Skip to content

Commit

Permalink
Router: Reverse segmented changes to ConfigKeyringHandler, configKeyr…
Browse files Browse the repository at this point in the history 
…ingHelper
  • Loading branch information
eyedeekay committed Oct 12, 2023
1 parent df5b49c commit 4a2cfb5
Show file tree
Hide file tree
Showing 2 changed files with 70 additions and 77 deletions.
145 changes: 69 additions & 76 deletions apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHandler.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -89,89 +89,82 @@ protected void processForm() {
addFormError(_t("Requires hostname, destination, or blinded Base32"));
return;
}
// from BlindCache
List<Hash> clientBase32s = _context.netDbSegmentor().lookupClientBySigningPublicKey(spk);
// TODO: This updates all of the blind data for all clients, turning the blind cache into a shared context for the owner of an encrypted leaseSet.
// This is probably not ideal, with some social-engineering a service operator who owns an encrypted destination could associate 2 tunnels.
// How realistic is it? Maybe not very, but I don't like it. Still, this is better than nothing.
for (Hash clientBase32 : clientBase32s) {
BlindData bdold = _context.clientNetDb(clientBase32).getBlindData(spk);
if (bdold != null && d == null)
d = bdold.getDestination();
if (d != null && _context.clientManager().isLocal(d)) {
// don't bother translating
addFormError("Cannot add key for local destination. Enable encryption in the Hidden Services Manager.");
return;
}
BlindData bdold = _context.netDb().getBlindData(spk);
if (bdold != null && d == null)
d = bdold.getDestination();
if (d != null && _context.clientManager().isLocal(d)) {
// don't bother translating
addFormError("Cannot add key for local destination. Enable encryption in the Hidden Services Manager.");
return;
}

SigType blindType;
if (bdin != null) {
blindType = bdin.getBlindedSigType();
} else if (bdold != null) {
blindType = bdold.getBlindedSigType();
} else {
blindType = Blinding.getDefaultBlindedType(spk.getType());
}
SigType blindType;
if (bdin != null) {
blindType = bdin.getBlindedSigType();
} else if (bdold != null) {
blindType = bdold.getBlindedSigType();
} else {
blindType = Blinding.getDefaultBlindedType(spk.getType());
}

int atype;
PrivateKey pk;
if (_mode == 4 || _mode == 5) {
atype = BlindData.AUTH_PSK;
// use supplied pk
pk = new PrivateKey(EncType.ECIES_X25519, b);
} else if (_mode == 6 || _mode == 7) {
atype = BlindData.AUTH_DH;
// create new pk
b = new byte[32];
_context.random().nextBytes(b);
pk = new PrivateKey(EncType.ECIES_X25519, b);
} else {
// modes 2 and 3
atype = BlindData.AUTH_NONE;
pk = null;
int atype;
PrivateKey pk;
if (_mode == 4 || _mode == 5) {
atype = BlindData.AUTH_PSK;
// use supplied pk
pk = new PrivateKey(EncType.ECIES_X25519, b);
} else if (_mode == 6 || _mode == 7) {
atype = BlindData.AUTH_DH;
// create new pk
b = new byte[32];
_context.random().nextBytes(b);
pk = new PrivateKey(EncType.ECIES_X25519, b);
} else {
// modes 2 and 3
atype = BlindData.AUTH_NONE;
pk = null;
}
if (_mode == 2 || _mode == 4 || _mode == 6)
_secret = null;
if (bdin != null) {
// more checks based on supplied b33
if (bdin.getSecretRequired() && _secret == null) {
addFormError(_t("Destination requires lookup password"));
return;
}
if (_mode == 2 || _mode == 4 || _mode == 6)
_secret = null;
if (bdin != null) {
// more checks based on supplied b33
if (bdin.getSecretRequired() && _secret == null) {
addFormError(_t("Destination requires lookup password"));
return;
}
if (!bdin.getSecretRequired() && _secret != null) {
addFormError(_t("Destination does not require lookup password"));
return;
}
if (bdin.getAuthRequired() && pk == null) {
addFormError(_t("Destination requires encryption key"));
return;
}
if (!bdin.getAuthRequired() && pk != null) {
addFormError(_t("Destination does not require encryption key"));
return;
}
if (!bdin.getSecretRequired() && _secret != null) {
addFormError(_t("Destination does not require lookup password"));
return;
}

// to BlindCache
BlindData bdout;
if (d != null) {
bdout = new BlindData(_context, d, blindType, _secret, atype, pk);
} else {
bdout = new BlindData(_context, spk, blindType, _secret, atype, pk);
if (bdin.getAuthRequired() && pk == null) {
addFormError(_t("Destination requires encryption key"));
return;
}
if (bdold != null) {
if (_log.shouldDebug())
_log.debug("already cached: " + bdold);
if (!bdin.getAuthRequired() && pk != null) {
addFormError(_t("Destination does not require encryption key"));
return;
}
try {
_context.clientNetDb(clientBase32).setBlindData(bdout);
addFormNotice(_t("Key for {0} added to keyring", bdout.toBase32()));
if (_mode == 6 || _mode == 7) {
addFormNotice(_t("Send key to server operator.") + ' ' + pk.toPublic().toBase64());
}
} catch (IllegalArgumentException iae) {
addFormError(_t("Invalid destination") + ": " + iae.getLocalizedMessage());
}

// to BlindCache
BlindData bdout;
if (d != null) {
bdout = new BlindData(_context, d, blindType, _secret, atype, pk);
} else {
bdout = new BlindData(_context, spk, blindType, _secret, atype, pk);
}
if (bdold != null) {
if (_log.shouldDebug())
_log.debug("already cached: " + bdold);
}
try {
_context.netDb().setBlindData(bdout);
addFormNotice(_t("Key for {0} added to keyring", bdout.toBase32()));
if (_mode == 6 || _mode == 7) {
addFormNotice(_t("Send key to server operator.") + ' ' + pk.toPublic().toBase64());
}
} catch (IllegalArgumentException iae) {
addFormError(_t("Invalid destination") + ": " + iae.getLocalizedMessage());
}
}
} else if (_action.equals(_t("Delete key")) && _revokes != null) {
Expand Down
2 changes: 1 addition & 1 deletion apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHelper.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -104,7 +104,7 @@ private boolean render(StringBuilder buf, boolean local) {
}
// LS2
if (!local) {
List<BlindData> bdata = _context.netDbSegmentor().getLocalClientsBlindData();
List<BlindData> bdata = _context.netDb().getBlindData();
if (bdata.size() > 1)
Collections.sort(bdata, new BDComparator());
for (BlindData bd : bdata) {
Expand Down

0 comments on commit 4a2cfb5

Please sign in to comment.