From 7489a64e6ccc66b003d3e30b3bcd8afb3a9f942f Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Wed, 22 May 2019 16:30:32 +0000
Subject: [PATCH] NetDB: Set secret and privkey before decrypting encls2

---
 core/java/src/net/i2p/data/EncryptedLeaseSet.java  | 14 +++++++++++++-
 .../kademlia/KademliaNetworkDatabaseFacade.java    |  7 +++++++
 2 files changed, 20 insertions(+), 1 deletion(-)

diff --git a/core/java/src/net/i2p/data/EncryptedLeaseSet.java b/core/java/src/net/i2p/data/EncryptedLeaseSet.java
index 791478aab5..e7f0b2e206 100644
--- a/core/java/src/net/i2p/data/EncryptedLeaseSet.java
+++ b/core/java/src/net/i2p/data/EncryptedLeaseSet.java
@@ -40,6 +40,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
     // to decrypt with if we don't have full dest
     private SigningPublicKey _unblindedSPK;
     private String _secret;
+    private PrivateKey _clientPrivateKey;
     private final Log _log;
 
     private static final int MIN_ENCRYPTED_SIZE = 8 + 16;
@@ -81,6 +82,16 @@ public class EncryptedLeaseSet extends LeaseSet2 {
         _secret = secret;
     }
 
+    /**
+     *  Must be set before verify for per-client auth.
+     *
+     *  @param privKey non-null
+     *  @since 0.9.41
+     */
+    public void setClientPrivateKey(PrivateKey privKey) {
+        _clientPrivateKey = privKey;
+    }
+
     ///// overrides below here
 
     @Override
@@ -840,12 +851,13 @@ public class EncryptedLeaseSet extends LeaseSet2 {
      * Overridden to decrypt if possible, and verify inner sig also.
      *
      * Must call setDestination() prior to this if attempting decryption.
+     * Must call setClientKey() prior to this if attempting decryption.
      *
      * @return valid
      */
     @Override
     public boolean verifySignature() {
-        return verifySignature((PrivateKey) null);
+        return verifySignature(_clientPrivateKey);
     }
 
     /**
diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java b/router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java
index 8b87b03b33..0ee1e4a27b 100644
--- a/router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java
@@ -943,6 +943,13 @@ public abstract class KademliaNetworkDatabaseFacade extends NetworkDatabaseFacad
                 } else {
                     encls.setSigningKey(bd.getUnblindedPubKey());
                 }
+                // secret
+                String secret = bd.getSecret();
+                if (secret != null)
+                    encls.setSecret(secret);
+                // per-client auth
+                if (bd.getAuthType() != BlindData.AUTH_NONE)
+                    encls.setClientPrivateKey(bd.getAuthPrivKey());
             } else {
                 if (_log.shouldWarn())
                     _log.warn("No blind data found for encls: " + encls);