Package net.i2p.data

Class VerifiedDestination

All Implemented Interfaces:
Serializable, DataStructure

public class VerifiedDestination extends Destination
Extend Destination with methods to verify its Certificate. The router does not check Certificates, it doesn't care. Apps however (particularly addressbook) may wish to enforce various cert content, format, and policies. This class is written such that apps may extend it to create their own policies.
Author:
zzz
See Also:
  • Field Details

    • MIN_HASHCASH_EFFORT

      public static final int MIN_HASHCASH_EFFORT
      Defaults for HashCash Certs
      See Also:
    • CERTIFICATE_LENGTH_SIGNED

      public static final int CERTIFICATE_LENGTH_SIGNED
      Defaults for Signed Certs
    • CERTIFICATE_LENGTH_SIGNED_WITH_HASH

      public static final int CERTIFICATE_LENGTH_SIGNED_WITH_HASH
  • Constructor Details

    • VerifiedDestination

      public VerifiedDestination()
    • VerifiedDestination

      public VerifiedDestination(String s) throws DataFormatException
      alternative constructor which takes a base64 string representation
      Parameters:
      s - a Base64 representation of the destination, as (eg) is used in hosts.txt
      Throws:
      DataFormatException
    • VerifiedDestination

      public VerifiedDestination(Destination d) throws DataFormatException
      create from an existing Dest
      Parameters:
      d - must be non-null
      Throws:
      DataFormatException
  • Method Details

    • verifyCert

      public boolean verifyCert(boolean allowNone)
      verify the certificate.
      Parameters:
      allowNone - If true, allow a NULL or HIDDEN certificate.
    • verifyHashCashCert

      protected boolean verifyHashCashCert()
      HashCash Certs are used to demonstrate proof-of-work. We define a HashCash Certificate as follows: - length: typically 47 bytes, but may vary somewhat - contents: A version 1 HashCash Stamp, defined at http://www.hashcash.org/docs/hashcash.html#stamp_format__version_1_ modified to remove the contents of the 4th field (the resource) original is ver:bits:date:resource:[ext]:rand:counter I2P version is ver:bits:date::[ext]:rand:counter The HashCash is calculated with the following resource: The Base64 of the Public Key concatenated with the Base64 of the Signing Public Key (NOT the Base64 of the concatenated keys) To generate a Cert of this type, see PrivateKeyFile.main() To verify, we must put the keys back into the resource field of the stamp, then pass it to the HashCash constructor, then get the number of leading zeros and see if it meets our minimum effort.
    • verifySignedCert

      protected boolean verifySignedCert()
      Signed Certs are signed by a 3rd-party Destination. They can be used for a second-level domain, for example, to sign the Destination for a third-level domain. Or for a central authority to approve a destination. We define a Signed Certificate as follows: - length: Either 44 or 72 bytes - contents: 1: a 44 byte Signature 2 (optional): a 32 byte Hash of the signing Destination This can be a hint to the verification process to help find the identity and keys of the signing Destination. Data which is signed: The first 384 bytes of the Destination (i.e. the Public Key and Signing Public Key, WITHOUT the Certificate) It is not appropriate to enforce a particular delegation scheme here. The application will need to apply additional steps to select an appropriate signing Destination and verify the signature. See PrivateKeyFile.verifySignature() for sample verification code.
    • verifyUnknownCert

      protected boolean verifyUnknownCert()
      Reject all unknown certs
    • toString

      public String toString()
      Overrides:
      toString in class KeysAndCert