From 28575dbdaeda470805a0578cfaea30021d40b9d1 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Tue, 28 Jan 2014 14:21:54 +0000
Subject: [PATCH] * Key certs:   - Hide setting in i2ptunnel edit pages unless
 advanced user   - Only store LS with key certs to routers that support it

---
 .../src/net/i2p/i2ptunnel/web/EditBean.java   |  5 +++++
 apps/i2ptunnel/jsp/editClient.jsp             |  2 ++
 apps/i2ptunnel/jsp/editServer.jsp             |  2 ++
 .../router/networkdb/kademlia/StoreJob.java   | 21 +++++++++++++++++++
 4 files changed, 30 insertions(+)

diff --git a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/EditBean.java b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/EditBean.java
index 0e1a61d2b7..85365e28d2 100644
--- a/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/EditBean.java
+++ b/apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/EditBean.java
@@ -351,6 +351,11 @@ public class EditBean extends IndexBean {
         return Addresses.getAllAddresses();
     }
 
+    /** @since 0.9.11 */
+    public boolean isAdvanced() {
+        return _context.getBooleanProperty("routerconsole.advanced");
+    }
+
     public String getI2CPHost(int tunnel) {
         if (_context.isRouterContext())
             return _("internal");
diff --git a/apps/i2ptunnel/jsp/editClient.jsp b/apps/i2ptunnel/jsp/editClient.jsp
index f9437bd5ba..f158f61ee5 100644
--- a/apps/i2ptunnel/jsp/editClient.jsp
+++ b/apps/i2ptunnel/jsp/editClient.jsp
@@ -434,6 +434,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
             </div>
          <% } %>
            
+         <% if (editBean.isAdvanced()) { %>
             <div id="tunnelOptionsField" class="rowItem">
                 <label>
                     <%=intl._("Signature type")%>
@@ -462,6 +463,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
             <div class="subdivider">
                 <hr />
             </div>
+         <% } // isAdvanced %>>
 
          <% if ("httpclient".equals(tunnelType) || "connectclient".equals(tunnelType) || "sockstunnel".equals(tunnelType) || "socksirctunnel".equals(tunnelType)) { %>
             <div id="accessField" class="rowItem">
diff --git a/apps/i2ptunnel/jsp/editServer.jsp b/apps/i2ptunnel/jsp/editServer.jsp
index c9c72f6c0e..978afd63ac 100644
--- a/apps/i2ptunnel/jsp/editServer.jsp
+++ b/apps/i2ptunnel/jsp/editServer.jsp
@@ -536,6 +536,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
             </div>
 <% **********************/ %>
 
+         <% if (editBean.isAdvanced()) { %>
             <div id="tunnelOptionsField" class="rowItem">
                 <label>
                     <%=intl._("Signature type")%>
@@ -564,6 +565,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
             <div class="subdivider">
                 <hr />
             </div>
+         <% } // isAdvanced %>>
                  
             <div id="customOptionsField" class="rowItem">
                 <label for="customOptions" accesskey="u">
diff --git a/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java b/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
index d837c1f1cb..e63925a1ac 100644
--- a/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
+++ b/router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java
@@ -12,8 +12,10 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
 
+import net.i2p.data.Certificate;
 import net.i2p.data.DatabaseEntry;
 import net.i2p.data.Hash;
+import net.i2p.data.LeaseSet;
 import net.i2p.data.RouterInfo;
 import net.i2p.data.TunnelId;
 import net.i2p.data.i2np.DatabaseStoreMessage;
@@ -163,6 +165,12 @@ class StoreJob extends JobImpl {
                     if (_log.shouldLog(Log.INFO))
                         _log.info(getJobId() + ": Error selecting closest hash that wasnt a router! " + peer + " : " + ds);
                     _state.addSkipped(peer);
+                } else if (_state.getData().getType() == DatabaseEntry.KEY_TYPE_LEASESET &&
+                           ((LeaseSet)_state.getData()).getDestination().getCertificate().getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY &&
+                           !supportsKeyCerts((RouterInfo)ds)) {
+                    if (_log.shouldLog(Log.INFO))
+                        _log.info(getJobId() + ": Skipping router that doesn't support key certs " + peer + " : " + ds);
+                    _state.addSkipped(peer);
                 } else {
                     int peerTimeout = _facade.getPeerTimeout(peer);
 
@@ -487,6 +495,19 @@ class StoreJob extends JobImpl {
         return VersionComparator.comp(v, MIN_ENCRYPTION_VERSION) >= 0;
     }
 
+    private static final String MIN_KEYCERT_VERSION = "0.9.11";
+
+    /**
+     * Does he support key certs (assumed with a non-DSA key)?
+     * @since 0.9.11
+     */
+    private static boolean supportsKeyCerts(RouterInfo ri) {
+        String v = ri.getOption("router.version");
+        if (v == null)
+            return false;
+        return VersionComparator.comp(v, MIN_KEYCERT_VERSION) >= 0;
+    }
+
     /**
      * Called after sending a dbStore to a peer successfully, 
      * marking the store as successful
-- 
GitLab