mirror of
https://github.com/outbackdingo/sysadm.git
synced 2026-01-27 02:20:17 +00:00
Clean up some more of the communication system for the server/client connection through a bridge. Seems to be functioning with base64 encoding only right now.
This commit is contained in:
Ken Moore
@@ -344,7 +344,7 @@ QString AuthorizationManager::encryptString(QString str, QByteArray key){
|
||||
else if(key.contains(" PRIVATE KEY--")){ pub=false; }
|
||||
else{ return str; } //unknown encryption - just return as-is
|
||||
return str.toLocal8Bit().toBase64(); //TEMPORARY BYPASS
|
||||
qDebug() << "Encrypt String:" << str << pub;//<< key;
|
||||
//qDebug() << "Encrypt String:" << str << pub;//<< key;
|
||||
//Reset/Load some SSL stuff
|
||||
//OpenSSL_add_all_algorithms();
|
||||
//ERR_load_crypto_strings();
|
||||
@@ -380,10 +380,10 @@ QString AuthorizationManager::encryptString(QString str, QByteArray key){
|
||||
if(len <0){ return ""; }
|
||||
//qDebug() << "Return base-64 encoded version";
|
||||
QByteArray str_encode = QByteArray::fromRawData( (char*)(encode), len);
|
||||
qDebug() << "Encoded:" << str_encode;
|
||||
//qDebug() << "Encoded:" << str_encode;
|
||||
str_encode = str_encode.toBase64();
|
||||
qDebug() << "Could reverse encoding:" << (decryptString(str_encode, key) == str);
|
||||
qDebug() << "Base64:" << str_encode;
|
||||
//qDebug() << "Base64:" << str_encode;
|
||||
|
||||
return QString( str_encode );
|
||||
}
|
||||
@@ -391,22 +391,20 @@ QString AuthorizationManager::encryptString(QString str, QByteArray key){
|
||||
}
|
||||
|
||||
QString AuthorizationManager::decryptString(QString str, QByteArray key){
|
||||
QByteArray bytes; bytes.append(str);
|
||||
bytes = QByteArray::fromBase64(bytes);
|
||||
qDebug() << "Decode String:" << bytes;
|
||||
return QString(bytes); //TEMPORARY BYPASS
|
||||
bool pub=true;
|
||||
if(key.contains("--BEGIN PUBLIC KEY--")){ pub=true; }
|
||||
else if(key.contains(" PRIVATE KEY--")){ pub=false; }
|
||||
else{ return str; } //unknown encryption - just return as-is
|
||||
//Turn back into data (Base64 required for encrypted transport)
|
||||
QByteArray bytes; bytes.append(str);
|
||||
bytes = QByteArray::fromBase64(bytes);
|
||||
//qDebug() << "Decode String:" << bytes;
|
||||
return QString(bytes); //TEMPORARY BYPASS
|
||||
|
||||
//Reset/Load some SSL stuff
|
||||
// OpenSSL_add_all_algorithms();
|
||||
// ERR_load_crypto_strings();
|
||||
|
||||
//Turn the encrypted string into a byte array
|
||||
QByteArray enc; enc.append(str.toLocal8Bit());
|
||||
|
||||
unsigned char *decode = (unsigned char*)malloc(2*str.length());
|
||||
unsigned char *decode = (unsigned char*)malloc(2*bytes.size());
|
||||
RSA *rsa= NULL;
|
||||
BIO *keybio = NULL;
|
||||
//qDebug() << " - Generate keybio";
|
||||
@@ -418,7 +416,7 @@ QString AuthorizationManager::decryptString(QString str, QByteArray key){
|
||||
rsa = PEM_read_bio_RSA_PUBKEY(keybio, &rsa,NULL, NULL);
|
||||
if(rsa==NULL){ qDebug() << " - Invalid RSA key!!"; return ""; }
|
||||
//qDebug() << " - Decrypt string";
|
||||
int len = RSA_public_decrypt(enc.length(), (unsigned char*)(enc.data()), decode, rsa, RSA_PKCS1_PADDING);
|
||||
int len = RSA_public_decrypt(bytes.size(), (unsigned char*)(bytes.data()), decode, rsa, RSA_PKCS1_PADDING);
|
||||
if(len<0){ return ""; }
|
||||
return QString( QByteArray( (char*)(decode), len) );
|
||||
}else{
|
||||
@@ -426,7 +424,7 @@ QString AuthorizationManager::decryptString(QString str, QByteArray key){
|
||||
rsa = PEM_read_bio_RSAPrivateKey(keybio, &rsa,NULL, NULL);
|
||||
if(rsa==NULL){ qDebug() << " - Invalid RSA key!!"; return ""; }
|
||||
//qDebug() << " - Decrypt string";
|
||||
int len = RSA_private_decrypt(enc.length(), (unsigned char*)(enc.data()), decode, rsa, RSA_PKCS1_PADDING);
|
||||
int len = RSA_private_decrypt(bytes.size(), (unsigned char*)(bytes.data()), decode, rsa, RSA_PKCS1_PADDING);
|
||||
if(len<0){ return ""; }
|
||||
return QString( QByteArray( (char*)(decode), len) );
|
||||
}
|
||||
@@ -450,7 +448,7 @@ QByteArray AuthorizationManager::GenerateSSLPrivkey(){
|
||||
pem_key = (char *)malloc(keylen+1); /* Null-terminate */
|
||||
BIO_read(bio, pem_key, keylen);
|
||||
QByteArray data = QByteArray::fromRawData(pem_key, keylen);
|
||||
qDebug() << "New Priv Key:" << data;
|
||||
//qDebug() << "New Priv Key:" << data;
|
||||
return data;
|
||||
}
|
||||
|
||||
|
||||
@@ -12,7 +12,7 @@ RestInputStruct::RestInputStruct(QString message, bool isRest){
|
||||
if(message.isEmpty()){ return; }
|
||||
//Pull out any REST headers
|
||||
//qDebug() << "Raw Message:" << message;
|
||||
if(!message.startsWith("{")){
|
||||
if(!message.startsWith("{")){ //TO-DO
|
||||
if(isRest){
|
||||
Header = message.section("{",0,0).split("\n");
|
||||
Body = "{"+message.section("{",1, -1);
|
||||
@@ -53,6 +53,7 @@ RestInputStruct::RestInputStruct(QString message, bool isRest){
|
||||
RestInputStruct::~RestInputStruct(){}
|
||||
|
||||
void RestInputStruct::ParseBodyIntoJson(){
|
||||
qDebug() << "Parse Body Into JSON";
|
||||
while(Body.endsWith("\n")){ Body.chop(1); }
|
||||
if(Body.startsWith("{") && Body.endsWith("}") ){
|
||||
QJsonDocument doc = QJsonDocument::fromJson(Body.toUtf8());
|
||||
@@ -67,6 +68,9 @@ void RestInputStruct::ParseBodyIntoJson(){
|
||||
args = doc.object();
|
||||
}
|
||||
}
|
||||
}else{
|
||||
qDebug() << " -Could not find JSON!!";
|
||||
qDebug() << " - Body:" << Body;
|
||||
}
|
||||
//Now do any REST -> JSON conversions if necessary
|
||||
if(!URI.isEmpty()){
|
||||
|
||||
@@ -157,9 +157,11 @@ void WebSocket::sendReply(QString msg){
|
||||
void WebSocket::EvaluateREST(QString msg){
|
||||
//Parse the message into it's elements and proceed to the main data evaluation
|
||||
RestInputStruct IN(msg, TSOCKET!=0);
|
||||
if(SOCKET!=0 && !IN.Header.isEmpty()){
|
||||
//Bridge-relay message - need to decrypt the message body before it can be parsed
|
||||
//IN.Body = AUTHSYSTEM->decryptString(IN.Body, key); //TO-DO
|
||||
if(SOCKET!=0 && !IN.Header.isEmpty() && !IN.bridgeID.isEmpty() ){
|
||||
if(BRIDGE.contains(IN.bridgeID)){
|
||||
//Bridge-relay message - need to decrypt the message body before it can be parsed
|
||||
IN.Body = AUTHSYSTEM->decryptString(IN.Body, BRIDGE[IN.bridgeID].enc_key);
|
||||
}
|
||||
IN.ParseBodyIntoJson();
|
||||
}
|
||||
if(DEBUG){
|
||||
@@ -259,6 +261,7 @@ void WebSocket::EvaluateRequest(const RestInputStruct &REQ){
|
||||
}else{
|
||||
//Stage 1: Send the client a random string to encrypt with their SSL key
|
||||
QString key = AUTHSYSTEM->GenerateEncCheckString();
|
||||
//qDebug() << "New Check String:" << key;
|
||||
QJsonObject obj;
|
||||
if(out.in_struct.args.toObject().contains("md5_key")){
|
||||
qDebug() << "Encrypted SSL Auth Requested";
|
||||
@@ -497,8 +500,10 @@ void WebSocket::checkConnection(){
|
||||
}
|
||||
void WebSocket::checkIdle(){
|
||||
if(SOCKET !=0 && SOCKET->isValid()){
|
||||
LogManager::log(LogManager::HOST,"Connection Idle: "+SockPeerIP);
|
||||
SOCKET->close(); //timeout - close the connection to make way for others
|
||||
if(!isBridge){ //never timout from idle on a bridge connection
|
||||
LogManager::log(LogManager::HOST,"Connection Idle: "+SockPeerIP);
|
||||
SOCKET->close(); //timeout - close the connection to make way for others
|
||||
}
|
||||
}
|
||||
else if(TSOCKET !=0 && TSOCKET->isValid() ){
|
||||
LogManager::log(LogManager::HOST,"Connection Idle: "+SockPeerIP);
|
||||
@@ -507,7 +512,13 @@ void WebSocket::checkIdle(){
|
||||
}
|
||||
|
||||
void WebSocket::checkAuth(){
|
||||
if(!AUTHSYSTEM->checkAuth(SockAuthToken)){
|
||||
if(isBridge){
|
||||
//Special handling for a bridge connection - since the server is the connection "initiator" instead of receiver
|
||||
if(!SockAuthToken.isEmpty() && SOCKET!=0 && SOCKET->isValid()){
|
||||
LogManager::log(LogManager::HOST,"Bridge Connection Still Unauthorized: "+SockPeerIP);
|
||||
SOCKET->close();
|
||||
}
|
||||
}else if(!AUTHSYSTEM->checkAuth(SockAuthToken)){
|
||||
//Still not authorized - disconnect
|
||||
checkIdle();
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user