diff --git a/apps/i2ptunnel/jsp/ssl.jsp b/apps/i2ptunnel/jsp/ssl.jsp index 825d3d4d4..af68f3151 100644 --- a/apps/i2ptunnel/jsp/ssl.jsp +++ b/apps/i2ptunnel/jsp/ssl.jsp @@ -9,7 +9,7 @@ response.setHeader("Accept-Ranges", "none"); %><%@page pageEncoding="UTF-8" -%><%@page contentType="text/html" import="java.io.File,net.i2p.crypto.KeyStoreUtil,net.i2p.data.DataHelper,net.i2p.jetty.JettyXmlConfigurationParser" +%><%@page contentType="text/html" import="java.io.File,java.io.IOException,net.i2p.crypto.KeyStoreUtil,net.i2p.data.DataHelper,net.i2p.jetty.JettyXmlConfigurationParser" %><%@page %> @@ -105,6 +105,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; } if (action != null) { String nonce = request.getParameter("nonce"); String newpw = request.getParameter("nofilter_keyPassword"); + String kspw = request.getParameter("nofilter_obfKeyStorePassword"); String appNum = request.getParameter("clientAppNumber"); String ksPath = request.getParameter("nofilter_ksPath"); String jettySSLConfigPath = request.getParameter("nofilter_jettySSLFile"); @@ -113,6 +114,11 @@ input.default { width: 1px; height: 1px; visibility: hidden; } if (newpw.length() <= 0) newpw = null; } + if (kspw != null) { + kspw = JettyXmlConfigurationParser.deobfuscate(kspw); + } else { + kspw = net.i2p.crypto.KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD; + } if (!editBean.haveNonce(nonce)) { out.println(intl._t("Invalid form submission, probably because you used the 'back' or 'reload' button on your browser. Please resubmit.") + ' ' + @@ -139,19 +145,42 @@ input.default { width: 1px; height: 1px; visibility: hidden; } if (altb32 != null && altb32.length() > 0) altNames.add(altb32); File ks = new File(ksPath); - ok = net.i2p.crypto.KeyStoreUtil.createKeys(ks, "eepsite", name, altNames, b32, newpw); - if (ok) { - out.println("Created selfsigned cert"); + try { + Object[] rv = net.i2p.crypto.KeyStoreUtil.createKeysAndCRL(ks, kspw, "eepsite", name, altNames, b32, + 3652, "EC", 256, newpw); + out.println("Created selfsigned cert"); + // save cert + java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) rv[2]; + File f = new net.i2p.util.SecureFile(ctx.getConfigDir(), "certificates"); + if (!f.exists()) + f.mkdir(); + f = new net.i2p.util.SecureFile(f, "eepsite"); + if (!f.exists()) + f.mkdir(); + f = new net.i2p.util.SecureFile(f, b32 + ".crt"); + if (f.exists()) { + File fb = new File(f.getParentFile(), b32 + ".crt-" + System.currentTimeMillis() + ".bkup"); + net.i2p.util.FileUtil.copy(f, fb, false, true); + } + ok = net.i2p.crypto.CertUtil.saveCert(cert, f); + out.println("selfsigned cert stored"); + } catch (IOException ioe) { + ioe.printStackTrace(); + ok = false; + } catch (java.security.GeneralSecurityException gse) { + gse.printStackTrace(); + ok = false; } // rewrite jetty-ssl.xml if (ok) { String obf = JettyXmlConfigurationParser.obfuscate(newpw); + String obfkspw = JettyXmlConfigurationParser.obfuscate(kspw); File f = new File(jettySSLConfigPath); try { org.eclipse.jetty.xml.XmlParser.Node root; - root = net.i2p.jetty.JettyXmlConfigurationParser.parse(f); - //JettyXmlConfigurationParser.setValue(root, "KeyStorePassword", ...); + root = JettyXmlConfigurationParser.parse(f); + JettyXmlConfigurationParser.setValue(root, "KeyStorePassword", obfkspw); JettyXmlConfigurationParser.setValue(root, "KeyManagerPassword", obf); JettyXmlConfigurationParser.setValue(root, "TrustStorePassword", obf); File fb = new File(jettySSLConfigPath + ".bkup"); @@ -165,11 +194,11 @@ input.default { width: 1px; height: 1px; visibility: hidden; } w.write("\n"); JettyXmlConfigurationParser.write(root, w); out.println("Jetty configuration updated"); - } catch (java.io.IOException ioe) { + } catch (IOException ioe) { ioe.printStackTrace(); ok = false; } finally { - if (w != null) try { w.close(); } catch (java.io.IOException ioe2) {} + if (w != null) try { w.close(); } catch (IOException ioe2) {} } } } catch (org.xml.sax.SAXException saxe) { @@ -196,7 +225,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; } DataHelper.storeProps(p, f); out.println("Jetty SSL enabled"); } - } catch (java.io.IOException ioe) { + } catch (IOException ioe) { ioe.printStackTrace(); ok = false; } @@ -410,7 +439,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; } if (jettyFile != null && jettyFile.exists()) { try { org.eclipse.jetty.xml.XmlParser.Node root; - root = net.i2p.jetty.JettyXmlConfigurationParser.parse(jettyFile); + root = JettyXmlConfigurationParser.parse(jettyFile); host = JettyXmlConfigurationParser.getValue(root, "host"); port = JettyXmlConfigurationParser.getValue(root, "port"); } catch (org.xml.sax.SAXException saxe) { @@ -421,7 +450,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; } if (jettySSLFile.exists()) { try { org.eclipse.jetty.xml.XmlParser.Node root; - root = net.i2p.jetty.JettyXmlConfigurationParser.parse(jettySSLFile); + root = JettyXmlConfigurationParser.parse(jettySSLFile); ksPW = JettyXmlConfigurationParser.getValue(root, "KeyStorePassword"); kmPW = JettyXmlConfigurationParser.getValue(root, "KeyManagerPassword"); tsPW = JettyXmlConfigurationParser.getValue(root, "TrustStorePassword"); @@ -503,6 +532,15 @@ input.default { width: 1px; height: 1px; visibility: hidden; } " value="" class="freetext password" /> +<% + if (ksPW != null) { + if (!ksPW.startsWith("OBF:")) + ksPW = JettyXmlConfigurationParser.obfuscate(ksPW); +%> + +<% + } +%> @@ -510,7 +548,7 @@ input.default { width: 1px; height: 1px; visibility: hidden; } <% } // canConfigure } // for client - } catch (java.io.IOException ioe) { ioe.printStackTrace(); } + } catch (IOException ioe) { ioe.printStackTrace(); } %>
">
diff --git a/apps/jetty/java/src/net/i2p/jetty/JettyXmlConfigurationParser.java b/apps/jetty/java/src/net/i2p/jetty/JettyXmlConfigurationParser.java index dee021b2e..23461720a 100644 --- a/apps/jetty/java/src/net/i2p/jetty/JettyXmlConfigurationParser.java +++ b/apps/jetty/java/src/net/i2p/jetty/JettyXmlConfigurationParser.java @@ -189,6 +189,18 @@ public class JettyXmlConfigurationParser * @return a string starting with "OBF:" */ public static String obfuscate(String s) { + if (s.startsWith("OBF:")) + return s; return Password.obfuscate(s); } + + /** + * De-Obfuscate a password from the XML + * @param s a string starting with "OBF:" + */ + public static String deobfuscate(String s) { + if (!s.startsWith("OBF:")) + return s; + return Password.deobfuscate(s); + } } diff --git a/apps/routerconsole/java/src/net/i2p/router/web/helpers/CertHelper.java b/apps/routerconsole/java/src/net/i2p/router/web/helpers/CertHelper.java index 1c0386034..926d3420d 100644 --- a/apps/routerconsole/java/src/net/i2p/router/web/helpers/CertHelper.java +++ b/apps/routerconsole/java/src/net/i2p/router/web/helpers/CertHelper.java @@ -22,7 +22,7 @@ public class CertHelper extends HelperBase { private static final String CONSOLE = "console/console.local.crt"; private static final String I2PTUNNEL_DIR = "i2ptunnel"; private static final String SAM_DIR = "sam"; - private static final String EEPSITE = "eepsite/etc/keystore.ks"; + private static final String EEPSITE_DIR = "eepsite"; public String getSummary() { File dir = new File(_context.getConfigDir(), DIR); @@ -31,9 +31,9 @@ public class CertHelper extends HelperBase { _out.write(_t("Local SSL Certificates")); _out.write("\n"); // console - output("Console", new File(dir, CONSOLE)); + output(_t("Router Console"), new File(dir, CONSOLE)); // I2CP - output("I2CP", new File(dir, I2CP)); + output(_t("I2CP"), new File(dir, I2CP)); // i2ptunnel clients File tunnelDir = new File(_context.getConfigDir(), I2PTUNNEL_DIR); @@ -58,13 +58,28 @@ public class CertHelper extends HelperBase { if (tunnels != null) { for (int i = 0; i < tunnels.length; i++) { File f = tunnels[i]; - output("SAM", f); + output(_t("SAM"), f); hasTunnels = true; } } if (!hasTunnels) output(_t("SAM"), null); + // Eepsite + tunnelDir = new File(dir, EEPSITE_DIR); + hasTunnels = false; + tunnels = tunnelDir.listFiles(new FileSuffixFilter(".crt")); + if (tunnels != null) { + for (int i = 0; i < tunnels.length; i++) { + File f = tunnels[i]; + String name = f.getName(); + output(_t("Website") + ' ' + name.substring(0, name.length() - 4), f); + hasTunnels = true; + } + } + if (!hasTunnels) + output(_t("Website"), null); + // Family _out.write("

"); _out.write(_t("Local Router Family Certificate")); @@ -80,19 +95,6 @@ public class CertHelper extends HelperBase { _out.write("

\n"); } - // Eepsite - _out.write("

"); - _out.write(_t("Website")); - _out.write("

\n"); - File ks = new File(_context.getConfigDir(), EEPSITE); - if (ks.exists()) { - // TODO - } else { - _out.write("

"); - _out.write(_t("none")); - _out.write("

\n"); - } - // anything else? plugins? } catch (IOException ioe) {