From 23005a82b1f9bd7301d0b35e0c6d251b1f771509 Mon Sep 17 00:00:00 2001
From: zzz <zzz@mail.i2p>
Date: Sun, 14 Nov 2010 14:49:26 +0000
Subject: [PATCH] I2CP username/pw auth (router side)

---
 .../client/ClientMessageEventListener.java    | 35 +++++++++++++++++--
 1 file changed, 32 insertions(+), 3 deletions(-)

diff --git a/router/java/src/net/i2p/router/client/ClientMessageEventListener.java b/router/java/src/net/i2p/router/client/ClientMessageEventListener.java
index 3b4b1a6be..edaefc599 100644
--- a/router/java/src/net/i2p/router/client/ClientMessageEventListener.java
+++ b/router/java/src/net/i2p/router/client/ClientMessageEventListener.java
@@ -135,8 +135,11 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
 	
     
     /** 
-     * Handle a CreateSessionMessage
-     *
+     * Handle a CreateSessionMessage.
+     * On errors, we could perhaps send a SessionStatusMessage with STATUS_INVALID before
+     * sending the DisconnectMessage... but right now the client will send _us_ a
+     * DisconnectMessage in return, and not wait around for our DisconnectMessage.
+     * So keep it simple.
      */
     private void handleCreateSession(I2CPMessageReader reader, CreateSessionMessage message) {
         if (message.getSessionConfig().verifySignature()) {
@@ -148,7 +151,33 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
             _runner.disconnectClient("Invalid signature on CreateSessionMessage");
             return;
         }
-	
+
+        // Auth, since 0.8.2
+        // In-JVM accesses have access to the same context properties, so
+        // they will be set on the client side... therefore we don't need to pass in
+        // some indication of (socket instanceof InternalSocket)
+        if (Boolean.valueOf(_context.getProperty("i2cp.auth")).booleanValue()) {
+            String configUser = _context.getProperty("i2cp.username");
+            String configPW = _context.getProperty("i2cp.password");
+            if (configUser != null && configPW != null) {
+                Properties props = message.getSessionConfig().getOptions();
+                String user = props.getProperty("i2cp.username");
+                String pw = props.getProperty("i2cp.password");
+                if (user == null || pw == null) {
+                    _log.error("I2CP auth failed for client: " + props.getProperty("inbound.nickname"));
+                    _runner.disconnectClient("Authorization required to create session, specify i2cp.username and i2cp.password in session options");
+                    return;
+                }
+                if ((!user.equals(configUser)) || (!pw.equals(configPW))) {
+                    _log.error("I2CP auth failed for client: " + props.getProperty("inbound.nickname") + " user: " + user);
+                    _runner.disconnectClient("Authorization failed for Create Session, user = " + user);
+                    return;
+                }
+                if (_log.shouldLog(Log.INFO))
+                    _log.info("I2CP auth success for client: " + props.getProperty("inbound.nickname") + " user: " + user);
+            }
+        }
+
         SessionId sessionId = new SessionId();
         sessionId.setSessionId(getNextSessionId()); 
         _runner.setSessionId(sessionId);