Examples with KeyCertificate net.i2p.data.KeyCertificate used on opensource projects

Example 1 with KeyCertificate

use of net.i2p.data.KeyCertificate in project i2p.i2p by i2p.

the class I2PClientImpl method createDestination.

/**
 * Create the destination with the given payload and write it out along with
 * the PrivateKey and SigningPrivateKey to the destKeyStream
 *
 * If cert is a KeyCertificate, the signing keypair will be of the specified type.
 * The KeyCertificate data must be .............................
 * The padding if any will be randomized. The extra key data if any will be set in the
 * key cert.
 *
 * Caller must close stream.
 *
 * @param destKeyStream location to write out the destination, PrivateKey, and SigningPrivateKey,
 *                      format is specified in {@link net.i2p.data.PrivateKeyFile PrivateKeyFile}
 */
public Destination createDestination(OutputStream destKeyStream, Certificate cert) throws I2PException, IOException {
    Destination d = new Destination();
    Object[] keypair = KeyGenerator.getInstance().generatePKIKeypair();
    PublicKey publicKey = (PublicKey) keypair[0];
    PrivateKey privateKey = (PrivateKey) keypair[1];
    SimpleDataStructure[] signingKeys;
    if (cert.getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY) {
        KeyCertificate kcert = cert.toKeyCertificate();
        SigType type = kcert.getSigType();
        try {
            signingKeys = KeyGenerator.getInstance().generateSigningKeys(type);
        } catch (GeneralSecurityException gse) {
            throw new I2PException("keygen fail", gse);
        }
    } else {
        signingKeys = KeyGenerator.getInstance().generateSigningKeys();
    }
    SigningPublicKey signingPubKey = (SigningPublicKey) signingKeys[0];
    SigningPrivateKey signingPrivKey = (SigningPrivateKey) signingKeys[1];
    d.setPublicKey(publicKey);
    d.setSigningPublicKey(signingPubKey);
    if (cert.getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY) {
        // fix up key certificate or padding
        KeyCertificate kcert = cert.toKeyCertificate();
        SigType type = kcert.getSigType();
        int len = type.getPubkeyLen();
        if (len < 128) {
            byte[] pad = new byte[128 - len];
            RandomSource.getInstance().nextBytes(pad);
            d.setPadding(pad);
        } else if (len > 128) {
            System.arraycopy(signingPubKey.getData(), 128, kcert.getPayload(), KeyCertificate.HEADER_LENGTH, len - 128);
        }
    }
    d.setCertificate(cert);
    d.writeBytes(destKeyStream);
    privateKey.writeBytes(destKeyStream);
    signingPrivKey.writeBytes(destKeyStream);
    destKeyStream.flush();
    return d;
}

Example 2 with KeyCertificate

use of net.i2p.data.KeyCertificate in project i2p.i2p by i2p.

the class KademliaNetworkDatabaseFacade method processStoreFailure.

/**
 *  If the validate fails, call this
 *  to determine if it was because of unsupported crypto.
 *
 *  If so, this will banlist-forever the router hash or permanently negative cache the dest hash,
 *  and then throw the exception. Otherwise it does nothing.
 *
 *  @throws UnsupportedCryptoException if that's why it failed.
 *  @since 0.9.16
 */
private void processStoreFailure(Hash h, DatabaseEntry entry) throws UnsupportedCryptoException {
    if (entry.getHash().equals(h)) {
        if (entry.getType() == DatabaseEntry.KEY_TYPE_LEASESET) {
            LeaseSet ls = (LeaseSet) entry;
            Destination d = ls.getDestination();
            Certificate c = d.getCertificate();
            if (c.getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY) {
                try {
                    KeyCertificate kc = c.toKeyCertificate();
                    SigType type = kc.getSigType();
                    if (type == null || !type.isAvailable() || type.getBaseAlgorithm() == SigAlgo.RSA) {
                        failPermanently(d);
                        String stype = (type != null) ? type.toString() : Integer.toString(kc.getSigTypeCode());
                        if (_log.shouldLog(Log.WARN))
                            _log.warn("Unsupported sig type " + stype + " for destination " + h);
                        throw new UnsupportedCryptoException("Sig type " + stype);
                    }
                } catch (DataFormatException dfe) {
                }
            }
        } else if (entry.getType() == DatabaseEntry.KEY_TYPE_ROUTERINFO) {
            RouterInfo ri = (RouterInfo) entry;
            RouterIdentity id = ri.getIdentity();
            Certificate c = id.getCertificate();
            if (c.getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY) {
                try {
                    KeyCertificate kc = c.toKeyCertificate();
                    SigType type = kc.getSigType();
                    if (type == null || !type.isAvailable()) {
                        String stype = (type != null) ? type.toString() : Integer.toString(kc.getSigTypeCode());
                        _context.banlist().banlistRouterForever(h, "Unsupported signature type " + stype);
                        if (_log.shouldLog(Log.WARN))
                            _log.warn("Unsupported sig type " + stype + " for router " + h);
                        throw new UnsupportedCryptoException("Sig type " + stype);
                    }
                } catch (DataFormatException dfe) {
                }
            }
        }
    }
    if (_log.shouldLog(Log.WARN))
        _log.warn("Verify fail, cause unknown: " + entry);
}

Example 3 with KeyCertificate

use of net.i2p.data.KeyCertificate in project i2p.i2p by i2p.

the class TunnelController method createAltPrivateKey.

/**
 * Creates alternate Destination with the same encryption keys as the primary Destination,
 * but a different signing key.
 *
 * Must have already called createPrivateKey() successfully.
 * Does nothing unless option OPT_ALT_PKF is set with the privkey file name.
 * Does nothing if the file already exists.
 *
 * @return success
 * @since 0.9.30
 */
private boolean createAltPrivateKey() {
    if (PREFERRED_SIGTYPE == SigType.DSA_SHA1)
        return false;
    File keyFile = getPrivateKeyFile();
    if (keyFile == null)
        return false;
    if (!keyFile.exists())
        return false;
    File altFile = getAlternatePrivateKeyFile();
    if (altFile == null)
        return false;
    if (altFile.equals(keyFile))
        return false;
    if (altFile.exists())
        return true;
    PrivateKeyFile pkf = new PrivateKeyFile(keyFile);
    FileOutputStream out = null;
    try {
        Destination dest = pkf.getDestination();
        if (dest == null)
            return false;
        if (dest.getSigType() != SigType.DSA_SHA1)
            return false;
        PublicKey pub = dest.getPublicKey();
        PrivateKey priv = pkf.getPrivKey();
        SimpleDataStructure[] signingKeys = KeyGenerator.getInstance().generateSigningKeys(PREFERRED_SIGTYPE);
        SigningPublicKey signingPubKey = (SigningPublicKey) signingKeys[0];
        SigningPrivateKey signingPrivKey = (SigningPrivateKey) signingKeys[1];
        KeyCertificate cert = new KeyCertificate(signingPubKey);
        Destination d = new Destination();
        d.setPublicKey(pub);
        d.setSigningPublicKey(signingPubKey);
        d.setCertificate(cert);
        int len = signingPubKey.length();
        if (len < 128) {
            byte[] pad = new byte[128 - len];
            RandomSource.getInstance().nextBytes(pad);
            d.setPadding(pad);
        } else if (len > 128) {
        // copy of excess data handled in KeyCertificate constructor
        }
        out = new SecureFileOutputStream(altFile);
        d.writeBytes(out);
        priv.writeBytes(out);
        signingPrivKey.writeBytes(out);
        try {
            out.close();
        } catch (IOException ioe) {
        }
        String destStr = d.toBase64();
        log("Alternate private key created and saved in " + altFile.getAbsolutePath());
        log("You should backup this file in a secure place.");
        log("New alternate destination: " + destStr);
        String b32 = d.toBase32();
        log("Base32: " + b32);
        File backupDir = new SecureFile(I2PAppContext.getGlobalContext().getConfigDir(), KEY_BACKUP_DIR);
        if (backupDir.isDirectory() || backupDir.mkdir()) {
            String name = b32 + '-' + I2PAppContext.getGlobalContext().clock().now() + ".dat";
            File backup = new File(backupDir, name);
            if (FileUtil.copy(altFile, backup, false, true)) {
                SecureFileOutputStream.setPerms(backup);
                log("Alternate private key backup saved to " + backup.getAbsolutePath());
            }
        }
        return true;
    } catch (GeneralSecurityException e) {
        log("Error creating keys " + e);
        return false;
    } catch (I2PSessionException e) {
        log("Error creating keys " + e);
        return false;
    } catch (I2PException e) {
        log("Error creating keys " + e);
        return false;
    } catch (IOException e) {
        log("Error creating keys " + e);
        return false;
    } catch (RuntimeException e) {
        log("Error creating keys " + e);
        return false;
    } finally {
        if (out != null)
            try {
                out.close();
            } catch (IOException ioe) {
            }
    }
}