net.i2p.data.VerifiedDestination

All Implemented Interfaces:: Serializable, DataStructure

public class VerifiedDestination
extends Destination

Extend Destination with methods to verify its Certificate. The router does not check Certificates, it doesn't care. Apps however (particularly addressbook) may wish to enforce various cert content, format, and policies. This class is written such that apps may extend it to create their own policies.

Author:: zzz
See Also:: Serialized Form

Field Summary

Fields
Modifier and Type	Field	Description
`static int`	`CERTIFICATE_LENGTH_SIGNED`	Defaults for Signed Certs
`static int`	`CERTIFICATE_LENGTH_SIGNED_WITH_HASH`
`static int`	`MIN_HASHCASH_EFFORT`	Defaults for HashCash Certs

Fields inherited from class net.i2p.data.KeysAndCert

_certificate, _padding, _publicKey, _signingKey

Constructor Summary

Constructors
Constructor	Description
`VerifiedDestination()`
`VerifiedDestination(String s)`	alternative constructor which takes a base64 string representation
`VerifiedDestination(Destination d)`	create from an existing Dest

Method Summary

Modifier and Type	Method	Description
`String`	`toString()`
`boolean`	`verifyCert(boolean allowNone)`	verify the certificate.
`protected boolean`	`verifyHashCashCert()`	HashCash Certs are used to demonstrate proof-of-work.
`protected boolean`	`verifySignedCert()`	Signed Certs are signed by a 3rd-party Destination.
`protected boolean`	`verifyUnknownCert()`	Reject all unknown certs

Methods inherited from class net.i2p.data.Destination

clearCache, create, equals, hashCode, readBytes, size, toBase32, toBase64, writeBytes

Methods inherited from class net.i2p.data.KeysAndCert

calculateHash, combinePadding, getCertificate, getEncType, getHash, getPadding, getPublicKey, getSigningPublicKey, getSigType, readBytes, setCertificate, setPadding, setPublicKey, setSigningPublicKey, writeBytes

Methods inherited from class net.i2p.data.DataStructureImpl

fromBase64, fromByteArray, read, toByteArray

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Details
- MIN_HASHCASH_EFFORT
  
  public static final int MIN_HASHCASH_EFFORT
  
  Defaults for HashCash Certs
  
  See Also:
  
  Constant Field Values
- CERTIFICATE_LENGTH_SIGNED
  
  public static final int CERTIFICATE_LENGTH_SIGNED
  
  Defaults for Signed Certs
- CERTIFICATE_LENGTH_SIGNED_WITH_HASH
  
  public static final int CERTIFICATE_LENGTH_SIGNED_WITH_HASH
Constructor Details
- VerifiedDestination
  
  public VerifiedDestination()
- VerifiedDestination
  
  public VerifiedDestination(String s) throws DataFormatException
  
  alternative constructor which takes a base64 string representation
  
  Parameters:
  
  s - a Base64 representation of the destination, as (eg) is used in hosts.txt
  
  Throws:
  
  DataFormatException
- VerifiedDestination
  
  public VerifiedDestination(Destination d) throws DataFormatException
  
  create from an existing Dest
  
  Parameters:
  
  d - must be non-null
  
  Throws:
  
  DataFormatException
Method Details
- verifyCert
  
  public boolean verifyCert(boolean allowNone)
  
  verify the certificate.
  
  Parameters:
  
  allowNone - If true, allow a NULL or HIDDEN certificate.
- verifyHashCashCert
  
  protected boolean verifyHashCashCert()
  
  HashCash Certs are used to demonstrate proof-of-work. We define a HashCash Certificate as follows: - length: typically 47 bytes, but may vary somewhat - contents: A version 1 HashCash Stamp, defined at http://www.hashcash.org/docs/hashcash.html#stamp_format__version_1_ modified to remove the contents of the 4th field (the resource) original is ver:bits:date:resource:[ext]:rand:counter I2P version is ver:bits:date::[ext]:rand:counter The HashCash is calculated with the following resource: The Base64 of the Public Key concatenated with the Base64 of the Signing Public Key (NOT the Base64 of the concatenated keys) To generate a Cert of this type, see PrivateKeyFile.main() To verify, we must put the keys back into the resource field of the stamp, then pass it to the HashCash constructor, then get the number of leading zeros and see if it meets our minimum effort.
- verifySignedCert
  
  protected boolean verifySignedCert()
  
  Signed Certs are signed by a 3rd-party Destination. They can be used for a second-level domain, for example, to sign the Destination for a third-level domain. Or for a central authority to approve a destination. We define a Signed Certificate as follows: - length: Either 44 or 72 bytes - contents: 1: a 44 byte Signature 2 (optional): a 32 byte Hash of the signing Destination This can be a hint to the verification process to help find the identity and keys of the signing Destination. Data which is signed: The first 384 bytes of the Destination (i.e. the Public Key and Signing Public Key, WITHOUT the Certificate) It is not appropriate to enforce a particular delegation scheme here. The application will need to apply additional steps to select an appropriate signing Destination and verify the signature. See PrivateKeyFile.verifySignature() for sample verification code.
- verifyUnknownCert
  
  protected boolean verifyUnknownCert()
  
  Reject all unknown certs
- toString
  
  public String toString()
  
  Overrides:
  
  toString in class KeysAndCert

Class VerifiedDestination