* Key certs:

- Hide setting in i2ptunnel edit pages unless advanced user
  - Only store LS with key certs to routers that support it

apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/EditBean.java

@@ -351,6 +351,11 @@ public class EditBean extends IndexBean {
         return Addresses.getAllAddresses();
     }
 
+    /** @since 0.9.11 */
+    public boolean isAdvanced() {
+        return _context.getBooleanProperty("routerconsole.advanced");
+    }
+
     public String getI2CPHost(int tunnel) {
         if (_context.isRouterContext())
             return _("internal");

apps/i2ptunnel/jsp/editClient.jsp

@@ -434,6 +434,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
             </div>
          <% } %>
            
+         <% if (editBean.isAdvanced()) { %>
             <div id="tunnelOptionsField" class="rowItem">
                 <label>
                     <%=intl._("Signature type")%>
@@ -462,6 +463,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
             <div class="subdivider">
                 <hr />
             </div>
+         <% } // isAdvanced %>>
 
          <% if ("httpclient".equals(tunnelType) || "connectclient".equals(tunnelType) || "sockstunnel".equals(tunnelType) || "socksirctunnel".equals(tunnelType)) { %>
             <div id="accessField" class="rowItem">

apps/i2ptunnel/jsp/editServer.jsp

@@ -536,6 +536,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
             </div>
 <% **********************/ %>
 
+         <% if (editBean.isAdvanced()) { %>
             <div id="tunnelOptionsField" class="rowItem">
                 <label>
                     <%=intl._("Signature type")%>
@@ -564,6 +565,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
             <div class="subdivider">
                 <hr />
             </div>
+         <% } // isAdvanced %>>
                  
             <div id="customOptionsField" class="rowItem">
                 <label for="customOptions" accesskey="u">

router/java/src/net/i2p/router/networkdb/kademlia/StoreJob.java

@@ -12,8 +12,10 @@ import java.util.ArrayList;
 import java.util.List;
 import java.util.Set;
 
+import net.i2p.data.Certificate;
 import net.i2p.data.DatabaseEntry;
 import net.i2p.data.Hash;
+import net.i2p.data.LeaseSet;
 import net.i2p.data.RouterInfo;
 import net.i2p.data.TunnelId;
 import net.i2p.data.i2np.DatabaseStoreMessage;
@@ -163,6 +165,12 @@ class StoreJob extends JobImpl {
                     if (_log.shouldLog(Log.INFO))
                         _log.info(getJobId() + ": Error selecting closest hash that wasnt a router! " + peer + " : " + ds);
                     _state.addSkipped(peer);
+                } else if (_state.getData().getType() == DatabaseEntry.KEY_TYPE_LEASESET &&
+                           ((LeaseSet)_state.getData()).getDestination().getCertificate().getCertificateType() == Certificate.CERTIFICATE_TYPE_KEY &&
+                           !supportsKeyCerts((RouterInfo)ds)) {
+                    if (_log.shouldLog(Log.INFO))
+                        _log.info(getJobId() + ": Skipping router that doesn't support key certs " + peer + " : " + ds);
+                    _state.addSkipped(peer);
                 } else {
                     int peerTimeout = _facade.getPeerTimeout(peer);
 
@@ -487,6 +495,19 @@ class StoreJob extends JobImpl {
         return VersionComparator.comp(v, MIN_ENCRYPTION_VERSION) >= 0;
     }
 
+    private static final String MIN_KEYCERT_VERSION = "0.9.11";
+
+    /**
+     * Does he support key certs (assumed with a non-DSA key)?
+     * @since 0.9.11
+     */
+    private static boolean supportsKeyCerts(RouterInfo ri) {
+        String v = ri.getOption("router.version");
+        if (v == null)
+            return false;
+        return VersionComparator.comp(v, MIN_KEYCERT_VERSION) >= 0;
+    }
+
     /**
      * Called after sending a dbStore to a peer successfully, 
      * marking the store as successful