to branch 'i2p.i2p' (head a1c2ba4663abc7470f427c6a14854707d58b486a)
Prop from branch i2p.i2p.zzz.ecdsa:
* Build:
- Generate su3 file in release target
- Add zzz's new RSA 4096 pubkey cert for updates
- Fix checkcerts.sh
* Console: Move advanced setting to HelperBase
* DSAEngine changes:
- Implement raw sign/verify for other SigTypes
- Add sign/verify methods using Java keys
* ECDSA Support:
- Add ECConstants which looks for named curves and falls back to
explicitly defining the curves
- Add support for ECDSA to SigType, DSAEngine and KeyGenerator
- Attempt to add BC as a Provider
- genSpec: fallback to BC provider
* EepGet:
- Fix non-proxied PartialEepGet
- Prevent non-proxied eepget for an I2P host
* KeyGenerator changes:
- Generate key pairs for all supported SigTypes
- KeyPairGen: Catch ProviderException, fallback to BC provider
- Add KeyGenerator main() tests
* KeyRing and DirKeyRing added: simple backend for storing X.509 certs
* KeyStoreUtil added:
- Consolidate KeyStore code from SSLEepGet, I2CPSSLSocketFactory,
SSLClientListenerRunner, and RouterConsoleRunner into new
KeyStoreUtil and CertUtil classes in net.i2p.crypto (ticket #744)
- Change default to RSA 2048 (ticket #1017)
- Set file modes on written keys
- Overwrite check in createKeys()
- New getCert(), getKey()
- Extend keygen max wait
- Read back private key to verify after keygen
- Validate cert after reading from file
- Validate CN in cert
- Specify cert signature algorithm when generating keys
* NativeBigInteger: Tweak to prevent early context instantiation
* RSA support added: constants, parameters, sig types, support in DSAEngine, KeyGenerator, SigUtil
* SHA1Hash: Add no-arg constructor
* SigType changes:
- Add parameters (curve specs) to SigTypes
- Add getHashInstance()
- Add RSA, fix ECDSA
- Renumber, rename, comment out types that are too short.
* SigUtil added:
- Converters from Java formats (ASN.1, X.509, PKCS#8)
to I2P formats for Signatures and SigningKeys
- Move ASN.1 converter from DSAEngine to SigUtil, generalize
for variable length, add support for longer sequences,
add more sanity checks, add more exceptions
- Move I2P-to-Java DSA key conversion from DSAEngine to SigUtil
- Add Java-to-I2P DSA key conversion
- Add Java key import
- New split() and combine() methods
* SSLEepGet: Move all certificates to certificates/ssl, in preparation
for other certificate uses by SU3File
* SU3File changes:
- Support all SigTypes
- Implement keygen
- Readahead to get sigtype on verify, as we need the hash type
- Enum for content type
- Add unknown content type, make default
- Fix NPE if private key not found or sign fails
- Store generated keys in keystore, and get private key from keystore
for signing, in Java format
- Use Java keys to sign and verify so we don't
lose the key parameters in the conversion to I2P keys
- Type checking of Java private key vs. type when signing
- Use certs instead of public keys for verification
- Fix arg processing
- Improve validate-without-extract
- New extract command
- Change static fields to avoid early context init
- Reduce PRNG buffer size for faster signing
* Update: Preliminary work for su3 router updates:
- New ROUTER_SIGNED_SU3 UpdateType
- Add support for torrent and HTTP
- Refactor UpdateRunners to return actual UpdateType
- Deal with signed/su3 conflicts
- Verify and extract su3 files.
- Stub out support for clearnet su3 updating
- New config for proxying news, separate from proxying update
- PartialEepGet and SSLEepGet tweaks to support clearnet update
- Remove proxy, key, and url config from /configupdate
- More URI checks in UpdateRunner
- Add https support for news fetch
- Add su3 mime type
- Reset found version in update loop so we don't fetch from
the next host too.
- Prevent NPE on version after SSL fetch
- Reset found version in update loop so we don't fetch from
the next host too.
- Prevent NPE on version after SSL fetch
- Fix su3 version check
* EepGet:
- Fix non-proxied PartialEepGet
- Prevent non-proxied eepget for an I2P host
- Fail if no hostname in URL
- Stub out support for clearnet su3 updating
- PartialEepGet and SSLEepGet tweaks to support clearnet update
- Remove proxy, key, and url config from /configupdate
- More URI checks in UpdateRunner
- Add su3 mime type
- Move advanced setting to HelperBase
- new ROUTER_SIGNED_SU3 UpdateType
- Add support for torrent and HTTP
- Refactor UpdateRunners to return actual UpdateType
- Deal with signed/su3 conflicts
- unpack/verify stubbed only
This solves the following problem which was found on OpenBSD:
bundle:
[exec] Generating net.i2p.desktopgui.messages_ar ResourceBundle...
[exec] ERROR - msgfmt failed on locale/messages_ar.po, not updating translations
[exec] msgfmt: Java compiler not found, try installing gcj or set $JAVAC
[exec] msgfmt: compilation of Java class failed, please try --verbose or set $JAVAC
[exec] 9 translated messages.
In OpenBSD 5.4, neither java nor javac are in the PATH.
Consolidate KeyStore code from SSLEepGet, I2CPSSLSocketFactory,
SSLClientListenerRunner, and RouterConsoleRunner into new
KeyStoreUtil and CertUtil classes in net.i2p.crypto (ticket #744)
- French, Portugeuse, Russian, Spanish, and Turkish updates from Transifex
- Start of Romanian translation from Transifex
- Update English POs for sending to TX
* Debian: Update changelog
Streaming RTO changes:
apps/streaming/java/src/net/i2p/client/streaming/ConnectionOptions.java
apps/streaming/java/src/net/i2p/client/streaming/TCBShare.java
apps/ministreaming/java/src/net/i2p/client/streaming/I2PSocketOptionsImpl.java
new reseed:
applied changes from dbfea0ca35dbf9df85b5703db6f97a9579beb364
through 325a9ed6f0f47eeabb33710073edf973671c63c9
disable RI verifies:
applied changes from 4ef48b93946923e3371ab62719a474d869520697
through a77990850b3534101571c88db4704676645914df
i2prouter bashism fix:
applied changes from b5a0148f96728466561ece9be0e50ac9ad3f1468
through e301d0499f4c688ed3a5febe30bf8098c7f2cdf9
i2psnark increase max piece size, mime type updates:
apps/i2psnark/java/src/org/klomp/snark/Storage.java
apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java
apps/i2psnark/mime.properties
UPnP fix:
applied changes from 3d4a5cd3d933f75fdff7696f560c569f4674bd73
through 75e5f5d4e0f0dd44140908bb6e73830e3448bdde
