Package net.i2p.data

Class VerifiedDestination

  • All Implemented Interfaces:
    Serializable, DataStructure
    public class VerifiedDestination
extends Destination
    Extend Destination with methods to verify its Certificate. The router does not check Certificates, it doesn't care. Apps however (particularly addressbook) may wish to enforce various cert content, format, and policies. This class is written such that apps may extend it to create their own policies.
    Author:
    zzz
    See Also:
    Serialized Form

    • Field Detail

      • MIN_HASHCASH_EFFORT

        public static final int MIN_HASHCASH_EFFORT
        Defaults for HashCash Certs
        See Also:
        Constant Field Values

      • CERTIFICATE_LENGTH_SIGNED

        public static final int CERTIFICATE_LENGTH_SIGNED
        Defaults for Signed Certs

      • CERTIFICATE_LENGTH_SIGNED_WITH_HASH

        public static final int CERTIFICATE_LENGTH_SIGNED_WITH_HASH

    • Constructor Detail

      • VerifiedDestination

        public VerifiedDestination()

      • VerifiedDestination

        public VerifiedDestination​(String s)
                    throws DataFormatException
        alternative constructor which takes a base64 string representation
        Parameters:
        s - a Base64 representation of the destination, as (eg) is used in hosts.txt
        Throws:
        DataFormatException

    • Method Detail

      • verifyCert

        public boolean verifyCert​(boolean allowNone)
        verify the certificate.
        Parameters:
        allowNone - If true, allow a NULL or HIDDEN certificate.

      • verifyHashCashCert

        protected boolean verifyHashCashCert()
        HashCash Certs are used to demonstrate proof-of-work. We define a HashCash Certificate as follows: - length: typically 47 bytes, but may vary somewhat - contents: A version 1 HashCash Stamp, defined at http://www.hashcash.org/docs/hashcash.html#stamp_format__version_1_ modified to remove the contents of the 4th field (the resource) original is ver:bits:date:resource:[ext]:rand:counter I2P version is ver:bits:date::[ext]:rand:counter The HashCash is calculated with the following resource: The Base64 of the Public Key concatenated with the Base64 of the Signing Public Key (NOT the Base64 of the concatenated keys) To generate a Cert of this type, see PrivateKeyFile.main() To verify, we must put the keys back into the resource field of the stamp, then pass it to the HashCash constructor, then get the number of leading zeros and see if it meets our minimum effort.

      • verifySignedCert

        protected boolean verifySignedCert()
        Signed Certs are signed by a 3rd-party Destination. They can be used for a second-level domain, for example, to sign the Destination for a third-level domain. Or for a central authority to approve a destination. We define a Signed Certificate as follows: - length: Either 44 or 72 bytes - contents: 1: a 44 byte Signature 2 (optional): a 32 byte Hash of the signing Destination This can be a hint to the verification process to help find the identity and keys of the signing Destination. Data which is signed: The first 384 bytes of the Destination (i.e. the Public Key and Signing Public Key, WITHOUT the Certificate) It is not appropriate to enforce a particular delegation scheme here. The application will need to apply additional steps to select an appropriate signing Destination and verify the signature. See PrivateKeyFile.verifySignature() for sample verification code.

      • verifyUnknownCert

        protected boolean verifyUnknownCert()
        Reject all unknown certs