su3 build fix

Update hardcoded dirauths (patch from thebland, and remove urras)
Add changelog
Bump to 0.5

CHANGES.txt

@@ -0,0 +1,23 @@
+* 2016-07-30 1.0.0-0.5
+  - Update hardcoded dirauths
+  - Add su3 plugin build support
+
+* 2014-03-01 1.0.0-0.4
+  - Catch policy exception to correctly set failed state (ticket #1201)
+  - Hopefully fix deadlock (ticket #1207)
+
+* 2014-01-10 1.0.0-0.3
+  - Better logging of startup errors
+  - Add config file support
+  - Add circuit status to servlet
+
+* 2014-01-08 1.0.0-0.2
+  - Change from jsp to java servlet
+  - Start controller from servlet, not clients.config, to avoid class loader issues
+  - Fix webapps.config location
+  - Fix console link
+  - Fix classpath issues
+  - Add status info using TorConfig
+
+* 2014-01-04 1.0.0-0.1
+  - Initial checkin

build.xml

@@ -12,7 +12,7 @@
     <target name="plugin" depends="war"> 
         <!-- get version number -->
         <buildnumber file="scripts/build.number" />
-        <property name="release.number" value="1.0.0-0.4" />
+        <property name="release.number" value="1.0.0-0.5" />
 
         <!-- make the update xpi2p -->
         <copy file="LICENSE.txt" todir="plugin/" overwrite="true" />
@@ -34,10 +34,18 @@
             <arg value="plugin/console/webapps/orchid.war.pack" />
             <arg value="src/build/orchid.war.jar" />
         </exec>
-        <exec executable="scripts/makeplugin.sh" failonerror="true" >
+        <input message="Enter su3 signing key password:" addproperty="release.password.su3" />
+        <fail message="You must enter a password." >
+            <condition>
+                <equals arg1="${release.password.su3}" arg2=""/>
+            </condition>
+        </fail>
+        <!-- this will fail if no su3 keys exist, as it needs the password twice -->
+        <exec executable="scripts/makeplugin.sh" inputstring="${release.password.su3}" failonerror="true" >
             <arg value="plugin" />
         </exec>
         <move file="orchid.xpi2p" tofile="orchid-update.xpi2p" overwrite="true" />
+        <move file="orchid.su3" tofile="orchid-update.su3" overwrite="true" />
 
         <!-- make the install xpi2p -->
         <copy file="scripts/orchid.config" todir="plugin/" overwrite="true" />
@@ -55,7 +63,7 @@
             <arg value="plugin/lib/xmlrpc-common.jar.pack" />
             <arg value="lib/xmlrpc-common-${xmlrpc.version}.jar" />
         </exec>
-        <exec executable="scripts/makeplugin.sh" failonerror="true" >
+        <exec executable="scripts/makeplugin.sh" inputstring="${release.password.su3}" failonerror="true" >
             <arg value="plugin" />
         </exec>
     </target>
@@ -75,6 +83,8 @@
         <delete file="plugin/README.txt" />
         <delete file="orchid.xpi2p" />
         <delete file="orchid-update.xpi2p" />
+        <delete file="orchid.su3" />
+        <delete file="orchid-update.su3" />
     </target>
 
 </project>

scripts/makeplugin.sh

@@ -5,58 +5,83 @@
 #  usage: makeplugin.sh plugindir
 #
 #  zzz 2010-02
+#  zzz 2014-08 added support for su3 files
 #
 PUBKEYDIR=$HOME/.i2p-plugin-keys
 PUBKEYFILE=$PUBKEYDIR/plugin-public-signing.key
 PRIVKEYFILE=$PUBKEYDIR/plugin-private-signing.key
 B64KEYFILE=$PUBKEYDIR/plugin-public-signing.txt
-export I2P=../i2p/pkg-temp
+PUBKEYSTORE=$PUBKEYDIR/plugin-su3-public-signing.crt
+PRIVKEYSTORE=$PUBKEYDIR/plugin-su3-keystore.ks
+KEYTYPE=RSA_SHA512_4096
 
+# put your files in here
 PLUGINDIR=${1:-plugin}
 
 PC=plugin.config
 PCT=${PC}.tmp
 
-if [ ! -f $PRIVKEYFILE ]
-then
-	mkdir -p $PUBKEYDIR
-	java -cp $I2P/lib/i2p.jar net.i2p.crypto.TrustedUpdate keygen $PUBKEYFILE $PRIVKEYFILE || exit 1
-	java -cp $I2P/lib/i2p.jar net.i2p.data.Base64 encode $PUBKEYFILE $B64KEYFILE || exit 1
-	rm -rf logs/
-	chmod 444 $PUBKEYFILE $B64KEYFILE
-	chmod 400 $PRIVKEYFILE
-	echo "Created new keys: $PUBKEYFILE $PRIVKEYFILE"
-fi
-
-rm -f plugin.zip
 if [ ! -d $PLUGINDIR ]
 then
 	echo "You must have a $PLUGINDIR directory"
 	exit 1
 fi
 
-OPWD=$PWD
-cd $PLUGINDIR
-
-if [ ! -f $PC ]
+if [ ! -f $PLUGINDIR/$PC ]
 then
-	echo "You must have a $PC file"
+	echo "You must have a $PLUGINDIR/$PC file"
 	exit 1
 fi
 
-grep -q '^signer=' $PC
+SIGNER=`grep '^signer=' $PLUGINDIR/$PC`
 if [ "$?" -ne "0" ]
 then
-	echo "You must have a signer in $PC"
-        echo 'For example signer=joe@mail.i2p'
+	echo "You must have a plugin name in $PC"
+	echo 'For example name=foo'
 	exit 1
 fi
+SIGNER=`echo $SIGNER | cut -f 2 -d '='`
+
+if [ ! -f $PRIVKEYFILE ]
+then
+	echo "Creating new XPI2P DSA keys"
+	mkdir -p $PUBKEYDIR || exit 1
+	java -cp $I2P/lib/i2p.jar net.i2p.crypto.TrustedUpdate keygen $PUBKEYFILE $PRIVKEYFILE || exit 1
+	java -cp $I2P/lib/i2p.jar net.i2p.data.Base64 encode $PUBKEYFILE $B64KEYFILE || exit 1
+	rm -rf logs/
+	chmod 444 $PUBKEYFILE $B64KEYFILE
+	chmod 400 $PRIVKEYFILE
+	echo "Created new XPI2P keys: $PUBKEYFILE $PRIVKEYFILE"
+fi
+
+if [ ! -f $PRIVKEYSTORE ]
+then
+	echo "Creating new SU3 $KEYTYPE keys for $SIGNER"
+	java -cp $I2P/lib/i2p.jar net.i2p.crypto.SU3File keygen -t $KEYTYPE $PUBKEYSTORE $PRIVKEYSTORE $SIGNER || exit 1
+	echo '*** Save your password in a safe place!!! ***'
+	rm -rf logs/
+	# copy to the router dir so verify will work
+        CDIR=$I2P/certificates/plugin
+	mkdir -p $CDIR || exit 1
+	CFILE=$CDIR/`echo $SIGNER | sed s/@/_at_/`.crt
+	cp $PUBKEYSTORE $CFILE
+	chmod 444 $PUBKEYSTORE
+	chmod 400 $PRIVKEYSTORE
+	chmod 644 $CFILE
+	echo "Created new SU3 keys: $PUBKEYSTORE $PRIVKEYSTORE"
+	echo "Copied public key to $CFILE for testing"
+fi
+
+rm -f plugin.zip
+
+OPWD=$PWD
+cd $PLUGINDIR
 
 grep -q '^name=' $PC
 if [ "$?" -ne "0" ]
 then
 	echo "You must have a plugin name in $PC"
-        echo 'For example name=foo'
+	echo 'For example name=foo'
 	exit 1
 fi
 
@@ -64,41 +89,49 @@ grep -q '^version=' $PC
 if [ "$?" -ne "0" ]
 then
 	echo "You must have a version in $PC"
-        echo 'For example version=0.1.2'
+	echo 'For example version=0.1.2'
 	exit 1
 fi
 
 # update the date
 grep -v '^date=' $PC > $PCT
 DATE=`date '+%s000'`
-echo "date=$DATE" >> $PCT
-mv $PCT $PC
+echo "date=$DATE" >> $PCT || exit 1
+mv $PCT $PC || exit 1
 
 # add our Base64 key
 grep -v '^key=' $PC > $PCT
 B64KEY=`cat $B64KEYFILE`
 echo "key=$B64KEY" >> $PCT || exit 1
-mv $PCT $PC
+mv $PCT $PC || exit 1
 
 # zip it
-zip -r $OPWD/plugin.zip * -x \*.jar || exit 1
+zip -r $OPWD/plugin.zip * || exit 1
 
 # get the version and use it for the sud header
 VERSION=`grep '^version=' $PC | cut -f 2 -d '='`
 # get the name and use it for the file name
 NAME=`grep '^name=' $PC | cut -f 2 -d '='`
 XPI2P=${NAME}.xpi2p
+SU3=${NAME}.su3
 cd $OPWD
 
 # sign it
+echo 'Signing. ...'
 java -cp $I2P/lib/i2p.jar net.i2p.crypto.TrustedUpdate sign plugin.zip $XPI2P $PRIVKEYFILE $VERSION || exit 1
+java -cp $I2P/lib/i2p.jar net.i2p.crypto.SU3File sign -c PLUGIN -t $KEYTYPE plugin.zip $SU3 $PRIVKEYSTORE $VERSION $SIGNER || exit 1
 rm -f plugin.zip
 
 # verify
 echo 'Verifying. ...'
 java -cp $I2P/lib/i2p.jar net.i2p.crypto.TrustedUpdate showversion $XPI2P || exit 1
 java -cp $I2P/lib/i2p.jar -Drouter.trustedUpdateKeys=$B64KEY net.i2p.crypto.TrustedUpdate verifysig $XPI2P || exit 1
+java -cp $I2P/lib/i2p.jar net.i2p.crypto.SU3File showversion $SU3 || exit 1
+java -cp $I2P/lib/i2p.jar net.i2p.crypto.SU3File verifysig -k $PUBKEYSTORE $SU3 || exit 1
 rm -rf logs/
 
-echo -n 'Plugin created: '
+echo 'Plugin files created: '
 wc -c $XPI2P
+wc -c $SU3
+
+exit 0

scripts/plugin.config

@@ -5,6 +5,7 @@ consoleLinkURL=/orchid/
 description=Tor Outproxy
 author=bruce@subgraph.com (packaged by zzz)
 updateURL=http://stats.i2p/i2p/plugins/orchid-update.xpi2p
+updateURL.su3=http://stats.i2p/i2p/plugins/orchid-update.su3
 websiteURL=http://zzz.i2p/forums/16
 license=BSD
 min-jetty-version=7

src/java/com/subgraph/orchid/directory/TrustedAuthorities.java

@@ -18,16 +18,15 @@ import com.subgraph.orchid.directory.parsing.DocumentParsingHandler;
 public class TrustedAuthorities {
 	
 	private final static String[] dirServers = {
-		"authority moria1 orport=9101 no-v2 v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 128.31.0.39:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
+		"authority moria1 orport=9101 no-v2 v3ident=D586D18309DED4CD6D57C18FDB97EFA96D330566 128.31.0.34:9131 9695 DFC3 5FFE B861 329B 9F1A B04C 4639 7020 CE31",
 	    "authority tor26 v1 orport=443 v3ident=14C131DFC5C6F93646BE72FA1401C02A8DF2E8B4 86.59.21.38:80 847B 1F85 0344 D787 6491 A548 92F9 0493 4E4E B85D",
 	    "authority dizum orport=443 v3ident=E8A9C45EDE6D711294FADF8E7951F4DE6CA56B58 194.109.206.212:80 7EA6 EAD6 FD83 083C 538F 4403 8BBF A077 587D D755",
 	    "authority Tonga orport=443 bridge no-v2 82.94.251.203:80 4A0C CD2D DC79 9508 3D73 F5D6 6710 0C8A 5831 F16D",
-	    "authority turtles orport=9090 no-v2 v3ident=27B6B5996C426270A5C95488AA5BCEB6BCC86956 76.73.17.194:9030 F397 038A DC51 3361 35E7 B80B D99C A384 4360 292B",
-	    "authority dannenberg orport=443 no-v2 v3ident=585769C78764D58426B8B52B6651A5A71137189A 193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
-	    "authority urras orport=80 no-v2 v3ident=80550987E1D626E3EBA5E5E75A458DE0626D088C 208.83.223.34:443 0AD3 FA88 4D18 F89E EA2D 89C0 1937 9E0E 7FD9 4417",
+	    "authority longclaw orport=443 no-v2 v3ident=23D15D965BC35114467363C165C4F724B64B4F66 199.254.238.53:80 74A9 1064 6BCE EFBC D2E8 74FC 1DC9 9743 0F96 8145",
+	    "authority dannenberg orport=443 no-v2 v3ident=0232AF901C31A04EE9848595AF9BB7620D4C5B2E 193.23.244.244:80 7BE6 83E6 5D48 1413 21C5 ED92 F075 C553 64AC 7123",
 	    "authority maatuska orport=80 no-v2 v3ident=49015F787433103580E3B66A1707A00E60F2D15B 171.25.193.9:443 BD6A 8292 55CB 08E6 6FBE 7D37 4836 3586 E46B 3810",
-	    "authority Faravahar orport=443 no-v2 v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 154.35.32.5:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
-	    "authority gabelmoo orport=443 no-v2 v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 212.112.245.170:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
+	    "authority Faravahar orport=443 no-v2 v3ident=EFCBE720AB3A82B99F9E953CD5BF50F7EEFC7B97 154.35.175.225:80 CF6D 0AAF B385 BE71 B8E1 11FC 5CFF 4B47 9237 33BC",
+	    "authority gabelmoo orport=443 no-v2 v3ident=ED03BB616EB2F60BEC80151114BB25CEF515B226 131.188.40.189:80 F204 4413 DAC2 E02E 3D6B CF47 35A1 9BCA 1DE9 7281",
 	};
 
 	private final List<DirectoryServer> directoryServers = new ArrayList<DirectoryServer>();

src/java/net/i2p/orchid/OrchidController.java

@@ -116,7 +116,7 @@ public class OrchidController implements ClientApp, TorInitializationListener, O
         } catch (RuntimeException t) {
             // TorException extends RuntimeException,
             // unlimited strength policy files not installed
-            changeState(START_FAILED);
+            changeState(START_FAILED, t);
             throw t;
         }
         if (_mgr != null)