net.i2p.data
Class VerifiedDestination

java.lang.Object
  extended by net.i2p.data.DataStructureImpl
      extended by net.i2p.data.Destination
          extended by net.i2p.data.VerifiedDestination
All Implemented Interfaces:
DataStructure

public class VerifiedDestination
extends Destination

Extend Destination with methods to verify its Certificate. The router does not check Certificates, it doesn't care. Apps however (particularly addressbook) may wish to enforce various cert content, format, and policies. This class is written such that apps may extend it to create their own policies.

Author:
zzz

Field Summary
static int CERTIFICATE_LENGTH_SIGNED
          Defaults for Signed Certs
static int CERTIFICATE_LENGTH_SIGNED_WITH_HASH
           
static int MIN_HASHCASH_EFFORT
          Defaults for HashCash Certs
 
Fields inherited from class net.i2p.data.Destination
__calculatedHash, _certificate, _publicKey, _signingKey
 
Constructor Summary
VerifiedDestination()
           
VerifiedDestination(Destination d)
          create from an existing Dest
VerifiedDestination(java.lang.String s)
          alternative constructor which takes a base64 string representation
 
Method Summary
 java.lang.String toString()
           
 boolean verifyCert(boolean allowNone)
          verify the certificate.
protected  boolean verifyHashCashCert()
          HashCash Certs are used to demonstrate proof-of-work.
protected  boolean verifySignedCert()
          Signed Certs are signed by a 3rd-party Destination.
protected  boolean verifyUnknownCert()
          Reject all unknown certs
 
Methods inherited from class net.i2p.data.Destination
calculateHash, equals, getCertificate, getPublicKey, getSigningPublicKey, hashCode, main, readBytes, readBytes, setCertificate, setPublicKey, setSigningPublicKey, size, writeBytes, writeBytes
 
Methods inherited from class net.i2p.data.DataStructureImpl
fromBase64, fromByteArray, read, toBase64, toByteArray
 
Methods inherited from class java.lang.Object
clone, finalize, getClass, notify, notifyAll, wait, wait, wait
 

Field Detail

MIN_HASHCASH_EFFORT

public static final int MIN_HASHCASH_EFFORT
Defaults for HashCash Certs

See Also:
Constant Field Values

CERTIFICATE_LENGTH_SIGNED

public static final int CERTIFICATE_LENGTH_SIGNED
Defaults for Signed Certs

See Also:
Constant Field Values

CERTIFICATE_LENGTH_SIGNED_WITH_HASH

public static final int CERTIFICATE_LENGTH_SIGNED_WITH_HASH
See Also:
Constant Field Values
Constructor Detail

VerifiedDestination

public VerifiedDestination()

VerifiedDestination

public VerifiedDestination(java.lang.String s)
                    throws DataFormatException
alternative constructor which takes a base64 string representation

Parameters:
s - a Base64 representation of the destination, as (eg) is used in hosts.txt
Throws:
DataFormatException

VerifiedDestination

public VerifiedDestination(Destination d)
                    throws DataFormatException
create from an existing Dest

Parameters:
d - must be non-null
Throws:
DataFormatException
Method Detail

verifyCert

public boolean verifyCert(boolean allowNone)
verify the certificate.

Parameters:
allowNone - If true, allow a NULL or HIDDEN certificate.

verifyHashCashCert

protected boolean verifyHashCashCert()
HashCash Certs are used to demonstrate proof-of-work. We define a HashCash Certificate as follows: - length: typically 47 bytes, but may vary somewhat - contents: A version 1 HashCash Stamp, defined at http://www.hashcash.org/docs/hashcash.html#stamp_format__version_1_ modified to remove the contents of the 4th field (the resource) original is ver:bits:date:resource:[ext]:rand:counter I2P version is ver:bits:date::[ext]:rand:counter The HashCash is calculated with the following resource: The Base64 of the Public Key concatenated with the Base64 of the Signing Public Key (NOT the Base64 of the concatenated keys) To generate a Cert of this type, see PrivateKeyFile.main() To verify, we must put the keys back into the resource field of the stamp, then pass it to the HashCash constructor, then get the number of leading zeros and see if it meets our minimum effort.


verifySignedCert

protected boolean verifySignedCert()
Signed Certs are signed by a 3rd-party Destination. They can be used for a second-level domain, for example, to sign the Destination for a third-level domain. Or for a central authority to approve a destination. We define a Signed Certificate as follows: - length: Either 44 or 72 bytes - contents: 1: a 44 byte Signature 2 (optional): a 32 byte Hash of the signing Destination This can be a hint to the verification process to help find the identity and keys of the signing Destination. Data which is signed: The first 384 bytes of the Destination (i.e. the Public Key and Signing Public Key, WITHOUT the Certificate) It is not appropriate to enforce a particular delegation scheme here. The application will need to apply additional steps to select an appropriate signing Destination and verify the signature. See PrivateKeyFile.verifySignature() for sample verification code.


verifyUnknownCert

protected boolean verifyUnknownCert()
Reject all unknown certs


toString

public java.lang.String toString()
Overrides:
toString in class Destination