* Plugins: Enforce signing key matches that in plugin.config

2014-08-05 21:23:48 +00:00
parent bd566f52cf
commit fe3059f0ab
2 changed files with 16 additions and 4 deletions
--- a/apps/routerconsole/java/src/net/i2p/router/update/PluginUpdateRunner.java
+++ b/apps/routerconsole/java/src/net/i2p/router/update/PluginUpdateRunner.java
@ -10,7 +10,9 @@ import java.util.Properties;

 import net.i2p.CoreVersion;
 import net.i2p.crypto.TrustedUpdate;
+import net.i2p.data.DataFormatException;
 import net.i2p.data.DataHelper;
+import net.i2p.data.SigningPublicKey;
 import net.i2p.router.RouterContext;
 import net.i2p.router.web.ConfigClientsHelper;
 import net.i2p.router.web.ConfigUpdateHandler;
@ -171,6 +173,15 @@ class PluginUpdateRunner extends UpdateRunner {
                statusDone("<b>" + _("Plugin from {0} contains an invalid key", url) + "</b>");
                return;
            }
+            SigningPublicKey spk;
+            try {
+                spk = new SigningPublicKey(pubkey);
+            } catch (DataFormatException dfe) {
+                f.delete();
+                to.delete();
+                statusDone("<b>" + _("Plugin from {0} contains an invalid key", url) + "</b>");
+                return;
+            }

            // add all existing plugin keys, so any conflicts with existing keys
            // will be discovered and rejected
@ -192,8 +203,9 @@ class PluginUpdateRunner extends UpdateRunner {
                // the key is already in the TrustedUpdate keyring
                // verify the sig and verify that it is signed by the signer in the plugin.config file
                // Allow "" as the previously-known signer
-                String signingKeyName = up.verifyAndGetSigner(f);
-                if (!(signer.equals(signingKeyName) || "".equals(signingKeyName))) {
+                boolean ok = up.verify(f, spk);
+                String signingKeyName = up.getKeys().get(spk);
+                if ((!ok) || !(signer.equals(signingKeyName) || "".equals(signingKeyName))) {
                    f.delete();
                    to.delete();
                    if (signingKeyName == null)
--- a/core/java/src/net/i2p/crypto/TrustedUpdate.java
+++ b/core/java/src/net/i2p/crypto/TrustedUpdate.java
@ -212,9 +212,9 @@ riCe6OlAEiNpcc6mMyIYYWFICbrDFTrDR3wXqwc/Jkcx6L5VVWoagpSzbo3yGhc=
    }

    /**
-     *  @since 0.9.8
+     *  @since 0.9.8, public since 0.9.14.1
     */
-    Map<SigningPublicKey, String> getKeys() {
+    public Map<SigningPublicKey, String> getKeys() {
        return Collections.unmodifiableMap(_trustedKeys);
    }