From 4baa0d4a979c69313ed41033b5244bc63d4871b6 Mon Sep 17 00:00:00 2001 From: orbiter Date: Fri, 10 May 2013 12:02:31 +0200 Subject: [PATCH] Added a default keystore for ssl encryption of the YaCy web interface. This will enable https-access to YaCy, but this feature is disabled by default using the new server.https=false attribute. This has two purposes: - make it easier for everyone to use https (just set server.https=true) - provide the basis for secure yacy-to-yacy communication in the future --- defaults/freeworldKeystore | Bin 0 -> 1373 bytes defaults/yacy.init | 9 +++++++-- htroot/Status.java | 2 +- source/net/yacy/server/serverCore.java | 26 +++++++++++++++---------- 4 files changed, 24 insertions(+), 13 deletions(-) create mode 100644 defaults/freeworldKeystore diff --git a/defaults/freeworldKeystore b/defaults/freeworldKeystore new file mode 100644 index 0000000000000000000000000000000000000000..c0f8470d4a36b17b26a2fdf805331188479c47d2 GIT binary patch literal 1373 zcmezO_TO6u1_mY|W&~rl+{)zCq7oq2uJyjw~^7Va*x-pq?ZqEm-3wWdS`0Tn@L8=3%9w~O{kv} zA;)HSe&x2z8%{S^WtA9w9x|sYKYh70xrseL_UhUw*5`TbS0hEA_@C$R?LBm9yM_fz zo3%mK{h8h;BFZ0FXA5esKmYWknEIvo@Z=@uzSeE~)24QD(%d}R*JYgZbv0}_wP&$( zBy5Yi(c!kHrs~2XN87Ix>MRTLZd$uecx$6&sGXn`q+hJveJvzbX;zoR0x{#9$l%E{ zir4wt&AjsX|Nr05KJ49bz3|cb2yuzjJq%5a57&4{{+;-x`0BIz_}o2Ba=yEK$kv^=|J%g3sc#k(-&=BZ*~OprX=^na9zRg+7It04@H0a0 z4)@Qzn~87cycdqJoMGseyEJq4)E!}+Wn62Q6fFpxoOv};Fu-he&!f3pEZmRZS-Yvv zbmOVs6&v5L`aX+ERM0$sk}$`vh!!)!^t`eu`iH}7qIzHNwYO05J~8{{EX$>m+Iybv zh)OAbez{UepzB>Fvl62W|NRd#QYz;9FV|lQxSw0S_O)57jOqS2+MlvSEc82BO;jgr zc(&vjHG+9LmBb%pRJTotIyp z2NU7I5Mf7%2paH%ba4rDL?${{>gA=D7z!B(fP}b(In#<#Q_J&obn3@ia9RB8U55DxY59>|JtcMY)<=?&=kZeSY#cXLl3?@_yg3P4$|z`jYjMGpAiL{o*oz z`I5kNm3yyznNA#AS!t+we5IB9Z_ne0o*j@CTJpe;p}*p)rC5zv5r^yZ-1VA%vj+CZVOZZGQ%#9x0tu@bPVrFDuM0Or9(wKqniYYr%`|X9X%I)7m3*#0% zSGly|+_udkGn+F+{+G?_@{;E1{U$QwLFuX9**BVwu6^dTUGDkQ7-61@xJ2!3E_Rb& ze%k+}>*&mhWj~kn8H(@!u;;45eg3=)fy}4PR1>_Wv!n>vKHo59OaFNeH)DpZ;+MYv p4&*OC*)lic`r~O@*21+WQ@caXy|DKD)g^HA_&4T)1uPrN*a2CgH3|R# literal 0 HcmV?d00001 diff --git a/defaults/yacy.init b/defaults/yacy.init index 3a5c4982a..a4a77f750 100644 --- a/defaults/yacy.init +++ b/defaults/yacy.init @@ -60,11 +60,16 @@ bindPort = # If the property keyStore is not specified, then a new keystore file # DATA/SETTINGS/myPeerKeystore will be created. -keyStore = -keyStorePassword = +keyStore=defaults/freeworldKeystore +keyStorePassword=freeworld pkcs12ImportFile = pkcs12ImportPwd = +# the keyStore is only used, if server.https is set to true +# if server.https=true, then the YaCy web interface is available at +# https://localhost:/ and not at http://localhost:/ +server.https=false + # property that collects the names of all servlets that had been used so far # that is used to track if the user has already done some configuration steps # if the used missed configuration steps that should be done, then a help system diff --git a/htroot/Status.java b/htroot/Status.java index 45c68ff77..a82005b47 100644 --- a/htroot/Status.java +++ b/htroot/Status.java @@ -194,7 +194,7 @@ public class Status prop.put("host", hostIP != null ? hostIP.getHostAddress() : "Unkown IP"); // ssl support - prop.put("sslSupport", sb.getConfig("keyStore", "").isEmpty() ? "0" : "1"); + prop.put("sslSupport", sb.getConfig("keyStore", "").isEmpty() || !sb.getConfigBool("server.https", false) ? 0 : 1); if ( sb.getConfigBool("remoteProxyUse", false) ) { prop.put("remoteProxy", "1"); diff --git a/source/net/yacy/server/serverCore.java b/source/net/yacy/server/serverCore.java index 0e351d122..c0a0ee0a0 100644 --- a/source/net/yacy/server/serverCore.java +++ b/source/net/yacy/server/serverCore.java @@ -207,7 +207,7 @@ public final class serverCore extends AbstractBusyThread implements BusyThread { } public boolean withSSL() { - return this.sslSocketFactory != null; + return this.sslSocketFactory != null && this.switchboard.getConfigBool("server.https", false); } public synchronized void init() { @@ -367,7 +367,7 @@ public final class serverCore extends AbstractBusyThread implements BusyThread { controlSocket.setSoTimeout(this.timeout); // wrap this socket - if (this.sslSocketFactory != null) { + if (withSSL()) { controlSocket = new serverCoreSocket(controlSocket); // if the current connection is SSL we need to do a handshake @@ -994,10 +994,19 @@ public final class serverCore extends AbstractBusyThread implements BusyThread { String keyStoreFileName = this.switchboard.getConfig("keyStore", "").trim(); // getting the keystore pwd - final String keyStorePwd = this.switchboard.getConfig("keyStorePassword", "").trim(); + String keyStorePwd = this.switchboard.getConfig("keyStorePassword", "").trim(); // take a look if we have something to import final String pkcs12ImportFile = this.switchboard.getConfig("pkcs12ImportFile", "").trim(); + + // if no keyStore and no import is defined, then set the default key + if (keyStoreFileName.isEmpty() && keyStorePwd.isEmpty() && pkcs12ImportFile.isEmpty()) { + keyStoreFileName = "defaults/freeworldKeystore"; + keyStorePwd = "freeworld"; + this.switchboard.setConfig("keyStore", keyStoreFileName); + this.switchboard.setConfig("keyStorePassword", keyStorePwd); + } + if (pkcs12ImportFile.length() > 0) { this.log.logInfo("Import certificates from import file '" + pkcs12ImportFile + "'."); @@ -1092,13 +1101,10 @@ public final class serverCore extends AbstractBusyThread implements BusyThread { @Override public void handshakeCompleted( final HandshakeCompletedEvent event) { - System.out.println("Handshake finished!"); - System.out.println( - "\t CipherSuite:" + event.getCipherSuite()); - System.out.println( - "\t SessionId " + event.getSession()); - System.out.println( - "\t PeerHost " + event.getSession().getPeerHost()); + //System.out.println("Handshake finished!"); + //System.out.println("\t CipherSuite:" + event.getCipherSuite()); + //System.out.println("\t SessionId " + event.getSession()); + //System.out.println("\t PeerHost " + event.getSession().getPeerHost()); } } );