/** Verify with the "olddest" property's public key using the "oldsig" property */ public boolean hasValidInnerSig() { if (props == null || name == null || dest == null) return false; boolean rv = false; // don't cache result if (true) { StringWriter buf = new StringWriter(1024); String sig = props.getProperty(PROP_OLDSIG); String olddest = props.getProperty(PROP_OLDDEST); if (sig == null || olddest == null) return false; buf.append(name); buf.append(KV_SEPARATOR); buf.append(dest); try { writeProps(buf, true, true); } catch (IOException ioe) { // won't happen return false; } byte[] sdata = Base64.decode(sig); if (sdata == null) return false; Destination d; try { d = new Destination(olddest); } catch (DataFormatException dfe) { return false; } SigningPublicKey spk = d.getSigningPublicKey(); SigType type = spk.getType(); if (type == null) return false; Signature s; try { s = new Signature(type, sdata); } catch (IllegalArgumentException iae) { return false; } rv = DSAEngine.getInstance().verifySignature(s, DataHelper.getUTF8(buf.toString()), spk); } return rv; }
/** * Only called at startup via LoadRouterInfoJob and RebuildRouterInfoJob. Not called by periodic * RepublishLocalRouterInfoJob. We don't want to change the cert on the fly as it changes the * router hash. RouterInfo.isHidden() checks the capability, but RouterIdentity.isHidden() checks * the cert. There's no reason to ever add a hidden cert? * * @return the certificate for a new RouterInfo - probably a null cert. * @since 0.9.16 moved from Router */ static Certificate createCertificate(RouterContext ctx, SigningPublicKey spk) { if (spk.getType() != SigType.DSA_SHA1) return new KeyCertificate(spk); if (ctx.getBooleanProperty(Router.PROP_HIDDEN)) return new Certificate(Certificate.CERTIFICATE_TYPE_HIDDEN, null); return Certificate.NULL_CERT; }