diff --git a/apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java
index 879f0ee3d..884a20bb5 100644
--- a/apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java
+++ b/apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java
@@ -213,10 +213,15 @@ public class PluginUpdateHandler extends UpdateHandler {
if (up.haveKey(pubkey)) {
// the key is already in the TrustedUpdate keyring
// verify the sig and verify that it is signed by the signer in the plugin.config file
+ // Allow "" as the previously-known signer
String signingKeyName = up.verifyAndGetSigner(f);
- if (!signer.equals(signingKeyName)) {
+ if (!(signer.equals(signingKeyName) || "".equals(signingKeyName))) {
f.delete();
to.delete();
+ if (signingKeyName == null)
+ _log.error("Failed to verify plugin signature, corrupt plugin or bad signature, signed by: " + signer);
+ else
+ _log.error("Plugin signer \"" + signer + "\" does not match existing signer in plugin.config file \"" + signingKeyName + "\"");
statusDone("" + _("Plugin signature verification of {0} failed", url) + "");
return;
}
@@ -226,6 +231,7 @@ public class PluginUpdateHandler extends UpdateHandler {
// bad or duplicate key
f.delete();
to.delete();
+ _log.error("Bad key or key mismatch - Failed to add plugin key \"" + pubkey + "\" for plugin signer \"" + signer + "\"");
statusDone("" + _("Plugin signature verification of {0} failed", url) + "");
return;
}
@@ -235,6 +241,11 @@ public class PluginUpdateHandler extends UpdateHandler {
if (!signer.equals(signingKeyName)) {
f.delete();
to.delete();
+ if (signingKeyName == null)
+ _log.error("Failed to verify plugin signature, corrupt plugin or bad signature, signed by: " + signer);
+ else
+ // shouldn't happen
+ _log.error("Plugin signer \"" + signer + "\" does not match new signer in plugin.config file \"" + signingKeyName + "\"");
statusDone("" + _("Plugin signature verification of {0} failed", url) + "");
return;
}
diff --git a/history.txt b/history.txt
index 83cbcc3c6..1e4e7de60 100644
--- a/history.txt
+++ b/history.txt
@@ -1,6 +1,8 @@
2011-02-19 zzz
* I2PTunnel: Fix standalone server tunnels
http://forum.i2p/viewtopic.php?t=5376
+ * Plugins: Fix signature verification if router.config specifies
+ trustedUpdateKeys (ticket #416)
2011-02-18 Mathiasdm
* Desktopgui now has an option to be disabled (desktopgui.enabled)
diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java
index 25340f779..421ff4f63 100644
--- a/router/java/src/net/i2p/router/RouterVersion.java
+++ b/router/java/src/net/i2p/router/RouterVersion.java
@@ -18,7 +18,7 @@ public class RouterVersion {
/** deprecated */
public final static String ID = "Monotone";
public final static String VERSION = CoreVersion.VERSION;
- public final static long BUILD = 15;
+ public final static long BUILD = 16;
/** for example "-test" */
public final static String EXTRA = "-rc";