AGentooCat/i2p.i2p
1
0
Fork 0
forked from I2P_Developers/i2p.i2p
Code Issues Pull Requests Packages Projects Releases Wiki Activity

i2ptunnel: Per-client auth options (WIP)

Browse Source
This commit is contained in:
zzz
2019-05-22 18:12:49 +00:00
parent 2ec34f4827
commit 332898351c
4 changed files with 65 additions and 20 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/ui/GeneralHelper.java
View File

@@ -565,11 +565,23 @@ public class GeneralHelper {
if (getEncrypt(tunnel))
return 1;
if (getProperty(tunnel, "i2cp.leaseSetType", "1").equals("5")) {
int rv;
String authType = getProperty(tunnel, "i2cp.leaseSetAuthType", "0");
if (authType.equals("2")) {
rv = 6;
} else if (authType.equals("1")) {
// shared DH key
rv = 4;
// per-client DH key
//rv = 8;
} else {
rv = 2;
}
String pw = getBlindedPassword(tunnel);
if (pw != null && pw.length() > 0)
return 3;
return 2;
// LS auth (rv 4-7) TODO
rv++;
return rv;
}
return 0;
}

55
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/ui/TunnelConfig.java
View File

@@ -657,34 +657,63 @@ public class TunnelConfig {
}
switch (_encryptMode) {
case 0:
case 0: // none
default:
config.remove(OPT + "i2cp.leaseSetSecret");
if ("5".equals(config.get(OPT + "i2cp.leaseSetType")))
config.remove(OPT + "i2cp.leaseSetType");
break;
case 1:
case 1: // LS1
config.remove(OPT + "i2cp.leaseSetType");
config.remove(OPT + "i2cp.leaseSetSecret");
config.remove(OPT + "i2cp.leaseSetAuthType");
break;
case 4:
case 6:
// TODO
// Fallthrough
case 2:
case 2: // blinded
config.put(OPT + "i2cp.leaseSetType", "5");
config.remove(OPT + "i2cp.leaseSetSecret");
config.remove(OPT + "i2cp.leaseSetAuthType");
break;
case 5:
case 7:
// TODO
// Fallthrough
case 3:
case 3: // blinded + secret
config.put(OPT + "i2cp.leaseSetType", "5");
config.remove(OPT + "i2cp.leaseSetAuthType");
break;
case 4: // blinded, shared key (implicit DH)
config.put(OPT + "i2cp.leaseSetType", "5");
config.remove(OPT + "i2cp.leaseSetSecret");
config.put(OPT + "i2cp.leaseSetAuthType", "1");
break;
case 5: // blinded, secret, shared key (implicit DH)
config.put(OPT + "i2cp.leaseSetType", "5");
config.put(OPT + "i2cp.leaseSetAuthType", "1");
break;
case 6: // blinded, per-client PSK
config.put(OPT + "i2cp.leaseSetType", "5");
config.remove(OPT + "i2cp.leaseSetSecret");
config.put(OPT + "i2cp.leaseSetAuthType", "2");
break;
case 7: // blinded, secret, per-client PSK
config.put(OPT + "i2cp.leaseSetType", "5");
config.put(OPT + "i2cp.leaseSetAuthType", "2");
break;
case 8: // blinded, per-client DH
config.put(OPT + "i2cp.leaseSetType", "5");
config.remove(OPT + "i2cp.leaseSetSecret");
config.put(OPT + "i2cp.leaseSetAuthType", "1");
break;
case 9: // blinded, secret, per-client DH
config.put(OPT + "i2cp.leaseSetType", "5");
config.put(OPT + "i2cp.leaseSetAuthType", "1");
break;
}
}
@@ -857,7 +886,7 @@ public class TunnelConfig {
PROP_MAX_STREAMS, I2PClient.PROP_SIGTYPE,
"inbound.randomKey", "outbound.randomKey", "i2cp.leaseSetSigningPrivateKey", "i2cp.leaseSetPrivateKey",
I2PTunnelServer.PROP_ALT_PKF,
"i2cp.leaseSetSecret"
"i2cp.leaseSetSecret", "i2cp.leaseSetType", "i2cp.leaseSetAuthType"
};
private static final String _httpServerOpts[] = {
I2PTunnelHTTPServer.OPT_POST_WINDOW,

4
apps/i2ptunnel/java/src/net/i2p/i2ptunnel/web/IndexBean.java
View File

@@ -567,8 +567,8 @@ public class IndexBean {
try {
String secret = _helper.getBlindedPassword(tunnel);
boolean requireSecret = secret != null && secret.length() > 0 &&
(mode == 3 || mode == 5 || mode == 7);
boolean requireAuth = mode >= 4 && mode <= 7;
(mode == 3 || mode == 5 || mode == 7 || mode == 9);
boolean requireAuth = mode >= 4 && mode <= 9;
return Blinding.encode(_context, d.getSigningPublicKey(), requireSecret, requireAuth);
} catch (RuntimeException re) {}
}

8
apps/i2ptunnel/jsp/editServer.jsi
View File

@@ -461,9 +461,13 @@
<span class="multiOption"><label title="<%=intl._t("Only clients with the password and key will be able to connect")%>"><input value="5" type="radio" name="encryptMode"<%=(curEncryptMode.equals("5") ? " checked=\"checked\"" : "")%> class="tickbox" />
<%=intl._t("Blinded with lookup password and shared key")%></label></span>
<span class="multiOption"><label title="<%=intl._t("Only clients with the encryption key will be able to connect")%>"><input value="6" type="radio" name="encryptMode"<%=(curEncryptMode.equals("6") ? " checked=\"checked\"" : "")%> class="tickbox" />
<%=intl._t("Blinded with per-user key")%></label></span>
<%=intl._t("Blinded with per-user key")%> (PSK)</label></span>
<span class="multiOption"><label title="<%=intl._t("Only clients with the password and key will be able to connect")%>"><input value="7" type="radio" name="encryptMode"<%=(curEncryptMode.equals("7") ? " checked=\"checked\"" : "")%> class="tickbox" />
<%=intl._t("Blinded with lookup password and per-user key")%></label></span>
<%=intl._t("Blinded with lookup password and per-user key")%> (PSK)</label></span>
<span class="multiOption"><label title="<%=intl._t("Only clients with the encryption key will be able to connect")%>"><input value="8" type="radio" name="encryptMode"<%=(curEncryptMode.equals("8") ? " checked=\"checked\"" : "")%> class="tickbox" />
<%=intl._t("Blinded with per-user key")%> (DH)</label></span>
<span class="multiOption"><label title="<%=intl._t("Only clients with the password and key will be able to connect")%>"><input value="9" type="radio" name="encryptMode"<%=(curEncryptMode.equals("9") ? " checked=\"checked\"" : "")%> class="tickbox" />
<%=intl._t("Blinded with lookup password and per-user key")%> (DH)</label></span>
<%
} // isAdvanced()
} // allowBlinding