Identity& device) +{ + JAMI_WARN("Updating certificates"); + using Certificate = dht::crypto::Certificate; + + // We need the CA key to resign certificates + if (not archive.id.first or + not *archive.id.first or + not archive.id.second or + not archive.ca_key or + not *archive.ca_key) + return false; + + // Currently set the CA flag and update expiration dates + bool updated = false; + + auto& cert = archive.id.second; + auto ca = cert->issuer; + // Update CA if possible and relevant + if (not ca or (not ca->issuer and (not ca->isCA() or ca->getExpiration() < clock::now()))) { + ca = std::make_shared(Certificate::generate(*archive.ca_key, "Jami CA", {}, true)); + updated = true; + JAMI_DBG("CA CRT re-generated"); + } + + // Update certificate + if (updated or not cert->isCA() or cert->getExpiration() < clock::now()) { + cert = std::make_shared(Certificate::generate(*archive.id.first, "Jami", dht::crypto::Identity{archive.ca_key, ca}, true)); + updated = true; + JAMI_DBG("Jami CRT re-generated"); + } + + if (updated and device.first and *device.first) { + // update device certificate + device.second = std::make_shared(Certificate::generate(*device.first, "Jami device", archive.id)); + JAMI_DBG("device CRT re-generated"); + } + + return updated; +} + +void +ArchiveAccountManager::createAccount(const std::shared_ptr& ctx) +{ + AccountArchive a; + auto future_keypair = dht::ThreadPool::computation().get(&dev::KeyPair::create); + auto ca = dht::crypto::generateIdentity("Jami CA"); + if (!ca.first || !ca.second) { + throw std::runtime_error("Can't generate CA for this account."); + } + a.id = dht::crypto::generateIdentity("Jami", ca, 4096, true); + if (!a.id.first || !a.id.second) { + throw std::runtime_error("Can't generate identity for this account."); + } + JAMI_WARN("[Auth] new account: CA: %s, RingID: %s", + ca.second->getId().toString().c_str(), + a.id.second->getId().toString().c_str()); + a.ca_key = ca.first; + auto keypair = future_keypair.get(); + a.eth_key = keypair.secret().makeInsecure().asBytes(); + onArchiveLoaded(*ctx, std::move(a)); +} + +void +ArchiveAccountManager::loadFromFile(const std::shared_ptr& ctx) +{ + AccountArchive archive; + try { + archive = AccountArchive(ctx->credentials->uri, ctx->credentials->password); + } catch (const std::exception& ex) { + JAMI_WARN("[Auth] can't read file: %s", ex.what()); + ctx->onFailure(AuthError::UNKNOWN, ex.what()); + return; + } + onArchiveLoaded(*ctx, std::move(archive)); +} + +struct ArchiveAccountManager::DhtLoadContext { + dht::DhtRunner dht; + std::pair stateOld {false, true}; + std::pair stateNew {false, true}; + bool found {false}; +}; + +void +ArchiveAccountManager::loadFromDHT(const std::shared_ptr& ctx) +{ + ctx->dhtContext = std::make_unique(); + ctx->dhtContext->dht.run(ctx->credentials->dhtPort, {}, true); + for (const auto& bootstrap : ctx->credentials->dhtBootstrap) + ctx->dhtContext->dht.bootstrap(bootstrap); + auto searchEnded = [ctx]() { + if (not ctx->dhtContext or ctx->dhtContext->found) { + return; + } + auto& s = *ctx->dhtContext; + if (s.stateOld.first && s.stateNew.first) { + dht::ThreadPool::computation().run([ctx, network_error = !s.stateOld.second && !s.stateNew.second]{ + ctx->dhtContext.reset(); + JAMI_WARN("[Auth] failure looking for archive on DHT: %s", /**/network_error ? "network error" : "not found"); + ctx->onFailure(network_error ? AuthError::NETWORK : AuthError::UNKNOWN, ""); + }); + } + }; + + auto search = [ctx, searchEnded, onAsync = onAsync_](bool previous) { + std::vector key; + dht::InfoHash loc; + auto& s = previous ? ctx->dhtContext->stateOld : ctx->dhtContext->stateNew; + + // compute archive location and decryption keys + try { + std::tie(key, loc) = computeKeys(ctx->credentials->password, ctx->credentials->uri, previous); + JAMI_DBG("[Auth] trying to load account from DHT with %s at %s", /**/ctx->credentials->uri.c_str(), loc.toString().c_str()); + ctx->dhtContext->dht.get(loc, [ctx, key=std::move(key), onAsync](const std::shared_ptr& val) { + std::vector decrypted; + try { + decrypted = archiver::decompress(dht::crypto::aesDecrypt(val->data, key)); + } catch (const std::exception& ex) { + return true; + } + JAMI_DBG("[Auth] found archive on the DHT"); + ctx->dhtContext->found = true; + dht::ThreadPool::computation().run([ + ctx, + decrypted = std::move(decrypted), + onAsync + ]{ + try { + auto archive = AccountArchive(decrypted); + onAsync([&](AccountManager& accountManager) { + auto& this_ = *static_cast(&accountManager); + if (ctx->dhtContext) { + ctx->dhtContext->dht.join(); + ctx->dhtContext.reset(); + } + this_.onArchiveLoaded(*ctx, std::move(archive)/*, std::move(contacts)*/); + }); + } catch (const std::exception& e) { + ctx->onFailure(AuthError::UNKNOWN, ""); + } + }); + return not ctx->dhtContext->found; + }, [=, &s](bool ok) { + JAMI_DBG("[Auth] DHT archive search ended at %s", /**/loc.toString().c_str()); + s.first = true; + s.second = ok; + searchEnded(); + }); + } catch (const std::exception& e) { + // JAMI_ERR("Error computing kedht::ThreadPool::computation().run(ys: %s", e.what()); + s.first = true; + s.second = true; + searchEnded(); + return; + } + }; + dht::ThreadPool::computation().run(std::bind(search, true)); + dht::ThreadPool::computation().run(std::bind(search, false)); +} + +void +ArchiveAccountManager::onArchiveLoaded( + AuthContext& ctx, + AccountArchive&& a) +{ + auto ethAccount = dev::KeyPair(dev::Secret(a.eth_key)).address().hex(); + fileutils::check_dir(path_.c_str(), 0700); + + auto path = fileutils::getFullPath(path_, archivePath_); + a.save(path, ctx.credentials ? ctx.credentials->password : ""); + + if (not a.id.second->isCA()) { + JAMI_ERR("[Auth] trying to sign a certificate with a non-CA."); + } + JAMI_WARN("generating device certificate"); + + auto request = ctx.request.get(); + if (not request->verify()) { + JAMI_ERR("[Auth] Invalid certificate request."); + ctx.onFailure(AuthError::INVALID_ARGUMENTS, ""); + return; + } + + auto deviceCertificate = std::make_shared(dht::crypto::Certificate::generate(*request, a.id)); + auto receipt = makeReceipt(a.id, *deviceCertificate, ethAccount); + auto receiptSignature = a.id.first->sign({receipt.first.begin(), receipt.first.end()}); + + auto info = std::make_unique(); + info->identity.second = deviceCertificate; + info->contacts = std::make_unique(a.id.second, path_, onChange_); + info->contacts->setContacts(a.contacts); + info->accountId = a.id.second->getId().toString(); + info->deviceId = deviceCertificate->getPublicKey().getId().toString(); + info->ethAccount = ethAccount; + info->announce = std::move(receipt.second); + info_ = std::move(info); + + JAMI_WARN("[Auth] created new device: %s", info_->deviceId.c_str()); + ctx.onSuccess(*info_, {}, std::move(receipt.first), std::move(receiptSignature)); +} + +std::pair, dht::InfoHash> +ArchiveAccountManager::computeKeys(const std::string& password, const std::string& pin, bool previous) +{ + // Compute time seed + auto now = std::chrono::duration_cast(clock::now().time_since_epoch()); + auto tseed = now.count() / std::chrono::seconds(EXPORT_KEY_RENEWAL_TIME).count(); + if (previous) + tseed--; + std::stringstream ss; + ss << std::hex << tseed; + auto tseed_str = ss.str(); + + // Generate key for archive encryption, using PIN as the salt + std::vector salt_key; + salt_key.reserve(pin.size() + tseed_str.size()); + salt_key.insert(salt_key.end(), pin.begin(), pin.end()); + salt_key.insert(salt_key.end(), tseed_str.begin(), tseed_str.end()); + auto key = dht::crypto::stretchKey(password, salt_key, 256/8); + + // Generate public storage location as SHA1(key). + auto loc = dht::InfoHash::get(key); + + return {key, loc}; +} + +std::pair> +ArchiveAccountManager::makeReceipt(const dht::crypto::Identity& id, const dht::crypto::Certificate& device, const std::string& ethAccount) +{ + JAMI_DBG("[Auth] signing device receipt"); + auto devId = device.getId(); + DeviceAnnouncement announcement; + announcement.dev = devId; + dht::Value ann_val {announcement}; + ann_val.sign(*id.first); + + std::ostringstream is; + is << "{\"id\":\"" << id.second->getId() + << "\",\"dev\":\"" << devId + << "\",\"eth\":\"" << ethAccount + << "\",\"announce\":\"" << base64::encode(ann_val.getPacked()) << "\"}"; + + //auto announce_ = ; + return {is.str(), std::make_shared(std::move(ann_val))}; +} + +bool +ArchiveAccountManager::needsMigration(const dht::crypto::Identity& id) +{ + if (not id.second) + return false; + auto cert = id.second->issuer; + while (cert) { + if (not cert->isCA()){ + JAMI_WARN("certificate %s is not a CA, needs update.", cert->getId().toString().c_str()); + return true; + } + if (cert->getExpiration() < clock::now()) { + JAMI_WARN("certificate %s is expired, needs update.", cert->getId().toString().c_str()); + return true; + } + cert = cert->issuer; + } + return false; +} + +dht::crypto::Identity +AccountManager::loadIdentity(const std::string& crt_path, const std::string& key_path, const std::string& key_pwd) const +{ + JAMI_DBG("Loading certificate from '%s' and key from '%s' at %s", crt_path.c_str(), key_path.c_str(), path_.c_str()); + try { + dht::crypto::Certificate dht_cert(fileutils::loadFile(crt_path, path_)); + dht::crypto::PrivateKey dht_key(fileutils::loadFile(key_path, path_), key_pwd); + auto crt_id = dht_cert.getLongId(); + if (!crt_id or crt_id != dht_key.getPublicKey().getLongId()) { + JAMI_ERR("Device certificate not matching public key!"); + return {}; + } + if (not dht_cert.issuer) { + JAMI_ERR("Device certificate %s has no issuer", dht_cert.getId().to_c_str()); + return {}; + } + // load revocation lists for device authority (account certificate). + tls::CertificateStore::instance().loadRevocations(*dht_cert.issuer); + + return { + std::make_shared(std::move(dht_key)), + std::make_shared(std::move(dht_cert)) + }; + } + catch (const std::exception& e) { + JAMI_ERR("Error loading identity: %s", e.what()); + } + return {}; +} + +const AccountInfo* +AccountManager::useIdentity( + const dht::crypto::Identity& identity, + const std::string& receipt, + const std::vector& receiptSignature, + OnChangeCallback&& onChange) +{ + if (receipt.empty() or receiptSignature.empty()) + return nullptr; + + if (not identity.first or not identity.second) { + JAMI_ERR("[Auth] no identity provided"); + return nullptr; + } + + auto accountCertificate = identity.second->issuer; + if (not accountCertificate) { + JAMI_ERR("[Auth] device certificate must be issued by the account certificate"); + return nullptr; + } + + // match certificate chain + auto contactList = std::make_unique(accountCertificate, path_, onChange); + if (not contactList->isValidAccountDevice(*identity.second)) { + JAMI_ERR("[Auth] can't use identity: device certificate chain can't be verified"); + return nullptr; + } + + auto pk = accountCertificate->getPublicKey(); + JAMI_DBG("[Auth] checking device receipt for %s", pk.getId().toString().c_str()); + if (!pk.checkSignature({receipt.begin(), receipt.end()}, receiptSignature)) { + JAMI_ERR("[Auth] device receipt signature check failed"); + return nullptr; + } + + Json::Value root; + Json::CharReaderBuilder rbuilder; + auto reader = std::unique_ptr(rbuilder.newCharReader()); + if (!reader->parse(&receipt[0], &receipt[receipt.size()], &root, nullptr)) { + JAMI_ERR() << this << " device receipt parsing error"; + return nullptr; + } + + auto dev_id = root["dev"].asString(); + if (dev_id != identity.second->getId().toString()) { + JAMI_ERR("[Auth] device ID mismatch between receipt and certificate"); + return nullptr; + } + auto id = root["id"].asString(); + if (id != pk.getId().toString()) { + JAMI_ERR("[Auth] account ID mismatch between receipt and certificate"); + return nullptr; + } + + dht::Value announce_val; + try { + auto announce = base64::decode(root["announce"].asString()); + msgpack::object_handle announce_msg = msgpack::unpack((const char*)announce.data(), announce.size()); + announce_val.msgpack_unpack(announce_msg.get()); + if (not announce_val.checkSignature()) { + JAMI_ERR("[Auth] announce signature check failed"); + return nullptr; + } + DeviceAnnouncement da; + da.unpackValue(announce_val); + if (da.from.toString() != id or da.dev.toString() != dev_id) { + JAMI_ERR("[Auth] device ID mismatch in announce"); + return nullptr; + } + } catch (const std::exception& e) { + JAMI_ERR("[Auth] can't read announce: %s", e.what()); + return nullptr; + } + + onChange_ = std::move(onChange); + + auto info = std::make_unique(); + info->identity = identity; + info->contacts = std::move(contactList); + info->contacts->load(); + info->accountId = id; + info->deviceId = identity.first->getPublicKey().getId().toString(); + info->announce = std::make_shared(std::move(announce_val)); + info->ethAccount = root["eth"].asString(); + info_ = std::move(info); + + JAMI_DBG("[Auth] Device %s receipt checked successfully for account %s", info_->deviceId.c_str(), id.c_str()); + return info_.get(); +} + +AccountArchive +ArchiveAccountManager::readArchive(const std::string& pwd) const +{ + JAMI_DBG("[Auth] reading account archive"); + return AccountArchive(fileutils::getFullPath(path_, archivePath_), pwd); +} + +void +ArchiveAccountManager::updateArchive(AccountArchive& archive) const +{ + using namespace DRing::Account::ConfProperties; + + // Keys not exported to archive + static const auto filtered_keys = { Ringtone::PATH, + ARCHIVE_PATH, + RING_DEVICE_ID, + RING_DEVICE_NAME, + Conf::CONFIG_DHT_PORT }; + + // Keys with meaning of file path where the contents has to be exported in base64 + static const auto encoded_keys = { TLS::CA_LIST_FILE, + TLS::CERTIFICATE_FILE, + TLS::PRIVATE_KEY_FILE }; + + JAMI_DBG("[Auth] building account archive"); + for (const auto& it : onExportConfig_()) { + // filter-out? + if (std::any_of(std::begin(filtered_keys), std::end(filtered_keys), + [&](const auto& key){ return key == it.first; })) + continue; + + // file contents? + if (std::any_of(std::begin(encoded_keys), std::end(encoded_keys), + [&](const auto& key){ return key == it.first; })) { + try { + archive.config.emplace(it.first, base64::encode(fileutils::loadFile(it.second))); + } catch (...) {} + } else + archive.config.insert(it); + } + archive.contacts = info_->contacts->getContacts(); +} + +void +ArchiveAccountManager::saveArchive(AccountArchive& archive, const std::string& pwd) +{ + try { + updateArchive(archive); + if (archivePath_.empty()) + archivePath_ = "export.gz"; + archive.save(fileutils::getFullPath(path_, archivePath_), pwd); + //archiveHasPassword_ = not pwd.empty(); + } catch (const std::runtime_error& ex) { + JAMI_ERR("[Auth] Can't export archive: %s", ex.what()); + return; + } +} + +bool +ArchiveAccountManager::changePassword(const std::string& password_old, const std::string& password_new) +{ + try { + auto path = fileutils::getFullPath(path_, archivePath_); + AccountArchive(path, password_old).save(path, password_new); + return true; + } catch (const std::exception&) { + return false; + } +} + +std::string +generatePIN(size_t length = 8) +{ + static constexpr const char alphabet[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; + dht::crypto::random_device rd; + std::uniform_int_distribution dis(0, sizeof(alphabet)-2); + std::string ret; + ret.reserve(length); + for (size_t i=0; i(&accountManager); + + std::vector key; + dht::InfoHash loc; + std::string pin_str; + AccountArchive a; + try { + JAMI_DBG("[Auth] exporting account"); + + a = this_.readArchive(password); + + // Generate random PIN + pin_str = generatePIN(); + + std::tie(key, loc) = computeKeys(password, pin_str); + } catch (const std::exception& e) { + JAMI_ERR("[Auth] can't export account: %s", e.what()); + cb(AddDeviceResult::ERROR_CREDENTIALS, {}); + return; + } + // now that key and loc are computed, display to user in lowercase + std::transform(pin_str.begin(), pin_str.end(), pin_str.begin(), ::tolower); + try { + this_.updateArchive(a); + auto encrypted = dht::crypto::aesEncrypt(archiver::compress(a.serialize()), key); + if (not this_.dht_->isRunning()) + throw std::runtime_error("DHT is not running.."); + JAMI_WARN("[Auth] exporting account with PIN: %s at %s (size %zu)", pin_str.c_str(), loc.toString().c_str(), encrypted.size()); + this_.dht_->put(loc, encrypted, [cb, pin = std::move(pin_str)](bool ok) { + JAMI_DBG("[Auth] account archive published: %s", ok ? "success" : "failure"); + if (ok) + cb(AddDeviceResult::SUCCESS_SHOW_PIN, pin); + else + cb(AddDeviceResult::ERROR_NETWORK, {}); + }); + } catch (const std::exception& e) { + JAMI_ERR("[Auth] can't export account: %s", e.what()); + cb(AddDeviceResult::ERROR_NETWORK, {}); + return; + } + }); + }); +} + +bool +ArchiveAccountManager::revokeDevice(const std::string& password, const std::string& device, RevokeDeviceCallback cb) +{ + auto fa = dht::ThreadPool::computation().getShared([this, password] { return readArchive(password); }); + findCertificate(dht::InfoHash(device), + [fa=std::move(fa),password,device,cb,onAsync=onAsync_](const std::shared_ptr& crt) mutable + { + if (not crt) { + cb(RevokeDeviceResult::ERROR_NETWORK); + return; + } + onAsync([cb, crt=std::move(crt), fa=std::move(fa), password=std::move(password)](AccountManager& accountManager) mutable { + auto& this_ = *static_cast(&accountManager); + this_.info_->contacts->foundAccountDevice(crt); + AccountArchive a; + try { + a = fa.get(); + } catch (...) { + cb(RevokeDeviceResult::ERROR_CREDENTIALS); + return; + } + // Add revoked device to the revocation list and resign it + if (not a.revoked) + a.revoked = std::make_shared(); + a.revoked->revoke(*crt); + a.revoked->sign(a.id); + // add to CRL cache + tls::CertificateStore::instance().pinRevocationList(a.id.second->getId().toString(), a.revoked); + tls::CertificateStore::instance().loadRevocations(*a.id.second); + + this_.saveArchive(a, password); + this_.info_->contacts->removeAccountDevice(crt->getId()); + cb(RevokeDeviceResult::SUCCESS); + this_.syncDevices(); + }); + }); + return false; +} + +bool +ArchiveAccountManager::exportArchive(const std::string& destinationPath, const std::string& password) +{ + try { + // Save contacts if possible before exporting + AccountArchive archive = readArchive(password); + updateArchive(archive); + archive.save(fileutils::getFullPath(path_, archivePath_), password); + + // Export the file + auto sourcePath = fileutils::getFullPath(path_, archivePath_); + std::ifstream src(sourcePath, std::ios::in | std::ios::binary); + if (!src) return false; + std::ofstream dst(destinationPath, std::ios::out | std::ios::binary); + dst << src.rdbuf(); + return true; + } catch (const std::runtime_error& ex) { + JAMI_ERR("[Auth] Can't export archive: %s", ex.what()); + return false; + } catch (...) { + JAMI_ERR("[Auth] Can't export archive: can't read archive"); + return false; + } +} + +const std::map& +AccountManager::getKnownDevices() const { + return info_->contacts->getKnownDevices(); +} + +bool +AccountManager::foundAccountDevice(const std::shared_ptr& crt, const std::string& name, const time_point& last_sync) +{ + return info_->contacts->foundAccountDevice(crt, name, last_sync); +} + +void +AccountManager::setAccountDeviceName(const std::string& name) +{ + if (info_) + info_->contacts->setAccountDeviceName(dht::InfoHash(info_->deviceId), name); +} + + +bool +AccountManager::foundPeerDevice(const std::shared_ptr& crt, dht::InfoHash& account_id) +{ + if (not crt) + return false; + + auto top_issuer = crt; + while (top_issuer->issuer) + top_issuer = top_issuer->issuer; + + // Device certificate can't be self-signed + if (top_issuer == crt) { + JAMI_WARN("Found invalid peer device: %s", crt->getId().toString().c_str()); + return false; + } + + // Check peer certificate chain + // Trust store with top issuer as the only CA + dht::crypto::TrustList peer_trust; + peer_trust.add(*top_issuer); + if (not peer_trust.verify(*crt)) { + JAMI_WARN("Found invalid peer device: %s", crt->getId().toString().c_str()); + return false; + } + + account_id = crt->issuer->getId(); + JAMI_WARN("Found peer device: %s account:%s CA:%s", crt->getId().toString().c_str(), account_id.toString().c_str(), top_issuer->getId().toString().c_str()); + return true; +} + + +void +AccountManager::addContact(const std::string& uri, bool confirmed) +{ + JAMI_WARN("AccountManager::addContact %d", confirmed); + dht::InfoHash h (uri); + if (not h) { + JAMI_ERR("addContact: invalid contact URI"); + return; + } + if (info_->contacts->addContact(h, confirmed)) { + syncDevices(); + } +} + +void +AccountManager::removeContact(const std::string& uri, bool banned) +{ + dht::InfoHash h (uri); + if (not h) { + JAMI_ERR("removeContact: invalid contact URI"); + return; + } + if (info_->contacts->removeContact(h, banned)) { + syncDevices(); + } +} + +std::vector> +AccountManager::getContacts() const +{ + if (not info_) { + JAMI_ERR("getContacts(): account not loaded"); + return {}; + } + const auto& contacts = info_->contacts->getContacts(); + std::vector> ret; + ret.reserve(contacts.size()); + + for (const auto& c : contacts) { + auto details = c.second.toMap(); + if (not details.empty()) { + details["id"] = c.first.toString(); + ret.emplace_back(std::move(details)); + } + } + return ret; +} + +/** Obtain details about one account contact in serializable form. */ +std::map +AccountManager::getContactDetails(const std::string& uri) const +{ + dht::InfoHash h (uri); + if (not h) { + JAMI_ERR("getContactDetails: invalid contact URI"); + return {}; + } + return info_->contacts->getContactDetails(h); +} + +bool +ArchiveAccountManager::findCertificate(const dht::InfoHash& h, std::function&)>&& cb) +{ + if (auto cert = tls::CertificateStore::instance().getCertificate(h.toString())) { + if (cb) + cb(cert); + } else { + dht_->findCertificate(h, [cb](const std::shared_ptr& crt) { + if (crt) + tls::CertificateStore::instance().pinCertificate(crt); + if (cb) + cb(crt); + }); + } + return true; +} + +bool +AccountManager::setCertificateStatus(const std::string& cert_id, tls::TrustStore::PermissionStatus status) +{ + return info_->contacts->setCertificateStatus(cert_id, status); +} + +std::vector +AccountManager::getCertificatesByStatus(tls::TrustStore::PermissionStatus status) +{ + return info_->contacts->getCertificatesByStatus(status); +} + +tls::TrustStore::PermissionStatus +AccountManager::getCertificateStatus(const std::string& cert_id) const +{ + return info_->contacts->getCertificateStatus(cert_id); +} + +bool +AccountManager::isAllowed(const crypto::Certificate& crt, bool allowPublic) +{ + return info_->contacts->isAllowed(crt, allowPublic); +} + +std::vector> +AccountManager::getTrustRequests() const +{ + if (not info_) { + JAMI_ERR("getTrustRequests(): account not loaded"); + return {}; + } + return info_->contacts->getTrustRequests(); +} + +bool +AccountManager::acceptTrustRequest(const std::string& from) +{ + dht::InfoHash f(from); + if (info_->contacts->acceptTrustRequest(f)) { + sendTrustRequestConfirm(f); + syncDevices(); + return true; + } + return false; +} + +bool +AccountManager::discardTrustRequest(const std::string& from) +{ + dht::InfoHash f(from); + return info_->contacts->discardTrustRequest(f); +} + +void +AccountManager::sendTrustRequest(const std::string& to, const std::vector& payload) +{ + JAMI_WARN("AccountManager::sendTrustRequest"); + auto toH = dht::InfoHash(to); + if (not toH) { + JAMI_ERR("can't send trust request to invalid hash: %s", to.c_str()); + return; + } + if (info_->contacts->addContact(toH)) { + syncDevices(); + } + forEachDevice(toH, [this,toH,payload](const dht::InfoHash& dev) + { + JAMI_WARN("sending trust request to: %s / %s", toH.toString().c_str(), dev.toString().c_str()); + dht_->putEncrypted(dht::InfoHash::get("inbox:"+dev.toString()), + dev, + dht::TrustRequest(DHT_TYPE_NS, payload)); + }); +} + +void +AccountManager::sendTrustRequestConfirm(const dht::InfoHash& toH) +{ + JAMI_WARN("AccountManager::sendTrustRequestConfirm"); + dht::TrustRequest answer {DHT_TYPE_NS}; + answer.confirm = true; + forEachDevice(toH, [this,toH,answer](const dht::InfoHash& dev) { + JAMI_WARN("sending trust request reply: %s / %s", toH.toString().c_str(), dev.toString().c_str()); + dht_->putEncrypted(dht::InfoHash::get("inbox:"+dev.toString()), dev, answer); + }); +} + + +void +AccountManager::forEachDevice(const dht::InfoHash& to, + std::function&& op, + std::function&& end) +{ + auto treatedDevices = std::make_shared>(); + dht_->get(to, [to](dht::crypto::RevocationList&& crl){ + tls::CertificateStore::instance().pinRevocationList(to.toString(), std::move(crl)); + return true; + }); + dht_->get(to, [this,to,treatedDevices,op=std::move(op)](DeviceAnnouncement&& dev) { + if (dev.from != to) + return true; + if (treatedDevices->emplace(dev.dev).second) { + op(dev.dev); + } + return true; + }, [=, end=std::move(end)](bool /*ok*/){ + JAMI_DBG("Found %lu devices for %s", treatedDevices->size(), to.to_c_str()); + if (end) + end(not treatedDevices->empty()); + }); +} + + +void +ArchiveAccountManager::syncDevices() +{ + JAMI_DBG("Building device sync from %s", info_->deviceId.c_str()); + auto sync_data = info_->contacts->getSyncData(); + + for (const auto& dev : getKnownDevices()) { + // don't send sync data to ourself + if (dev.first.toString() == info_->deviceId) + continue; + JAMI_DBG("sending device sync to %s %s", dev.second.name.c_str(), dev.first.toString().c_str()); + auto syncDeviceKey = dht::InfoHash::get("inbox:"+dev.first.toString()); + dht_->putEncrypted(syncDeviceKey, dev.first, sync_data); + } +} + + +void +ArchiveAccountManager::startSync() +{ + // Put device annoucement + if (info_->announce) { + auto h = dht::InfoHash(info_->accountId); + JAMI_DBG("announcing device at %s", h.toString().c_str()); + dht_->put(h, info_->announce, dht::DoneCallback{}, {}, true); + for (const auto& crl : info_->identity.second->issuer->getRevocationLists()) + dht_->put(h, crl, dht::DoneCallback{}, {}, true); + dht_->listen(h, [this](DeviceAnnouncement&& dev) { + findCertificate(dev.dev, [this](const std::shared_ptr& crt) { + foundAccountDevice(crt); + }); + return true; + }); + dht_->listen(h, [this](dht::crypto::RevocationList&& crl) { + if (crl.isSignedBy(*info_->identity.second->issuer)) { + JAMI_DBG("found CRL for account."); + tls::CertificateStore::instance().pinRevocationList( + info_->accountId, + std::make_shared(std::move(crl))); + } + return true; + }); + syncDevices(); + } else { + JAMI_WARN("can't announce device: no annoucement..."); + } + + auto inboxKey = dht::InfoHash::get("inbox:"+info_->deviceId); + dht_->listen( + inboxKey, + [this](dht::TrustRequest&& v) { + if (v.service != DHT_TYPE_NS) + return true; + + findCertificate(v.from, [this, v](const std::shared_ptr& cert) mutable { + // check peer certificate + dht::InfoHash peer_account; + if (not foundPeerDevice(cert, peer_account)) { + return; + } + + JAMI_WARN("Got trust request from: %s / %s", peer_account.toString().c_str(), v.from.toString().c_str()); + if (info_) + if (info_->contacts->onTrustRequest(peer_account, v.from, time(nullptr), v.confirm, std::move(v.payload))) { + sendTrustRequestConfirm(peer_account); + } + }); + return true; + } + ); + + dht_->listen( + inboxKey, + [this](DeviceSync&& sync) { + // Received device sync data. + // check device certificate + findCertificate(sync.from, [this,sync](const std::shared_ptr& cert) mutable { + if (!cert or cert->getId() != sync.from) { + JAMI_WARN("Can't find certificate for device %s", sync.from.toString().c_str()); + return; + } + if (not foundAccountDevice(cert)) + return; + onSyncData(std::move(sync)); + }); + + return true; + } + ); +} + +void +ArchiveAccountManager::onSyncData(DeviceSync&& sync) +{ + auto sync_date = clock::time_point(clock::duration(sync.date)); + if (not info_->contacts->syncDevice(sync.from, sync_date)) { + return; + } + + // Sync known devices + JAMI_DBG("[Contacts] received device sync data (%lu devices, %lu contacts)", sync.devices_known.size(), sync.peers.size()); + for (const auto& d : sync.devices_known) { + findCertificate(d.first, [this,d](const std::shared_ptr& crt) { + if (not crt) + return; + //std::lock_guard lock(deviceListMutex_); + foundAccountDevice(crt, d.second); + }); + } + //saveKnownDevices(); + + // Sync contacts + for (const auto& peer : sync.peers) + info_->contacts->updateContact(peer.first, peer.second); + //saveContacts(); + + // Sync trust requests + for (const auto& tr : sync.trust_requests) + info_->contacts->onTrustRequest(tr.first, tr.second.device, tr.second.received, false, {}); +} + + +#if HAVE_RINGNS +void +ArchiveAccountManager::lookupName(const std::string& name, LookupCallback cb) +{ + nameDir_.get().lookupName(name, cb); +} + +void +ArchiveAccountManager::lookupAddress(const std::string& addr, LookupCallback cb) +{ + nameDir_.get().lookupAddress(addr, cb); +} + +void +ArchiveAccountManager::registerName(const std::string& password, const std::string& name, RegistrationCallback cb) +{ + std::string signedName; + auto nameLowercase {name}; + std::transform(nameLowercase.begin(), nameLowercase.end(), nameLowercase.begin(), ::tolower); + std::string publickey; + std::string accountId; + std::string ethAccount; + + try { + auto archive = readArchive(password); + auto privateKey = archive.id.first; + auto pk = privateKey->getPublicKey(); + publickey = pk.toString(); + accountId = pk.getId().toString(); + signedName = base64::encode(privateKey->sign(std::vector(nameLowercase.begin(), nameLowercase.end()))); + ethAccount = dev::KeyPair(dev::Secret(archive.eth_key)).address().hex(); + } catch (const std::exception& e) { + //JAMI_ERR("[Auth] can't export account: %s", e.what()); + cb(NameDirectory::RegistrationResponse::invalidCredentials); + return; + } + + nameDir_.get().registerName(accountId, nameLowercase, ethAccount, cb, signedName, publickey); +} +#endif + +} diff --git a/src/jamidht/account_manager.h b/src/jamidht/account_manager.h new file mode 100644 index 000000000..c15d538b6 --- /dev/null +++ b/src/jamidht/account_manager.h @@ -0,0 +1,283 @@ +/* + * Copyright (C) 2014-2019 Savoir-faire Linux Inc. + * Author : Adrien Béraud + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +#pragma once + +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + +#include "contact_list.h" +#include "logger.h" +#if HAVE_RINGNS +#include "namedirectory.h" +#endif + +#include + +#include +#include +#include + +namespace dht { + class DhtRunner; +} + +namespace jami { + +class AccountArchive; + +struct AccountInfo { + dht::crypto::Identity identity; + std::unique_ptr contacts; + std::string accountId; + std::string deviceId; + std::shared_ptr announce; + std::string ethAccount; +}; + +class AccountManager { +public: + using AsyncUser = std::function; + using OnAsync = std::function; + using OnChangeCallback = ContactList::OnChangeCallback; + using OnExportConfig = std::function()>; + using clock = std::chrono::system_clock; + using time_point = clock::time_point; + + AccountManager( + const std::string& path, + OnAsync&& onAsync, + OnExportConfig&& onExportConfig, + std::shared_ptr dht) + : path_(path), onAsync_(std::move(onAsync)), onExportConfig_(std::move(onExportConfig)), dht_(std::move(dht)) {}; + + virtual ~AccountManager() = default; + + // Auth + + enum class AuthError { + UNKNOWN, + INVALID_ARGUMENTS, + NETWORK + }; + + using AuthSuccessCallback = std::function& config, + std::string&& receipt, + std::vector&& receipt_signature)>; + + using AuthFailureCallback = std::function; + using DeviceSyncCallback = std::function; + using CertRequest = std::future>; + + struct AccountCredentials { + std::string scheme; + std::string uri; + std::string password; + virtual ~AccountCredentials() {}; + }; + + virtual void initAuthentication( + CertRequest request, + std::unique_ptr credentials, + AuthSuccessCallback onSuccess, + AuthFailureCallback onFailure, + OnChangeCallback onChange) = 0; + + virtual bool changePassword(const std::string& password_old, const std::string& password_new) = 0; + + virtual void syncDevices() = 0; + + dht::crypto::Identity loadIdentity(const std::string& crt_path, const std::string& key_path, const std::string& key_pwd) const; + + const AccountInfo* useIdentity( + const dht::crypto::Identity& id, + const std::string& receipt, + const std::vector& receiptSignature, + OnChangeCallback&& onChange); + + virtual void startSync() {}; + + const AccountInfo* getInfo() const { + return info_.get() ; + } + + // Device management + + enum class AddDeviceResult { + SUCCESS_SHOW_PIN = 0, + ERROR_CREDENTIALS, + ERROR_NETWORK, + }; + using AddDeviceCallback = std::function; + + enum class RevokeDeviceResult { + SUCCESS = 0, + ERROR_CREDENTIALS, + ERROR_NETWORK, + }; + using RevokeDeviceCallback = std::function; + + virtual void addDevice(const std::string& /*password*/, AddDeviceCallback) {}; + virtual bool revokeDevice(const std::string& /*password*/, const std::string& /*device*/, RevokeDeviceCallback) { return false; }; + + const std::map& getKnownDevices() const; + bool foundAccountDevice(const std::shared_ptr& crt, const std::string& name = {}, const time_point& last_sync = time_point::min()); + //bool removeAccountDevice(const dht::InfoHash& device); + void setAccountDeviceName(/*const dht::InfoHash& device, */const std::string& name); + + + void forEachDevice(const dht::InfoHash& to, + std::function&& op, + std::function&& end = {}); + + /** + * Inform that a potential peer device have been found. + * Returns true only if the device certificate is a valid device certificate. + * In that case (true is returned) the account_id parameter is set to the peer account ID. + */ + static bool foundPeerDevice(const std::shared_ptr& crt, dht::InfoHash& account_id); + + + // Contact requests + + std::vector> getTrustRequests() const; + bool acceptTrustRequest(const std::string& from); + bool discardTrustRequest(const std::string& from); + + void sendTrustRequest(const std::string& to, const std::vector& payload); + void sendTrustRequestConfirm(const dht::InfoHash& to); + + // Contact + + /** + * Add contact to the account contact list. + * Set confirmed if we know the contact also added us. + */ + void addContact(const std::string& uri, bool confirmed = false); + void removeContact(const std::string& uri, bool banned = true); + std::vector> getContacts() const; + + /** Obtain details about one account contact in serializable form. */ + std::map getContactDetails(const std::string& uri) const; + + virtual bool findCertificate(const dht::InfoHash& h, std::function&)>&& cb = {}) = 0; + bool setCertificateStatus(const std::string& cert_id, tls::TrustStore::PermissionStatus status); + std::vector getCertificatesByStatus(tls::TrustStore::PermissionStatus status); + tls::TrustStore::PermissionStatus getCertificateStatus(const std::string& cert_id) const; + bool isAllowed(const crypto::Certificate& crt, bool allowPublic); + + // Name resolver +#if HAVE_RINGNS + using LookupCallback = NameDirectory::LookupCallback; + using RegistrationCallback = NameDirectory::RegistrationCallback; + + virtual void lookupName(const std::string& name, LookupCallback cb) = 0; + virtual void lookupAddress(const std::string& address, LookupCallback cb) = 0; + virtual void registerName(const std::string& password, const std::string& name, RegistrationCallback cb) = 0; +#endif + +protected: + std::string path_; + OnAsync onAsync_; + OnExportConfig onExportConfig_; + OnChangeCallback onChange_; + std::unique_ptr info_; + std::shared_ptr dht_; +}; + + +class ArchiveAccountManager : public AccountManager { +public: + ArchiveAccountManager( + const std::string& path, + std::shared_ptr dht, + OnAsync&& onAsync, + OnExportConfig&& onExportConfig, + std::string archivePath, + const std::string& nameServer) + : AccountManager(path, std::move(onAsync), std::move(onExportConfig), std::move(dht)), archivePath_(std::move(archivePath)), nameDir_(NameDirectory::instance(nameServer)) {}; + + struct ArchiveAccountCredentials : AccountCredentials { + std::string archivePath; + in_port_t dhtPort; + std::vector dhtBootstrap; + dht::crypto::Identity updateIdentity; + }; + + void initAuthentication( + CertRequest request, + std::unique_ptr credentials, + AuthSuccessCallback onSuccess, + AuthFailureCallback onFailure, + OnChangeCallback onChange) override; + + void startSync() override; + + bool changePassword(const std::string& password_old, const std::string& password_new) override; + + void syncDevices() override; + void onSyncData(DeviceSync&& device); + + bool findCertificate(const dht::InfoHash& h, std::function&)>&& cb = {}) override; + + void addDevice(const std::string& password, AddDeviceCallback) override; + bool revokeDevice(const std::string& password, const std::string& device, RevokeDeviceCallback) override; + bool exportArchive(const std::string& destinationPath, const std::string& password); + +#if HAVE_RINGNS + void lookupName(const std::string& name, LookupCallback cb) override; + void lookupAddress(const std::string& address, LookupCallback cb) override; + void registerName(const std::string& password, const std::string& name, RegistrationCallback cb) override; +#endif + +private: + struct DhtLoadContext; + struct AuthContext { + CertRequest request; + //std::unique_ptr request; + std::unique_ptr credentials; + std::unique_ptr dhtContext; + AuthSuccessCallback onSuccess; + AuthFailureCallback onFailure; + }; + + void createAccount(const std::shared_ptr& ctx); + std::pair> makeReceipt(const dht::crypto::Identity& id, const dht::crypto::Certificate& device, const std::string& ethAccount); + void updateArchive(AccountArchive& content/*, const ContactList& syncData*/) const; + void saveArchive(AccountArchive& content, const std::string& pwd); + AccountArchive readArchive(const std::string& pwd) const; + static std::pair, dht::InfoHash> computeKeys(const std::string& password, const std::string& pin, bool previous=false); + bool updateCertificates(AccountArchive& archive, dht::crypto::Identity& device); + static bool needsMigration(const dht::crypto::Identity& id); + + void loadFromFile(const std::shared_ptr& ctx); + void loadFromDHT(const std::shared_ptr& ctx); + void onArchiveLoaded(AuthContext& ctx, AccountArchive&& a); + + std::string archivePath_; + std::reference_wrapper nameDir_; +}; + +class ServerAccountManager : public AccountManager { + + +}; + +} diff --git a/src/jamidht/accountarchive.cpp b/src/jamidht/accountarchive.cpp index 0db1a067b..05a6e684c 100644 --- a/src/jamidht/accountarchive.cpp +++ b/src/jamidht/accountarchive.cpp @@ -89,6 +89,7 @@ AccountArchive::serialize() const if (ca_key and *ca_key) root[Conf::RING_CA_KEY] = base64::encode(ca_key->serialize()); + root[Conf::RING_ACCOUNT_KEY] = base64::encode(id.first->serialize()); root[Conf::RING_ACCOUNT_CERT] = base64::encode(id.second->getPacked()); root[Conf::ETH_KEY] = base64::encode(eth_key); diff --git a/src/jamidht/accountarchive.h b/src/jamidht/accountarchive.h index b0d88992a..a0c89fdf8 100644 --- a/src/jamidht/accountarchive.h +++ b/src/jamidht/accountarchive.h @@ -17,7 +17,7 @@ */ #pragma once -#include "ringcontact.h" +#include "jami_contact.h" #include "fileutils.h" #include diff --git a/src/jamidht/contact_list.cpp b/src/jamidht/contact_list.cpp new file mode 100644 index 000000000..1de78f280 --- /dev/null +++ b/src/jamidht/contact_list.cpp @@ -0,0 +1,491 @@ +/* + * Copyright (C) 2014-2019 Savoir-faire Linux Inc. + * Author : Adrien Béraud + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program. If not, see . + */ +#include "contact_list.h" +#include "logger.h" +#include "jamiaccount.h" +#include "fileutils.h" + +#include "account_const.h" + +#include + +namespace jami { + +ContactList::ContactList(const std::shared_ptr& cert, const std::string& path, OnChangeCallback cb) + : path_(path), callbacks_(std::move(cb)) +{ + if (cert) + accountTrust_.add(*cert); +} + +ContactList::~ContactList() {} + +void +ContactList::load() +{ + loadContacts(); + loadTrustRequests(); + loadKnownDevices(); +} + +void +ContactList::save() +{ + saveContacts(); + saveTrustRequests(); + saveKnownDevices(); +} + +bool +ContactList::setCertificateStatus(const std::string& cert_id, const tls::TrustStore::PermissionStatus status) +{ + if (contacts_.find(dht::InfoHash(cert_id)) != contacts_.end()) { + JAMI_DBG("Can't set certificate status for existing contacts %s", cert_id.c_str()); + return false; + } + return trust_.setCertificateStatus(cert_id, status); +} + +bool +ContactList::addContact(const dht::InfoHash& h, bool confirmed) +{ + JAMI_WARN("[Contacts] addContact: %s", h.to_c_str()); + auto c = contacts_.find(h); + if (c == contacts_.end()) + c = contacts_.emplace(h, Contact{}).first; + else if (c->second.isActive() and c->second.confirmed == confirmed) + return false; + c->second.added = std::time(nullptr); + c->second.confirmed |= confirmed; + auto hStr = h.toString(); + trust_.setCertificateStatus(hStr, tls::TrustStore::PermissionStatus::ALLOWED); + saveContacts(); + callbacks_.contactAdded(hStr, c->second.confirmed); + //emitSignal(account_.get().getAccountID(), hStr, c->second.confirmed); + //syncDevices(); + return true; +} + +bool +ContactList::removeContact(const dht::InfoHash& h, bool ban) +{ + JAMI_WARN("[Contacts] removeContact: %s", h.to_c_str()); + auto c = contacts_.find(h); + if (c == contacts_.end()) + c = contacts_.emplace(h, Contact{}).first; + else if (not c->second.isActive() and c->second.banned == ban) + return false; + c->second.removed = std::time(nullptr); + c->second.banned = ban; + auto uri = h.toString(); + trust_.setCertificateStatus(uri, ban ? tls::TrustStore::PermissionStatus::BANNED + : tls::TrustStore::PermissionStatus::UNDEFINED); + if (ban and trustRequests_.erase(h) > 0) + saveTrustRequests(); + saveContacts(); + callbacks_.contactRemoved(uri, ban); + //emitSignal(account_.get().getAccountID(), uri, ban); + //syncDevices(); + return true; +} + +std::map +ContactList::getContactDetails(const dht::InfoHash& h) const +{ + const auto c = contacts_.find(h); + if (c == std::end(contacts_)) { + JAMI_WARN("[Contacts] contact '%s' not found", h.to_c_str()); + return {}; + } + + auto details = c->second.toMap(); + if (not details.empty()) + details["id"] = c->first.toString(); + + return details; +} + +const std::map& +ContactList::getContacts() const +{ + return contacts_; +} + +void +ContactList::setContacts(const std::map& contacts) +{ + contacts_ = contacts; + saveContacts(); +} + +void +ContactList::updateContact(const dht::InfoHash& id, const Contact& contact) +{ + if (not id) { + JAMI_ERR("[Contacts] updateContact: invalid contact ID"); + return; + } + bool stateChanged {false}; + auto c = contacts_.find(id); + if (c == contacts_.end()) { + JAMI_DBG("[Contacts] new contact: %s", id.toString().c_str()); + c = contacts_.emplace(id, contact).first; + stateChanged = c->second.isActive() or c->second.isBanned(); + } else { + JAMI_DBG("[Contacts] updated contact: %s", id.toString().c_str()); + stateChanged = c->second.update(contact); + } + if (stateChanged) { + if (c->second.isActive()) { + trust_.setCertificateStatus(id.toString(), tls::TrustStore::PermissionStatus::ALLOWED); + callbacks_.contactAdded(id.toString(), c->second.confirmed); + } else { + if (c->second.banned) + trust_.setCertificateStatus(id.toString(), tls::TrustStore::PermissionStatus::BANNED); + callbacks_.contactRemoved(id.toString(), c->second.banned); + } + } +} + +void +ContactList::loadContacts() +{ + decltype(contacts_) contacts; + try { + // read file + auto file = fileutils::loadFile("contacts", path_); + // load values + msgpack::object_handle oh = msgpack::unpack((const char*)file.data(), file.size()); + oh.get().convert(contacts); + } catch (const std::exception& e) { + JAMI_WARN("[Contacts] error loading contacts: %s", e.what()); + return; + } + + for (auto& peer : contacts) + updateContact(peer.first, peer.second); +} + +void +ContactList::saveContacts() const +{ + std::ofstream file(path_+DIR_SEPARATOR_STR "contacts", std::ios::trunc | std::ios::binary); + msgpack::pack(file, contacts_); +} + +void +ContactList::saveTrustRequests() const +{ + std::ofstream file(path_+DIR_SEPARATOR_STR "incomingTrustRequests", std::ios::trunc | std::ios::binary); + msgpack::pack(file, trustRequests_); +} + +void +ContactList::loadTrustRequests() +{ + std::map requests; + try { + // read file + auto file = fileutils::loadFile("incomingTrustRequests", path_); + // load values + msgpack::object_handle oh = msgpack::unpack((const char*)file.data(), file.size()); + oh.get().convert(requests); + } catch (const std::exception& e) { + JAMI_WARN("[Contacts] error loading trust requests: %s", e.what()); + return; + } + + for (auto& tr : requests) + onTrustRequest(tr.first, tr.second.device, tr.second.received, false, std::move(tr.second.payload)); +} + +bool +ContactList::onTrustRequest(const dht::InfoHash& peer_account, const dht::InfoHash& peer_device, time_t received, bool confirm, std::vector&& payload) +{ + bool accept = false; + // Check existing contact + auto contact = contacts_.find(peer_account); + if (contact != contacts_.end()) { + // Banned contact: discard request + if (contact->second.isBanned()) + return false; + // Send confirmation + if (not confirm) + accept = true; + // Contact exists, update confirmation status + if (not contact->second.confirmed) { + contact->second.confirmed = true; + callbacks_.contactAdded(peer_account.toString(), true); + saveContacts(); + //syncDevices(); + } + } else { + auto req = trustRequests_.find(peer_account); + if (req == trustRequests_.end()) { + // Add trust request + req = trustRequests_.emplace(peer_account, TrustRequest{ + peer_device, received, std::move(payload) + }).first; + } else { + // Update trust request + if (received < req->second.received) { + req->second.device = peer_device; + req->second.received = received; + req->second.payload = std::move(payload); + } else { + JAMI_DBG("[Contacts] Ignoring outdated trust request from %s", peer_account.toString().c_str()); + } + } + saveTrustRequests(); + callbacks_.trustRequest(req->first.toString(), req->second.payload, received); + } + return accept; +} + + +/* trust requests */ + +std::vector> +ContactList::getTrustRequests() const +{ + using Map = std::map; + std::vector ret; + ret.reserve(trustRequests_.size()); + for (const auto& r : trustRequests_) { + ret.emplace_back(Map { + {DRing::Account::TrustRequest::FROM, r.first.toString()}, + {DRing::Account::TrustRequest::RECEIVED, std::to_string(r.second.received)}, + {DRing::Account::TrustRequest::PAYLOAD, std::string(r.second.payload.begin(), r.second.payload.end())} + }); + } + return ret; +} + +bool +ContactList::acceptTrustRequest(const dht::InfoHash& from) +{ + // The contact sent us a TR so we are in its contact list + addContact(from, true); + + auto i = trustRequests_.find(from); + if (i == trustRequests_.end()) + return false; + + // Clear trust request + auto treq = std::move(i->second); + trustRequests_.erase(i); + saveTrustRequests(); + + // Send confirmation + //account_.get().sendTrustRequestConfirm(from); + return true; +} + +bool +ContactList::discardTrustRequest(const dht::InfoHash& from) +{ + if (trustRequests_.erase(from) > 0) { + saveTrustRequests(); + return true; + } + return false; +} + +void +ContactList::loadKnownDevices() +{ + std::map> knownDevices; + try { + // read file + auto file = fileutils::loadFile("knownDevicesNames", path_); + // load values + msgpack::object_handle oh = msgpack::unpack((const char*)file.data(), file.size()); + oh.get().convert(knownDevices); + } catch (const std::exception& e) { + JAMI_WARN("[Contacts] error loading devices: %s", e.what()); + return; + } + + for (const auto& d : knownDevices) { + JAMI_DBG("[Contacts] loading known account device %s %s", + d.second.first.c_str(), + d.first.toString().c_str()); + if (auto crt = tls::CertificateStore::instance().getCertificate(d.first.toString())) { + if (not foundAccountDevice(crt, d.second.first, clock::from_time_t(d.second.second))) + JAMI_WARN("[Contacts] can't add device %s", d.first.toString().c_str()); + } + else { + JAMI_WARN("[Contacts] can't find certificate for device %s", d.first.toString().c_str()); + } + } +} + +void +ContactList::saveKnownDevices() const +{ + std::ofstream file(path_+DIR_SEPARATOR_STR "knownDevicesNames", std::ios::trunc | std::ios::binary); + + std::map> devices; + for (const auto& id : knownDevices_) + devices.emplace(id.first, std::make_pair(id.second.name, clock::to_time_t(id.second.last_sync))); + + msgpack::pack(file, devices); +} + +bool +ContactList::foundAccountDevice(const std::shared_ptr& crt, const std::string& name, const time_point& updated) +{ + if (not crt) + return false; + + // match certificate chain + if (not accountTrust_.verify(*crt)) { + JAMI_WARN("[Contacts] Found invalid account device: %s", crt->getId().toString().c_str()); + return false; + } + + // insert device + auto it = knownDevices_.emplace(crt->getId(), KnownDevice{crt, name, updated}); + if (it.second) { + JAMI_DBG("[Contacts] Found account device: %s %s", + name.c_str(), + crt->getId().toString().c_str()); + tls::CertificateStore::instance().pinCertificate(crt); + saveKnownDevices(); + callbacks_.devicesChanged(); + } else { + // update device name + if (not name.empty() and it.first->second.name != name) { + JAMI_DBG("[Contacts] updating device name: %s %s", + name.c_str(), + crt->getId().toString().c_str()); + it.first->second.name = name; + saveKnownDevices(); + callbacks_.devicesChanged(); + } + } + return true; +} + +bool +ContactList::removeAccountDevice(const dht::InfoHash& device) +{ + if (knownDevices_.erase(device) > 0) { + saveKnownDevices(); + return true; + } + return false; +} + +void +ContactList::setAccountDeviceName(const dht::InfoHash& device, const std::string& name) +{ + auto dev = knownDevices_.find(device); + if (dev != knownDevices_.end()) { + if (dev->second.name != name) { + dev->second.name = name; + saveKnownDevices(); + } + } +} + +DeviceSync +ContactList::getSyncData() const +{ + DeviceSync sync_data; + sync_data.date = clock::now().time_since_epoch().count(); + //sync_data.device_name = ringDeviceName_; + sync_data.peers = getContacts(); + + static constexpr size_t MAX_TRUST_REQUESTS = 20; + if (trustRequests_.size() <= MAX_TRUST_REQUESTS) + for (const auto& req : trustRequests_) + sync_data.trust_requests.emplace(req.first, TrustRequest{req.second.device, req.second.received, {}}); + else { + size_t inserted = 0; + auto req = trustRequests_.lower_bound(dht::InfoHash::getRandom()); + while (inserted++ < MAX_TRUST_REQUESTS) { + if (req == trustRequests_.end()) + req = trustRequests_.begin(); + sync_data.trust_requests.emplace(req->first, TrustRequest{req->second.device, req->second.received, {}}); + ++req; + } + } + + for (const auto& dev : knownDevices_) { + sync_data.devices_known.emplace(dev.first, dev.second.name); + } + return sync_data; +} + +bool +ContactList::syncDevice(const dht::InfoHash& device, const time_point& syncDate) +{ + auto it = knownDevices_.find(device); + if (it == knownDevices_.end()) { + JAMI_WARN("[Contacts] dropping sync data from unknown device"); + return false; + } + if (it->second.last_sync >= syncDate) { + JAMI_DBG("[Contacts] dropping outdated sync data"); + return false; + } + it->second.last_sync = syncDate; + return true; +} + +/* +void +ContactList::onSyncData(DeviceSync&& sync) +{ + auto it = knownDevices_.find(sync.from); + if (it == knownDevices_.end()) { + JAMI_WARN("[Contacts] dropping sync data from unknown device"); + return; + } + auto sync_date = clock::time_point(clock::duration(sync.date)); + if (it->second.last_sync >= sync_date) { + JAMI_DBG("[Contacts] dropping outdated sync data"); + return; + } + + // Sync known devices + JAMI_DBG("[Contacts] received device sync data (%lu devices, %lu contacts)", sync.devices_known.size(), sync.peers.size()); + for (const auto& d : sync.devices_known) { + account_.get().findCertificate(d.first, [this,d](const std::shared_ptr& crt) { + if (not crt) + return; + //std::lock_guard lock(deviceListMutex_); + foundAccountDevice(crt, d.second); + }); + } + saveKnownDevices(); + + // Sync contacts + for (const auto& peer : sync.peers) + updateContact(peer.first, peer.second); + saveContacts(); + + // Sync trust requests + for (const auto& tr : sync.trust_requests) + onTrustRequest(tr.first, tr.second.device, tr.second.received, false, {}); + + it->second.last_sync = sync_date; +} +*/ +} diff --git a/src/jamidht/contact_list.h b/src/jamidht/contact_list.h new file mode 100644 index 000000000..e29375895 --- /dev/null +++ b/src/jamidht/contact_list.h @@ -0,0 +1,128 @@ +/* + * Copyright (C) 2019 Savoir-faire Linux Inc. + * + * Author: Adrien Béraud + * + * This program is free software; you can redistribute it and/or modify + * it under the terms of the GNU General Public License as published by + * the Free Software Foundation; either version 3 of the License, or + * (at your option) any later version. + * + * This program is distributed in the hope that it will be useful, + * but WITHOUT ANY WARRANTY; without even the implied warranty of + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + * GNU General Public License for more details. + * + * You should have received a copy of the GNU General Public License + * along with this program; if not, write to the Free Software + * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA. + */ +#pragma once + +#include "jami_contact.h" +#include "security/certstore.h" + +#include +#include + +#include +#include +#include + +namespace jami { + +class ContactList { +public: + using clock = std::chrono::system_clock; + using time_point = clock::time_point; + using VerifyResult = dht::crypto::TrustList::VerifyResult; + + using OnContactAdded = std::function; + using OnContactRemoved = std::function; + using OnIncomingTrustRequest = std::function&, time_t)>; + using OnDevicesChanged = std::function; + + struct OnChangeCallback { + OnContactAdded contactAdded; + OnContactRemoved contactRemoved; + OnIncomingTrustRequest trustRequest; + OnDevicesChanged devicesChanged; + }; + + ContactList(const std::shared_ptr& cert, const std::string& path, OnChangeCallback cb); + ~ContactList(); + + void load(); + void save(); + + /* Contacts */ + std::map getContactDetails(const dht::InfoHash&) const; + bool removeContact(const dht::InfoHash&, bool ban); + bool addContact(const dht::InfoHash&, bool confirmed = false); + + bool setCertificateStatus(const std::string& cert_id, const tls::TrustStore::PermissionStatus status); + bool setCertificateStatus(const std::shared_ptr& cert, tls::TrustStore::PermissionStatus status, bool local = true); + + tls::TrustStore::PermissionStatus getCertificateStatus(const std::string& cert_id) const { + return trust_.getCertificateStatus(cert_id); + } + + std::vector getCertificatesByStatus(tls::TrustStore::PermissionStatus status) const { + return trust_.getCertificatesByStatus(status); + } + + bool isAllowed(const crypto::Certificate& crt, bool allowPublic) { + return trust_.isAllowed(crt, allowPublic); + } + + VerifyResult isValidAccountDevice(const crypto::Certificate& crt) const { + return accountTrust_.verify(crt); + } + + const std::map& getContacts() const; + void setContacts(const std::map&); + void updateContact(const dht::InfoHash&, const Contact&); + + /* Contact requests */ + + /** Inform of a new contact request. Returns true if the request should be immediatly accepted (already a contact) */ + bool onTrustRequest(const dht::InfoHash& peer_account, const dht::InfoHash& peer_device, time_t received, bool confirm, std::vector&& payload); + std::vector> getTrustRequests() const; + bool acceptTrustRequest(const dht::InfoHash& from); + bool discardTrustRequest(const dht::InfoHash& from); + + /* Devices */ + const std::map& getKnownDevices() const { return knownDevices_; } + bool foundAccountDevice(const std::shared_ptr& crt, const std::string& name = {}, const time_point& last_sync = time_point::min()); + bool removeAccountDevice(const dht::InfoHash& device); + void setAccountDeviceName(const dht::InfoHash& device, const std::string& name); + + DeviceSync getSyncData() const; + bool syncDevice(const dht::InfoHash& device, const time_point& syncDate); + //void onSyncData(DeviceSync&& device); + +private: + mutable std::mutex lock; + std::map contacts_; + std::map trustRequests_; + std::map knownDevices_; + + // Trust store with account main certificate as the only CA + dht::crypto::TrustList accountTrust_; + // Trust store for to match peer certificates + tls::TrustStore trust_; + std::string path_; + + OnChangeCallback callbacks_; + + void loadContacts(); + void saveContacts() const; + + void loadTrustRequests(); + void saveTrustRequests() const; + + void loadKnownDevices(); + void saveKnownDevices() const; +}; + +} diff --git a/src/jamidht/ringcontact.h b/src/jamidht/jami_contact.h similarity index 67% rename from src/jamidht/ringcontact.h rename to src/jamidht/jami_contact.h index 2ed9a3a08..9138a6d1a 100644 --- a/src/jamidht/ringcontact.h +++ b/src/jamidht/jami_contact.h @@ -19,6 +19,10 @@ #include "string_utils.h" +#include +#include +#include + #include #include @@ -108,4 +112,51 @@ struct Contact MSGPACK_DEFINE_MAP(added, removed, confirmed, banned) }; +struct TrustRequest { + dht::InfoHash device; + time_t received; + std::vector payload; + MSGPACK_DEFINE_MAP(device, received, payload) +}; + +struct DeviceAnnouncement : public dht::SignedValue +{ +private: + using BaseClass = dht::SignedValue; +public: + static const constexpr dht::ValueType& TYPE = dht::ValueType::USER_DATA; + dht::InfoHash dev; + MSGPACK_DEFINE_MAP(dev); +}; + +struct DeviceSync : public dht::EncryptedValue +{ + static const constexpr dht::ValueType& TYPE = dht::ValueType::USER_DATA; + uint64_t date; + std::string device_name; + std::map devices_known; + std::map peers; + std::map trust_requests; + MSGPACK_DEFINE_MAP(date, device_name, devices_known, peers, trust_requests) +}; + +struct KnownDevice { + using clock = std::chrono::system_clock; + using time_point = clock::time_point; + + /** Device certificate */ + std::shared_ptr certificate; + + /** Device name */ + std::string name {}; + + /** Time of last received device sync */ + time_point last_sync {time_point::min()}; + + KnownDevice(const std::shared_ptr& cert, + const std::string& n = {}, + time_point sync = time_point::min()) + : certificate(cert), name(n), last_sync(sync) {} +}; + } diff --git a/src/jamidht/jamiaccount.cpp b/src/jamidht/jamiaccount.cpp index de6e75dea..c30795ac4 100644 --- a/src/jamidht/jamiaccount.cpp +++ b/src/jamidht/jamiaccount.cpp @@ -31,8 +31,10 @@ #include "logger.h" #include "accountarchive.h" -#include "ringcontact.h" +#include "jami_contact.h" #include "configkeys.h" +#include "contact_list.h" +#include "account_manager.h" #include "sip/sdp.h" #include "sip/sipvoiplink.h" @@ -153,58 +155,6 @@ struct JamiAccount::PendingMessage std::chrono::steady_clock::time_point received; }; -struct -JamiAccount::TrustRequest { - dht::InfoHash device; - time_t received; - std::vector payload; - MSGPACK_DEFINE_MAP(device, received, payload) -}; - -/** - * Represents a known device attached to this account - */ -struct JamiAccount::KnownDevice -{ - /** Device certificate */ - std::shared_ptr certificate; - - /** Device name */ - std::string name {}; - - /** Time of last received device sync */ - time_point last_sync {time_point::min()}; - - KnownDevice(const std::shared_ptr& cert, - const std::string& n = {}, - time_point sync = time_point::min()) - : certificate(cert), name(n), last_sync(sync) {} -}; - -/** - * Device announcement stored on DHT. - */ -struct JamiAccount::DeviceAnnouncement : public dht::SignedValue -{ -private: - using BaseClass = dht::SignedValue; -public: - static const constexpr dht::ValueType& TYPE = dht::ValueType::USER_DATA; - dht::InfoHash dev; - MSGPACK_DEFINE_MAP(dev); -}; - -struct JamiAccount::DeviceSync : public dht::EncryptedValue -{ - static const constexpr dht::ValueType& TYPE = dht::ValueType::USER_DATA; - uint64_t date; - std::string device_name; - std::map devices_known; - std::map peers; - std::map trust_requests; - MSGPACK_DEFINE_MAP(date, device_name, devices_known, peers, trust_requests) -}; - struct AccountPeerInfo { dht::InfoHash accountId; @@ -258,11 +208,11 @@ parseRingUri(const std::string& toUrl) { auto sufix = stripPrefix(toUrl); if (sufix.length() < 40) - throw std::invalid_argument("id must be a ring infohash"); + throw std::invalid_argument("id must be a Jami infohash"); const std::string toUri = sufix.substr(0, 40); if (std::find_if_not(toUri.cbegin(), toUri.cend(), ::isxdigit) != toUri.cend()) - throw std::invalid_argument("id must be a ring infohash"); + throw std::invalid_argument("id must be a Jami infohash"); return toUri; } @@ -291,15 +241,10 @@ JamiAccount::createIceTransport(const Args&... args) JamiAccount::JamiAccount(const std::string& accountID, bool /* presenceEnabled */) : SIPAccountBase(accountID) -#if HAVE_RINGNS - , nameDir_(NameDirectory::instance()) -#endif + , dht_(new dht::DhtRunner) , idPath_(fileutils::get_data_dir()+DIR_SEPARATOR_STR+getAccountID()) , cachePath_(fileutils::get_cache_dir()+DIR_SEPARATOR_STR+getAccountID()) , dataPath_(cachePath_ + DIR_SEPARATOR_STR "values") - , proxyEnabled_(false) - , proxyServer_("") - , deviceKey_("") , dhtPeerConnector_ {new DhtPeerConnector {*this}} { // Force the SFL turn server if none provided yet @@ -326,7 +271,8 @@ JamiAccount::~JamiAccount() peerDiscovery_->stopPublish(PEER_DISCOVERY_JAMI_SERVICE); peerDiscovery_->stopDiscovery(PEER_DISCOVERY_JAMI_SERVICE); } - dht_.join(); + if (auto dht = dht_) + dht->join(); } void @@ -449,7 +395,7 @@ JamiAccount::startOutgoingCall(const std::shared_ptr& call, const std:: std::weak_ptr wCall = call; #if HAVE_RINGNS - nameDir_.get().lookupAddress(toUri, [wCall](const std::string& result, const NameDirectory::Response& response){ + accountManager_->lookupAddress(toUri, [wCall](const std::string& result, const NameDirectory::Response& response){ if (response == NameDirectory::Response::found) if (auto call = wCall.lock()) { call->setPeerRegistredName(result); @@ -460,7 +406,7 @@ JamiAccount::startOutgoingCall(const std::shared_ptr& call, const std:: // Find listening devices for this account dht::InfoHash peer_account(toUri); - forEachDevice(peer_account, [this, wCall, toUri, peer_account](const dht::InfoHash& dev) + accountManager_->forEachDevice(peer_account, [this, wCall, toUri, peer_account](const dht::InfoHash& dev) { auto call = wCall.lock(); if (not call) return; @@ -476,7 +422,7 @@ JamiAccount::startOutgoingCall(const std::shared_ptr& call, const std:: auto ice = createIceTransport(("sip:" + dev_call->getCallId()).c_str(), ICE_COMPONENTS, true, getIceOptions()); if (not ice) { - JAMI_WARN("Can't create ICE"); + JAMI_WARN("[call %s] Can't create ICE", call->getCallId().c_str()); dev_call->removeCall(); return; } @@ -489,7 +435,10 @@ JamiAccount::startOutgoingCall(const std::shared_ptr& call, const std:: } call->addSubCall(*dev_call); - manager.addTask([sthis=shared(), weak_dev_call, ice, ice_tcp, dev, toUri, peer_account] { + manager.addTask([w=weak(), weak_dev_call, ice, ice_tcp, dev, toUri, peer_account] { + auto sthis = w.lock(); + if (not sthis) + return false; auto call = weak_dev_call.lock(); // call aborted? @@ -524,10 +473,10 @@ JamiAccount::startOutgoingCall(const std::shared_ptr& call, const std:: } dht::Value val { dht::IceCandidates(callvid, blob) }; - sthis->dht_.putEncrypted( + sthis->dht_->putEncrypted( callkey, dev, std::move(val), - [=](bool ok) { // Put complete callback + [weak_dev_call](bool ok) { // Put complete callback if (!ok) { JAMI_WARN("Can't put ICE descriptor on DHT"); if (auto call = weak_dev_call.lock()) @@ -537,7 +486,7 @@ JamiAccount::startOutgoingCall(const std::shared_ptr& call, const std:: } ); - auto listenKey = sthis->dht_.listen( + auto listenKey = sthis->dht_->listen( callkey, [weak_dev_call, ice, ice_tcp, callvid, dev] (dht::IceCandidates&& msg) { if (msg.id != callvid or msg.from != dev) @@ -803,6 +752,7 @@ void JamiAccount::unserialize(const YAML::Node &node) JAMI_WARN("can't read receipt: %s", e.what()); } + parseValueOptional(node, Conf::DHT_PORT_KEY, dhtPort_); if (not dhtPort_) dhtPort_ = getRandomEvenPort(DHT_PORT_RANGE); dhtPortUsed_ = dhtPort_; @@ -813,7 +763,6 @@ void JamiAccount::unserialize(const YAML::Node &node) #if HAVE_RINGNS parseValueOptional(node, DRing::Account::ConfProperties::RingNS::URI, nameServer_); - nameDir_ = NameDirectory::instance(nameServer_); if (registeredName_.empty()) { parseValueOptional(node, DRing::Account::VolatileProperties::REGISTERED_NAME, registeredName_); } @@ -823,202 +772,7 @@ void JamiAccount::unserialize(const YAML::Node &node) loadAccount(); } - -void -JamiAccount::createRingDevice(const dht::crypto::Identity& id) -{ - if (not id.second->isCA()) { - JAMI_ERR("[Account %s] trying to sign a certificate with a non-CA.", getAccountID().c_str()); - } - auto dev_id = dht::crypto::generateIdentity("Ring device", id); - if (!dev_id.first || !dev_id.second) { - throw VoipLinkException("Can't generate identity for this account."); - } - idPath_ = fileutils::get_data_dir() + DIR_SEPARATOR_STR + getAccountID(); - fileutils::check_dir(idPath_.c_str(), 0700); - - // save the chain including CA - std::tie(tlsPrivateKeyFile_, tlsCertificateFile_) = saveIdentity(dev_id, idPath_, "ring_device"); - tlsPassword_ = {}; - identity_ = dev_id; - accountTrust_ = dht::crypto::TrustList{}; - accountTrust_.add(*id.second); - auto deviceId = dev_id.first->getPublicKey().getId(); - ringDeviceId_ = deviceId.toString(); - ringDeviceName_ = ip_utils::getDeviceName(); - if (ringDeviceName_.empty()) - ringDeviceName_ = ringDeviceId_.substr(8); - - { - std::lock_guard devicelock(deviceListMutex_); - knownDevices_.emplace(deviceId, KnownDevice{dev_id.second, ringDeviceName_, clock::now()}); - } - - receipt_ = makeReceipt(id); - receiptSignature_ = id.first->sign({receipt_.begin(), receipt_.end()}); - JAMI_WARN("[Account %s] created new device: %s (%s)", - getAccountID().c_str(), ringDeviceId_.c_str(), ringDeviceName_.c_str()); -} - -void -JamiAccount::initRingDevice(const AccountArchive& a) -{ - JAMI_WARN("[Account %s] creating new device from archive", getAccountID().c_str()); - SIPAccountBase::setAccountDetails(a.config); - parseInt(a.config, Conf::CONFIG_DHT_PORT, dhtPort_); - parseBool(a.config, Conf::CONFIG_DHT_PUBLIC_IN_CALLS, dhtPublicInCalls_); - parseBool(a.config, DRing::Account::ConfProperties::ALLOW_CERT_FROM_HISTORY, allowPeersFromHistory_); - parseBool(a.config, DRing::Account::ConfProperties::ALLOW_CERT_FROM_CONTACT, allowPeersFromContact_); - parseBool(a.config, DRing::Account::ConfProperties::ALLOW_CERT_FROM_TRUSTED, allowPeersFromTrusted_); - ringAccountId_ = a.id.second->getId().toString(); - username_ = RING_URI_PREFIX+ringAccountId_; - ethAccount_ = dev::KeyPair(dev::Secret(a.eth_key)).address().hex(); - contacts_ = a.contacts; - createRingDevice(a.id); - saveContacts(); -} - -std::string -JamiAccount::makeReceipt(const dht::crypto::Identity& id) -{ - JAMI_DBG("[Account %s] signing device receipt", getAccountID().c_str()); - DeviceAnnouncement announcement; - announcement.dev = identity_.second->getId(); - dht::Value ann_val {announcement}; - ann_val.sign(*id.first); - - std::ostringstream is; - is << "{\"id\":\"" << id.second->getId() - << "\",\"dev\":\"" << identity_.second->getId() - << "\",\"eth\":\"" << ethAccount_ - << "\",\"announce\":\"" << base64::encode(ann_val.getPacked()) << "\"}"; - - announce_ = std::make_shared(std::move(ann_val)); - return is.str(); -} - -bool -JamiAccount::useIdentity(const dht::crypto::Identity& identity) -{ - if (receipt_.empty() or receiptSignature_.empty()) - return false; - - if (not identity.first or not identity.second) { - JAMI_ERR("[Account %s] no identity provided", getAccountID().c_str()); - return false; - } - - auto accountCertificate = identity.second->issuer; - if (not accountCertificate) { - JAMI_ERR("[Account %s] device certificate must be issued by the account certificate", getAccountID().c_str()); - return false; - } - - // match certificate chain - dht::crypto::TrustList account_trust; - account_trust.add(*accountCertificate); - if (not account_trust.verify(*identity.second)) { - JAMI_ERR("[Account %s] can't use identity: device certificate chain can't be verified", getAccountID().c_str()); - return false; - } - - auto pk = accountCertificate->getPublicKey(); - JAMI_DBG("[Account %s] checking device receipt for %s", getAccountID().c_str(), pk.getId().toString().c_str()); - if (!pk.checkSignature({receipt_.begin(), receipt_.end()}, receiptSignature_)) { - JAMI_ERR("[Account %s] device receipt signature check failed", getAccountID().c_str()); - return false; - } - - Json::Value root; - Json::CharReaderBuilder rbuilder; - auto reader = std::unique_ptr(rbuilder.newCharReader()); - if (!reader->parse(&receipt_[0], &receipt_[receipt_.size()], &root, nullptr)) { - JAMI_ERR() << this << " device receipt parsing error"; - return false; - } - - auto dev_id = root["dev"].asString(); - if (dev_id != identity.second->getId().toString()) { - JAMI_ERR("[Account %s] device ID mismatch between receipt and certificate", getAccountID().c_str()); - return false; - } - auto id = root["id"].asString(); - if (id != pk.getId().toString()) { - JAMI_ERR("[Account %s] account ID mismatch between receipt and certificate", getAccountID().c_str()); - return false; - } - - dht::Value announce_val; - try { - auto announce = base64::decode(root["announce"].asString()); - msgpack::object_handle announce_msg = msgpack::unpack((const char*)announce.data(), announce.size()); - //dht::Value announce_val (announce_msg.get()); - announce_val.msgpack_unpack(announce_msg.get()); - if (not announce_val.checkSignature()) { - JAMI_ERR("[Account %s] announce signature check failed", getAccountID().c_str()); - return false; - } - DeviceAnnouncement da; - da.unpackValue(announce_val); - if (da.from.toString() != id or da.dev.toString() != dev_id) { - JAMI_ERR("[Account %s] device ID mismatch in announce", getAccountID().c_str()); - return false; - } - } catch (const std::exception& e) { - JAMI_ERR("[Account %s] can't read announce: %s", getAccountID().c_str(), e.what()); - return false; - } - - // success, make use of this identity (certificate chain and private key) - identity_ = identity; - accountTrust_ = std::move(account_trust); - ringAccountId_ = id; - ringDeviceId_ = identity.first->getPublicKey().getId().toString(); - username_ = RING_URI_PREFIX + id; - announce_ = std::make_shared(std::move(announce_val)); - ethAccount_ = root["eth"].asString(); - - JAMI_DBG("[Account %s] ring:%s device %s receipt checked successfully", getAccountID().c_str(), id.c_str(), ringDeviceId_.c_str()); - return true; -} - -dht::crypto::Identity -JamiAccount::loadIdentity(const std::string& crt_path, const std::string& key_path, const std::string& key_pwd) const -{ - JAMI_DBG("[Account %s] loading identity: %s %s", getAccountID().c_str(), crt_path.c_str(), key_path.c_str()); - dht::crypto::Identity id; - try { - dht::crypto::Certificate dht_cert(fileutils::loadFile(crt_path, idPath_)); - dht::crypto::PrivateKey dht_key(fileutils::loadFile(key_path, idPath_), key_pwd); - auto crt_id = dht_cert.getId(); - if (crt_id != dht_key.getPublicKey().getId()) - return {}; - - if (not dht_cert.issuer) { - JAMI_ERR("[Account %s] device certificate %s has no issuer", getAccountID().c_str(), dht_cert.getId().toString().c_str()); - return {}; - } - // load revocation lists for device authority (account certificate). - tls::CertificateStore::instance().loadRevocations(*dht_cert.issuer); - - id = { - std::make_shared(std::move(dht_key)), - std::make_shared(std::move(dht_cert)) - }; - } - catch (const std::exception& e) { - JAMI_ERR("Error loading identity: %s", e.what()); - } - - return id; -} - -AccountArchive -JamiAccount::readArchive(const std::string& pwd) const -{ - JAMI_DBG("[Account %s] reading account archive", getAccountID().c_str()); - return AccountArchive(fileutils::getFullPath(idPath_, archivePath_), pwd); -} +/* void JamiAccount::updateArchive(AccountArchive& archive) const @@ -1053,31 +807,15 @@ JamiAccount::updateArchive(AccountArchive& archive) const } else archive.config.insert(it); } - archive.contacts = contacts_; -} - -void -JamiAccount::saveArchive(AccountArchive& archive, const std::string& pwd) -{ - try { - updateArchive(archive); - if (archivePath_.empty()) - archivePath_ = "export.gz"; - archive.save(fileutils::getFullPath(idPath_, archivePath_), pwd); - archiveHasPassword_ = not pwd.empty(); - } catch (const std::runtime_error& ex) { - JAMI_ERR("[Account %s] Can't export archive: %s", getAccountID().c_str(), ex.what()); - return; - } + archive.contacts = contactList_->getContacts(); } +*/ bool JamiAccount::changeArchivePassword(const std::string& password_old, const std::string& password_new) { - auto path = fileutils::getFullPath(idPath_, archivePath_); try { - AccountArchive(path, password_old).save(path, password_new); - archiveHasPassword_ = not password_new.empty(); + accountManager_->changePassword(password_old, password_new); } catch (const std::exception& ex) { JAMI_ERR("[Account %s] Can't change archive password: %s", getAccountID().c_str(), ex.what()); if (password_old.empty()) { @@ -1091,85 +829,20 @@ JamiAccount::changeArchivePassword(const std::string& password_old, const std::s return true; } -std::pair, dht::InfoHash> -JamiAccount::computeKeys(const std::string& password, const std::string& pin, bool previous) -{ - // Compute time seed - auto now = std::chrono::duration_cast(clock::now().time_since_epoch()); - auto tseed = now.count() / std::chrono::seconds(EXPORT_KEY_RENEWAL_TIME).count(); - if (previous) - tseed--; - std::stringstream ss; - ss << std::hex << tseed; - auto tseed_str = ss.str(); - - // Generate key for archive encryption, using PIN as the salt - std::vector salt_key; - salt_key.reserve(pin.size() + tseed_str.size()); - salt_key.insert(salt_key.end(), pin.begin(), pin.end()); - salt_key.insert(salt_key.end(), tseed_str.begin(), tseed_str.end()); - auto key = dht::crypto::stretchKey(password, salt_key, 256/8); - - // Generate public storage location as SHA1(key). - auto loc = dht::InfoHash::get(key); - - return {key, loc}; -} - -std::string -generatePIN(size_t length = 8) -{ - static constexpr const char alphabet[] = "0123456789ABCDEFGHIJKLMNOPQRSTUVWXYZ"; - dht::crypto::random_device rd; - std::uniform_int_distribution dis(0, sizeof(alphabet)-2); - std::string ret; - ret.reserve(length); - for (size_t i=0; i key; - dht::InfoHash loc; - std::string pin_str; - AccountArchive a; - try { - JAMI_DBG("[Account %s] exporting account", this_->getAccountID().c_str()); - - a = this_->readArchive(password); - - // Generate random PIN - pin_str = generatePIN(); - - std::tie(key, loc) = computeKeys(password, pin_str); - } catch (const std::exception& e) { - JAMI_ERR("[Account %s] can't export account: %s", this_->getAccountID().c_str(), e.what()); - emitSignal(this_->getAccountID(), 1, ""); - return; - } - // now that key and loc are computed, display to user in lowercase - std::transform(pin_str.begin(), pin_str.end(), pin_str.begin(), ::tolower); - try { - this_->updateArchive(a); - auto encrypted = dht::crypto::aesEncrypt(archiver::compress(a.serialize()), key); - if (not this_->dht_.isRunning()) - throw std::runtime_error("DHT is not running.."); - this_->dht_.put(loc, encrypted, [this_,pin_str](bool ok) { - JAMI_DBG("[Account %s] account archive published: %s", this_->getAccountID().c_str(), ok ? "success" : "failure"); - if (ok) - emitSignal(this_->getAccountID(), 0, pin_str); - else - emitSignal(this_->getAccountID(), 2, ""); - }); - JAMI_WARN("[Account %s] exporting account with PIN: %s at %s (size %zu)", this_->getAccountID().c_str(), pin_str.c_str(), loc.toString().c_str(), encrypted.size()); - } catch (const std::exception& e) { - JAMI_ERR("[Account %s] can't export account: %s", this_->getAccountID().c_str(), e.what()); - emitSignal(this_->getAccountID(), 2, ""); - return; + accountManager_->addDevice(password, [this](AccountManager::AddDeviceResult result, std::string pin){ + switch(result) { + case AccountManager::AddDeviceResult::SUCCESS_SHOW_PIN: + emitSignal(getAccountID(), 0, pin); + break; + case AccountManager::AddDeviceResult::ERROR_CREDENTIALS: + emitSignal(getAccountID(), 1, ""); + break; + case AccountManager::AddDeviceResult::ERROR_NETWORK: + emitSignal(getAccountID(), 2, ""); + break; } }); } @@ -1177,71 +850,32 @@ JamiAccount::addDevice(const std::string& password) bool JamiAccount::exportArchive(const std::string& destinationPath, const std::string& password) { - try { - // Save contacts if possible before exporting - AccountArchive archive; - if (!archiveHasPassword_ || !password.empty()) { - archive = readArchive(password); - updateArchive(archive); - archive.save(fileutils::getFullPath(idPath_, archivePath_), password); - } - // Export the file - auto sourcePath = fileutils::getFullPath(idPath_, archivePath_); - std::ifstream src = fileutils::ifstream(sourcePath, std::ios::in | std::ios::binary); - if (!src) return false; - std::ofstream dst = fileutils::ofstream(destinationPath, std::ios::out | std::ios::binary); - dst << src.rdbuf(); - } catch (const std::runtime_error& ex) { - JAMI_ERR("[Account %s] Can't export archive: %s", getAccountID().c_str(), ex.what()); - return false; - } catch (...) { - JAMI_ERR("[Account %s] Can't export archive: can't read archive", getAccountID().c_str()); - return false; + if (auto manager = dynamic_cast(accountManager_.get())) { + return manager->exportArchive(destinationPath, password); } - return true; + return false; } bool JamiAccount::revokeDevice(const std::string& password, const std::string& device) { - // shared_ptr of future - auto fa = dht::ThreadPool::computation().getShared( - [this, password] { return readArchive(password); }); - findCertificate(dht::InfoHash(device), - [this,fa=std::move(fa),password,device](const std::shared_ptr& crt) mutable - { - if (not crt) { - emitSignal(getAccountID(), device, 2); - return; - } - std::unique_lock lock(deviceListMutex_); - foundAccountDevice(crt); - AccountArchive a; - try { - a = fa.get(); - } catch (...) { + return accountManager_->revokeDevice(password, device, [this, device](AccountManager::RevokeDeviceResult result){ + switch(result) { + case AccountManager::RevokeDeviceResult::SUCCESS: + emitSignal(getAccountID(), device, 0); + break; + case AccountManager::RevokeDeviceResult::ERROR_CREDENTIALS: emitSignal(getAccountID(), device, 1); - return; + break; + case AccountManager::RevokeDeviceResult::ERROR_NETWORK: + emitSignal(getAccountID(), device, 2); + break; } - // Add revoked device to the revocation list and resign it - if (not a.revoked) - a.revoked = std::make_shared(); - a.revoked->revoke(*crt); - a.revoked->sign(a.id); - // add to CRL cache - tls::CertificateStore::instance().pinRevocationList(a.id.second->getId().toString(), a.revoked); - tls::CertificateStore::instance().loadRevocations(*identity_.second->issuer); - saveArchive(a, password); - knownDevices_.erase(crt->getId()); - saveKnownDevices(); - emitSignal(getAccountID(), device, 0); - emitSignal(getAccountID(), getKnownDevices()); - lock.unlock(); - syncDevices(); }); return true; } + std::pair JamiAccount::saveIdentity(const dht::crypto::Identity id, const std::string& path, const std::string& name) { @@ -1253,275 +887,7 @@ JamiAccount::saveIdentity(const dht::crypto::Identity id, const std::string& pat return names; } -void -JamiAccount::loadAccountFromArchive(AccountArchive&& archive, const std::string& archive_password) -{ - initRingDevice(archive); - saveArchive(archive, archive_password); - registrationState_ = RegistrationState::UNREGISTERED; - saveConfig(); - doRegister(); -} - -void -JamiAccount::loadAccountFromFile(const std::string& archive_path, const std::string& archive_password) -{ - setRegistrationState(RegistrationState::INITIALIZING); - dht::ThreadPool::computation().run([w=weak(), archive_password, archive_path, accountId = getAccountID()]{ - AccountArchive archive; - try { - archive = AccountArchive(archive_path, archive_password); - } catch (const std::exception& ex) { - JAMI_WARN("[Account %s] can't read file: %s", accountId.c_str(), ex.what()); - if (auto this_ = w.lock()) { - this_->setRegistrationState(RegistrationState::ERROR_GENERIC); - runOnMainThread([accountId]() { - Manager::instance().removeAccount(accountId); - }); - } - return; - } - runOnMainThread([w, archive, archive_password]() mutable { - if (auto this_ = w.lock()) - this_->loadAccountFromArchive(std::move(archive), archive_password); - }); - }); -} - -void -JamiAccount::loadAccountFromDHT(const std::string& archive_password, const std::string& archive_pin) -{ - setRegistrationState(RegistrationState::INITIALIZING); - - // launch dedicated dht instance - if (dht_.isRunning()) { - JAMI_ERR("DHT already running (stopping it first)."); - dht_.join(); - } - - dht::DhtRunner::Config config {}; - config.dht_config.node_config.persist_path = cachePath_+DIR_SEPARATOR_STR "dhtstate"; - config.proxy_server = getDhtProxyServer(); - - dht::DhtRunner::Context context {}; - context.statusChangedCallback = [](dht::NodeStatus s4, dht::NodeStatus s6) { - JAMI_WARN("Dht status : IPv4 %s; IPv6 %s", dhtStatusStr(s4), dhtStatusStr(s6)); - }; - - dht_.run((in_port_t)dhtPortUsed_, config, std::move(context)); - for (const auto& bootstrap : loadBootstrap()) - dht_.bootstrap(bootstrap); - - auto w = weak(); - auto state_old = std::make_shared>(false, true); - auto state_new = std::make_shared>(false, true); - auto found = std::make_shared(false); - - auto searchEnded = [w,found,state_old,state_new](){ - if (*found) - return; - if (state_old->first && state_new->first) { - bool network_error = !state_old->second && !state_new->second; - if (auto this_ = w.lock()) { - JAMI_WARN("[Account %s] failure looking for archive on DHT: %s", this_->getAccountID().c_str(), network_error ? "network error" : "not found"); - this_->setRegistrationState(network_error ? RegistrationState::ERROR_NETWORK : RegistrationState::ERROR_GENERIC); - runOnMainThread([=]() { - Manager::instance().removeAccount(this_->getAccountID()); - }); - } - } - }; - - auto search = [w,found,archive_password,archive_pin,searchEnded](bool previous, std::shared_ptr>& state) { - std::vector key; - dht::InfoHash loc; - - // compute archive location and decryption keys - try { - std::tie(key, loc) = computeKeys(archive_password, archive_pin, previous); - if (auto this_ = w.lock()) { - JAMI_DBG("[Account %s] trying to load account from DHT with %s at %s", this_->getAccountID().c_str(), archive_pin.c_str(), loc.toString().c_str()); - this_->dht_.get(loc, [w,key,found,archive_password](const std::shared_ptr& val) { - std::vector decrypted; - try { - decrypted = archiver::decompress(dht::crypto::aesDecrypt(val->data, key)); - } catch (const std::exception& ex) { - return true; - } - JAMI_DBG("Found archive on the DHT"); - dht::ThreadPool::computation().run([=]() { - if (auto this_ = w.lock()) { - try { - *found = true; - this_->loadAccountFromArchive(AccountArchive(decrypted), archive_password); - } catch (const std::exception& e) { - JAMI_WARN("[Account %s] error reading archive: %s", this_->getAccountID().c_str(), e.what()); - this_->setRegistrationState(RegistrationState::ERROR_GENERIC); - runOnMainThread([=]() { - Manager::instance().removeAccount(this_->getAccountID()); - }); - } - } - }); - return not *found; - }, [=](bool ok) { - JAMI_DBG("[Account %s] DHT archive search ended at %s", this_->getAccountID().c_str(), loc.toString().c_str()); - state->first = true; - state->second = ok; - searchEnded(); - }); - } - } catch (const std::exception& e) { - JAMI_ERR("Error computing keys: %s", e.what()); - state->first = true; - state->second = true; - searchEnded(); - return; - } - }; - - dht::ThreadPool::computation().run(std::bind(search, true, state_old)); - dht::ThreadPool::computation().run(std::bind(search, false, state_new)); -} - -void -JamiAccount::createAccount(const std::string& archive_password, dht::crypto::Identity&& migrate) -{ - JAMI_WARN("[Account %s] creating new account", getAccountID().c_str()); - setRegistrationState(RegistrationState::INITIALIZING); - dht::ThreadPool::computation().run([sthis=shared(), archive_password, migrate]() mutable { - AccountArchive a; - auto& this_ = *sthis; - - auto future_keypair = dht::ThreadPool::computation().get(std::bind(&dev::KeyPair::create)); - try { - if (migrate.first and migrate.second) { - JAMI_WARN("[Account %s] converting certificate from old ring account %s", - this_.getAccountID().c_str(), migrate.first->getPublicKey().getId().toString().c_str()); - a.id = std::move(migrate); - try { - a.ca_key = std::make_shared(fileutils::loadFile("ca.key", this_.idPath_)); - } catch (...) {} - updateCertificates(a, migrate); - } else { - auto ca = dht::crypto::generateIdentity("Ring CA"); - if (!ca.first || !ca.second) { - throw VoipLinkException("Can't generate CA for this account."); - } - a.id = dht::crypto::generateIdentity("Ring", ca, 4096, true); - if (!a.id.first || !a.id.second) { - throw VoipLinkException("Can't generate identity for this account."); - } - JAMI_WARN("[Account %s] new account: CA: %s, RingID: %s", - this_.getAccountID().c_str(), ca.second->getId().toString().c_str(), - a.id.second->getId().toString().c_str()); - a.ca_key = ca.first; - } - this_.ringAccountId_ = a.id.second->getId().toString(); - this_.username_ = RING_URI_PREFIX+this_.ringAccountId_; - auto keypair = future_keypair.get(); - this_.ethAccount_ = keypair.address().hex(); - a.eth_key = keypair.secret().makeInsecure().asBytes(); - - this_.createRingDevice(a.id); - this_.saveArchive(a, archive_password); - } catch (...) { - this_.setRegistrationState(RegistrationState::ERROR_GENERIC); - runOnMainThread([sthis]() { - Manager::instance().removeAccount(sthis->getAccountID()); - }); - } - JAMI_DBG("[Account %s] Account creation ended, saving configuration", this_.getAccountID().c_str()); - this_.setRegistrationState(RegistrationState::UNREGISTERED); - this_.saveConfig(); - this_.doRegister(); - }); -} - -bool -JamiAccount::needsMigration(const dht::crypto::Identity& id) -{ - if (not id.second) - return false; - auto cert = id.second->issuer; - while (cert) { - if (not cert->isCA()){ - JAMI_WARN("certificate %s is not a CA, needs update.", cert->getId().toString().c_str()); - return true; - } - if (cert->getExpiration() < clock::now()) { - JAMI_WARN("certificate %s is expired, needs update.", cert->getId().toString().c_str()); - return true; - } - cert = cert->issuer; - } - return false; -} - -bool -JamiAccount::updateCertificates(AccountArchive& archive, dht::crypto::Identity& device) -{ - JAMI_WARN("Updating certificates"); - using Certificate = dht::crypto::Certificate; - - // We need the CA key to resign certificates - if (not archive.id.first or - not *archive.id.first or - not archive.id.second or - not archive.ca_key or - not *archive.ca_key) - return false; - - // Currently set the CA flag and update expiration dates - bool updated = false; - - auto& cert = archive.id.second; - auto ca = cert->issuer; - // Update CA if possible and relevant - if (not ca or (not ca->issuer and (not ca->isCA() or ca->getExpiration() < clock::now()))) { - ca = std::make_shared(Certificate::generate(*archive.ca_key, "Ring CA", {}, true)); - updated = true; - JAMI_DBG("CA CRT re-generated"); - } - - // Update certificate - if (updated or not cert->isCA() or cert->getExpiration() < clock::now()) { - cert = std::make_shared(Certificate::generate(*archive.id.first, "Ring", dht::crypto::Identity{archive.ca_key, ca}, true)); - updated = true; - JAMI_DBG("ring CRT re-generated"); - } - - if (updated and device.first and *device.first) { - // update device certificate - device.second = std::make_shared(Certificate::generate(*device.first, "Ring device", archive.id)); - JAMI_DBG("device CRT re-generated"); - } - - return updated; -} - -void -JamiAccount::migrateAccount(const std::string& pwd, dht::crypto::Identity& device) -{ - AccountArchive archive; - try { - archive = readArchive(pwd); - } catch (...) { - JAMI_DBG("[Account %s] Can't load archive", getAccountID().c_str()); - Migration::setState(accountID_, Migration::State::INVALID); - setRegistrationState(RegistrationState::ERROR_NEED_MIGRATION); - return; - } - - if (updateCertificates(archive, device)) { - std::tie(tlsPrivateKeyFile_, tlsCertificateFile_) = saveIdentity(device, idPath_, "ring_device"); - saveArchive(archive, pwd); - setRegistrationState(RegistrationState::UNREGISTERED); - Migration::setState(accountID_, Migration::State::SUCCESS); - } else - Migration::setState(accountID_, Migration::State::INVALID); -} - +// must be called while configurationMutex_ is locked void JamiAccount::loadAccount(const std::string& archive_password, const std::string& archive_pin, const std::string& archive_path) { @@ -1529,66 +895,118 @@ JamiAccount::loadAccount(const std::string& archive_password, const std::string& return; JAMI_DBG("[Account %s] loading account", getAccountID().c_str()); + + AccountManager::OnChangeCallback callbacks { + [this](const std::string& uri, bool confirmed) { + emitSignal(getAccountID(), uri, confirmed); + }, + [this](const std::string& uri, bool banned){ + emitSignal(getAccountID(), uri, banned); + }, + [this](const std::string& uri, const std::vector& payload, time_t received){ + emitSignal(getAccountID(), uri, payload, received); + }, + [this](){ + emitSignal(getAccountID(), getKnownDevices()); + }, + }; + try { - auto id = loadIdentity(tlsCertificateFile_, tlsPrivateKeyFile_, tlsPassword_); + accountManager_.reset(new ArchiveAccountManager(getPath(), + dht_, + [w = weak()](AccountManager::AsyncUser&& cb) { + if (auto this_ = w.lock()) + cb(*this_->accountManager_); + }, + [this]() { return getAccountDetails(); }, + archivePath_.empty() ? "archive.gz" : archivePath_, + nameServer_)); + + auto id = accountManager_->loadIdentity(tlsCertificateFile_, tlsPrivateKeyFile_, tlsPassword_); bool hasArchive = not archivePath_.empty() and fileutils::isFile(fileutils::getFullPath(idPath_, archivePath_)); - if (useIdentity(id)) { + + if (auto info = accountManager_->useIdentity(id, receipt_, receiptSignature_, std::move(callbacks))) { // normal loading path - loadKnownDevices(); - loadContacts(); - loadTrustRequests(); - if (not hasArchive) - JAMI_WARN("[Account %s] account archive not found, won't be able to add new devices", getAccountID().c_str()); + id_ = std::move(id); + username_ = RING_URI_PREFIX+info->accountId; + JAMI_WARN("[Account %s] loaded account identity", getAccountID().c_str()); if (not isEnabled()) { setRegistrationState(RegistrationState::UNREGISTERED); } } else if (isEnabled()) { - if (hasArchive) { - if (needsMigration(id)) { - JAMI_WARN("[Account %s] account certificate needs update", getAccountID().c_str()); - migrateAccount(archive_password, id); - } - else { - JAMI_WARN("[Account %s] archive present but no valid receipt: creating new device", getAccountID().c_str()); - try { - initRingDevice(readArchive(archive_password)); - } - catch (...) { - Migration::setState(accountID_, Migration::State::INVALID); - setRegistrationState(RegistrationState::ERROR_NEED_MIGRATION); - return; - } - Migration::setState(accountID_, Migration::State::SUCCESS); - setRegistrationState(RegistrationState::UNREGISTERED); - } - dht::ThreadPool::io().run([w = weak()]{ - if (auto this_ = w.lock()) - this_->saveConfig(); + setRegistrationState(RegistrationState::INITIALIZING); + auto fDeviceKey = dht::ThreadPool::computation().getShared>([](){ + return std::make_shared(dht::crypto::PrivateKey::generate()); }); - loadAccount(archive_password); - } - else { - // no receipt or archive, creating new account + + auto fReq = dht::ThreadPool::computation().get>([fDeviceKey]{ + auto request = std::make_unique(); + request->setName("Jami device"); + auto deviceKey = fDeviceKey.get(); + request->setUID(deviceKey->getPublicKey().getId().toString()); + request->sign(*deviceKey); + return request; + }); + + auto creds = std::make_unique(); + creds->archivePath = archivePath_.empty() ? "archive.gz" : archivePath_; if (not archive_path.empty()) { - // import account from file - loadAccountFromFile(archive_path, archive_password); + creds->scheme = "file"; + creds->uri = archive_path; } else if (not archive_pin.empty()) { - // import account from DHT - loadAccountFromDHT(archive_password, archive_pin); + creds->scheme = "dht"; + creds->uri = archive_pin; + creds->dhtBootstrap = loadBootstrap(); + creds->dhtPort = (in_port_t)dhtPortUsed_; } - else { - // create new account - createAccount(archive_password, std::move(id)); - } - } + creds->password = archive_password; + accountManager_->initAuthentication( + std::move(fReq), + std::move(creds), + [this, fDeviceKey](const AccountInfo& info, + const std::map& config, + std::string&& receipt, + std::vector&& receipt_signature) { + JAMI_WARN("Auth success !"); + + fileutils::check_dir(idPath_.c_str(), 0700); + + // save the chain including CA + auto id = info.identity; + id.first = std::move(fDeviceKey.get()); + std::tie(tlsPrivateKeyFile_, tlsCertificateFile_) = saveIdentity(id, idPath_, "ring_device"); + id_ = std::move(id); + tlsPassword_ = {}; + + username_ = RING_URI_PREFIX+info.accountId; + + ringDeviceName_ = ip_utils::getDeviceName(); + if (ringDeviceName_.empty()) + ringDeviceName_ = info.deviceId.substr(8); + + receipt_ = std::move(receipt); + receiptSignature_ = std::move(receipt_signature); + accountManager_->foundAccountDevice(info.identity.second, ringDeviceName_, clock::now()); + setRegistrationState(RegistrationState::UNREGISTERED); + + saveConfig(); + doRegister(); + }, [this](AccountManager::AuthError error, const std::string& message) { + JAMI_WARN("Auth error: %d %s", (int)error, message.c_str()); + { + std::lock_guard lock(configurationMutex_); + setRegistrationState(RegistrationState::ERROR_GENERIC); + } + Manager::instance().removeAccount(getAccountID()); + }, std::move(callbacks)); } } catch (const std::exception& e) { JAMI_WARN("[Account %s] error loading account: %s", getAccountID().c_str(), e.what()); - identity_ = dht::crypto::Identity{}; + accountManager_.reset(); setRegistrationState(RegistrationState::ERROR_GENERIC); } } @@ -1647,20 +1065,13 @@ JamiAccount::setAccountDetails(const std::map& details #if HAVE_RINGNS parseString(details, DRing::Account::ConfProperties::RingNS::URI, nameServer_); - nameDir_ = NameDirectory::instance(nameServer_); #endif loadAccount(archive_password, archive_pin, archive_path); // update device name if necessary - std::lock_guard devicelock(deviceListMutex_); - auto dev = knownDevices_.find(dht::InfoHash(ringDeviceId_)); - if (dev != knownDevices_.end()) { - if (dev->second.name != ringDeviceName_) { - dev->second.name = ringDeviceName_; - saveKnownDevices(); - } - } + if (accountManager_) + accountManager_->setAccountDeviceName(ringDeviceName_); } std::map @@ -1673,7 +1084,12 @@ JamiAccount::getAccountDetails() const a.emplace(DRing::Account::ConfProperties::DHT_PEER_DISCOVERY, dhtPeerDiscovery_ ? TRUE_STR : FALSE_STR); a.emplace(DRing::Account::ConfProperties::ACCOUNT_PEER_DISCOVERY, accountPeerDiscovery_ ? TRUE_STR : FALSE_STR); a.emplace(DRing::Account::ConfProperties::ACCOUNT_PUBLISH, accountPublish_ ? TRUE_STR : FALSE_STR); - a.emplace(DRing::Account::ConfProperties::RING_DEVICE_ID, ringDeviceId_); + if (accountManager_) { + if (auto info = accountManager_->getInfo()) { + a.emplace(DRing::Account::ConfProperties::RING_DEVICE_ID, info->deviceId); + a.emplace(DRing::Account::ConfProperties::RingNS::ACCOUNT, info->ethAccount); + } + } a.emplace(DRing::Account::ConfProperties::RING_DEVICE_NAME, ringDeviceName_); a.emplace(DRing::Account::ConfProperties::Presence::SUPPORT_SUBSCRIBE, TRUE_STR); if (not archivePath_.empty()) @@ -1703,11 +1119,8 @@ JamiAccount::getAccountDetails() const a.emplace(DRing::Account::ConfProperties::PROXY_ENABLED, proxyEnabled_ ? TRUE_STR : FALSE_STR); a.emplace(DRing::Account::ConfProperties::PROXY_SERVER, proxyServer_); a.emplace(DRing::Account::ConfProperties::PROXY_PUSH_TOKEN, deviceKey_); - - //a.emplace(DRing::Account::ConfProperties::ETH::KEY_FILE, ethPath_); - a.emplace(DRing::Account::ConfProperties::RingNS::ACCOUNT, ethAccount_); #if HAVE_RINGNS - a.emplace(DRing::Account::ConfProperties::RingNS::URI, nameDir_.get().getServer()); + a.emplace(DRing::Account::ConfProperties::RingNS::URI, nameServer_); #endif return a; @@ -1730,47 +1143,35 @@ void JamiAccount::lookupName(const std::string& name) { auto acc = getAccountID(); - NameDirectory::lookupUri(name, nameServer_, [acc,name](const std::string& result, NameDirectory::Response response) { + accountManager_->lookupName(name, [acc,name](const std::string& result, NameDirectory::Response response) { emitSignal(acc, (int)response, result, name); }); + //NameDirectory::lookupUri(); } void JamiAccount::lookupAddress(const std::string& addr) { auto acc = getAccountID(); - nameDir_.get().lookupAddress(addr, [acc,addr](const std::string& result, NameDirectory::Response response) { + accountManager_->lookupAddress(addr, [acc,addr](const std::string& result, NameDirectory::Response response) { emitSignal(acc, (int)response, addr, result); }); } -using Blob = std::vector; + void JamiAccount::registerName(const std::string& password, const std::string& name) { - std::string signedName; - auto nameLowercase {name}; - std::transform(nameLowercase.begin(), nameLowercase.end(), nameLowercase.begin(), ::tolower); - std::string publickey; - try { - auto privateKey = readArchive(password).id.first; - signedName = base64::encode(privateKey->sign(Blob(nameLowercase.begin(), nameLowercase.end()))); - publickey = privateKey->getPublicKey().toString(); - } catch (const std::exception& e) { - JAMI_ERR("[Account %s] can't export account: %s", getAccountID().c_str(), e.what()); - emitSignal(getAccountID(), 1, name); - return; - } - - nameDir_.get().registerName(ringAccountId_, nameLowercase, ethAccount_, [acc=getAccountID(), name, w=weak()](NameDirectory::RegistrationResponse response){ + accountManager_->registerName(password, name, [acc=getAccountID(), name, w=weak()](NameDirectory::RegistrationResponse response){ int res = (response == NameDirectory::RegistrationResponse::success) ? 0 : ( + (response == NameDirectory::RegistrationResponse::invalidCredentials) ? 1 : ( (response == NameDirectory::RegistrationResponse::invalidName) ? 2 : ( - (response == NameDirectory::RegistrationResponse::alreadyTaken) ? 3 : 4)); + (response == NameDirectory::RegistrationResponse::alreadyTaken) ? 3 : 4))); if (response == NameDirectory::RegistrationResponse::success) { if (auto this_ = w.lock()) this_->registeredName_ = name; } emitSignal(acc, res, name); - }, signedName, publickey); + }); } #endif @@ -1801,7 +1202,7 @@ JamiAccount::handlePendingCallList() if (handled) { // Cancel pending listen (outgoing call) if (not incoming) - dht_.cancelListen(pc_iter->call_key, std::move(pc_iter->listen_key)); + dht_->cancelListen(pc_iter->call_key, std::move(pc_iter->listen_key)); pc_iter = pending_calls.erase(pc_iter); } else ++pc_iter; @@ -1841,7 +1242,7 @@ JamiAccount::checkPeerTlsCertificate(dht::InfoHash from, // Check expected peer identity dht::InfoHash tls_account_id; - if (not foundPeerDevice(crt, tls_account_id)) { + if (not AccountManager::foundPeerDevice(crt, tls_account_id)) { JAMI_ERR("[peer:%s] Discarding message from invalid peer certificate.", from.toString().c_str()); return PJ_SSL_CERT_EUNKNOWN; } @@ -1916,7 +1317,8 @@ JamiAccount::handlePendingCall(PendingCall& pc, bool incoming) // Securize a SIP transport with TLS (on top of ICE tranport) and assign the call with it auto remote_device = pc.from; auto remote_account = pc.from_account; - if (not identity_.first or not identity_.second) + auto id = accountManager_->getInfo()->identity; + if (not id.first or not id.second) throw std::runtime_error("No identity configured for this account."); std::weak_ptr waccount = weak(); @@ -1924,8 +1326,8 @@ JamiAccount::handlePendingCall(PendingCall& pc, bool incoming) tls::TlsParams tlsParams { /*.ca_list = */"", /*.ca = */pc.from_cert, - /*.cert = */identity_.second, - /*.cert_key = */identity_.first, + /*.cert = */id.second, + /*.cert_key = */id.first, /*.dh_params = */dhParams_, /*.timeout = */std::chrono::duration_cast(TLS_TIMEOUT), /*.cert_check = */[waccount,wcall,remote_device,remote_account](unsigned status, @@ -2117,8 +1519,9 @@ JamiAccount::trackBuddyPresence(const std::string& buddy_id, bool track) } else { auto buddy = trackedBuddies_.find(h); if (buddy != trackedBuddies_.end()) { - if (dht_.isRunning()) - dht_.cancelListen(h, std::move(buddy->second.listenToken)); + if (auto dht = dht_) + if (dht->isRunning()) + dht->cancelListen(h, std::move(buddy->second.listenToken)); trackedBuddies_.erase(buddy); } } @@ -2127,10 +1530,11 @@ JamiAccount::trackBuddyPresence(const std::string& buddy_id, bool track) void JamiAccount::trackPresence(const dht::InfoHash& h, BuddyInfo& buddy) { - if (not dht_.isRunning()) { + auto dht = dht_; + if (not dht or not dht->isRunning()) { return; } - buddy.listenToken = dht_.listen(h, [this, h](DeviceAnnouncement&&, bool expired){ + buddy.listenToken = dht->listen(h, [this, h](DeviceAnnouncement&&, bool expired){ bool wasConnected, isConnected; { std::lock_guard lock(buddyInfoMtx); @@ -2151,7 +1555,7 @@ JamiAccount::trackPresence(const dht::InfoHash& h, BuddyInfo& buddy) } return true; }); - // JAMI_DBG("[Account %s] tracking buddy %s", getAccountID().c_str(), h.to_c_str()); + JAMI_DBG("[Account %s] tracking buddy %s", getAccountID().c_str(), h.to_c_str()); } std::map @@ -2186,19 +1590,19 @@ JamiAccount::doRegister_() std::lock_guard lock(configurationMutex_); try { - if (not identity_.first or not identity_.second) + if (not accountManager_->getInfo()) throw std::runtime_error("No identity configured for this account."); loadTreatedCalls(); loadTreatedMessages(); - if (dht_.isRunning()) { + if (dht_->isRunning()) { JAMI_ERR("[Account %s] DHT already running (stopping it first).", getAccountID().c_str()); - dht_.join(); + dht_->join(); } #if HAVE_RINGNS // Look for registered name on the blockchain - nameDir_.get().lookupAddress(ringAccountId_, [w=weak()](const std::string& result, const NameDirectory::Response& response) { + accountManager_->lookupAddress(accountManager_->getInfo()->accountId, [w=weak()](const std::string& result, const NameDirectory::Response& response) { if (auto this_ = w.lock()) { if (response == NameDirectory::Response::found) { if (this_->registeredName_ != result) { @@ -2219,7 +1623,7 @@ JamiAccount::doRegister_() config.dht_config.node_config.network = 0; config.dht_config.node_config.maintain_storage = false; config.dht_config.node_config.persist_path = cachePath_+DIR_SEPARATOR_STR "dhtstate"; - config.dht_config.id = identity_; + config.dht_config.id = accountManager_->getInfo()->identity; config.proxy_server = getDhtProxyServer(); config.push_node_id = getAccountID(); config.threaded = true; @@ -2230,7 +1634,7 @@ JamiAccount::doRegister_() if (not deviceKey_.empty()) { JAMI_INFO("[Account %s] using push notifications", getAccountID().c_str()); - dht_.setPushNotificationToken(deviceKey_); + dht_->setPushNotificationToken(deviceKey_); } //check if dht peer service is enabled @@ -2313,48 +1717,22 @@ JamiAccount::doRegister_() }; setRegistrationState(RegistrationState::TRYING); - dht_.run((in_port_t)dhtPortUsed_, config, std::move(context)); + dht_->run((in_port_t)dhtPortUsed_, config, std::move(context)); for (const auto& bootstrap : loadBootstrap()) - dht_.bootstrap(bootstrap); + dht_->bootstrap(bootstrap); - // Put device annoucement - if (announce_) { - auto h = dht::InfoHash(ringAccountId_); - JAMI_DBG("[Account %s] announcing device at %s", getAccountID().c_str(), h.toString().c_str()); - dht_.put(h, announce_, dht::DoneCallback{}, {}, true); - for (const auto& crl : identity_.second->issuer->getRevocationLists()) - dht_.put(h, crl, dht::DoneCallback{}, {}, true); - dht_.listen(h, [this](DeviceAnnouncement&& dev) { - findCertificate(dev.dev, [this](const std::shared_ptr& crt) { - std::lock_guard lock(deviceListMutex_); - foundAccountDevice(crt); - }); - return true; - }); - dht_.listen(h, [this](dht::crypto::RevocationList&& crl) { - if (crl.isSignedBy(*identity_.second->issuer)) { - JAMI_DBG("[Account %s] found CRL for account.", getAccountID().c_str()); - tls::CertificateStore::instance().pinRevocationList( - ringAccountId_, - std::make_shared(std::move(crl))); - } - return true; - }); - syncDevices(); - } else { - JAMI_WARN("[Account %s] can't announce device: no annoucement...", getAccountID().c_str()); - } + accountManager_->startSync(); // Listen for incoming calls - callKey_ = dht::InfoHash::get("callto:"+ringDeviceId_); - JAMI_DBG("[Account %s] Listening on callto:%s : %s", getAccountID().c_str(), ringDeviceId_.c_str(), callKey_.toString().c_str()); - dht_.listen( + callKey_ = dht::InfoHash::get("callto:"+accountManager_->getInfo()->deviceId); + JAMI_DBG("[Account %s] Listening on callto:%s : %s", getAccountID().c_str(), accountManager_->getInfo()->deviceId.c_str(), callKey_.toString().c_str()); + dht_->listen( callKey_, [this] (dht::IceCandidates&& msg) { // callback for incoming call auto from = msg.from; - if (from == dht_.getId()) + if (from == dht_->getId()) return true; auto res = treatedCalls_.insert(msg.id); @@ -2373,51 +1751,8 @@ JamiAccount::doRegister_() } ); - auto inboxKey = dht::InfoHash::get("inbox:"+ringDeviceId_); - dht_.listen( - inboxKey, - [this](dht::TrustRequest&& v) { - if (v.service != DHT_TYPE_NS) - return true; - - findCertificate(v.from, [this, v](const std::shared_ptr& cert) mutable { - // check peer certificate - dht::InfoHash peer_account; - if (not foundPeerDevice(cert, peer_account)) { - return; - } - - JAMI_WARN("Got trust request from: %s / %s", peer_account.toString().c_str(), v.from.toString().c_str()); - onTrustRequest(peer_account, v.from, time(nullptr), v.confirm, std::move(v.payload)); - }); - return true; - } - ); - - auto syncDeviceKey = dht::InfoHash::get("inbox:"+ringDeviceId_); - dht_.listen( - syncDeviceKey, - [this](DeviceSync&& sync) { - // Received device sync data. - // check device certificate - findCertificate(sync.from, [this,sync](const std::shared_ptr& cert) mutable { - if (!cert or cert->getId() != sync.from) { - JAMI_WARN("Can't find certificate for device %s", sync.from.toString().c_str()); - return; - } - std::unique_lock lock(deviceListMutex_); - if (not foundAccountDevice(cert)) - return; - lock.unlock(); - onReceiveDeviceSync(std::move(sync)); - }); - - return true; - } - ); - - auto inboxDeviceKey = dht::InfoHash::get("inbox:"+ringDeviceId_); - dht_.listen( + auto inboxDeviceKey = dht::InfoHash::get("inbox:"+accountManager_->getInfo()->deviceId); + dht_->listen( inboxDeviceKey, [this,inboxDeviceKey](dht::ImMessage&& v) { { @@ -2439,7 +1774,7 @@ JamiAccount::doRegister_() utf8_make_valid(v.msg)}}; onTextMessage(peer_account.toString(), payloads); JAMI_DBG() << "Sending message confirmation " << v.id; - dht_.putEncrypted(inboxDeviceKey, + dht_->putEncrypted(inboxDeviceKey, v.from, dht::ImMessage(v.id, std::string(), now)); }); @@ -2447,7 +1782,7 @@ JamiAccount::doRegister_() } ); - dhtPeerConnector_->onDhtConnected(ringDeviceId_); + dhtPeerConnector_->onDhtConnected(accountManager_->getInfo()->deviceId); std::lock_guard lock(buddyInfoMtx); for (auto& buddy : trackedBuddies_) { @@ -2461,71 +1796,25 @@ JamiAccount::doRegister_() } } -void -JamiAccount::onTrustRequest(const dht::InfoHash& peer_account, const dht::InfoHash& peer_device, time_t received, bool confirm, std::vector&& payload) -{ - // Check existing contact - auto contact = contacts_.find(peer_account); - if (contact != contacts_.end()) { - // Banned contact: discard request - if (contact->second.isBanned()) - return; - // Send confirmation - if (not confirm) - sendTrustRequestConfirm(peer_account); - // Contact exists, update confirmation status - if (not contact->second.confirmed) { - contact->second.confirmed = true; - emitSignal(getAccountID(), peer_account.toString(), true); - saveContacts(); - syncDevices(); - } - } else { - auto req = trustRequests_.find(peer_account); - if (req == trustRequests_.end()) { - // Add trust request - req = trustRequests_.emplace(peer_account, TrustRequest{ - peer_device, received, std::move(payload) - }).first; - } else { - // Update trust request - if (received < req->second.received) { - req->second.device = peer_device; - req->second.received = received; - req->second.payload = std::move(payload); - } else { - JAMI_DBG("[Account %s] Ignoring outdated trust request from %s", getAccountID().c_str(), peer_account.toString().c_str()); - } - } - saveTrustRequests(); - emitSignal( - getAccountID(), - req->first.toString(), - req->second.payload, - received - ); - } -} - void JamiAccount::onPeerMessage(const dht::InfoHash& peer_device, std::function& crt, const dht::InfoHash& peer_account)>&& cb) { // quick check in case we already explicilty banned this device - auto trustStatus = trust_.getCertificateStatus(peer_device.toString()); + auto trustStatus = accountManager_->getCertificateStatus(peer_device.toString()); if (trustStatus == tls::TrustStore::PermissionStatus::BANNED) { JAMI_WARN("[Account %s] Discarding message from banned device %s", getAccountID().c_str(), peer_device.toString().c_str()); return; } - findCertificate(peer_device, + accountManager_->findCertificate(peer_device, [this, peer_device, cb=std::move(cb)](const std::shared_ptr& cert) { dht::InfoHash peer_account_id; - if (not foundPeerDevice(cert, peer_account_id)) { + if (not AccountManager::foundPeerDevice(cert, peer_account_id)) { JAMI_WARN("[Account %s] Discarding message from invalid peer certificate %s.", getAccountID().c_str(), peer_device.toString().c_str()); return; } - if (not trust_.isAllowed(*cert, dhtPublicInCalls_)) { + if (not accountManager_->isAllowed(*cert, dhtPublicInCalls_)) { JAMI_WARN("[Account %s] Discarding message from unauthorized peer %s.", getAccountID().c_str(), peer_device.toString().c_str()); return; } @@ -2568,71 +1857,6 @@ JamiAccount::incomingCall(dht::IceCandidates&& msg, const std::shared_ptr& crt, const std::string& name, const time_point& updated) -{ - if (not crt) - return false; - - // match certificate chain - if (not accountTrust_.verify(*crt)) { - JAMI_WARN("[Account %s] Found invalid account device: %s", getAccountID().c_str(), crt->getId().toString().c_str()); - return false; - } - - // insert device - auto it = knownDevices_.emplace(crt->getId(), KnownDevice{crt, name, updated}); - if (it.second) { - JAMI_DBG("[Account %s] Found account device: %s %s", getAccountID().c_str(), - name.c_str(), - crt->getId().toString().c_str()); - tls::CertificateStore::instance().pinCertificate(crt); - saveKnownDevices(); - emitSignal(getAccountID(), getKnownDevices()); - } else { - // update device name - if (not name.empty() and it.first->second.name != name) { - JAMI_DBG("[Account %s] updating device name: %s %s", getAccountID().c_str(), - name.c_str(), - crt->getId().toString().c_str()); - it.first->second.name = name; - saveKnownDevices(); - emitSignal(getAccountID(), getKnownDevices()); - } - } - return true; -} - -bool -JamiAccount::foundPeerDevice(const std::shared_ptr& crt, dht::InfoHash& account_id) -{ - if (not crt) - return false; - - auto top_issuer = crt; - while (top_issuer->issuer) - top_issuer = top_issuer->issuer; - - // Device certificate can't be self-signed - if (top_issuer == crt) { - JAMI_WARN("Found invalid peer device: %s", crt->getId().toString().c_str()); - return false; - } - - // Check peer certificate chain - // Trust store with top issuer as the only CA - dht::crypto::TrustList peer_trust; - peer_trust.add(*top_issuer); - if (not peer_trust.verify(*crt)) { - JAMI_WARN("Found invalid peer device: %s", crt->getId().toString().c_str()); - return false; - } - - account_id = crt->issuer->getId(); - JAMI_WARN("Found peer device: %s account:%s CA:%s", crt->getId().toString().c_str(), account_id.toString().c_str(), top_issuer->getId().toString().c_str()); - return true; -} - void JamiAccount::replyToIncomingIceMsg(const std::shared_ptr& call, const std::shared_ptr& ice, @@ -2645,7 +1869,7 @@ JamiAccount::replyToIncomingIceMsg(const std::shared_ptr& call, call->setPeerUri(RING_URI_PREFIX + from); std::weak_ptr wcall = call; #if HAVE_RINGNS - nameDir_.get().lookupAddress(from, [wcall](const std::string& result, const NameDirectory::Response& response){ + accountManager_->lookupAddress(from, [wcall](const std::string& result, const NameDirectory::Response& response){ if (response == NameDirectory::Response::found) if (auto call = wcall.lock()) { call->setPeerRegistredName(result); @@ -2663,7 +1887,7 @@ JamiAccount::replyToIncomingIceMsg(const std::shared_ptr& call, } // Asynchronous DHT put of our local ICE data - dht_.putEncrypted( + dht_->putEncrypted( callKey_, peer_ice_msg.from, dht::Value {dht::IceCandidates(peer_ice_msg.id, blob)}, @@ -2719,7 +1943,7 @@ JamiAccount::doUnregister(std::function released_cb) } JAMI_WARN("[Account %s] unregistering account %p", getAccountID().c_str(), this); - dht_.shutdown([this](){ + dht_->shutdown([this](){ JAMI_WARN("[Account %s] dht shutdown complete", getAccountID().c_str()); }); @@ -2735,7 +1959,7 @@ JamiAccount::doUnregister(std::function released_cb) upnp_->removeMappings(); } - dht_.join(); + dht_->join(); lock.unlock(); setRegistrationState(RegistrationState::UNREGISTERED); @@ -2753,52 +1977,37 @@ JamiAccount::connectivityChanged() return; } - dht_.connectivityChanged(); + dht_->connectivityChanged(); setPublishedAddress({}); // reset cache } bool JamiAccount::findCertificate(const dht::InfoHash& h, std::function&)>&& cb) { - if (auto cert = tls::CertificateStore::instance().getCertificate(h.toString())) { - if (cb) - cb(cert); - } else { - dht_.findCertificate(h, [cb](const std::shared_ptr& crt) { - if (crt) - tls::CertificateStore::instance().pinCertificate(crt); - if (cb) - cb(crt); - }); - } - return true; + return accountManager_->findCertificate(h, std::move(cb)); } bool JamiAccount::findCertificate(const std::string& crt_id) { - findCertificate(dht::InfoHash(crt_id)); - return true; + return accountManager_->findCertificate(dht::InfoHash(crt_id)); } bool JamiAccount::setCertificateStatus(const std::string& cert_id, tls::TrustStore::PermissionStatus status) { - if (contacts_.find(dht::InfoHash(cert_id)) != contacts_.end()) { - JAMI_DBG("Can't set certificate status for existing contacts %s", cert_id.c_str()); - return false; - } - findCertificate(cert_id); - bool done = trust_.setCertificateStatus(cert_id, status); - if (done) + bool done = accountManager_->setCertificateStatus(cert_id, status); + if (done) { + findCertificate(cert_id); emitSignal(getAccountID(), cert_id, tls::TrustStore::statusToStr(status)); + } return done; } std::vector JamiAccount::getCertificatesByStatus(tls::TrustStore::PermissionStatus status) { - return trust_.getCertificatesByStatus(status); + return accountManager_->getCertificatesByStatus(status); } template @@ -2879,53 +2088,13 @@ JamiAccount::isMessageTreated(unsigned int id) return true; } -void -JamiAccount::loadKnownDevices() -{ - std::map> knownDevices; - try { - // read file - auto file = fileutils::loadFile("knownDevicesNames", idPath_); - // load values - msgpack::object_handle oh = msgpack::unpack((const char*)file.data(), file.size()); - oh.get().convert(knownDevices); - } catch (const std::exception& e) { - JAMI_WARN("[Account %s] error loading devices: %s", getAccountID().c_str(), e.what()); - return; - } - - std::lock_guard lock(deviceListMutex_); - for (const auto& d : knownDevices) { - JAMI_DBG("[Account %s] loading known account device %s %s", getAccountID().c_str(), - d.second.first.c_str(), - d.first.toString().c_str()); - if (auto crt = tls::CertificateStore::instance().getCertificate(d.first.toString())) { - if (not foundAccountDevice(crt, d.second.first, clock::from_time_t(d.second.second))) - JAMI_WARN("[Account %s] can't add device %s", getAccountID().c_str(), d.first.toString().c_str()); - } - else { - JAMI_WARN("[Account %s] can't find certificate for device %s", getAccountID().c_str(), d.first.toString().c_str()); - } - } -} - -void -JamiAccount::saveKnownDevices() const -{ - std::ofstream file = fileutils::ofstream(idPath_+DIR_SEPARATOR_STR "knownDevicesNames", std::ios::trunc | std::ios::binary); - - std::map> devices; - for (const auto& id : knownDevices_) - devices.emplace(id.first, std::make_pair(id.second.name, clock::to_time_t(id.second.last_sync))); - - msgpack::pack(file, devices); -} - std::map JamiAccount::getKnownDevices() const { + if (not accountManager_->getInfo()) + return {}; std::map ids; - for (auto& d : knownDevices_) { + for (auto& d : accountManager_->getKnownDevices()) { auto id = d.first.toString(); auto label = d.second.name.empty() ? id.substr(0, 8) : d.second.name; ids.emplace(std::move(id), std::move(label)); @@ -3015,7 +2184,10 @@ JamiAccount::generateDhParams() MatchRank JamiAccount::matches(const std::string &userName, const std::string &server) const { - if (userName == ringAccountId_ || server == ringAccountId_ || userName == ringDeviceId_) { + if (not accountManager_->getInfo()) + return MatchRank::NONE; + + if (userName == accountManager_->getInfo()->accountId || server == accountManager_->getInfo()->accountId || userName == accountManager_->getInfo()->deviceId) { JAMI_DBG("Matching account id in request with username %s", userName.c_str()); return MatchRank::FULL; } else { @@ -3026,7 +2198,7 @@ JamiAccount::matches(const std::string &userName, const std::string &server) con std::string JamiAccount::getFromUri() const { - const std::string uri = ""; + const std::string uri = "getInfo()->accountId + "@ring.dht>"; if (not displayName_.empty()) return "\"" + displayName_ + "\" " + uri; return uri; @@ -3049,7 +2221,7 @@ JamiAccount::getContactHeader(pjsip_transport* t) contact_.slen = pj_ansi_snprintf(contact_.ptr, PJSIP_MAX_URL_SIZE, "%s", quotedDisplayName.c_str(), - identity_.second->getId().toString().c_str(), + accountManager_->getInfo()->identity.second->getId().toString().c_str(), (address.empty() ? "" : "@"), address.c_str()); } else { @@ -3057,7 +2229,7 @@ JamiAccount::getContactHeader(pjsip_transport* t) contact_.slen = pj_ansi_snprintf(contact_.ptr, PJSIP_MAX_URL_SIZE, "%s", quotedDisplayName.c_str(), - identity_.second->getId().toString().c_str()); + accountManager_->getInfo()->identity.second->getId().toString().c_str()); } return contact_; } @@ -3067,342 +2239,72 @@ JamiAccount::getContactHeader(pjsip_transport* t) void JamiAccount::addContact(const std::string& uri, bool confirmed) { - dht::InfoHash h (uri); - if (not h) { - JAMI_ERR("[Account %s] addContact: invalid contact URI", getAccountID().c_str()); - return; - } - addContact(h, confirmed); -} - -void -JamiAccount::addContact(const dht::InfoHash& h, bool confirmed) -{ - JAMI_WARN("[Account %s] addContact: %s", getAccountID().c_str(), h.to_c_str()); - auto c = contacts_.find(h); - if (c == contacts_.end()) - c = contacts_.emplace(h, Contact{}).first; - else if (c->second.isActive() and c->second.confirmed == confirmed) - return; - c->second.added = std::time(nullptr); - c->second.confirmed = confirmed or c->second.confirmed; - auto hStr = h.toString(); - trust_.setCertificateStatus(hStr, tls::TrustStore::PermissionStatus::ALLOWED); - saveContacts(); - emitSignal(getAccountID(), hStr, c->second.confirmed); - syncDevices(); + JAMI_WARN("JamiAccount::addContact %d", confirmed); + accountManager_->addContact(uri, confirmed); } void JamiAccount::removeContact(const std::string& uri, bool ban) { - JAMI_WARN("[Account %s] removeContact: %s", getAccountID().c_str(), uri.c_str()); - dht::InfoHash h (uri); - auto c = contacts_.find(h); - if (c == contacts_.end()) - c = contacts_.emplace(h, Contact{}).first; - else if (not c->second.isActive() and c->second.banned == ban) - return; - c->second.removed = std::time(nullptr); - c->second.banned = ban; - trust_.setCertificateStatus(uri, ban ? tls::TrustStore::PermissionStatus::BANNED - : tls::TrustStore::PermissionStatus::UNDEFINED); - if (ban and trustRequests_.erase(h) > 0) - saveTrustRequests(); - saveContacts(); - emitSignal(getAccountID(), uri, ban); - syncDevices(); + accountManager_->removeContact(uri, ban); } std::map JamiAccount::getContactDetails(const std::string& uri) const { - dht::InfoHash h (uri); - - const auto c = contacts_.find(h); - if (c == std::end(contacts_)) { - JAMI_WARN("[dht] contact '%s' not found", uri.c_str()); - return {}; - } - - auto details = c->second.toMap(); - if (not details.empty()) - details["id"] = c->first.toString(); - - return details; + return accountManager_->getInfo() ? accountManager_->getContactDetails(uri) : std::map{}; } std::vector> JamiAccount::getContacts() const { - std::vector> ret; - ret.reserve(contacts_.size()); - - for (const auto& c : contacts_) { - auto details = c.second.toMap(); - if (not details.empty()) { - details["id"] = c.first.toString(); - ret.emplace_back(std::move(details)); - } - } - return ret; -} - -void -JamiAccount::updateContact(const dht::InfoHash& id, const Contact& contact) -{ - if (not id) { - JAMI_ERR("[Account %s] updateContact: invalid contact ID", getAccountID().c_str()); - return; - } - bool stateChanged {false}; - auto c = contacts_.find(id); - if (c == contacts_.end()) { - //JAMI_DBG("[Account %s] new contact: %s", getAccountID().c_str(), id.toString().c_str()); - c = contacts_.emplace(id, contact).first; - stateChanged = c->second.isActive() or c->second.isBanned(); - } else { - //JAMI_DBG("[Account %s] updated contact: %s", getAccountID().c_str(), id.toString().c_str()); - stateChanged = c->second.update(contact); - } - if (stateChanged) { - if (c->second.isActive()) { - trust_.setCertificateStatus(id.toString(), tls::TrustStore::PermissionStatus::ALLOWED); - emitSignal(getAccountID(), id.toString(), c->second.confirmed); - } else { - if (c->second.banned) - trust_.setCertificateStatus(id.toString(), tls::TrustStore::PermissionStatus::BANNED); - emitSignal(getAccountID(), id.toString(), c->second.banned); - } - } -} - -void -JamiAccount::loadContacts() -{ - decltype(contacts_) contacts; - try { - // read file - auto file = fileutils::loadFile("contacts", idPath_); - // load values - msgpack::object_handle oh = msgpack::unpack((const char*)file.data(), file.size()); - oh.get().convert(contacts); - } catch (const std::exception& e) { - JAMI_WARN("[Account %s] error loading contacts: %s", getAccountID().c_str(), e.what()); - return; - } - - for (auto& peer : contacts) - updateContact(peer.first, peer.second); -} - -void -JamiAccount::saveContacts() const -{ - std::ofstream file = fileutils::ofstream(idPath_+DIR_SEPARATOR_STR "contacts", std::ios::trunc | std::ios::binary); - msgpack::pack(file, contacts_); + if (not accountManager_) + return {}; + return accountManager_->getContacts(); } /* trust requests */ + std::vector> JamiAccount::getTrustRequests() const { - using Map = std::map; - std::vector ret; - ret.reserve(trustRequests_.size()); - for (const auto& r : trustRequests_) { - ret.emplace_back(Map { - {DRing::Account::TrustRequest::FROM, r.first.toString()}, - {DRing::Account::TrustRequest::RECEIVED, std::to_string(r.second.received)}, - {DRing::Account::TrustRequest::PAYLOAD, std::string(r.second.payload.begin(), r.second.payload.end())} - }); - } - return ret; + return accountManager_ ? accountManager_->getTrustRequests() : std::vector>{}; } bool JamiAccount::acceptTrustRequest(const std::string& from) { - dht::InfoHash f(from); - if (not f) - return false; - - // The contact sent us a TR so we are in its contact list - addContact(f, true); - - auto i = trustRequests_.find(f); - if (i == trustRequests_.end()) - return false; - - // Clear trust request - auto treq = std::move(i->second); - trustRequests_.erase(i); - saveTrustRequests(); - - // Send confirmation - sendTrustRequestConfirm(f); - return true; + JAMI_WARN("JamiAccount::acceptTrustRequest"); + return accountManager_->acceptTrustRequest(from); } bool JamiAccount::discardTrustRequest(const std::string& from) { - dht::InfoHash f(from); - if (trustRequests_.erase(f) > 0) { - saveTrustRequests(); - return true; - } - return false; + return accountManager_->discardTrustRequest(from); } void JamiAccount::sendTrustRequest(const std::string& to, const std::vector& payload) { - auto toH = dht::InfoHash(to); - if (not toH) { - JAMI_ERR("[Account %s] can't send trust request to invalid hash: %s", getAccountID().c_str(), to.c_str()); - return; - } - addContact(toH); - forEachDevice(toH, [this,toH,payload](const dht::InfoHash& dev) - { - JAMI_WARN("[Account %s] sending trust request to: %s / %s", getAccountID().c_str(), toH.toString().c_str(), dev.toString().c_str()); - dht_.putEncrypted(dht::InfoHash::get("inbox:"+dev.toString()), - dev, - dht::TrustRequest(DHT_TYPE_NS, payload)); - }); + JAMI_WARN("JamiAccount::sendTrustRequest"); + return accountManager_->sendTrustRequest(to, payload); } void -JamiAccount::sendTrustRequestConfirm(const dht::InfoHash& to) +JamiAccount::sendTrustRequestConfirm(const std::string& to) { - dht::TrustRequest answer {DHT_TYPE_NS}; - answer.confirm = true; - forEachDevice(to, [this,to,answer](const dht::InfoHash& dev) - { - JAMI_WARN("[Account %s] sending trust request reply: %s / %s", getAccountID().c_str(), to.toString().c_str(), dev.toString().c_str()); - dht_.putEncrypted(dht::InfoHash::get("inbox:"+dev.toString()), dev, answer); - }); -} - -void -JamiAccount::saveTrustRequests() const -{ - std::ofstream file = fileutils::ofstream(idPath_+DIR_SEPARATOR_STR "incomingTrustRequests", std::ios::trunc | std::ios::binary); - msgpack::pack(file, trustRequests_); -} - -void -JamiAccount::loadTrustRequests() -{ - std::map requests; - try { - // read file - auto file = fileutils::loadFile("incomingTrustRequests", idPath_); - // load values - msgpack::object_handle oh = msgpack::unpack((const char*)file.data(), file.size()); - oh.get().convert(requests); - } catch (const std::exception& e) { - JAMI_WARN("[Account %s] error loading trust requests: %s", getAccountID().c_str(), e.what()); - return; - } - - for (auto& tr : requests) - onTrustRequest(tr.first, tr.second.device, tr.second.received, false, std::move(tr.second.payload)); + JAMI_WARN("JamiAccount::sendTrustRequestConfirm"); + return accountManager_->sendTrustRequestConfirm(dht::InfoHash(to)); } /* sync */ -void -JamiAccount::syncDevices() -{ - JAMI_DBG("[Account %s] building device sync from %s %s", getAccountID().c_str(), ringDeviceName_.c_str(), ringDeviceId_.c_str()); - DeviceSync sync_data; - sync_data.date = clock::now().time_since_epoch().count(); - sync_data.device_name = ringDeviceName_; - sync_data.peers = contacts_; - - static const size_t MAX_TRUST_REQUESTS = 20; - if (trustRequests_.size() <= MAX_TRUST_REQUESTS) - for (const auto& req : trustRequests_) - sync_data.trust_requests.emplace(req.first, TrustRequest{req.second.device, req.second.received, {}}); - else { - size_t inserted = 0; - auto req = trustRequests_.lower_bound(dht::InfoHash::getRandom()); - while (inserted++ < MAX_TRUST_REQUESTS) { - if (req == trustRequests_.end()) - req = trustRequests_.begin(); - sync_data.trust_requests.emplace(req->first, TrustRequest{req->second.device, req->second.received, {}}); - ++req; - } - } - - std::lock_guard lock(deviceListMutex_); - for (const auto& dev : knownDevices_) { - if (dev.first.toString() == ringDeviceId_) - sync_data.devices_known.emplace(dev.first, ringDeviceName_); - else - sync_data.devices_known.emplace(dev.first, dev.second.name); - } - for (const auto& dev : knownDevices_) { - // don't send sync data to ourself - if (dev.first.toString() == ringDeviceId_) - continue; - JAMI_DBG("[Account %s] sending device sync to %s %s", getAccountID().c_str(), dev.second.name.c_str(), dev.first.toString().c_str()); - auto syncDeviceKey = dht::InfoHash::get("inbox:"+dev.first.toString()); - dht_.putEncrypted(syncDeviceKey, dev.first, sync_data); - } -} - -void -JamiAccount::onReceiveDeviceSync(DeviceSync&& sync) -{ - auto sync_date = clock::time_point(clock::duration(sync.date)); - { - std::lock_guard lock(deviceListMutex_); - auto it = knownDevices_.find(sync.from); - if (it == knownDevices_.end()) { - JAMI_WARN("[Account %s] dropping sync data from unknown device", getAccountID().c_str()); - return; - } - if (it->second.last_sync >= sync_date) { - JAMI_DBG("[Account %s] dropping outdated sync data", getAccountID().c_str()); - return; - } - it->second.last_sync = sync_date; - } - - // Sync known devices - JAMI_DBG("[Account %s] received device sync data (%lu devices, %lu contacts)", getAccountID().c_str(), sync.devices_known.size(), sync.peers.size()); - for (const auto& d : sync.devices_known) { - findCertificate(d.first, [this,d](const std::shared_ptr& crt) { - if (not crt) - return; - std::lock_guard lock(deviceListMutex_); - foundAccountDevice(crt, d.second); - }); - } - { - std::lock_guard lock(deviceListMutex_); - saveKnownDevices(); - } - - // Sync contacts - for (const auto& peer : sync.peers) - updateContact(peer.first, peer.second); - saveContacts(); - - // Sync trust requests - for (const auto& tr : sync.trust_requests) - onTrustRequest(tr.first, tr.second.device, tr.second.received, false, {}); - -} - void JamiAccount::igdChanged() { - if (not dht_.isRunning()) + if (not dht_->isRunning()) return; if (upnp_) { dht::ThreadPool::io().run([w = weak(), oldPort = static_cast(dhtPortUsed_)] { @@ -3414,12 +2316,13 @@ JamiAccount::igdChanged() if (oldPort != newPort) { JAMI_WARN("DHT port changed: restarting network"); this_.doRegister_(); - } else - this_.dht_.connectivityChanged(); + } else { + this_.dht_->connectivityChanged(); + } } }); } else - dht_.connectivityChanged(); + dht_->connectivityChanged(); } void @@ -3427,24 +2330,7 @@ JamiAccount::forEachDevice(const dht::InfoHash& to, std::function&& op, std::function&& end) { - auto treatedDevices = std::make_shared>(); - dht_.get(to, [to](dht::crypto::RevocationList&& crl){ - tls::CertificateStore::instance().pinRevocationList(to.toString(), std::move(crl)); - return true; - }); - dht_.get(to, [this,to,treatedDevices,op=std::move(op)](DeviceAnnouncement&& dev) { - if (dev.from != to) - return true; - if (treatedDevices->emplace(dev.dev).second) { - op(dev.dev); - } - return true; - }, [=, end=std::move(end)](bool /*ok*/){ - JAMI_DBG("[Account %s] found %lu devices for %s", - getAccountID().c_str(), treatedDevices->size(), to.to_c_str()); - if (end) - end(not treatedDevices->empty()); - }); + accountManager_->forEachDevice(to, std::move(op), std::move(end)); } uint64_t @@ -3494,7 +2380,7 @@ JamiAccount::sendTextMessage(const std::string& to, const std::map(); // Find listening devices for this account - forEachDevice(toH, [this,confirm,to,token,payloads,now](const dht::InfoHash& dev) + accountManager_->forEachDevice(toH, [this,confirm,to,token,payloads,now](const dht::InfoHash& dev) { { std::lock_guard lock(messageMutex_); @@ -3504,7 +2390,7 @@ JamiAccount::sendTextMessage(const std::string& to, const std::map l(confirm->lock); - auto list_token = dht_.listen(h, [this, to, token, confirm](dht::ImMessage&& msg) { + auto list_token = dht_->listen(h, [this, to, token, confirm](dht::ImMessage&& msg) { // check expected message confirmation if (msg.id != token) return true; @@ -3530,7 +2416,7 @@ JamiAccount::sendTextMessage(const std::string& to, const std::map l(confirm->lock); for (auto& t : confirm->listenTokens) - dht_.cancelListen(t.first, std::move(t.second)); + dht_->cancelListen(t.first, std::move(t.second)); confirm->listenTokens.clear(); confirm->replied = true; } @@ -3538,7 +2424,7 @@ JamiAccount::sendTextMessage(const std::string& to, const std::maplistenTokens.emplace(h, std::move(list_token)); - dht_.putEncrypted(h, dev, + dht_->putEncrypted(h, dev, dht::ImMessage(token, std::string(payloads.begin()->first), std::string(payloads.begin()->second), now), [this,to,token,confirm,h](bool ok) { JAMI_DBG() << "[Account " << getAccountID() << "] [message " << token << "] Put encrypted " << (ok ? "ok" : "failed"); @@ -3546,7 +2432,7 @@ JamiAccount::sendTextMessage(const std::string& to, const std::map l(confirm->lock); auto lt = confirm->listenTokens.find(h); if (lt != confirm->listenTokens.end()) { - dht_.cancelListen(h, std::move(lt->second)); + dht_->cancelListen(h, std::move(lt->second)); confirm->listenTokens.erase(lt); } if (confirm->listenTokens.empty() and not confirm->replied) { @@ -3570,7 +2456,7 @@ JamiAccount::sendTextMessage(const std::string& to, const std::mapgetAccountID() << "] [message " << token << "] Timeout"; for (auto& t : confirm->listenTokens) - this_->dht_.cancelListen(t.first, std::move(t.second)); + this_->dht_->cancelListen(t.first, std::move(t.second)); confirm->listenTokens.clear(); confirm->replied = true; l.unlock(); @@ -3596,12 +2482,12 @@ JamiAccount::registerDhtAddress(IceTransport& ice) // Trying to use one discovered by DHT service // IPv6 (sdp support only one IP, put IPv6 before IPv4 as this last has the priority over IPv6 less NAT'able) - const auto& addr6 = dht_.getPublicAddress(AF_INET6); + const auto& addr6 = dht_->getPublicAddress(AF_INET6); if (addr6.size()) setPublishedAddress(reg_addr(ice, *addr6[0].get())); // IPv4 - const auto& addr4 = dht_.getPublicAddress(AF_INET); + const auto& addr4 = dht_->getPublicAddress(AF_INET); if (addr4.size()) setPublishedAddress(reg_addr(ice, *addr4[0].get())); } else { @@ -3613,10 +2499,10 @@ std::vector JamiAccount::publicAddresses() { std::vector addresses; - for (auto& addr : dht_.getPublicAddress(AF_INET)) { + for (auto& addr : dht_->getPublicAddress(AF_INET)) { addresses.emplace_back(addr.toString()); } - for (auto& addr : dht_.getPublicAddress(AF_INET6)) { + for (auto& addr : dht_->getPublicAddress(AF_INET6)) { addresses.emplace_back(addr.toString()); } return addresses; @@ -3639,14 +2525,14 @@ void JamiAccount::enableProxyClient(bool enable) { JAMI_WARN("[Account %s] DHT proxy client: %s", getAccountID().c_str(), enable ? "enable" : "disable"); - dht_.enableProxy(enable); + dht_->enableProxy(enable); } void JamiAccount::setPushNotificationToken(const std::string& token) { JAMI_WARN("[Account %s] setPushNotificationToken: %s", getAccountID().c_str(), token.c_str()); deviceKey_ = token; - dht_.setPushNotificationToken(deviceKey_); + dht_->setPushNotificationToken(deviceKey_); } /** @@ -3655,7 +2541,7 @@ void JamiAccount::setPushNotificationToken(const std::string& token) void JamiAccount::pushNotificationReceived(const std::string& from, const std::map& data) { JAMI_WARN("[Account %s] pushNotificationReceived: %s", getAccountID().c_str(), from.c_str()); - dht_.pushNotificationReceived(data); + dht_->pushNotificationReceived(data); } std::string @@ -3694,7 +2580,7 @@ void JamiAccount::startAccountPublish() { AccountPeerInfo info_pub; - info_pub.accountId = dht::InfoHash(ringAccountId_); + info_pub.accountId = dht::InfoHash(accountManager_->getInfo()->accountId); info_pub.displayName = displayName_; peerDiscovery_->startPublish(PEER_DISCOVERY_JAMI_SERVICE, info_pub); } @@ -3702,11 +2588,12 @@ JamiAccount::startAccountPublish() void JamiAccount::startAccountDiscovery() { - peerDiscovery_->startDiscovery(PEER_DISCOVERY_JAMI_SERVICE,[this](AccountPeerInfo&& v, dht::SockAddr&& add){ + auto id = dht::InfoHash(accountManager_->getInfo()->accountId); + peerDiscovery_->startDiscovery(PEER_DISCOVERY_JAMI_SERVICE,[this,id](AccountPeerInfo&& v, dht::SockAddr&& add){ std::lock_guard lc(discoveryMapMtx_); //Make sure that account itself will not be recorded - if(v.accountId != dht::InfoHash(ringAccountId_)){ + if(v.accountId != id){ //Create or Find the old one auto& dp = discoveredPeers_[v.accountId]; dp.displayName = v.displayName; diff --git a/src/jamidht/jamiaccount.h b/src/jamidht/jamiaccount.h index cc3016355..6c1f7868a 100644 --- a/src/jamidht/jamiaccount.h +++ b/src/jamidht/jamiaccount.h @@ -68,646 +68,595 @@ namespace jami { class IceTransport; struct Contact; +struct DeviceSync; struct AccountArchive; class DhtPeerConnector; class PeerConnection; +class ContactList; +class AccountManager; +struct AccountInfo; /** * @brief Ring Account is build on top of SIPAccountBase and uses DHT to handle call connectivity. */ class JamiAccount : public SIPAccountBase { - private: - struct PeerConnectionMsg; +public: + constexpr static const char* const ACCOUNT_TYPE = "RING"; + constexpr static const in_port_t DHT_DEFAULT_PORT = 4222; + constexpr static const char* const DHT_DEFAULT_BOOTSTRAP = "bootstrap.jami.net"; + constexpr static const char* const DHT_DEFAULT_PROXY = "dhtproxy.jami.net:[80-100]"; + constexpr static const char* const DHT_TYPE_NS = "cx.ring"; - public: - constexpr static const char* const ACCOUNT_TYPE = "RING"; - constexpr static const char* const DHT_DEFAULT_BOOTSTRAP = "bootstrap.jami.net"; - constexpr static const char* const DHT_DEFAULT_PROXY = "dhtproxy.jami.net:[80-100]"; - constexpr static const char* const DHT_TYPE_NS = "cx.ring"; + /* constexpr */ static const std::pair DHT_PORT_RANGE; - /* constexpr */ static const std::pair DHT_PORT_RANGE; + const char* getAccountType() const override { + return ACCOUNT_TYPE; + } - const char* getAccountType() const override { - return ACCOUNT_TYPE; - } + std::shared_ptr shared() { + return std::static_pointer_cast(shared_from_this()); + } + std::shared_ptr shared() const { + return std::static_pointer_cast(shared_from_this()); + } + std::weak_ptr weak() { + return std::static_pointer_cast(shared_from_this()); + } + std::weak_ptr weak() const { + return std::static_pointer_cast(shared_from_this()); + } - std::shared_ptr shared() { - return std::static_pointer_cast(shared_from_this()); - } - std::shared_ptr shared() const { - return std::static_pointer_cast(shared_from_this()); - } - std::weak_ptr weak() { - return std::static_pointer_cast(shared_from_this()); - } - std::weak_ptr weak() const { - return std::static_pointer_cast(shared_from_this()); - } + const std::string& getPath() const { + return idPath_; + } - const std::string& getPath() const { - return idPath_; - } + /** + * Constructor + * @param accountID The account identifier + */ + JamiAccount(const std::string& accountID, bool presenceEnabled); - /** - * Constructor - * @param accountID The account identifier - */ - JamiAccount(const std::string& accountID, bool presenceEnabled); + ~JamiAccount(); - ~JamiAccount(); + /** + * Serialize internal state of this account for configuration + * @param YamlEmitter the configuration engine which generate the configuration file + */ + virtual void serialize(YAML::Emitter &out) const override; - /** - * Serialize internal state of this account for configuration - * @param YamlEmitter the configuration engine which generate the configuration file - */ - virtual void serialize(YAML::Emitter &out) const override; + /** + * Populate the internal state for this account based on info stored in the configuration file + * @param The configuration node for this account + */ + virtual void unserialize(const YAML::Node &node) override; - /** - * Populate the internal state for this account based on info stored in the configuration file - * @param The configuration node for this account - */ - virtual void unserialize(const YAML::Node &node) override; + /** + * Return an map containing the internal state of this account. Client application can use this method to manage + * account info. + * @return A map containing the account information. + */ + virtual std::map getAccountDetails() const override; - /** - * Return an map containing the internal state of this account. Client application can use this method to manage - * account info. - * @return A map containing the account information. - */ - virtual std::map getAccountDetails() const override; + /** + * Retrieve volatile details such as recent registration errors + * @return std::map< std::string, std::string > The account volatile details + */ + virtual std::map getVolatileAccountDetails() const override; - /** - * Retrieve volatile details such as recent registration errors - * @return std::map< std::string, std::string > The account volatile details - */ - virtual std::map getVolatileAccountDetails() const override; + /** + * Actually useless, since config loading is done in init() + */ + void loadConfig() override {} - /** - * Actually useless, since config loading is done in init() - */ - void loadConfig() override {} + /** + * Adds an account id to the list of accounts to track on the DHT for + * buddy presence. + * + * @param buddy_id The buddy id. + */ + void trackBuddyPresence(const std::string& buddy_id, bool track); - /** - * Adds an account id to the list of accounts to track on the DHT for - * buddy presence. - * - * @param buddy_id The buddy id. - */ - void trackBuddyPresence(const std::string& buddy_id, bool track); + /** + * Tells for each tracked account id if it has been seen online so far + * in the last DeviceAnnouncement::TYPE.expiration minutes. + * + * @return map of buddy_uri to bool (online or not) + */ + std::map getTrackedBuddyPresence() const; - /** - * Tells for each tracked account id if it has been seen online so far - * in the last DeviceAnnouncement::TYPE.expiration minutes. - * - * @return map of buddy_uri to bool (online or not) - */ - std::map getTrackedBuddyPresence() const; + void setActiveCodecs(const std::vector& list) override; - void setActiveCodecs(const std::vector& list) override; + /** + * Connect to the DHT. + */ + void doRegister() override; - /** - * Connect to the DHT. - */ - void doRegister() override; + /** + * Disconnect from the DHT. + */ + void doUnregister(std::function cb = {}) override; - /** - * Disconnect from the DHT. - */ - void doUnregister(std::function cb = {}) override; + /** + * @return pj_str_t "From" uri based on account information. + * From RFC3261: "The To header field first and foremost specifies the desired + * logical" recipient of the request, or the address-of-record of the + * user or resource that is the target of this request. [...] As such, it is + * very important that the From URI not contain IP addresses or the FQDN + * of the host on which the UA is running, since these are not logical + * names." + */ + std::string getFromUri() const; - /** - * @return pj_str_t "From" uri based on account information. - * From RFC3261: "The To header field first and foremost specifies the desired - * logical" recipient of the request, or the address-of-record of the - * user or resource that is the target of this request. [...] As such, it is - * very important that the From URI not contain IP addresses or the FQDN - * of the host on which the UA is running, since these are not logical - * names." - */ - std::string getFromUri() const; + /** + * This method adds the correct scheme, hostname and append + * the ;transport= parameter at the end of the uri, in accordance with RFC3261. + * It is expected that "port" is present in the internal hostname_. + * + * @return pj_str_t "To" uri based on @param username + * @param username A string formatted as : "username" + */ + std::string getToUri(const std::string& username) const override; - /** - * This method adds the correct scheme, hostname and append - * the ;transport= parameter at the end of the uri, in accordance with RFC3261. - * It is expected that "port" is present in the internal hostname_. - * - * @return pj_str_t "To" uri based on @param username - * @param username A string formatted as : "username" - */ - std::string getToUri(const std::string& username) const override; + /** + * In the current version, "srv" uri is obtained in the preformated + * way: hostname:port. This method adds the correct scheme and append + * the ;transport= parameter at the end of the uri, in accordance with RFC3261. + * + * @return pj_str_t "server" uri based on @param hostPort + * @param hostPort A string formatted as : "hostname:port" + */ + std::string getServerUri() const { return ""; }; - /** - * In the current version, "srv" uri is obtained in the preformated - * way: hostname:port. This method adds the correct scheme and append - * the ;transport= parameter at the end of the uri, in accordance with RFC3261. - * - * @return pj_str_t "server" uri based on @param hostPort - * @param hostPort A string formatted as : "hostname:port" - */ - std::string getServerUri() const { return ""; }; + /** + * Get the contact header for + * @return pj_str_t The contact header based on account information + */ + pj_str_t getContactHeader(pjsip_transport* = nullptr) override; - /** - * Get the contact header for - * @return pj_str_t The contact header based on account information - */ - pj_str_t getContactHeader(pjsip_transport* = nullptr) override; + void setReceivedParameter(const std::string &received) { + receivedParameter_ = received; + via_addr_.host.ptr = (char *) receivedParameter_.c_str(); + via_addr_.host.slen = receivedParameter_.size(); + } - void setReceivedParameter(const std::string &received) { - receivedParameter_ = received; - via_addr_.host.ptr = (char *) receivedParameter_.c_str(); - via_addr_.host.slen = receivedParameter_.size(); - } + std::string getReceivedParameter() const { + return receivedParameter_; + } - std::string getReceivedParameter() const { - return receivedParameter_; - } + pjsip_host_port * + getViaAddr() { + return &via_addr_; + } - pjsip_host_port * - getViaAddr() { - return &via_addr_; - } + /* Returns true if the username and/or hostname match this account */ + MatchRank matches(const std::string &username, const std::string &hostname) const override; - /* Returns true if the username and/or hostname match this account */ - MatchRank matches(const std::string &username, const std::string &hostname) const override; + /** + * Implementation of Account::newOutgoingCall() + * Note: keep declaration before newOutgoingCall template. + */ + std::shared_ptr newOutgoingCall(const std::string& toUrl, + const std::map& volatileCallDetails = {}) override; - /** - * Implementation of Account::newOutgoingCall() - * Note: keep declaration before newOutgoingCall template. - */ - std::shared_ptr newOutgoingCall(const std::string& toUrl, - const std::map& volatileCallDetails = {}) override; - - /** - * Create outgoing SIPCall. - * @param[in] toUrl The address to call - * @return std::shared_ptr A shared pointer on the created call. - * The type of this instance is given in template argument. - * This type can be any base class of SIPCall class (included). - */ + /** + * Create outgoing SIPCall. + * @param[in] toUrl The address to call + * @return std::shared_ptr A shared pointer on the created call. + * The type of this instance is given in template argument. + * This type can be any base class of SIPCall class (included). + */ #ifndef _MSC_VER - template - std::shared_ptr > - newOutgoingCall(const std::string& toUrl, const std::map& volatileCallDetails = {}); + template + std::shared_ptr > + newOutgoingCall(const std::string& toUrl, const std::map& volatileCallDetails = {}); #else - template - std::shared_ptr - newOutgoingCall(const std::string& toUrl, const std::map& volatileCallDetails = {}); + template + std::shared_ptr + newOutgoingCall(const std::string& toUrl, const std::map& volatileCallDetails = {}); #endif - /** - * Create incoming SIPCall. - * @param[in] from The origin of the call - * @param details use to set some specific details - * @return std::shared_ptr A shared pointer on the created call. - * The type of this instance is given in template argument. - * This type can be any base class of SIPCall class (included). - */ - virtual std::shared_ptr - newIncomingCall(const std::string& from, const std::map& details = {}) override; + /** + * Create incoming SIPCall. + * @param[in] from The origin of the call + * @param details use to set some specific details + * @return std::shared_ptr A shared pointer on the created call. + * The type of this instance is given in template argument. + * This type can be any base class of SIPCall class (included). + */ + virtual std::shared_ptr + newIncomingCall(const std::string& from, const std::map& details = {}) override; - virtual bool isTlsEnabled() const override { - return true; - } + virtual bool isTlsEnabled() const override { + return true; + } - virtual bool isSrtpEnabled() const { - return true; - } + virtual bool isSrtpEnabled() const { + return true; + } - virtual sip_utils::KeyExchangeProtocol getSrtpKeyExchange() const override { - return sip_utils::KeyExchangeProtocol::SDES; - } + virtual sip_utils::KeyExchangeProtocol getSrtpKeyExchange() const override { + return sip_utils::KeyExchangeProtocol::SDES; + } - virtual bool getSrtpFallback() const override { - return false; - } + virtual bool getSrtpFallback() const override { + return false; + } - bool setCertificateStatus(const std::string& cert_id, tls::TrustStore::PermissionStatus status); + bool setCertificateStatus(const std::string& cert_id, tls::TrustStore::PermissionStatus status); + std::vector getCertificatesByStatus(tls::TrustStore::PermissionStatus status); - std::vector getCertificatesByStatus(tls::TrustStore::PermissionStatus status); + bool findCertificate(const std::string& id); + bool findCertificate(const dht::InfoHash& h, std::function&)>&& cb = {}); - bool findCertificate(const std::string& id); - bool findCertificate(const dht::InfoHash& h, std::function&)>&& cb = {}); + /* contact requests */ + std::vector> getTrustRequests() const; + bool acceptTrustRequest(const std::string& from); + bool discardTrustRequest(const std::string& from); - /* contact requests */ - std::vector> getTrustRequests() const; - bool acceptTrustRequest(const std::string& from); - bool discardTrustRequest(const std::string& from); + /** + * Add contact to the account contact list. + * Set confirmed if we know the contact also added us. + */ + void addContact(const std::string& uri, bool confirmed = false); + void removeContact(const std::string& uri, bool banned = true); + std::vector> getContacts() const; - /** - * Add contact to the account contact list. - * Set confirmed if we know the contact also added us. - */ - void addContact(const std::string& uri, bool confirmed = false); - void removeContact(const std::string& uri, bool banned = true); - std::vector> getContacts() const; + /// + /// Obtain details about one account contact in serializable form. + /// + std::map getContactDetails(const std::string& uri) const; - /// - /// Obtain details about one account contact in serializable form. - /// - std::map getContactDetails(const std::string& uri) const; + void sendTrustRequest(const std::string& to, const std::vector& payload); + void sendTrustRequestConfirm(const std::string& to); + virtual void sendTextMessage(const std::string& to, const std::map& payloads, uint64_t id) override; + virtual uint64_t sendTextMessage(const std::string& to, const std::map& payloads) override; - void sendTrustRequest(const std::string& to, const std::vector& payload); - void sendTrustRequestConfirm(const dht::InfoHash& to); - virtual void sendTextMessage(const std::string& to, const std::map& payloads, uint64_t id) override; - virtual uint64_t sendTextMessage(const std::string& to, const std::map& payloads) override; + /* Devices */ + void addDevice(const std::string& password); + /** + * Export the archive to a file + * @param destinationPath + * @param (optional) password, if not provided, will update the contacts only if the archive doesn't have a password + * @return if the archive was exported + */ + bool exportArchive(const std::string& destinationPath, const std::string& password = {}); + bool revokeDevice(const std::string& password, const std::string& device); + std::map getKnownDevices() const; - /* Devices */ - void addDevice(const std::string& password); - /** - * Export the archive to a file - * @param destinationPath - * @param (optional) password, if not provided, will update the contacts only if the archive doesn't have a password - * @return if the archive was exported - */ - bool exportArchive(const std::string& destinationPath, const std::string& password = {}); - bool revokeDevice(const std::string& password, const std::string& device); - std::map getKnownDevices() const; + bool changeArchivePassword(const std::string& password_old, const std::string& password_new); - bool changeArchivePassword(const std::string& password_old, const std::string& password_new); + void connectivityChanged() override; - void connectivityChanged() override; - - // overloaded methods - void flush() override; + // overloaded methods + void flush() override; #if HAVE_RINGNS - void lookupName(const std::string& name); - void lookupAddress(const std::string& address); - void registerName(const std::string& password, const std::string& name); + void lookupName(const std::string& name); + void lookupAddress(const std::string& address); + void registerName(const std::string& password, const std::string& name); #endif - /// - /// Send a E2E connection request to a given peer for the given transfer id - /// - /// /// \param[in] peer RingID on request's recipient - /// /// \param[in] tid linked outgoing data transfer - /// - void requestPeerConnection(const std::string& peer, const DRing::DataTransferId& tid, - const std::function& connect_cb); + /// + /// Send a E2E connection request to a given peer for the given transfer id + /// + /// /// \param[in] peer RingID on request's recipient + /// /// \param[in] tid linked outgoing data transfer + /// + void requestPeerConnection(const std::string& peer, const DRing::DataTransferId& tid, + const std::function& connect_cb); - /// - /// Close a E2E connection between a given peer and a given transfer id. - /// - /// /// \param[in] peer RingID on request's recipient - /// /// \param[in] tid linked outgoing data transfer - /// - void closePeerConnection(const std::string& peer, const DRing::DataTransferId& tid); + /// + /// Close a E2E connection between a given peer and a given transfer id. + /// + /// /// \param[in] peer RingID on request's recipient + /// /// \param[in] tid linked outgoing data transfer + /// + void closePeerConnection(const std::string& peer, const DRing::DataTransferId& tid); - std::vector publicAddresses(); + std::vector publicAddresses(); - /// \return true if the given DHT message identifier has been treated - /// \note if message has not been treated yet this method store this id and returns true at further calls - bool isMessageTreated(unsigned int id) ; + /// \return true if the given DHT message identifier has been treated + /// \note if message has not been treated yet this method store this id and returns true at further calls + bool isMessageTreated(unsigned int id) ; - dht::DhtRunner& dht() { return dht_; } + std::shared_ptr dht() { return dht_; } - const dht::crypto::Identity& identity() const { return identity_; } + const dht::crypto::Identity& identity() const { return id_; } - const std::shared_future dhParams() const { return dhParams_; } + const std::shared_future dhParams() const { return dhParams_; } - void forEachDevice(const dht::InfoHash& to, - std::function&& op, - std::function&& end = {}); + void forEachDevice(const dht::InfoHash& to, + std::function&& op, + std::function&& end = {}); - /** - * Inform that a potential peer device have been found. - * Returns true only if the device certificate is a valid device certificate. - * In that case (true is returned) the account_id parameter is set to the peer account ID. - */ - static bool foundPeerDevice(const std::shared_ptr& crt, dht::InfoHash& account_id); + /** + * Inform that a potential peer device have been found. + * Returns true only if the device certificate is a valid device certificate. + * In that case (true is returned) the account_id parameter is set to the peer account ID. + */ + //static bool foundPeerDevice(const std::shared_ptr& crt, dht::InfoHash& account_id); - /** - * Start or stop to use the proxy client - * @param address of the proxy - * @param deviceKey the device key for push notifications (empty to not use it) - */ - void enableProxyClient(bool enable); + /** + * Start or stop to use the proxy client + * @param address of the proxy + * @param deviceKey the device key for push notifications (empty to not use it) + */ + void enableProxyClient(bool enable); - void setPushNotificationToken(const std::string& pushDeviceToken = ""); + void setPushNotificationToken(const std::string& pushDeviceToken = ""); - /** - * To be called by clients with relevant data when a push notification is received. - */ - void pushNotificationReceived(const std::string& from, const std::map& data); + /** + * To be called by clients with relevant data when a push notification is received. + */ + void pushNotificationReceived(const std::string& from, const std::map& data); - std::string getUserUri() const override; + std::string getUserUri() const override; - /** - * Get last messages (should be used to retrieve messages when launching the client) - * @param base_timestamp - */ - std::vector getLastMessages(const uint64_t& base_timestamp) override; + /** + * Get last messages (should be used to retrieve messages when launching the client) + * @param base_timestamp + */ + std::vector getLastMessages(const uint64_t& base_timestamp) override; - void saveConfig() const; + /** + * Start Publish the Jami Account onto the Network + */ + void startAccountPublish(); - /** - * Get current discovered peers account id and display name - */ - std::map getNearbyPeers() const override; + /** + * Start Discovery the Jami Account from the Network + */ + void startAccountDiscovery(); - /** - * Add public addresses to ice transport - */ - void registerDhtAddress(IceTransport&); + void saveConfig() const; - private: - NON_COPYABLE(JamiAccount); + /** + * Get current discovered peers account id and display name + */ + std::map getNearbyPeers() const override; - using clock = std::chrono::system_clock; - using time_point = clock::time_point; + /** + * Add public addresses to ice transport + */ + void registerDhtAddress(IceTransport&); - /** - * Private structures - */ - struct PendingCall; - struct PendingMessage; - struct TrustRequest; - struct KnownDevice; - struct DeviceAnnouncement; - struct DeviceSync; - struct BuddyInfo; - struct DiscoveredPeer; +private: + NON_COPYABLE(JamiAccount); - void syncDevices(); - void onReceiveDeviceSync(DeviceSync&& sync); + using clock = std::chrono::system_clock; + using time_point = clock::time_point; + + /** + * Private structures + */ + struct PendingCall; + struct PendingMessage; + struct BuddyInfo; + struct DiscoveredPeer; + + /** + * Compute archive encryption key and DHT storage location from password and PIN. + */ + static std::pair, dht::InfoHash> computeKeys(const std::string& password, const std::string& pin, bool previous=false); + + void trackPresence(const dht::InfoHash& h, BuddyInfo& buddy); + + void doRegister_(); + void incomingCall(dht::IceCandidates&& msg, const std::shared_ptr& from_cert, const dht::InfoHash& from); + + const dht::ValueType USER_PROFILE_TYPE = {9, "User profile", std::chrono::hours(24 * 7)}; + + void startOutgoingCall(const std::shared_ptr& call, const std::string& toUri); + + void onConnectedOutgoingCall(SIPCall& call, const std::string& to_id, IpAddr target); + + /** + * Set the internal state for this account, mainly used to manage account details from the client application. + * @param The map containing the account information. + */ + virtual void setAccountDetails(const std::map &details) override; + + /** + * Start a SIP Call + * @param call The current call + * @return true if all is correct + */ + bool SIPStartCall(SIPCall& call, IpAddr target); + + /** + * For a call with (from_device, from_account), check the peer certificate chain (cert_list, cert_num) + * with session check status. + * Put deserialized certificate to cert_out; + */ + static pj_status_t checkPeerTlsCertificate(dht::InfoHash from_device, dht::InfoHash from_account, + unsigned status, + const gnutls_datum_t* cert_list, unsigned cert_num, + std::shared_ptr& cert_out); + + /** + * Check that a peer is authorised to talk to us. + * If everything is in order, calls the callback with the + * peer certificate chain (down to the peer device certificate), + * and the peer account id. + */ + void onPeerMessage(const dht::InfoHash& peer_device, std::function& crt, const dht::InfoHash& account_id)>&&); + + /** + * Update tracking info when buddy appears offline. + */ + void onTrackedBuddyOffline(const dht::InfoHash&); + + /** + * Update tracking info when buddy appears offline. + */ + void onTrackedBuddyOnline(const dht::InfoHash&); + + /** + * Maps require port via UPnP + */ + bool mapPortUPnP(); + + void igdChanged(); + + bool handlePendingCallList(); + bool handlePendingCall(PendingCall& pc, bool incoming); + + void loadAccount(const std::string& archive_password = {}, const std::string& archive_pin = {}, const std::string& archive_path = {}); + void loadAccountFromFile(const std::string& archive_path, const std::string& archive_password); + void loadAccountFromDHT(const std::string& archive_password, const std::string& archive_pin); + void loadAccountFromArchive(AccountArchive&& archive, const std::string& archive_password); + + bool hasCertificate() const; + bool hasPrivateKey() const; + + std::string makeReceipt(const dht::crypto::Identity& id); + void createRingDevice(const dht::crypto::Identity& id); + void initRingDevice(const AccountArchive& a); + void migrateAccount(const std::string& pwd, dht::crypto::Identity& device); + static bool updateCertificates(AccountArchive& archive, dht::crypto::Identity& device); + + void createAccount(const std::string& archive_password, dht::crypto::Identity&& migrate); + void updateArchive(AccountArchive& content) const; + void saveArchive(AccountArchive& content, const std::string& pwd); + AccountArchive readArchive(const std::string& pwd) const; + std::vector loadBootstrap() const; + + static std::pair saveIdentity(const dht::crypto::Identity id, const std::string& path, const std::string& name); + + void loadTreatedCalls(); + void saveTreatedCalls() const; + + void loadTreatedMessages(); + void saveTreatedMessages() const; + + void replyToIncomingIceMsg(const std::shared_ptr&, + const std::shared_ptr&, + const std::shared_ptr&, + const dht::IceCandidates&, + const std::shared_ptr& from_cert, + const dht::InfoHash& from); + + static tls::DhParams loadDhParams(std::string path); + + std::string getDhtProxyServer(); + + /** + * The TLS settings, used only if tls is chosen as a sip transport. + */ + void generateDhParams(); + + template + std::shared_ptr createIceTransport(const Args&... args); + + void checkPendingCallsTask(); #if HAVE_RINGNS - std::reference_wrapper nameDir_; - std::string nameServer_; - std::string registeredName_; + std::string nameServer_; + std::string registeredName_; #endif std::shared_ptr logger_; - /** - * Compute archive encryption key and DHT storage location from password and PIN. - */ - static std::pair, dht::InfoHash> computeKeys(const std::string& password, const std::string& pin, bool previous=false); + std::shared_ptr dht_ {}; + std::unique_ptr accountManager_; + dht::crypto::Identity id_ {}; - void trackPresence(const dht::InfoHash& h, BuddyInfo& buddy); + dht::InfoHash callKey_; - /** - * Update tracking info when buddy appears offline. - */ - void onTrackedBuddyOffline(const dht::InfoHash&); + /** + * DHT calls waiting for ICE negotiation + */ + std::list pendingCalls_; - /** - * Update tracking info when buddy appears offline. - */ - void onTrackedBuddyOnline(const dht::InfoHash&); + /** + * Incoming DHT calls that are not yet actual SIP calls. + */ + std::list pendingSipCalls_; + std::set treatedCalls_ {}; + mutable std::mutex callsMutex_ {}; - void doRegister_(); - void incomingCall(dht::IceCandidates&& msg, const std::shared_ptr& from_cert, const dht::InfoHash& from); + mutable std::mutex messageMutex_ {}; + std::map sentMessages_; + std::set treatedMessages_ {}; - const dht::ValueType USER_PROFILE_TYPE = {9, "User profile", std::chrono::hours(24 * 7)}; + std::string ringDeviceName_ {}; + std::string idPath_ {}; + std::string cachePath_ {}; + std::string dataPath_ {}; - void startOutgoingCall(const std::shared_ptr& call, const std::string& toUri); + std::string archivePath_ {}; + bool archiveHasPassword_ {true}; - void onConnectedOutgoingCall(SIPCall& call, const std::string& to_id, IpAddr target); + std::string receipt_ {}; + std::vector receiptSignature_ {}; - /** - * Set the internal state for this account, mainly used to manage account details from the client application. - * @param The map containing the account information. - */ - virtual void setAccountDetails(const std::map &details) override; + /* tracked buddies presence */ + mutable std::mutex buddyInfoMtx; + std::map trackedBuddies_; - /** - * Start a SIP Call - * @param call The current call - * @return true if all is correct - */ - bool SIPStartCall(SIPCall& call, IpAddr target); + mutable std::mutex dhtValuesMtx_; + bool dhtPublicInCalls_ {true}; - /** - * Inform that a potential account device have been found. - * Returns true if the device have been validated to be part of this account - */ - bool foundAccountDevice(const std::shared_ptr& crt, const std::string& name = {}, const time_point& last_sync = time_point::min()); + /** + * DHT port preference + */ + in_port_t dhtPort_ {}; - /** - * For a call with (from_device, from_account), check the peer certificate chain (cert_list, cert_num) - * with session check status. - * Put deserialized certificate to cert_out; - */ - static pj_status_t checkPeerTlsCertificate(dht::InfoHash from_device, dht::InfoHash from_account, - unsigned status, - const gnutls_datum_t* cert_list, unsigned cert_num, - std::shared_ptr& cert_out); + bool dhtPeerDiscovery_ {false}; - /** - * Check that a peer is authorised to talk to us. - * If everything is in order, calls the callback with the - * peer certificate chain (down to the peer device certificate), - * and the peer account id. - */ - void onPeerMessage(const dht::InfoHash& peer_device, std::function& crt, const dht::InfoHash& account_id)>&&); + /** + * DHT port actually used, + * this holds the actual port used for DHT, which may not be the port + * selected in the configuration in the case that UPnP is used and the + * configured port is already used by another client + */ + UsedPort dhtPortUsed_ {}; - void onTrustRequest(const dht::InfoHash& peer_account, const dht::InfoHash& peer_device, time_t received , bool confirm, std::vector&& payload); + /** + * Proxy + */ + bool proxyEnabled_ {false}; + std::string proxyServer_ {}; + std::string proxyServerCached_ {}; + std::string deviceKey_ {}; - /** - * Start Publish the Jami Account onto the Network - */ - void startAccountPublish(); + std::mutex dhParamsMtx_ {}; + std::shared_future dhParams_; + std::condition_variable dhParamsCv_; - /** - * Start Discovery the Jami Account from the Network - */ - void startAccountDiscovery(); + bool allowPeersFromHistory_ {true}; + bool allowPeersFromContact_ {true}; + bool allowPeersFromTrusted_ {true}; - /** - * Maps require port via UPnP - */ - bool mapPortUPnP(); + /** + * Optional: "received" parameter from VIA header + */ + std::string receivedParameter_ {}; - void igdChanged(); + /** + * Optional: "rport" parameter from VIA header + */ + int rPort_ {-1}; - dht::DhtRunner dht_ {}; - dht::crypto::Identity identity_ {}; + /** + * Optional: via_addr construct from received parameters + */ + pjsip_host_port via_addr_ {}; - dht::InfoHash callKey_; + char contactBuffer_[PJSIP_MAX_URL_SIZE] {}; + pj_str_t contact_ {contactBuffer_, 0}; + pjsip_transport* via_tp_ {nullptr}; - bool handlePendingCallList(); - bool handlePendingCall(PendingCall& pc, bool incoming); + std::unique_ptr dhtPeerConnector_; - mutable std::mutex callsMutex_ {}; + std::mutex discoveryMapMtx_; + std::shared_ptr peerDiscovery_; + std::map discoveredPeers_; + std::map discoveredPeerMap_; + bool accountPeerDiscovery_ {false}; + bool accountPublish_ {false}; - /** - * DHT calls waiting for ICE negotiation - */ - std::list pendingCalls_; - - /** - * Incoming DHT calls that are not yet actual SIP calls. - */ - std::list pendingSipCalls_; - std::set treatedCalls_ {}; - - mutable std::mutex messageMutex_ {}; - std::map sentMessages_; - std::set treatedMessages_ {}; - - std::string ringAccountId_ {}; - std::string ringDeviceId_ {}; - std::string ringDeviceName_ {}; - std::string idPath_ {}; - std::string cachePath_ {}; - std::string dataPath_ {}; - std::string ethPath_ {}; - std::string ethAccount_ {}; - - std::string archivePath_ {}; - bool archiveHasPassword_ {true}; - - std::string receipt_ {}; - std::vector receiptSignature_ {}; - dht::Value announceVal_; - - std::map trustRequests_; - void loadTrustRequests(); - void saveTrustRequests() const; - - std::map contacts_; - void loadContacts(); - void saveContacts() const; - void updateContact(const dht::InfoHash&, const Contact&); - void addContact(const dht::InfoHash&, bool confirmed = false); - - // Trust store with account main certificate as the only CA - dht::crypto::TrustList accountTrust_; - // Trust store for to match peer certificates - tls::TrustStore trust_; - - std::shared_ptr announce_; - - /* this ring account associated devices */ - mutable std::mutex deviceListMutex_ {}; - std::map knownDevices_; - - /* tracked buddies presence */ - mutable std::mutex buddyInfoMtx; - std::map trackedBuddies_; - - void loadAccount(const std::string& archive_password = {}, const std::string& archive_pin = {}, const std::string& archive_path = {}); - void loadAccountFromFile(const std::string& archive_path, const std::string& archive_password); - void loadAccountFromDHT(const std::string& archive_password, const std::string& archive_pin); - void loadAccountFromArchive(AccountArchive&& archive, const std::string& archive_password); - - bool hasCertificate() const; - bool hasPrivateKey() const; - bool useIdentity(const dht::crypto::Identity& id); - static bool needsMigration(const dht::crypto::Identity& id); - - std::string makeReceipt(const dht::crypto::Identity& id); - void createRingDevice(const dht::crypto::Identity& id); - void initRingDevice(const AccountArchive& a); - void migrateAccount(const std::string& pwd, dht::crypto::Identity& device); - static bool updateCertificates(AccountArchive& archive, dht::crypto::Identity& device); - - void createAccount(const std::string& archive_password, dht::crypto::Identity&& migrate); - void updateArchive(AccountArchive& content) const; - void saveArchive(AccountArchive& content, const std::string& pwd); - AccountArchive readArchive(const std::string& pwd) const; - std::vector loadBootstrap() const; - - static std::pair saveIdentity(const dht::crypto::Identity id, const std::string& path, const std::string& name); - - void loadTreatedCalls(); - void saveTreatedCalls() const; - - void loadTreatedMessages(); - void saveTreatedMessages() const; - - void loadKnownDevices(); - void saveKnownDevices() const; - - void replyToIncomingIceMsg(const std::shared_ptr&, - const std::shared_ptr&, - const std::shared_ptr&, - const dht::IceCandidates&, - const std::shared_ptr& from_cert, - const dht::InfoHash& from); - - static tls::DhParams loadDhParams(std::string path); - - /** - * If privkeyPath_ is a valid private key file (PEM or DER), - * and certPath_ a valid certificate file, load and returns them. - * Otherwise, generate a new identity and returns it. - */ - dht::crypto::Identity loadIdentity(const std::string& crt_path, const std::string& key_path, const std::string& key_pwd) const; - - bool dhtPublicInCalls_ {true}; - - /** - * DHT port preference - */ - in_port_t dhtPort_ {}; - - bool dhtPeerDiscovery_ {false}; - - /** - * DHT port actually used, - * this holds the actual port used for DHT, which may not be the port - * selected in the configuration in the case that UPnP is used and the - * configured port is already used by another client - */ - UsedPort dhtPortUsed_ {}; - - /** - * Proxy - */ - bool proxyEnabled_; - std::string proxyServer_; - std::string proxyServerCached_; - std::string deviceKey_; - std::string getDhtProxyServer(); - - /** - * The TLS settings, used only if tls is chosen as a sip transport. - */ - void generateDhParams(); - - std::shared_future dhParams_; - std::mutex dhParamsMtx_; - std::condition_variable dhParamsCv_; - - bool allowPeersFromHistory_ {true}; - bool allowPeersFromContact_ {true}; - bool allowPeersFromTrusted_ {true}; - - /** - * Optional: "received" parameter from VIA header - */ - std::string receivedParameter_ {}; - - /** - * Optional: "rport" parameter from VIA header - */ - int rPort_ {-1}; - - /** - * Optional: via_addr construct from received parameters - */ - pjsip_host_port via_addr_ {}; - - char contactBuffer_[PJSIP_MAX_URL_SIZE] {}; - pj_str_t contact_ {contactBuffer_, 0}; - pjsip_transport* via_tp_ {nullptr}; - - template - std::shared_ptr createIceTransport(const Args&... args); - - - std::unique_ptr dhtPeerConnector_; - - std::mutex discoveryMapMtx_; - std::shared_ptr peerDiscovery_; - std::map discoveredPeers_; - std::map discoveredPeerMap_; - bool accountPeerDiscovery_ {false}; - bool accountPublish_ {false}; - - std::shared_ptr eventHandler {}; - void checkPendingCallsTask(); + std::shared_ptr eventHandler {}; }; static inline std::ostream& operator<< (std::ostream& os, const JamiAccount& acc) diff --git a/src/jamidht/namedirectory.h b/src/jamidht/namedirectory.h index 4f62ef93d..8e30b2171 100644 --- a/src/jamidht/namedirectory.h +++ b/src/jamidht/namedirectory.h @@ -51,6 +51,7 @@ public: enum class Response : int { found = 0, invalidResponse, notFound, error }; enum class RegistrationResponse : int { success = 0, invalidName, + invalidCredentials, alreadyTaken, error, incompleteRequest, diff --git a/src/jamidht/p2p.cpp b/src/jamidht/p2p.cpp index ef90528ac..4bfb52357 100644 --- a/src/jamidht/p2p.cpp +++ b/src/jamidht/p2p.cpp @@ -30,6 +30,7 @@ #include "peer_connection.h" #include "security/tls_session.h" #include "turn_transport.h" +#include "account_manager.h" #include #include @@ -400,7 +401,7 @@ private: // Send connection request through DHT JAMI_DBG() << parent_.account << "[CNX] request connection to " << peer_; - parent_.account.dht().putEncrypted( + parent_.account.dht()->putEncrypted( dht::InfoHash::get(PeerConnectionMsg::key_prefix + peer_.toString()), peer_, request); // Wait for call to onResponse() operated by DHT @@ -674,7 +675,7 @@ DhtPeerConnector::Impl::onRequestMsg(PeerConnectionMsg&& request) request.from, [this, request=std::move(request)] (const std::shared_ptr& cert) mutable { dht::InfoHash peer_h; - if (account.foundPeerDevice(cert, peer_h)) + if (AccountManager::foundPeerDevice(cert, peer_h)) onTrustedRequestMsg(std::move(request), cert, peer_h); else JAMI_WARN() << account << "[CNX] rejected untrusted connection request from " @@ -798,7 +799,7 @@ DhtPeerConnector::Impl::answerToRequest(PeerConnectionMsg&& request, } JAMI_DBG() << account << "[CNX] connection accepted, DHT reply to " << request.from; - account.dht().putEncrypted( + account.dht()->putEncrypted( dht::InfoHash::get(PeerConnectionMsg::key_prefix + request.from.toString()), request.from, request.respond(addresses)); @@ -982,10 +983,10 @@ DhtPeerConnector::~DhtPeerConnector() = default; void DhtPeerConnector::onDhtConnected(const std::string& device_id) { - pimpl_->account.dht().listen( + pimpl_->account.dht()->listen( dht::InfoHash::get(PeerConnectionMsg::key_prefix + device_id), [this](PeerConnectionMsg&& msg) { - if (msg.from == pimpl_->account.dht().getId()) + if (msg.from == pimpl_->account.dht()->getId()) return true; if (!pimpl_->account.isMessageTreated(msg.id)) { if (msg.isRequest()) { @@ -1024,7 +1025,7 @@ DhtPeerConnector::requestConnection(const std::string& peer_id, pimpl_->account.forEachDevice( peer_h, [this, addresses, connect_cb, tid](const dht::InfoHash& dev_h) { - if (dev_h == pimpl_->account.dht().getId()) { + if (dev_h == pimpl_->account.dht()->getId()) { JAMI_ERR() << pimpl_->account.getAccountID() << "[CNX] no connection to yourself, bad person!"; return; } @@ -1060,7 +1061,7 @@ DhtPeerConnector::closeConnection(const std::string& peer_id, const DRing::DataT pimpl_->account.forEachDevice( peer_h, [this, tid](const dht::InfoHash& dev_h) { - if (dev_h == pimpl_->account.dht().getId()) { + if (dev_h == pimpl_->account.dht()->getId()) { JAMI_ERR() << pimpl_->account.getAccountID() << "[CNX] no connection to yourself, bad person!"; return; } diff --git a/src/security/certstore.cpp b/src/security/certstore.cpp index 05d5efbf6..78ecbfa89 100644 --- a/src/security/certstore.cpp +++ b/src/security/certstore.cpp @@ -487,7 +487,7 @@ TrustStore::getCertificateStatus(const std::string& cert_id) const } std::vector -TrustStore::getCertificatesByStatus(TrustStore::PermissionStatus status) +TrustStore::getCertificatesByStatus(TrustStore::PermissionStatus status) const { std::vector ret; for (const auto& i : certStatus_) diff --git a/src/security/certstore.h b/src/security/certstore.h index 0981efab9..bf26d91b6 100644 --- a/src/security/certstore.h +++ b/src/security/certstore.h @@ -126,7 +126,7 @@ public: PermissionStatus getCertificateStatus(const std::string& cert_id) const; - std::vector getCertificatesByStatus(PermissionStatus status); + std::vector getCertificatesByStatus(PermissionStatus status) const; /** * Check that the certificate is allowed (valid and permited) for contact.