echelon/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Deduplicate the default Java Keystore password

Browse Source
This commit is contained in:
str4d
2017-12-07 14:31:28 +00:00
parent f9eaf412b7
commit ff911e37c4
5 changed files with 15 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/SSLClientUtil.java
View File

@ -25,7 +25,6 @@ import net.i2p.util.SecureDirectory;
public class SSLClientUtil {
private static final String PROP_KEYSTORE_PASSWORD = "keystorePassword";
private static final String DEFAULT_KEYSTORE_PASSWORD = "changeit";
private static final String PROP_KEY_PASSWORD = "keyPassword";
private static final String PROP_KEY_ALIAS = "keyAlias";
private static final String ASCII_KEYFILE_SUFFIX = ".local.crt";
@ -111,7 +110,7 @@ public class SSLClientUtil {
if (success) {
success = ks.exists();
if (success) {
opts.setProperty(optPfx + PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
opts.setProperty(optPfx + PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
opts.setProperty(optPfx + PROP_KEY_PASSWORD, keyPassword);
}
}
@ -139,7 +138,7 @@ public class SSLClientUtil {
File sdir = new SecureDirectory(I2PAppContext.getGlobalContext().getConfigDir(), CERT_DIR);
if (sdir.exists() || sdir.mkdirs()) {
String keyAlias = opts.getProperty(optPfx + PROP_KEY_ALIAS);
String ksPass = opts.getProperty(optPfx + PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
String ksPass = opts.getProperty(optPfx + PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
File out = new File(sdir, PREFIX + name + ASCII_KEYFILE_SUFFIX);
boolean success = KeyStoreUtil.exportCert(ks, ksPass, keyAlias, out);
if (!success)
@ -157,7 +156,7 @@ public class SSLClientUtil {
* @return factory, throws on all errors
*/
public static SSLServerSocketFactory initializeFactory(Properties opts) throws IOException {
String ksPass = opts.getProperty(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
String ksPass = opts.getProperty(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
String keyPass = opts.getProperty(PROP_KEY_PASSWORD);
if (keyPass == null) {
throw new IOException("No key password, set " + PROP_KEY_PASSWORD + " in " +

7
apps/routerconsole/java/src/net/i2p/router/web/RouterConsoleRunner.java
View File

@ -126,7 +126,6 @@ public class RouterConsoleRunner implements RouterApp {
public static final String PREFIX = "webapps.";
public static final String ENABLED = ".startOnLoad";
private static final String PROP_KEYSTORE_PASSWORD = "routerconsole.keystorePassword";
private static final String DEFAULT_KEYSTORE_PASSWORD = "changeit";
private static final String PROP_KEY_PASSWORD = "routerconsole.keyPassword";
public static final int DEFAULT_LISTEN_PORT = 7657;
private static final String DEFAULT_LISTEN_HOST = "127.0.0.1";
@ -578,7 +577,7 @@ public class RouterConsoleRunner implements RouterApp {
if (verifyKeyStore(keyStore)) {
// the keystore path and password
SslContextFactory sslFactory = new SslContextFactory(keyStore.getAbsolutePath());
sslFactory.setKeyStorePassword(_context.getProperty(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD));
sslFactory.setKeyStorePassword(_context.getProperty(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD));
// the X.509 cert password (if not present, verifyKeyStore() returned false)
sslFactory.setKeyManagerPassword(_context.getProperty(PROP_KEY_PASSWORD, "thisWontWork"));
sslFactory.addExcludeProtocols(I2PSSLSocketFactory.EXCLUDE_PROTOCOLS.toArray(
@ -870,7 +869,7 @@ public class RouterConsoleRunner implements RouterApp {
if (success) {
try {
Map<String, String> changes = new HashMap<String, String>();
changes.put(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
changes.put(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
changes.put(PROP_KEY_PASSWORD, keyPassword);
_context.router().saveConfig(changes, null);
} catch (Exception e) {} // class cast exception
@ -880,7 +879,7 @@ public class RouterConsoleRunner implements RouterApp {
dir = new SecureDirectory(dir, "console");
dir.mkdir();
File certFile = new File(dir, "console.local.crt");
KeyStoreUtil.exportCert(ks, DEFAULT_KEYSTORE_PASSWORD, "console", certFile);
KeyStoreUtil.exportCert(ks, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD, "console", certFile);
}
}
if (success) {

7
apps/sam/java/src/net/i2p/sam/SSLUtil.java
View File

@ -25,7 +25,6 @@ import net.i2p.util.SecureDirectory;
class SSLUtil {
private static final String PROP_KEYSTORE_PASSWORD = "sam.keystorePassword";
private static final String DEFAULT_KEYSTORE_PASSWORD = "changeit";
private static final String PROP_KEY_PASSWORD = "sam.keyPassword";
private static final String PROP_KEY_ALIAS = "sam.keyAlias";
private static final String ASCII_KEYFILE_SUFFIX = ".local.crt";
@ -97,7 +96,7 @@ class SSLUtil {
if (success) {
success = ks.exists();
if (success) {
opts.setProperty(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
opts.setProperty(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
opts.setProperty(PROP_KEY_PASSWORD, keyPassword);
}
}
@ -124,7 +123,7 @@ class SSLUtil {
File sdir = new SecureDirectory(I2PAppContext.getGlobalContext().getConfigDir(), CERT_DIR);
if (sdir.exists() || sdir.mkdirs()) {
String keyAlias = opts.getProperty(PROP_KEY_ALIAS);
String ksPass = opts.getProperty(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
String ksPass = opts.getProperty(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
File out = new File(sdir, PREFIX + name + ASCII_KEYFILE_SUFFIX);
boolean success = KeyStoreUtil.exportCert(ks, ksPass, keyAlias, out);
if (!success)
@ -142,7 +141,7 @@ class SSLUtil {
* @return factory, throws on all errors
*/
public static SSLServerSocketFactory initializeFactory(Properties opts) throws IOException {
String ksPass = opts.getProperty(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
String ksPass = opts.getProperty(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
String keyPass = opts.getProperty(PROP_KEY_PASSWORD);
if (keyPass == null) {
throw new IOException("No key password, set " + PROP_KEY_PASSWORD + " in " +

7
apps/sam/java/src/net/i2p/sam/client/SSLUtil.java
View File

@ -26,7 +26,6 @@ class SSLUtil {
public static final String DEFAULT_SAMCLIENT_CONFIGFILE = "samclient.config";
private static final String PROP_KEYSTORE_PASSWORD = "samclient.keystorePassword";
private static final String DEFAULT_KEYSTORE_PASSWORD = "changeit";
private static final String PROP_KEY_PASSWORD = "samclient.keyPassword";
private static final String PROP_KEY_ALIAS = "samclient.keyAlias";
private static final String ASCII_KEYFILE_SUFFIX = ".local.crt";
@ -98,7 +97,7 @@ class SSLUtil {
if (success) {
success = ks.exists();
if (success) {
opts.setProperty(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
opts.setProperty(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
opts.setProperty(PROP_KEY_PASSWORD, keyPassword);
}
}
@ -125,7 +124,7 @@ class SSLUtil {
File sdir = new SecureDirectory(I2PAppContext.getGlobalContext().getConfigDir(), CERT_DIR);
if (sdir.exists() || sdir.mkdirs()) {
String keyAlias = opts.getProperty(PROP_KEY_ALIAS);
String ksPass = opts.getProperty(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
String ksPass = opts.getProperty(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
File out = new File(sdir, PREFIX + name + ASCII_KEYFILE_SUFFIX);
boolean success = KeyStoreUtil.exportCert(ks, ksPass, keyAlias, out);
if (!success)
@ -143,7 +142,7 @@ class SSLUtil {
* @return factory, throws on all errors
*/
public static SSLServerSocketFactory initializeFactory(Properties opts) throws IOException {
String ksPass = opts.getProperty(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
String ksPass = opts.getProperty(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
String keyPass = opts.getProperty(PROP_KEY_PASSWORD);
if (keyPass == null) {
throw new IOException("No key password, set " + PROP_KEY_PASSWORD + " in " +

7
router/java/src/net/i2p/router/client/SSLClientListenerRunner.java
View File

@ -35,7 +35,6 @@ class SSLClientListenerRunner extends ClientListenerRunner {
private SSLServerSocketFactory _factory;
private static final String PROP_KEYSTORE_PASSWORD = "i2cp.keystorePassword";
private static final String DEFAULT_KEYSTORE_PASSWORD = "changeit";
private static final String PROP_KEY_PASSWORD = "i2cp.keyPassword";
private static final String KEY_ALIAS = "i2cp";
private static final String ASCII_KEYFILE = "i2cp.local.crt";
@ -91,7 +90,7 @@ class SSLClientListenerRunner extends ClientListenerRunner {
success = ks.exists();
if (success) {
Map<String, String> changes = new HashMap<String, String>();
changes.put(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
changes.put(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
changes.put(PROP_KEY_PASSWORD, keyPassword);
_context.router().saveConfig(changes, null);
}
@ -116,7 +115,7 @@ class SSLClientListenerRunner extends ClientListenerRunner {
private void exportCert(File ks) {
File sdir = new SecureDirectory(_context.getConfigDir(), "certificates/i2cp");
if (sdir.exists() || sdir.mkdirs()) {
String ksPass = _context.getProperty(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
String ksPass = _context.getProperty(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
File out = new File(sdir, ASCII_KEYFILE);
boolean success = KeyStoreUtil.exportCert(ks, ksPass, KEY_ALIAS, out);
if (!success)
@ -131,7 +130,7 @@ class SSLClientListenerRunner extends ClientListenerRunner {
* @return success
*/
private boolean initializeFactory(File ks) {
String ksPass = _context.getProperty(PROP_KEYSTORE_PASSWORD, DEFAULT_KEYSTORE_PASSWORD);
String ksPass = _context.getProperty(PROP_KEYSTORE_PASSWORD, KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD);
String keyPass = _context.getProperty(PROP_KEY_PASSWORD);
if (keyPass == null) {
_log.error("No key password, set " + PROP_KEY_PASSWORD +