XSSFilter patch from str4d:
XSSFilter and XSSRequestWrapper were from http://ricardozuasti.com/2012/stronger-anti-cross-site-scripting-xss-filter-for-java-web-apps/
No provided license, but it is clearly intended for public consumption.
But most of it is boilerplate provided by the Servlet Filter system.
In fact, now that I have stripped out his JS-specific patterns and replaced it with the whitelist,
it is effectively identical to what I would have written from scratch.
- Move backup news to psi.i2p
- Move default addressbook subscription to i2p-projekt.i2p
- Remove www.i2p2.i2p from default update lists
- Add psi.i2p to hosts.txt
- Update links on help pages to avoid redirects on new website
and select the correct language
* SusiDNS: Fix whitespace issues
- Update to Jetty 8.x, Servlet 3.0, JSP 2.2
- Require Java 6
- Use Servlet and JSP jars from Jetty instead of Tomcat
- Tomcat remains at 6.0.37 supporting Servlet 2.5 / JSP 2.1
- Remove Jetty dependency in console error pages
- Build files for Jetty 8.1.14
- Doc updates
- Delete Jetty 7.6.14
- Jetty 8.1.14 not yet checked in,
waiting to see if a new version is released soon,
but build will download it for testing
- Add clientAppManager() to I2PAppContext so it can be used there
- Add routerAppManager() to RouterContext for convenience inside router
Start of SSL support in I2PTunnelHTTPClient
- Add initialSocketData support back to I2PTunnelOutproxyRunner
- Works for orchid (and in-net?)
- TODO Doesn't work for in-net proxy
- Need separate config for SSL proxy
- Move net.i2p.kademlia package from i2psnark to core, and convert
netdb to use it.
- Delete old implementation in netdb
- Fixups in netdb for generics
- Add debug output to /debug
This is the next step in the development plan, in which we previously:
- Copied the code from netdb to the i2p.zzz.kademlia branch, fixed it,
and made it generic for hash size (June 2012);
- Moved it from the i2p.zzz.kademlia branch to the i2p.i2p.zzz.dhtsnark
branch, and implemented KRPC with it (June 2012);
- Propped it from i2p.i2p.zzz.dhtsnark to trunk for 0.9.2 (July-Sept. 2012);
- Proved it out in 0.9.2 - 0.9.9 (Oct. 2012 - Nov. 2013)
The plan was to maintain the KBucketSet public methods throughout the development
so we could drop the new version back into netdb, so here we drop it in.
Setting of K=16, B=3 is just an initial guess, to be reviewed.
This moves about 18 KB from i2psnark.jar to i2p.jar and removes about 12 KB from router.jar.
Unit test fixup: todo.
to branch 'i2p.i2p' (head a1c2ba4663abc7470f427c6a14854707d58b486a)
Prop from branch i2p.i2p.zzz.ecdsa:
* Build:
- Generate su3 file in release target
- Add zzz's new RSA 4096 pubkey cert for updates
- Fix checkcerts.sh
* Console: Move advanced setting to HelperBase
* DSAEngine changes:
- Implement raw sign/verify for other SigTypes
- Add sign/verify methods using Java keys
* ECDSA Support:
- Add ECConstants which looks for named curves and falls back to
explicitly defining the curves
- Add support for ECDSA to SigType, DSAEngine and KeyGenerator
- Attempt to add BC as a Provider
- genSpec: fallback to BC provider
* EepGet:
- Fix non-proxied PartialEepGet
- Prevent non-proxied eepget for an I2P host
* KeyGenerator changes:
- Generate key pairs for all supported SigTypes
- KeyPairGen: Catch ProviderException, fallback to BC provider
- Add KeyGenerator main() tests
* KeyRing and DirKeyRing added: simple backend for storing X.509 certs
* KeyStoreUtil added:
- Consolidate KeyStore code from SSLEepGet, I2CPSSLSocketFactory,
SSLClientListenerRunner, and RouterConsoleRunner into new
KeyStoreUtil and CertUtil classes in net.i2p.crypto (ticket #744)
- Change default to RSA 2048 (ticket #1017)
- Set file modes on written keys
- Overwrite check in createKeys()
- New getCert(), getKey()
- Extend keygen max wait
- Read back private key to verify after keygen
- Validate cert after reading from file
- Validate CN in cert
- Specify cert signature algorithm when generating keys
* NativeBigInteger: Tweak to prevent early context instantiation
* RSA support added: constants, parameters, sig types, support in DSAEngine, KeyGenerator, SigUtil
* SHA1Hash: Add no-arg constructor
* SigType changes:
- Add parameters (curve specs) to SigTypes
- Add getHashInstance()
- Add RSA, fix ECDSA
- Renumber, rename, comment out types that are too short.
* SigUtil added:
- Converters from Java formats (ASN.1, X.509, PKCS#8)
to I2P formats for Signatures and SigningKeys
- Move ASN.1 converter from DSAEngine to SigUtil, generalize
for variable length, add support for longer sequences,
add more sanity checks, add more exceptions
- Move I2P-to-Java DSA key conversion from DSAEngine to SigUtil
- Add Java-to-I2P DSA key conversion
- Add Java key import
- New split() and combine() methods
* SSLEepGet: Move all certificates to certificates/ssl, in preparation
for other certificate uses by SU3File
* SU3File changes:
- Support all SigTypes
- Implement keygen
- Readahead to get sigtype on verify, as we need the hash type
- Enum for content type
- Add unknown content type, make default
- Fix NPE if private key not found or sign fails
- Store generated keys in keystore, and get private key from keystore
for signing, in Java format
- Use Java keys to sign and verify so we don't
lose the key parameters in the conversion to I2P keys
- Type checking of Java private key vs. type when signing
- Use certs instead of public keys for verification
- Fix arg processing
- Improve validate-without-extract
- New extract command
- Change static fields to avoid early context init
- Reduce PRNG buffer size for faster signing
* Update: Preliminary work for su3 router updates:
- New ROUTER_SIGNED_SU3 UpdateType
- Add support for torrent and HTTP
- Refactor UpdateRunners to return actual UpdateType
- Deal with signed/su3 conflicts
- Verify and extract su3 files.
- Stub out support for clearnet su3 updating
- New config for proxying news, separate from proxying update
- PartialEepGet and SSLEepGet tweaks to support clearnet update
- Remove proxy, key, and url config from /configupdate
- More URI checks in UpdateRunner
- Add https support for news fetch
- Add su3 mime type
- Reset found version in update loop so we don't fetch from
the next host too.
- Prevent NPE on version after SSL fetch
- Stub out support for clearnet su3 updating
- PartialEepGet and SSLEepGet tweaks to support clearnet update
- Remove proxy, key, and url config from /configupdate
- More URI checks in UpdateRunner
- Add su3 mime type
- Move advanced setting to HelperBase
- French, Portugeuse, Russian, Spanish, and Turkish updates from Transifex
- Start of Romanian translation from Transifex
- Update English POs for sending to TX
* Debian: Update changelog
