Changes in / [a1c8e3e:6bb1505d]

Files:

• apps/i2psnark/java/src/org/klomp/snark/SnarkManager.java (modified) (2 diffs)
• apps/i2psnark/java/src/org/klomp/snark/UpdateHandler.java (modified) (1 diff)
• apps/i2psnark/java/src/org/klomp/snark/UpdateRunner.java (modified) (3 diffs)
• apps/i2psnark/mime.properties (modified) (1 diff)
• apps/routerconsole/java/src/net/i2p/router/update/ConsoleUpdateManager.java (modified) (14 diffs)
• apps/routerconsole/java/src/net/i2p/router/update/DummyHandler.java (modified) (1 diff)
• apps/routerconsole/java/src/net/i2p/router/update/NewsFetcher.java (modified) (8 diffs)
• apps/routerconsole/java/src/net/i2p/router/update/PluginUpdateChecker.java (modified) (2 diffs)
• apps/routerconsole/java/src/net/i2p/router/update/PluginUpdateRunner.java (modified) (3 diffs)
• apps/routerconsole/java/src/net/i2p/router/update/UnsignedUpdateChecker.java (modified) (1 diff)
• apps/routerconsole/java/src/net/i2p/router/update/UnsignedUpdateRunner.java (modified) (1 diff)
• apps/routerconsole/java/src/net/i2p/router/update/UpdateHandler.java (modified) (2 diffs)
• apps/routerconsole/java/src/net/i2p/router/update/UpdateRunner.java (modified) (12 diffs)
• apps/routerconsole/java/src/net/i2p/router/web/ConfigTunnelsHelper.java (modified) (2 diffs)
• apps/routerconsole/java/src/net/i2p/router/web/ConfigUpdateHandler.java (modified) (9 diffs)
• apps/routerconsole/java/src/net/i2p/router/web/ConfigUpdateHelper.java (modified) (1 diff)
• apps/routerconsole/java/src/net/i2p/router/web/HelperBase.java (modified) (2 diffs)
• apps/routerconsole/java/src/net/i2p/router/web/NewsHelper.java (modified) (4 diffs)
• apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java (modified) (5 diffs)
• apps/routerconsole/java/src/net/i2p/router/web/TunnelRenderer.java (modified) (1 diff)
• apps/routerconsole/java/src/net/i2p/router/web/UpdateHandler.java (modified) (2 diffs)
• apps/routerconsole/jsp/configupdate.jsp (modified) (1 diff)
• build.xml (modified) (7 diffs)
• core/java/src/net/i2p/client/I2CPSSLSocketFactory.java (modified) (5 diffs)
• core/java/src/net/i2p/crypto/CertUtil.java (added)
• core/java/src/net/i2p/crypto/CryptoConstants.java (modified) (2 diffs)
• core/java/src/net/i2p/crypto/DSAEngine.java (modified) (20 diffs)
• core/java/src/net/i2p/crypto/DirKeyRing.java (added)
• core/java/src/net/i2p/crypto/ECConstants.java (added)
• core/java/src/net/i2p/crypto/ElGamalEngine.java (modified) (1 diff)
• core/java/src/net/i2p/crypto/KeyGenerator.java (modified) (7 diffs)
• core/java/src/net/i2p/crypto/KeyRing.java (added)
• core/java/src/net/i2p/crypto/KeyStoreUtil.java (added)
• core/java/src/net/i2p/crypto/RSAConstants.java (added)
• core/java/src/net/i2p/crypto/SHA1Hash.java (modified) (1 diff)
• core/java/src/net/i2p/crypto/SU3File.java (modified) (24 diffs)
• core/java/src/net/i2p/crypto/SigAlgo.java (added)
• core/java/src/net/i2p/crypto/SigType.java (modified) (6 diffs)
• core/java/src/net/i2p/crypto/SigUtil.java (added)
• core/java/src/net/i2p/crypto/TrustedUpdate.java (modified) (3 diffs)
• core/java/src/net/i2p/update/UpdateType.java (modified) (1 diff)
• core/java/src/net/i2p/util/EepGet.java (modified) (3 diffs)
• core/java/src/net/i2p/util/NativeBigInteger.java (modified) (1 diff)
• core/java/src/net/i2p/util/PartialEepGet.java (modified) (5 diffs)
• core/java/src/net/i2p/util/SSLEepGet.java (modified) (12 diffs)
• installer/resources/certificates/193.150.121.66.crt (deleted)
• installer/resources/certificates/cert.smartcom.org.crt (deleted)
• installer/resources/certificates/i2p.feared.eu.crt (deleted)
• installer/resources/certificates/i2p.mooo.com.crt (deleted)
• installer/resources/certificates/i2pprojekt.de.cert (deleted)
• installer/resources/certificates/ieb9oopo.mooo.com.crt (deleted)
• installer/resources/certificates/netdb.i2p2.de.crt (deleted)
• installer/resources/certificates/netdb.i2p2.no.crt (deleted)
• installer/resources/certificates/reseed.info.crt (deleted)
• installer/resources/certificates/reseed.pkol.de.crt (deleted)
• installer/resources/certificates/router/zzz_at_mail.i2p.crt (added)
• installer/resources/certificates/ssl/193.150.121.66.crt (added)
• installer/resources/certificates/ssl/cert.smartcom.org.crt (added)
• installer/resources/certificates/ssl/i2p.feared.eu.crt (added)
• installer/resources/certificates/ssl/i2p.mooo.com.crt (added)
• installer/resources/certificates/ssl/i2pprojekt.de.crt (added)
• installer/resources/certificates/ssl/ieb9oopo.mooo.com.crt (added)
• installer/resources/certificates/ssl/netdb.i2p2.de.crt (added)
• installer/resources/certificates/ssl/netdb.i2p2.no.crt (added)
• installer/resources/certificates/ssl/reseed.info.crt (added)
• installer/resources/certificates/ssl/reseed.pkol.de.crt (added)
• installer/resources/certificates/ssl/www.cacert.org.crt (added)
• installer/resources/certificates/www.cacert.org.crt (deleted)
• installer/resources/deletelist.txt (modified) (1 diff)
• router/java/src/net/i2p/router/client/SSLClientListenerRunner.java (modified) (4 diffs)
• tests/scripts/checkcerts.sh (modified) (1 diff)

apps/i2psnark/java/src/org/klomp/snark/SnarkManager.java

@@ -194 +194 @@
                 _uhandler = new UpdateHandler(_context, _umgr, SnarkManager.this);
                 _umgr.register(_uhandler, UpdateType.ROUTER_SIGNED, UpdateMethod.TORRENT, 10);
+                _umgr.register(_uhandler, UpdateType.ROUTER_SIGNED_SU3, UpdateMethod.TORRENT, 10);
                 _log.warn("Registering with update manager");
             } else {
@@ -211 +212 @@
             //_uhandler.shutdown();
             _umgr.unregister(_uhandler, UpdateType.ROUTER_SIGNED, UpdateMethod.TORRENT);
+            _umgr.unregister(_uhandler, UpdateType.ROUTER_SIGNED_SU3, UpdateMethod.TORRENT);
         }
         _running = false;

apps/i2psnark/java/src/org/klomp/snark/UpdateHandler.java

@@ -43 +43 @@
     public UpdateTask update(UpdateType type, UpdateMethod method, List<URI> updateSources,
                              String id, String newVersion, long maxTime) {
-        if (type != UpdateType.ROUTER_SIGNED ||
+        if ((type != UpdateType.ROUTER_SIGNED && type != UpdateType.ROUTER_SIGNED_SU3) ||
             method != UpdateMethod.TORRENT || updateSources.isEmpty())
             return null;
-        UpdateRunner update = new UpdateRunner(_context, _umgr, _smgr, updateSources, newVersion);
+        UpdateRunner update = new UpdateRunner(_context, _umgr, _smgr, type, updateSources, newVersion);
         _umgr.notifyProgress(update, "<b>" + _smgr.util().getString("Updating") + "</b>");
         return update;

apps/i2psnark/java/src/org/klomp/snark/UpdateRunner.java

@@ -23 +23 @@
     private final UpdateManager _umgr;
     private final SnarkManager _smgr;
+    private final UpdateType _type;
     private final List<URI> _urls;
     private volatile boolean _isRunning;
@@ -37 +38 @@
 
     public UpdateRunner(I2PAppContext ctx, UpdateManager umgr, SnarkManager smgr,
-                        List<URI> uris, String newVersion) { 
+                        UpdateType type, List<URI> uris, String newVersion) { 
         _context = ctx;
         _log = ctx.logManager().getLog(getClass());
         _umgr = umgr;
         _smgr = smgr;
+        _type = type;
         _urls = uris;
         _newVersion = newVersion;
@@ -57 +59 @@
     }
 
-    public UpdateType getType() { return UpdateType.ROUTER_SIGNED; }
+    public UpdateType getType() { return _type; }
 
     public UpdateMethod getMethod() { return UpdateMethod.TORRENT; }

apps/i2psnark/mime.properties

@@ -19 +19 @@
 rar     = application/x-rar-compressed
 su2     = application/zip
+su3     = application/zip
 sud     = application/zip
 tbz     = application/x-bzip2

apps/routerconsole/java/src/net/i2p/router/update/ConsoleUpdateManager.java

@@ -20 +20 @@
 
 import net.i2p.I2PAppContext;
+import net.i2p.crypto.SU3File;
 import net.i2p.crypto.TrustedUpdate;
 import net.i2p.data.DataHelper;
@@ -70 +71 @@
     /** downloaded AND installed */
     private final Map<UpdateItem, Version> _installed;
+    private final boolean _allowTorrent;
     private static final DecimalFormat _pct = new DecimalFormat("0.0%");
 
@@ -91 +93 @@
         _installed = new ConcurrentHashMap();
         _status = "";
+        // DEBUG slow start for snark updates
+        // For 0.9.4 update, only for dev builds
+        // For 0.9.5 update, only for dev builds and 1% more
+        // For 0.9.6 update, only for dev builds and 3% more
+        // For 0.9.8 update, only for dev builds and 30% more
+        // Remove this for 100%
+        _allowTorrent = RouterVersion.BUILD != 0 || _context.random().nextInt(100) < 30;
     }
 
@@ -100 +109 @@
         notifyInstalled(NEWS, "", Long.toString(NewsHelper.lastUpdated(_context)));
         notifyInstalled(ROUTER_SIGNED, "", RouterVersion.VERSION);
+        notifyInstalled(ROUTER_SIGNED_SU3, "", RouterVersion.VERSION);
         // hack to init from the current news file... do this before we register Updaters
         // This will not kick off any Updaters as none are yet registered
@@ -123 +133 @@
         Updater u = new UpdateHandler(_context, this);
         register(u, ROUTER_SIGNED, HTTP, 0);
+        if (ConfigUpdateHandler.USE_SU3_UPDATE) {
+            register(c, ROUTER_SIGNED_SU3, HTTP, 0);
+            register(u, ROUTER_SIGNED_SU3, HTTP, 0);
+            // todo
+            //register(c, ROUTER_SIGNED_SU3, HTTPS_CLEARNET, 0);
+            //register(u, ROUTER_SIGNED_SU3, HTTPS_CLEARNET, -10);
+            //register(c, ROUTER_SIGNED_SU3, HTTP_CLEARNET, 0);
+            //register(u, ROUTER_SIGNED_SU3, HTTP_CLEARNET, -20);
+        }
         // TODO see NewsFetcher
         //register(u, ROUTER_SIGNED, HTTPS_CLEARNET, -5);
@@ -559 +578 @@
      */
     public void register(Updater updater, UpdateType type, UpdateMethod method, int priority) {
-        if ((type == ROUTER_SIGNED || type == ROUTER_UNSIGNED) && NewsHelper.dontInstall(_context)) {
+        if ((type == ROUTER_SIGNED || type == ROUTER_UNSIGNED || type == ROUTER_SIGNED_SU3) &&
+            NewsHelper.dontInstall(_context)) {
             if (_log.shouldLog(Log.WARN))
                 _log.warn("Ignoring registration for " + type + ", router updates disabled");
             return;
         }
-        // DEBUG slow start for snark updates
-        // For 0.9.4 update, only for dev builds
-        // For 0.9.5 update, only for dev builds and 1% more
-        // For 0.9.6 update, only for dev builds and 3% more
-        // For 0.9.8 update, only for dev builds and 30% more
-        // Remove this for 100%
-        if (method == TORRENT && RouterVersion.BUILD == 0 && _context.random().nextInt(100) > 29) {
+        if (type == ROUTER_SIGNED_SU3 && !ConfigUpdateHandler.USE_SU3_UPDATE) {
+            if (_log.shouldLog(Log.WARN))
+                _log.warn("Ignoring registration for " + type + ", SU3 updates disabled");
+            return;
+        }
+        if (method == TORRENT && !_allowTorrent) {
             if (_log.shouldLog(Log.WARN))
                 _log.warn("Ignoring torrent registration");
@@ -724 +743 @@
 
             case ROUTER_SIGNED:
+            case ROUTER_SIGNED_SU3:
                 if (shouldInstall() &&
                     !(isUpdateInProgress(ROUTER_SIGNED) ||
+                      isUpdateInProgress(ROUTER_SIGNED_SU3) ||
                       isUpdateInProgress(ROUTER_UNSIGNED))) {
                     if (_log.shouldLog(Log.INFO))
@@ -762 +783 @@
             case NEWS:
             case ROUTER_SIGNED:
+            case ROUTER_SIGNED_SU3:
             case ROUTER_UNSIGNED:
                 // ConfigUpdateHandler, SummaryHelper, SummaryBarRenderer handle status display
@@ -878 +900 @@
                 break;
 
+            case ROUTER_SIGNED_SU3:
+                rv = handleSu3File(task.getURI(), actualVersion, file);
+                if (rv)
+                    notifyDownloaded(task.getType(), task.getID(), actualVersion);
+                break;
+
             case ROUTER_UNSIGNED:
                 rv = handleUnsignedFile(task.getURI(), actualVersion, file);
@@ -933 +961 @@
         _downloaded.put(ui, ver);
         // one trumps the other
-        if (type == ROUTER_SIGNED)
+        if (type == ROUTER_SIGNED) {
             _downloaded.remove(new UpdateItem(ROUTER_UNSIGNED, ""));
-        else if (type == ROUTER_UNSIGNED)
+            _downloaded.remove(new UpdateItem(ROUTER_SIGNED_SU3, ""));
+            // remove available from other type
+            UpdateItem altui = new UpdateItem(ROUTER_SIGNED_SU3, id);
+            Version old = _available.get(altui);
+            if (old != null && old.compareTo(ver) <= 0)
+                _available.remove(altui);
+            // ... and declare the alt downloaded as well
+            _downloaded.put(altui, ver);
+        } else if (type == ROUTER_SIGNED_SU3) {
             _downloaded.remove(new UpdateItem(ROUTER_SIGNED, ""));
+            _downloaded.remove(new UpdateItem(ROUTER_UNSIGNED, ""));
+            // remove available from other type
+            UpdateItem altui = new UpdateItem(ROUTER_SIGNED, id);
+            Version old = _available.get(altui);
+            if (old != null && old.compareTo(ver) <= 0)
+                _available.remove(altui);
+            // ... and declare the alt downloaded as well
+            _downloaded.put(altui, ver);
+        } else if (type == ROUTER_UNSIGNED) {
+            _downloaded.remove(new UpdateItem(ROUTER_SIGNED, ""));
+            _downloaded.remove(new UpdateItem(ROUTER_SIGNED_SU3, ""));
+        }
         Version old = _available.get(ui);
         if (old != null && old.compareTo(ver) <= 0)
@@ -970 +1018 @@
 
             case ROUTER_SIGNED:
+              { // avoid dup variables in next case
                 String URLs = _context.getProperty(ConfigUpdateHandler.PROP_UPDATE_URL, ConfigUpdateHandler.DEFAULT_UPDATE_URL);
                 StringTokenizer tok = new StringTokenizer(URLs, " ,\r\n");
@@ -980 +1029 @@
                 Collections.shuffle(rv, _context.random());
                 return rv;
+              }
+
+            case ROUTER_SIGNED_SU3:
+              {
+                String URLs = ConfigUpdateHandler.SU3_UPDATE_URLS;
+                StringTokenizer tok = new StringTokenizer(URLs, " ,\r\n");
+                List<URI> rv = new ArrayList();
+                while (tok.hasMoreTokens()) {
+                    try {
+                        rv.add(new URI(tok.nextToken().trim()));
+                    } catch (URISyntaxException use) {}
+                }
+                Collections.shuffle(rv, _context.random());
+                return rv;
+              }
 
             case ROUTER_UNSIGNED:
@@ -1012 +1076 @@
      */
     private boolean handleSudFile(URI uri, String actualVersion, File f) {
+        return handleRouterFile(uri, actualVersion, f, false);
+    }
+
+    /**
+     *  @return success
+     *  @since 0.9.9
+     */
+    private boolean handleSu3File(URI uri, String actualVersion, File f) {
+        return handleRouterFile(uri, actualVersion, f, true);
+    }
+
+    /**
+     *  Process sud, su2, or su3
+     *  @return success
+     *  @since 0.9.9
+     */
+    private boolean handleRouterFile(URI uri, String actualVersion, File f, boolean isSU3) {
         String url = uri.toString();
-        // Process the .sud/.su2 file
         updateStatus("<b>" + _("Update downloaded") + "</b>");
-        TrustedUpdate up = new TrustedUpdate(_context);
         File to = new File(_context.getRouterDir(), Router.UPDATE_FILE);
-        String err = up.migrateVerified(RouterVersion.VERSION, f, to);
-///////////
-        // caller must delete now.. why?
+        String err;
+        // Process the file
+        if (isSU3) {
+            SU3File up = new SU3File(_context, f);
+            File temp = new File(_context.getTempDir(), "su3out-" + _context.random().nextLong() + ".zip");
+            try {
+                if (up.verifyAndMigrate(temp)) {
+                    String ver = up.getVersionString();
+                    int type = up.getContentType();
+                    if (ver == null || VersionComparator.comp(RouterVersion.VERSION, ver) >= 0)
+                        err = "Old version " + ver;
+                    else if (type != SU3File.CONTENT_ROUTER)
+                        err = "Bad su3 content type " + type;
+                    else if (!FileUtil.copy(temp, to, true, false))
+                        err = "Failed copy to " + to;
+                    else
+                        err = null;   // success
+                } else {
+                    err = "Signature failed, signer " + DataHelper.stripHTML(up.getSignerString()) +
+                          ' ' + up.getSigType();
+                }
+            } catch (IOException ioe) {
+                _log.error("SU3 extract error", ioe);
+                err = DataHelper.stripHTML(ioe.toString());
+            } finally {
+                temp.delete();
+            }
+        } else {
+            TrustedUpdate up = new TrustedUpdate(_context);
+            err = up.migrateVerified(RouterVersion.VERSION, f, to);
+        }
+
+        // caller must delete.. could be an active torrent
         //f.delete();
         if (err == null) {
@@ -1278 +1387 @@
         @Override
         public String toString() {
+            if ("".equals(id))
+                return "UpdateItem " + type;
             return "UpdateItem " + type + ' ' + id;
         }

apps/routerconsole/java/src/net/i2p/router/update/DummyHandler.java

@@ -49 +49 @@
 
         public DummyRunner(RouterContext ctx, ConsoleUpdateManager mgr, long maxTime) {
-            super(ctx, mgr, Collections.EMPTY_LIST);
+            super(ctx, mgr, UpdateType.TYPE_DUMMY, Collections.EMPTY_LIST);
             _delay = maxTime;
         }
-
-        @Override
-        public UpdateType getType() { return UpdateType.TYPE_DUMMY; }
 
         @Override

apps/routerconsole/java/src/net/i2p/router/update/NewsFetcher.java

@@ -32 +32 @@
 import net.i2p.util.FileUtil;
 import net.i2p.util.Log;
+import net.i2p.util.SSLEepGet;
 
 /**
@@ -50 +51 @@
     
     public NewsFetcher(RouterContext ctx, ConsoleUpdateManager mgr, List<URI> uris) { 
-        super(ctx, mgr, uris);
+        super(ctx, mgr, NEWS, uris);
         _newsFile = new File(ctx.getRouterDir(), NewsHelper.NEWS_FILE);
         _tempFile = new File(ctx.getTempDir(), "tmp-" + ctx.random().nextLong() + TEMP_NEWS_FILE);
@@ -57 +58 @@
             _lastModified = RFC822Date.to822Date(lastMod);
     }
-
-    @Override
-    public UpdateType getType() { return NEWS; }
 
     private boolean dontInstall() {
@@ -77 +75 @@
 
     public void fetchNews() {
-        boolean shouldProxy = Boolean.valueOf(_context.getProperty(ConfigUpdateHandler.PROP_SHOULD_PROXY, ConfigUpdateHandler.DEFAULT_SHOULD_PROXY)).booleanValue();
+        boolean shouldProxy = _context.getProperty(ConfigUpdateHandler.PROP_SHOULD_PROXY_NEWS, ConfigUpdateHandler.DEFAULT_SHOULD_PROXY_NEWS);
         String proxyHost = _context.getProperty(ConfigUpdateHandler.PROP_PROXY_HOST, ConfigUpdateHandler.DEFAULT_PROXY_HOST);
         int proxyPort = ConfigUpdateHandler.proxyPort(_context);
@@ -92 +90 @@
                 if (shouldProxy)
                     get = new EepGet(_context, true, proxyHost, proxyPort, 0, _tempFile.getAbsolutePath(), newsURL, true, null, _lastModified);
+                else if ("https".equals(uri.getScheme()))
+                    // no constructor w/ last mod check
+                    get = new SSLEepGet(_context, _tempFile.getAbsolutePath(), newsURL);
                 else
                     get = new EepGet(_context, false, null, 0, 0, _tempFile.getAbsolutePath(), newsURL, true, null, _lastModified);
@@ -115 +116 @@
     private static final String SUD_KEY = "sudtorrent";
     private static final String SU2_KEY = "su2torrent";
+    private static final String SU3_KEY = "su3torrent";
     private static final String CLEARNET_SUD_KEY = "sudclearnet";
     private static final String CLEARNET_SU2_KEY = "su2clearnet";
+    private static final String CLEARNET_HTTP_SU3_KEY = "su3clearnet";
+    private static final String CLEARNET_HTTPS_SU3_KEY = "su3ssl";
     private static final String I2P_SUD_KEY = "sudi2p";
     private static final String I2P_SU2_KEY = "su2i2p";
@@ -150 +154 @@
                             // TODO clearnet URLs, notify with HTTP_CLEARNET and/or HTTPS_CLEARNET
                             Map<UpdateMethod, List<URI>> sourceMap = new HashMap(4);
+                            // Must do su3 first
+                            if (ConfigUpdateHandler.USE_SU3_UPDATE) {
+                                sourceMap.put(HTTP, _mgr.getUpdateURLs(ROUTER_SIGNED_SU3, "", HTTP));
+                                addMethod(TORRENT, args.get(SU3_KEY), sourceMap);
+                                addMethod(HTTP_CLEARNET, args.get(CLEARNET_HTTP_SU3_KEY), sourceMap);
+                                addMethod(HTTPS_CLEARNET, args.get(CLEARNET_HTTPS_SU3_KEY), sourceMap);
+                                // notify about all sources at once
+                                _mgr.notifyVersionAvailable(this, _currentURI, ROUTER_SIGNED_SU3,
+                                                            "", sourceMap, ver, "");
+                                sourceMap.clear();
+                            }
+                            // now do sud/su2
                             sourceMap.put(HTTP, _mgr.getUpdateURLs(ROUTER_SIGNED, "", HTTP));
                             String key = FileUtil.isPack200Supported() ? SU2_KEY : SUD_KEY;
-                            String murl = args.get(key);
-                            if (murl != null) {
-                                List<URI> uris = tokenize(murl);
-                                if (!uris.isEmpty()) {
-                                    Collections.shuffle(uris, _context.random());
-                                    sourceMap.put(TORRENT, uris);
-                                }
-                            }
+                            addMethod(TORRENT, args.get(key), sourceMap);
                             // notify about all sources at once
-                            _mgr.notifyVersionAvailable(this, _currentURI,
-                                                        ROUTER_SIGNED, "", sourceMap,
-                                                        ver, "");
+                            _mgr.notifyVersionAvailable(this, _currentURI, ROUTER_SIGNED,
+                                                        "", sourceMap, ver, "");
                         } else {
                             if (_log.shouldLog(Log.DEBUG))
@@ -267 +275 @@
     }
 
+    /**
+     *  Parse URLs and add to the map
+     *  @param urls may be null
+     *  @since 0.9.9
+     */
+    private void addMethod(UpdateMethod method, String urls, Map<UpdateMethod, List<URI>> map) {
+        if (urls != null) {
+            List<URI> uris = tokenize(urls);
+            if (!uris.isEmpty()) {
+                Collections.shuffle(uris, _context.random());
+                map.put(method, uris);
+            }
+        }
+    }
+
     /** override to prevent status update */
     @Override

apps/routerconsole/java/src/net/i2p/router/update/PluginUpdateChecker.java

@@ -36 +36 @@
     public PluginUpdateChecker(RouterContext ctx, ConsoleUpdateManager mgr,
                                List<URI> uris, String appName, String oldVersion ) { 
-        super(ctx, mgr, uris, oldVersion);
+        super(ctx, mgr, UpdateType.PLUGIN, uris, oldVersion);
         if (!uris.isEmpty())
             _currentURI = uris.get(0);
@@ -42 +42 @@
         _oldVersion = oldVersion;
     }
-
-    @Override
-    public UpdateType getType() { return UpdateType.PLUGIN; }
 
     @Override

apps/routerconsole/java/src/net/i2p/router/update/PluginUpdateRunner.java

@@ -61 +61 @@
     public PluginUpdateRunner(RouterContext ctx, ConsoleUpdateManager mgr, List<URI> uris,
                               String appName, String oldVersion ) {
-        super(ctx, mgr, uris);
+        super(ctx, mgr, UpdateType.PLUGIN, uris);
         if (uris.isEmpty())
             throw new IllegalArgumentException("uri cannot be empty");
@@ -69 +69 @@
         _appName = appName;
         _oldVersion = oldVersion;
-    }
-
-
-    @Override
-    public UpdateType getType() {
-        return UpdateType.PLUGIN;
     }
 
@@ -105 +99 @@
                 updateStatus("<b>" + _("Downloading plugin from {0}", _xpi2pURL) + "</b>");
                 // use the same settings as for updater
-                boolean shouldProxy = Boolean.valueOf(_context.getProperty(ConfigUpdateHandler.PROP_SHOULD_PROXY, ConfigUpdateHandler.DEFAULT_SHOULD_PROXY)).booleanValue();
+                boolean shouldProxy = _context.getProperty(ConfigUpdateHandler.PROP_SHOULD_PROXY, ConfigUpdateHandler.DEFAULT_SHOULD_PROXY);
                 String proxyHost = _context.getProperty(ConfigUpdateHandler.PROP_PROXY_HOST, ConfigUpdateHandler.DEFAULT_PROXY_HOST);
                 int proxyPort = ConfigUpdateHandler.proxyPort(_context);

apps/routerconsole/java/src/net/i2p/router/update/UnsignedUpdateChecker.java

@@ -29 +29 @@
     public UnsignedUpdateChecker(RouterContext ctx, ConsoleUpdateManager mgr,
                                  List<URI> uris, long lastUpdateTime) { 
-        super(ctx, mgr, uris);
+        super(ctx, mgr, UpdateType.ROUTER_UNSIGNED, uris);
         _ms = lastUpdateTime;
     }
-
-    //////// begin UpdateTask methods
-
-    @Override
-    public UpdateType getType() { return UpdateType.ROUTER_UNSIGNED; }
-
-    //////// end UpdateTask methods
 
     @Override

apps/routerconsole/java/src/net/i2p/router/update/UnsignedUpdateRunner.java

@@ -26 +26 @@
 
     public UnsignedUpdateRunner(RouterContext ctx, ConsoleUpdateManager mgr, List<URI> uris) { 
-        super(ctx, mgr, uris);
+        super(ctx, mgr, ROUTER_UNSIGNED, uris);
         if (!uris.isEmpty())
             _currentURI = uris.get(0);
     }
-
-
-    @Override
-    public UpdateType getType() { return ROUTER_UNSIGNED; }
 
 

apps/routerconsole/java/src/net/i2p/router/update/UpdateHandler.java

@@ -5 +5 @@
 
 import net.i2p.router.RouterContext;
+import net.i2p.router.web.ConfigUpdateHandler;
 import net.i2p.update.*;
+import static net.i2p.update.UpdateType.*;
+import static net.i2p.update.UpdateMethod.*;
 
 /**
@@ -39 +42 @@
     public UpdateTask update(UpdateType type, UpdateMethod method, List<URI> updateSources,
                              String id, String newVersion, long maxTime) {
-        if (type != UpdateType.ROUTER_SIGNED ||
-            method != UpdateMethod.HTTP || updateSources.isEmpty())
+        boolean shouldProxy = _context.getProperty(ConfigUpdateHandler.PROP_SHOULD_PROXY, ConfigUpdateHandler.DEFAULT_SHOULD_PROXY);
+        if ((type != ROUTER_SIGNED && type != ROUTER_SIGNED_SU3) ||
+            (shouldProxy && method != HTTP) ||
+            ((!shouldProxy) && method != HTTP_CLEARNET && method != HTTPS_CLEARNET) ||
+            updateSources.isEmpty())
             return null;
-        UpdateRunner update = new UpdateRunner(_context, _mgr, updateSources);
+        UpdateRunner update = new UpdateRunner(_context, _mgr, type, method, updateSources);
         // set status before thread to ensure UI feedback
         _mgr.notifyProgress(update, "<b>" + _mgr._("Updating") + "</b>");

apps/routerconsole/java/src/net/i2p/router/update/UpdateRunner.java

@@ -6 +6 @@
 import java.net.URI;
 import java.util.List;
+import java.util.Locale;
 import java.util.StringTokenizer;
 
@@ -14 +15 @@
 import net.i2p.router.web.ConfigUpdateHandler;
 import net.i2p.update.*;
+import static net.i2p.update.UpdateMethod.*;
 import net.i2p.util.EepGet;
 import net.i2p.util.I2PAppThread;
 import net.i2p.util.Log;
 import net.i2p.util.PartialEepGet;
+import net.i2p.util.SSLEepGet;
 import net.i2p.util.VersionComparator;
 
@@ -31 +34 @@
     protected final Log _log;
     protected final ConsoleUpdateManager _mgr;
+    protected final UpdateType _type;
+    protected final UpdateMethod _method;
     protected final List<URI> _urls;
     protected final String _updateFile;
@@ -54 +59 @@
      *  Uses router version for partial checks
      */
-    public UpdateRunner(RouterContext ctx, ConsoleUpdateManager mgr, List<URI> uris) { 
-        this(ctx, mgr, uris, RouterVersion.VERSION);
+    public UpdateRunner(RouterContext ctx, ConsoleUpdateManager mgr, UpdateType type, List<URI> uris) { 
+        this(ctx, mgr, type, uris, RouterVersion.VERSION);
+    }
+
+    /**
+     *  Uses router version for partial checks
+     *  @since 0.9.9
+     */
+    public UpdateRunner(RouterContext ctx, ConsoleUpdateManager mgr, UpdateType type,
+                        UpdateMethod method, List<URI> uris) {
+        this(ctx, mgr, type, method, uris, RouterVersion.VERSION);
     }
 
@@ -62 +76 @@
      *  @since 0.9.7
      */
-    public UpdateRunner(RouterContext ctx, ConsoleUpdateManager mgr, List<URI> uris, String currentVersion) { 
+    public UpdateRunner(RouterContext ctx, ConsoleUpdateManager mgr, UpdateType type,
+                        List<URI> uris, String currentVersion) { 
+        this(ctx, mgr, type, HTTP, uris, currentVersion);
+    }
+
+    /**
+     *  @param method HTTP, HTTP_CLEARNET, or HTTPS_CLEARNET
+     *  @param currentVersion used for partial checks
+     *  @since 0.9.9
+     */
+    public UpdateRunner(RouterContext ctx, ConsoleUpdateManager mgr, UpdateType type,
+                        UpdateMethod method, List<URI> uris, String currentVersion) { 
         super("Update Runner");
         setDaemon(true);
@@ -68 +93 @@
         _log = ctx.logManager().getLog(getClass());
         _mgr = mgr;
+        _type = type;
+        _method = method;
         _urls = uris;
         _baos = new ByteArrayOutputStream(TrustedUpdate.HEADER_BYTES);
@@ -83 +110 @@
     }
 
-    public UpdateType getType() { return UpdateType.ROUTER_SIGNED; }
-
-    public UpdateMethod getMethod() { return UpdateMethod.HTTP; }
+    public UpdateType getType() { return _type; }
+
+    public UpdateMethod getMethod() { return _method; }
 
     public URI getURI() { return _currentURI; }
@@ -118 +145 @@
         // we've received at least 56 bytes. Need a cancel() method in EepGet ?
 
-        boolean shouldProxy = Boolean.valueOf(_context.getProperty(ConfigUpdateHandler.PROP_SHOULD_PROXY, ConfigUpdateHandler.DEFAULT_SHOULD_PROXY)).booleanValue();
-        String proxyHost = _context.getProperty(ConfigUpdateHandler.PROP_PROXY_HOST, ConfigUpdateHandler.DEFAULT_PROXY_HOST);
-        int proxyPort = ConfigUpdateHandler.proxyPort(_context);
+        boolean shouldProxy;
+        String proxyHost;
+        int proxyPort;
+        boolean isSSL = false;
+        if (_method == HTTP) {
+            shouldProxy = _context.getProperty(ConfigUpdateHandler.PROP_SHOULD_PROXY, ConfigUpdateHandler.DEFAULT_SHOULD_PROXY);
+            if (shouldProxy) {
+                proxyHost = _context.getProperty(ConfigUpdateHandler.PROP_PROXY_HOST, ConfigUpdateHandler.DEFAULT_PROXY_HOST);
+                proxyPort = ConfigUpdateHandler.proxyPort(_context);
+            } else {
+                // TODO, wrong method, fail
+                proxyHost = null;
+                proxyPort = 0;
+            }
+        } else if (_method == HTTP_CLEARNET) {
+            shouldProxy = false;
+            proxyHost = null;
+            proxyPort = 0;
+        } else if (_method == HTTPS_CLEARNET) {
+            shouldProxy = false;
+            proxyHost = null;
+            proxyPort = 0;
+            isSSL = true;
+        } else {
+            throw new IllegalArgumentException();
+        }
 
         if (_urls.isEmpty()) {
@@ -133 +183 @@
             _currentURI = uri;
             String updateURL = uri.toString();
+            if ((_method == HTTP && !"http".equals(uri.getScheme())) ||
+                (_method == HTTP_CLEARNET && !"http".equals(uri.getScheme())) ||
+                (_method == HTTPS_CLEARNET && !"https".equals(uri.getScheme())) ||
+                uri.getHost() == null ||
+                (_method != HTTP && uri.getHost().toLowerCase(Locale.US).endsWith(".i2p"))) {
+                if (_log.shouldLog(Log.WARN))
+                    _log.warn("Bad update URI " + uri + " for method " + _method);
+                continue;
+            }
+
             updateStatus("<b>" + _("Updating from {0}", linkify(updateURL)) + "</b>");
             if (_log.shouldLog(Log.DEBUG))
@@ -138 +198 @@
 
             // Check the first 56 bytes for the version
-            if (shouldProxy) {
+            // FIXME PartialEepGet works with clearnet but not with SSL
+            _newVersion = null;
+            if (!isSSL) {
                 _isPartial = true;
                 _baos.reset();
@@ -158 +220 @@
                     // 40 retries!!
                     _get = new EepGet(_context, proxyHost, proxyPort, 40, _updateFile, updateURL, false);
+                else if (isSSL)
+                    _get = new SSLEepGet(_context, _updateFile, updateURL);
                 else
                     _get = new EepGet(_context, 1, _updateFile, updateURL, false);
@@ -209 +273 @@
         }
 
+        // FIXME if we didn't do a partial, we don't know
+        if (_newVersion == null)
+            _newVersion = "unknown";
         File tmp = new File(_updateFile);
         if (_mgr.notifyComplete(this, _newVersion, tmp))

apps/routerconsole/java/src/net/i2p/router/web/ConfigTunnelsHelper.java

@@ -14 +14 @@
     private static final String HOPS = ngettext("1 hop", "{0} hops");
     private static final String TUNNELS = ngettext("1 tunnel", "{0} tunnels");
-
-    static final String PROP_ADVANCED = "routerconsole.advanced";
 
     public String getForm() {
@@ -70 +68 @@
     private void renderForm(StringBuilder buf, int index, String prefix, String name, TunnelPoolSettings in, TunnelPoolSettings out) {
 
-        boolean advanced = _context.getBooleanProperty(PROP_ADVANCED);
+        boolean advanced = isAdvanced();
 
         buf.append("<tr><th colspan=\"3\"><a name=\"").append(prefix).append("\">");

apps/routerconsole/java/src/net/i2p/router/web/ConfigUpdateHandler.java

@@ -1 +1 @@
 package net.i2p.router.web;
 
+import java.io.File;
 import java.util.HashMap;
 import java.util.Map;
@@ -23 +24 @@
     private String _proxyPort;
     private boolean _updateThroughProxy;
+    private boolean _newsThroughProxy;
     private String _trustedKeys;
     private boolean _updateUnsigned;
@@ -37 +39 @@
     public static final String DEFAULT_UPDATE_POLICY = "download";
     public static final String PROP_SHOULD_PROXY = "router.updateThroughProxy";
-    public static final String DEFAULT_SHOULD_PROXY = Boolean.TRUE.toString();
+    public static final boolean DEFAULT_SHOULD_PROXY = true;
+    /** @since 0.9.9 */
+    public static final String PROP_SHOULD_PROXY_NEWS = "router.fetchNewsThroughProxy";
+    /** @since 0.9.9 */
+    public static final boolean DEFAULT_SHOULD_PROXY_NEWS = true;
     public static final String PROP_PROXY_HOST = "router.updateProxyHost";
     public static final String DEFAULT_PROXY_HOST = "127.0.0.1";
@@ -51 +57 @@
     
     public static final String PROP_UPDATE_URL = "router.updateURL";
+
     /**
      *  Changed as of release 0.8 to support both .sud and .su2
@@ -76 +83 @@
     "http://update.postman.i2p/i2pupdate.sud" ;
 
+    /**
+     *  These are only for .sud and .su2.
+     *  Do NOT use this for .su3
+     */
     public static final String DEFAULT_UPDATE_URL;
     static {
@@ -83 +94 @@
             DEFAULT_UPDATE_URL = NO_PACK200_URLS;
     }
+
+    private static final String SU3_CERT_DIR = "certificates/router";
+
+    /**
+     *  Only enabled if we have pack200 and trusted public key certificates installed
+     *  @since 0.9.9
+     */
+    public static final boolean USE_SU3_UPDATE;
+    static {
+        String[] files = (new File(I2PAppContext.getGlobalContext().getBaseDir(), SU3_CERT_DIR)).list();
+        USE_SU3_UPDATE = FileUtil.isPack200Supported() && files != null && files.length > 0;
+    }
+
+    private static final String DEFAULT_SU3_UPDATE_URLS =
+    "http://echelon.i2p/i2p/i2pupdate.su3\r\n" +
+    "http://inr.i2p/i2p/i2pupdate.su3\r\n" +
+    "http://meeh.i2p/i2pupdate/i2pupdate.su3\r\n" +
+    "http://stats.i2p/i2p/i2pupdate.su3\r\n" +
+    "http://www.i2p2.i2p/_static/i2pupdate.su3\r\n" +
+    "http://update.dg.i2p/files/i2pupdate.su3\r\n" +
+    "http://update.killyourtv.i2p/i2pupdate.su3\r\n" +
+    "http://update.postman.i2p/i2pupdate.su3" ;
+
+    /**
+     *  Empty string if disabled. Cannot be overridden by config.
+     *  @since 0.9.9
+     */
+    public static final String SU3_UPDATE_URLS = USE_SU3_UPDATE ? DEFAULT_SU3_UPDATE_URLS : "";
 
     public static final String PROP_TRUSTED_KEYS = "router.trustedUpdateKeys";
@@ -131 +170 @@
 
         if ( (_newsURL != null) && (_newsURL.length() > 0) ) {
+            if (_newsURL.startsWith("https"))
+                _newsThroughProxy = false;
             String oldURL = ConfigUpdateHelper.getNewsURL(_context);
             if ( (oldURL == null) || (!_newsURL.equals(oldURL)) ) {
@@ -156 +197 @@
         }
         
-        changes.put(PROP_SHOULD_PROXY, "" + _updateThroughProxy);
-        changes.put(PROP_UPDATE_UNSIGNED, "" + _updateUnsigned);
+        changes.put(PROP_SHOULD_PROXY, Boolean.toString(_updateThroughProxy));
+        changes.put(PROP_SHOULD_PROXY_NEWS, Boolean.toString(_newsThroughProxy));
+        changes.put(PROP_UPDATE_UNSIGNED, Boolean.toString(_updateUnsigned));
         
         String oldFreqStr = _context.getProperty(PROP_REFRESH_FREQUENCY, DEFAULT_REFRESH_FREQUENCY);
@@ -219 +261 @@
     public void setUpdateUnsigned(String foo) { _updateUnsigned = true; }
     public void setZipURL(String url) { _zipURL = url; }
+     /** @since 0.9.9 */
+    public void setNewsThroughProxy(String foo) { _newsThroughProxy = true; }
 }

apps/routerconsole/java/src/net/i2p/router/web/ConfigUpdateHelper.java

@@ -74 +74 @@
     
     public String getUpdateThroughProxy() {
-        String proxy = _context.getProperty(ConfigUpdateHandler.PROP_SHOULD_PROXY, ConfigUpdateHandler.DEFAULT_SHOULD_PROXY);
-        if (Boolean.parseBoolean(proxy)) 
+        if (_context.getProperty(ConfigUpdateHandler.PROP_SHOULD_PROXY, ConfigUpdateHandler.DEFAULT_SHOULD_PROXY))
             return "<input type=\"checkbox\" class=\"optbox\" value=\"true\" name=\"updateThroughProxy\" checked=\"checked\" >";
         else
             return "<input type=\"checkbox\" class=\"optbox\" value=\"true\" name=\"updateThroughProxy\" >";
+    }
+    
+    /** @since 0.9.9 */
+    public String getNewsThroughProxy() {
+        if (_context.getProperty(ConfigUpdateHandler.PROP_SHOULD_PROXY_NEWS, ConfigUpdateHandler.DEFAULT_SHOULD_PROXY_NEWS))
+            return "<input type=\"checkbox\" class=\"optbox\" value=\"true\" name=\"newsThroughProxy\" checked=\"checked\" >";
+        else
+            return "<input type=\"checkbox\" class=\"optbox\" value=\"true\" name=\"newsThroughProxy\" >";
     }
     

apps/routerconsole/java/src/net/i2p/router/web/HelperBase.java

@@ -12 +12 @@
     protected Writer _out;
 
+    static final String PROP_ADVANCED = "routerconsole.advanced";
+
     /**
      * Configure this bean to query a particular router context
@@ -24 +26 @@
             t.printStackTrace();
         }
+    }
+
+    /** @since 0.9.9 */
+    public boolean isAdvanced() {
+        return _context.getBooleanProperty(PROP_ADVANCED);
     }
 

apps/routerconsole/java/src/net/i2p/router/web/NewsHelper.java

@@ -50 +50 @@
         if (mgr == null) return false;
         return mgr.isUpdateInProgress(ROUTER_SIGNED) ||
+               mgr.isUpdateInProgress(ROUTER_SIGNED_SU3) ||
                mgr.isUpdateInProgress(ROUTER_UNSIGNED) ||
                mgr.isUpdateInProgress(TYPE_DUMMY);
@@ -61 +62 @@
         ConsoleUpdateManager mgr = ConsoleUpdateManager.getInstance();
         if (mgr == null) return false;
-        return mgr.getUpdateAvailable(ROUTER_SIGNED) != null;
+        return mgr.getUpdateAvailable(ROUTER_SIGNED) != null ||
+               mgr.getUpdateAvailable(ROUTER_SIGNED_SU3) != null;
     }
 
@@ -72 +74 @@
         ConsoleUpdateManager mgr = ConsoleUpdateManager.getInstance();
         if (mgr == null) return null;
+        String rv = mgr.getUpdateAvailable(ROUTER_SIGNED_SU3);
+        if (rv != null)
+            return rv;
         return mgr.getUpdateAvailable(ROUTER_SIGNED);
     }
@@ -83 +88 @@
         ConsoleUpdateManager mgr = ConsoleUpdateManager.getInstance();
         if (mgr == null) return null;
+        String rv = mgr.getUpdateDownloaded(ROUTER_SIGNED_SU3);
+        if (rv != null)
+            return rv;
         return mgr.getUpdateDownloaded(ROUTER_SIGNED);
     }

apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java

@@ -28 +28 @@
 import static net.i2p.app.ClientAppState.*;
 import net.i2p.apps.systray.SysTray;
+import net.i2p.crypto.KeyStoreUtil;
 import net.i2p.data.Base32;
 import net.i2p.data.DataHelper;
@@ -39 +40 @@
 import net.i2p.util.PortMapper;
 import net.i2p.util.SecureDirectory;
-import net.i2p.util.SecureFileOutputStream;
-import net.i2p.util.ShellCommand;
 import net.i2p.util.SystemVersion;
 import net.i2p.util.VersionComparator;
@@ -676 +675 @@
             return rv;
         }
-        File dir = ks.getParentFile();
-        if (!dir.exists()) {
-            File sdir = new SecureDirectory(dir.getAbsolutePath());
-            if (!sdir.mkdir())
-                return false;
-        }
         return createKeyStore(ks);
     }
@@ -696 +689 @@
     private boolean createKeyStore(File ks) {
         // make a random 48 character password (30 * 8 / 5)
-        byte[] rand = new byte[30];
-        _context.random().nextBytes(rand);
-        String keyPassword = Base32.encode(rand);
+        String keyPassword = KeyStoreUtil.randomString();
         // and one for the cname
-        _context.random().nextBytes(rand);
-        String cname = Base32.encode(rand) + ".console.i2p.net";
-
-        String keytool = (new File(System.getProperty("java.home"), "bin/keytool")).getAbsolutePath();
-        String[] args = new String[] {
-                   keytool,
-                   "-genkey",            // -genkeypair preferred in newer keytools, but this works with more
-                   "-storetype", KeyStore.getDefaultType(),
-                   "-keystore", ks.getAbsolutePath(),
-                   "-storepass", DEFAULT_KEYSTORE_PASSWORD,
-                   "-alias", "console",
-                   "-dname", "CN=" + cname + ",OU=Console,O=I2P Anonymous Network,L=XX,ST=XX,C=XX",
-                   "-validity", "3652",  // 10 years
-                   "-keyalg", "DSA",
-                   "-keysize", "1024",
-                   "-keypass", keyPassword};
-        boolean success = (new ShellCommand()).executeSilentAndWaitTimed(args, 30);  // 30 secs
+        String cname = KeyStoreUtil.randomString() + ".console.i2p.net";
+        boolean success = KeyStoreUtil.createKeys(ks, "console", cname, "Console", keyPassword);
         if (success) {
             success = ks.exists();
             if (success) {
-                SecureFileOutputStream.setPerms(ks);
                 try {
                     Map<String, String> changes = new HashMap();
@@ -734 +709 @@
                                "IP address, host name, router identity, or destination keys.");
         } else {
-            System.err.println("Failed to create console SSL keystore using command line:");
-            StringBuilder buf = new StringBuilder(256);
-            for (int i = 0;  i < args.length; i++) {
-                buf.append('"').append(args[i]).append("\" ");
-            }
-            System.err.println(buf.toString());
-            System.err.println("This is for the Sun/Oracle keytool, others may be incompatible.\n" +
+            System.err.println("Failed to create console SSL keystore.\n" +
+                               "This is for the Sun/Oracle keytool, others may be incompatible.\n" +
                                "If you create the keystore manually, you must add " + PROP_KEYSTORE_PASSWORD + " and " + PROP_KEY_PASSWORD +
                                " to " + (new File(_context.getConfigDir(), "router.config")).getAbsolutePath());

apps/routerconsole/java/src/net/i2p/router/web/TunnelRenderer.java

@@ -40 +40 @@
         Map<Hash, TunnelPool> clientOutboundPools = _context.tunnelManager().getOutboundClientPools();
         destinations = new ArrayList(clientInboundPools.keySet());
-        boolean debug = _context.getBooleanProperty(ConfigTunnelsHelper.PROP_ADVANCED);
+        boolean debug = _context.getBooleanProperty(HelperBase.PROP_ADVANCED);
         for (int i = 0; i < destinations.size(); i++) {
             Hash client = destinations.get(i);

apps/routerconsole/java/src/net/i2p/router/web/UpdateHandler.java

@@ -67 +67 @@
             if (_action.contains("Unsigned")) {
                 update(ROUTER_UNSIGNED);
+            } else if (ConfigUpdateHandler.USE_SU3_UPDATE) {
+                update(ROUTER_SIGNED_SU3);
             } else {
                 update(ROUTER_SIGNED);
@@ -77 +79 @@
         if (mgr == null)
             return;
-        if (mgr.isUpdateInProgress(ROUTER_SIGNED) || mgr.isUpdateInProgress(ROUTER_UNSIGNED)) {
+        if (mgr.isUpdateInProgress(ROUTER_SIGNED) || mgr.isUpdateInProgress(ROUTER_UNSIGNED) ||
+            mgr.isUpdateInProgress(ROUTER_SIGNED_SU3)) {
             _log.error("Update already running");
             return;

apps/routerconsole/jsp/configupdate.jsp

@@ -49 +49 @@
           <td><jsp:getProperty name="updatehelper" property="updatePolicySelectBox" /></td></tr>
     <% }   // if canInstall %>
+        <tr><td class="mediumtags" align="right"><b><%=intl._("Fetch news through the eepProxy?")%></b></td>
+          <td><jsp:getProperty name="updatehelper" property="newsThroughProxy" /></td></tr>
         <tr><td class="mediumtags" align="right"><b><%=intl._("Update through the eepProxy?")%></b></td>
-          <td><jsp:getProperty name="updatehelper" property="updateThroughProxy" /></td>
-        </tr><tr><td class="mediumtags" align="right"><b><%=intl._("eepProxy host")%>:</b></td>
+          <td><jsp:getProperty name="updatehelper" property="updateThroughProxy" /></td></tr>
+      <% if (updatehelper.isAdvanced()) { %>
+        <tr><td class="mediumtags" align="right"><b><%=intl._("eepProxy host")%>:</b></td>
           <td><input type="text" size="10" name="proxyHost" value="<jsp:getProperty name="updatehelper" property="proxyHost" />" /></td>
         </tr><tr><td class="mediumtags" align="right"><b><%=intl._("eepProxy port")%>:</b></td>
           <td><input type="text" size="10" name="proxyPort" value="<jsp:getProperty name="updatehelper" property="proxyPort" />" /></td></tr>
+      <% }   // if isAdvanced %>
     <% if (updatehelper.canInstall()) { %>
+      <% if (updatehelper.isAdvanced()) { %>
         <tr><td class="mediumtags" align="right"><b><%=intl._("Update URLs")%>:</b></td>
           <td><textarea cols="60" rows="6" name="updateURL" wrap="off" spellcheck="false"><jsp:getProperty name="updatehelper" property="updateURL" /></textarea></td>
         </tr><tr><td class="mediumtags" align="right"><b><%=intl._("Trusted keys")%>:</b></td>
-          <td><textarea cols="60" rows="6" name="trustedKeys" wrap="off" spellcheck="false"><jsp:getProperty name="updatehelper" property="trustedKeys" /></textarea></td>
-        </tr><tr><td id="unsignedbuild" class="mediumtags" align="right"><b><%=intl._("Update with unsigned development builds?")%></b></td>
+          <td><textarea cols="60" rows="6" name="trustedKeys" wrap="off" spellcheck="false"><jsp:getProperty name="updatehelper" property="trustedKeys" /></textarea></td></tr>
+      <% }   // if isAdvanced %>
+        <tr><td id="unsignedbuild" class="mediumtags" align="right"><b><%=intl._("Update with unsigned development builds?")%></b></td>
           <td><jsp:getProperty name="updatehelper" property="updateUnsigned" /></td>
         </tr><tr><td class="mediumtags" align="right"><b><%=intl._("Unsigned Build URL")%>:</b></td>

build.xml

@@ -1498 +1498 @@
         </fail>
         <echo message="Key file is ${release.privkey}" />
+        <!-- now build and verify the unpacked sud from the unpacked zip -->
         <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
             <classpath>
@@ -1530 +1531 @@
             <arg value="i2pupdate.sud" />
         </java>
-        <!-- now build and verify the packed sud from the packed zip -->
+        <!-- now build and verify the packed su2 from the packed zip -->
         <java classname="net.i2p.crypto.TrustedUpdate" fork="true" failonerror="true">
             <classpath>
@@ -1563 +1564 @@
             <arg value="i2pupdate.su2" />
         </java>
+        <!-- now build and verify the packed su3 from the packed zip -->
+        <input message="Enter su3 private signing key store:" addproperty="release.privkey.su3" />
+        <fail message="You must enter a path." >
+            <condition>
+                <equals arg1="${release.privkey.su3}" arg2=""/>
+            </condition>
+        </fail>
+        <input message="Enter key name (you@mail.i2p):" addproperty="release.signer.su3" />
+        <fail message="You must enter a name." >
+            <condition>
+                <equals arg1="${release.signer.su3}" arg2=""/>
+            </condition>
+        </fail>
+        <input message="Enter key password for ${release.signer.su3}:" addproperty="release.password.su3" />
+        <fail message="You must enter a password." >
+            <condition>
+                <equals arg1="${release.password.su3}" arg2=""/>
+            </condition>
+        </fail>
+        <java classname="net.i2p.crypto.SU3File" inputstring="${release.password.su3}" fork="true" failonerror="true">
+            <classpath>
+                <pathelement location="build/i2p.jar" />
+            </classpath>
+            <arg value="sign" />
+            <arg value="-c" />
+            <arg value="ROUTER" />
+            <arg value="-t" />
+            <arg value="RSA_SHA512_4096" />
+            <arg value="i2pupdate200.zip" />
+            <arg value="i2pupdate.su3" />
+            <arg value="${release.privkey.su3}" />
+            <arg value="${release.number}" />
+            <arg value="${release.signer.su3}" />
+        </java>
+        <echo message="Verify version and VALID signature:" />
+        <java classname="net.i2p.crypto.SU3File" fork="true" failonerror="true">
+            <classpath>
+                <pathelement location="build/i2p.jar" />
+            </classpath>
+            <!-- set base dir so it can find the pubkey cert -->
+            <jvmarg value="-Di2p.dir.base=installer/resources" />
+            <arg value="verifysig" />
+            <arg value="i2pupdate.su3" />
+        </java>
+        <java classname="net.i2p.crypto.SU3File" fork="true" failonerror="true">
+            <classpath>
+                <pathelement location="build/i2p.jar" />
+            </classpath>
+            <!-- set base dir so it can find the pubkey cert -->
+            <jvmarg value="-Di2p.dir.base=installer/resources" />
+            <arg value="showversion" />
+            <arg value="i2pupdate.su3" />
+        </java>
         <!-- will this use the monotonerc file in the current workspace? -->
         <echo message="Checking out fresh copy into ../i2p-${release.number} for tarballing:" />
@@ -1610 +1664 @@
             <arg value="i2pupdate_${release.number}.zip" />
             <arg value="i2pupdate.su2" />
+            <arg value="i2pupdate.su3" />
             <arg value="i2pupdate.sud" />
             <arg value="i2pinstall_${release.number}_windows.exe.sig" />
@@ -1624 +1679 @@
             <arg value="i2pupdate_${release.number}.zip" />
             <arg value="i2pupdate.su2" />
+            <arg value="i2pupdate.su3" />
             <arg value="i2pupdate.sud" />
             <arg value="i2pinstall_${release.number}_windows.exe.sig" />
@@ -1637 +1693 @@
             <arg value="i2pupdate_${release.number}.zip" />
             <arg value="i2pupdate.su2" />
+            <arg value="i2pupdate.su3" />
             <arg value="i2pupdate.sud" />
         </exec>
@@ -1656 +1713 @@
             </classpath>
             <arg value="i2pupdate-${release.number}.su2" />
+            <arg value="http://tracker2.postman.i2p/announce.php" />
+        </java>
+        <copy file="i2pupdate.su3" tofile="i2pupdate-${release.number}.su3" />
+        <java classname="org.klomp.snark.Storage" fork="true" failonerror="true">
+            <classpath>
+                <pathelement location="build/i2p.jar" />
+                <pathelement location="build/i2psnark.jar" />
+            </classpath>
+            <arg value="i2pupdate-${release.number}.su3" />
             <arg value="http://tracker2.postman.i2p/announce.php" />
         </java>

core/java/src/net/i2p/client/I2CPSSLSocketFactory.java

@@ -8 +8 @@
 import java.security.KeyStore;
 import java.security.GeneralSecurityException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.CertificateFactory;
-import java.security.cert.X509Certificate;
-import java.util.Locale;
 
 import javax.net.ssl.SSLContext;
@@ -19 +14 @@
 
 import net.i2p.I2PAppContext;
+import net.i2p.crypto.KeyStoreUtil;
 import net.i2p.util.Log;
 
@@ -72 +68 @@
 
         File dir = new File(context.getConfigDir(), CERT_DIR);
-        int adds = addCerts(dir, ks);
+        int adds = KeyStoreUtil.addCerts(dir, ks);
         int totalAdds = adds;
         if (adds > 0)
@@ -79 +75 @@
         File dir2 = new File(System.getProperty("user.dir"), CERT_DIR);
         if (!dir.getAbsolutePath().equals(dir2.getAbsolutePath())) {
-            adds = addCerts(dir2, ks);
+            adds = KeyStoreUtil.addCerts(dir2, ks);
             totalAdds += adds;
             if (adds > 0)
@@ -106 +102 @@
     }
 
-    /**
-     *  Load all X509 Certs from a directory and add them to the
-     *  trusted set of certificates in the key store
-     *
-     *  @return number successfully added
-     */
-    private static int addCerts(File dir, KeyStore ks) {
-        info("Looking for X509 Certificates in " + dir.getAbsolutePath());
-        int added = 0;
-        if (dir.exists() && dir.isDirectory()) {
-            File[] files = dir.listFiles();
-            if (files != null) {
-                for (int i = 0; i < files.length; i++) {
-                    File f = files[i];
-                    if (!f.isFile())
-                        continue;
-                    // use file name as alias
-                    String alias = f.getName().toLowerCase(Locale.US);
-                    boolean success = addCert(f, alias, ks);
-                    if (success)
-                        added++;
-                }
-            }
-        }
-        return added;
-    }
-
-    /**
-     *  Load an X509 Cert from a file and add it to the
-     *  trusted set of certificates in the key store
-     *
-     *  @return success
-     */
-    private static boolean addCert(File file, String alias, KeyStore ks) {
-        InputStream fis = null;
-        try {
-            fis = new FileInputStream(file);
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-            X509Certificate cert = (X509Certificate)cf.generateCertificate(fis);
-            info("Read X509 Certificate from " + file.getAbsolutePath() +
-                          " Issuer: " + cert.getIssuerX500Principal() +
-                          "; Valid From: " + cert.getNotBefore() +
-                          " To: " + cert.getNotAfter());
-            try {
-                cert.checkValidity();
-            } catch (CertificateExpiredException cee) {
-                error("Rejecting expired X509 Certificate: " + file.getAbsolutePath(), cee);
-                return false;
-            } catch (CertificateNotYetValidException cnyve) {
-                error("Rejecting X509 Certificate not yet valid: " + file.getAbsolutePath(), cnyve);
-                return false;
-            }
-            ks.setCertificateEntry(alias, cert);
-            info("Now trusting X509 Certificate, Issuer: " + cert.getIssuerX500Principal());
-        } catch (GeneralSecurityException gse) {
-            error("Error reading X509 Certificate: " + file.getAbsolutePath(), gse);
-            return false;
-        } catch (IOException ioe) {
-            error("Error reading X509 Certificate: " + file.getAbsolutePath(), ioe);
-            return false;
-        } finally {
-            try { if (fis != null) fis.close(); } catch (IOException foo) {}
-        }
-        return true;
-    }
-
-    /** @since 0.9.8 */
-    private static void info(String msg) {
-        log(I2PAppContext.getGlobalContext(), Log.INFO, msg, null);
-    }
-
-    /** @since 0.9.8 */
-    private static void error(String msg, Throwable t) {
-        log(I2PAppContext.getGlobalContext(), Log.ERROR, msg, t);
-    }
-
     /** @since 0.9.8 */
     private static void info(I2PAppContext ctx, String msg) {

core/java/src/net/i2p/crypto/CryptoConstants.java

@@ -31 +31 @@
 
 import java.math.BigInteger;
+import java.security.spec.DSAParameterSpec;
 
 import net.i2p.util.NativeBigInteger;
@@ -64 +65 @@
                                                                + "15728E5A8AACAA68FFFFFFFFFFFFFFFF", 16);
     public static final BigInteger elgg = new NativeBigInteger("2");
+
+    /**
+     *  @since 0.9.9
+     */
+    public static final DSAParameterSpec DSA_SHA1_SPEC = new DSAParameterSpec(dsap, dsaq, dsag);
 }

core/java/src/net/i2p/crypto/DSAEngine.java

@@ -35 +35 @@
 import java.math.BigInteger;
 import java.security.GeneralSecurityException;
+import java.security.Key;
 import java.security.KeyFactory;
 import java.security.MessageDigest;
 import java.security.PrivateKey;
 import java.security.PublicKey;
-import java.security.spec.DSAPrivateKeySpec;
-import java.security.spec.DSAPublicKeySpec;
-import java.security.spec.KeySpec;
+import java.security.interfaces.DSAKey;
+import java.security.interfaces.ECKey;
+import java.security.interfaces.RSAKey;
 
 import net.i2p.I2PAppContext;
@@ -63 +64 @@
  *  Params and rv's changed from Hash to SHA1Hash for version 0.8.1
  *  Hash variants of sign() and verifySignature() restored in 0.8.3, required by Syndie.
+ *
+ *  As of 0.9.9, certain methods support ECDSA keys and signatures, i.e. all types
+ *  specified in SigType. The type is specified by the getType() method in
+ *  Signature, SigningPublicKey, and SigningPrivateKey. See Javadocs for individual
+ *  methods for the supported types. Methods encountering an unsupported type
+ *  will throw an IllegalArgumentException.
  */
 public class DSAEngine {
@@ -81 +88 @@
 
     /**
-     *  Verify using DSA-SHA1.
-     *  Uses TheCrypto code unless configured to use the java.security libraries.
+     *  Verify using DSA-SHA1 or ECDSA.
+     *  Uses TheCrypto code for DSA-SHA1 unless configured to use the java.security libraries.
      */
     public boolean verifySignature(Signature signature, byte signedData[], SigningPublicKey verifyingKey) {
         boolean rv;
+        SigType type = signature.getType();
+        if (type != verifyingKey.getType())
+            throw new IllegalArgumentException("type mismatch sig=" + signature.getType() + " key=" + verifyingKey.getType());
+        if (type != SigType.DSA_SHA1) {
+            try {
+                rv = altVerifySig(signature, signedData, verifyingKey);
+                if ((!rv) && _log.shouldLog(Log.WARN))
+                    _log.warn(type + " Sig Verify Fail");
+                return rv;
+            } catch (GeneralSecurityException gse) {
+                if (_log.shouldLog(Log.WARN))
+                    _log.warn(type + " Sig Verify Fail", gse);
+                return false;
+            }
+        }
         if (_useJavaLibs) {
             try {
@@ -105 +127 @@
 
     /**
-     *  Verify using DSA-SHA1
+     *  Verify using DSA-SHA1 ONLY
      */
     public boolean verifySignature(Signature signature, byte signedData[], int offset, int size, SigningPublicKey verifyingKey) {
@@ -112 +134 @@
 
     /**
-     *  Verify using DSA-SHA1
+     *  Verify using DSA-SHA1 ONLY
      */
     public boolean verifySignature(Signature signature, InputStream in, SigningPublicKey verifyingKey) {
@@ -118 +140 @@
     }
 
-    /** @param hash SHA-1 hash, NOT a SHA-256 hash */
+    /**
+     *  Verify using DSA-SHA1 ONLY
+     *  @param hash SHA-1 hash, NOT a SHA-256 hash
+     */
     public boolean verifySignature(Signature signature, SHA1Hash hash, SigningPublicKey verifyingKey) {
         return verifySig(signature, hash, verifyingKey);
@@ -124 +149 @@
 
     /**
+     *  Nonstandard.
      *  Used by Syndie.
      *  @since 0.8.3 (restored, was removed in 0.8.1 and 0.8.2)
@@ -132 +158 @@
 
     /**
+     *  Generic signature type.
+     *
+     *  @param hash SHA1Hash, Hash, Hash384, or Hash512
+     *  @since 0.9.9
+     */
+    public boolean verifySignature(Signature signature, SimpleDataStructure hash, SigningPublicKey verifyingKey) {
+        SigType type = signature.getType();
+        if (type != verifyingKey.getType())
+            throw new IllegalArgumentException("type mismatch sig=" + type + " key=" + verifyingKey.getType());
+        int hashlen = type.getHashLen();
+        if (hash.length() != hashlen)
+            throw new IllegalArgumentException("type mismatch hash=" + hash.getClass() + " sig=" + type);
+        if (type == SigType.DSA_SHA1)
+            return verifySig(signature, hash, verifyingKey);
+        try {
+            return altVerifySigRaw(signature, hash, verifyingKey);
+        } catch (GeneralSecurityException gse) {
+            if (_log.shouldLog(Log.WARN))
+                _log.warn(type + " Sig Verify Fail", gse);
+            return false;
+        }
+    }
+
+    /**
+     *  Generic signature type.
+     *  If you have a Java pubkey, use this, so you don't lose the key parameters,
+     *  which may be different than the ones defined in SigType.
+     *
+     *  @param hash SHA1Hash, Hash, Hash384, or Hash512
+     *  @param pubKey Java key
+     *  @since 0.9.9
+     */
+    public boolean verifySignature(Signature signature, SimpleDataStructure hash, PublicKey pubKey) {
+        try {
+            return altVerifySigRaw(signature, hash, pubKey);
+        } catch (GeneralSecurityException gse) {
+            if (_log.shouldLog(Log.WARN))
+                _log.warn(signature.getType() + " Sig Verify Fail", gse);
+            return false;
+        }
+    }
+
+    /**
+     *  Verify using DSA-SHA1 or Syndie DSA-SHA256 ONLY.
      *  @param hash either a Hash or a SHA1Hash
      *  @since 0.8.3
      */
     private boolean verifySig(Signature signature, SimpleDataStructure hash, SigningPublicKey verifyingKey) {
+        if (signature.getType() != SigType.DSA_SHA1)
+            throw new IllegalArgumentException("Bad sig type " + signature.getType());
+        if (verifyingKey.getType() != SigType.DSA_SHA1)
+            throw new IllegalArgumentException("Bad key type " + verifyingKey.getType());
         long start = _context.clock().now();
 
@@ -185 +259 @@
 
     /**
-     *  Sign using DSA-SHA1.
+     *  Sign using DSA-SHA1 or ECDSA.
      *  Uses TheCrypto code unless configured to use the java.security libraries.
+     *
+     *  @return null on error
      */
     public Signature sign(byte data[], SigningPrivateKey signingKey) {
+        SigType type = signingKey.getType();
+        if (type != SigType.DSA_SHA1) {
+            try {
+                return altSign(data, signingKey);
+            } catch (GeneralSecurityException gse) {
+                if (_log.shouldLog(Log.WARN))
+                    _log.warn(type + " Sign Fail", gse);
+                return null;
+            }
+        }
         if (_useJavaLibs) {
             try {
@@ -202 +288 @@
 
     /**
-     *  Sign using DSA-SHA1
+     *  Sign using DSA-SHA1 ONLY
+     *
+     *  @return null on error
      */
     public Signature sign(byte data[], int offset, int length, SigningPrivateKey signingKey) {
@@ -211 +299 @@
     
     /**
-     *  Sign using DSA-SHA1.
+     *  Sign using DSA-SHA1 ONLY.
      *  Reads the stream until EOF. Does not close the stream.
+     *
+     *  @return null on error
      */
     public Signature sign(InputStream in, SigningPrivateKey signingKey) {
@@ -220 +310 @@
     }
 
-    /** @param hash SHA-1 hash, NOT a SHA-256 hash */
+    /**
+     *  Sign using DSA-SHA1 ONLY.
+     *
+     *  @param hash SHA-1 hash, NOT a SHA-256 hash
+     *  @return null on error
+     */
     public Signature sign(SHA1Hash hash, SigningPrivateKey signingKey) {
         return signIt(hash, signingKey);
@@ -226 +321 @@
 
     /**
+     *  Nonstandard.
      *  Used by Syndie.
+     *
+     *  @return null on error
      *  @since 0.8.3 (restored, was removed in 0.8.1 and 0.8.2)
      */
@@ -234 +332 @@
 
     /**
+     *  Generic signature type.
+     *
+     *  @param hash SHA1Hash, Hash, Hash384, or Hash512
+     *  @return null on error
+     *  @since 0.9.9
+     */
+    public Signature sign(SimpleDataStructure hash, SigningPrivateKey signingKey) {
+        SigType type = signingKey.getType();
+        int hashlen = type.getHashLen();
+        if (hash.length() != hashlen)
+            throw new IllegalArgumentException("type mismatch hash=" + hash.getClass() + " key=" + type);
+        if (type == SigType.DSA_SHA1)
+            return signIt(hash, signingKey);
+        try {
+            return altSignRaw(hash, signingKey);
+        } catch (GeneralSecurityException gse) {
+            if (_log.shouldLog(Log.WARN))
+                _log.warn(type + " Sign Fail", gse);
+            return null;
+        }
+    }
+
+    /**
+     *  Generic signature type.
+     *  If you have a Java privkey, use this, so you don't lose the key parameters,
+     *  which may be different than the ones defined in SigType.
+     *
+     *  @param hash SHA1Hash, Hash, Hash384, or Hash512
+     *  @param privKey Java key
+     *  @param type returns a Signature of this type
+     *  @return null on error
+     *  @since 0.9.9
+     */
+    public Signature sign(SimpleDataStructure hash, PrivateKey privKey, SigType type) {
+        String algo = getRawAlgo(privKey);
+        String talgo = getRawAlgo(type);
+        if (!algo.equals(talgo))
+            throw new IllegalArgumentException("type mismatch type=" + type + " key=" + privKey.getClass().getSimpleName());
+        try {
+            return altSignRaw(algo, hash, privKey, type);
+        } catch (GeneralSecurityException gse) {
+            if (_log.shouldLog(Log.WARN))
+                _log.warn(type + " Sign Fail", gse);
+            return null;
+        }
+    }
+
+    /**
+     *  Sign using DSA-SHA1 or Syndie DSA-SHA256 ONLY.
+     *
      *  @param hash either a Hash or a SHA1Hash
+     *  @return null on error
      *  @since 0.8.3
      */
     private Signature signIt(SimpleDataStructure hash, SigningPrivateKey signingKey) {
         if ((signingKey == null) || (hash == null)) return null;
+        if (signingKey.getType() != SigType.DSA_SHA1)
+            throw new IllegalArgumentException("Bad key type " + signingKey.getType());
         long start = _context.clock().now();
 
@@ -276 +427 @@
                 out[i] = rbytes[i + 1];
             }
+        } else if (rbytes.length > 21) {
+            _log.error("Bad R length " + rbytes.length);
+            return null;
         } else {
-            if (_log.shouldLog(Log.DEBUG)) _log.debug("Using short rbytes.length [" + rbytes.length + "]");
+            //if (_log.shouldLog(Log.DEBUG)) _log.debug("Using short rbytes.length [" + rbytes.length + "]");
             //System.arraycopy(rbytes, 0, out, 20 - rbytes.length, rbytes.length);
             for (int i = 0; i < rbytes.length; i++)
@@ -292 +446 @@
                 out[i + 20] = sbytes[i + 1];
             }
+        } else if (sbytes.length > 21) {
+            _log.error("Bad S length " + sbytes.length);
+            return null;
         } else {
-            if (_log.shouldLog(Log.DEBUG)) _log.debug("Using short sbytes.length [" + sbytes.length + "]");
+            //if (_log.shouldLog(Log.DEBUG)) _log.debug("Using short sbytes.length [" + sbytes.length + "]");
             //System.arraycopy(sbytes, 0, out, 40 - sbytes.length, sbytes.length);
             for (int i = 0; i < sbytes.length; i++)
@@ -339 +496 @@
 
     /**
+     *  Generic verify DSA_SHA1, ECDSA, or RSA
+     *  @throws GeneralSecurityException if algorithm unvailable or on other errors
+     *  @since 0.9.9
+     */
+    private boolean altVerifySig(Signature signature, byte[] data, SigningPublicKey verifyingKey)
+                        throws GeneralSecurityException {
+        SigType type = signature.getType();
+        if (type != verifyingKey.getType())
+            throw new IllegalArgumentException("type mismatch sig=" + type + " key=" + verifyingKey.getType());
+        if (type == SigType.DSA_SHA1)
+            return altVerifySigSHA1(signature, data, verifyingKey);
+
+        java.security.Signature jsig = java.security.Signature.getInstance(type.getAlgorithmName());
+        PublicKey pubKey = SigUtil.toJavaKey(verifyingKey);
+        jsig.initVerify(pubKey);
+        jsig.update(data);
+        boolean rv = jsig.verify(SigUtil.toJavaSig(signature));
+        return rv;
+    }
+
+    /**
+     *  Generic raw verify any type
+     *  @throws GeneralSecurityException if algorithm unvailable or on other errors
+     *  @since 0.9.9
+     */
+    private boolean altVerifySigRaw(Signature signature, SimpleDataStructure hash, SigningPublicKey verifyingKey)
+                        throws GeneralSecurityException {
+        SigType type = signature.getType();
+        if (type != verifyingKey.getType())
+            throw new IllegalArgumentException("type mismatch sig=" + type + " key=" + verifyingKey.getType());
+
+        PublicKey pubKey = SigUtil.toJavaKey(verifyingKey);
+        return verifySignature(signature, hash, pubKey);
+    }
+
+    /**
+     *  Generic raw verify any type.
+     *  If you have a Java pubkey, use this, so you don't lose the key parameters,
+     *  which may be different than the ones defined in SigType.
+     *
+     *  @throws GeneralSecurityException if algorithm unvailable or on other errors
+     *  @param verifyingKey Java key
+     *  @since 0.9.9
+     */
+    private boolean altVerifySigRaw(Signature signature, SimpleDataStructure hash, PublicKey pubKey)
+                        throws GeneralSecurityException {
+        SigType type = signature.getType();
+        int hashlen = hash.length();
+        if (type.getHashLen() != hashlen)
+            throw new IllegalArgumentException("type mismatch hash=" + hash.getClass() + " key=" + type);
+
+        String algo = getRawAlgo(type);
+        java.security.Signature jsig = java.security.Signature.getInstance(algo);
+        jsig.initVerify(pubKey);
+        jsig.update(hash.getData());
+        boolean rv = jsig.verify(SigUtil.toJavaSig(signature));
+        return rv;
+    }
+
+    /**
      *  Alternate to verifySignature() using java.security libraries.
      *  @throws GeneralSecurityException if algorithm unvailable or on other errors
@@ -345 +562 @@
     private boolean altVerifySigSHA1(Signature signature, byte[] data, SigningPublicKey verifyingKey) throws GeneralSecurityException {
         java.security.Signature jsig = java.security.Signature.getInstance("SHA1withDSA");
-        KeyFactory keyFact = KeyFactory.getInstance("DSA");
-        // y p q g
-        KeySpec spec = new DSAPublicKeySpec(new NativeBigInteger(1, verifyingKey.getData()),
-                                            CryptoConstants.dsap,
-                                            CryptoConstants.dsaq,
-                                            CryptoConstants.dsag);
-        PublicKey pubKey = keyFact.generatePublic(spec);
+        PublicKey pubKey = SigUtil.toJavaDSAKey(verifyingKey);
         jsig.initVerify(pubKey);
         jsig.update(data);
-        boolean rv = jsig.verify(sigBytesToASN1(signature.getData()));
+        boolean rv = jsig.verify(SigUtil.toJavaSig(signature));
         //if (!rv) {
         //    System.out.println("BAD SIG\n" + net.i2p.util.HexDump.dump(signature.getData()));
@@ -363 +574 @@
 
     /**
+     *  Generic sign DSA_SHA1, ECDSA, or RSA
+     *  @throws GeneralSecurityException if algorithm unvailable or on other errors
+     *  @since 0.9.9
+     */
+    private Signature altSign(byte[] data, SigningPrivateKey privateKey) throws GeneralSecurityException {
+        SigType type = privateKey.getType();
+        if (type == SigType.DSA_SHA1)
+            return altSignSHA1(data, privateKey);
+
+        java.security.Signature jsig = java.security.Signature.getInstance(type.getAlgorithmName());
+        PrivateKey privKey = SigUtil.toJavaKey(privateKey);
+        jsig.initSign(privKey, _context.random());
+        jsig.update(data);
+        return SigUtil.fromJavaSig(jsig.sign(), type);
+    }
+
+    /**
+     *  Generic raw verify any type
+     *  @param hash SHA1Hash, Hash, Hash384, or Hash512
+     *  @throws GeneralSecurityException if algorithm unvailable or on other errors
+     *  @since 0.9.9
+     */
+    private Signature altSignRaw(SimpleDataStructure hash, SigningPrivateKey privateKey) throws GeneralSecurityException {
+        SigType type = privateKey.getType();
+        String algo = getRawAlgo(type);
+        java.security.Signature jsig = java.security.Signature.getInstance(algo);
+        PrivateKey privKey = SigUtil.toJavaKey(privateKey);
+        return altSignRaw(algo, hash, privKey, type);
+    }
+
+    /**
+     *  Generic raw verify any type
+     *  @param hash SHA1Hash, Hash, Hash384, or Hash512
+     *  @param type returns a Signature of this type
+     *  @throws GeneralSecurityException if algorithm unvailable or on other errors
+     *  @since 0.9.9
+     */
+    private Signature altSignRaw(String algo, SimpleDataStructure hash, PrivateKey privKey, SigType type)
+                                 throws GeneralSecurityException {
+        int hashlen = hash.length();
+        if (type.getHashLen() != hashlen)
+            throw new IllegalArgumentException("type mismatch hash=" + hash.getClass() + " key=" + type);
+
+        java.security.Signature jsig = java.security.Signature.getInstance(algo);
+        jsig.initSign(privKey, _context.random());
+        jsig.update(hash.getData());
+        return SigUtil.fromJavaSig(jsig.sign(), type);
+    }
+
+    /**
      *  Alternate to sign() using java.security libraries.
      *  @throws GeneralSecurityException if algorithm unvailable or on other errors
@@ -369 +630 @@
     private Signature altSignSHA1(byte[] data, SigningPrivateKey privateKey) throws GeneralSecurityException {
         java.security.Signature jsig = java.security.Signature.getInstance("SHA1withDSA");
-        KeyFactory keyFact = KeyFactory.getInstance("DSA");
-        // y p q g
-        KeySpec spec = new DSAPrivateKeySpec(new NativeBigInteger(1, privateKey.getData()),
-                                            CryptoConstants.dsap,
-                                            CryptoConstants.dsaq,
-                                            CryptoConstants.dsag);
-        PrivateKey privKey = keyFact.generatePrivate(spec);
+        PrivateKey privKey = SigUtil.toJavaDSAKey(privateKey);
         jsig.initSign(privKey, _context.random());
         jsig.update(data);
-        return new Signature(aSN1ToSigBytes(jsig.sign()));
-    }
-
-    /**
-     *  http://download.oracle.com/javase/1.5.0/docs/guide/security/CryptoSpec.html
-     *  Signature Format        ASN.1 sequence of two INTEGER values: r and s, in that order:
-     *                                SEQUENCE ::= { r INTEGER, s INTEGER }
-     *
-     *  http://en.wikipedia.org/wiki/Abstract_Syntax_Notation_One
-     *  30 -- tag indicating SEQUENCE
-     *  xx - length in octets
-     *
-     *  02 -- tag indicating INTEGER
-     *  xx - length in octets
-     *  xxxxxx - value
-     *
-     *  Convert to BigInteger and back so we have the minimum length representation, as required.
-     *  r and s are always non-negative.
-     *
-     *  @since 0.8.7
-     */
-    private static byte[] sigBytesToASN1(byte[] sig) {
-        //System.out.println("pre TO asn1\n" + net.i2p.util.HexDump.dump(sig));
-        ByteArrayOutputStream baos = new ByteArrayOutputStream(48);
-        baos.write(0x30);
-        baos.write(0);  // length to be filled in below
-
-        byte[] tmp = new byte[20];
-        baos.write(2);
-        System.arraycopy(sig, 0, tmp, 0, 20);
-        BigInteger r = new BigInteger(1, tmp);
-        byte[] b = r.toByteArray();
-        baos.write(b.length);
-        baos.write(b, 0, b.length);
-
-        baos.write(2);
-        System.arraycopy(sig, 20, tmp, 0, 20);
-        BigInteger s = new BigInteger(1, tmp);
-        b = s.toByteArray();
-        baos.write(b.length);
-        baos.write(b, 0, b.length);
-        byte[] rv = baos.toByteArray();
-        rv[1] = (byte) (rv.length - 2);
-        //System.out.println("post TO asn1\n" + net.i2p.util.HexDump.dump(rv));
-        return rv;
-    }
-
-    /**
-     *  See above.
-     *  @since 0.8.7
-     */
-    private static byte[] aSN1ToSigBytes(byte[] asn) {
-        //System.out.println("pre from asn1\n" + net.i2p.util.HexDump.dump(asn));
-        byte[] rv = new byte[40];
-        int rlen = asn[3];
-        if ((asn[4] & 0x80) != 0)
-            throw new IllegalArgumentException("R is negative");
-        if (rlen > 21)
-            throw new IllegalArgumentException("R too big " + rlen);
-        else if (rlen == 21) {
-            System.arraycopy(asn, 5, rv, 0, 20);
-        } else
-            System.arraycopy(asn, 4, rv, 20 - rlen, rlen);
-        int slenloc = 25 + rlen - 20;
-        int slen = asn[slenloc];
-        if ((asn[slenloc + 1] & 0x80) != 0)
-            throw new IllegalArgumentException("S is negative");
-        if (slen > 21)
-            throw new IllegalArgumentException("S too big " + slen);
-        else if (slen == 21) {
-            System.arraycopy(asn, slenloc + 2, rv, 20, 20);
-        } else
-            System.arraycopy(asn, slenloc + 1, rv, 40 - slen, slen);
-        //System.out.println("post from asn1\n" + net.i2p.util.HexDump.dump(rv));
-        return rv;
+        return SigUtil.fromJavaSig(jsig.sign(), SigType.DSA_SHA1);
+    }
+
+    /** @since 0.9.9 */
+    private static String getRawAlgo(SigType type) {
+        switch (type.getBaseAlgorithm()) {
+            case DSA:
+                return "NONEwithDSA";
+            case EC:
+                return "NONEwithECDSA";
+            case RSA:
+                return "NONEwithRSA";
+            default:
+                throw new IllegalArgumentException();
+        }
+    }
+
+    /** @since 0.9.9 */
+    private static String getRawAlgo(Key key) {
+        if (key instanceof DSAKey)
+            return "NONEwithDSA";
+        if (key instanceof ECKey)
+            return "NONEwithECDSA";
+        if (key instanceof RSAKey)
+            return "NONEwithRSA";
+        throw new IllegalArgumentException();
     }
 

core/java/src/net/i2p/crypto/ElGamalEngine.java

@@ -82 +82 @@
     public void shutdown() {
         _ykgen.shutdown();
+        SigUtil.clearCaches();
     }
 

core/java/src/net/i2p/crypto/KeyGenerator.java

@@ -11 +11 @@
 
 import java.math.BigInteger;
+import java.security.GeneralSecurityException;
+import java.security.InvalidKeyException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
+import java.security.ProviderException;
+import java.security.interfaces.ECPrivateKey;
+import java.security.interfaces.ECPublicKey;
+import java.security.spec.ECPoint;
 
 import net.i2p.I2PAppContext;
@@ -20 +28 @@
 import net.i2p.data.SigningPublicKey;
 import net.i2p.data.SimpleDataStructure;
+import net.i2p.util.Log;
 import net.i2p.util.NativeBigInteger;
 import net.i2p.util.SystemVersion;
+
+
+// main()
+import net.i2p.data.DataHelper;
+import net.i2p.data.Signature;
+import net.i2p.util.Clock;
+import net.i2p.util.RandomSource;
 
 /** Define a way of generating asymmetrical key pairs as well as symmetrical keys
@@ -130 +146 @@
         keys[0] = new PublicKey();
         keys[1] = new PrivateKey();
-        byte[] k0 = aalpha.toByteArray();
-        byte[] k1 = a.toByteArray();
 
         // bigInteger.toByteArray returns SIGNED integers, but since they'return positive,
         // signed two's complement is the same as unsigned
 
-        keys[0].setData(padBuffer(k0, PublicKey.KEYSIZE_BYTES));
-        keys[1].setData(padBuffer(k1, PrivateKey.KEYSIZE_BYTES));
+        try {
+            keys[0].setData(SigUtil.rectify(aalpha, PublicKey.KEYSIZE_BYTES));
+            keys[1].setData(SigUtil.rectify(a, PrivateKey.KEYSIZE_BYTES));
+        } catch (InvalidKeyException ike) {
+            throw new IllegalArgumentException(ike);
+        }
 
         return keys;
@@ -150 +168 @@
         BigInteger aalpha = CryptoConstants.elgg.modPow(a, CryptoConstants.elgp);
         PublicKey pub = new PublicKey();
-        byte [] pubBytes = aalpha.toByteArray();
-        pub.setData(padBuffer(pubBytes, PublicKey.KEYSIZE_BYTES));
+        try {
+            pub.setData(SigUtil.rectify(aalpha, PublicKey.KEYSIZE_BYTES));
+        } catch (InvalidKeyException ike) {
+            throw new IllegalArgumentException(ike);
+        }
         return pub;
     }
 
     /** Generate a pair of DSA keys, where index 0 is a SigningPublicKey, and
-     * index 1 is a SigningPrivateKey
+     * index 1 is a SigningPrivateKey.
+     * DSA-SHA1 only.
+     *
      * @return pair of keys
      */
@@ -164 +187 @@
 
     /**
+     *  DSA-SHA1 only.
+     *
      *  Same as above but different return type
      *  @since 0.8.7
@@ -179 +204 @@
         keys[0] = new SigningPublicKey();
         keys[1] = new SigningPrivateKey();
-        byte k0[] = padBuffer(y.toByteArray(), SigningPublicKey.KEYSIZE_BYTES);
-        byte k1[] = padBuffer(x.toByteArray(), SigningPrivateKey.KEYSIZE_BYTES);
-
-        keys[0].setData(k0);
-        keys[1].setData(k1);
+        try {
+            keys[0].setData(SigUtil.rectify(y, SigningPublicKey.KEYSIZE_BYTES));
+            keys[1].setData(SigUtil.rectify(x, SigningPrivateKey.KEYSIZE_BYTES));
+        } catch (InvalidKeyException ike) {
+            throw new IllegalStateException(ike);
+        }
         return keys;
     }
 
-    /** Convert a SigningPrivateKey to a SigningPublicKey
+    /**
+     *  Generic signature type, supports DSA and ECDSA
+     *  @since 0.9.9
+     */
+    public SimpleDataStructure[] generateSigningKeys(SigType type) throws GeneralSecurityException {
+        if (type == SigType.DSA_SHA1)
+            return generateSigningKeys();
+        KeyPairGenerator kpg = KeyPairGenerator.getInstance(type.getBaseAlgorithm().getName());
+        KeyPair kp;
+        try {
+            kpg.initialize(type.getParams(), _context.random());
+            kp = kpg.generateKeyPair();
+        } catch (ProviderException pe) {
+            // java.security.ProviderException: sun.security.pkcs11.wrapper.PKCS11Exception: CKR_DOMAIN_PARAMS_INVALID
+            // This is a RuntimeException, thx Sun
+            // Fails for P-192 only, on Ubuntu
+            Log log = _context.logManager().getLog(KeyGenerator.class);
+            String pname = kpg.getProvider().getName();
+            if ("BC".equals(pname)) {
+                if (log.shouldLog(Log.WARN))
+                    log.warn("BC KPG failed for " + type, pe);
+                throw new GeneralSecurityException("BC KPG for " + type, pe);
+            }
+            if (!ECConstants.isBCAvailable())
+                throw new GeneralSecurityException(pname + " KPG failed for " + type, pe);
+            if (log.shouldLog(Log.WARN))
+                log.warn(pname + " KPG failed for " + type + ", trying BC"  /* , pe */ );
+            try {
+                kpg = KeyPairGenerator.getInstance(type.getBaseAlgorithm().getName(), "BC");
+                kpg.initialize(type.getParams(), _context.random());
+                kp = kpg.generateKeyPair();
+            } catch (ProviderException pe2) {
+                if (log.shouldLog(Log.WARN))
+                    log.warn("BC KPG failed for " + type + " also", pe2);
+                // throw original exception
+                throw new GeneralSecurityException(pname + " KPG for " + type, pe);
+            } catch (GeneralSecurityException gse) {
+                if (log.shouldLog(Log.WARN))
+                    log.warn("BC KPG failed for " + type + " also", gse);
+                // throw original exception
+                throw new GeneralSecurityException(pname + " KPG for " + type, pe);
+            }
+        }
+        java.security.PublicKey pubkey = kp.getPublic();
+        java.security.PrivateKey privkey = kp.getPrivate();
+        SimpleDataStructure[] keys = new SimpleDataStructure[2];
+        keys[0] = SigUtil.fromJavaKey(pubkey, type);
+        keys[1] = SigUtil.fromJavaKey(privkey, type);
+        return keys;
+    }
+
+    /** Convert a SigningPrivateKey to a SigningPublicKey.
+     * DSA-SHA1 only.
+     *
      * @param priv a SigningPrivateKey object
      * @return a SigningPublicKey object
@@ -195 +274 @@
         BigInteger y = CryptoConstants.dsag.modPow(x, CryptoConstants.dsap);
         SigningPublicKey pub = new SigningPublicKey();
-        byte [] pubBytes = padBuffer(y.toByteArray(), SigningPublicKey.KEYSIZE_BYTES);
-        pub.setData(pubBytes);
+        try {
+            pub.setData(SigUtil.rectify(y, SigningPublicKey.KEYSIZE_BYTES));
+        } catch (InvalidKeyException ike) {
+            throw new IllegalArgumentException(ike);
+        }
         return pub;
     }
 
-    /**
-     * Pad the buffer w/ leading 0s or trim off leading bits so the result is the
-     * given length.  
-     */
-    private final static byte[] padBuffer(byte src[], int length) {
-        byte buf[] = new byte[length];
-
-        if (src.length > buf.length) // extra bits, chop leading bits
-            System.arraycopy(src, src.length - buf.length, buf, 0, buf.length);
-        else if (src.length < buf.length) // short bits, padd w/ 0s
-            System.arraycopy(src, 0, buf, buf.length - src.length, src.length);
-        else
-            // eq
-            System.arraycopy(src, 0, buf, 0, buf.length);
-
-        return buf;
+    public static void main(String args[]) {
+        try {
+             main2(args);
+        } catch (Exception e) {
+             e.printStackTrace();
+        }
+    }
+
+    public static void main2(String args[]) {
+        RandomSource.getInstance().nextBoolean();
+        try { Thread.sleep(1000); } catch (InterruptedException ie) {}
+        int runs = 200; // warmup
+        for (int j = 0; j < 2; j++) {
+            for (int i = 0; i <= 100; i++) {
+                SigType type = SigType.getByCode(i);
+                if (type == null)
+                    break;
+                try {
+                    System.out.println("Testing " + type);
+                    testSig(type, runs);
+                } catch (Exception e) {
+                    System.out.println("error testing " + type);
+                    e.printStackTrace();
+                }
+            }
+            runs = 1000;
+        }
+    }
+
+    private static void testSig(SigType type, int runs) throws GeneralSecurityException {
+        byte src[] = new byte[512];
+        long stime = 0;
+        long vtime = 0;
+        SimpleDataStructure keys[] = KeyGenerator.getInstance().generateSigningKeys(type);
+        //System.out.println("pubkey " + keys[0]);
+        //System.out.println("privkey " + keys[1]);
+        for (int i = 0; i < runs; i++) {
+            RandomSource.getInstance().nextBytes(src);
+            long start = System.nanoTime();
+            Signature sig = DSAEngine.getInstance().sign(src, (SigningPrivateKey) keys[1]);
+            long mid = System.nanoTime();
+            boolean ok = DSAEngine.getInstance().verifySignature(sig, src, (SigningPublicKey) keys[0]);
+            long end = System.nanoTime();
+            stime += mid - start;
+            vtime += end - mid;
+            if (!ok)
+                throw new GeneralSecurityException(type + " V(S(data)) fail");
+        }
+        stime /= 1000*1000;
+        vtime /= 1000*1000;
+        System.out.println(type + " sign/verify " + runs + " times: " + (vtime+stime) + " ms = " +
+                           (((double) stime) / runs) + " each sign, " +
+                           (((double) vtime) / runs) + " each verify, " +
+                           (((double) (stime + vtime)) / runs) + " s+v");
     }
 

core/java/src/net/i2p/crypto/SHA1Hash.java

@@ -26 +26 @@
 
     public final static int HASH_LENGTH = SHA1.HASH_LENGTH;
+    
+    /** @since 0.9.9 */
+    public SHA1Hash() {
+        super();
+    }
     
     /** @throws IllegalArgumentException if data is not 20 bytes (null is ok) */

core/java/src/net/i2p/crypto/SU3File.java

@@ -12 +12 @@
 import java.security.DigestInputStream;
 import java.security.DigestOutputStream;
+import java.security.GeneralSecurityException;
 import java.security.MessageDigest;
+import java.security.PrivateKey;
+import java.security.PublicKey;
+import java.util.ArrayList;
+import java.util.Arrays;
+import java.util.EnumSet;
 import java.util.HashMap;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Locale;
 import java.util.Map;
+import java.util.NoSuchElementException;
+import java.util.Properties;
 
 import net.i2p.I2PAppContext;
@@ -22 +33 @@
 import net.i2p.data.SigningPrivateKey;
 import net.i2p.data.SigningPublicKey;
+import net.i2p.data.SimpleDataStructure;
+import net.i2p.util.HexDump;
+import net.i2p.util.SecureFileOutputStream;
 
 /**
@@ -32 +46 @@
 
     private final I2PAppContext _context;
-    private final Map<SigningPublicKey, String> _trustedKeys;
 
     private final File _file;
@@ -39 +52 @@
     private String _signer;
     private int _signerLength;
-    private int _contentType;
+    private ContentType _contentType;
     private long _contentLength;
-    private SigningPublicKey _signerPubkey;
+    private PublicKey _signerPubkey;
     private boolean _headerVerified;
+    private SigType _sigType;
 
     private static final byte[] MAGIC = DataHelper.getUTF8("I2Psu3");
     private static final int FILE_VERSION = 0;
     private static final int MIN_VERSION_BYTES = 16;
-    private static final int VERSION_OFFSET = Signature.SIGNATURE_BYTES;
+    private static final int VERSION_OFFSET = 40; // Signature.SIGNATURE_BYTES; avoid early ctx init
 
     private static final int TYPE_ZIP = 0;
 
-    private static final int CONTENT_ROUTER = 0;
-    private static final int CONTENT_ROUTER_P200 = 1;
-    private static final int CONTENT_PLUGIN = 2;
-    private static final int CONTENT_RESEED = 3;
-
-    private static final int SIG_DSA_160 = SigType.DSA_SHA1.getCode();
-
-    /**
-     *  Uses TrustedUpdate's default keys for verification.
+    public static final int CONTENT_UNKNOWN = 0;
+    public static final int CONTENT_ROUTER = 1;
+    public static final int CONTENT_PLUGIN = 2;
+    public static final int CONTENT_RESEED = 3;
+
+    private enum ContentType {
+        UNKNOWN(CONTENT_UNKNOWN, "unknown"),
+        ROUTER(CONTENT_ROUTER, "router"),
+        PLUGIN(CONTENT_PLUGIN, "plugin"),
+        RESEED(CONTENT_RESEED, "reseed")
+        ;
+
+        private final int code;
+        private final String name;
+
+        ContentType(int code, String name) {
+            this.code = code;
+            this.name = name;
+        }
+        public int getCode() { return code; }
+        public String getName() { return name; }
+
+        /** @return null if not supported */
+        public static ContentType getByCode(int code) {
+            return BY_CODE.get(Integer.valueOf(code));
+        }
+    }
+
+    private static final Map<Integer, ContentType> BY_CODE = new HashMap<Integer, ContentType>();
+
+    static {
+        for (ContentType type : ContentType.values()) {
+            BY_CODE.put(Integer.valueOf(type.getCode()), type);
+        }
+    }
+
+    private static final ContentType DEFAULT_CONTENT_TYPE = ContentType.UNKNOWN;
+    // avoid early ctx init
+    //private static final SigType DEFAULT_SIG_TYPE = SigType.DSA_SHA1;
+    private static final int DEFAULT_SIG_CODE = 0;
+
+    /**
+     *
      */
     public SU3File(String file) {
@@ -66 +114 @@
 
     /**
-     *  Uses TrustedUpdate's default keys for verification.
+     *
      */
     public SU3File(File file) {
-        this(file, (new TrustedUpdate()).getKeys());
-    }
-
-    /**
-     *  @param trustedKeys map of pubkey to signer name, null ok if not verifying
-     */
-    public SU3File(File file, Map<SigningPublicKey, String> trustedKeys) {
-        this(I2PAppContext.getGlobalContext(), file, trustedKeys);
-    }
-
-    /**
-     *  @param trustedKeys map of pubkey to signer name, null ok if not verifying
-     */
-    public SU3File(I2PAppContext context, File file, Map<SigningPublicKey, String> trustedKeys) {
+        this(I2PAppContext.getGlobalContext(), file);
+    }
+
+    /**
+     *
+     */
+    public SU3File(I2PAppContext context, File file) {
         _context = context;
         _file = file;
-        _trustedKeys = trustedKeys;
     }
 
@@ -96 +136 @@
         verifyHeader();
         return _signer;
+    }
+
+    /**
+     *  @return null if unknown
+     *  @since 0.9.9
+     */
+    public SigType getSigType() throws IOException {
+        verifyHeader();
+        return _sigType;
+    }
+
+    /**
+     *  @return -1 if unknown
+     *  @since 0.9.9
+     */
+    public int getContentType() throws IOException {
+        verifyHeader();
+        return _contentType != null ? _contentType.getCode() : -1;
     }
 
@@ -129 +187 @@
         if (foo != FILE_VERSION)
             throw new IOException("bad file version");
-        skip(in, 1);
-        int sigType = in.read();
-        // TODO, for other known algos we must start over with a new MessageDigest
-        // (rewind 10 bytes)
-        if (sigType != SIG_DSA_160)
-            throw new IOException("bad sig type");
+        int sigTypeCode = (int) DataHelper.readLong(in, 2);
+        _sigType = SigType.getByCode(sigTypeCode);
+        // In verifyAndMigrate it reads this far then rewinds, but we don't need to here
+        if (_sigType == null)
+            throw new IOException("unknown sig type: " + sigTypeCode);
         _signerLength = (int) DataHelper.readLong(in, 2);
-        if (_signerLength != Signature.SIGNATURE_BYTES)
+        if (_signerLength != _sigType.getSigLen())
             throw new IOException("bad sig length");
         skip(in, 1);
@@ -154 +211 @@
             throw new IOException("bad type");
         skip(in, 1);
-        _contentType = in.read();
-        if (_contentType < CONTENT_ROUTER || _contentType > CONTENT_RESEED)
-            throw new IOException("bad content type");
+        int cType = in.read();
+        _contentType = BY_CODE.get(Integer.valueOf(cType));
+        if (_contentType == null)
+            throw new IOException("unknown content type " + cType);
         skip(in, 12);
 
@@ -175 +233 @@
             throw new EOFException();
         _signer = DataHelper.getUTF8(data);
-        if (_trustedKeys != null) {
-            for (Map.Entry<SigningPublicKey, String> e : _trustedKeys.entrySet()) {
-                if (e.getValue().equals(_signer)) {
-                    _signerPubkey = e.getKey();
-                    break;
-                }
-            }
-            if (_signerPubkey == null)
-                throw new IOException("unknown signer: " + _signer);
-        }
+
+        KeyRing ring = new DirKeyRing(new File(_context.getBaseDir(), "certificates"));
+        try {
+            _signerPubkey = ring.getKey(_signer, _contentType.getName(), _sigType);
+        } catch (GeneralSecurityException gse) {
+            IOException ioe = new IOException("keystore error");
+            ioe.initCause(gse);
+            throw ioe;
+        }
+
+        if (_signerPubkey == null)
+            throw new IOException("unknown signer: " + _signer);
         _headerVerified = true;
     }
@@ -202 +262 @@
 
     /**
+     *  One-pass verify.
+     *  Throws IOE on all format errors.
+     *
+     *  @return true if signature is good
+     *  @since 0.9.9
+     */
+    public boolean verify() throws IOException {
+        return verifyAndMigrate(null);
+    }
+
+    /**
      *  One-pass verify and extract the content.
      *  Recommend extracting to a temp location as the sig is not checked until
@@ -207 +278 @@
      *  Throws IOE on all format errors.
      *
-     *  @param migrateTo the output file, probably in zip format
+     *  @param migrateTo the output file, probably in zip format. Null for verify only.
      *  @return true if signature is good
      */
     public boolean verifyAndMigrate(File migrateTo) throws IOException {
-        DigestInputStream in = null;
+        InputStream in = null;
         OutputStream out = null;
         boolean rv = false;
         try {
-            MessageDigest md = SHA1.getInstance();
-            in = new DigestInputStream(new BufferedInputStream(new FileInputStream(_file)), md);
+            in = new BufferedInputStream(new FileInputStream(_file));
+            // read 10 bytes to get the sig type
+            in.mark(10);
+            // following is a dup of that in verifyHeader()
+            byte[] magic = new byte[MAGIC.length];
+            DataHelper.read(in, magic);
+            if (!DataHelper.eq(magic, MAGIC))
+                throw new IOException("Not an su3 file");
+            skip(in, 1);
+            int foo = in.read();
+            if (foo != FILE_VERSION)
+                throw new IOException("bad file version");
+            skip(in, 1);
+            int sigTypeCode = in.read();
+            _sigType = SigType.getByCode(sigTypeCode);
+            if (_sigType == null)
+                throw new IOException("unknown sig type: " + sigTypeCode);
+            // end duplicate code
+            // rewind
+            in.reset();
+            MessageDigest md = _sigType.getDigestInstance();
+            DigestInputStream din = new DigestInputStream(in, md);
+            in = din;
             if (!_headerVerified)
                 verifyHeader(in);
@@ -223 +315 @@
             if (_signerPubkey == null)
                 throw new IOException("unknown signer: " + _signer);
-            out = new FileOutputStream(migrateTo);
+            if (migrateTo != null)  // else verify only
+                out = new FileOutputStream(migrateTo);
             byte[] buf = new byte[16*1024];
             long tot = 0;
@@ -230 +323 @@
                 if (read < 0)
                     throw new EOFException();
-                out.write(buf, 0, read);
+                if (migrateTo != null)  // else verify only
+                    out.write(buf, 0, read);
                 tot += read;
             }
             byte[] sha = md.digest();
-            in.on(false);
-            Signature signature = new Signature();
+            din.on(false);
+            Signature signature = new Signature(_sigType);
             signature.readBytes(in);
-            SHA1Hash hash = new SHA1Hash(sha);
+            SimpleDataStructure hash = _sigType.getHashInstance();
+            hash.setData(sha);
+            //System.out.println("hash\n" + HexDump.dump(sha));
+            //System.out.println("sig\n" + HexDump.dump(signature.getData()));
             rv = _context.dsa().verifySignature(signature, hash, _signerPubkey);
         } catch (DataFormatException dfe) {
@@ -246 +343 @@
             if (in != null) try { in.close(); } catch (IOException ioe) {}
             if (out != null) try { out.close(); } catch (IOException ioe) {}
-            if (!rv)
+            if (migrateTo != null && !rv)
                 migrateTo.delete();
         }
@@ -263 +360 @@
      */
     public void write(File content, int contentType, String version,
-                      String signer, SigningPrivateKey privkey) throws IOException {
+                      String signer, PrivateKey privkey, SigType sigType) throws IOException {
         InputStream in = null;
         DigestOutputStream out = null;
@@ -269 +366 @@
         try {
             in = new BufferedInputStream(new FileInputStream(content));
-            MessageDigest md = SHA1.getInstance();
+            MessageDigest md = sigType.getDigestInstance();
             out = new DigestOutputStream(new BufferedOutputStream(new FileOutputStream(_file)), md);
             out.write(MAGIC);
             out.write((byte) 0);
             out.write((byte) FILE_VERSION);
-            out.write((byte) 0);
-            out.write((byte) SIG_DSA_160);
-            DataHelper.writeLong(out, 2, Signature.SIGNATURE_BYTES);
+            DataHelper.writeLong(out, 2, sigType.getCode());
+            DataHelper.writeLong(out, 2, sigType.getSigLen());
             out.write((byte) 0);
             byte[] verBytes = DataHelper.getUTF8(version);
@@ -316 +412 @@
             byte[] sha = md.digest();
             out.on(false);
-            SHA1Hash hash = new SHA1Hash(sha);
-            Signature signature = _context.dsa().sign(hash, privkey);
+            SimpleDataStructure hash = sigType.getHashInstance();
+            hash.setData(sha);
+            Signature signature = _context.dsa().sign(hash, privkey, sigType);
+            if (signature == null)
+                throw new IOException("sig fail");
+            //System.out.println("hash\n" + HexDump.dump(sha));
+            //System.out.println("sig\n" + HexDump.dump(signature.getData()));
             signature.writeBytes(out);
             ok = true;
@@ -341 +442 @@
     public static void main(String[] args) {
         boolean ok = false;
-        try {
-            if ("showversion".equals(args[0])) {
-                ok = showVersionCLI(args[1]);
-            } else if ("sign".equals(args[0])) {
-                ok = signCLI(args[1], args[2], args[3], args[4], args[5]);
-            } else if ("verifysig".equals(args[0])) {
-                ok = verifySigCLI(args[1]);
+        List<String> a = new ArrayList(Arrays.asList(args));
+        try {
+            // defaults
+            String stype = null;
+            String ctype = null;
+            Iterator<String> iter = a.iterator();
+            String cmd = iter.next();
+            iter.remove();
+            for ( ; iter.hasNext(); ) {
+                String arg = iter.next();
+                if (arg.equals("-t")) {
+                    iter.remove();
+                    stype = iter.next();
+                    iter.remove();
+                } else if (arg.equals("-c")) {
+                    iter.remove();
+                    ctype = iter.next();
+                    iter.remove();
+                }
+            }
+            if ("showversion".equals(cmd)) {
+                ok = showVersionCLI(a.get(0));
+            } else if ("sign".equals(cmd)) {
+                // speed things up by specifying a small PRNG buffer size
+                Properties props = new Properties();
+                props.setProperty("prng.bufferSize", "16384");
+                new I2PAppContext(props);
+                ok = signCLI(stype, ctype, a.get(0), a.get(1), a.get(2), a.get(3), a.get(4));
+            } else if ("verifysig".equals(cmd)) {
+                ok = verifySigCLI(a.get(0));
+            } else if ("keygen".equals(cmd)) {
+                ok = genKeysCLI(stype, a.get(0), a.get(1), a.get(2));
+            } else if ("extract".equals(cmd)) {
+                ok = extractCLI(a.get(0), a.get(1));
             } else {
                 showUsageCLI();
             }
-        } catch (ArrayIndexOutOfBoundsException aioobe) {
+        } catch (NoSuchElementException nsee) {
+            showUsageCLI();
+        } catch (IndexOutOfBoundsException ioobe) {
             showUsageCLI();
         }
@@ -359 +489 @@
 
     private static final void showUsageCLI() {
-        System.err.println("Usage: SU3File showversion   signedFile.su3");
-        System.err.println("       SU3File sign          inputFile.zip signedFile.su3 privateKeyFile version signerName@mail.i2p");
-        System.err.println("       SU3File verifysig     signedFile.su3");
+        System.err.println("Usage: SU3File keygen       [-t type|code] publicKeyFile keystore.ks you@mail.i2p");
+        System.err.println("       SU3File sign         [-c type|code] [-t type|code] inputFile.zip signedFile.su3 keystore.ks version you@mail.i2p");
+        System.err.println("       SU3File showversion  signedFile.su3");
+        System.err.println("       SU3File verifysig    signedFile.su3");
+        System.err.println("       SU3File extract      signedFile.su3 outFile.zip");
+        System.err.println(dumpTypes());
+    }
+
+    /** @since 0.9.9 */
+    private static String dumpTypes() {
+        StringBuilder buf = new StringBuilder(256);
+        buf.append("Available signature types:\n");
+        for (SigType t : EnumSet.allOf(SigType.class)) {
+            buf.append("      ").append(t).append("\t(code: ").append(t.getCode()).append(')');
+            if (t.getCode() == DEFAULT_SIG_CODE)
+                buf.append(" DEFAULT");
+            buf.append('\n');
+        }
+        buf.append("Available content types:\n");
+        for (ContentType t : EnumSet.allOf(ContentType.class)) {
+            buf.append("      ").append(t).append("\t(code: ").append(t.getCode()).append(')');
+            if (t == DEFAULT_CONTENT_TYPE)
+                buf.append(" DEFAULT");
+            buf.append('\n');
+        }
+        return buf.toString();
+    }
+
+    /**
+     *  @param stype number or name
+     *  @return null if not found
+     *  @since 0.9.9
+     */
+    private static SigType parseSigType(String stype) {
+        try {
+            return SigType.valueOf(stype.toUpperCase(Locale.US));
+        } catch (IllegalArgumentException iae) {
+            try {
+                int code = Integer.parseInt(stype);
+                return SigType.getByCode(code);
+            } catch (NumberFormatException nfe) {
+                return null;
+             }
+        }
+    }
+    /**
+     *  @param stype number or name
+     *  @return null if not found
+     *  @since 0.9.9
+     */
+    private static ContentType parseContentType(String ctype) {
+        try {
+            return ContentType.valueOf(ctype.toUpperCase(Locale.US));
+        } catch (IllegalArgumentException iae) {
+            try {
+                int code = Integer.parseInt(ctype);
+                return ContentType.getByCode(code);
+            } catch (NumberFormatException nfe) {
+                return null;
+             }
+        }
     }
 
@@ -367 +555 @@
     private static final boolean showVersionCLI(String signedFile) {
         try {
-            SU3File file = new SU3File(new File(signedFile), null);
+            SU3File file = new SU3File(signedFile);
             String versionString = file.getVersionString();
             if (versionString.equals(""))
                 System.out.println("No version string found in file '" + signedFile + "'");
             else
-                System.out.println("Version: " + versionString);
+                System.out.println("Version:  " + versionString);
+            String signerString = file.getSignerString();
+            if (signerString.equals(""))
+                System.out.println("No signer string found in file '" + signedFile + "'");
+            else
+                System.out.println("Signer:   " + signerString);
+            if (file._sigType != null)
+                System.out.println("SigType:  " + file._sigType);
             return !versionString.equals("");
         } catch (IOException ioe) {
@@ -380 +575 @@
     }
 
-    /** @return success */
-    private static final boolean signCLI(String inputFile, String signedFile, String privateKeyFile,
-                                         String version, String signerName) {
-        InputStream in = null;
-        try {
-            in = new FileInputStream(privateKeyFile);
-            SigningPrivateKey spk = new SigningPrivateKey();
-            spk.readBytes(in);
-            in.close();
+    /**
+     *  @return success
+     *  @since 0.9.9
+     */
+    private static final boolean signCLI(String stype, String ctype, String inputFile, String signedFile,
+                                         String privateKeyFile, String version, String signerName) {
+        SigType type = stype == null ? SigType.getByCode(Integer.valueOf(DEFAULT_SIG_CODE)) : parseSigType(stype);
+        if (type == null) {
+            System.out.println("Signature type " + stype + " is not supported");
+            return false;
+        }
+        ContentType ct = ctype == null ? DEFAULT_CONTENT_TYPE : parseContentType(ctype);
+        if (ct == null) {
+            System.out.println("Content type " + ctype + " is not supported");
+            return false;
+        }
+        return signCLI(type, ct, inputFile, signedFile, privateKeyFile, version, signerName);
+    }
+
+    /**
+     *  @return success
+     *  @since 0.9.9
+     */
+    private static final boolean signCLI(SigType type, ContentType ctype, String inputFile, String signedFile,
+                                         String privateKeyFile, String version, String signerName) {
+        try {
+            String keypw = "";
+            while (keypw.length() < 6) {
+                System.out.print("Enter password for key \"" + signerName + "\": ");
+                keypw = DataHelper.readLine(System.in).trim();
+                if (keypw.length() > 0 && keypw.length() < 6)
+                    System.out.println("Key password must be at least 6 characters");
+            }
+            File pkfile = new File(privateKeyFile);
+            PrivateKey pk = KeyStoreUtil.getPrivateKey(pkfile,KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD, signerName, keypw);
+            if (pk == null) {
+                System.out.println("Private key for " + signerName + " not found in keystore " + privateKeyFile);
+                return false;
+            }
             SU3File file = new SU3File(signedFile);
-            file.write(new File(inputFile), CONTENT_ROUTER, version, signerName, spk);
+            file.write(new File(inputFile), ctype.getCode(), version, signerName, pk, type);
             System.out.println("Input file '" + inputFile + "' signed and written to '" + signedFile + "'");
             return true;
-        } catch (DataFormatException dfe) {
+        } catch (GeneralSecurityException gse) {
             System.out.println("Error signing input file '" + inputFile + "'");
-            dfe.printStackTrace();
+            gse.printStackTrace();
             return false;
         } catch (IOException ioe) {
@@ -401 +626 @@
             ioe.printStackTrace();
             return false;
-        } finally {
-            if (in != null) try { in.close(); } catch (IOException ioe) {}
         }
     }
@@ -411 +634 @@
         try {
             SU3File file = new SU3File(signedFile);
-            boolean isValidSignature = file.verifyAndMigrate(new File("/dev/null"));
+            boolean isValidSignature = file.verify();
             if (isValidSignature)
-                System.out.println("Signature VALID (signed by " + file.getSignerString() + ')');
+                System.out.println("Signature VALID (signed by " + file.getSignerString() + ' ' + file._sigType + ')');
             else
-                System.out.println("Signature INVALID (signed by " + file.getSignerString() + ')');
+                System.out.println("Signature INVALID (signed by " + file.getSignerString() + ' ' + file._sigType +')');
             return isValidSignature;
         } catch (IOException ioe) {
@@ -423 +646 @@
         }
     }
+
+    /**
+     *  @return success
+     *  @since 0.9.9
+     */
+    private static final boolean extractCLI(String signedFile, String outFile) {
+        InputStream in = null;
+        try {
+            SU3File file = new SU3File(signedFile);
+            File out = new File(outFile);
+            boolean ok = file.verifyAndMigrate(out);
+            if (ok)
+                System.out.println("File extracted (signed by " + file.getSignerString() + ' ' + file._sigType + ')');
+            else
+                System.out.println("Signature INVALID (signed by " + file.getSignerString() + ' ' + file._sigType +')');
+            return ok;
+        } catch (IOException ioe) {
+            System.out.println("Error extracting from file '" + signedFile + "'");
+            ioe.printStackTrace();
+            return false;
+        }
+    }
+
+    /**
+     *  @return success
+     *  @since 0.9.9
+     */
+    private static final boolean genKeysCLI(String stype, String publicKeyFile, String privateKeyFile, String alias) {
+        SigType type = stype == null ? SigType.getByCode(Integer.valueOf(DEFAULT_SIG_CODE)) : parseSigType(stype);
+        if (type == null) {
+            System.out.println("Signature type " + stype + " is not supported");
+            return false;
+        }
+        return genKeysCLI(type, publicKeyFile, privateKeyFile, alias);
+    }
+
+    /**
+     *  Writes Java-encoded keys (X.509 for public and PKCS#8 for private)
+     *  @return success
+     *  @since 0.9.9
+     */
+    private static final boolean genKeysCLI(SigType type, String publicKeyFile, String privateKeyFile, String alias) {
+        File pubFile = new File(publicKeyFile);
+        if (pubFile.exists()) {
+            System.out.println("Error: Not overwriting file " + publicKeyFile);
+            return false;
+        }
+        File ksFile = new File(privateKeyFile);
+        String keypw = "";
+        try {
+            while (alias.length() == 0) {
+                System.out.print("Enter key name (example@mail.i2p): ");
+                alias = DataHelper.readLine(System.in).trim();
+            }
+            while (keypw.length() < 6) {
+                System.out.print("Enter new key password: ");
+                keypw = DataHelper.readLine(System.in).trim();
+                if (keypw.length() > 0 && keypw.length() < 6)
+                    System.out.println("Key password must be at least 6 characters");
+            }
+        } catch (IOException ioe) {
+            return false;
+        }
+        int keylen = type.getPubkeyLen() * 8;
+        if (type.getBaseAlgorithm() == SigAlgo.EC) {
+            keylen /= 2;
+            if (keylen == 528)
+                keylen = 521;
+        }
+        boolean success = KeyStoreUtil.createKeys(ksFile, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD, alias,
+                                                  alias, "I2P", 3652, type.getBaseAlgorithm().getName(),
+                                                  keylen, keypw);
+        if (!success) {
+            System.err.println("Error creating keys for " + alias);
+            return false;
+        }
+        File outfile = new File(publicKeyFile);
+        success = KeyStoreUtil.exportCert(ksFile, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD, alias, outfile);
+        if (!success) {
+            System.err.println("Error writing public key for " + alias + " to " + outfile);
+            return false;
+        }
+        return true;
+    }
 }

core/java/src/net/i2p/crypto/SigType.java

@@ -7 +7 @@
 import java.util.HashMap;
 import java.util.Map;
+
+import net.i2p.data.Hash;
+import net.i2p.data.SimpleDataStructure;
 
 /**
@@ -24 +27 @@
      *  @since 0.9.8
      */
-    DSA_SHA1(0, 128, 20, 20, 40, "SHA-1", "SHA1withDSA", null),
+    DSA_SHA1(0, 128, 20, 20, 40, SigAlgo.DSA, "SHA-1", "SHA1withDSA", CryptoConstants.DSA_SHA1_SPEC),
+    /**  Pubkey 64 bytes; privkey 32 bytes; hash 32 bytes; sig 64 bytes */
+    ECDSA_SHA256_P256(1, 64, 32, 32, 64, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.P256_SPEC),
+    /**  Pubkey 96 bytes; privkey 48 bytes; hash 48 bytes; sig 96 bytes */
+    ECDSA_SHA384_P384(2, 96, 48, 48, 96, SigAlgo.EC, "SHA-384", "SHA384withECDSA", ECConstants.P384_SPEC),
+    /**  Pubkey 132 bytes; privkey 66 bytes; hash 64 bytes; sig 132 bytes */
+    ECDSA_SHA512_P521(3, 132, 66, 64, 132, SigAlgo.EC, "SHA-512", "SHA512withECDSA", ECConstants.P521_SPEC),
+
+    /**  Pubkey 256 bytes; privkey 512 bytes; hash 32 bytes; sig 256 bytes */
+    RSA_SHA256_2048(4, 256, 512, 32, 256, SigAlgo.RSA, "SHA-256", "SHA256withRSA", RSAConstants.F4_2048_SPEC),
+    /**  Pubkey 384 bytes; privkey 768 bytes; hash 48 bytes; sig 384 bytes */
+    RSA_SHA384_3072(5, 384, 768, 48, 384, SigAlgo.RSA, "SHA-384", "SHA384withRSA", RSAConstants.F4_3072_SPEC),
+    /**  Pubkey 512 bytes; privkey 1024 bytes; hash 64 bytes; sig 512 bytes */
+    RSA_SHA512_4096(6, 512, 1024, 64, 512, SigAlgo.RSA, "SHA-512", "SHA512withRSA", RSAConstants.F4_4096_SPEC),
+
+
+
+    // TESTING....................
+
+
+
+    // others..........
+
+    // EC mix and match
+    //ECDSA_SHA256_P192(5, 48, 24, 32, 48, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.P192_SPEC),
+    //ECDSA_SHA256_P384(6, 96, 48, 32, 96, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.P384_SPEC),
+    //ECDSA_SHA256_P521(7, 132, 66, 32, 132, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.P521_SPEC),
+    //ECDSA_SHA384_P256(8, 64, 32, 48, 64, SigAlgo.EC, "SHA-384", "SHA384withECDSA", ECConstants.P256_SPEC),
+    //ECDSA_SHA384_P521(9, 132, 66, 48, 132, SigAlgo.EC, "SHA-384", "SHA384withECDSA", ECConstants.P521_SPEC),
+    //ECDSA_SHA512_P256(10, 64, 32, 64, 64, SigAlgo.EC, "SHA-512", "SHA512withECDSA", ECConstants.P256_SPEC),
+    //ECDSA_SHA512_P384(11, 96, 48, 64, 96, SigAlgo.EC, "SHA-512", "SHA512withECDSA", ECConstants.P384_SPEC),
+
+    // Koblitz
+    //ECDSA_SHA256_K163(12, 42, 21, 32, 42, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K163_SPEC),
+    //ECDSA_SHA256_K233(13, 60, 30, 32, 60, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K233_SPEC),
+    //ECDSA_SHA256_K283(14, 72, 36, 32, 72, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K283_SPEC),
+    //ECDSA_SHA256_K409(15, 104, 52, 32, 104, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K409_SPEC),
+    //ECDSA_SHA256_K571(16, 144, 72, 32, 144, SigAlgo.EC, "SHA-256", "SHA256withECDSA", ECConstants.K571_SPEC),
+
+    // too short..............
     /**  Pubkey 48 bytes; privkey 24 bytes; hash 20 bytes; sig 48 bytes */
-    ECDSA_SHA1_P192(1, 48, 24, 20, 48, "SHA-1", "SHA1withECDSA", null),
-    /**  Pubkey 64 bytes; privkey 32 bytes; hash 32 bytes; sig 64 bytes */
-    ECDSA_SHA256_P256(2, 64, 32, 32, 64, "SHA-256", "SHA256withECDSA", null),
-    /**  Pubkey 96 bytes; privkey 48 bytes; hash 48 bytes; sig 96 bytes */
-    ECDSA_SHA384_P384(3, 96, 48, 48, 96, "SHA-384", "SHA384withECDSA", null),
-    /**  Pubkey 132 bytes; privkey 66 bytes; hash 64 bytes; sig 132 bytes */
-    ECDSA_SHA512_P521(4, 132, 66, 64, 132, "SHA-512", "SHA512withECDSA", null),
+    //ECDSA_SHA1_P192(1, 48, 24, 20, 48, SigAlgo.EC, "SHA-1", "SHA1withECDSA", ECConstants.P192_SPEC),
+    //RSA_SHA1(17, 128, 256, 20, 128, SigAlgo.RSA, "SHA-1", "SHA1withRSA", RSAConstants.F4_1024_SPEC),
+    //MD5
+    //RSA_SHA1
 
-    //MD5
     //ELGAMAL_SHA256
-    //RSA_SHA1
-    //RSA_SHA256
-    //RSA_SHA384
-    //RSA_SHA512
     //DSA_2048_224(2, 256, 28, 32, 56, "SHA-256"),
     // Nonstandard, used by Syndie.
@@ -48 +82 @@
     // Pubkey 384 bytes; privkey 32 bytes; hash 32 bytes; sig 64 bytes
     //DSA_3072_256(3, 384, 32, 32, 64, "SHA-256", "?"),
+
     ;   
 
     private final int code, pubkeyLen, privkeyLen, hashLen, sigLen;
+    private final SigAlgo base;
     private final String digestName, algoName;
     private final AlgorithmParameterSpec params;
 
-    SigType(int cod, int pubLen, int privLen, int hLen, int sLen,
+    SigType(int cod, int pubLen, int privLen, int hLen, int sLen, SigAlgo baseAlgo,
             String mdName, String aName, AlgorithmParameterSpec pSpec) {
         code = cod;
@@ -61 +97 @@
         hashLen = hLen;
         sigLen = sLen;
+        base = baseAlgo;
         digestName = mdName;
         algoName = aName;
@@ -76 +113 @@
     /** the length of the signature, in bytes */
     public int getSigLen() { return sigLen; }
+    /** the standard base algorithm name used for the Java crypto factories */
+    public SigAlgo getBaseAlgorithm() { return base; }
     /** the standard name used for the Java crypto factories */
     public String getAlgorithmName() { return algoName; }
@@ -101 +140 @@
     }
 
+    /**
+     *  @since 0.9.9
+     *  @throws UnsupportedOperationException if not supported
+     */
+    public SimpleDataStructure getHashInstance() {
+        switch (getHashLen()) {
+            case 20:
+                return new SHA1Hash();
+            case 32:
+                return new Hash();
+            case 48:
+                return new Hash384();
+            case 64:
+                return new Hash512();
+            default:
+                throw new UnsupportedOperationException("Unsupported hash length: " + getHashLen());
+        }
+    }
+
     private static final Map<Integer, SigType> BY_CODE = new HashMap<Integer, SigType>();
 

core/java/src/net/i2p/crypto/TrustedUpdate.java

@@ -22 +22 @@
 import net.i2p.data.SigningPublicKey;
 import net.i2p.util.Log;
+import net.i2p.util.SecureFileOutputStream;
 import net.i2p.util.VersionComparator;
 import net.i2p.util.ZipFileComment;
@@ -316 +317 @@
     /** @return success */
     private static final boolean genKeysCLI(String publicKeyFile, String privateKeyFile) {
+        File pubFile = new File(publicKeyFile);
+        File privFile = new File(privateKeyFile);
+        if (pubFile.exists()) {
+            System.out.println("Error: Not overwriting file " + publicKeyFile);
+            return false;
+        }
+        if (privFile.exists()) {
+            System.out.println("Error: Not overwriting file " + privateKeyFile);
+            return false;
+        }
         FileOutputStream fileOutputStream = null;
-
         I2PAppContext context = I2PAppContext.getGlobalContext();
         try {
@@ -324 +334 @@
             SigningPrivateKey signingPrivateKey = (SigningPrivateKey) signingKeypair[1];
 
-            fileOutputStream = new FileOutputStream(publicKeyFile);
+            fileOutputStream = new SecureFileOutputStream(pubFile);
             signingPublicKey.writeBytes(fileOutputStream);
             fileOutputStream.close();
             fileOutputStream = null;
 
-            fileOutputStream = new FileOutputStream(privateKeyFile);
+            fileOutputStream = new SecureFileOutputStream(privFile);
             signingPrivateKey.writeBytes(fileOutputStream);
 

core/java/src/net/i2p/update/UpdateType.java

@@ -7 +7 @@
  */
 public enum UpdateType {
-    TYPE_DUMMY,   // Internal use only
+    /** Dummy: internal use only */
+    TYPE_DUMMY,
     NEWS,
     ROUTER_SIGNED,
     ROUTER_UNSIGNED,
     PLUGIN,
+    /** unused */
     GEOIP,
+    /** unused */
     BLOCKLIST,
+    /** unused */
     RESEED,
+    /** unused */
     HOMEPAGE,
-    ADDRESSBOOK
+    /** unused */
+    ADDRESSBOOK,
+    /** @since 0.9.9 */
+    ROUTER_SIGNED_SU3
 }

core/java/src/net/i2p/util/EepGet.java

@@ -1056 +1056 @@
                 if ("http".equals(url.getProtocol())) {
                     String host = url.getHost();
+                    if (host.toLowerCase(Locale.US).endsWith(".i2p"))
+                        throw new MalformedURLException("I2P addresses must be proxied");
                     int port = url.getPort();
                     if (port == -1)
@@ -1061 +1063 @@
                     _proxy = new Socket(host, port);
                 } else {
-                    throw new IOException("URL is not supported:" + _actualURL);
+                    throw new MalformedURLException("URL is not supported:" + _actualURL);
                 }
             // an MUE is an IOE
@@ -1090 +1092 @@
         URL url = new URL(_actualURL);
         String host = url.getHost();
+        if (host == null || host.length() <= 0)
+            throw new MalformedURLException("Bad URL, no host");
         int port = url.getPort();
         String path = url.getPath();

core/java/src/net/i2p/util/NativeBigInteger.java

@@ -113 +113 @@
      */
     private static boolean _doLog = System.getProperty("jbigi.dontLog") == null &&
-                                    I2PAppContext.getGlobalContext().isRouterContext();
+                                    I2PAppContext.getCurrentContext() != null &&
+                                    I2PAppContext.getCurrentContext().isRouterContext();
     
     /**

core/java/src/net/i2p/util/PartialEepGet.java

@@ -4 +4 @@
 import java.io.IOException;
 import java.io.OutputStream;
+import java.net.MalformedURLException;
 import java.net.URL;
 
@@ -12 +13 @@
  * Anything less or more will throw an IOException
  * No retries, no min and max size options, no timeout option
+ * If the server does not return a Content-Length header of the correct size,
+ * the fetch will fail.
+ *
  * Useful for checking .sud versions
  *
@@ -20 +24 @@
     long _fetchSize;
 
-    /** @param size fetch exactly this many bytes */
+    /**
+     * Instantiate an EepGet that will fetch exactly size bytes when fetch() is called.
+     *
+     * @param proxyHost use null or "" for no proxy
+     * @param proxyPort use 0 for no proxy
+     * @param size fetch exactly this many bytes
+     */
     public PartialEepGet(I2PAppContext ctx, String proxyHost, int proxyPort,
                          OutputStream outputStream,  String url, long size) {
         // we're using this constructor:
-        // public EepGet(I2PAppContext ctx, boolean shouldProxy, String proxyHost, int proxyPort, int numRetries, long minSize, long maxSize, String outputFile, OutputStream outputStream, String url, boolean allowCaching, String etag, String postData) {
-        super(ctx, true, proxyHost, proxyPort, 0, size, size, null, outputStream, url, true, null, null);
+        // public EepGet(I2PAppContext ctx, boolean shouldProxy, String proxyHost, int proxyPort, int numRetries,
+        //               long minSize, long maxSize, String outputFile, OutputStream outputStream, String url, boolean allowCaching, String etag, String postData) {
+        super(ctx, proxyHost != null && proxyPort > 0, proxyHost, proxyPort, 0,
+              size, size, null, outputStream, url, true, null, null);
         _fetchSize = size;
     }
@@ -89 +101 @@
     
     private static void usage() {
-        System.err.println("PartialEepGet [-p 127.0.0.1:4444] [-l #bytes] url");
+        System.err.println("PartialEepGet [-p 127.0.0.1:4444] [-l #bytes] url\n" +
+                           "              (use -p :0 for no proxy)");
     }
     
@@ -97 +110 @@
         URL url = new URL(_actualURL);
         String host = url.getHost();
+        if (host == null || host.length() <= 0)
+            throw new MalformedURLException("Bad URL, no host");
         int port = url.getPort();
         String path = url.getPath();

core/java/src/net/i2p/util/SSLEepGet.java

@@ -47 +47 @@
 import java.io.PipedInputStream;
 import java.io.PipedOutputStream;
-import java.io.PrintWriter;
+import java.net.MalformedURLException;
 import java.net.URL;
 import java.security.KeyStore;
 import java.security.GeneralSecurityException;
 import java.security.cert.Certificate;
+import java.security.cert.CertificateEncodingException;
 import java.security.cert.CertificateException;
-import java.security.cert.CertificateEncodingException;
-import java.security.cert.CertificateExpiredException;
-import java.security.cert.CertificateNotYetValidException;
-import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
-import java.util.Enumeration;
 import java.util.Locale;
 import javax.net.ssl.SSLContext;
@@ -68 +64 @@
 
 import net.i2p.I2PAppContext;
-import net.i2p.data.Base64;
+import net.i2p.crypto.CertUtil;
+import net.i2p.crypto.KeyStoreUtil;
 import net.i2p.data.DataHelper;
 
@@ -77 +74 @@
  * Self-signed certs or CAs not in the JVM key store must be loaded to be trusted.
  *
- * Since 0.8.2, loads additional trusted CA certs from $I2P/certificates/ and ~/.i2p/certificates/
+ * Since 0.8.2, loads additional trusted CA certs from $I2P/certificates/ssl/ and ~/.i2p/certificates/ssl/
  *
  * @author zzz
@@ -92 +89 @@
     private SavingTrustManager _stm;
 
-    private static final boolean _isAndroid = SystemVersion.isAndroid();
+    private static final String CERT_DIR = "certificates/ssl";
 
     /**
@@ -108 +105 @@
      */
     public SSLEepGet(I2PAppContext ctx, OutputStream outputStream, String url, SSLState state) {
+        this(ctx, null, outputStream, url, null);
+    }
+
+    /**
+     *  A new SSLEepGet with a new SSLState
+     *  @since 0.9.9
+     */
+    public SSLEepGet(I2PAppContext ctx, String outputFile, String url) {
+        this(ctx, outputFile, url, null);
+    }
+
+    /**
+     *  @param state an SSLState retrieved from a previous SSLEepGet with getSSLState(), or null.
+     *               This makes repeated fetches from the same host MUCH faster,
+     *               and prevents repeated key store loads even for different hosts.
+     *  @since 0.9.9
+     */
+    public SSLEepGet(I2PAppContext ctx, String outputFile, String url, SSLState state) {
+        this(ctx, outputFile, null, url, null);
+    }
+
+    /**
+     *  outputFile, outputStream: One null, one non-null
+     *
+     *  @param state an SSLState retrieved from a previous SSLEepGet with getSSLState(), or null.
+     *               This makes repeated fetches from the same host MUCH faster,
+     *               and prevents repeated key store loads even for different hosts.
+     *  @since 0.9.9
+     */
+    private SSLEepGet(I2PAppContext ctx, String outputFile, OutputStream outputStream, String url, SSLState state) {
         // we're using this constructor:
         // public EepGet(I2PAppContext ctx, boolean shouldProxy, String proxyHost, int proxyPort, int numRetries, long minSize, long maxSize, String outputFile, OutputStream outputStream, String url, boolean allowCaching, String etag, String postData) {
-        super(ctx, false, null, -1, 0, -1, -1, null, outputStream, url, true, null, null);
+        super(ctx, false, null, -1, 0, -1, -1, outputFile, outputStream, url, true, null, null);
         if (state != null && state.context != null)
             _sslContext = state.context;
@@ -178 +205 @@
      *  else from $JAVA_HOME/lib/security/cacerts.
      *
-     *  Then adds certs found in the $I2P/certificates/ directory
-     *  and in the ~/.i2p/certificates/ directory.
+     *  Then adds certs found in the $I2P/certificates/ssl/ directory
+     *  and in the ~/.i2p/certificates/ssl/ directory.
      *
      *  @return null on failure
@@ -185 +212 @@
      */
     private SSLContext initSSLContext() {
-        KeyStore ks;
-        try {
-            ks = KeyStore.getInstance(KeyStore.getDefaultType());
-        } catch (GeneralSecurityException gse) {
-            _log.error("Key Store init error", gse);
+        KeyStore ks = KeyStoreUtil.loadSystemKeyStore();
+        if (ks == null) {
+            _log.error("Key Store init error");
             return null;
         }
-        boolean success = false;
-        String override = System.getProperty("javax.net.ssl.keyStore");
-        if (override != null)
-            success = loadCerts(new File(override), ks);
-        if (!success) {
-            if (_isAndroid) {
-                // thru API 13. As of API 14 (ICS), the file is gone, but
-                // ks.load(null, pw) will bring in the default certs?
-                success = loadCerts(new File(System.getProperty("java.home"), "etc/security/cacerts.bks"), ks);
-            } else {
-                success = loadCerts(new File(System.getProperty("java.home"), "lib/security/jssecacerts"), ks);
-                if (!success)
-                    success = loadCerts(new File(System.getProperty("java.home"), "lib/security/cacerts"), ks);
-            }
-        }
-
-        if (!success) {
-            try {
-                // must be initted
-                ks.load(null, "changeit".toCharArray());
-            } catch (Exception e) {}
-            _log.error("All key store loads failed, will only load local certificates");
-        } else if (_log.shouldLog(Log.INFO)) {
-            int count = 0;
-            try {
-                for(Enumeration<String> e = ks.aliases(); e.hasMoreElements();) {
-                    String alias = e.nextElement();
-                    if (ks.isCertificateEntry(alias))
-                        count++;
-                }
-            } catch (Exception foo) {}
+        if (_log.shouldLog(Log.INFO)) {
+            int count = KeyStoreUtil.countCerts(ks);
             _log.info("Loaded " + count + " default trusted certificates");
         }
 
-        File dir = new File(_context.getBaseDir(), "certificates");
-        int adds = addCerts(dir, ks);
+        File dir = new File(_context.getBaseDir(), CERT_DIR);
+        int adds = KeyStoreUtil.addCerts(dir, ks);
         int totalAdds = adds;
         if (adds > 0 && _log.shouldLog(Log.INFO))
             _log.info("Loaded " + adds + " trusted certificates from " + dir.getAbsolutePath());
         if (!_context.getBaseDir().getAbsolutePath().equals(_context.getConfigDir().getAbsolutePath())) {
-            dir = new File(_context.getConfigDir(), "certificates");
-            adds = addCerts(dir, ks);
+            dir = new File(_context.getConfigDir(), CERT_DIR);
+            adds = KeyStoreUtil.addCerts(dir, ks);
             totalAdds += adds;
             if (adds > 0 && _log.shouldLog(Log.INFO))
@@ -240 +236 @@
         dir = new File(System.getProperty("user.dir"));
         if (!_context.getBaseDir().getAbsolutePath().equals(dir.getAbsolutePath())) {
-            dir = new File(_context.getConfigDir(), "certificates");
-            adds = addCerts(dir, ks);
+            dir = new File(_context.getConfigDir(), CERT_DIR);
+            adds = KeyStoreUtil.addCerts(dir, ks);
             totalAdds += adds;
             if (adds > 0 && _log.shouldLog(Log.INFO))
@@ -261 +257 @@
         }
         return null;
-    }
-
-    /**
-     *  Load all X509 Certs from a key store File into a KeyStore
-     *  Note that each call reinitializes the KeyStore
-     *
-     *  @return success
-     *  @since 0.8.2
-     */
-    private boolean loadCerts(File file, KeyStore ks) {
-        if (!file.exists())
-            return false;
-        InputStream fis = null;
-        try {
-            fis = new FileInputStream(file);
-            // "changeit" is the default password
-            ks.load(fis, "changeit".toCharArray());
-        } catch (GeneralSecurityException gse) {
-            _log.error("KeyStore load error, no default keys: " + file.getAbsolutePath(), gse);
-            try {
-                // not clear if null is allowed for password
-                ks.load(null, "changeit".toCharArray());
-            } catch (Exception foo) {}
-            return false;
-        } catch (IOException ioe) {
-            _log.error("KeyStore load error, no default keys: " + file.getAbsolutePath(), ioe);
-            try {
-                ks.load(null, "changeit".toCharArray());
-            } catch (Exception foo) {}
-            return false;
-        } finally {
-            try { if (fis != null) fis.close(); } catch (IOException foo) {}
-        }
-        return true;
-    }
-
-    /**
-     *  Load all X509 Certs from a directory and add them to the
-     *  trusted set of certificates in the key store
-     *
-     *  @return number successfully added
-     *  @since 0.8.2
-     */
-    private int addCerts(File dir, KeyStore ks) {
-        if (_log.shouldLog(Log.INFO))
-            _log.info("Looking for X509 Certificates in " + dir.getAbsolutePath());
-        int added = 0;
-        if (dir.exists() && dir.isDirectory()) {
-            File[] files = dir.listFiles();
-            if (files != null) {
-                for (int i = 0; i < files.length; i++) {
-                    File f = files[i];
-                    if (!f.isFile())
-                        continue;
-                    // use file name as alias
-                    // https://www.sslshopper.com/ssl-converter.html
-                    // No idea if all these formats can actually be read by CertificateFactory
-                    String alias = f.getName().toLowerCase(Locale.US);
-                    if (alias.endsWith(".crt") || alias.endsWith(".pem") || alias.endsWith(".key") ||
-                        alias.endsWith(".der") || alias.endsWith(".key") || alias.endsWith(".p7b") ||
-                        alias.endsWith(".p7c") || alias.endsWith(".pfx") || alias.endsWith(".p12"))
-                        alias = alias.substring(0, alias.length() - 4);
-                    boolean success = addCert(f, alias, ks);
-                    if (success)
-                        added++;
-                }
-            }
-        }
-        return added;
-    }
-
-    /**
-     *  Load an X509 Cert from a file and add it to the
-     *  trusted set of certificates in the key store
-     *
-     *  @return success
-     *  @since 0.8.2
-     */
-    private boolean addCert(File file, String alias, KeyStore ks) {
-        InputStream fis = null;
-        try {
-            fis = new FileInputStream(file);
-            CertificateFactory cf = CertificateFactory.getInstance("X.509");
-            X509Certificate cert = (X509Certificate)cf.generateCertificate(fis);
-            if (_log.shouldLog(Log.INFO)) {
-                _log.info("Read X509 Certificate from " + file.getAbsolutePath() +
-                          " Issuer: " + cert.getIssuerX500Principal() +
-                          "; Valid From: " + cert.getNotBefore() +
-                          " To: " + cert.getNotAfter());
-            }
-            try {
-                cert.checkValidity();
-            } catch (CertificateExpiredException cee) {
-                _log.error("Rejecting expired X509 Certificate: " + file.getAbsolutePath(), cee);
-                return false;
-            } catch (CertificateNotYetValidException cnyve) {
-                _log.error("Rejecting X509 Certificate not yet valid: " + file.getAbsolutePath(), cnyve);
-                return false;
-            }
-            ks.setCertificateEntry(alias, cert);
-            if (_log.shouldLog(Log.INFO))
-                _log.info("Now trusting X509 Certificate, Issuer: " + cert.getIssuerX500Principal());
-        } catch (GeneralSecurityException gse) {
-            _log.error("Error reading X509 Certificate: " + file.getAbsolutePath(), gse);
-            return false;
-        } catch (IOException ioe) {
-            _log.error("Error reading X509 Certificate: " + file.getAbsolutePath(), ioe);
-            return false;
-        } finally {
-            try { if (fis != null) fis.close(); } catch (IOException foo) {}
-        }
-        return true;
     }
     
@@ -426 +310 @@
                 System.out.println("      WARNING: Certificate is not currently valid, it cannot be used");
             }
-            saveCert(cert, new File(name));
+            CertUtil.saveCert(cert, new File(name));
         }
         System.out.println("NOTE: To trust them, copy the certificate file(s) to the certificates directory and rerun without the -s option");
         System.out.println("NOTE: EepGet failed, certificate error follows:");
-    }
-
-    private static final int LINE_LENGTH = 64;
-
-    /**
-     *  Modified from:
-     *  http://www.exampledepot.com/egs/java.security.cert/ExportCert.html
-     *
-     *  This method writes a certificate to a file in base64 format.
-     *  @since 0.8.2
-     */
-    private static void saveCert(Certificate cert, File file) {
-        OutputStream os = null;
-        try {
-           // Get the encoded form which is suitable for exporting
-           byte[] buf = cert.getEncoded();
-           os = new FileOutputStream(file);
-           PrintWriter wr = new PrintWriter(os);
-           wr.println("-----BEGIN CERTIFICATE-----");
-           String b64 = Base64.encode(buf, true);     // true = use standard alphabet
-           for (int i = 0; i < b64.length(); i += LINE_LENGTH) {
-               wr.println(b64.substring(i, Math.min(i + LINE_LENGTH, b64.length())));
-           }
-           wr.println("-----END CERTIFICATE-----");
-           wr.flush();
-        } catch (CertificateEncodingException cee) {
-            System.out.println("Error writing X509 Certificate " + file.getAbsolutePath() + ' ' + cee);
-        } catch (IOException ioe) {
-            System.out.println("Error writing X509 Certificate " + file.getAbsolutePath() + ' ' + ioe);
-        } finally {
-            try { if (os != null) os.close(); } catch (IOException foo) {}
-        }
     }
 
@@ -642 +494 @@
             if ("https".equals(url.getProtocol())) {
                 host = url.getHost();
+                if (host.toLowerCase(Locale.US).endsWith(".i2p"))
+                    throw new MalformedURLException("I2P addresses unsupported");
                 port = url.getPort();
                 if (port == -1)
@@ -650 +504 @@
                     _proxy = SSLSocketFactory.getDefault().createSocket(host, port);
             } else {
-                throw new IOException("Only https supported: " + _actualURL);
+                throw new MalformedURLException("Only https supported: " + _actualURL);
             }
         // an MUE is an IOE

installer/resources/deletelist.txt

@@ -69 +69 @@
 docs/initialNews/initialNews_ru.xml
 docs/initialNews/initialNews_sv.xml
+# certificates moved to certificates/ssl
+certificates/193.150.121.66.crt
+certificates/cert.smartcom.org.crt
+certificates/i2p.feared.eu.crt
+certificates/i2p.mooo.com.crt
+certificates/i2pprojekt.de.cert
+certificates/ieb9oopo.mooo.com.crt
+certificates/netdb.i2p2.de.crt
+certificates/netdb.i2p2.no.crt
+certificates/reseed.info.crt
+certificates/reseed.pkol.de.crt
+certificates/www.cacert.org.crt

router/java/src/net/i2p/router/client/SSLClientListenerRunner.java

@@ -22 +22 @@
 
 import net.i2p.client.I2PClient;
+import net.i2p.crypto.CertUtil;
+import net.i2p.crypto.KeyStoreUtil;
 import net.i2p.data.Base32;
-import net.i2p.data.Base64;
 import net.i2p.router.RouterContext;
 import net.i2p.util.Log;
 import net.i2p.util.SecureDirectory;
-import net.i2p.util.SecureFileOutputStream;
-import net.i2p.util.ShellCommand;
 
 /**
@@ -88 +87 @@
     private boolean createKeyStore(File ks) {
         // make a random 48 character password (30 * 8 / 5)
-        byte[] rand = new byte[30];
-        _context.random().nextBytes(rand);
-        String keyPassword = Base32.encode(rand);
+        String keyPassword = KeyStoreUtil.randomString();
         // and one for the cname
-        _context.random().nextBytes(rand);
-        String cname = Base32.encode(rand) + ".i2cp.i2p.net";
-
-        String keytool = (new File(System.getProperty("java.home"), "bin/keytool")).getAbsolutePath();
-        String[] args = new String[] {
-                   keytool,
-                   "-genkey",            // -genkeypair preferred in newer keytools, but this works with more
-                   "-storetype", KeyStore.getDefaultType(),
-                   "-keystore", ks.getAbsolutePath(),
-                   "-storepass", DEFAULT_KEYSTORE_PASSWORD,
-                   "-alias", KEY_ALIAS,
-                   "-dname", "CN=" + cname + ",OU=I2CP,O=I2P Anonymous Network,L=XX,ST=XX,C=XX",
-                   "-validity", "3652",  // 10 years
-                   "-keyalg", "DSA",
-                   "-keysize", "1024",
-                   "-keypass", keyPassword};
-        boolean success = (new ShellCommand()).executeSilentAndWaitTimed(args, 30);  // 30 secs
+        String cname = KeyStoreUtil.randomString() + ".i2cp.i2p.net";
+
+        boolean success = KeyStoreUtil.createKeys(ks, KEY_ALIAS, cname, "I2CP", keyPassword);
         if (success) {
             success = ks.exists();
             if (success) {
-                SecureFileOutputStream.setPerms(ks);
                 Map<String, String> changes = new HashMap();
                 changes.put(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
@@ -124 +106 @@
                            "IP address, host name, router identity, or destination keys.");
         } else {
-            _log.error("Failed to create I2CP SSL keystore using command line:");
-            StringBuilder buf = new StringBuilder(256);
-            for (int i = 0;  i < args.length; i++) {
-                buf.append('"').append(args[i]).append("\" ");
-            }
-            _log.error(buf.toString());
-            _log.error("This is for the Sun/Oracle keytool, others may be incompatible.\n" +
+            _log.error("Failed to create I2CP SSL keystore.\n" +
+                       "This is for the Sun/Oracle keytool, others may be incompatible.\n" +
                        "If you create the keystore manually, you must add " + PROP_KEYSTORE_PASSWORD + " and " + PROP_KEY_PASSWORD +
                        " to " + (new File(_context.getConfigDir(), "router.config")).getAbsolutePath());
@@ -144 +121 @@
         File sdir = new SecureDirectory(_context.getConfigDir(), "certificates");
         if (sdir.exists() || sdir.mkdir()) {
-            InputStream fis = null;
-            try {
-                KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType());
-                fis = new FileInputStream(ks);
-                String ksPass = _context.getProperty(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
-                keyStore.load(fis, ksPass.toCharArray());
-                Certificate cert = keyStore.getCertificate(KEY_ALIAS);
-                if (cert != null) {
-                    File certFile = new File(sdir, ASCII_KEYFILE);
-                    saveCert(cert, certFile);
-                } else {
-                    _log.error("Error getting SSL cert to save as ASCII");
-                }
-            } catch (GeneralSecurityException gse) {
-                _log.error("Error saving ASCII SSL keys", gse);
-            } catch (IOException ioe) {
-                _log.error("Error saving ASCII SSL keys", ioe);
-            } finally {
-                if (fis != null) try { fis.close(); } catch (IOException ioe) {}
-            }
+            String ksPass = _context.getProperty(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
+            File out = new File(sdir, ASCII_KEYFILE);
+            boolean success = KeyStoreUtil.exportCert(ks, ksPass, KEY_ALIAS, out);
+            if (!success)
+                _log.error("Error getting SSL cert to save as ASCII");
         } else {
             _log.error("Error saving ASCII SSL keys");
-        }
-    }
-
-    private static final int LINE_LENGTH = 64;
-
-    /**
-     *  Modified from:
-     *  http://www.exampledepot.com/egs/java.security.cert/ExportCert.html
-     *
-     *  Write a certificate to a file in base64 format.
-     */
-    private void saveCert(Certificate cert, File file) {
-        OutputStream os = null;
-        try {
-           // Get the encoded form which is suitable for exporting
-           byte[] buf = cert.getEncoded();
-           os = new SecureFileOutputStream(file);
-           PrintWriter wr = new PrintWriter(os);
-           wr.println("-----BEGIN CERTIFICATE-----");
-           String b64 = Base64.encode(buf, true);     // true = use standard alphabet
-           for (int i = 0; i < b64.length(); i += LINE_LENGTH) {
-               wr.println(b64.substring(i, Math.min(i + LINE_LENGTH, b64.length())));
-           }
-           wr.println("-----END CERTIFICATE-----");
-           wr.flush();
-        } catch (CertificateEncodingException cee) {
-           _log.error("Error writing X509 Certificate " + file.getAbsolutePath(), cee);
-        } catch (IOException ioe) {
-            _log.error("Error writing X509 Certificate " + file.getAbsolutePath(), ioe);
-        } finally {
-            try { if (os != null) os.close(); } catch (IOException foo) {}
         }
     }

tests/scripts/checkcerts.sh

@@ -155 +155 @@
 cd `dirname $0`/../../installer/resources/certificates
 
-for i in *.crt *.cert
+for i in */*.crt
 do
     echo "Checking $i ..."