- Make I2PSocketFull.close() nonblocking; it will now cause any user-side
writes blocked in I/O (Connection.packetSendChoke()) to throw
an exception (tickets #629, #1041)
- Don't ignore InterruptedExceptions; throw InterruptedIOException
- Back out static disconnect exception
- MessageInputStream locking fixes
- Cleanups
I2PSnark:
- Close socket before closing output stream to avoid blocking in
Peer.disconnect(), and prevent Peer.disconnect() loop
- Combine getPeers and announce into a single method, as we must announce to
the closest from the getPeers, not the closest from the kbuckets
- Stop getPeers when nothing closer is found
- Increase dest lookup and search timeouts
- Increase max search depth
- Loop tracker client faster when in magnet mode
- Loop tracker client faster if DHT announce fails
- Don't return an empty peers list if we only know about the requestor
- volatiles, log tweaks
- Major fixes of getPeers() to follow
to branch 'i2p.i2p' (head a1c2ba4663abc7470f427c6a14854707d58b486a)
Prop from branch i2p.i2p.zzz.ecdsa:
* Build:
- Generate su3 file in release target
- Add zzz's new RSA 4096 pubkey cert for updates
- Fix checkcerts.sh
* Console: Move advanced setting to HelperBase
* DSAEngine changes:
- Implement raw sign/verify for other SigTypes
- Add sign/verify methods using Java keys
* ECDSA Support:
- Add ECConstants which looks for named curves and falls back to
explicitly defining the curves
- Add support for ECDSA to SigType, DSAEngine and KeyGenerator
- Attempt to add BC as a Provider
- genSpec: fallback to BC provider
* EepGet:
- Fix non-proxied PartialEepGet
- Prevent non-proxied eepget for an I2P host
* KeyGenerator changes:
- Generate key pairs for all supported SigTypes
- KeyPairGen: Catch ProviderException, fallback to BC provider
- Add KeyGenerator main() tests
* KeyRing and DirKeyRing added: simple backend for storing X.509 certs
* KeyStoreUtil added:
- Consolidate KeyStore code from SSLEepGet, I2CPSSLSocketFactory,
SSLClientListenerRunner, and RouterConsoleRunner into new
KeyStoreUtil and CertUtil classes in net.i2p.crypto (ticket #744)
- Change default to RSA 2048 (ticket #1017)
- Set file modes on written keys
- Overwrite check in createKeys()
- New getCert(), getKey()
- Extend keygen max wait
- Read back private key to verify after keygen
- Validate cert after reading from file
- Validate CN in cert
- Specify cert signature algorithm when generating keys
* NativeBigInteger: Tweak to prevent early context instantiation
* RSA support added: constants, parameters, sig types, support in DSAEngine, KeyGenerator, SigUtil
* SHA1Hash: Add no-arg constructor
* SigType changes:
- Add parameters (curve specs) to SigTypes
- Add getHashInstance()
- Add RSA, fix ECDSA
- Renumber, rename, comment out types that are too short.
* SigUtil added:
- Converters from Java formats (ASN.1, X.509, PKCS#8)
to I2P formats for Signatures and SigningKeys
- Move ASN.1 converter from DSAEngine to SigUtil, generalize
for variable length, add support for longer sequences,
add more sanity checks, add more exceptions
- Move I2P-to-Java DSA key conversion from DSAEngine to SigUtil
- Add Java-to-I2P DSA key conversion
- Add Java key import
- New split() and combine() methods
* SSLEepGet: Move all certificates to certificates/ssl, in preparation
for other certificate uses by SU3File
* SU3File changes:
- Support all SigTypes
- Implement keygen
- Readahead to get sigtype on verify, as we need the hash type
- Enum for content type
- Add unknown content type, make default
- Fix NPE if private key not found or sign fails
- Store generated keys in keystore, and get private key from keystore
for signing, in Java format
- Use Java keys to sign and verify so we don't
lose the key parameters in the conversion to I2P keys
- Type checking of Java private key vs. type when signing
- Use certs instead of public keys for verification
- Fix arg processing
- Improve validate-without-extract
- New extract command
- Change static fields to avoid early context init
- Reduce PRNG buffer size for faster signing
* Update: Preliminary work for su3 router updates:
- New ROUTER_SIGNED_SU3 UpdateType
- Add support for torrent and HTTP
- Refactor UpdateRunners to return actual UpdateType
- Deal with signed/su3 conflicts
- Verify and extract su3 files.
- Stub out support for clearnet su3 updating
- New config for proxying news, separate from proxying update
- PartialEepGet and SSLEepGet tweaks to support clearnet update
- Remove proxy, key, and url config from /configupdate
- More URI checks in UpdateRunner
- Add https support for news fetch
- Add su3 mime type
- Reset found version in update loop so we don't fetch from
the next host too.
- Prevent NPE on version after SSL fetch
- Reset found version in update loop so we don't fetch from
the next host too.
- Prevent NPE on version after SSL fetch
- Fix su3 version check
* EepGet:
- Fix non-proxied PartialEepGet
- Prevent non-proxied eepget for an I2P host
- Fail if no hostname in URL
- Stub out support for clearnet su3 updating
- PartialEepGet and SSLEepGet tweaks to support clearnet update
- Remove proxy, key, and url config from /configupdate
- More URI checks in UpdateRunner
- Add su3 mime type
- Move advanced setting to HelperBase
- Prevent multiple calls or reentrancy in disconnect() (ticket #1041)
- Implement processing of close to skip TIME-WAIT, and
wait for all packets to be acked (not just the CLOSE) before
doing so, if possible (ticket #1042)
- Don't call disconnect() or disconnectComplete() from I2PSocketFull.destroy()
so retransmissions and acks can still happen (removes some close loops)
- Don't call disconnect() until we have both sent and received a CLOSE (ticket #1040)
- Don't reset the connection from CPH just because we sent a CLOSE
and it was acked (ticket #1040)
- Ack packets even if we sent a CLOSE (ticket #1040)
- Retransmit CLOSE if not acked (ticket #1040)
- Send received packets to the MessageInputStream even if we haven't received a SYN
- Don't call MessageInputStream.messageReceived() for ack-only packets, that was pointless
- Don't send a RESET after timeout of an outbound connection
- Work around bugs on other end by limiting retransmission of CLOSE packets
- Make _isInbound final
- More cleanups, javadocs, log tweaks
- Cleanups
- Remove setCloseReceivedOn(), unused outside Connection
- OR the isFlagSet parameter instead of multiple calls
- Remove acked packets from _outboundPackets inside synced iterator
- Short-circuit _outboundPackets iterator if empty
- Small optimization if not logging in ConnectionPacketHandler
- Stub out processing of close ack (ticket #1042)
