NetDB: Set secret and privkey before decrypting encls2

2019-05-22 16:30:32 +00:00
parent 06fa817bde
commit 7489a64e6c
2 changed files with 20 additions and 1 deletions
--- a/core/java/src/net/i2p/data/EncryptedLeaseSet.java
+++ b/core/java/src/net/i2p/data/EncryptedLeaseSet.java
@ -40,6 +40,7 @@ public class EncryptedLeaseSet extends LeaseSet2 {
    // to decrypt with if we don't have full dest
    private SigningPublicKey _unblindedSPK;
    private String _secret;
+    private PrivateKey _clientPrivateKey;
    private final Log _log;

    private static final int MIN_ENCRYPTED_SIZE = 8 + 16;
@ -81,6 +82,16 @@ public class EncryptedLeaseSet extends LeaseSet2 {
        _secret = secret;
    }

+    /**
+     *  Must be set before verify for per-client auth.
+     *
+     *  @param privKey non-null
+     *  @since 0.9.41
+     */
+    public void setClientPrivateKey(PrivateKey privKey) {
+        _clientPrivateKey = privKey;
+    }
+
    ///// overrides below here

    @Override
@ -840,12 +851,13 @@ public class EncryptedLeaseSet extends LeaseSet2 {
     * Overridden to decrypt if possible, and verify inner sig also.
     *
     * Must call setDestination() prior to this if attempting decryption.
+     * Must call setClientKey() prior to this if attempting decryption.
     *
     * @return valid
     */
    @Override
    public boolean verifySignature() {
-        return verifySignature((PrivateKey) null);
+        return verifySignature(_clientPrivateKey);
    }

    /**
--- a/router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java
@ -943,6 +943,13 @@ public abstract class KademliaNetworkDatabaseFacade extends NetworkDatabaseFacad
                } else {
                    encls.setSigningKey(bd.getUnblindedPubKey());
                }
+                // secret
+                String secret = bd.getSecret();
+                if (secret != null)
+                    encls.setSecret(secret);
+                // per-client auth
+                if (bd.getAuthType() != BlindData.AUTH_NONE)
+                    encls.setClientPrivateKey(bd.getAuthPrivKey());
            } else {
                if (_log.shouldWarn())
                    _log.warn("No blind data found for encls: " + encls);