[tor-commits] [doctor/master] Check fingerprints of relays running on authority IPs/dir ports.

karsten at torproject.org karsten at torproject.org
Sat Sep 29 16:44:19 UTC 2012 

commit 97e32b9028abed44c2bd2faf6853cba268956a16
Author: Karsten Loesing <karsten.loesing at gmx.net>
Date:   Sat Sep 29 12:43:59 2012 -0400

    Check fingerprints of relays running on authority IPs/dir ports.
---
 src/org/torproject/doctor/Checker.java          |   45 +++++++++++++++++++++++
 src/org/torproject/doctor/StatusFileReport.java |    7 ++++
 src/org/torproject/doctor/Warning.java          |    7 +++-
 3 files changed, 58 insertions(+), 1 deletions(-)

diff --git a/src/org/torproject/doctor/Checker.java b/src/org/torproject/doctor/Checker.java
index d5d8c94..564195d 100644
--- a/src/org/torproject/doctor/Checker.java
+++ b/src/org/torproject/doctor/Checker.java
@@ -44,6 +44,7 @@ public class Checker {
         this.checkMissingVotes();
         this.checkBandwidthScanners();
         this.checkMissingAuthorities();
+        this.checkAuthorityRelayIdentityKeys();
       }
     } else {
       this.warnings.put(Warning.NoConsensusKnown, new TreeSet<String>());
@@ -427,5 +428,49 @@ public class Checker {
       this.warnings.put(Warning.MissingAuthorities, missingAuthorities);
     }
   }
+
+  /* Check if there are any relays running on the IP addresses and dir
+   * ports of the authorities using a different relay identity key than
+   * expected. */
+  private void checkAuthorityRelayIdentityKeys() {
+    SortedMap<String, String> expectedFingerprints =
+        new TreeMap<String, String>();
+    expectedFingerprints.put("212.112.245.170:80",
+        "f2044413dac2e02e3d6bcf4735a19bca1de97281,gabelmoo");
+    expectedFingerprints.put("86.59.21.38:80",
+        "847b1f850344d7876491a54892f904934e4eb85d,tor26");
+    expectedFingerprints.put("76.73.17.194:9030",
+        "f397038adc51336135e7b80bd99ca3844360292b,turtles");
+    expectedFingerprints.put("171.25.193.9:443",
+        "bd6a829255cb08e66fbe7d3748363586e46b3810,maatuska");
+    expectedFingerprints.put("193.23.244.244:80",
+        "7be683e65d48141321c5ed92f075c55364ac7123,dannenberg");
+    expectedFingerprints.put("208.83.223.34:443",
+        "0ad3fa884d18f89eea2d89c019379e0e7fd94417,urras");
+    expectedFingerprints.put("128.31.0.34:9131",
+        "9695dfc35ffeb861329b9f1ab04c46397020ce31,moria1");
+    expectedFingerprints.put("194.109.206.212:80",
+        "7ea6ead6fd83083c538f44038bbfa077587dd755,dizum");
+    expectedFingerprints.put("154.35.32.5:80",
+        "cf6d0aafb385be71b8e111fc5cff4b47923733bc,faravahar");
+    expectedFingerprints.put("82.94.251.203:80",
+        "4a0ccd2ddc7995083d73f5d667100c8a5831f16d,Tonga");
+    SortedSet<String> unexpectedFingerprints = new TreeSet<String>();
+    for (NetworkStatusEntry entry :
+        this.downloadedConsensus.getStatusEntries().values()) {
+      if (expectedFingerprints.containsKey(entry.getAddress() + ":"
+            + entry.getDirPort())) {
+        String[] expectedValues = expectedFingerprints.get(
+            entry.getAddress() + ":" + entry.getDirPort()).split(",");
+        if (!entry.getFingerprint().equalsIgnoreCase(expectedValues[0])) {
+          unexpectedFingerprints.add(expectedValues[1]);
+        }
+      }
+    }
+    if (!unexpectedFingerprints.isEmpty()) {
+      this.warnings.put(Warning.UnexpectedFingerprints,
+          unexpectedFingerprints);
+    }
+  }
 }
 
diff --git a/src/org/torproject/doctor/StatusFileReport.java b/src/org/torproject/doctor/StatusFileReport.java
index 107b435..7ea29bb 100644
--- a/src/org/torproject/doctor/StatusFileReport.java
+++ b/src/org/torproject/doctor/StatusFileReport.java
@@ -167,6 +167,13 @@ public class StatusFileReport {
           warningStrings.put("WARNING: The following authorities are "
               + "missing from the consensus: " + detailsString,
               150L * 60L * 1000L);
+          break;
+        case UnexpectedFingerprints:
+          warningStrings.put("ERROR: The following relays running on the "
+              + "IP address and dir port of authorities are using "
+              + "different relay identity keys than expected: "
+              + detailsString, 150L * 60L * 1000L);
+          break;
       }
     }
     long now = System.currentTimeMillis();
diff --git a/src/org/torproject/doctor/Warning.java b/src/org/torproject/doctor/Warning.java
index 8194425..2fe87f0 100644
--- a/src/org/torproject/doctor/Warning.java
+++ b/src/org/torproject/doctor/Warning.java
@@ -65,6 +65,11 @@ public enum Warning {
   ConsensusMissingSignatures,
 
   /* One or more authorities are missing in the consensus. */
-  MissingAuthorities
+  MissingAuthorities,
+
+  /* One or more relays running on the IP addresses and dir ports of the
+   * authorities are using a different relay identity key than
+   * expected. */
+  UnexpectedFingerprints
 }

More information about the tor-commits mailing list