Keyring: Separate local and remote dests on /configkeyring

Prohibit local changes on /configkeyring
Remove local keys from keyring on tunnel shutdown or encryption disable
Ensure subsession encryption setting matches primary session
(ticket #2108)

apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHandler.java

@@ -33,6 +33,9 @@ public class ConfigKeyringHandler extends FormHandler {
                 } catch (DataFormatException dfe) {}
                 if (h == null || h.getData() == null) {
                     addFormError(_t("Invalid destination"));
+                } else if (_context.clientManager().isLocal(h)) {
+                    // don't bother translating
+                    addFormError("Cannot add key for local destination. Enable encryption in the Hidden Services Manager.");
                 } else if (sk.getData() == null) {
                     addFormError(_t("Invalid key"));
                 } else {
@@ -42,12 +45,16 @@ public class ConfigKeyringHandler extends FormHandler {
                 }
             } else {  // Delete
                 if (h != null && h.getData() != null) {
-                    if (_context.keyRing().remove(h) != null)
+                    if (_context.clientManager().isLocal(h)) {
+                        // don't bother translating
+                        addFormError("Cannot remove key for local destination. Disable encryption in the Hidden Services Manager.");
+                    } else if (_context.keyRing().remove(h) != null) {
                         addFormNotice(_t("Key for {0} removed from keyring",
                                          Base32.encode(h.getData()) + ".b32.i2p"));
-                    else
+                    } else {
                         addFormNotice(_t("Key for {0} not found in keyring",
                                          Base32.encode(h.getData()) + ".b32.i2p"));
+                    }
                 } else {
                     addFormError(_t("Invalid destination"));
                 }

apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHelper.java

@@ -30,17 +30,31 @@ public class ConfigKeyringHelper extends HelperBase {
      */
     private void renderStatusHTML(StringWriter out) throws IOException {
         StringBuilder buf = new StringBuilder(1024);
+        buf.append("<h3>").append(_t("Local encrypted destinations")).append("</h3>");
+        render(buf, true);
+        buf.append("<h3>").append(_t("Remote encrypted destinations")).append("</h3>");
+        render(buf, false);
+        out.write(buf.toString());
+        out.flush();
+    }
+
+    /**
+     *  @since 0.9.33 moved from PersistentKeyRing
+     */
+    private void render(StringBuilder buf, boolean local) {
         buf.append("\n<table class=\"configtable\"><tr><th align=\"left\">").append(_t("Destination"))
            .append("<th align=\"left\">").append(_t("Name"))
            .append("<th align=\"left\">").append(_t("Encryption Key"))
            .append("</tr>");
         for (Map.Entry<Hash, SessionKey> e : _context.keyRing().entrySet()) {
-            buf.append("\n<tr><td>");
             Hash h = e.getKey();
+            if (local != _context.clientManager().isLocal(h))
+                continue;
+            buf.append("\n<tr><td>");
             buf.append(Base32.encode(h.getData())).append(".b32.i2p");
             buf.append("</td><td>");
             Destination dest = _context.netDb().lookupDestinationLocally(h);
-            if (dest != null && _context.clientManager().isLocal(dest)) {
+            if (dest != null && local) {
                 TunnelPoolSettings in = _context.tunnelManager().getInboundSettings(h);
                 if (in != null && in.getDestinationNickname() != null)
                     buf.append(in.getDestinationNickname());
@@ -55,7 +69,5 @@ public class ConfigKeyringHelper extends HelperBase {
             buf.append("</td>\n");
         }
         buf.append("</table>\n");
-        out.write(buf.toString());
-        out.flush();
     }
 }