#2159 closed enhancement (fixed)

HTTPS Eepsite enabled by default

Reported by: zzz Owned by: zzz
Priority: minor Milestone: 0.9.35
Component: apps/jetty Version: 0.9.33
Keywords: security, standards, defaults Cc:
Parent Tickets: Sensitive: no

Description

Browsers are going to start complaining soon.

Automate everything in http://zzz.i2p/topics/1867

Subtickets

Change History (4)

comment:1 Changed 20 months ago by str4d

Keywords: security standards defaults added
Status: newopen

comment:2 Changed 18 months ago by zzz

Milestone: undecided0.9.35
Owner: set to zzz
Status: openaccepted

In 0.9.34-9. Still not by default and maybe can't be. See post 8 in zzz.i2p thread linked above for details.

comment:3 Changed 18 months ago by Reportage

The user interface is over-complicated and broken. Fixes below:

#
# old_revision [b2f50cea78d884ae2e0121e829d56f3ebe0c1ffa]
#
# patch "apps/i2ptunnel/jsp/ssl.jsp"
#  from [e1aa40716c3d4e7160fb8401bfbed9a652508014]
#    to [709c76d5e37166f23df040dc7b416d545dd9da76]
#
============================================================
--- apps/i2ptunnel/jsp/ssl.jsp	e1aa40716c3d4e7160fb8401bfbed9a652508014
+++ apps/i2ptunnel/jsp/ssl.jsp	709c76d5e37166f23df040dc7b416d545dd9da76
@@ -32,12 +32,12 @@
 %>
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
 <head>
-    <title><%=intl._t("Hidden Services Manager")%> - <%=intl._t("SSL Helper")%></title>
+    <title><%=intl._t("Tunnel Manager")%> - <%=intl._t("SSL Helper")%></title>
     <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
     <link href="/themes/console/images/favicon.ico" type="image/x-icon" rel="shortcut icon" />
     <% if (editBean.allowCSS()) {
   %><link rel="icon" href="<%=editBean.getTheme()%>images/favicon.ico" />
-    <link href="<%=editBean.getTheme()%>i2ptunnel.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css" /> 
+    <link href="<%=editBean.getTheme()%>i2ptunnel.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css" />
     <% }
   %>
 <style type='text/css'>
@@ -51,20 +51,20 @@ input.default { width: 1px; height: 1px;
   if (!ctx.isRouterContext()) {
       %>Unsupported in app context<%
   } else if (curTunnel < 0) {
-      %>Tunnel not found<% 
+      %>Tunnel not found<%
   } else if (editBean.isClient(curTunnel)) {
       %>Not supported for client tunnels<%
   } else if (editBean.isInitialized()) {
 
 %>
-<div class="panel" id="ssl">
 <%
     String tunnelTypeName;
     String tunnelType;
     boolean valid = false;
     tunnelTypeName = editBean.getTunnelType(curTunnel);
     tunnelType = editBean.getInternalType(curTunnel);
-%><h2><%=intl._t("SSL Wizard")%> (<%=editBean.getTunnelName(curTunnel)%>)</h2><% 
+%>
+<%
 
     // set a bunch of variables for the current configuration
     String b64 = editBean.getDestinationBase64(curTunnel);
@@ -178,7 +178,7 @@ input.default { width: 1px; height: 1px;
                 boolean ok = true;
 
                 if (action.equals("Generate")) {
-                    // generate selfsigned cert
+                    // generate self-signed cert
                     java.util.Set<String> altNames = new java.util.HashSet<String>(4);
                     altNames.add(b32);
                     altNames.add(name);
@@ -204,7 +204,7 @@ input.default { width: 1px; height: 1px;
                         int sz = haveEC ? 256 : 2048;
                         Object[] rv = net.i2p.crypto.KeyStoreUtil.createKeysAndCRL(ks, kspw, "eepsite", name, altNames, b32,
                                                                                    3652, alg, sz, newpw);
-                        msgs.append("Created selfsigned cert\n");
+                        msgs.append("Created self-signed certificate\n");
                         // save cert
                         java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) rv[2];
                         File f = new net.i2p.util.SecureFile(ctx.getConfigDir(), "certificates");
@@ -220,16 +220,16 @@ input.default { width: 1px; height: 1px;
                         }
                         ok = net.i2p.crypto.CertUtil.saveCert(cert, f);
                         if (ok)
-                            msgs.append("selfsigned cert stored\n");
+                            msgs.append("Self-signed certificate stored\n");
                         else
-                            msgs.append("selfsigned cert store failed\n");
+                            msgs.append("Self-signed certificate store failed\n");
                     } catch (IOException ioe) {
                         ioe.printStackTrace();
-                        msgs.append("selfsigned cert store failed ").append(DataHelper.escapeHTML(ioe.toString())).append('\n');
+                        msgs.append("Self-signed certificate store failed ").append(DataHelper.escapeHTML(ioe.toString())).append('\n');
                         ok = false;
                     } catch (java.security.GeneralSecurityException gse) {
                         gse.printStackTrace();
-                        msgs.append("selfsigned cert store failed ").append(DataHelper.escapeHTML(gse.toString())).append('\n');
+                        msgs.append("Self-signed certificate store failed ").append(DataHelper.escapeHTML(gse.toString())).append('\n');
                         ok = false;
                     }
 
@@ -270,7 +270,7 @@ input.default { width: 1px; height: 1px;
                             }
                         } catch (org.xml.sax.SAXException saxe) {
                             saxe.printStackTrace();
-                            msgs.append("Jetty config parse failed ").append(DataHelper.escapeHTML(saxe.toString())).append('\n');
+                            msgs.append("Jetty configuration parse failed ").append(DataHelper.escapeHTML(saxe.toString())).append('\n');
                             ok = false;
                         }
                     }
@@ -370,11 +370,12 @@ input.default { width: 1px; height: 1px;
                         }
                     } else {
                         //msgs.append("Unable to restart Jetty server\n");
-                        msgs.append("You must start the Jetty server on <a target=\"_top\" href=\"/configclients\">the configure clients page</a>.\n");
+                        // no embedded urls here!
+                        msgs.append("You must start the Jetty server on the Client Configuration page.\n");
                     }
                 } else if (ok) {
                     //msgs.append("Unable to restart Jetty server\n");
-                    msgs.append("You must start the Jetty server on <a target=\"_top\" href=\"/configclients\">the configure clients page</a>.\n");
+                    msgs.append("You must start the Jetty server on the Client Configuration page.\n");
                 }
 
                 // rewrite i2ptunnel.config
@@ -483,6 +484,8 @@ input.default { width: 1px; height: 1px;
 
 %>
 
+<div class="panel" id="ssl">
+<h2><%=intl._t("SSL Wizard")%> (<%=editBean.getTunnelName(curTunnel)%>)</h2>
 <form method="post" action="ssl" accept-charset="UTF-8">
 <input type="hidden" name="tunnel" value="<%=curTunnel%>" />
 <input type="hidden" name="nonce" value="<%=net.i2p.i2ptunnel.web.IndexBean.getNextNonce()%>" />
@@ -490,7 +493,7 @@ input.default { width: 1px; height: 1px;
 <input type="submit" class="default" name="action" value="Save changes" />
 <table>
 <tr><td colspan="4" class="infohelp"><%=intl._t("Experts only!")%> Beta!</td></tr>
-<tr><td colspan="4"><b><%=intl._t("Tunnel name")%>:</b> <%=editBean.getTunnelName(curTunnel)%></td></tr>
+<!--<tr><td colspan="4"><b><%=intl._t("Tunnel name")%>:</b> <%=editBean.getTunnelName(curTunnel)%></td></tr>-->
 <%
       if (("httpserver".equals(tunnelType)) || ("httpbidirserver".equals(tunnelType))) {
 %>
@@ -516,9 +519,10 @@ input.default { width: 1px; height: 1px;
 <%
     }  // altb32
 %>
-<tr><th colspan="4"><%=intl._t("Incoming I2P Port Routing")%></th></tr>
-<tr><th><%=intl._t("Route From I2P Port")%></th><th><%=intl._t("With Virtual Host")%></th><th><%=intl._t("Via SSL?")%></th><th><%=intl._t("To Server Host:Port")%></th></tr>
-<tr><td><a target="_top" href="http://<%=b32%>/"><%=intl._t("Default")%></a></td><td><%=name%></td><td><%=sslToTarget%></td><td><%=targetLink%></td></tr>
+<!--<tr><th colspan="4"><%=intl._t("Incoming I2P Port Routing")%></th></tr>-->
+<tr><th colspan="2"><%=intl._t("Virtual Host")%></th><!--<th><%=intl._t("Via SSL?")%></th>--><th><%=intl._t("Points at")%></th><th><%=intl._t("Preview")%></th></tr>
+<!-- TODO: check if tunnel is running, else display "No preview" text -->
+<tr><td colspan="2">http://<%=name%></td><!--<td><%=sslToTarget%></td>--><td><%=targetLink%></td><td><a class="control" title="<%=intl._t("Test HTTP server through I2P")%>" target="_blank" href="http://<%=b32%>/"><%=intl._t("Preview")%></a></td></tr>
 <%
     // output vhost and targets
     for (Integer port : ports) {
@@ -540,34 +544,37 @@ input.default { width: 1px; height: 1px;
             if (shouldLinkify) {
                 String url = "://" + tgt + "\">" + tgt + "</a>";
                 if (ssl)
-                    tgt = "<a target=\"_top\" href=\"https" + url;
+                    tgt = "<a target=\"_blank\" href=\"https" + url;
                 else
-                    tgt = "<a target=\"_top\" href=\"http" + url;
+                    tgt = "<a target=\"_blank\" href=\"http" + url;
             }
         } else {
             tgt = targetLink;
         }
         String portTgt = sslPort ? "https" : "http";
 %>
-<tr><td><a target="_top" href="<%=portTgt%>://<%=b32%>:<%=port%>/"><%=port%></a></td><td><%=spoof%></td><td><%=ssl%></td><td><%=tgt%></td></tr>
+<!--<tr><td><a target="_blank" href="<%=portTgt%>://<%=b32%>:<%=port%>/"><%=port%></a></td><td><%=spoof%></td><td><%=ssl%></td><td><%=tgt%></td></tr>-->
+<!--TODO: logic to determine if destination is available-->
+<tr><td colspan="2">https://<%=spoof%></td><!--<td><%=ssl%></td>--><td><%=tgt%></td><td>
+<a class="control" title="<%=intl._t("Test HTTPS server through I2P")%>" target="_blank" href="<%=portTgt%>://<%=b32%>:<%=port%>/"><%=intl._t("Preview")%></a></td></tr>
 <%
     }
 %>
 <%--
 <tr><th colspan="4"><%=intl._t("Add Port Routing")%></th></tr>
 <tr><td>
-    <input type="text" size="6" maxlength="5" id="i2pPort" name="i2pPort" title="<%=intl._t("Specify the port the server is running on")%>" value="" class="freetext port" placeholder="required" />
+    <input type="text" size="6" maxlength="5" id="i2pPort" name="i2pPort" title="<%=intl._t("Specify the port the server is running on")%>" value="" class="freetext port" placeholder="<%=intl._t("required")%>" />
 </td><td>
     <input type="text" size="20" id="websiteName" name="spoofedHost" title="<%=intl._t("Website Hostname e.g. mysite.i2p")%>" value="<%=name%>" class="freetext" />
 </td><td>
     <input value="1" type="checkbox" name="useSSL" class="tickbox" />
 </td><td>
     <input type="text" size="20" name="targetHost" title="<%=intl._t("Hostname or IP address of the target server")%>" value="<%=targetHost%>" class="freetext host" /> :
-    <input type="text" size="6" maxlength="5" id="targetPort" name="targetPort" title="<%=intl._t("Specify the port the server is running on")%>" value="" class="freetext port" placeholder="required" />
+    <input type="text" size="6" maxlength="5" id="targetPort" name="targetPort" title="<%=intl._t("Specify the port the server is running on")%>" value="" class="freetext port" placeholder="<%=intl._t("required")%>" />
 </td></tr>
 --%>
-<tr><th colspan="4"><%=intl._t("Jetty Server")%></th></tr>
-<tr><th><%=intl._t("Server")%></th><th><%=intl._t("Configuration Files")%></th><th><%=intl._t("Enabled?")%></th><th><%=intl._t("SSL Enabled?")%></th></tr>
+<!--<tr><th colspan="4"><%=intl._t("Jetty Server")%></th></tr>-->
+<tr><th><%=intl._t("Server")%></th><th colspan="2"><%=intl._t("Configuration")%></th><!--<th><%=intl._t("Enabled?")%></th>--><th><%=intl._t("SSL Activation")%></th></tr>
 <%
     // Now try to find the Jetty server in clients.config
     File configDir = ctx.getConfigDir();
@@ -703,30 +710,30 @@ input.default { width: 1px; height: 1px;
             // now start the output for this client
 
 %>
-<tr><td><%=DataHelper.escapeHTML(clName)%></td><td>
+<tr><td><%=DataHelper.escapeHTML(clName)%></td><td colspan="2">
 <%
             for (String arg : argList) {
                 %><%=DataHelper.escapeHTML(arg)%><br /><%
             }
 %>
-    </td><td><%=start%></td><td><%=ssl%></td></tr>
+   <!--</td><td><%=start%></td><td><%=ssl%></td></tr>-->
 <%
             if (!jettySSLFileExists) {
 %>
-<tr><td colspan="4">Cannot configure, Jetty SSL configuration file does not exist: <%=jettySSLFile.toString()%></td></tr>
+</td></tr><tr><td colspan="4">Cannot configure, Jetty SSL configuration file does not exist: <%=jettySSLFile.toString()%></td></tr>
 <%
             } else if (!jettySSLFileValid) {
 %>
-<tr><td colspan="4">Cannot configure, Jetty SSL configuration file is too old or invalid: <%=jettySSLFile.toString()%></td></tr>
+</td></tr><tr><td colspan="4">Cannot configure, Jetty SSL configuration file is too old or invalid: <%=jettySSLFile.toString()%></td></tr>
 <%
                 if (error.length() > 0) {
 %>
-<tr><td colspan="4"><%=error%></td></tr>
+</td></tr><tr><td colspan="4"><%=error%></td></tr>
 <%
                 }
             } else {
 %>
-<tr><td colspan="4">
+<!--<tr style="display: none;"><td colspan="4">-->
 <input type="hidden" name="clientAppNumber" value="<%=i%>" />
 <input type="hidden" name="isSSLEnabled" value="<%=isEnabled%>" />
 <input type="hidden" name="nofilter_ksPath" value="<%=ksPath%>" />
@@ -742,23 +749,23 @@ input.default { width: 1px; height: 1px;
 <%
                 }
 %>
-</td></tr>
-<tr><td class="buttons" colspan="4">
+<!--</td></tr>-->
+<!--<tr><td class="buttons" colspan="4">-->
 <%
                 if (isEnabled && !isPWDefault) {
 %>
-<b><%=intl._t("SSL is enabled")%></b>
-<button id="controlSave" class="control" type="submit" name="action" value="Disable"><%=intl._t("Disable SSL")%></button>
+<!--<b><%=intl._t("SSL is enabled")%></b>-->
+</td><td><button id="controlSave" class="control" type="submit" name="action" value="Disable"><%=intl._t("Disable SSL")%></button></td></tr>
 <%
                 } else if (!isPWDefault) {
 %>
-<b><%=intl._t("SSL is disabled")%></b>
-<button id="controlSave" class="control" type="submit" name="action" value="Enable"><%=intl._t("Enable SSL")%></button>
+<!--<b><%=intl._t("SSL is disabled")%></b>-->
+</td><td><button id="controlSave" class="control" type="submit" name="action" value="Enable"><%=intl._t("Enable SSL")%></button></td></tr>
 <%
                 } else {
 %>
-<b><%=intl._t("New Certificate Password")%>:</b>
-<input type="password" name="nofilter_keyPassword" title="<%=intl._t("Set password required to access this service")%>" value="" class="freetext password" />
+</td><td><i><%=intl._t("Certificate required")%></i></td></tr><tr><td class="buttons" colspan="4"><b><%=intl._t("New Certificate Password")%>:</b>
+<input type="password" name="nofilter_keyPassword" title="<%=intl._t("Password (required to encrypt the certificate)")%>" value="" class="freetext password" required x-moz-errormessage="<%=intl._t("You must provide a password to encrypt the SSL certificate")%>" placeholder="<%=intl._t("required")%>" />
 <%
                     if (isEnabled) {
 %>

comment:4 Changed 16 months ago by zzz

Resolution: fixed
Status: acceptedclosed

Form pretty much cleaned up. Entered #2244 to add support later for non-Jetty servers.
SSL cannot be enabled by default as the hostname must be configured first.

Note: See TracTickets for help on using tickets.