From 2e34ffcedcc18e22ed981d78ef11c1af62142472 Mon Sep 17 00:00:00 2001 From: zzz Date: Wed, 7 Feb 2018 13:47:01 +0000 Subject: [PATCH] Update SSL cert params Version 0.12.0 --- README.txt | 3 +++ TODO.txt | 5 ----- build.xml | 3 ++- scripts/plugin.config | 4 ++-- .../net/i2p/i2pcontrol/I2PControlController.java | 14 ++++++++------ .../i2p/i2pcontrol/security/KeyStoreProvider.java | 9 +++++---- 6 files changed, 20 insertions(+), 18 deletions(-) diff --git a/README.txt b/README.txt index 5cd48fc..1d21581 100644 --- a/README.txt +++ b/README.txt @@ -6,6 +6,9 @@ Default host is 127.0.0.1. Default port is 7650. Default password is "itoopie". +You may change the API password via the API, +or via a browser at https://127.0.0.1:7650/ + Version 1 API specification: http://i2p-projekt.i2p/en/docs/api/i2pcontrol https://geti2p.net/en/docs/api/i2pcontrol diff --git a/TODO.txt b/TODO.txt index a3fd063..24f287f 100644 --- a/TODO.txt +++ b/TODO.txt @@ -5,9 +5,4 @@ https://geti2p.net/spec/proposals/118-i2pcontrol-api-2 http://zzz.i2p/topics/2030 Prep for bundling into router package Review auth requirements and implementation -Remove static fields -Consistent style tab/spaces -Convert I2PControlController to RouterApp -Remove static ConfigurationManager, SecurityManager, Server bcrypt merge or move to PasswordManager -Which json lib, possibly migrate diff --git a/build.xml b/build.xml index 61484e1..af51dc3 100644 --- a/build.xml +++ b/build.xml @@ -31,7 +31,8 @@ - + + diff --git a/scripts/plugin.config b/scripts/plugin.config index f3d369e..520c2f6 100644 --- a/scripts/plugin.config +++ b/scripts/plugin.config @@ -4,8 +4,8 @@ consoleLinkName=I2PControl description=Remote Control Service author=hottuna websiteURL=http://zzz.i2p/forums/16 -updateURL=http://zzz.i2p/i2p/plugins/I2PControl-update.xpi2p -updateURL.su3=http://zzz.i2p/i2p/plugins/I2PControl-update.su3 +updateURL=http://stats.i2p/i2p/plugins/I2PControl-update.xpi2p +updateURL.su3=http://stats.i2p/i2p/plugins/I2PControl-update.su3 license=Apache 2.0 min-jetty-version=9 min-i2p-version=0.9.30 diff --git a/src/java/net/i2p/i2pcontrol/I2PControlController.java b/src/java/net/i2p/i2pcontrol/I2PControlController.java index c06cb52..a70f449 100644 --- a/src/java/net/i2p/i2pcontrol/I2PControlController.java +++ b/src/java/net/i2p/i2pcontrol/I2PControlController.java @@ -52,11 +52,10 @@ import java.util.StringTokenizer; /** - * This handles the starting and stopping of an eepsite tunnel and jetty + * This handles the starting and stopping of Jetty * from a single static class so it can be called via clients.config. * - * This makes installation of a new eepsite a turnkey operation - - * the user is not required to configure a new tunnel in i2ptunnel manually. + * This makes installation of a new eepsite a turnkey operation. * * Usage: I2PControlController -d $PLUGIN [start|stop] * @@ -80,6 +79,9 @@ public class I2PControlController implements RouterApp { static final String PROP_ALLOWED_HOSTS = "i2pcontrol.allowedhosts"; private static final String SVC_HTTPS_I2PCONTROL = "https_i2pcontrol"; + /** + * RouterApp (new way) + */ public I2PControlController(RouterContext ctx, ClientAppManager mgr, String args[]) { _appContext = _context = ctx; _mgr = mgr; @@ -94,7 +96,7 @@ public class I2PControlController implements RouterApp { } /** - * From main() + * From main() (old way) */ public I2PControlController(File pluginDir) { _appContext = I2PAppContext.getGlobalContext(); @@ -122,6 +124,7 @@ public class I2PControlController implements RouterApp { } catch (Exception e) { changeState(START_FAILED, "Failed to start", e); _log.error("Unable to start jetty server", e); + stop(); } } @@ -279,7 +282,7 @@ public class I2PControlController implements RouterApp { SslContextFactory sslFactory = new SslContextFactory(_ksp.getKeyStoreLocation()); sslFactory.setKeyStorePassword(KeyStoreProvider.DEFAULT_KEYSTORE_PASSWORD); // the X.509 cert password (if not present, verifyKeyStore() returned false) - sslFactory.setKeyManagerPassword(KeyStoreProvider.DEFAULT_KEYSTORE_PASSWORD); + sslFactory.setKeyManagerPassword(KeyStoreProvider.DEFAULT_CERTIFICATE_PASSWORD); sslFactory.addExcludeProtocols(I2PSSLSocketFactory.EXCLUDE_PROTOCOLS.toArray( new String[I2PSSLSocketFactory.EXCLUDE_PROTOCOLS.size()])); sslFactory.addExcludeCipherSuites(I2PSSLSocketFactory.EXCLUDE_CIPHERS.toArray( @@ -297,7 +300,6 @@ public class I2PControlController implements RouterApp { ssl.setPort(port); ssl.setIdleTimeout(90*1000); // default 10 sec // all with same name will use the same thread pool - //ssll.setName("ConsoleSocket"); ssl.setName("I2PControl"); ssl.setName("SSL Listener-" + ++listeners); diff --git a/src/java/net/i2p/i2pcontrol/security/KeyStoreProvider.java b/src/java/net/i2p/i2pcontrol/security/KeyStoreProvider.java index c77aac7..544f38b 100644 --- a/src/java/net/i2p/i2pcontrol/security/KeyStoreProvider.java +++ b/src/java/net/i2p/i2pcontrol/security/KeyStoreProvider.java @@ -15,10 +15,11 @@ public class KeyStoreProvider { public static final String DEFAULT_CERTIFICATE_ALGORITHM_STRING = "RSA"; public static final int DEFAULT_CERTIFICATE_KEY_LENGTH = 4096; public static final int DEFAULT_CERTIFICATE_VALIDITY = 365 * 10; - public final static String DEFAULT_CERTIFICATE_DOMAIN = "net.i2p.i2pcontrol"; + public final static String DEFAULT_CERTIFICATE_DOMAIN = "localhost"; public final static String DEFAULT_CERTIFICATE_ALIAS = "I2PControl CA"; - public static final String DEFAULT_KEYSTORE_NAME = "key.store"; - public static final String DEFAULT_KEYSTORE_PASSWORD = "nut'nfancy"; + public static final String DEFAULT_KEYSTORE_NAME = "i2pcontrol.ks"; + public static final String DEFAULT_KEYSTORE_PASSWORD = KeyStoreUtil.DEFAULT_KEYSTORE_PASSWORD; + public static final String DEFAULT_CERTIFICATE_PASSWORD = "nut'nfancy"; private final String _pluginDir; private KeyStore _keystore; @@ -35,7 +36,7 @@ public class KeyStoreProvider { DEFAULT_CERTIFICATE_VALIDITY, DEFAULT_CERTIFICATE_ALGORITHM_STRING, DEFAULT_CERTIFICATE_KEY_LENGTH, - DEFAULT_KEYSTORE_PASSWORD); + DEFAULT_CERTIFICATE_PASSWORD); } /**