forked from I2P_Developers/i2p.i2p
I2CP: Allow larger client clock skew (ticket #1503),
better error message to client javadocs
This commit is contained in:
@@ -41,15 +41,18 @@ public class SessionConfig extends DataStructureImpl {
|
|||||||
private Properties _options;
|
private Properties _options;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* if the client authorized this session more than the specified period ago,
|
* If the client authorized this session more than the specified period ago,
|
||||||
* refuse it, since it may be a replay attack
|
* refuse it, since it may be a replay attack.
|
||||||
*
|
*
|
||||||
|
* Really? See also ClientManager.REQUEST_LEASESET_TIMEOUT.
|
||||||
|
* If I2CP replay attacks are a thing, there's a lot more to do.
|
||||||
*/
|
*/
|
||||||
private final static long OFFSET_VALIDITY = 30 * 1000;
|
private final static long OFFSET_VALIDITY = 3*60*1000;
|
||||||
|
|
||||||
public SessionConfig() {
|
public SessionConfig() {
|
||||||
this(null);
|
this(null);
|
||||||
}
|
}
|
||||||
|
|
||||||
public SessionConfig(Destination dest) {
|
public SessionConfig(Destination dest) {
|
||||||
_destination = dest;
|
_destination = dest;
|
||||||
_creationDate = new Date(Clock.getInstance().now());
|
_creationDate = new Date(Clock.getInstance().now());
|
||||||
@@ -124,6 +127,9 @@ public class SessionConfig extends DataStructureImpl {
|
|||||||
/**
|
/**
|
||||||
* Verify that the signature matches the destination's signing public key.
|
* Verify that the signature matches the destination's signing public key.
|
||||||
*
|
*
|
||||||
|
* Note that this also returns false if the creation date is too far in the
|
||||||
|
* past or future. See tooOld() and getCreationDate().
|
||||||
|
*
|
||||||
* @return true only if the signature matches
|
* @return true only if the signature matches
|
||||||
*/
|
*/
|
||||||
public boolean verifySignature() {
|
public boolean verifySignature() {
|
||||||
@@ -158,6 +164,9 @@ public class SessionConfig extends DataStructureImpl {
|
|||||||
return ok;
|
return ok;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Misnamed, could be too old or too far in the future.
|
||||||
|
*/
|
||||||
public boolean tooOld() {
|
public boolean tooOld() {
|
||||||
long now = Clock.getInstance().now();
|
long now = Clock.getInstance().now();
|
||||||
long earliestValid = now - OFFSET_VALIDITY;
|
long earliestValid = now - OFFSET_VALIDITY;
|
||||||
|
|||||||
@@ -1,4 +1,10 @@
|
|||||||
|
2015-04-01 zzz
|
||||||
|
* I2CP: Allow larger client clock skew (ticket #1503)
|
||||||
|
* i2psnark: Fix changing data directory on Windows (ticket #1503)
|
||||||
|
|
||||||
2015-03-31 zzz
|
2015-03-31 zzz
|
||||||
|
* API: Fix some client-side APIs to honor defaults in Properties;
|
||||||
|
add javadocs to specify where we do and don't (ticket #1491)
|
||||||
* i2ptunnel: Fix multiple SSL outproxies in HTTP client
|
* i2ptunnel: Fix multiple SSL outproxies in HTTP client
|
||||||
|
|
||||||
2015-03-29 zzz
|
2015-03-29 zzz
|
||||||
|
|||||||
@@ -18,7 +18,7 @@ public class RouterVersion {
|
|||||||
/** deprecated */
|
/** deprecated */
|
||||||
public final static String ID = "Monotone";
|
public final static String ID = "Monotone";
|
||||||
public final static String VERSION = CoreVersion.VERSION;
|
public final static String VERSION = CoreVersion.VERSION;
|
||||||
public final static long BUILD = 14;
|
public final static long BUILD = 15;
|
||||||
|
|
||||||
/** for example "-test" */
|
/** for example "-test" */
|
||||||
public final static String EXTRA = "-rc";
|
public final static String EXTRA = "-rc";
|
||||||
|
|||||||
@@ -12,6 +12,7 @@ import java.util.Properties;
|
|||||||
|
|
||||||
import net.i2p.CoreVersion;
|
import net.i2p.CoreVersion;
|
||||||
import net.i2p.crypto.SigType;
|
import net.i2p.crypto.SigType;
|
||||||
|
import net.i2p.data.DataHelper;
|
||||||
import net.i2p.data.Destination;
|
import net.i2p.data.Destination;
|
||||||
import net.i2p.data.Hash;
|
import net.i2p.data.Hash;
|
||||||
import net.i2p.data.Payload;
|
import net.i2p.data.Payload;
|
||||||
@@ -213,6 +214,15 @@ class ClientMessageEventListener implements I2CPMessageReader.I2CPMessageEventLi
|
|||||||
if (stype == null || !stype.isAvailable()) {
|
if (stype == null || !stype.isAvailable()) {
|
||||||
_log.error("Client requested unsupported signature type " + itype);
|
_log.error("Client requested unsupported signature type " + itype);
|
||||||
_runner.disconnectClient("Unsupported signature type " + itype);
|
_runner.disconnectClient("Unsupported signature type " + itype);
|
||||||
|
} else if (in.tooOld()) {
|
||||||
|
long skew = _context.clock().now() - in.getCreationDate().getTime();
|
||||||
|
String msg = "Create session message client clock skew? ";
|
||||||
|
if (skew >= 0)
|
||||||
|
msg += DataHelper.formatDuration(skew) + " in the past";
|
||||||
|
else
|
||||||
|
msg += DataHelper.formatDuration(0 - skew) + " in the future";
|
||||||
|
_log.error(msg);
|
||||||
|
_runner.disconnectClient(msg);
|
||||||
} else {
|
} else {
|
||||||
_log.error("Signature verification failed on a create session message");
|
_log.error("Signature verification failed on a create session message");
|
||||||
_runner.disconnectClient("Invalid signature on CreateSessionMessage");
|
_runner.disconnectClient("Invalid signature on CreateSessionMessage");
|
||||||
|
|||||||
@@ -29,7 +29,7 @@ class LeaseRequestState {
|
|||||||
private boolean _successful;
|
private boolean _successful;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param expiration absolute time
|
* @param expiration absolute time, when the request expires (not when the LS expires)
|
||||||
*/
|
*/
|
||||||
public LeaseRequestState(Job onGranted, Job onFailed, long expiration, LeaseSet requested) {
|
public LeaseRequestState(Job onGranted, Job onFailed, long expiration, LeaseSet requested) {
|
||||||
_onGranted = onGranted;
|
_onGranted = onGranted;
|
||||||
|
|||||||
Reference in New Issue
Block a user