diff --git a/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHandler.java index 6dde53c201..be61a3ab61 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHandler.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHandler.java @@ -89,89 +89,82 @@ protected void processForm() { addFormError(_t("Requires hostname, destination, or blinded Base32")); return; } - // from BlindCache - List clientBase32s = _context.netDbSegmentor().lookupClientBySigningPublicKey(spk); - // TODO: This updates all of the blind data for all clients, turning the blind cache into a shared context for the owner of an encrypted leaseSet. - // This is probably not ideal, with some social-engineering a service operator who owns an encrypted destination could associate 2 tunnels. - // How realistic is it? Maybe not very, but I don't like it. Still, this is better than nothing. - for (Hash clientBase32 : clientBase32s) { - BlindData bdold = _context.clientNetDb(clientBase32).getBlindData(spk); - if (bdold != null && d == null) - d = bdold.getDestination(); - if (d != null && _context.clientManager().isLocal(d)) { - // don't bother translating - addFormError("Cannot add key for local destination. Enable encryption in the Hidden Services Manager."); - return; - } + BlindData bdold = _context.netDb().getBlindData(spk); + if (bdold != null && d == null) + d = bdold.getDestination(); + if (d != null && _context.clientManager().isLocal(d)) { + // don't bother translating + addFormError("Cannot add key for local destination. Enable encryption in the Hidden Services Manager."); + return; + } - SigType blindType; - if (bdin != null) { - blindType = bdin.getBlindedSigType(); - } else if (bdold != null) { - blindType = bdold.getBlindedSigType(); - } else { - blindType = Blinding.getDefaultBlindedType(spk.getType()); - } + SigType blindType; + if (bdin != null) { + blindType = bdin.getBlindedSigType(); + } else if (bdold != null) { + blindType = bdold.getBlindedSigType(); + } else { + blindType = Blinding.getDefaultBlindedType(spk.getType()); + } - int atype; - PrivateKey pk; - if (_mode == 4 || _mode == 5) { - atype = BlindData.AUTH_PSK; - // use supplied pk - pk = new PrivateKey(EncType.ECIES_X25519, b); - } else if (_mode == 6 || _mode == 7) { - atype = BlindData.AUTH_DH; - // create new pk - b = new byte[32]; - _context.random().nextBytes(b); - pk = new PrivateKey(EncType.ECIES_X25519, b); - } else { - // modes 2 and 3 - atype = BlindData.AUTH_NONE; - pk = null; + int atype; + PrivateKey pk; + if (_mode == 4 || _mode == 5) { + atype = BlindData.AUTH_PSK; + // use supplied pk + pk = new PrivateKey(EncType.ECIES_X25519, b); + } else if (_mode == 6 || _mode == 7) { + atype = BlindData.AUTH_DH; + // create new pk + b = new byte[32]; + _context.random().nextBytes(b); + pk = new PrivateKey(EncType.ECIES_X25519, b); + } else { + // modes 2 and 3 + atype = BlindData.AUTH_NONE; + pk = null; + } + if (_mode == 2 || _mode == 4 || _mode == 6) + _secret = null; + if (bdin != null) { + // more checks based on supplied b33 + if (bdin.getSecretRequired() && _secret == null) { + addFormError(_t("Destination requires lookup password")); + return; } - if (_mode == 2 || _mode == 4 || _mode == 6) - _secret = null; - if (bdin != null) { - // more checks based on supplied b33 - if (bdin.getSecretRequired() && _secret == null) { - addFormError(_t("Destination requires lookup password")); - return; - } - if (!bdin.getSecretRequired() && _secret != null) { - addFormError(_t("Destination does not require lookup password")); - return; - } - if (bdin.getAuthRequired() && pk == null) { - addFormError(_t("Destination requires encryption key")); - return; - } - if (!bdin.getAuthRequired() && pk != null) { - addFormError(_t("Destination does not require encryption key")); - return; - } + if (!bdin.getSecretRequired() && _secret != null) { + addFormError(_t("Destination does not require lookup password")); + return; } - - // to BlindCache - BlindData bdout; - if (d != null) { - bdout = new BlindData(_context, d, blindType, _secret, atype, pk); - } else { - bdout = new BlindData(_context, spk, blindType, _secret, atype, pk); + if (bdin.getAuthRequired() && pk == null) { + addFormError(_t("Destination requires encryption key")); + return; } - if (bdold != null) { - if (_log.shouldDebug()) - _log.debug("already cached: " + bdold); + if (!bdin.getAuthRequired() && pk != null) { + addFormError(_t("Destination does not require encryption key")); + return; } - try { - _context.clientNetDb(clientBase32).setBlindData(bdout); - addFormNotice(_t("Key for {0} added to keyring", bdout.toBase32())); - if (_mode == 6 || _mode == 7) { - addFormNotice(_t("Send key to server operator.") + ' ' + pk.toPublic().toBase64()); - } - } catch (IllegalArgumentException iae) { - addFormError(_t("Invalid destination") + ": " + iae.getLocalizedMessage()); + } + + // to BlindCache + BlindData bdout; + if (d != null) { + bdout = new BlindData(_context, d, blindType, _secret, atype, pk); + } else { + bdout = new BlindData(_context, spk, blindType, _secret, atype, pk); + } + if (bdold != null) { + if (_log.shouldDebug()) + _log.debug("already cached: " + bdold); + } + try { + _context.netDb().setBlindData(bdout); + addFormNotice(_t("Key for {0} added to keyring", bdout.toBase32())); + if (_mode == 6 || _mode == 7) { + addFormNotice(_t("Send key to server operator.") + ' ' + pk.toPublic().toBase64()); } + } catch (IllegalArgumentException iae) { + addFormError(_t("Invalid destination") + ": " + iae.getLocalizedMessage()); } } } else if (_action.equals(_t("Delete key")) && _revokes != null) { diff --git a/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHelper.java b/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHelper.java index 63712288a8..3f5fc177b9 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHelper.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/helpers/ConfigKeyringHelper.java @@ -104,7 +104,7 @@ private boolean render(StringBuilder buf, boolean local) { } // LS2 if (!local) { - List bdata = _context.netDbSegmentor().getLocalClientsBlindData(); + List bdata = _context.netDb().getBlindData(); if (bdata.size() > 1) Collections.sort(bdata, new BDComparator()); for (BlindData bd : bdata) { diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java b/router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java index b7da715250..93cc239872 100644 --- a/router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java +++ b/router/java/src/net/i2p/router/networkdb/kademlia/KademliaNetworkDatabaseFacade.java @@ -180,12 +180,13 @@ public KademliaNetworkDatabaseFacade(RouterContext context, Hash dbid) { _peerSelector = createPeerSelector(); _publishingLeaseSets = new HashMap(8); _activeRequests = new HashMap(8); - if (!isMainDb()) + if (!isMainDb()) { _reseedChecker = null; - else + _blindCache = null; + } else { _reseedChecker = new ReseedChecker(context); - _blindCache = new BlindCache(context); - + _blindCache = new BlindCache(context); + } _localKey = null; if (_log.shouldLog(Log.DEBUG)) _log.debug("Created KademliaNetworkDatabaseFacade for id: " + dbid); @@ -223,6 +224,20 @@ public ReseedChecker reseedChecker() { return _reseedChecker; } + /** + * We still always use a single blind cache in the main Db(for now), + * see issue #421 on i2pgit.org/i2p-hackers/i2p.i2p for details. + * This checks if we're the main DB already and returns our blind + * cache if we are. If not, it looks up the main Db and gets it. + * + * @return + */ + protected BlindCache blindCache() { + if (isMainDb()) + return _blindCache; + return _context.netDb().blindCache(); + } + KBucketSet getKBuckets() { return _kb; } DataStore getDataStore() { return _ds; } @@ -269,7 +284,8 @@ public synchronized void shutdown() { _exploreKeys.clear(); if (_negativeCache != null) _negativeCache.clear(); - _blindCache.shutdown(); + if (isMainDb()) + blindCache().shutdown(); } public synchronized void restart() { @@ -280,7 +296,8 @@ public synchronized void restart() { } _ds.restart(); _exploreKeys.clear(); - _blindCache.startup(); + if (isMainDb()) + blindCache().startup(); _initialized = true; @@ -370,7 +387,8 @@ public synchronized void startup() { throw new RuntimeException("Unable to initialize netdb storage", ioe); } _negativeCache = new NegativeLookupCache(_context); - _blindCache.startup(); + if (isMainDb()) + blindCache().startup(); createHandlers(); @@ -558,7 +576,7 @@ protected int getKBucketSetSize() { */ @Override public BlindData getBlindData(SigningPublicKey spk) { - return _blindCache.getData(spk); + return blindCache().getData(spk); } /** @@ -569,7 +587,7 @@ public BlindData getBlindData(SigningPublicKey spk) { public void setBlindData(BlindData bd) { if (_log.shouldWarn()) _log.warn("Adding to blind cache: " + bd); - _blindCache.addToCache(bd); + blindCache().addToCache(bd); } /** @@ -578,7 +596,7 @@ public void setBlindData(BlindData bd) { */ @Override public List getBlindData() { - return _blindCache.getData(); + return blindCache().getData(); } /** @@ -589,7 +607,7 @@ public List getBlindData() { */ @Override public boolean removeBlindData(SigningPublicKey spk) { - return _blindCache.removeBlindData(spk); + return blindCache().removeBlindData(spk); } /** @@ -599,7 +617,7 @@ public boolean removeBlindData(SigningPublicKey spk) { */ @Override public void routingKeyChanged() { - _blindCache.rollover(); + blindCache().rollover(); if (_log.shouldInfo()) _log.info("UTC rollover, blind cache updated"); } @@ -620,7 +638,7 @@ public DatabaseEntry lookupLocally(Hash key) { if (ls.isCurrent(Router.CLOCK_FUDGE_FACTOR)) { return rv; } else { - key = _blindCache.getHash(key); + key = blindCache().getHash(key); fail(key); } } else if (type == DatabaseEntry.KEY_TYPE_ROUTERINFO) { @@ -676,7 +694,7 @@ public void lookupLeaseSet(Hash key, Job onFindJob, Job onFailedLookupJob, } else { //if (_log.shouldLog(Log.DEBUG)) // _log.debug("leaseSet not found locally, running search"); - key = _blindCache.getHash(key); + key = blindCache().getHash(key); search(key, onFindJob, onFailedLookupJob, timeoutMs, true, fromLocalDest); } //if (_log.shouldLog(Log.DEBUG)) @@ -693,7 +711,7 @@ public void lookupLeaseSet(Hash key, Job onFindJob, Job onFailedLookupJob, */ public void lookupLeaseSetRemotely(Hash key, Hash fromLocalDest) { if (!_initialized) return; - key = _blindCache.getHash(key); + key = blindCache().getHash(key); if (isNegativeCached(key)) return; search(key, null, null, 20*1000, true, fromLocalDest); @@ -710,7 +728,7 @@ public void lookupLeaseSetRemotely(Hash key, Hash fromLocalDest) { public void lookupLeaseSetRemotely(Hash key, Job onFindJob, Job onFailedLookupJob, long timeoutMs, Hash fromLocalDest) { if (!_initialized) return; - key = _blindCache.getHash(key); + key = blindCache().getHash(key); if (isNegativeCached(key)) return; search(key, onFindJob, onFailedLookupJob, timeoutMs, true, fromLocalDest); @@ -728,7 +746,7 @@ public LeaseSet lookupLeaseSetLocally(Hash key) { if (ls.isCurrent(Router.CLOCK_FUDGE_FACTOR)) { return ls; } else { - key = _blindCache.getHash(key); + key = blindCache().getHash(key); fail(key); // this was an interesting key, so either refetch it or simply explore with it _exploreKeys.add(key); @@ -764,7 +782,7 @@ public void lookupDestination(Hash key, Job onFinishedJob, long timeoutMs, Hash _log.info("Negative cached, not searching dest: " + key); _context.jobQueue().addJob(onFinishedJob); } else { - key = _blindCache.getHash(key); + key = blindCache().getHash(key); search(key, onFinishedJob, onFinishedJob, timeoutMs, true, fromLocalDest); } } @@ -1120,7 +1138,7 @@ public LeaseSet store(Hash key, LeaseSet leaseSet) throws IllegalArgumentExcepti // set dest or key before validate() calls verifySignature() which // will do the decryption encls = (EncryptedLeaseSet) leaseSet; - BlindData bd = _blindCache.getReverseData(leaseSet.getSigningKey()); + BlindData bd = blindCache().getReverseData(leaseSet.getSigningKey()); if (bd != null) { if (_log.shouldWarn()) _log.warn("Found blind data for encls: " + bd); @@ -1162,7 +1180,7 @@ public LeaseSet store(Hash key, LeaseSet leaseSet) throws IllegalArgumentExcepti // recursion Destination dest = decls.getDestination(); store(dest.getHash(), decls); - _blindCache.setBlinded(dest); + blindCache().setBlinded(dest); } } else if (type == DatabaseEntry.KEY_TYPE_LS2 || type == DatabaseEntry.KEY_TYPE_META_LS2) { // if it came in via garlic @@ -1170,7 +1188,7 @@ public LeaseSet store(Hash key, LeaseSet leaseSet) throws IllegalArgumentExcepti if (ls2.isBlindedWhenPublished()) { Destination dest = leaseSet.getDestination(); if (dest != null) - _blindCache.setBlinded(dest, null, null); + blindCache().setBlinded(dest, null, null); } }