diff --git a/core/java/src/net/i2p/crypto/TrustedUpdate.java b/core/java/src/net/i2p/crypto/TrustedUpdate.java
index 11f267712f88cc0ba15c3c288c83960d2a4bdd13..fdf63697dfbdfc1b2ccc620faff132e778e9a1d0 100644
--- a/core/java/src/net/i2p/crypto/TrustedUpdate.java
+++ b/core/java/src/net/i2p/crypto/TrustedUpdate.java
@@ -176,23 +176,30 @@ JXQAnA28vDmMMMH/WPbC5ixmJeGGNUiR
/**
* Duplicate keys or names rejected,
* except that duplicate empty names are allowed
+ * @param key 172 character base64 string
+ * @param name non-null but "" ok
* @since 0.7.12
* @return true if successful
*/
public boolean addKey(String key, String name) {
+ String oldName = _trustedKeys.get(key);
+ // already there?
+ if (name.equals(oldName))
+ return true;
+ if (oldName != null && !oldName.equals("")) {
+ _log.error("Key for " + name + " already stored for different name " + oldName + " : " + key);
+ return false;
+ }
SigningPublicKey signingPublicKey = new SigningPublicKey();
try {
- // fromBase64() won't reject a string that is too long
- if (key.length() != KEYSIZE_B64_BYTES)
- throw new DataFormatException("x");
+ // fromBase64() will throw a DFE if length is not right
signingPublicKey.fromBase64(key);
} catch (DataFormatException dfe) {
- _log.error("Bad signing key for " + name + " : " + key);
+ _log.error("Invalid signing key for " + name + " : " + key, dfe);
return false;
}
- if (_trustedKeys.containsKey(signingPublicKey) ||
- ((!name.equals("")) && _trustedKeys.containsValue(name))) {
- _log.error("Duplicate signing key for " + name + " : " + key);
+ if ((!name.equals("")) && _trustedKeys.containsValue(name)) {
+ _log.error("Key mismatch for " + name + ", spoof attempt? : " + key);
return false;
}
_trustedKeys.put(signingPublicKey, name);