erorro no connect

I'm the maintainer for i2p on Gentoo and we found an issue when freshly installing the package. We are using there a split-install, having a directory in /usr/share/i2p for the install and a separated user directory in /var/lib/i2p. The launcher is started in the install dir, with -Di2p.dir.app=/var/lib/i2p/app -Di2p.dir.config=/var/lib/i2p/config -Di2p.dir.router=/var/lib/i2p/router.

Now, when starting the router for the first time, some install files are copied to the user directory. The hosts.txt is put by it in the config dir.
The default config of the addressbook points to some relative files (for eg defaultSettings.put("router_addressbook", "../hosts.txt")), which is only valid in a non-split setup. The addressbook files resides in the router directory, not in the config one. So we end up with an empty addressbook, which isn't even able to sync with subscriptions as no address can be resolved.

I'm unsure of how to best approach it, I see a few ways to do so but not a clear one (from what I gathered, there is not a dedicated way to know what is the known list of address)

• should the default config point to the install directory?
  • but files there are not writable, and router_addressbook wants to update it
• should the migration process actually copy the hosts.txt to the addressbook?
  • there is a bunch of references to "hosts.txt" throughout the code, so I'm scared of having it defined sometimes via the install dir and sometimes via the addressbook

@eyedeekay, btw I registered on git.idk.i2p around a month ago, I would happily continue the conversation there if you accept me :)

if (_log.shouldLog(Log.INFO))
_log.info("Loaded total of " + totalAdds + " new trusted certificates");

    try {
        SSLContext sslc = SSLContext.getInstance("TLS");

line:430

Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of javax.net.ssl.SSLContext.getInstance.
[‎core/java/src/net/i2p/util/SSLEepGet.java]

    return false;
    }
    InputStream fis = null;
    try {
        SSLContext sslc = SSLContext.getInstance("TLS");

line:141

Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of javax.net.ssl.SSLContext.getInstance.
[‎router/java/src/net/i2p/router/client/SSLClientListenerRunner.java]

        // don't continue, since we didn't load the system keystore, we have nothing.
        throw new GeneralSecurityException(msg);
    }

529: SSLContext sslc = SSLContext.getInstance("TLS");

Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of javax.net.ssl.SSLContext.getInstance.
[‎core/java/src/net/i2p/util/I2PSSLSocketFactory.java]

   }

    InputStream fis = null;
    try {

#198 SSLContext sslc = SSLContext.getInstance("TLS");

Implement secure HTTPS communication. Consider using latest TLSv1.2 instead of javax.net.ssl.SSLContext.getInstance.
[‎apps/i2ptunnel/java/src/net/i2p/i2ptunnel/SSLClientUtil.java]

    }

    InputStream fis = null;
    try {
        SSLContext sslc = SSLContext.getInstance("TLS");

163:

[‎apps/sam/java/src/net/i2p/sam/client/SSLUtil.java]

    }

    InputStream fis = null;
    try {
        SSLContext sslc = SSLContext.getInstance("TLS");

162:
[‎apps/sam/java/src/net/i2p/sam/SSLUtil.java

learn how to fix
https://learn.snyk.io/lesson/insecure-hash/?authenticate=automatic

I'm sorry to open a bug report here for this kind of problem but I've not found a better way.

It's a few weeks the debian reposository is not accessible, is this a know issue?

403 Denied

Inproxy access denied. You must run I2P to access this site.

I get that message on http://plugins.i2p/, http://forum.i2p/ and some others how ever other ones work like http://pastethis.i2p http://killyourtv.i2p/ and some others so what is the issue here, can any one help? P.S thanks for i2p fucking love it!

I still can access eepsites, but I just can't access the router, and this happened after the last update.

@str4d @zzzi2p

	SSDPNotifyRequest ssdpReq = new SSDPNotifyRequest();
	ssdpReq.setServer(UPnP.getServerName());
	ssdpReq.setLeaseTime(dev.getLeaseTime());
	ssdpReq.setLocation(devLocation);

lines 661 ,
664, ssdpReq.setUSN(serviceUSN);
686, ssdpReq.setUSN(devUSN);
711, dev.postSearchResponse(ssdpPacket, serviceNT, serviceUSN);
716, dev.postSearchResponse(ssdpPacket, serviceType, serviceUSN);

Unsanitized input from data from a remote resource flows into setHeader and reaches an HTTP header returned to the user. This may allow a malicious input that contain CR/LF to split the http response into two responses and the second response to be controlled by the attacker. This may be used to mount a range of attacks such as cross-site scripting or cache poisoning.

router/java/src/org/cybergarage/upnp/Service.java#L661)

hi,

docker, 2.1.0-2 and 2.0.0.

router console says:

compose is set with this:

docker stats says:

so, i dont know where the 2496MB limit comes from.

the memory amount keeps filling until the max, then i looks like i2p crashes and restarts. Cant find any logs that show me an error.

//--
removed the compose JVM_XMX environment variable:

I previously, for version 2.0.0 I believe, followed the instructions for installation on debian here.

I built this as a docker image.
Everything worked fine.

Today I basically rebuilt it all, to pull in the latest i2p packages.

When starting i2p router, I see errors like these in the logs:

2023/03/22 16:31:23 | ERROR: Failed to start i2ptunnel java.lang.NoClassDefFoundError: jakarta/servlet/ServletException
2023/03/22 16:31:23 | java.lang.NoClassDefFoundError: jakarta/servlet/ServletException
2023/03/22 16:31:23 | 	at java.base/java.lang.Class.getDeclaredConstructors0(Native Method)
2023/03/22 16:31:23 | 	at java.base/java.lang.Class.privateGetDeclaredConstructors(Class.java:3373)
2023/03/22 16:31:23 | 	at java.base/java.lang.Class.getConstructor0(Class.java:3578)
2023/03/22 16:31:23 | 	at java.base/java.lang.Class.getDeclaredConstructor(Class.java:2754)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.server.handler.ContextHandler$StaticContext.createInstance(ContextHandler.java:2902)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletContextHandler$Context.createInstance(ServletContextHandler.java:1299)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.server.handler.ContextHandler$StaticContext.createServlet(ContextHandler.java:2919)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletHolder.newInstance(ServletHolder.java:1202)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletHolder.initServlet(ServletHolder.java:592)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletHolder.initialize(ServletHolder.java:415)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletHandler.lambda$initialize$0(ServletHandler.java:750)
2023/03/22 16:31:23 | 	at java.base/java.util.stream.SortedOps$SizedRefSortingSink.end(SortedOps.java:357)
2023/03/22 16:31:23 | 	at java.base/java.util.stream.AbstractPipeline.copyInto(AbstractPipeline.java:510)
2023/03/22 16:31:23 | 	at java.base/java.util.stream.AbstractPipeline.wrapAndCopyInto(AbstractPipeline.java:499)
2023/03/22 16:31:23 | 	at java.base/java.util.stream.StreamSpliterators$WrappingSpliterator.forEachRemaining(StreamSpliterators.java:310)
2023/03/22 16:31:23 | 	at java.base/java.util.stream.Streams$ConcatSpliterator.forEachRemaining(Streams.java:735)
2023/03/22 16:31:23 | 	at java.base/java.util.stream.ReferencePipeline$Head.forEach(ReferencePipeline.java:762)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletHandler.initialize(ServletHandler.java:774)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletContextHandler.startContext(ServletContextHandler.java:379)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.webapp.WebAppContext.startWebapp(WebAppContext.java:1449)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.webapp.WebAppContext.startContext(WebAppContext.java:1414)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.server.handler.ContextHandler.doStart(ContextHandler.java:916)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.servlet.ServletContextHandler.doStart(ServletContextHandler.java:288)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.webapp.WebAppContext.doStart(WebAppContext.java:524)
2023/03/22 16:31:23 | 	at org.eclipse.jetty.util.component.AbstractLifeCycle.start(AbstractLifeCycle.java:73)
2023/03/22 16:31:23 | 	at net.i2p.router.web.WebAppStarter.startWebApp(WebAppStarter.java:126)
2023/03/22 16:31:23 | 	at net.i2p.router.web.WebAppStarter.startWebApp(WebAppStarter.java:101)
2023/03/22 16:31:23 | 	at net.i2p.router.web.RouterConsoleRunner.startConsole(RouterConsoleRunner.java:844)
2023/03/22 16:31:23 | 	at net.i2p.router.web.RouterConsoleRunner.startup(RouterConsoleRunner.java:239)
2023/03/22 16:31:23 | 	at net.i2p.router.startup.RouterAppManager.addAndStart(RouterAppManager.java:54)
2023/03/22 16:31:23 | 	at net.i2p.router.startup.LoadClientAppsJob$RunApp.run(LoadClientAppsJob.java:303)
2023/03/22 16:31:23 | 	at java.base/java.lang.Thread.run(Thread.java:833)
2023/03/22 16:31:23 | 	at net.i2p.util.I2PThread.run(I2PThread.java:103)
2023/03/22 16:31:23 | Caused by: java.lang.ClassNotFoundException: jakarta.servlet.ServletException
2023/03/22 16:31:23 | 	at java.base/jdk.internal.loader.BuiltinClassLoader.loadClass(BuiltinClassLoader.java:641)
2023/03/22 16:31:23 | 	at java.base/jdk.internal.loader.ClassLoaders$AppClassLoader.loadClass(ClassLoaders.java:188)
2023/03/22 16:31:23 | 	at java.base/java.lang.ClassLoader.loadClass(ClassLoader.java:520)
2023/03/22 16:31:23 | 	... 33 more

Obviously nothing works.

This feels like a missed dependency in the i2p package, but maybe I'm mistaken and there is some way to fix this from the OS/container side?

OS used: debian bookworm (slim base image tag)
JDK: OpenJDK 17-jre (installed as dependency for i2p)

The same behaviour exist on x86 and armhf.

n sanitized input from data from a remote resource flows into openConnection, where it is used as an URL to perform a request. This may result in a Server-Side Request Forgery vulnerability.
‎router/java/src/org/cybergarage/xml/Parser.java:97

‎router/java/src/org/cybergarage/xml/Parser.java:135
‎core/java/src/net/i2p/util/EepGet.java:310
‎router/java/src/org/cybergarage/xml/Parser.java:160

Even if I configure the SAM application bridge to run at startup on http://127.0.0.1:7657/configclients, it will not run unless I manually start it on this page.

Please unzip to a folder with the project name. E.g. if the installer is run from ~/Downloads/, unzip to ~/Downloads/i2p/.

Are there any plans on updating the docker image to support ARM?

• Jason

As of right now, total_size is just the size of a current piece. This freaks out libtorrent (see arvidn/libtorrent#36). BEP09 says total_size has the same semantics as metadata_size.

Hello,

As recommended by I2P on Android, I installed Privacy Browser and put proxy on i2p.

But when clicking links, it only ask for i2p in app or Vanadium.. not Privacy Browser (or any other installed)

Why ?

In light of the recent Floodfill router DDoS. Denial-of-service is an effective means of censorship and I can see attacks like this becoming a bigger concern on the network. Seeing as the basis of this attack is that there simply are too many of floodfill routers, the first step is making it more difficult to create new floodfill routers and have them join:

1. Each node should have a hard-coded ceiling IP address limit - seeing a floodfill advertisement or a direct connection will count against the IP limit. In practice I think a limit of ~10 would be unlikely to filter legitimate traffic, once the cap is hit - ignore future advertisements for that "unique" floodfill.
2. Require that floodfill routers generate a unique, timestamped zoro-prefix'ed signature as a proof-of-work that is used for their first advertisement. A CPU bound process local process of a PoW will limit a floodfill router's ability eating community DHT resources. Even generating just one PoW would make floodfilll DoS more difficult to carry out.

Another approach is a reputation system, and being able to report on reputation solves the problem of a large number of floodfill routers working together and refusing to forwarding traffic.

1. Use a libp2p-style pub/sub establish a CRDT communal counter (OrbitDB has one of these data types). Each counter is a k/v pair of the hash of the public key of a node on the network so that anyone can lookup a reputation score of a public key using the DHT.
2. Votes which have been cast by nodes with higher reputation should be seen as more valuable, where as votes cast by nodes without reputation should be seen as less so.
3. On a regular interval a high-reputation node to establish connections with nodes, and subtract reputation if a message wasn't routed. (not all that unlike PoS elections)

Nodes gain reputation through good actions - and can quickly loose it for misbehaving, which is why judgement needs to be carried out by another trusted node on the network, but not the same node - a randomly elected node, which is similar to Ethereum's Proof of Stake election system.

If i am not mistaken the attacker wants to find as many legitimate floodfill routers out there to flood them with new requests which are then re-transmitted. I don't know how difficult it is to enumerate all floodfill routers. I suspect this is already happening, where a passive observer can collect them all. I'm not sure what we would gain by hiding them, or if hiding the list of routers is even possible.

Vulnerability
CWE-400
CVE-2021-36374
CVSS 3.3
low
JAVA-ORGAPACHEANT-5597835](https://app.snyk.io/vuln/SNYK-JAVA-ORGAPACHEANT-5597835)

Introduced through
org.apache.ant:[email protected]
Fixed in
org.apache.ant:[email protected], @1.10.11

After my initial setup on Windows went perfectly I set a username and password. I can no longer login with the combination I chose. How can I have this reset?

java -jar i2pinstall_0.9.22.jar -console prompts for info, is there a way, or can you add a way to actually install this without any prompting? Thanks.

I was wondering if possible to modify this condition inseted of ".i2p" make it accepting any/flexible ending is that possible or has been discussed before. for example I need to set my domain ppp.y is it possible not to use ppp.i2p ?

path: i2p.i2p\core\java\src\net\i2p\client\naming\EepGetAndAddNamingService.java
if (hostname.length() < 516 && hostname.endsWith(".i2p") && ! hostname.endsWith(".b32.i2p")) {

private static final boolean USE_SYSTEM_AES = hasAESNI() && CryptoCheck.isUnlimited();

private static final boolean CACHE = true;
private static final int CACHE_SIZE = 8;
private static final SecretKeySpec ZERO_KEY = new SecretKeySpec(new byte[32], "AES"); line 52

Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
‎core/java/src/net/i2p/crypto/CryptixAESEngine.java
Open this link in a new tab
2 steps in 1 file

Hardcoded Secret

} catch (NoSuchMethodError nsme) {
// JamVM, gij
try {
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");
SecretKeySpec key = new SecretKeySpec(new byte[32], "AES");
27 line

Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
[‎core/java/src/net/i2p/crypto/CryptoCheck.java]

private static final boolean USE_SYSTEM_AES = hasAESNI() && CryptoCheck.isUnlimited();

private static final boolean CACHE = true;
private static final int CACHE_SIZE = 8;
private static final SecretKeySpec ZERO_KEY = new SecretKeySpec(new byte[32], "AES");

line 53

Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
‎core/java/src/net/i2p/crypto/CryptixAESEngine.java

KeyFactory kf = KeyFactory.getInstance("RSA");
// private key is modulus (pubkey) + exponent
BigInteger[] nd = split(pk.getData());
// modulus exponent
KeySpec ks = new RSAPrivateKeySpec(nd[0], nd[1]);
line 513

Hardcoded value array {...} is used as a cipher key. Generate the value with a cryptographically strong random number generator such as java.security.SecureRandom instead.
[‎core/java/src/net/i2p/crypto/SigUtil.java]

Hi!

probably you have heard of Namecoin. Maybe there are ways for us to work together, e.g. make .bit resolve to i2p domains? You are always welcome to our forum.

Cheers,

phelix

Unsanitized input from data from a remote resource flows into setHeader and reaches an HTTP header returned to the user. This may allow a malicious input that contain CR/LF to split the http response into two responses and the second response to be controlled by the attacker. This may be used to mount a range of attacks such as cross-site scripting or cache poisoning.

router/java/src/org/cybergarage/upnp/Device.java#L485)

functions causing issues
ssdpRes.setST
ssdpReq.setUSN
ssdpReq.setNT
childDevice.announce
announce
device

########################################################
return null;
Node devNode = rootNode.getNode(Device.ELEM_NAME);
if (devNode == null)
return null;
return new Device(rootNode, devNode);
###################################################
Node devNode = getDeviceNode();
Node aux = null;
//
aux = devNode.getParentNode().getParentNode();
return new Device(aux);
######################################################
if (isRootDevice() == true) {
String devNT = getNotifyDeviceNT();
String devUSN = getNotifyDeviceUSN();
ssdpReq.setNT(devNT);
ssdpReq.setUSN(devUSN);
######################################################
ssdpReq.setUSN(devUSN);
ssdpSock.post(ssdpReq);

		String devUDN = getUDN();
		ssdpReq.setNT(devUDN);

#########################################################
ssdpSock.post(ssdpReq);

		String devUDN = getUDN();
		ssdpReq.setNT(devUDN);
		ssdpReq.setUSN(devUDN);

#############################################################
// uuid:device-UUID::urn:schemas-upnp-org:device:deviceType:v
String devNT = getNotifyDeviceTypeNT();
String devUSN = getNotifyDeviceTypeUSN();
ssdpReq.setNT(devNT);
#############################################################
ServiceList serviceList = getServiceList();
int serviceCnt = serviceList.size();
for (int n = 0; n < serviceCnt; n++) {
Service service = serviceList.getService(n);
service.announce(bindAddr);
#############################################################
DeviceList childDeviceList = getDeviceList();
int childDeviceCnt = childDeviceList.size();
for (int n = 0; n < childDeviceCnt; n++) {
Device childDevice = childDeviceList.getDevice(n);
childDevice.announce(bindAddr);
##############################################################
if (bindAddresses[j] == null || bindAddresses[j].length() == 0)
continue;
int ssdpCount = getSSDPAnnounceCount();
for (int i = 0; i < ssdpCount; i++)
announce(bindAddresses[j]);
##############################################################
// uuid:device-UUID(::upnp:rootdevice)*
if (isRootDevice() == true) {
String devNT = getNotifyDeviceNT();
String devUSN = getNotifyDeviceUSN();
ssdpReq.setNT(devNT);
###############################################################
if (isRootDevice() == true) {
String devNT = getNotifyDeviceNT();
String devUSN = getNotifyDeviceUSN();
ssdpReq.setNT(devNT);
ssdpReq.setUSN(devUSN);
################################################################
// uuid:device-UUID::urn:schemas-upnp-org:device:deviceType:v
String devNT = getNotifyDeviceTypeNT();
String devUSN = getNotifyDeviceTypeUSN();
ssdpReq.setNT(devNT);
#######################################################
// uuid:device-UUID::urn:schemas-upnp-org:device:deviceType:v
String devNT = getNotifyDeviceTypeNT();
String devUSN = getNotifyDeviceTypeUSN();
ssdpReq.setNT(devNT);
ssdpReq.setUSN(devUSN);
###############################################
SSDPSearchResponse ssdpRes = new SSDPSearchResponse();
ssdpRes.setLeaseTime(getLeaseTime());
ssdpRes.setDate(cal);
ssdpRes.setST(st);

The SHA-1 hash (used in java.security.MessageDigest.getInstance) is insecure. Consider changing it to a secure hash algorithm

boolean useBitzi = true;
    if (SystemVersion.isApache() ||            // Harmony
        SystemVersion.isGNU()) {               // JamVM or gij
        try {

128: MessageDigest.getInstance("SHA-1");

[‎core/java/src/net/i2p/crypto/SHA1.java

 */
public static MessageDigest getInstance() {
    if (!_useBitzi) {
        try {

65: return MessageDigest.getInstance("SHA-1");
[‎core/java/src/com/nettgryppa/security/HashCash.java

    throw new IllegalArgumentException("Resource may not contain a colon.");

HashCash result = new HashCash();

179: MessageDigest md = MessageDigest.getInstance("SHA1");

[‎core/java/src/com/nettgryppa/security/HashCash.java]

 *  @return 16 bytes, or null on error
 */
public static byte[] md5Sum(byte[] data) {
    try {

229: MessageDigest md = MessageDigest.getInstance("MD5");

[‎core/java/src/net/i2p/util/PasswordManager.java] core/java/src/net/i2p/util/PasswordManager.java#L229)

The MD5 hash (used in java.security.MessageDigest.getInstance) is insecure. Consider changing it to a secure hash algorithm

    // for backwards compatability.  next time we have a backwards
    // incompatible change, we should update this by removing ", 32"
    // SEE NOTES ABOVE
    try {

108: MessageDigest md = MessageDigest.getInstance("MD5");

/router/java/src/net/i2p/router/transport/udp/SSUHMACGenerator.java#L108)

	s.append(ipInt);
	s.append('+');
	s.append(inetSalt);
	MessageDigest md;

95: md = MessageDigest.getInstance("SHA1");

apps/imagegen/identicon/core/src/main/java/com/docuverse/identicon/IdenticonUtil.java#L95)

line #22
// a NoSuchAlgorithmException
} catch (NoSuchMethodError nsme) {
// JamVM, gij
try {
Cipher cipher = Cipher.getInstance("AES/CBC/NoPadding");

The CBC mode used in javax.crypto.Cipher.getInstance does not provide integrity. Consided using Galois/Counter Mode.
[‎core/java/src/net/i2p/crypto/CryptoCheck.java]

line 272
private Cipher acquire() {
Cipher rv = _ciphers.poll();
if (rv == null) {
try {
rv = Cipher.getInstance("AES/CBC/NoPadding");

The CBC mode used in javax.crypto.Cipher.getInstance does not provide integrity. Consided using Galois/Counter Mode.
[‎core/java/src/net/i2p/crypto/CryptixAESEngine.java]

Using debian bullseye I installed i2p using the package manager and it was working fine at first. Could access clearnet and i2p sites all I had to do was set my proxy settings to 127.0.0.1 and port 4444 and it worked. Now I am doing exactly the same thing (haven't changed a thing on the computer) but now I can't access either clearnet or i2p websites. Either proxy refused connection or website timeouts on clearnet websites.

It's so annoying when you install a program and it works fine. Then you start it up again after changing absolutely nothing and yet it refuses to work properly. Not sure what's causing it to not work but assuming a bug considering it was working then suddenly stopped and I can still access configuration page etc. and all settings are correct. i2prouter status reports everything running as normal.

Greetings and thank you for your great work!

I have to report that I ran into issues with Docker and docker-compose lately, and I hope I‘m in the right spot here to address what I found.

So when updating today after some weeks of operation, my whole setup basically died. As I found out, the reason is that I‘m told e.g. here to mount my config to /i2p/.i2p, but now everything sits directly in /i2p inside the container. So I ended up with an ignored folder where my config etc. sits and stuff like router.config is duplicated in i2p but only contains very brief defaults, so nothing works.

Pinning the image in my docker-compose.yaml like so does the trick for now: image: geti2p/i2p:i2p-i2p-2.1.0 This way though, I‘m cut off from updates etc., so I‘d rather know how I‘m supposed to mount my config etc. into the container - over time, my .i2p folder accumulated some stuff and mounting every file manually into the container doesn‘t seem feasible to me.

Again, thanks for the effort of maintaining this for already two decades, and regards!

Overview

Hello, I'm attempting to work with encrypted leasesets using rust, and am having difficulties calculating the encrypted/blinded destination address. Any attempt at using the derived b33 addresses results in a lookup error being returned:

Corrupt b32 address (or unsupported options)

Implementation

So far this is the function I have written modified from the java implementation

pub fn b33_address(
  public_key_data: &[u8], 
  public_key_type: u8,
  require_secret: bool, 
  client_auth: bool
) -> Option<String> {
    if public_key_type != 7 && public_key_type != 11 {
      return None;
    }
    let mut data_vec = Vec::with_capacity(public_key_data.len()+3);
    data_vec.extend_from_slice(&[0, 0, 0]);
    data_vec.extend_from_slice(public_key_data);
    let summer: Crc<u32> = Crc::<u32>::new(&crc::CRC_32_CKSUM);
    let chk_sum = summer.checksum(&data_vec[3..]);
    if require_secret {
      data_vec[0] = 0x02;
    }
    if client_auth {
      data_vec[0] |= 0x04;
    }
    data_vec[1] = (public_key_type & 0xff) as u8;
    data_vec[2] = (11 & 0xff) as u8;
    data_vec[0] ^= chk_sum as u8;
    data_vec[1] ^= (chk_sum >> 8) as u8;
    data_vec[2] ^= (chk_sum >> 16) as u8;
    Some(format!("{}.b32.i2p", BASE32_I2P.encode(&data_vec)))
}

And here is how I'm testing:

    let pub_key = "3eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbQ=".to_string();
    let pub_key = BASE64_I2P.decode(pub_key.as_bytes()).unwrap();
    let addr =b33_address(&pub_key[..],7, true, true).unwrap();
    println!("{}", addr);

Note that to generate the base64 string stored in the variable pub_key, I'm using the i2p-rs library, and running the following from

	let (pubkey, seckey) = {
		let mut sam_conn = SamConnection::connect(DEFAULT_API).unwrap();
		sam_conn
			.generate_destination(SignatureType::EdDsaSha512Ed25519)
			.unwrap()
	};
	let decoded = BASE64_I2P.decode(pubkey.as_bytes()).unwrap();
        // the output of this is stored in the `pub_key` variable
	println!("public key {}", BASE64_I2P.encode(&decoded[0..32]));

The result of the test is the following "b33" address m7nz7xpbohymusevu4lic3jmukc62ykf5r322vvfxgtwnrzirazadfnu.b32.i2p however when attempting to navigate to that address using my web browser, I receive the following error message

Corrupt b32 address (or unsupported options)

Key Material

I've included the following keys generated via the SAM api, using sig type 7 (EdDSA_SHA512_Ed25519)

Public Key:

3eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN3hcfDKSJWnFoFtLKKF7WFF7HetVqW5p2bHKIgyAZW03eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN3hcfDKSJWnFoFtLKKF7WFF7HetVqW5p2bHKIgyAZW03eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN3hcfDKSJWnFoFtLKKF7WFF7HetVqW5p2bHKIgyAZW03eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN~I24i13ln4SUng99dgTQX33scumIuRGu38WuL80hc3BQAEAAcAAA==

Secret Key:

3eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN3hcfDKSJWnFoFtLKKF7WFF7HetVqW5p2bHKIgyAZW03eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN3hcfDKSJWnFoFtLKKF7WFF7HetVqW5p2bHKIgyAZW03eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN3hcfDKSJWnFoFtLKKF7WFF7HetVqW5p2bHKIgyAZW03eFx8MpIlacWgW0sooXtYUXsd61WpbmnZscoiDIBlbTd4XHwykiVpxaBbSyihe1hRex3rValuadmxyiIMgGVtN~I24i13ln4SUng99dgTQX33scumIuRGu38WuL80hc3BQAEAAcAAMTRtED335Fs3UCsTmT65U~tnkqMzcfGprDZ6UDKCFp~LPWL73lcud9JTpSk2JIRbskxFLKziPwTi-O2rC4nsjDDxLsHowR--R1bloIjn73S7T-Wcy2FCbZgsi~O~vhKEZohlnCI46GwgNJVwRHr0AvBfe4VrZFfF-ti73alo0Jv3m-C15vReuwS15JW1DN2mFI6FqB4bru0wIqi359JprVgTSrViIdNAmLpVtaoLuCAt-iT6Uhr2F6xncw~yz1UFmqpRQqszUTk09vluEKeWZomc9v7sPUvpCjQKoahD2pP7svlxuAXIDGGrTpNg3U~7vrp1eFXt1y6FzrRI6HzgnVfbU5EIqQTI~FqdQAr9uVV5590LzJfSShF32I83oMWDQ==

On startup, I get the following error:

Starting I2P 2.3.0-4
OpenJDK 64-Bit Server VM warning: You have loaded library /tmp/i2p-DBusBrQL.tmp/libjbigi.so which might have disabled stack guard. The VM will try to fix the stack guard now.
It's highly recommended that you fix the library with 'execstack -c <libfile>', or link it with '-z noexecstack'.

I am running image geti2p/i2p:latest.

Latest version of i2p installed from the debian repository. Connecting to i2p websites gives connection reset error, connecting to clearnet gives connection refused error.

Any chance of this software ever working properly or shall I just forget about it.

Not that it's too difficult to connect an existing IRC client to the Irc2P network, but I think it would be nice to have an icon on the homepage for easy access.

I'm not really a web developer, but it seems like all you'd need to do is include a javascript IRC client configured to point to localhost:6668. Freenode's webchat does this using qwebirc (https://webchat.freenode.net/).

If we think this would be useful/feasible, I could have a go at implementing this myself.

Dear @i2p team,

Here at right: https://github.com/i2p/i2p.i2p

Releases 2
i2p-0.9.15 Latest
on Sep 21, 2014
+ 1 release

Can you clean this part (remove releases) because it is not up-to-date and very old:

• https://github.com/i2p/i2p.i2p/releases

Here it is up-to-date:

• https://github.com/i2p/i2p.i2p/tags

Thanks in advance.

The latest Docker image running 2.3.0-1 is unable to connect to most sites. Planet I2P works fine, but many others, such as notbob and the I2P forum, present an error screen that says "The website was not reachable, because it uses encryption options that are not supported by your I2P or Java version."

It was working under 2.2.0. Because I upgraded I also tested with a fresh config and still get the same error.

*/
public static KeyStore createKeyStore(File ksFile, String password)
throws GeneralSecurityException, IOException {
boolean exists = ksFile != null && ksFile.exists();
char[] pwchars = password != null ? password.toCharArray() : null;

Do not hardcode passwords in code. Found hardcoded password used in
core/java/src/net/i2p/crypto/KeyStoreUtil.java#L155)

following lines 155,170,204,223,245,251,258,1021,1050,1152,1184,1209,1443,

DEFAULT_KEYSTORE_PASSWORD.toCharArray());

password.toCharArray() :

ksPW.toCharArray()

apps/i2pcontrol/java/net/i2p/i2pcontrol/security/SecurityManager.java#L43)

``` **
 * Manage the password storing for I2PControl.
 */
public class SecurityManager {
    public final static String DEFAULT_AUTH_PASSWORD = "itoopie";

    return digestHexCache;
}

public boolean digestEquals(byte[] otherDigest) {
    return Arrays.equals(digest, otherDigest);

An attacker can guess the secret value of digest because it is compared using java.util.Arrays.equals, which is vulnerable to timing attacks. Use java.security.MessageDigest.isEqual to compare values securely.
line:154
/core/java/src/org/minidns/record/DelegatingDnssecRR.java#L154)

Open Redirect

url = url.substring(0, qq);
buf.append(url);
if (q != null && q.length() > 0)
buf.append(q.replace("&", "&")); // no you don't html escape the redirect header
resp.setHeader("Location", buf.toString());
line # 2480

[‎apps/susimail/src/src/i2p/susi/webmail/WebMail.java]
Open this link in a new tab

   url = url.substring(0, url.length() - 5);
    buf.append(url);
    if (p.length() > 0)
        buf.append(p.replace("&", "&"));  // no you don't html escape the redirect header
    resp.setHeader("Location", buf.toString());

line 1617

Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
[‎apps/i2psnark/java/src/org/klomp/snark/web/I2PSnarkServlet.java]

Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
[‎apps/routerconsole/jsp/index.jsp:50]

Unsanitized input from the request URL flows into setHeader, where it is used as an URL to redirect the user. This may result in an Open Redirect vulnerability.
[‎apps/routerconsole/java/src/net/i2p/router/web/HostCheckHandler.java:193]

private static final String PROP_LS_SPK = "i2cp.leaseSetSigningPrivateKey";
// LS 2
public static final String PROP_LS_TYPE = "i2cp.leaseSetType";
private static final String PROP_LS_ENCTYPE = "i2cp.leaseSetEncType";
private static final String PROP_SECRET = "i2cp.leaseSetSecret";

line:70
Avoid hardcoding values that are meant to be secret. Found hardcoded secret.

core/java/src/net/i2p/client/impl/RequestLeaseSetMessageHandler.java#L70)