NetDB: Set secret and privkey before decrypting encls2

2019-05-22 16:30:32 +00:00
parent 06fa817bde
commit 7489a64e6c
2 changed files with 20 additions and 1 deletions
--- a/core/java/src/net/i2p/data/EncryptedLeaseSet.java
+++ b/core/java/src/net/i2p/data/EncryptedLeaseSet.java
@ -40,6 +40,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
    // to decrypt with if we don't have full dest
    private SigningPublicKey _unblindedSPK;
    private String _secret;
    private PrivateKey _clientPrivateKey;
    private final Log _log;
    private static final int MIN_ENCRYPTED_SIZE = 8 + 16;
@ -81,6 +82,16 @@ public class EncryptedLeaseSet extends LeaseSet2 {
        _secret = secret;
    }
    /**
     *  Must be set before verify for per-client auth.
     *
     *  @param privKey non-null
     *  @since 0.9.41
     */
    public void setClientPrivateKey(PrivateKey privKey) {
        _clientPrivateKey = privKey;
    }
    ///// overrides below here
    @Override
@ -840,12 +851,13 @@ public class EncryptedLeaseSet extends LeaseSet2 {
     * Overridden to decrypt if possible, and verify inner sig also.
     *
     * Must call setDestination() prior to this if attempting decryption.
     * Must call setClientKey() prior to this if attempting decryption.
     *
     * @return valid
     */
    @Override
    public boolean verifySignature() {
-        return verifySignature((PrivateKey) null);
+        return verifySignature(_clientPrivateKey);
    }
    /**
--- a/router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java
@ -943,6 +943,13 @@ public abstract class KademliaNetworkDatabaseFacade extends NetworkDatabaseFacad
                } else {
                    encls.setSigningKey(bd.getUnblindedPubKey());
                }
                // secret
                String secret = bd.getSecret();
                if (secret != null)
                    encls.setSecret(secret);
                // per-client auth
                if (bd.getAuthType() != BlindData.AUTH_NONE)
                    encls.setClientPrivateKey(bd.getAuthPrivKey());
            } else {
                if (_log.shouldWarn())
                    _log.warn("No blind data found for encls: " + encls);