Class TrustedUpdate

java.lang.Object
net.i2p.crypto.TrustedUpdate

public class TrustedUpdate
extends Object

Handles DSA signing and verification of update files.

For convenience this class also makes certain operations available via the command line. These can be invoked as follows:

 java net.i2p.crypto.TrustedUpdate keygen       publicKeyFile privateKeyFile
 java net.i2p.crypto.TrustedUpdate showversion  signedFile
 java net.i2p.crypto.TrustedUpdate sign         inputFile signedFile privateKeyFile version
 java net.i2p.crypto.TrustedUpdate verifysig    signedFile
 java net.i2p.crypto.TrustedUpdate verifyupdate signedFile
 java net.i2p.crypto.TrustedUpdate verifyversion signedFile
 
Author:
jrandom and smeghead
  • Field Details

  • Constructor Details

    • TrustedUpdate

      public TrustedUpdate()
      Constructs a new TrustedUpdate with the default global context.
    • TrustedUpdate

      public TrustedUpdate​(I2PAppContext context)
      Constructs a new TrustedUpdate with the given I2PAppContext.
      Parameters:
      context - An instance of I2PAppContext.
  • Method Details

    • getKeys

      public Map<SigningPublicKey,​String> getKeys()
      Since:
      0.9.8, public since 0.9.14.1
    • addKey

      public boolean addKey​(String key, String name)
      Duplicate keys or names rejected, except that duplicate empty names are allowed
      Parameters:
      key - 172 character base64 string
      name - non-null but "" ok
      Returns:
      true if successful
      Since:
      0.7.12
    • haveKey

      public boolean haveKey​(String key)
      Do we know about the following key?
      Since:
      0.7.12
    • main

      public static void main​(String[] args)
      Parses command line arguments when this class is used from the command line. Exits 1 on failure so this can be used in scripts.
      Parameters:
      args - Command line parameters.
    • needsUpdate

      public static final boolean needsUpdate​(String currentVersion, String newVersion)
      Checks if the given version is newer than the given current version.
      Parameters:
      currentVersion - The current version.
      newVersion - The version to test.
      Returns:
      true if the given version is newer than the current version, otherwise false.
    • getTrustedKeysString

      public String getTrustedKeysString()
      Fetches the trusted keys for the current instance. We could sort it but don't bother.
      Returns:
      A String containing the trusted keys, delimited by CR LF line breaks.
    • getVersionString

      public static String getVersionString​(File signedFile)
      Reads the version string from a signed update file.
      Parameters:
      signedFile - A signed update file.
      Returns:
      The version string read, or an empty string if no version string is present.
    • getVersionString

      public static String getVersionString​(InputStream inputStream)
      Reads the version string from an input stream
      Parameters:
      inputStream - containing at least 56 bytes
      Returns:
      The version string read, or an empty string if no version string is present.
      Since:
      0.7.12
    • newVersion

      public String newVersion()
      version in the .sud file, valid only after calling migrateVerified()
    • isUpdatedVersion

      public boolean isUpdatedVersion​(String currentVersion, File signedFile)
      Verifies that the version of the given signed update file is newer than currentVersion.
      Parameters:
      currentVersion - The current version to check against.
      signedFile - The signed update file.
      Returns:
      true if the signed update file's version is newer than the current version, otherwise false.
    • migrateVerified

      public String migrateVerified​(String currentVersion, File signedFile, File outputFile)
      Verifies the signature of a signed update file, and if it's valid and the file's version is newer than the given current version, migrates the data out of signedFile and into outputFile. As of 0.8.8, the embedded file must be a zip file with a standard zip header and a UTF-8 zip file comment matching the version in the sud header. This prevents spoofing the version, since the sud signature does NOT cover the version in the header. (We do this for sud/su2 files but not plugin xpi2p files - don't use this method for plugin files)
      Parameters:
      currentVersion - The current version to check against.
      signedFile - A signed update file.
      outputFile - The file to write the verified data to.
      Returns:
      null if the signature and version were valid and the data was moved, and an error String otherwise.
    • migrateFile

      public String migrateFile​(File signedFile, File outputFile)
      Extract the file. Skips and ignores the signature and version. No verification.
      Parameters:
      signedFile - A signed update file.
      outputFile - The file to write the verified data to.
      Returns:
      null if the data was moved, and an error String otherwise.
      Since:
      0.7.12
    • sign

      public Signature sign​(String inputFile, String signedFile, String privateKeyFile, String version)
      Uses the given private key to sign the given input file along with its version string using DSA. The output will be a signed update file where the first 40 bytes are the resulting DSA signature, the next 16 bytes are the input file's version string encoded in UTF-8 (padded with trailing 0h characters if necessary), and the remaining bytes are the raw bytes of the input file.
      Parameters:
      inputFile - The file to be signed.
      signedFile - The signed update file to write.
      privateKeyFile - The name of the file containing the private key to sign inputFile with.
      version - The version string of the input file. If this is longer than 16 characters it will be truncated.
      Returns:
      An instance of Signature, or null if there was an error.
    • sign

      public Signature sign​(String inputFile, String signedFile, SigningPrivateKey signingPrivateKey, String version)
      Uses the given SigningPrivateKey to sign the given input file along with its version string using DSA. The output will be a signed update file where the first 40 bytes are the resulting DSA signature, the next 16 bytes are the input file's version string encoded in UTF-8 (padded with trailing 0h characters if necessary), and the remaining bytes are the raw bytes of the input file.
      Parameters:
      inputFile - The file to be signed.
      signedFile - The signed update file to write.
      signingPrivateKey - An instance of SigningPrivateKey to sign inputFile with.
      version - The version string of the input file. If this is longer than 16 characters it will be truncated.
      Returns:
      An instance of Signature, or null if there was an error.
    • verify

      public boolean verify​(File signedFile)
      Verifies the DSA signature of a signed update file.
      Parameters:
      signedFile - The signed update file to check.
      Returns:
      true if the file has a valid signature, otherwise false.
    • verifyAndGetSigner

      public String verifyAndGetSigner​(File signedFile)
      Verifies the DSA signature of a signed update file.
      Parameters:
      signedFile - The signed update file to check.
      Returns:
      signer (could be empty string) or null if invalid
      Since:
      0.7.12
    • verify

      public boolean verify​(String signedFile, String publicKeyFile)
      Verifies the DSA signature of a signed update file.
      Parameters:
      signedFile - The signed update file to check.
      publicKeyFile - A file containing the public key to use for verification.
      Returns:
      true if the file has a valid signature, otherwise false.
    • verify

      public boolean verify​(File signedFile, SigningPublicKey signingPublicKey)
      Verifies the DSA signature of a signed update file.
      Parameters:
      signedFile - The signed update file to check.
      signingPublicKey - An instance of SigningPublicKey to use for verification.
      Returns:
      true if the file has a valid signature, otherwise false.