I2P_Developers/i2p.itoopie
3
0
Fork 0
Code Issues Pull Requests Actions 1 Packages Projects Releases Wiki Activity

verify that signing key name matches

Browse Source
This commit is contained in:
zzz
2010-02-15 16:12:49 +00:00
parent f265db4037
commit a1fb5ef6ed
3 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java
View File

@ -193,7 +193,9 @@ public class PluginUpdateHandler extends UpdateHandler {
if (up.haveKey(pubkey)) { if (up.haveKey(pubkey)) {
// the key is already in the TrustedUpdate keyring // the key is already in the TrustedUpdate keyring
if (!up.verify(f)) { // verify the sig and verify that it is signed by the keyName in the plugin.config file
String signingKeyName = up.verifyAndGetSigner(f);
if (!keyName.equals(signingKeyName)) {
f.delete(); f.delete();
to.delete(); to.delete();
updateStatus("<b>" + _("Plugin signature verification of {0} failed", url) + "</b>"); updateStatus("<b>" + _("Plugin signature verification of {0} failed", url) + "</b>");
@ -209,7 +211,9 @@ public class PluginUpdateHandler extends UpdateHandler {
return; return;
} }
// ...and try the verify again // ...and try the verify again
if (!up.verify(f)) { // verify the sig and verify that it is signed by the keyName in the plugin.config file
String signingKeyName = up.verifyAndGetSigner(f);
if (!keyName.equals(signingKeyName)) {
f.delete(); f.delete();
to.delete(); to.delete();
updateStatus("<b>" + _("Plugin signature verification of {0} failed", url) + "</b>"); updateStatus("<b>" + _("Plugin signature verification of {0} failed", url) + "</b>");

4
apps/routerconsole/java/src/net/i2p/router/web/WebAppConfiguration.java
View File

@ -81,9 +81,9 @@ public class WebAppConfiguration implements WebApplicationContext.Configuration
String elem = tok.nextToken().trim(); String elem = tok.nextToken().trim();
String path; String path;
if (elem.startsWith("$I2P")) if (elem.startsWith("$I2P"))
path = i2pContext.getBaseDir().getAbsolutePath() + '/' + elem.substring(4); path = i2pContext.getBaseDir().getAbsolutePath() + elem.substring(4);
else if (elem.startsWith("$PLUGIN")) else if (elem.startsWith("$PLUGIN"))
path = dir.getAbsolutePath() + '/' + elem.substring(7); path = dir.getAbsolutePath() + elem.substring(7);
else else
path = dir.getAbsolutePath() + '/' + elem; path = dir.getAbsolutePath() + '/' + elem;
System.err.println("Adding " + path + " to classpath for " + appName); System.err.println("Adding " + path + " to classpath for " + appName);

17
core/java/src/net/i2p/crypto/TrustedUpdate.java
View File

@ -682,6 +682,23 @@ D8usM7Dxp5yrDrCYZ5AIijc=
return false; return false;
} }
/**
* Verifies the DSA signature of a signed update file.
*
* @param signedFile The signed update file to check.
*
* @return signer (could be empty string) or null if invalid
* @since 0.7.12
*/
public String verifyAndGetSigner(File signedFile) {
for (SigningPublicKey signingPublicKey : _trustedKeys.keySet()) {
boolean isValidSignature = verify(signedFile, signingPublicKey);
if (isValidSignature)
return _trustedKeys.get(signingPublicKey);
}
return null;
}
/** /**
* Verifies the DSA signature of a signed update file. * Verifies the DSA signature of a signed update file.
* *