I2P Address: [http://git.idk.i2p]

Skip to content
Snippets Groups Projects
Commit b55b552e authored by zzz's avatar zzz
Browse files

* Plugins: Better handling of signing keys (Ticket #351)

parent 3098d6ef
Branches
Tags
No related merge requests found
...@@ -176,23 +176,30 @@ JXQAnA28vDmMMMH/WPbC5ixmJeGGNUiR ...@@ -176,23 +176,30 @@ JXQAnA28vDmMMMH/WPbC5ixmJeGGNUiR
/** /**
* Duplicate keys or names rejected, * Duplicate keys or names rejected,
* except that duplicate empty names are allowed * except that duplicate empty names are allowed
* @param key 172 character base64 string
* @param name non-null but "" ok
* @since 0.7.12 * @since 0.7.12
* @return true if successful * @return true if successful
*/ */
public boolean addKey(String key, String name) { public boolean addKey(String key, String name) {
String oldName = _trustedKeys.get(key);
// already there?
if (name.equals(oldName))
return true;
if (oldName != null && !oldName.equals("")) {
_log.error("Key for " + name + " already stored for different name " + oldName + " : " + key);
return false;
}
SigningPublicKey signingPublicKey = new SigningPublicKey(); SigningPublicKey signingPublicKey = new SigningPublicKey();
try { try {
// fromBase64() won't reject a string that is too long // fromBase64() will throw a DFE if length is not right
if (key.length() != KEYSIZE_B64_BYTES)
throw new DataFormatException("x");
signingPublicKey.fromBase64(key); signingPublicKey.fromBase64(key);
} catch (DataFormatException dfe) { } catch (DataFormatException dfe) {
_log.error("Bad signing key for " + name + " : " + key); _log.error("Invalid signing key for " + name + " : " + key, dfe);
return false; return false;
} }
if (_trustedKeys.containsKey(signingPublicKey) || if ((!name.equals("")) && _trustedKeys.containsValue(name)) {
((!name.equals("")) && _trustedKeys.containsValue(name))) { _log.error("Key mismatch for " + name + ", spoof attempt? : " + key);
_log.error("Duplicate signing key for " + name + " : " + key);
return false; return false;
} }
_trustedKeys.put(signingPublicKey, name); _trustedKeys.put(signingPublicKey, name);
......
0% Loading or .
You are about to add 0 people to the discussion. Proceed with caution.
Please register or to comment