/** * Up-convert this to a KeyCertificate * * @throws DataFormatException if cert type != CERTIFICATE_TYPE_KEY * @since 0.9.12 */ public KeyCertificate toKeyCertificate() throws DataFormatException { if (_type != CERTIFICATE_TYPE_KEY) throw new DataFormatException("type"); return new KeyCertificate(this); }
/** * Create a destination with the given signature type. * It will have a null certificate for DSA 1024/160 and KeyCertificate otherwise. * This is not bound to the I2PClient, you must supply the data back again * in createSession(). * * Caller must close stream. * * @param destKeyStream location to write out the destination, PrivateKey, and SigningPrivateKey, * format is specified in {@link net.i2p.data.PrivateKeyFile PrivateKeyFile} * @since 0.9.12 */ public Destination createDestination(OutputStream destKeyStream, SigType type) throws I2PException, IOException { Certificate cert; if (type == SigType.DSA_SHA1) { cert = Certificate.NULL_CERT; } else { cert = new KeyCertificate(type); } return createDestination(destKeyStream, cert); }
return new KeyCertificate(payload); } catch (DataFormatException dfe) { throw new IllegalArgumentException(dfe);
/** * Only called at startup via LoadRouterInfoJob and RebuildRouterInfoJob. * Not called by periodic RepublishLocalRouterInfoJob. * We don't want to change the cert on the fly as it changes the router hash. * RouterInfo.isHidden() checks the capability, but RouterIdentity.isHidden() checks the cert. * There's no reason to ever add a hidden cert? * * @return the certificate for a new RouterInfo - probably a null cert. * @since 0.9.16 moved from Router */ static Certificate createCertificate(RouterContext ctx, SigningPublicKey spk) { if (spk.getType() != SigType.DSA_SHA1) return new KeyCertificate(spk); if (ctx.getBooleanProperty(Router.PROP_HIDDEN)) return new Certificate(Certificate.CERTIFICATE_TYPE_HIDDEN, null); return Certificate.NULL_CERT; } }
/** * If null, P256 key, or Ed25519 key cert, return immutable static instance, else create new * @since 0.8.3 */ public static Certificate create(InputStream in) throws DataFormatException, IOException { // EOF will be thrown in next read int type = in.read(); int length = (int) DataHelper.readLong(in, 2); if (type == 0 && length == 0) return NULL_CERT; // from here down roughly the same as readBytes() below if (length == 0) return new Certificate(type, null); byte[] payload = new byte[length]; int read = DataHelper.read(in, payload); if (read != length) throw new DataFormatException("Not enough bytes for the payload (read: " + read + " length: " + length + ')'); if (type == CERTIFICATE_TYPE_KEY) { if (length == 4) { if (Arrays.equals(payload, KeyCertificate.Ed25519_PAYLOAD)) return KeyCertificate.ELG_Ed25519_CERT; if (Arrays.equals(payload, KeyCertificate.ECDSA256_PAYLOAD)) return KeyCertificate.ELG_ECDSA256_CERT; } return new KeyCertificate(payload); } return new Certificate(type, payload); }
@Test public void testFromP256Payload() throws DataFormatException { KeyCertificate cert = new KeyCertificate(P256_PAYLOAD); assertThat(cert.getSigTypeCode(), is(equalTo(SigType.ECDSA_SHA256_P256.getCode()))); assertThat(cert.getCryptoTypeCode(), is(equalTo(EncType.EC_P256.getCode()))); assertThat(cert.getExtraSigningKeyData(), is(nullValue())); }
@Test public void testFromEd25519Payload() throws DataFormatException { KeyCertificate cert = new KeyCertificate(P521_PAYLOAD); assertThat(cert.getSigTypeCode(), is(equalTo(SigType.ECDSA_SHA512_P521.getCode()))); assertThat(cert.getCryptoTypeCode(), is(equalTo(EncType.ELGAMAL_2048.getCode()))); assertThat(cert.getExtraSigningKeyData().length, is(4)); } }
if (dest == null) throw new IllegalArgumentException("Dest is null"); KeyCertificate c = new KeyCertificate(type); SimpleDataStructure signingKeys[]; try {
SigningPublicKey signingPubKey = (SigningPublicKey) signingKeys[0]; SigningPrivateKey signingPrivKey = (SigningPrivateKey) signingKeys[1]; KeyCertificate cert = new KeyCertificate(signingPubKey); Destination d = new Destination(); d.setPublicKey(pub);