Opened 3 years ago
Closed 3 years ago
#2159 closed enhancement (fixed)
HTTPS Eepsite enabled by default
Reported by: | zzz | Owned by: | zzz |
---|---|---|---|
Priority: | minor | Milestone: | 0.9.35 |
Component: | apps/jetty | Version: | 0.9.33 |
Keywords: | security, standards, defaults | Cc: | |
Parent Tickets: | Sensitive: | no |
Description
Browsers are going to start complaining soon.
Automate everything in http://zzz.i2p/topics/1867
Subtickets
Change History (4)
comment:1 Changed 3 years ago by
Keywords: | security standards defaults added |
---|---|
Status: | new → open |
comment:2 Changed 3 years ago by
Milestone: | undecided → 0.9.35 |
---|---|
Owner: | set to zzz |
Status: | open → accepted |
comment:3 Changed 3 years ago by
The user interface is over-complicated and broken. Fixes below:
# # old_revision [b2f50cea78d884ae2e0121e829d56f3ebe0c1ffa] # # patch "apps/i2ptunnel/jsp/ssl.jsp" # from [e1aa40716c3d4e7160fb8401bfbed9a652508014] # to [709c76d5e37166f23df040dc7b416d545dd9da76] # ============================================================ --- apps/i2ptunnel/jsp/ssl.jsp e1aa40716c3d4e7160fb8401bfbed9a652508014 +++ apps/i2ptunnel/jsp/ssl.jsp 709c76d5e37166f23df040dc7b416d545dd9da76 @@ -32,12 +32,12 @@ %> <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en"> <head> - <title><%=intl._t("Hidden Services Manager")%> - <%=intl._t("SSL Helper")%></title> + <title><%=intl._t("Tunnel Manager")%> - <%=intl._t("SSL Helper")%></title> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /> <link href="/themes/console/images/favicon.ico" type="image/x-icon" rel="shortcut icon" /> <% if (editBean.allowCSS()) { %><link rel="icon" href="<%=editBean.getTheme()%>images/favicon.ico" /> - <link href="<%=editBean.getTheme()%>i2ptunnel.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css" /> + <link href="<%=editBean.getTheme()%>i2ptunnel.css?<%=net.i2p.CoreVersion.VERSION%>" rel="stylesheet" type="text/css" /> <% } %> <style type='text/css'> @@ -51,20 +51,20 @@ input.default { width: 1px; height: 1px; if (!ctx.isRouterContext()) { %>Unsupported in app context<% } else if (curTunnel < 0) { - %>Tunnel not found<% + %>Tunnel not found<% } else if (editBean.isClient(curTunnel)) { %>Not supported for client tunnels<% } else if (editBean.isInitialized()) { %> -<div class="panel" id="ssl"> <% String tunnelTypeName; String tunnelType; boolean valid = false; tunnelTypeName = editBean.getTunnelType(curTunnel); tunnelType = editBean.getInternalType(curTunnel); -%><h2><%=intl._t("SSL Wizard")%> (<%=editBean.getTunnelName(curTunnel)%>)</h2><% +%> +<% // set a bunch of variables for the current configuration String b64 = editBean.getDestinationBase64(curTunnel); @@ -178,7 +178,7 @@ input.default { width: 1px; height: 1px; boolean ok = true; if (action.equals("Generate")) { - // generate selfsigned cert + // generate self-signed cert java.util.Set<String> altNames = new java.util.HashSet<String>(4); altNames.add(b32); altNames.add(name); @@ -204,7 +204,7 @@ input.default { width: 1px; height: 1px; int sz = haveEC ? 256 : 2048; Object[] rv = net.i2p.crypto.KeyStoreUtil.createKeysAndCRL(ks, kspw, "eepsite", name, altNames, b32, 3652, alg, sz, newpw); - msgs.append("Created selfsigned cert\n"); + msgs.append("Created self-signed certificate\n"); // save cert java.security.cert.X509Certificate cert = (java.security.cert.X509Certificate) rv[2]; File f = new net.i2p.util.SecureFile(ctx.getConfigDir(), "certificates"); @@ -220,16 +220,16 @@ input.default { width: 1px; height: 1px; } ok = net.i2p.crypto.CertUtil.saveCert(cert, f); if (ok) - msgs.append("selfsigned cert stored\n"); + msgs.append("Self-signed certificate stored\n"); else - msgs.append("selfsigned cert store failed\n"); + msgs.append("Self-signed certificate store failed\n"); } catch (IOException ioe) { ioe.printStackTrace(); - msgs.append("selfsigned cert store failed ").append(DataHelper.escapeHTML(ioe.toString())).append('\n'); + msgs.append("Self-signed certificate store failed ").append(DataHelper.escapeHTML(ioe.toString())).append('\n'); ok = false; } catch (java.security.GeneralSecurityException gse) { gse.printStackTrace(); - msgs.append("selfsigned cert store failed ").append(DataHelper.escapeHTML(gse.toString())).append('\n'); + msgs.append("Self-signed certificate store failed ").append(DataHelper.escapeHTML(gse.toString())).append('\n'); ok = false; } @@ -270,7 +270,7 @@ input.default { width: 1px; height: 1px; } } catch (org.xml.sax.SAXException saxe) { saxe.printStackTrace(); - msgs.append("Jetty config parse failed ").append(DataHelper.escapeHTML(saxe.toString())).append('\n'); + msgs.append("Jetty configuration parse failed ").append(DataHelper.escapeHTML(saxe.toString())).append('\n'); ok = false; } } @@ -370,11 +370,12 @@ input.default { width: 1px; height: 1px; } } else { //msgs.append("Unable to restart Jetty server\n"); - msgs.append("You must start the Jetty server on <a target=\"_top\" href=\"/configclients\">the configure clients page</a>.\n"); + // no embedded urls here! + msgs.append("You must start the Jetty server on the Client Configuration page.\n"); } } else if (ok) { //msgs.append("Unable to restart Jetty server\n"); - msgs.append("You must start the Jetty server on <a target=\"_top\" href=\"/configclients\">the configure clients page</a>.\n"); + msgs.append("You must start the Jetty server on the Client Configuration page.\n"); } // rewrite i2ptunnel.config @@ -483,6 +484,8 @@ input.default { width: 1px; height: 1px; %> +<div class="panel" id="ssl"> +<h2><%=intl._t("SSL Wizard")%> (<%=editBean.getTunnelName(curTunnel)%>)</h2> <form method="post" action="ssl" accept-charset="UTF-8"> <input type="hidden" name="tunnel" value="<%=curTunnel%>" /> <input type="hidden" name="nonce" value="<%=net.i2p.i2ptunnel.web.IndexBean.getNextNonce()%>" /> @@ -490,7 +493,7 @@ input.default { width: 1px; height: 1px; <input type="submit" class="default" name="action" value="Save changes" /> <table> <tr><td colspan="4" class="infohelp"><%=intl._t("Experts only!")%> Beta!</td></tr> -<tr><td colspan="4"><b><%=intl._t("Tunnel name")%>:</b> <%=editBean.getTunnelName(curTunnel)%></td></tr> +<!--<tr><td colspan="4"><b><%=intl._t("Tunnel name")%>:</b> <%=editBean.getTunnelName(curTunnel)%></td></tr>--> <% if (("httpserver".equals(tunnelType)) || ("httpbidirserver".equals(tunnelType))) { %> @@ -516,9 +519,10 @@ input.default { width: 1px; height: 1px; <% } // altb32 %> -<tr><th colspan="4"><%=intl._t("Incoming I2P Port Routing")%></th></tr> -<tr><th><%=intl._t("Route From I2P Port")%></th><th><%=intl._t("With Virtual Host")%></th><th><%=intl._t("Via SSL?")%></th><th><%=intl._t("To Server Host:Port")%></th></tr> -<tr><td><a target="_top" href="http://<%=b32%>/"><%=intl._t("Default")%></a></td><td><%=name%></td><td><%=sslToTarget%></td><td><%=targetLink%></td></tr> +<!--<tr><th colspan="4"><%=intl._t("Incoming I2P Port Routing")%></th></tr>--> +<tr><th colspan="2"><%=intl._t("Virtual Host")%></th><!--<th><%=intl._t("Via SSL?")%></th>--><th><%=intl._t("Points at")%></th><th><%=intl._t("Preview")%></th></tr> +<!-- TODO: check if tunnel is running, else display "No preview" text --> +<tr><td colspan="2">http://<%=name%></td><!--<td><%=sslToTarget%></td>--><td><%=targetLink%></td><td><a class="control" title="<%=intl._t("Test HTTP server through I2P")%>" target="_blank" href="http://<%=b32%>/"><%=intl._t("Preview")%></a></td></tr> <% // output vhost and targets for (Integer port : ports) { @@ -540,34 +544,37 @@ input.default { width: 1px; height: 1px; if (shouldLinkify) { String url = "://" + tgt + "\">" + tgt + "</a>"; if (ssl) - tgt = "<a target=\"_top\" href=\"https" + url; + tgt = "<a target=\"_blank\" href=\"https" + url; else - tgt = "<a target=\"_top\" href=\"http" + url; + tgt = "<a target=\"_blank\" href=\"http" + url; } } else { tgt = targetLink; } String portTgt = sslPort ? "https" : "http"; %> -<tr><td><a target="_top" href="<%=portTgt%>://<%=b32%>:<%=port%>/"><%=port%></a></td><td><%=spoof%></td><td><%=ssl%></td><td><%=tgt%></td></tr> +<!--<tr><td><a target="_blank" href="<%=portTgt%>://<%=b32%>:<%=port%>/"><%=port%></a></td><td><%=spoof%></td><td><%=ssl%></td><td><%=tgt%></td></tr>--> +<!--TODO: logic to determine if destination is available--> +<tr><td colspan="2">https://<%=spoof%></td><!--<td><%=ssl%></td>--><td><%=tgt%></td><td> +<a class="control" title="<%=intl._t("Test HTTPS server through I2P")%>" target="_blank" href="<%=portTgt%>://<%=b32%>:<%=port%>/"><%=intl._t("Preview")%></a></td></tr> <% } %> <%-- <tr><th colspan="4"><%=intl._t("Add Port Routing")%></th></tr> <tr><td> - <input type="text" size="6" maxlength="5" id="i2pPort" name="i2pPort" title="<%=intl._t("Specify the port the server is running on")%>" value="" class="freetext port" placeholder="required" /> + <input type="text" size="6" maxlength="5" id="i2pPort" name="i2pPort" title="<%=intl._t("Specify the port the server is running on")%>" value="" class="freetext port" placeholder="<%=intl._t("required")%>" /> </td><td> <input type="text" size="20" id="websiteName" name="spoofedHost" title="<%=intl._t("Website Hostname e.g. mysite.i2p")%>" value="<%=name%>" class="freetext" /> </td><td> <input value="1" type="checkbox" name="useSSL" class="tickbox" /> </td><td> <input type="text" size="20" name="targetHost" title="<%=intl._t("Hostname or IP address of the target server")%>" value="<%=targetHost%>" class="freetext host" /> : - <input type="text" size="6" maxlength="5" id="targetPort" name="targetPort" title="<%=intl._t("Specify the port the server is running on")%>" value="" class="freetext port" placeholder="required" /> + <input type="text" size="6" maxlength="5" id="targetPort" name="targetPort" title="<%=intl._t("Specify the port the server is running on")%>" value="" class="freetext port" placeholder="<%=intl._t("required")%>" /> </td></tr> --%> -<tr><th colspan="4"><%=intl._t("Jetty Server")%></th></tr> -<tr><th><%=intl._t("Server")%></th><th><%=intl._t("Configuration Files")%></th><th><%=intl._t("Enabled?")%></th><th><%=intl._t("SSL Enabled?")%></th></tr> +<!--<tr><th colspan="4"><%=intl._t("Jetty Server")%></th></tr>--> +<tr><th><%=intl._t("Server")%></th><th colspan="2"><%=intl._t("Configuration")%></th><!--<th><%=intl._t("Enabled?")%></th>--><th><%=intl._t("SSL Activation")%></th></tr> <% // Now try to find the Jetty server in clients.config File configDir = ctx.getConfigDir(); @@ -703,30 +710,30 @@ input.default { width: 1px; height: 1px; // now start the output for this client %> -<tr><td><%=DataHelper.escapeHTML(clName)%></td><td> +<tr><td><%=DataHelper.escapeHTML(clName)%></td><td colspan="2"> <% for (String arg : argList) { %><%=DataHelper.escapeHTML(arg)%><br /><% } %> - </td><td><%=start%></td><td><%=ssl%></td></tr> + <!--</td><td><%=start%></td><td><%=ssl%></td></tr>--> <% if (!jettySSLFileExists) { %> -<tr><td colspan="4">Cannot configure, Jetty SSL configuration file does not exist: <%=jettySSLFile.toString()%></td></tr> +</td></tr><tr><td colspan="4">Cannot configure, Jetty SSL configuration file does not exist: <%=jettySSLFile.toString()%></td></tr> <% } else if (!jettySSLFileValid) { %> -<tr><td colspan="4">Cannot configure, Jetty SSL configuration file is too old or invalid: <%=jettySSLFile.toString()%></td></tr> +</td></tr><tr><td colspan="4">Cannot configure, Jetty SSL configuration file is too old or invalid: <%=jettySSLFile.toString()%></td></tr> <% if (error.length() > 0) { %> -<tr><td colspan="4"><%=error%></td></tr> +</td></tr><tr><td colspan="4"><%=error%></td></tr> <% } } else { %> -<tr><td colspan="4"> +<!--<tr style="display: none;"><td colspan="4">--> <input type="hidden" name="clientAppNumber" value="<%=i%>" /> <input type="hidden" name="isSSLEnabled" value="<%=isEnabled%>" /> <input type="hidden" name="nofilter_ksPath" value="<%=ksPath%>" /> @@ -742,23 +749,23 @@ input.default { width: 1px; height: 1px; <% } %> -</td></tr> -<tr><td class="buttons" colspan="4"> +<!--</td></tr>--> +<!--<tr><td class="buttons" colspan="4">--> <% if (isEnabled && !isPWDefault) { %> -<b><%=intl._t("SSL is enabled")%></b> -<button id="controlSave" class="control" type="submit" name="action" value="Disable"><%=intl._t("Disable SSL")%></button> +<!--<b><%=intl._t("SSL is enabled")%></b>--> +</td><td><button id="controlSave" class="control" type="submit" name="action" value="Disable"><%=intl._t("Disable SSL")%></button></td></tr> <% } else if (!isPWDefault) { %> -<b><%=intl._t("SSL is disabled")%></b> -<button id="controlSave" class="control" type="submit" name="action" value="Enable"><%=intl._t("Enable SSL")%></button> +<!--<b><%=intl._t("SSL is disabled")%></b>--> +</td><td><button id="controlSave" class="control" type="submit" name="action" value="Enable"><%=intl._t("Enable SSL")%></button></td></tr> <% } else { %> -<b><%=intl._t("New Certificate Password")%>:</b> -<input type="password" name="nofilter_keyPassword" title="<%=intl._t("Set password required to access this service")%>" value="" class="freetext password" /> +</td><td><i><%=intl._t("Certificate required")%></i></td></tr><tr><td class="buttons" colspan="4"><b><%=intl._t("New Certificate Password")%>:</b> +<input type="password" name="nofilter_keyPassword" title="<%=intl._t("Password (required to encrypt the certificate)")%>" value="" class="freetext password" required x-moz-errormessage="<%=intl._t("You must provide a password to encrypt the SSL certificate")%>" placeholder="<%=intl._t("required")%>" /> <% if (isEnabled) { %>
comment:4 Changed 3 years ago by
Resolution: | → fixed |
---|---|
Status: | accepted → closed |
Form pretty much cleaned up. Entered #2244 to add support later for non-Jetty servers.
SSL cannot be enabled by default as the hostname must be configured first.
Note: See
TracTickets for help on using
tickets.
In 0.9.34-9. Still not by default and maybe can't be. See post 8 in zzz.i2p thread linked above for details.