echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

SSL Wizard: Change cert type, export cert, show in cert helper,

Browse Source 
relay keystore password via POST
This commit is contained in:
zzz
2018-04-29 15:46:30 +00:00
parent 4d09e507fb
commit cdd58f168a
3 changed files with 81 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

62
apps/i2ptunnel/jsp/ssl.jsp
View File

@ -9,7 +9,7 @@
response.setHeader("Accept-Ranges", "none"); response.setHeader("Accept-Ranges", "none");
%><%@page pageEncoding="UTF-8" %><%@page pageEncoding="UTF-8"
%><%@page contentType="text/html" import="java.io.File,net.i2p.crypto.KeyStoreUtil,net.i2p.data.DataHelper,net.i2p.jetty.JettyXmlConfigurationParser" %><%@page contentType="text/html" import="java.io.File,java.io.IOException,net.i2p.crypto.KeyStoreUtil,net.i2p.data.DataHelper,net.i2p.jetty.JettyXmlConfigurationParser"
%><%@page %><%@page
%><?xml version="1.0" encoding="UTF-8"?> %><?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
@ -105,6 +105,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
if (action != null) { if (action != null) {
String nonce = request.getParameter("nonce"); String nonce = request.getParameter("nonce");
String newpw = request.getParameter("nofilter_keyPassword"); String newpw = request.getParameter("nofilter_keyPassword");
String kspw = request.getParameter("nofilter_obfKeyStorePassword");
String appNum = request.getParameter("clientAppNumber"); String appNum = request.getParameter("clientAppNumber");
String ksPath = request.getParameter("nofilter_ksPath"); String ksPath = request.getParameter("nofilter_ksPath");
String jettySSLConfigPath = request.getParameter("nofilter_jettySSLFile"); String jettySSLConfigPath = request.getParameter("nofilter_jettySSLFile");
@ -113,6 +114,11 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
if (newpw.length() <= 0) if (newpw.length() <= 0)
newpw = null; newpw = null;
} }
if (kspw != null) {
kspw = JettyXmlConfigurationParser.deobfuscate(kspw);
} else {
kspw = net.i2p.crypto.KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD;
}
if (!editBean.haveNonce(nonce)) { if (!editBean.haveNonce(nonce)) {
out.println(intl._t("Invalid form submission, probably because you used the 'back' or 'reload' button on your browser. Please resubmit.") out.println(intl._t("Invalid form submission, probably because you used the 'back' or 'reload' button on your browser. Please resubmit.")
+ ' ' + + ' ' +
@ -139,19 +145,42 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
if (altb32 != null && altb32.length() > 0) if (altb32 != null && altb32.length() > 0)
altNames.add(altb32); altNames.add(altb32);
File ks = new File(ksPath); File ks = new File(ksPath);
ok = net.i2p.crypto.KeyStoreUtil.createKeys(ks, "eepsite", name, altNames, b32, newpw); try {
if (ok) { Object[] rv = net.i2p.crypto.KeyStoreUtil.createKeysAndCRL(ks, kspw, "eepsite", name, altNames, b32,
out.println("Created selfsigned cert"); 3652, "EC", 256, newpw);
out.println("Created selfsigned cert");
// save cert
java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) rv[2];
File f = new net.i2p.util.SecureFile(ctx.getConfigDir(), "certificates");
if (!f.exists())
f.mkdir();
f = new net.i2p.util.SecureFile(f, "eepsite");
if (!f.exists())
f.mkdir();
f = new net.i2p.util.SecureFile(f, b32 + ".crt");
if (f.exists()) {
File fb = new File(f.getParentFile(), b32 + ".crt-" + System.currentTimeMillis() + ".bkup");
net.i2p.util.FileUtil.copy(f, fb, false, true);
}
ok = net.i2p.crypto.CertUtil.saveCert(cert, f);
out.println("selfsigned cert stored");
} catch (IOException ioe) {
ioe.printStackTrace();
ok = false;
} catch (java.security.GeneralSecurityException gse) {
gse.printStackTrace();
ok = false;
} }
// rewrite jetty-ssl.xml // rewrite jetty-ssl.xml
if (ok) { if (ok) {
String obf = JettyXmlConfigurationParser.obfuscate(newpw); String obf = JettyXmlConfigurationParser.obfuscate(newpw);
String obfkspw = JettyXmlConfigurationParser.obfuscate(kspw);
File f = new File(jettySSLConfigPath); File f = new File(jettySSLConfigPath);
try { try {
org.eclipse.jetty.xml.XmlParser.Node root; org.eclipse.jetty.xml.XmlParser.Node root;
root = net.i2p.jetty.JettyXmlConfigurationParser.parse(f); root = JettyXmlConfigurationParser.parse(f);
//JettyXmlConfigurationParser.setValue(root, "KeyStorePassword", ...); JettyXmlConfigurationParser.setValue(root, "KeyStorePassword", obfkspw);
JettyXmlConfigurationParser.setValue(root, "KeyManagerPassword", obf); JettyXmlConfigurationParser.setValue(root, "KeyManagerPassword", obf);
JettyXmlConfigurationParser.setValue(root, "TrustStorePassword", obf); JettyXmlConfigurationParser.setValue(root, "TrustStorePassword", obf);
File fb = new File(jettySSLConfigPath + ".bkup"); File fb = new File(jettySSLConfigPath + ".bkup");
@ -165,11 +194,11 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
w.write("<!-- Modified by SSL Wizard -->\n"); w.write("<!-- Modified by SSL Wizard -->\n");
JettyXmlConfigurationParser.write(root, w); JettyXmlConfigurationParser.write(root, w);
out.println("Jetty configuration updated"); out.println("Jetty configuration updated");
} catch (java.io.IOException ioe) { } catch (IOException ioe) {
ioe.printStackTrace(); ioe.printStackTrace();
ok = false; ok = false;
} finally { } finally {
if (w != null) try { w.close(); } catch (java.io.IOException ioe2) {} if (w != null) try { w.close(); } catch (IOException ioe2) {}
} }
} }
} catch (org.xml.sax.SAXException saxe) { } catch (org.xml.sax.SAXException saxe) {
@ -196,7 +225,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
DataHelper.storeProps(p, f); DataHelper.storeProps(p, f);
out.println("Jetty SSL enabled"); out.println("Jetty SSL enabled");
} }
} catch (java.io.IOException ioe) { } catch (IOException ioe) {
ioe.printStackTrace(); ioe.printStackTrace();
ok = false; ok = false;
} }
@ -410,7 +439,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
if (jettyFile != null && jettyFile.exists()) { if (jettyFile != null && jettyFile.exists()) {
try { try {
org.eclipse.jetty.xml.XmlParser.Node root; org.eclipse.jetty.xml.XmlParser.Node root;
root = net.i2p.jetty.JettyXmlConfigurationParser.parse(jettyFile); root = JettyXmlConfigurationParser.parse(jettyFile);
host = JettyXmlConfigurationParser.getValue(root, "host"); host = JettyXmlConfigurationParser.getValue(root, "host");
port = JettyXmlConfigurationParser.getValue(root, "port"); port = JettyXmlConfigurationParser.getValue(root, "port");
} catch (org.xml.sax.SAXException saxe) { } catch (org.xml.sax.SAXException saxe) {
@ -421,7 +450,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
if (jettySSLFile.exists()) { if (jettySSLFile.exists()) {
try { try {
org.eclipse.jetty.xml.XmlParser.Node root; org.eclipse.jetty.xml.XmlParser.Node root;
root = net.i2p.jetty.JettyXmlConfigurationParser.parse(jettySSLFile); root = JettyXmlConfigurationParser.parse(jettySSLFile);
ksPW = JettyXmlConfigurationParser.getValue(root, "KeyStorePassword"); ksPW = JettyXmlConfigurationParser.getValue(root, "KeyStorePassword");
kmPW = JettyXmlConfigurationParser.getValue(root, "KeyManagerPassword"); kmPW = JettyXmlConfigurationParser.getValue(root, "KeyManagerPassword");
tsPW = JettyXmlConfigurationParser.getValue(root, "TrustStorePassword"); tsPW = JettyXmlConfigurationParser.getValue(root, "TrustStorePassword");
@ -503,6 +532,15 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
<input type="hidden" name="nofilter_ksPath" value="<%=ksPath%>" /> <input type="hidden" name="nofilter_ksPath" value="<%=ksPath%>" />
<input type="hidden" name="nofilter_jettySSLFile" value="<%=jettySSLFile%>" /> <input type="hidden" name="nofilter_jettySSLFile" value="<%=jettySSLFile%>" />
<input type="password" name="nofilter_keyPassword" title="<%=intl._t("Set password required to access this service")%>" value="" class="freetext password" /> <input type="password" name="nofilter_keyPassword" title="<%=intl._t("Set password required to access this service")%>" value="" class="freetext password" />
<%
if (ksPW != null) {
if (!ksPW.startsWith("OBF:"))
ksPW = JettyXmlConfigurationParser.obfuscate(ksPW);
%>
<input type="hidden" name="nofilter_obfKeyStorePassword" value="<%=ksPW%>" />
<%
}
%>
</td></tr> </td></tr>
<tr><td class="buttons" colspan="7"> <tr><td class="buttons" colspan="7">
<button id="controlSave" class="control" type="submit" name="action" value="Generate"><%=intl._t("Generate certificate")%></button> <button id="controlSave" class="control" type="submit" name="action" value="Generate"><%=intl._t("Generate certificate")%></button>
@ -510,7 +548,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; }
<% <%
} // canConfigure } // canConfigure
} // for client } // for client
} catch (java.io.IOException ioe) { ioe.printStackTrace(); } } catch (IOException ioe) { ioe.printStackTrace(); }
%> %>
<tr><td colspan="4"> <tr><td colspan="4">
<div class="displayText" tabindex="0" title="<%=intl._t("yyy")%>"></div> <div class="displayText" tabindex="0" title="<%=intl._t("yyy")%>"></div>

12
apps/jetty/java/src/net/i2p/jetty/JettyXmlConfigurationParser.java
View File

@ -189,6 +189,18 @@ public class JettyXmlConfigurationParser
* @return a string starting with "OBF:" * @return a string starting with "OBF:"
*/ */
public static String obfuscate(String s) { public static String obfuscate(String s) {
if (s.startsWith("OBF:"))
return s;
return Password.obfuscate(s); return Password.obfuscate(s);
} }
/**
* De-Obfuscate a password from the XML
* @param s a string starting with "OBF:"
*/
public static String deobfuscate(String s) {
if (!s.startsWith("OBF:"))
return s;
return Password.deobfuscate(s);
}
} }

36
apps/routerconsole/java/src/net/i2p/router/web/helpers/CertHelper.java
View File

@ -22,7 +22,7 @@ public class CertHelper extends HelperBase {
private static final String CONSOLE = "console/console.local.crt"; private static final String CONSOLE = "console/console.local.crt";
private static final String I2PTUNNEL_DIR = "i2ptunnel"; private static final String I2PTUNNEL_DIR = "i2ptunnel";
private static final String SAM_DIR = "sam"; private static final String SAM_DIR = "sam";
private static final String EEPSITE = "eepsite/etc/keystore.ks"; private static final String EEPSITE_DIR = "eepsite";
public String getSummary() { public String getSummary() {
File dir = new File(_context.getConfigDir(), DIR); File dir = new File(_context.getConfigDir(), DIR);
@ -31,9 +31,9 @@ public class CertHelper extends HelperBase {
_out.write(_t("Local SSL Certificates")); _out.write(_t("Local SSL Certificates"));
_out.write("</h3>\n"); _out.write("</h3>\n");
// console // console
output("Console", new File(dir, CONSOLE)); output(_t("Router Console"), new File(dir, CONSOLE));
// I2CP // I2CP
output("I2CP", new File(dir, I2CP)); output(_t("I2CP"), new File(dir, I2CP));
// i2ptunnel clients // i2ptunnel clients
File tunnelDir = new File(_context.getConfigDir(), I2PTUNNEL_DIR); File tunnelDir = new File(_context.getConfigDir(), I2PTUNNEL_DIR);
@ -58,13 +58,28 @@ public class CertHelper extends HelperBase {
if (tunnels != null) { if (tunnels != null) {
for (int i = 0; i < tunnels.length; i++) { for (int i = 0; i < tunnels.length; i++) {
File f = tunnels[i]; File f = tunnels[i];
output("SAM", f); output(_t("SAM"), f);
hasTunnels = true; hasTunnels = true;
} }
} }
if (!hasTunnels) if (!hasTunnels)
output(_t("SAM"), null); output(_t("SAM"), null);
// Eepsite
tunnelDir = new File(dir, EEPSITE_DIR);
hasTunnels = false;
tunnels = tunnelDir.listFiles(new FileSuffixFilter(".crt"));
if (tunnels != null) {
for (int i = 0; i < tunnels.length; i++) {
File f = tunnels[i];
String name = f.getName();
output(_t("Website") + ' ' + name.substring(0, name.length() - 4), f);
hasTunnels = true;
}
}
if (!hasTunnels)
output(_t("Website"), null);
// Family // Family
_out.write("<h3>"); _out.write("<h3>");
_out.write(_t("Local Router Family Certificate")); _out.write(_t("Local Router Family Certificate"));
@ -80,19 +95,6 @@ public class CertHelper extends HelperBase {
_out.write("</p>\n"); _out.write("</p>\n");
} }
// Eepsite
_out.write("<h3>");
_out.write(_t("Website"));
_out.write("</h3>\n");
File ks = new File(_context.getConfigDir(), EEPSITE);
if (ks.exists()) {
// TODO
} else {
_out.write("<p>");
_out.write(_t("none"));
_out.write("</p>\n");
}
// anything else? plugins? // anything else? plugins?
} catch (IOException ioe) { } catch (IOException ioe) {