Add a API call to the server:

rpc/settings: "action" = "list_ssl_checksums" This will list the MD5 checksums of all the known SSL keys (in no particular order) REST Request: ------------------------------- PUT /rpc/settings { "action" : "list_ssl_checksums" } WebSocket Request: ------------------------------- { "args" : { "action" : "list_ssl_checksums" }, "namespace" : "rpc", "name" : "settings", "id" : "fooid" } Response: ------------------------------- { "args": { "md5_keys": [ "0`H\u0013\r*\u00023\u000bc" ] }, "id": "fooid", "name": "response", "namespace": "rpc" }
2026-01-27 10:20:26 +00:00 · 2016-05-05 09:55:38 -04:00
parent 4ef706afee
commit f9af7c2efe
3 changed files with 22 additions and 0 deletions
--- a/src/server/AuthorizationManager.cpp
+++ b/src/server/AuthorizationManager.cpp
@@ -7,6 +7,8 @@

 #include "globals.h"

+#include <QCryptographicHash>
+
 // Stuff for PAM to work
 #include <sys/types.h>
 #include <security/pam_appl.h>
@@ -125,6 +127,22 @@ void AuthorizationManager::ListCertificates(QString token, QJsonObject *out){
  if(!user.isEmpty() && !username.isEmpty()){ out->insert(username, user); }
 }

+void AuthorizationManager::ListCertificateChecksums(QJsonObject *out){
+ QStringList keys; //Format: "RegisteredCerts/<user>/<key>"
+    //Read all user's certs (since we only need checksums)
+    keys = CONFIG->allKeys().filter("RegisteredCerts/");
+  keys.sort();
+  QJsonArray arr;
+  QCryptographicHash chash(QCryptographicHash::Md5);
+  for(int i=0; i<keys.length(); i++){
+    chash.addData( CONFIG->value(keys[i]).toString().toLocal8Bit() );
+    QByteArray res = chash.result();
+    chash.reset();
+    arr << QString(res);
+  }
+  out->insert("md5_keys", arr);
+}
+
 //Generic functions
 int AuthorizationManager::checkAuthTimeoutSecs(QString token){
 	//Return the number of seconds that a token is valid for
--- a/src/server/AuthorizationManager.h
+++ b/src/server/AuthorizationManager.h
@@ -23,6 +23,7 @@ public:
 	bool RegisterCertificate(QString token, QString pubkey, QString nickname, QString email); //if token is valid, register the given cert for future logins
 	bool RevokeCertificate(QString token, QString key, QString user=""); //user will be the current user if not empty - cannot touch other user's certs without full perms on current session
 	void ListCertificates(QString token, QJsonObject *out);
+	void ListCertificateChecksums(QJsonObject *out);

 	int checkAuthTimeoutSecs(QString token); //Return the number of seconds that a token is valid for

--- a/src/server/WebBackend.cpp
+++ b/src/server/WebBackend.cpp
@@ -164,6 +164,9 @@ RestOutputStruct::ExitCode WebSocket::EvaluateSysadmSettingsRequest(const QJsonV
  }else if(act=="list_ssl_certs"){
    AUTHSYSTEM->ListCertificates(SockAuthToken, out);
    ok = true; //always works for current user (even if nothing found)
+  }else if(act=="list_ssl_checksums"){
+    AUTHSYSTEM->ListCertificateChecksums(out);
+    ok = true;
  }else if(act=="revoke_ssl_cert" && keys.contains("pub_key") ){
    //Additional arguments: "user" (optional), "pub_key" (String)
    QString user; if(keys.contains("user")){ user = argsO.value("user").toString(); }