From 4a2cfb5fc06ec7c875951afdbf03b2998b9a1591 Mon Sep 17 00:00:00 2001 From: eyedeekay Date: Thu, 12 Oct 2023 12:32:56 -0400 Subject: [PATCH] Router: Reverse segmented changes to ConfigKeyringHandler, configKeyringHelper --- .../web/helpers/ConfigKeyringHandler.java | 145 +++++++++--------- .../web/helpers/ConfigKeyringHelper.java | 2 +- 2 files changed, 70 insertions(+), 77 deletions(-) diff --git a/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHandler.java index 6dde53c201..be61a3ab61 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHandler.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHandler.java @@ -89,89 +89,82 @@ protected void processForm() { addFormError(_t("Requires hostname, destination, or blinded Base32")); return; } - // from BlindCache - List clientBase32s = _context.netDbSegmentor().lookupClientBySigningPublicKey(spk); - // TODO: This updates all of the blind data for all clients, turning the blind cache into a shared context for the owner of an encrypted leaseSet. - // This is probably not ideal, with some social-engineering a service operator who owns an encrypted destination could associate 2 tunnels. - // How realistic is it? Maybe not very, but I don't like it. Still, this is better than nothing. - for (Hash clientBase32 : clientBase32s) { - BlindData bdold = _context.clientNetDb(clientBase32).getBlindData(spk); - if (bdold != null && d == null) - d = bdold.getDestination(); - if (d != null && _context.clientManager().isLocal(d)) { - // don't bother translating - addFormError("Cannot add key for local destination. Enable encryption in the Hidden Services Manager."); - return; - } + BlindData bdold = _context.netDb().getBlindData(spk); + if (bdold != null && d == null) + d = bdold.getDestination(); + if (d != null && _context.clientManager().isLocal(d)) { + // don't bother translating + addFormError("Cannot add key for local destination. Enable encryption in the Hidden Services Manager."); + return; + } - SigType blindType; - if (bdin != null) { - blindType = bdin.getBlindedSigType(); - } else if (bdold != null) { - blindType = bdold.getBlindedSigType(); - } else { - blindType = Blinding.getDefaultBlindedType(spk.getType()); - } + SigType blindType; + if (bdin != null) { + blindType = bdin.getBlindedSigType(); + } else if (bdold != null) { + blindType = bdold.getBlindedSigType(); + } else { + blindType = Blinding.getDefaultBlindedType(spk.getType()); + } - int atype; - PrivateKey pk; - if (_mode == 4 || _mode == 5) { - atype = BlindData.AUTH_PSK; - // use supplied pk - pk = new PrivateKey(EncType.ECIES_X25519, b); - } else if (_mode == 6 || _mode == 7) { - atype = BlindData.AUTH_DH; - // create new pk - b = new byte[32]; - _context.random().nextBytes(b); - pk = new PrivateKey(EncType.ECIES_X25519, b); - } else { - // modes 2 and 3 - atype = BlindData.AUTH_NONE; - pk = null; + int atype; + PrivateKey pk; + if (_mode == 4 || _mode == 5) { + atype = BlindData.AUTH_PSK; + // use supplied pk + pk = new PrivateKey(EncType.ECIES_X25519, b); + } else if (_mode == 6 || _mode == 7) { + atype = BlindData.AUTH_DH; + // create new pk + b = new byte[32]; + _context.random().nextBytes(b); + pk = new PrivateKey(EncType.ECIES_X25519, b); + } else { + // modes 2 and 3 + atype = BlindData.AUTH_NONE; + pk = null; + } + if (_mode == 2 || _mode == 4 || _mode == 6) + _secret = null; + if (bdin != null) { + // more checks based on supplied b33 + if (bdin.getSecretRequired() && _secret == null) { + addFormError(_t("Destination requires lookup password")); + return; } - if (_mode == 2 || _mode == 4 || _mode == 6) - _secret = null; - if (bdin != null) { - // more checks based on supplied b33 - if (bdin.getSecretRequired() && _secret == null) { - addFormError(_t("Destination requires lookup password")); - return; - } - if (!bdin.getSecretRequired() && _secret != null) { - addFormError(_t("Destination does not require lookup password")); - return; - } - if (bdin.getAuthRequired() && pk == null) { - addFormError(_t("Destination requires encryption key")); - return; - } - if (!bdin.getAuthRequired() && pk != null) { - addFormError(_t("Destination does not require encryption key")); - return; - } + if (!bdin.getSecretRequired() && _secret != null) { + addFormError(_t("Destination does not require lookup password")); + return; } - - // to BlindCache - BlindData bdout; - if (d != null) { - bdout = new BlindData(_context, d, blindType, _secret, atype, pk); - } else { - bdout = new BlindData(_context, spk, blindType, _secret, atype, pk); + if (bdin.getAuthRequired() && pk == null) { + addFormError(_t("Destination requires encryption key")); + return; } - if (bdold != null) { - if (_log.shouldDebug()) - _log.debug("already cached: " + bdold); + if (!bdin.getAuthRequired() && pk != null) { + addFormError(_t("Destination does not require encryption key")); + return; } - try { - _context.clientNetDb(clientBase32).setBlindData(bdout); - addFormNotice(_t("Key for {0} added to keyring", bdout.toBase32())); - if (_mode == 6 || _mode == 7) { - addFormNotice(_t("Send key to server operator.") + ' ' + pk.toPublic().toBase64()); - } - } catch (IllegalArgumentException iae) { - addFormError(_t("Invalid destination") + ": " + iae.getLocalizedMessage()); + } + + // to BlindCache + BlindData bdout; + if (d != null) { + bdout = new BlindData(_context, d, blindType, _secret, atype, pk); + } else { + bdout = new BlindData(_context, spk, blindType, _secret, atype, pk); + } + if (bdold != null) { + if (_log.shouldDebug()) + _log.debug("already cached: " + bdold); + } + try { + _context.netDb().setBlindData(bdout); + addFormNotice(_t("Key for {0} added to keyring", bdout.toBase32())); + if (_mode == 6 || _mode == 7) { + addFormNotice(_t("Send key to server operator.") + ' ' + pk.toPublic().toBase64()); } + } catch (IllegalArgumentException iae) { + addFormError(_t("Invalid destination") + ": " + iae.getLocalizedMessage()); } } } else if (_action.equals(_t("Delete key")) && _revokes != null) { diff --git a/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHelper.java b/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHelper.java index 63712288a8..3f5fc177b9 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHelper.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHelper.java @@ -104,7 +104,7 @@ private boolean render(StringBuilder buf, boolean local) { } // LS2 if (!local) { - List bdata = _context.netDbSegmentor().getLocalClientsBlindData(); + List bdata = _context.netDb().getBlindData(); if (bdata.size() > 1) Collections.sort(bdata, new BDComparator()); for (BlindData bd : bdata) {