use of net.i2p.data.SigningPublicKey in project i2p.i2p by i2p.
the class SigUtil method fromJavaKey.
/**
*/
public static SigningPublicKey fromJavaKey(RSAPublicKey pk, SigType type) throws GeneralSecurityException {
BigInteger n = pk.getModulus();
int len = type.getPubkeyLen();
byte[] bn = rectify(n, len);
return new SigningPublicKey(type, bn);
}
use of net.i2p.data.SigningPublicKey in project i2p.i2p by i2p.
the class TrustedUpdate method verify.
/**
* Verifies the DSA signature of a signed update file.
*
* @param signedFile The signed update file to check.
* @param publicKeyFile A file containing the public key to use for
* verification.
*
* @return <code>true</code> if the file has a valid signature, otherwise
* <code>false</code>.
*/
public boolean verify(String signedFile, String publicKeyFile) {
SigningPublicKey signingPublicKey = new SigningPublicKey();
FileInputStream fileInputStream = null;
try {
fileInputStream = new FileInputStream(signedFile);
signingPublicKey.readBytes(fileInputStream);
} catch (IOException ioe) {
if (_log.shouldLog(Log.WARN))
_log.warn("Unable to load the signature", ioe);
return false;
} catch (DataFormatException dfe) {
if (_log.shouldLog(Log.WARN))
_log.warn("Unable to load the signature", dfe);
return false;
} finally {
if (fileInputStream != null)
try {
fileInputStream.close();
} catch (IOException ioe) {
}
}
return verify(new File(signedFile), signingPublicKey);
}
use of net.i2p.data.SigningPublicKey in project i2p.i2p by i2p.
the class TrustedUpdate method addKey.
/**
* Duplicate keys or names rejected,
* except that duplicate empty names are allowed
* @param key 172 character base64 string
* @param name non-null but "" ok
* @since 0.7.12
* @return true if successful
*/
public boolean addKey(String key, String name) {
if (_log.shouldLog(Log.DEBUG))
_log.debug("Adding " + name + ": " + key);
SigningPublicKey signingPublicKey = new SigningPublicKey();
try {
// fromBase64() will throw a DFE if length is not right
signingPublicKey.fromBase64(key);
} catch (DataFormatException dfe) {
_log.error("Invalid signing key for " + name + " : " + key, dfe);
return false;
}
String oldName = _trustedKeys.get(signingPublicKey);
// already there?
if (name.equals(oldName))
return true;
if (oldName != null && !oldName.equals("")) {
_log.error("Key for " + name + " already stored for different name " + oldName + " : " + key);
return false;
}
if ((!name.equals("")) && _trustedKeys.containsValue(name)) {
_log.error("Key mismatch for " + name + ", spoof attempt? : " + key);
return false;
}
_trustedKeys.put(signingPublicKey, name);
return true;
}
use of net.i2p.data.SigningPublicKey in project i2p.i2p by i2p.
the class RouterIdentityTest method testNullCert.
@Test
public void testNullCert() throws Exception {
RouterIdentity ident = new RouterIdentity();
ident.setCertificate(null);
PublicKey pk = (PublicKey) (new PublicKeyTest()).createDataStructure();
ident.setPublicKey(pk);
SigningPublicKey k = (SigningPublicKey) (new SigningPublicKeyTest()).createDataStructure();
ident.setSigningPublicKey(k);
exception.expect(DataFormatException.class);
exception.expectMessage("Not enough data to format the router identity");
ident.writeBytes(new ByteArrayOutputStream());
}
use of net.i2p.data.SigningPublicKey in project i2p.i2p by i2p.
the class CreateRouterInfoJob method createRouterInfo.
/**
* Writes 6 files: router.info (standard RI format),
* router.keys.dat, and 4 individual key files under keyBackup/
*
* router.keys.dat file format: This is the
* same "eepPriv.dat" format used by the client code,
* as documented in PrivateKeyFile.
*
* Old router.keys file format: Note that this is NOT the
* same "eepPriv.dat" format used by the client code.
*<pre>
* - Private key (256 bytes)
* - Signing Private key (20 bytes)
* - Public key (256 bytes)
* - Signing Public key (128 bytes)
* Total 660 bytes
*</pre>
*
* Caller must hold Router.routerInfoFileLock.
*/
RouterInfo createRouterInfo() {
SigType type = getSigTypeConfig(getContext());
RouterInfo info = new RouterInfo();
OutputStream fos1 = null;
try {
info.setAddresses(getContext().commSystem().createAddresses());
// not necessary, in constructor
// info.setPeers(new HashSet());
info.setPublished(getCurrentPublishDate(getContext()));
Object[] keypair = getContext().keyGenerator().generatePKIKeypair();
PublicKey pubkey = (PublicKey) keypair[0];
PrivateKey privkey = (PrivateKey) keypair[1];
SimpleDataStructure[] signingKeypair = getContext().keyGenerator().generateSigningKeys(type);
SigningPublicKey signingPubKey = (SigningPublicKey) signingKeypair[0];
SigningPrivateKey signingPrivKey = (SigningPrivateKey) signingKeypair[1];
RouterIdentity ident = new RouterIdentity();
Certificate cert = createCertificate(getContext(), signingPubKey);
ident.setCertificate(cert);
ident.setPublicKey(pubkey);
ident.setSigningPublicKey(signingPubKey);
byte[] padding;
int padLen = SigningPublicKey.KEYSIZE_BYTES - signingPubKey.length();
if (padLen > 0) {
padding = new byte[padLen];
getContext().random().nextBytes(padding);
ident.setPadding(padding);
} else {
padding = null;
}
info.setIdentity(ident);
Properties stats = getContext().statPublisher().publishStatistics(ident.getHash());
info.setOptions(stats);
info.sign(signingPrivKey);
if (!info.isValid())
throw new DataFormatException("RouterInfo we just built is invalid: " + info);
// remove router.keys
(new File(getContext().getRouterDir(), KEYS_FILENAME)).delete();
// write router.info
File ifile = new File(getContext().getRouterDir(), INFO_FILENAME);
fos1 = new BufferedOutputStream(new SecureFileOutputStream(ifile));
info.writeBytes(fos1);
// write router.keys.dat
File kfile = new File(getContext().getRouterDir(), KEYS2_FILENAME);
PrivateKeyFile pkf = new PrivateKeyFile(kfile, pubkey, signingPubKey, cert, privkey, signingPrivKey, padding);
pkf.write();
// set or overwrite old random keys
Map<String, String> map = new HashMap<String, String>(2);
byte[] rk = new byte[32];
getContext().random().nextBytes(rk);
map.put(Router.PROP_IB_RANDOM_KEY, Base64.encode(rk));
getContext().random().nextBytes(rk);
map.put(Router.PROP_OB_RANDOM_KEY, Base64.encode(rk));
getContext().router().saveConfig(map, null);
getContext().keyManager().setKeys(pubkey, privkey, signingPubKey, signingPrivKey);
if (_log.shouldLog(Log.INFO))
_log.info("Router info created and stored at " + ifile.getAbsolutePath() + " with private keys stored at " + kfile.getAbsolutePath() + " [" + info + "]");
getContext().router().eventLog().addEvent(EventLog.REKEYED, ident.calculateHash().toBase64());
} catch (GeneralSecurityException gse) {
_log.log(Log.CRIT, "Error building the new router information", gse);
} catch (DataFormatException dfe) {
_log.log(Log.CRIT, "Error building the new router information", dfe);
} catch (IOException ioe) {
_log.log(Log.CRIT, "Error writing out the new router information", ioe);
} finally {
if (fos1 != null)
try {
fos1.close();
} catch (IOException ioe) {
}
}
return info;
}
Aggregations