From 7c3af2cdd6130ce8ff22e9a330f2319b2814eb6e Mon Sep 17 00:00:00 2001 From: zzz Date: Sat, 19 Feb 2011 19:14:05 +0000 Subject: [PATCH] * Plugins: Fix signature verification if router.config specifies trustedUpdateKeys (ticket #416) --- .../src/net/i2p/router/web/PluginUpdateHandler.java | 13 ++++++++++++- history.txt | 2 ++ router/java/src/net/i2p/router/RouterVersion.java | 2 +- 3 files changed, 15 insertions(+), 2 deletions(-) diff --git a/apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java b/apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java index 879f0ee3d..884a20bb5 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/PluginUpdateHandler.java @@ -213,10 +213,15 @@ public class PluginUpdateHandler extends UpdateHandler { if (up.haveKey(pubkey)) { // the key is already in the TrustedUpdate keyring // verify the sig and verify that it is signed by the signer in the plugin.config file + // Allow "" as the previously-known signer String signingKeyName = up.verifyAndGetSigner(f); - if (!signer.equals(signingKeyName)) { + if (!(signer.equals(signingKeyName) || "".equals(signingKeyName))) { f.delete(); to.delete(); + if (signingKeyName == null) + _log.error("Failed to verify plugin signature, corrupt plugin or bad signature, signed by: " + signer); + else + _log.error("Plugin signer \"" + signer + "\" does not match existing signer in plugin.config file \"" + signingKeyName + "\""); statusDone("" + _("Plugin signature verification of {0} failed", url) + ""); return; } @@ -226,6 +231,7 @@ public class PluginUpdateHandler extends UpdateHandler { // bad or duplicate key f.delete(); to.delete(); + _log.error("Bad key or key mismatch - Failed to add plugin key \"" + pubkey + "\" for plugin signer \"" + signer + "\""); statusDone("" + _("Plugin signature verification of {0} failed", url) + ""); return; } @@ -235,6 +241,11 @@ public class PluginUpdateHandler extends UpdateHandler { if (!signer.equals(signingKeyName)) { f.delete(); to.delete(); + if (signingKeyName == null) + _log.error("Failed to verify plugin signature, corrupt plugin or bad signature, signed by: " + signer); + else + // shouldn't happen + _log.error("Plugin signer \"" + signer + "\" does not match new signer in plugin.config file \"" + signingKeyName + "\""); statusDone("" + _("Plugin signature verification of {0} failed", url) + ""); return; } diff --git a/history.txt b/history.txt index 83cbcc3c6..1e4e7de60 100644 --- a/history.txt +++ b/history.txt @@ -1,6 +1,8 @@ 2011-02-19 zzz * I2PTunnel: Fix standalone server tunnels http://forum.i2p/viewtopic.php?t=5376 + * Plugins: Fix signature verification if router.config specifies + trustedUpdateKeys (ticket #416) 2011-02-18 Mathiasdm * Desktopgui now has an option to be disabled (desktopgui.enabled) diff --git a/router/java/src/net/i2p/router/RouterVersion.java b/router/java/src/net/i2p/router/RouterVersion.java index 25340f779..421ff4f63 100644 --- a/router/java/src/net/i2p/router/RouterVersion.java +++ b/router/java/src/net/i2p/router/RouterVersion.java @@ -18,7 +18,7 @@ public class RouterVersion { /** deprecated */ public final static String ID = "Monotone"; public final static String VERSION = CoreVersion.VERSION; - public final static long BUILD = 15; + public final static long BUILD = 16; /** for example "-test" */ public final static String EXTRA = "-rc";