Example 1 with KeyRing
use of net.i2p.crypto.KeyRing in project i2p.i2p by i2p.
the class BlocklistEntries method verify.
public synchronized boolean verify(I2PAppContext ctx) {
if (verified)
return true;
if (signer == null || sig == null || supdated == null)
return false;
if (updated > ctx.clock().now() + MAX_FUTURE)
return false;
Log log = ctx.logManager().getLog(BlocklistEntries.class);
String[] ss = DataHelper.split(sig, ":", 2);
if (ss.length != 2) {
log.error("blocklist feed bad sig: " + sig);
return false;
}
SigType type = SigType.parseSigType(ss[0]);
if (type == null) {
log.error("blocklist feed bad sig: " + sig);
return false;
}
if (!type.isAvailable()) {
log.error("blocklist feed sigtype unavailable: " + sig);
return false;
}
byte[] bsig = Base64.decode(ss[1]);
if (bsig == null) {
log.error("blocklist feed bad sig: " + sig);
return false;
}
Signature ssig;
try {
ssig = new Signature(type, bsig);
} catch (IllegalArgumentException iae) {
log.error("blocklist feed bad sig: " + sig);
return false;
}
// look in both install dir and config dir for the signer cert
KeyRing ring = new DirKeyRing(new File(ctx.getBaseDir(), "certificates"));
PublicKey pubkey;
try {
pubkey = ring.getKey(signer, CONTENT_ROUTER, type);
} catch (IOException ioe) {
log.error("blocklist feed error", ioe);
return false;
} catch (GeneralSecurityException gse) {
log.error("blocklist feed error", gse);
return false;
}
if (pubkey == null) {
boolean diff = true;
try {
diff = !ctx.getBaseDir().getCanonicalPath().equals(ctx.getConfigDir().getCanonicalPath());
} catch (IOException ioe) {
}
if (diff) {
ring = new DirKeyRing(new File(ctx.getConfigDir(), "certificates"));
try {
pubkey = ring.getKey(signer, CONTENT_ROUTER, type);
} catch (IOException ioe) {
log.error("blocklist feed error", ioe);
return false;
} catch (GeneralSecurityException gse) {
log.error("blocklist feed error", gse);
return false;
}
}
if (pubkey == null) {
log.error("unknown signer for blocklist feed: " + signer);
return false;
}
}
SigningPublicKey spubkey;
try {
spubkey = SigUtil.fromJavaKey(pubkey, type);
} catch (GeneralSecurityException gse) {
log.error("blocklist feed bad sig: " + sig, gse);
return false;
}
StringBuilder buf = new StringBuilder(256);
buf.append(supdated).append('\n');
for (String s : entries) {
buf.append(s).append('\n');
}
for (String s : removes) {
buf.append('!').append(s).append('\n');
}
byte[] data = DataHelper.getUTF8(buf.toString());
boolean rv = ctx.dsa().verifySignature(ssig, data, spubkey);
if (rv)
log.info("blocklist feed sig ok");
else
log.error("blocklist feed sig verify fail: " + signer);
verified = rv;
return rv;
}
Also used :
SigningPublicKey(net.i2p.data.SigningPublicKey)
Log(net.i2p.util.Log)
PublicKey(java.security.PublicKey)
SigningPublicKey(net.i2p.data.SigningPublicKey)
GeneralSecurityException(java.security.GeneralSecurityException)
IOException(java.io.IOException)
SigType(net.i2p.crypto.SigType)
DirKeyRing(net.i2p.crypto.DirKeyRing)
KeyRing(net.i2p.crypto.KeyRing)
DirKeyRing(net.i2p.crypto.DirKeyRing)
Signature(net.i2p.data.Signature)
File(java.io.File)
Aggregations
File (java.io.File)1
IOException (java.io.IOException)1
GeneralSecurityException (java.security.GeneralSecurityException)1
PublicKey (java.security.PublicKey)1
DirKeyRing (net.i2p.crypto.DirKeyRing)1
KeyRing (net.i2p.crypto.KeyRing)1
SigType (net.i2p.crypto.SigType)1
Signature (net.i2p.data.Signature)1
SigningPublicKey (net.i2p.data.SigningPublicKey)1
Log (net.i2p.util.Log)1
