From f9af7c2efe651eea985060c224daa93a77e2c8e8 Mon Sep 17 00:00:00 2001
From: Ken Moore <moorekou@gmail.com>
Date: Thu, 5 May 2016 09:55:38 -0400
Subject: [PATCH] Add a API call to the server: rpc/settings: "action" =
 "list_ssl_checksums" This will list the MD5 checksums of all the known SSL
 keys (in no particular order)

REST Request:
-------------------------------
PUT /rpc/settings
{
   "action" : "list_ssl_checksums"
}

WebSocket Request:
-------------------------------
{
   "args" : {
      "action" : "list_ssl_checksums"
   },
   "namespace" : "rpc",
   "name" : "settings",
   "id" : "fooid"
}

Response:
-------------------------------
{
  "args": {
    "md5_keys": [
      "0`H\u0013\r*\u00023\u000bc"
    ]
  },
  "id": "fooid",
  "name": "response",
  "namespace": "rpc"
}
---
 src/server/AuthorizationManager.cpp | 18 ++++++++++++++++++
 src/server/AuthorizationManager.h   |  1 +
 src/server/WebBackend.cpp           |  3 +++
 3 files changed, 22 insertions(+)

diff --git a/src/server/AuthorizationManager.cpp b/src/server/AuthorizationManager.cpp
index 89449a2..7c32ea2 100644
--- a/src/server/AuthorizationManager.cpp
+++ b/src/server/AuthorizationManager.cpp
@@ -7,6 +7,8 @@
 
 #include "globals.h"
 
+#include <QCryptographicHash>
+
 // Stuff for PAM to work
 #include <sys/types.h>
 #include <security/pam_appl.h>
@@ -125,6 +127,22 @@ void AuthorizationManager::ListCertificates(QString token, QJsonObject *out){
   if(!user.isEmpty() && !username.isEmpty()){ out->insert(username, user); }
 }
 
+void AuthorizationManager::ListCertificateChecksums(QJsonObject *out){
+ QStringList keys; //Format: "RegisteredCerts/<user>/<key>"
+    //Read all user's certs (since we only need checksums)
+    keys = CONFIG->allKeys().filter("RegisteredCerts/");
+  keys.sort();
+  QJsonArray arr;
+  QCryptographicHash chash(QCryptographicHash::Md5);
+  for(int i=0; i<keys.length(); i++){
+    chash.addData( CONFIG->value(keys[i]).toString().toLocal8Bit() );
+    QByteArray res = chash.result();
+    chash.reset();
+    arr << QString(res);
+  }
+  out->insert("md5_keys", arr);
+}
+
 //Generic functions
 int AuthorizationManager::checkAuthTimeoutSecs(QString token){
 	//Return the number of seconds that a token is valid for
diff --git a/src/server/AuthorizationManager.h b/src/server/AuthorizationManager.h
index a5a483f..93d4cd2 100644
--- a/src/server/AuthorizationManager.h
+++ b/src/server/AuthorizationManager.h
@@ -23,6 +23,7 @@ public:
 	bool RegisterCertificate(QString token, QString pubkey, QString nickname, QString email); //if token is valid, register the given cert for future logins
 	bool RevokeCertificate(QString token, QString key, QString user=""); //user will be the current user if not empty - cannot touch other user's certs without full perms on current session
 	void ListCertificates(QString token, QJsonObject *out);
+	void ListCertificateChecksums(QJsonObject *out);
 
 	int checkAuthTimeoutSecs(QString token); //Return the number of seconds that a token is valid for
 
diff --git a/src/server/WebBackend.cpp b/src/server/WebBackend.cpp
index b3e4545..1ee9ddc 100644
--- a/src/server/WebBackend.cpp
+++ b/src/server/WebBackend.cpp
@@ -164,6 +164,9 @@ RestOutputStruct::ExitCode WebSocket::EvaluateSysadmSettingsRequest(const QJsonV
   }else if(act=="list_ssl_certs"){
     AUTHSYSTEM->ListCertificates(SockAuthToken, out);
     ok = true; //always works for current user (even if nothing found)
+  }else if(act=="list_ssl_checksums"){
+    AUTHSYSTEM->ListCertificateChecksums(out);
+    ok = true;
   }else if(act=="revoke_ssl_cert" && keys.contains("pub_key") ){
     //Additional arguments: "user" (optional), "pub_key" (String)
     QString user; if(keys.contains("user")){ user = argsO.value("user").toString(); }