echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

verify that signing key name matches

Browse Source
This commit is contained in:
zzz
2010-02-15 16:12:49 +00:00
parent f265db4037
commit a1fb5ef6ed
3 changed files with 25 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java
View File

@ -193,7 +193,9 @@ public class PluginUpdateHandler extends UpdateHandler {
if (up.haveKey(pubkey)) {
// the key is already in the TrustedUpdate keyring
if (!up.verify(f)) {
// verify the sig and verify that it is signed by the keyName in the plugin.config file
String signingKeyName = up.verifyAndGetSigner(f);
if (!keyName.equals(signingKeyName)) {
f.delete();
to.delete();
updateStatus("<b>" + _("Plugin signature verification of {0} failed", url) + "</b>");
@ -209,7 +211,9 @@ public class PluginUpdateHandler extends UpdateHandler {
return;
}
// ...and try the verify again
if (!up.verify(f)) {
// verify the sig and verify that it is signed by the keyName in the plugin.config file
String signingKeyName = up.verifyAndGetSigner(f);
if (!keyName.equals(signingKeyName)) {
f.delete();
to.delete();
updateStatus("<b>" + _("Plugin signature verification of {0} failed", url) + "</b>");