Changeset 37d3204 for router


Ignore:
Timestamp:
Nov 16, 2016 6:01:24 PM (4 years ago)
Author:
zzz <zzz@…>
Branches:
master
Children:
68e5fd6
Parents:
784566a
Message:

Router: Add methods to verify and track members of our family;
use on sybil page

File:
1 edited

Legend:

Unmodified
Added
Removed
  • router/java/src/net/i2p/router/crypto/FamilyKeyCrypto.java

    r784566a r37d3204  
    1111import java.security.cert.X509Certificate;
    1212import java.security.cert.X509CRL;
     13import java.util.Collections;
    1314import java.util.HashMap;
    1415import java.util.Map;
     
    4546    private final Map<Hash, String> _verified;
    4647    private final Set<Hash> _negativeCache;
     48    private final Set<Hash> _ourFamily;
    4749    // following for verification only, otherwise null
    4850    private final String _fname;
     
    8385        if (_fname != null) {
    8486            if (_fname.contains("/") || _fname.contains("\\") ||
    85                 _fname.contains("..") || (new File(_fname)).isAbsolute())
    86                 throw new GeneralSecurityException("Illegal family name");
     87                _fname.contains("..") || (new File(_fname)).isAbsolute() ||
     88                _fname.length() <= 0)
     89                throw new GeneralSecurityException("Illegal family name: " + _fname);
    8790        }
    8891        _privkey = (_fname != null) ? initialize() : null;
     
    9093        _verified = new ConcurrentHashMap<Hash, String>(4);
    9194        _negativeCache = new ConcurrentHashSet<Hash>(4);
     95        _ourFamily = (_privkey != null) ? new ConcurrentHashSet<Hash>(4) : Collections.<Hash>emptySet();
    9296    }
    9397   
     
    146150
    147151    /**
     152     *  Do we have a valid family?
     153     *  @since 0.9.28
     154     */
     155    public boolean hasFamily() {
     156        return _pubkey != null;
     157    }
     158
     159    /**
     160     *  Get verified members of our family.
     161     *  Will not contain ourselves.
     162     *
     163     *  @return non-null, not a copy, do not modify
     164     *  @since 0.9.28
     165     */
     166    public Set<Hash> getOurFamily() {
     167        return _ourFamily;
     168    }
     169
     170    /**
     171     *  Get our family name.
     172     *
     173     *  @return name or null
     174     *  @since 0.9.28
     175     */
     176    public String getOurFamilyName() {
     177        return _fname;
     178    }
     179
     180    /**
    148181     *  Verify the family signature in a RouterInfo.
    149182     *  @return true if good sig or if no family specified at all
     
    153186        if (name == null)
    154187            return true;
     188        return verify(ri, name);
     189    }
     190
     191    /**
     192     *  Verify the family in a RouterInfo matches ours and the signature is good.
     193     *  Returns false if we don't have a family and sig, or they don't.
     194     *  Returns false for ourselves.
     195     *
     196     *  @return true if family matches with good sig
     197     *  @since 0.9.28
     198     */
     199    public boolean verifyOurFamily(RouterInfo ri) {
     200        if (_pubkey == null)
     201            return false;
     202        String name = ri.getOption(OPT_NAME);
     203        if (!_fname.equals(name))
     204            return false;
     205        Hash h = ri.getHash();
     206        if (_ourFamily.contains(h))
     207            return true;
     208        if (h.equals(_context.routerHash()))
     209            return false;
     210        boolean rv = verify(ri, name);
     211        if (rv) {
     212            _ourFamily.add(h);
     213            _log.logAlways(Log.INFO, "Found and verified member of our family (" + _fname + "): " + h);
     214        } else {
     215            if (_log.shouldWarn())
     216                _log.warn("Found spoofed member of our family (" + _fname + "): " + h);
     217        }
     218        return rv;
     219    }
     220
     221    /**
     222     *  Verify the family in a RouterInfo, name already retrieved
     223     *  @since 0.9.28
     224     */
     225    private boolean verify(RouterInfo ri, String name) {
    155226        Hash h = ri.getHash();
    156227        String ssig = ri.getOption(OPT_SIG);
Note: See TracChangeset for help on using the changeset viewer.