diff --git a/src/jamidht/account_manager.cpp b/src/jamidht/account_manager.cpp
index 437b27ec9990bbd68b2b40ceed1bbd9c0d4a5c8a..a58b4097a50fe06c04534a898b78fd5d1fa9c2a0 100644
--- a/src/jamidht/account_manager.cpp
+++ b/src/jamidht/account_manager.cpp
@@ -105,8 +105,7 @@ AccountManager::onSyncData(DeviceSync&& sync, bool checkDevice)
}
dht::crypto::Identity
-AccountManager::loadIdentity(const std::string& accountId,
- const std::string& crt_path,
+AccountManager::loadIdentity(const std::string& crt_path,
const std::string& key_path,
const std::string& key_pwd) const
{
@@ -133,7 +132,7 @@ AccountManager::loadIdentity(const std::string& accountId,
return {};
}
// load revocation lists for device authority (account certificate).
- Manager::instance().certStore(accountId).loadRevocations(*issuer);
+ Manager::instance().certStore(accountId_).loadRevocations(*issuer);
return {std::make_shared<dht::crypto::PrivateKey>(std::move(dht_key)),
std::make_shared<dht::crypto::Certificate>(std::move(dht_cert))};
@@ -172,64 +171,62 @@ AccountManager::parseAnnounce(const std::string& announceBase64,
}
const AccountInfo*
-AccountManager::useIdentity(const std::string& accountId,
- const dht::crypto::Identity& identity,
+AccountManager::useIdentity(const dht::crypto::Identity& identity,
const std::string& receipt,
const std::vector<uint8_t>& receiptSignature,
const std::string& username,
const OnChangeCallback& onChange)
{
- accountId_ = accountId;
if (receipt.empty() or receiptSignature.empty())
return nullptr;
if (not identity.first or not identity.second) {
- JAMI_ERROR("[Account {}] [Auth] no identity provided", accountId);
+ JAMI_ERROR("[Account {}] [Auth] no identity provided", accountId_);
return nullptr;
}
auto accountCertificate = identity.second->issuer;
if (not accountCertificate) {
- JAMI_ERROR("[Account {}] [Auth] device certificate must be issued by the account certificate", accountId);
+ JAMI_ERROR("[Account {}] [Auth] device certificate must be issued by the account certificate", accountId_);
return nullptr;
}
// match certificate chain
- auto contactList = std::make_unique<ContactList>(accountId, accountCertificate, path_, onChange);
+ auto contactList = std::make_unique<ContactList>(accountId_, accountCertificate, path_, onChange);
auto result = contactList->isValidAccountDevice(*identity.second);
if (not result) {
- JAMI_ERROR("[Account {}] [Auth] unable to use identity: device certificate chain is unable to be verified: {}", accountId,
+ JAMI_ERROR("[Account {}] [Auth] unable to use identity: device certificate chain is unable to be verified: {}", accountId_,
result.toString());
return nullptr;
}
auto pk = accountCertificate->getSharedPublicKey();
- JAMI_LOG("[Account {}] [Auth] checking device receipt for {}", accountId, pk->getId().toString());
+ JAMI_LOG("[Account {}] [Auth] checking device receipt for {}", accountId_, pk->getId().toString());
if (!pk->checkSignature({receipt.begin(), receipt.end()}, receiptSignature)) {
- JAMI_ERROR("[Auth] device receipt signature check failed");
+ JAMI_ERROR("[Account {}] [Auth] device receipt signature check failed", accountId_);
return nullptr;
}
auto root = announceFromReceipt(receipt);
if (!root.isMember("announce")) {
- JAMI_ERROR("[Account {}] [Auth] device receipt parsing error", accountId);
+ JAMI_ERROR("[Account {}] [Auth] device receipt parsing error", accountId_);
return nullptr;
}
auto dev_id = root["dev"].asString();
if (dev_id != identity.second->getId().toString()) {
- JAMI_ERROR("[Account {}] [Auth] device ID mismatch between receipt and certificate", accountId);
+ JAMI_ERROR("[Account {}] [Auth] device ID mismatch between receipt and certificate", accountId_);
return nullptr;
}
auto id = root["id"].asString();
if (id != pk->getId().toString()) {
- JAMI_ERROR("[Account {}] [Auth] account ID mismatch between receipt and certificate", accountId);
+ JAMI_ERROR("[Account {}] [Auth] account ID mismatch between receipt and certificate", accountId_);
return nullptr;
}
auto devicePk = identity.first->getSharedPublicKey();
if (!devicePk) {
- JAMI_ERROR("[Account {}] [Auth] No device pk found", accountId);
+ JAMI_ERROR("[Account {}] [Auth] No device pk found", accountId_);
return nullptr;
}
@@ -252,7 +249,7 @@ AccountManager::useIdentity(const std::string& accountId,
info->username = username;
info_ = std::move(info);
- JAMI_LOG("[Account {}] [Auth] Device {} receipt checked successfully for user {}", accountId,
+ JAMI_LOG("[Account {}] [Auth] Device {} receipt checked successfully for user {}", accountId_,
info_->deviceId, id);
return info_.get();
}
diff --git a/src/jamidht/account_manager.h b/src/jamidht/account_manager.h
index 35f5fbf2787869a17a6697ca389c199d916ed8d7..3eb52585e5fa904a81baad3d81d4f8804933ca84 100644
--- a/src/jamidht/account_manager.h
+++ b/src/jamidht/account_manager.h
@@ -76,8 +76,9 @@ public:
using OnNewDeviceCb = std::function<void(const std::shared_ptr<dht::crypto::Certificate>&)>;
using OnDeviceAnnouncedCb = std::function<void()>;
- AccountManager(const std::filesystem::path& path, const std::string& nameServer)
- : path_(path)
+ AccountManager(const std::string& accountId, const std::filesystem::path& path, const std::string& nameServer)
+ : accountId_(accountId)
+ , path_(path)
, nameDir_(NameDirectory::instance(nameServer)) {};
virtual ~AccountManager();
@@ -109,8 +110,7 @@ public:
virtual ~AccountCredentials() {};
};
- virtual void initAuthentication(const std::string& accountId,
- PrivateKey request,
+ virtual void initAuthentication(PrivateKey request,
std::string deviceName,
std::unique_ptr<AccountCredentials> credentials,
AuthSuccessCallback onSuccess,
@@ -126,13 +126,11 @@ public:
virtual bool isPasswordValid(const std::string& /*password*/) { return false; };
virtual std::vector<uint8_t> getPasswordKey(const std::string& /*password*/) { return {}; };
- dht::crypto::Identity loadIdentity(const std::string& accountId,
- const std::string& crt_path,
+ dht::crypto::Identity loadIdentity(const std::string& crt_path,
const std::string& key_path,
const std::string& key_pwd) const;
- const AccountInfo* useIdentity(const std::string& accountId,
- const dht::crypto::Identity& id,
+ const AccountInfo* useIdentity(const dht::crypto::Identity& id,
const std::string& receipt,
const std::vector<uint8_t>& receiptSignature,
const std::string& username,
@@ -272,10 +270,10 @@ public:
dhtnet::tls::CertificateStore& certStore() const;
protected:
- std::filesystem::path path_;
+ const std::string accountId_;
+ const std::filesystem::path path_;
OnChangeCallback onChange_;
std::unique_ptr<AccountInfo> info_;
- std::string accountId_;
std::shared_ptr<dht::DhtRunner> dht_;
std::reference_wrapper<NameDirectory> nameDir_;
};
diff --git a/src/jamidht/archive_account_manager.cpp b/src/jamidht/archive_account_manager.cpp
index 74889db0c0d4d88c7b0837aeb64f88c51a9475c1..1b49729e1f565f4834c494a577e3e5632d3d7193 100644
--- a/src/jamidht/archive_account_manager.cpp
+++ b/src/jamidht/archive_account_manager.cpp
@@ -36,8 +36,7 @@ namespace jami {
const constexpr auto EXPORT_KEY_RENEWAL_TIME = std::chrono::minutes(20);
void
-ArchiveAccountManager::initAuthentication(const std::string& accountId,
- PrivateKey key,
+ArchiveAccountManager::initAuthentication(PrivateKey key,
std::string deviceName,
std::unique_ptr<AccountCredentials> credentials,
AuthSuccessCallback onSuccess,
@@ -45,7 +44,7 @@ ArchiveAccountManager::initAuthentication(const std::string& accountId,
const OnChangeCallback& onChange)
{
auto ctx = std::make_shared<AuthContext>();
- ctx->accountId = accountId;
+ ctx->accountId = accountId_;
ctx->key = key;
ctx->request = buildRequest(key);
ctx->deviceName = std::move(deviceName);
@@ -79,7 +78,7 @@ ArchiveAccountManager::initAuthentication(const std::string& accountId,
if (hasArchive) {
// Create/migrate from local archive
if (ctx->credentials->updateIdentity.first
- and ctx->credentials->updateIdentity.second
+ //and ctx->credentials->updateIdentity.second
and needsMigration(ctx->credentials->updateIdentity)) {
this_->migrateAccount(*ctx);
} else {
@@ -90,11 +89,8 @@ ArchiveAccountManager::initAuthentication(const std::string& accountId,
auto future_keypair = dht::ThreadPool::computation().get<dev::KeyPair>(
&dev::KeyPair::create);
AccountArchive a;
- JAMI_WARN("[Auth] Converting certificate from old account %s",
- ctx->credentials->updateIdentity.first->getPublicKey()
- .getId()
- .toString()
- .c_str());
+ JAMI_WARNING("[Account {}] [Auth] Converting certificate from old account {}",
+ this_->accountId_, ctx->credentials->updateIdentity.first->getPublicKey().getId().to_view());
a.id = std::move(ctx->credentials->updateIdentity);
try {
a.ca_key = std::make_shared<dht::crypto::PrivateKey>(
@@ -495,7 +491,7 @@ bool
ArchiveAccountManager::needsMigration(const dht::crypto::Identity& id)
{
if (not id.second)
- return false;
+ return true;
auto cert = id.second->issuer;
while (cert) {
if (not cert->isCA()) {
diff --git a/src/jamidht/archive_account_manager.h b/src/jamidht/archive_account_manager.h
index 52a118902b131d2544a2d50adce48525a88741f7..8fc38f3614dae789db077800555fa6a0e876c459 100644
--- a/src/jamidht/archive_account_manager.h
+++ b/src/jamidht/archive_account_manager.h
@@ -25,11 +25,12 @@ class ArchiveAccountManager : public AccountManager
public:
using OnExportConfig = std::function<std::map<std::string, std::string>()>;
- ArchiveAccountManager(const std::filesystem::path& path,
+ ArchiveAccountManager(const std::string& accountId,
+ const std::filesystem::path& path,
OnExportConfig&& onExportConfig,
std::string archivePath,
const std::string& nameServer)
- : AccountManager(path, nameServer)
+ : AccountManager(accountId, path, nameServer)
, onExportConfig_(std::move(onExportConfig))
, archivePath_(std::move(archivePath)) {}
@@ -40,8 +41,7 @@ public:
dht::crypto::Identity updateIdentity;
};
- void initAuthentication(const std::string& accountId,
- PrivateKey request,
+ void initAuthentication(PrivateKey request,
std::string deviceName,
std::unique_ptr<AccountCredentials> credentials,
AuthSuccessCallback onSuccess,
diff --git a/src/jamidht/jamiaccount.cpp b/src/jamidht/jamiaccount.cpp
index 3979c72fa98ee7b06430fb5cfdeebe97087776f0..bc672d05c83d7b49dc1a05a3cc6af029fcabe9d3 100644
--- a/src/jamidht/jamiaccount.cpp
+++ b/src/jamidht/jamiaccount.cpp
@@ -1229,23 +1229,23 @@ JamiAccount::loadAccount(const std::string& archive_password_scheme,
auto oldIdentity = id_.first ? id_.first->getPublicKey().getLongId() : DeviceId();
if (conf.managerUri.empty()) {
accountManager_ = std::make_shared<ArchiveAccountManager>(
+ getAccountID(),
getPath(),
[this]() { return getAccountDetails(); },
conf.archivePath.empty() ? "archive.gz" : conf.archivePath,
conf.nameServer);
} else {
- accountManager_ = std::make_shared<ServerAccountManager>(getPath(),
+ accountManager_ = std::make_shared<ServerAccountManager>(getAccountID(),
+ getPath(),
conf.managerUri,
conf.nameServer);
}
- auto id = accountManager_->loadIdentity(getAccountID(),
- conf.tlsCertificateFile,
+ auto id = accountManager_->loadIdentity(conf.tlsCertificateFile,
conf.tlsPrivateKeyFile,
conf.tlsPassword);
- if (auto info = accountManager_->useIdentity(getAccountID(),
- id,
+ if (auto info = accountManager_->useIdentity(id,
conf.receipt,
conf.receiptSignature,
conf.managerUsername,
@@ -1304,7 +1304,7 @@ JamiAccount::loadAccount(const std::string& archive_password_scheme,
} else if (hasArchive) {
// Migrating local account
acreds->scheme = "local";
- acreds->uri = std::move(archivePath).string();
+ acreds->uri = archivePath.string();
acreds->updateIdentity = id;
migrating = true;
}
@@ -1322,7 +1322,6 @@ JamiAccount::loadAccount(const std::string& archive_password_scheme,
creds->password_scheme = archive_password_scheme;
accountManager_->initAuthentication(
- getAccountID(),
fDeviceKey,
ip_utils::getDeviceName(),
std::move(creds),
diff --git a/src/jamidht/server_account_manager.cpp b/src/jamidht/server_account_manager.cpp
index cd70a59165dbb88e547bc623759dfe6e11fa315f..33d66617e6cd0b985512a9fdfc77e51f1c768245 100644
--- a/src/jamidht/server_account_manager.cpp
+++ b/src/jamidht/server_account_manager.cpp
@@ -46,10 +46,11 @@ constexpr std::string_view PATH_CONVERSATIONS = JAMI_PATH_AUTH "/conversations";
constexpr std::string_view PATH_CONVERSATIONS_REQUESTS = JAMI_PATH_AUTH "/conversationRequests";
constexpr std::string_view PATH_BLUEPRINT = JAMI_PATH_AUTH "/policyData";
-ServerAccountManager::ServerAccountManager(const std::filesystem::path& path,
+ServerAccountManager::ServerAccountManager(const std::string& accountId,
+ const std::filesystem::path& path,
const std::string& managerHostname,
const std::string& nameServer)
- : AccountManager(path, nameServer)
+ : AccountManager(accountId, path, nameServer)
, managerHostname_(managerHostname)
, logger_(Logger::dhtLogger()) {}
@@ -60,8 +61,7 @@ ServerAccountManager::setAuthHeaderFields(Request& request) const
}
void
-ServerAccountManager::initAuthentication(const std::string& accountId,
- PrivateKey key,
+ServerAccountManager::initAuthentication(PrivateKey key,
std::string deviceName,
std::unique_ptr<AccountCredentials> credentials,
AuthSuccessCallback onSuccess,
@@ -69,7 +69,7 @@ ServerAccountManager::initAuthentication(const std::string& accountId,
const OnChangeCallback& onChange)
{
auto ctx = std::make_shared<AuthContext>();
- ctx->accountId = accountId;
+ ctx->accountId = accountId_;
ctx->key = key;
ctx->request = buildRequest(key);
ctx->deviceName = std::move(deviceName);
diff --git a/src/jamidht/server_account_manager.h b/src/jamidht/server_account_manager.h
index 8211a67d217a6e8e437841ca4776d89650b44ce8..8f72bac8dd9a6346f5fdae1b4d4613b01972a1a3 100644
--- a/src/jamidht/server_account_manager.h
+++ b/src/jamidht/server_account_manager.h
@@ -27,7 +27,8 @@ namespace jami {
class ServerAccountManager : public AccountManager
{
public:
- ServerAccountManager(const std::filesystem::path& path,
+ ServerAccountManager(const std::string& accountId,
+ const std::filesystem::path& path,
const std::string& managerHostname,
const std::string& nameServer);
@@ -37,8 +38,7 @@ public:
std::shared_ptr<dht::crypto::Certificate> ca;
};
- void initAuthentication(const std::string& accountId,
- PrivateKey request,
+ void initAuthentication(PrivateKey request,
std::string deviceName,
std::unique_ptr<AccountCredentials> credentials,
AuthSuccessCallback onSuccess,