Update SSL cert params

Version 0.12.0

README.txt

@@ -6,6 +6,9 @@ Default host is 127.0.0.1.
 Default port is 7650.
 Default password is "itoopie".
 
+You may change the API password via the API,
+or via a browser at https://127.0.0.1:7650/
+
 Version 1 API specification:
 http://i2p-projekt.i2p/en/docs/api/i2pcontrol
 https://geti2p.net/en/docs/api/i2pcontrol

TODO.txt

@@ -5,9 +5,4 @@ https://geti2p.net/spec/proposals/118-i2pcontrol-api-2
 http://zzz.i2p/topics/2030
 Prep for bundling into router package
 Review auth requirements and implementation
-Remove static fields
-Consistent style tab/spaces
-Convert I2PControlController to RouterApp
-Remove static ConfigurationManager, SecurityManager, Server
 bcrypt merge or move to PasswordManager
-Which json lib, possibly migrate

build.xml

@@ -31,7 +31,8 @@
     <target name="plugin" depends="jar"> 
         <!-- get version number -->
         <buildnumber file="scripts/build.number" />
-        <property name="release.number" value="0.11" />
+        <!-- change in I2PControlVersion.java also! -->
+        <property name="release.number" value="0.12.0" />
 
         <!-- make the update xpi2p -->
         <mkdir dir="plugin/lib"/>

scripts/plugin.config

@@ -4,8 +4,8 @@ consoleLinkName=I2PControl
 description=Remote Control Service 
 author=hottuna
 websiteURL=http://zzz.i2p/forums/16
-updateURL=http://zzz.i2p/i2p/plugins/I2PControl-update.xpi2p
-updateURL.su3=http://zzz.i2p/i2p/plugins/I2PControl-update.su3
+updateURL=http://stats.i2p/i2p/plugins/I2PControl-update.xpi2p
+updateURL.su3=http://stats.i2p/i2p/plugins/I2PControl-update.su3
 license=Apache 2.0
 min-jetty-version=9
 min-i2p-version=0.9.30

src/java/net/i2p/i2pcontrol/I2PControlController.java

@@ -52,11 +52,10 @@ import java.util.StringTokenizer;
 
 
 /**
- * This handles the starting and stopping of an eepsite tunnel and jetty
+ * This handles the starting and stopping of Jetty
  * from a single static class so it can be called via clients.config.
  *
- * This makes installation of a new eepsite a turnkey operation -
- * the user is not required to configure a new tunnel in i2ptunnel manually.
+ * This makes installation of a new eepsite a turnkey operation.
  *
  * Usage: I2PControlController -d $PLUGIN [start|stop]
  *
@@ -80,6 +79,9 @@ public class I2PControlController implements RouterApp {
     static final String PROP_ALLOWED_HOSTS = "i2pcontrol.allowedhosts";
     private static final String SVC_HTTPS_I2PCONTROL = "https_i2pcontrol";
 
+    /**
+     *  RouterApp (new way)
+     */
     public I2PControlController(RouterContext ctx, ClientAppManager mgr, String args[]) {
         _appContext = _context = ctx;
         _mgr = mgr;
@@ -94,7 +96,7 @@ public class I2PControlController implements RouterApp {
     }
 
     /**
-     *  From main()
+     *  From main() (old way)
      */
     public I2PControlController(File pluginDir) {
         _appContext = I2PAppContext.getGlobalContext();
@@ -122,6 +124,7 @@ public class I2PControlController implements RouterApp {
         } catch (Exception e) {
             changeState(START_FAILED, "Failed to start", e);
             _log.error("Unable to start jetty server", e);
+            stop();
         }
     }
 
@@ -279,7 +282,7 @@ public class I2PControlController implements RouterApp {
         SslContextFactory sslFactory = new SslContextFactory(_ksp.getKeyStoreLocation());
         sslFactory.setKeyStorePassword(KeyStoreProvider.DEFAULT_KEYSTORE_PASSWORD);
         // the X.509 cert password (if not present, verifyKeyStore() returned false)
-        sslFactory.setKeyManagerPassword(KeyStoreProvider.DEFAULT_KEYSTORE_PASSWORD);
+        sslFactory.setKeyManagerPassword(KeyStoreProvider.DEFAULT_CERTIFICATE_PASSWORD);
         sslFactory.addExcludeProtocols(I2PSSLSocketFactory.EXCLUDE_PROTOCOLS.toArray(
                                        new String[I2PSSLSocketFactory.EXCLUDE_PROTOCOLS.size()]));
         sslFactory.addExcludeCipherSuites(I2PSSLSocketFactory.EXCLUDE_CIPHERS.toArray(
@@ -297,7 +300,6 @@ public class I2PControlController implements RouterApp {
         ssl.setPort(port);
         ssl.setIdleTimeout(90*1000);  // default 10 sec
         // all with same name will use the same thread pool
-        //ssll.setName("ConsoleSocket");
         ssl.setName("I2PControl");
 
         ssl.setName("SSL Listener-" + ++listeners);

src/java/net/i2p/i2pcontrol/security/KeyStoreProvider.java

@@ -15,10 +15,11 @@ public class KeyStoreProvider {
     public static final String DEFAULT_CERTIFICATE_ALGORITHM_STRING = "RSA";
     public static final int DEFAULT_CERTIFICATE_KEY_LENGTH = 4096;
     public static final int DEFAULT_CERTIFICATE_VALIDITY = 365 * 10;
-    public final static String DEFAULT_CERTIFICATE_DOMAIN = "net.i2p.i2pcontrol";
+    public final static String DEFAULT_CERTIFICATE_DOMAIN = "localhost";
     public final static String DEFAULT_CERTIFICATE_ALIAS = "I2PControl CA";
-    public static final String DEFAULT_KEYSTORE_NAME = "key.store";
-    public static final String DEFAULT_KEYSTORE_PASSWORD = "nut'nfancy";
+    public static final String DEFAULT_KEYSTORE_NAME = "i2pcontrol.ks";
+    public static final String DEFAULT_KEYSTORE_PASSWORD = KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD;
+    public static final String DEFAULT_CERTIFICATE_PASSWORD = "nut'nfancy";
     private final String _pluginDir;
     private KeyStore _keystore;
 
@@ -35,7 +36,7 @@ public class KeyStoreProvider {
                                 DEFAULT_CERTIFICATE_VALIDITY,
                                 DEFAULT_CERTIFICATE_ALGORITHM_STRING,
                                 DEFAULT_CERTIFICATE_KEY_LENGTH,
-                                DEFAULT_KEYSTORE_PASSWORD);
+                                DEFAULT_CERTIFICATE_PASSWORD);
     }
 
     /**