Examples with SigningPrivateKey net.i2p.data.SigningPrivateKey used on opensource projects

Example 1 with SigningPrivateKey

use of net.i2p.data.SigningPrivateKey in project i2p.i2p by i2p.

the class PacketLocal method writeSignedPacket.

/**
 * Sign and write the packet to the buffer (starting at the offset) and return
 * the number of bytes written.
 *
 * @param buffer data to be written
 * @param offset starting point in the buffer
 * @return Count of bytes written
 * @throws IllegalStateException if there is data missing or otherwise b0rked
 * @since 0.9.20 moved from Packet
 */
public int writeSignedPacket(byte[] buffer, int offset) throws IllegalStateException {
    setFlag(FLAG_SIGNATURE_INCLUDED);
    SigningPrivateKey key = _session.getPrivateKey();
    int size = writePacket(buffer, offset, key.getType().getSigLen());
    _optionSignature = _context.dsa().sign(buffer, offset, size, key);
    if (_optionSignature == null)
        throw new IllegalStateException("Signature failed");
    // if (false) {
    // Log l = ctx.logManager().getLog(Packet.class);
    // l.error("Signing: " + toString());
    // l.error(Base64.encode(buffer, 0, size));
    // l.error("Signature: " + Base64.encode(_optionSignature.getData()));
    // }
    // jump into the signed data and inject the signature where we
    // previously placed a bunch of zeroes
    int signatureOffset = offset + // + 2 // optionSize
    21 + (_nacks != null ? 4 * _nacks.length + 1 : 1) + (isFlagSet(FLAG_DELAY_REQUESTED) ? 2 : 0) + (isFlagSet(FLAG_FROM_INCLUDED) ? _optionFrom.size() : 0) + (isFlagSet(FLAG_MAX_PACKET_SIZE_INCLUDED) ? 2 : 0);
    System.arraycopy(_optionSignature.getData(), 0, buffer, signatureOffset, _optionSignature.length());
    return size;
}

Example 2 with SigningPrivateKey

use of net.i2p.data.SigningPrivateKey in project i2p.i2p by i2p.

the class BlocklistEntries method main.

/**
 *  BlocklistEntries [-p keystorepw] input.txt keystore.ks you@mail.i2p
 *  File format: One entry per line, # starts a comment, ! starts an unblock entry.
 *  Single IPv4 or IPv6 address only (no mask allowed), or 44-char base 64 router hash.
 *  See MAX_ENTRIES above.
 */
public static void main(String[] args) {
    if (args.length < 3) {
        System.err.println("Usage: BlocklistEntries [-p keystorepw] input.txt keystore.ks you@mail.i2p");
        System.exit(1);
    }
    int st;
    String kspass;
    if (args[0].equals("-p")) {
        kspass = args[1];
        st = 2;
    } else {
        kspass = KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD;
        st = 0;
    }
    String inputFile = args[st++];
    String privateKeyFile = args[st++];
    String signerName = args[st];
    I2PAppContext ctx = new I2PAppContext();
    List<String> elist = new ArrayList<String>(16);
    List<String> rlist = new ArrayList<String>(4);
    StringBuilder buf = new StringBuilder();
    long now = System.currentTimeMillis();
    String date = RFC3339Date.to3339Date(now);
    buf.append(date).append('\n');
    ;
    BufferedReader br = null;
    try {
        br = new BufferedReader(new InputStreamReader(new FileInputStream(inputFile), "UTF-8"));
        String s = null;
        while ((s = br.readLine()) != null) {
            int index = s.indexOf('#');
            if (index == 0)
                // comment
                continue;
            if (index > 0)
                s = s.substring(0, index);
            s = s.trim();
            if (s.length() < 7) {
                if (s.length() > 0)
                    System.err.println("Bad line: " + s);
                continue;
            }
            if (s.startsWith("!")) {
                rlist.add(s.substring(1));
            } else {
                elist.add(s);
                buf.append(s).append('\n');
                ;
            }
        }
    } catch (IOException ioe) {
        System.err.println("load error from " + args[0]);
        ioe.printStackTrace();
        System.exit(1);
    } finally {
        if (br != null)
            try {
                br.close();
            } catch (IOException ioe) {
            }
    }
    if (elist.isEmpty() && rlist.isEmpty()) {
        System.err.println("nothing to sign");
        System.exit(1);
    }
    if (elist.size() > MAX_ENTRIES) {
        System.err.println("too many blocks, max is " + MAX_ENTRIES);
        System.exit(1);
    }
    for (String s : rlist) {
        buf.append('!').append(s).append('\n');
    }
    SigningPrivateKey spk = null;
    try {
        String keypw = "";
        while (keypw.length() < 6) {
            System.err.print("Enter password for key \"" + signerName + "\": ");
            keypw = DataHelper.readLine(System.in);
            if (keypw == null) {
                System.out.println("\nEOF reading password");
                System.exit(1);
            }
            keypw = keypw.trim();
            if (keypw.length() > 0 && keypw.length() < 6)
                System.out.println("Key password must be at least 6 characters");
        }
        File pkfile = new File(privateKeyFile);
        PrivateKey pk = KeyStoreUtil.getPrivateKey(pkfile, kspass, signerName, keypw);
        if (pk == null) {
            System.out.println("Private key for " + signerName + " not found in keystore " + privateKeyFile);
            System.exit(1);
        }
        spk = SigUtil.fromJavaKey(pk);
    } catch (GeneralSecurityException gse) {
        System.out.println("Error signing input file '" + inputFile + "'");
        gse.printStackTrace();
        System.exit(1);
    } catch (IOException ioe) {
        System.out.println("Error signing input file '" + inputFile + "'");
        ioe.printStackTrace();
        System.exit(1);
    }
    SigType type = spk.getType();
    byte[] data = DataHelper.getUTF8(buf.toString());
    Signature ssig = ctx.dsa().sign(data, spk);
    if (ssig == null) {
        System.err.println("sign failed");
        System.exit(1);
    }
    String bsig = Base64.encode(ssig.getData());
    // verify
    BlocklistEntries ble = new BlocklistEntries(elist.size());
    ble.entries.addAll(elist);
    ble.removes.addAll(rlist);
    ble.supdated = date;
    ble.signer = signerName;
    ble.sig = type.getCode() + ":" + bsig;
    boolean ok = ble.verify(ctx);
    if (!ok) {
        System.err.println("verify failed");
        System.exit(1);
    }
    System.out.println("  <i2p:blocklist signer=\"" + signerName + "\" sig=\"" + type.getCode() + ':' + bsig + "\">");
    System.out.println("    <updated>" + date + "</updated>");
    for (String e : elist) {
        System.out.println("    <i2p:block>" + e + "</i2p:block>");
    }
    for (String e : rlist) {
        System.out.println("    <i2p:unblock>" + e + "</i2p:unblock>");
    }
    System.out.println("  </i2p:blocklist>");
}

Example 3 with SigningPrivateKey

use of net.i2p.data.SigningPrivateKey in project i2p.i2p by i2p.

the class SelfSignedGenerator method renew.

/**
 *  @param cert the old cert to be replaced
 *  @param jpriv the private key
 *
 *  @return length 4 array:
 *  rv[0] is a Java PublicKey, from cert as passed in
 *  rv[1] is a Java PrivateKey, jpriv as passed in
 *  rv[2] is a Java X509Certificate, new one
 *  rv[3] is a Java X509CRL, new one
 *
 *  @since 0.9.34 added altNames param
 */
public static Object[] renew(X509Certificate cert, PrivateKey jpriv, int validDays) throws GeneralSecurityException {
    String cname = CertUtil.getSubjectValue(cert, "CN");
    if (cname == null)
        cname = "localhost";
    String ou = CertUtil.getSubjectValue(cert, "OU");
    String o = CertUtil.getSubjectValue(cert, "O");
    String l = CertUtil.getSubjectValue(cert, "L");
    String st = CertUtil.getSubjectValue(cert, "ST");
    String c = CertUtil.getSubjectValue(cert, "C");
    Set<String> altNames = CertUtil.getSubjectAlternativeNames(cert);
    SigningPrivateKey priv = SigUtil.fromJavaKey(jpriv);
    SigType type = priv.getType();
    SigningPublicKey pub = KeyGenerator.getSigningPublicKey(priv);
    PublicKey jpub = SigUtil.toJavaKey(pub);
    if (type == null)
        throw new GeneralSecurityException("Unsupported: " + jpriv);
    return generate(jpub, jpriv, priv, type, cname, altNames, ou, o, l, st, c, validDays);
}

Example 4 with SigningPrivateKey

use of net.i2p.data.SigningPrivateKey in project i2p.i2p by i2p.

the class I2PClientImpl method createDestination.

/**
 * Create the destination with the given payload and write it out along with
 * the PrivateKey and SigningPrivateKey to the destKeyStream
 *
 * If cert is a KeyCertificate, the signing keypair will be of the specified type.
 * The KeyCertificate data must be .............................
 * The padding if any will be randomized. The extra key data if any will be set in the
 * key cert.
 *
 * Caller must close stream.
 *
 * @param destKeyStream location to write out the destination, PrivateKey, and SigningPrivateKey,
 *                      format is specified in {@link net.i2p.data.PrivateKeyFile PrivateKeyFile}
 */
public Destination createDestination(OutputStream destKeyStream, Certificate cert) throws I2PException, IOException {
    Destination d = new Destination();
    Object[] keypair = KeyGenerator.getInstance().generatePKIKeypair();
    PublicKey publicKey = (PublicKey) keypair[0];
    PrivateKey privateKey = (PrivateKey) keypair[1];
    SimpleDataStructure[] signingKeys;
    if (cert.getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY) {
        KeyCertificate kcert = cert.toKeyCertificate();
        SigType type = kcert.getSigType();
        try {
            signingKeys = KeyGenerator.getInstance().generateSigningKeys(type);
        } catch (GeneralSecurityException gse) {
            throw new I2PException("keygen fail", gse);
        }
    } else {
        signingKeys = KeyGenerator.getInstance().generateSigningKeys();
    }
    SigningPublicKey signingPubKey = (SigningPublicKey) signingKeys[0];
    SigningPrivateKey signingPrivKey = (SigningPrivateKey) signingKeys[1];
    d.setPublicKey(publicKey);
    d.setSigningPublicKey(signingPubKey);
    if (cert.getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY) {
        // fix up key certificate or padding
        KeyCertificate kcert = cert.toKeyCertificate();
        SigType type = kcert.getSigType();
        int len = type.getPubkeyLen();
        if (len < 128) {
            byte[] pad = new byte[128 - len];
            RandomSource.getInstance().nextBytes(pad);
            d.setPadding(pad);
        } else if (len > 128) {
            System.arraycopy(signingPubKey.getData(), 128, kcert.getPayload(), KeyCertificate.HEADER_LENGTH, len - 128);
        }
    }
    d.setCertificate(cert);
    d.writeBytes(destKeyStream);
    privateKey.writeBytes(destKeyStream);
    signingPrivKey.writeBytes(destKeyStream);
    destKeyStream.flush();
    return d;
}

Example 5 with SigningPrivateKey

use of net.i2p.data.SigningPrivateKey in project i2p.i2p by i2p.

the class I2PSessionImpl method readDestination.

/**
 * Load up the destKeyFile for our Destination, PrivateKey, and SigningPrivateKey
 *
 * @throws DataFormatException if the file is in the wrong format or keys are invalid
 * @throws IOException if there is a problem reading the file
 */
private void readDestination(InputStream destKeyStream) throws DataFormatException, IOException {
    _myDestination.readBytes(destKeyStream);
    _privateKey.readBytes(destKeyStream);
    _signingPrivateKey = new SigningPrivateKey(_myDestination.getSigningPublicKey().getType());
    _signingPrivateKey.readBytes(destKeyStream);
}