Opened 3 years ago
Closed 2 years ago
#2159 closed enhancement (fixed)
HTTPS Eepsite enabled by default
| Reported by: | zzz | Owned by: | zzz |
|---|---|---|---|
| Priority: | minor | Milestone: | 0.9.35 |
| Component: | apps/jetty | Version: | 0.9.33 |
| Keywords: | security, standards, defaults | Cc: | |
| Parent Tickets: | Sensitive: | no |
Description
Browsers are going to start complaining soon.
Automate everything in http://zzz.i2p/topics/1867
Subtickets
Change History (4)
comment:1 Changed 3 years ago by
| Keywords: | security standards defaults added |
|---|---|
| Status: | new → open |
comment:2 Changed 2 years ago by
| Milestone: | undecided → 0.9.35 |
|---|---|
| Owner: | set to zzz |
| Status: | open → accepted |
comment:3 Changed 2 years ago by
The user interface is over-complicated and broken. Fixes below:
#
# old_revision [b2f50cea78d884ae2e0121e829d56f3ebe0c1ffa]
#
# patch "apps/i2ptunnel/jsp/ssl.jsp"
# from [e1aa40716c3d4e7160fb8401bfbed9a652508014]
# to [709c76d5e37166f23df040dc7b416d545dd9da76]
#
============================================================
--- apps/i2ptunnel/jsp/ssl.jsp e1aa40716c3d4e7160fb8401bfbed9a652508014
+++ apps/i2ptunnel/jsp/ssl.jsp 709c76d5e37166f23df040dc7b416d545dd9da76
@@ -32,12 +32,12 @@
%>
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
- <title><%=intl._t("Hidden Services Manager")%> - <%=intl._t("SSL Helper")%></title>
+ <title><%=intl._t("Tunnel Manager")%> - <%=intl._t("SSL Helper")%></title>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<link href="/themes/console/images/favicon.ico" type="image/x-icon" rel="shortcut icon" />
<% if (editBean.allowCSS()) {
%><link rel="icon" href="<%=editBean.getTheme()%>images/favicon.ico" />
- <link href="<%=editBean.getTheme()%>i2ptunnel.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css" />
+ <link href="<%=editBean.getTheme()%>i2ptunnel.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css" />
<% }
%>
<style type='text/css'>
@@ -51,20 +51,20 @@ input.default { width: 1px; height: 1px;
if (!ctx.isRouterContext()) {
%>Unsupported in app context<%
} else if (curTunnel < 0) {
- %>Tunnel not found<%
+ %>Tunnel not found<%
} else if (editBean.isClient(curTunnel)) {
%>Not supported for client tunnels<%
} else if (editBean.isInitialized()) {
%>
-<div class="panel" id="ssl">
<%
String tunnelTypeName;
String tunnelType;
boolean valid = false;
tunnelTypeName = editBean.getTunnelType(curTunnel);
tunnelType = editBean.getInternalType(curTunnel);
-%><h2><%=intl._t("SSL Wizard")%> (<%=editBean.getTunnelName(curTunnel)%>)</h2><%
+%>
+<%
// set a bunch of variables for the current configuration
String b64 = editBean.getDestinationBase64(curTunnel);
@@ -178,7 +178,7 @@ input.default { width: 1px; height: 1px;
boolean ok = true;
if (action.equals("Generate")) {
- // generate selfsigned cert
+ // generate self-signed cert
java.util.Set<String> altNames = new java.util.HashSet<String>(4);
altNames.add(b32);
altNames.add(name);
@@ -204,7 +204,7 @@ input.default { width: 1px; height: 1px;
int sz = haveEC ? 256 : 2048;
Object[] rv = net.i2p.crypto.KeyStoreUtil.createKeysAndCRL(ks, kspw, "eepsite", name, altNames, b32,
3652, alg, sz, newpw);
- msgs.append("Created selfsigned cert\n");
+ msgs.append("Created self-signed certificate\n");
// save cert
java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) rv[2];
File f = new net.i2p.util.SecureFile(ctx.getConfigDir(), "certificates");
@@ -220,16 +220,16 @@ input.default { width: 1px; height: 1px;
}
ok = net.i2p.crypto.CertUtil.saveCert(cert, f);
if (ok)
- msgs.append("selfsigned cert stored\n");
+ msgs.append("Self-signed certificate stored\n");
else
- msgs.append("selfsigned cert store failed\n");
+ msgs.append("Self-signed certificate store failed\n");
} catch (IOException ioe) {
ioe.printStackTrace();
- msgs.append("selfsigned cert store failed ").append(DataHelper.escapeHTML(ioe.toString())).append('\n');
+ msgs.append("Self-signed certificate store failed ").append(DataHelper.escapeHTML(ioe.toString())).append('\n');
ok = false;
} catch (java.security.GeneralSecurityException gse) {
gse.printStackTrace();
- msgs.append("selfsigned cert store failed ").append(DataHelper.escapeHTML(gse.toString())).append('\n');
+ msgs.append("Self-signed certificate store failed ").append(DataHelper.escapeHTML(gse.toString())).append('\n');
ok = false;
}
@@ -270,7 +270,7 @@ input.default { width: 1px; height: 1px;
}
} catch (org.xml.sax.SAXException saxe) {
saxe.printStackTrace();
- msgs.append("Jetty config parse failed ").append(DataHelper.escapeHTML(saxe.toString())).append('\n');
+ msgs.append("Jetty configuration parse failed ").append(DataHelper.escapeHTML(saxe.toString())).append('\n');
ok = false;
}
}
@@ -370,11 +370,12 @@ input.default { width: 1px; height: 1px;
}
} else {
//msgs.append("Unable to restart Jetty server\n");
- msgs.append("You must start the Jetty server on <a target=\"_top\" href=\"/configclients\">the configure clients page</a>.\n");
+ // no embedded urls here!
+ msgs.append("You must start the Jetty server on the Client Configuration page.\n");
}
} else if (ok) {
//msgs.append("Unable to restart Jetty server\n");
- msgs.append("You must start the Jetty server on <a target=\"_top\" href=\"/configclients\">the configure clients page</a>.\n");
+ msgs.append("You must start the Jetty server on the Client Configuration page.\n");
}
// rewrite i2ptunnel.config
@@ -483,6 +484,8 @@ input.default { width: 1px; height: 1px;
%>
+<div class="panel" id="ssl">
+<h2><%=intl._t("SSL Wizard")%> (<%=editBean.getTunnelName(curTunnel)%>)</h2>
<form method="post" action="ssl" accept-charset="UTF-8">
<input type="hidden" name="tunnel" value="<%=curTunnel%>" />
<input type="hidden" name="nonce" value="<%=net.i2p.i2ptunnel.web.IndexBean.getNextNonce()%>" />
@@ -490,7 +493,7 @@ input.default { width: 1px; height: 1px;
<input type="submit" class="default" name="action" value="Save changes" />
<table>
<tr><td colspan="4" class="infohelp"><%=intl._t("Experts only!")%> Beta!</td></tr>
-<tr><td colspan="4"><b><%=intl._t("Tunnel name")%>:</b> <%=editBean.getTunnelName(curTunnel)%></td></tr>
+<!--<tr><td colspan="4"><b><%=intl._t("Tunnel name")%>:</b> <%=editBean.getTunnelName(curTunnel)%></td></tr>-->
<%
if (("httpserver".equals(tunnelType)) || ("httpbidirserver".equals(tunnelType))) {
%>
@@ -516,9 +519,10 @@ input.default { width: 1px; height: 1px;
<%
} // altb32
%>
-<tr><th colspan="4"><%=intl._t("Incoming I2P Port Routing")%></th></tr>
-<tr><th><%=intl._t("Route From I2P Port")%></th><th><%=intl._t("With Virtual Host")%></th><th><%=intl._t("Via SSL?")%></th><th><%=intl._t("To Server Host:Port")%></th></tr>
-<tr><td><a target="_top" href="http://<%=b32%>/"><%=intl._t("Default")%></a></td><td><%=name%></td><td><%=sslToTarget%></td><td><%=targetLink%></td></tr>
+<!--<tr><th colspan="4"><%=intl._t("Incoming I2P Port Routing")%></th></tr>-->
+<tr><th colspan="2"><%=intl._t("Virtual Host")%></th><!--<th><%=intl._t("Via SSL?")%></th>--><th><%=intl._t("Points at")%></th><th><%=intl._t("Preview")%></th></tr>
+<!-- TODO: check if tunnel is running, else display "No preview" text -->
+<tr><td colspan="2">http://<%=name%></td><!--<td><%=sslToTarget%></td>--><td><%=targetLink%></td><td><a class="control" title="<%=intl._t("Test HTTP server through I2P")%>" target="_blank" href="http://<%=b32%>/"><%=intl._t("Preview")%></a></td></tr>
<%
// output vhost and targets
for (Integer port : ports) {
@@ -540,34 +544,37 @@ input.default { width: 1px; height: 1px;
if (shouldLinkify) {
String url = "://" + tgt + "\">" + tgt + "</a>";
if (ssl)
- tgt = "<a target=\"_top\" href=\"https" + url;
+ tgt = "<a target=\"_blank\" href=\"https" + url;
else
- tgt = "<a target=\"_top\" href=\"http" + url;
+ tgt = "<a target=\"_blank\" href=\"http" + url;
}
} else {
tgt = targetLink;
}
String portTgt = sslPort ? "https" : "http";
%>
-<tr><td><a target="_top" href="<%=portTgt%>://<%=b32%>:<%=port%>/"><%=port%></a></td><td><%=spoof%></td><td><%=ssl%></td><td><%=tgt%></td></tr>
+<!--<tr><td><a target="_blank" href="<%=portTgt%>://<%=b32%>:<%=port%>/"><%=port%></a></td><td><%=spoof%></td><td><%=ssl%></td><td><%=tgt%></td></tr>-->
+<!--TODO: logic to determine if destination is available-->
+<tr><td colspan="2">https://<%=spoof%></td><!--<td><%=ssl%></td>--><td><%=tgt%></td><td>
+<a class="control" title="<%=intl._t("Test HTTPS server through I2P")%>" target="_blank" href="<%=portTgt%>://<%=b32%>:<%=port%>/"><%=intl._t("Preview")%></a></td></tr>
<%
}
%>
<%--
<tr><th colspan="4"><%=intl._t("Add Port Routing")%></th></tr>
<tr><td>
- <input type="text" size="6" maxlength="5" id="i2pPort" name="i2pPort" title="<%=intl._t("Specify the port the server is running on")%>" value="" class="freetext port" placeholder="required" />
+ <input type="text" size="6" maxlength="5" id="i2pPort" name="i2pPort" title="<%=intl._t("Specify the port the server is running on")%>" value="" class="freetext port" placeholder="<%=intl._t("required")%>" />
</td><td>
<input type="text" size="20" id="websiteName" name="spoofedHost" title="<%=intl._t("Website Hostname e.g. mysite.i2p")%>" value="<%=name%>" class="freetext" />
</td><td>
<input value="1" type="checkbox" name="useSSL" class="tickbox" />
</td><td>
<input type="text" size="20" name="targetHost" title="<%=intl._t("Hostname or IP address of the target server")%>" value="<%=targetHost%>" class="freetext host" /> :
- <input type="text" size="6" maxlength="5" id="targetPort" name="targetPort" title="<%=intl._t("Specify the port the server is running on")%>" value="" class="freetext port" placeholder="required" />
+ <input type="text" size="6" maxlength="5" id="targetPort" name="targetPort" title="<%=intl._t("Specify the port the server is running on")%>" value="" class="freetext port" placeholder="<%=intl._t("required")%>" />
</td></tr>
--%>
-<tr><th colspan="4"><%=intl._t("Jetty Server")%></th></tr>
-<tr><th><%=intl._t("Server")%></th><th><%=intl._t("Configuration Files")%></th><th><%=intl._t("Enabled?")%></th><th><%=intl._t("SSL Enabled?")%></th></tr>
+<!--<tr><th colspan="4"><%=intl._t("Jetty Server")%></th></tr>-->
+<tr><th><%=intl._t("Server")%></th><th colspan="2"><%=intl._t("Configuration")%></th><!--<th><%=intl._t("Enabled?")%></th>--><th><%=intl._t("SSL Activation")%></th></tr>
<%
// Now try to find the Jetty server in clients.config
File configDir = ctx.getConfigDir();
@@ -703,30 +710,30 @@ input.default { width: 1px; height: 1px;
// now start the output for this client
%>
-<tr><td><%=DataHelper.escapeHTML(clName)%></td><td>
+<tr><td><%=DataHelper.escapeHTML(clName)%></td><td colspan="2">
<%
for (String arg : argList) {
%><%=DataHelper.escapeHTML(arg)%><br /><%
}
%>
- </td><td><%=start%></td><td><%=ssl%></td></tr>
+ <!--</td><td><%=start%></td><td><%=ssl%></td></tr>-->
<%
if (!jettySSLFileExists) {
%>
-<tr><td colspan="4">Cannot configure, Jetty SSL configuration file does not exist: <%=jettySSLFile.toString()%></td></tr>
+</td></tr><tr><td colspan="4">Cannot configure, Jetty SSL configuration file does not exist: <%=jettySSLFile.toString()%></td></tr>
<%
} else if (!jettySSLFileValid) {
%>
-<tr><td colspan="4">Cannot configure, Jetty SSL configuration file is too old or invalid: <%=jettySSLFile.toString()%></td></tr>
+</td></tr><tr><td colspan="4">Cannot configure, Jetty SSL configuration file is too old or invalid: <%=jettySSLFile.toString()%></td></tr>
<%
if (error.length() > 0) {
%>
-<tr><td colspan="4"><%=error%></td></tr>
+</td></tr><tr><td colspan="4"><%=error%></td></tr>
<%
}
} else {
%>
-<tr><td colspan="4">
+<!--<tr style="display: none;"><td colspan="4">-->
<input type="hidden" name="clientAppNumber" value="<%=i%>" />
<input type="hidden" name="isSSLEnabled" value="<%=isEnabled%>" />
<input type="hidden" name="nofilter_ksPath" value="<%=ksPath%>" />
@@ -742,23 +749,23 @@ input.default { width: 1px; height: 1px;
<%
}
%>
-</td></tr>
-<tr><td class="buttons" colspan="4">
+<!--</td></tr>-->
+<!--<tr><td class="buttons" colspan="4">-->
<%
if (isEnabled && !isPWDefault) {
%>
-<b><%=intl._t("SSL is enabled")%></b>
-<button id="controlSave" class="control" type="submit" name="action" value="Disable"><%=intl._t("Disable SSL")%></button>
+<!--<b><%=intl._t("SSL is enabled")%></b>-->
+</td><td><button id="controlSave" class="control" type="submit" name="action" value="Disable"><%=intl._t("Disable SSL")%></button></td></tr>
<%
} else if (!isPWDefault) {
%>
-<b><%=intl._t("SSL is disabled")%></b>
-<button id="controlSave" class="control" type="submit" name="action" value="Enable"><%=intl._t("Enable SSL")%></button>
+<!--<b><%=intl._t("SSL is disabled")%></b>-->
+</td><td><button id="controlSave" class="control" type="submit" name="action" value="Enable"><%=intl._t("Enable SSL")%></button></td></tr>
<%
} else {
%>
-<b><%=intl._t("New Certificate Password")%>:</b>
-<input type="password" name="nofilter_keyPassword" title="<%=intl._t("Set password required to access this service")%>" value="" class="freetext password" />
+</td><td><i><%=intl._t("Certificate required")%></i></td></tr><tr><td class="buttons" colspan="4"><b><%=intl._t("New Certificate Password")%>:</b>
+<input type="password" name="nofilter_keyPassword" title="<%=intl._t("Password (required to encrypt the certificate)")%>" value="" class="freetext password" required x-moz-errormessage="<%=intl._t("You must provide a password to encrypt the SSL certificate")%>" placeholder="<%=intl._t("required")%>" />
<%
if (isEnabled) {
%>
comment:4 Changed 2 years ago by
| Resolution: | → fixed |
|---|---|
| Status: | accepted → closed |
Form pretty much cleaned up. Entered #2244 to add support later for non-Jetty servers.
SSL cannot be enabled by default as the hostname must be configured first.
Note: See
TracTickets for help on using
tickets.
In 0.9.34-9. Still not by default and maybe can't be. See post 8 in zzz.i2p thread linked above for details.