From f4d7a6d0d4e696f5fa04f6cf6e76f432c142372f Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Thu, 11 Apr 2019 15:38:03 +0000
Subject: [PATCH] i2ptunnel: Disallow encrypted LS for offline keys

---
 .../net/i2p/i2ptunnel/TunnelController.java   | 15 ++++++++++++++
 .../net/i2p/i2ptunnel/ui/GeneralHelper.java   | 20 +++++++++++++++++++
 .../src/net/i2p/i2ptunnel/web/IndexBean.java  |  9 +++++++++
 apps/i2ptunnel/jsp/editServer.jsi             | 10 ++++++----
 .../java/src/net/i2p/data/PrivateKeyFile.java |  6 ++++++
 5 files changed, 56 insertions(+), 4 deletions(-)

diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/TunnelController.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/TunnelController.java
index e043eb6f0..a10f50c43 100644
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/TunnelController.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/TunnelController.java
@@ -1080,6 +1080,21 @@ public class TunnelController implements Logging {
         return null;
     }
 
+    /**
+     *  Returns false if not running.
+     *  @return true if offline keys or not running
+     *  @since 0.9.40
+     */
+    public boolean getIsOfflineKeys() {
+        if (_tunnel != null) {
+            List<I2PSession> sessions = _tunnel.getSessions();
+            if (!sessions.isEmpty())
+                return sessions.get(0).isOffline();
+        }
+        return false;
+    }
+
+    // TODO synch
     public boolean getIsRunning() { return _state == TunnelState.RUNNING; }
     public boolean getIsStarting() { return _state == TunnelState.START_ON_LOAD || _state == TunnelState.STARTING; }
 
diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/ui/GeneralHelper.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/ui/GeneralHelper.java
index f3ef31409..f984461a2 100644
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/ui/GeneralHelper.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/ui/GeneralHelper.java
@@ -447,6 +447,26 @@ public class GeneralHelper {
         return null;
     }
 
+    /**
+     *  Works even if tunnel is not running.
+     *  @return true if offline keys
+     *  @since 0.9.40
+     */
+    public boolean isOfflineKeys(int tunnel) {
+        TunnelController tun = getController(tunnel);
+        if (tun != null) {
+            if (tun.getIsRunning())
+                return tun.getIsOfflineKeys();
+            // do this the hard way
+            File keyFile = tun.getPrivateKeyFile();
+            if (keyFile != null) {
+                PrivateKeyFile pkf = new PrivateKeyFile(keyFile);
+                return pkf.isOffline();
+            }
+        }
+        return false;
+    }
+
     public boolean shouldStartAutomatically(int tunnel) {
         TunnelController tun = getController(tunnel);
         return tun != null ? tun.getStartOnLoad() : false;
diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java
index 7505f2b64..84ff57d54 100644
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java
@@ -608,6 +608,15 @@ public class IndexBean {
             return d.toBase32();
         return "";
     }
+
+    /**
+     *  Works even if tunnel is not running.
+     *  @return true if offline keys
+     *  @since 0.9.40
+     */
+    public boolean getIsOfflineKeys(int tunnel) {
+        return _helper.isOfflineKeys(tunnel);
+    }
     
     /**
      *  For index.jsp
diff --git a/apps/i2ptunnel/jsp/editServer.jsi b/apps/i2ptunnel/jsp/editServer.jsi
index 30b0d0538..1f84ac8b5 100644
--- a/apps/i2ptunnel/jsp/editServer.jsi
+++ b/apps/i2ptunnel/jsp/editServer.jsi
@@ -432,7 +432,9 @@
                     <%=intl._t("Encrypted")%></label></span>
 <%
                     int curSigType = editBean.getSigType(curTunnel, tunnelType);
-                    if (curSigType == 7 || curSigType == 11) {
+                    // TODO, encrypted + offline is unimplemented
+                    boolean allowBlinding = (curSigType == 7 || curSigType == 11) && !editBean.getIsOfflineKeys(curTunnel);
+                    if (allowBlinding) {
 %>
                 <span class="multiOption"><label title="<%=intl._t("Prevents server discovery by floodfills")%>"><input value="2" type="radio" name="encryptMode"<%=(curEncryptMode.equals("2") ? " checked=\"checked\"" : "")%> class="tickbox" />
                     <%=intl._t("Blinded")%></label></span>
@@ -452,7 +454,7 @@
                     <%=intl._t("Blinded with lookup password and per-user key")%></label></span>
 <%
                         } // isAdvanced()
-                    } // curSigType
+                    } // allowBlinding
 %>
             </td>
         </tr><tr>
@@ -469,7 +471,7 @@
             </td>
         </tr>
 <%
-            if (curSigType == 7 || curSigType == 11) {
+            if (allowBlinding) {
 %>
         <tr>
             <td>
@@ -478,7 +480,7 @@
             </td><td> </td>
         </tr>
 <%
-            } // curSigType
+            } // allowBlinding
 %>
         <tr>
             <th colspan="2">
diff --git a/core/java/src/net/i2p/data/PrivateKeyFile.java b/core/java/src/net/i2p/data/PrivateKeyFile.java
index 56c7c1462..ca14e64bb 100644
--- a/core/java/src/net/i2p/data/PrivateKeyFile.java
+++ b/core/java/src/net/i2p/data/PrivateKeyFile.java
@@ -627,6 +627,12 @@ public class PrivateKeyFile {
      *  @since 0.9.38
      */
     public boolean isOffline() {
+        try {
+            // call this to force initialization
+            getDestination();
+        } catch (Exception e) {
+            return false;
+        }
         return _offlineSignature != null;
     }