333.i2p

Форум, посвященный разработке и поддержке i2pd
 
Sat, 06 May 2023, 09:01pm #1
q
Участник
Registered: May 2023
Последний раз: Fri, 12 May 2023
Сообщения: 3

На сервере prosody с настроенным i2pd, 3072 бит ssl.(также проверял и с 2048 бит и 4096)
На пк клиент pidgin работает
На телефоне в клиентах monocles chat и conversations i2p пишет домен не верифицируется и домен не мподдается проверке соответственно

Offline
Wed, 10 May 2023, 03:43pm #2
Qball
Участник
Registered: March 2023
Последний раз: Fri, 26 Jan 2024
Сообщения: 19

Your question translated:
On the prosody server with i2pd configured, 3072 bits of ssl.(also checked with 2048 bits and 4096)
On a PC, the pidgin client is running
On the phone, in the monocles chat and conversations clients, i2p writes the domain is not verified and the domain is not verifiable, respectively

Most likely you have to register through Tor or clearnet with the xmpp server. If you tried xmpp.ilita.i2p you have to import their certificate. Try with danwin1210.de (see website). The i2p eepsite is daniel.i2p

Offline
Fri, 12 May 2023, 03:41pm #3
q
Участник
Registered: May 2023
Последний раз: Fri, 12 May 2023
Сообщения: 3

but i want have my own xmmp server in i2p

Offline
Sat, 13 May 2023, 09:34pm #4
Qball
Участник
Registered: March 2023
Последний раз: Fri, 26 Jan 2024
Сообщения: 19

Those who don't know, teach. I have never setup of xmpp server and on top i2p setup has challenges (3-4 simultaneous users per router by my estimate). If I would start today and daniel.i2p software did not work (he has instructions for Tor) I would try openfire:
https://www.igniterealtime.org/projects/openfire/
It is the most used xmpp by far. Gajim client does not work for me and I use Psi+.
When you do the testing:
1. Create a family and all the routers should be in the family.
2. The final testing should be with the routers subscribing to each other and xmpp before you actually you move to the final stage: just a subscription to xmpp server.

Offline
Sun, 14 May 2023, 12:21pm #5
In-seriousness
Участник
Dfca_digital-feudalism-counter-action_v2_profile
Registered: March 2023
Последний раз: Mon, 15 May 2023
Сообщения: 10

It can be a bit tricky to get started. Have you made an admin user? Eg.

sudo prosodyctl adduser admin@____.b32.i2p

Are you sure the i2p tunnels are made correctly? You may need two 'server' tunnels, one for client-to-server (C2S) and another for possible server-to-server (S2S) interactions?

I have notes for i2pd that say:

tunnels.conf

[prosody-s2s]
type=server
host=127.0.0.1
port=5269
inport=5269
keys=prosody.dat

[prosody-c2s]
type=server
host=127.0.0.1
port=5222
inport=5222
keys=prosody.dat

I remember that the ArchWiki for Prosody can be helpful resource.

You ****may**** need a package, 'lua-bit32', as stated by the PurpleI2P team "bit32 library for lua is required for 'mod_darknet' module". But maybe, not.

If you use a self-signed certificate then you will, at least once, need to verify it in the Conversations/Pidgin client apps. It will ask to verify the certificate against a SHA256 thumbprint (most likely?). To see your certificate in that format, this might help.

openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/prosody/certs/*.b32.i2p.crt

I understand Prosody to be a very fine choice, and there should be no need to switch to another fine choice like Openfire. Likewise, Pidgin is known to be a decent client.

Anyway, tell us how you go.

Last edited: Sun, 14 May 2023, 12:52pm от In-seriousness

Offline
Mon, 19 Jun 2023, 02:18pm #6
Qball
Участник
Registered: March 2023
Последний раз: Fri, 26 Jan 2024
Сообщения: 19

Self signed certificates are always a problem in Android. You can try this:
https://stackoverflow.com/questions/1217141/sel...

I faced this issue yesterday, while migrating our company's RESTful API to HTTPS, but using self-signed SSL certificates.

I've looking everywhere, but all the "correct" marked answers I've found consisted of disabling certificate validation, clearly overriding all the sense of SSL.

I finally came to a solution:

Create Local KeyStore

To enable your app to validate your self-signed certificates, you need to provide a custom keystore with the certificates in a manner that Android can trust your endpoint.

The format for such custom keystores is "BKS" from BouncyCastle, so you need the 1.46 version of BouncyCastleProvider that you can download here.

You also need your self-signed certificate, I will assume it's named self_cert.pem.

Now the command for creating your keystore is:

<!-- language: lang-sh -->

$ keytool -import -v -trustcacerts -alias 0 \
-file *PATH_TO_SELF_CERT.PEM* \
-keystore *PATH_TO_KEYSTORE* \
-storetype BKS \
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \
-providerpath *PATH_TO_bcprov-jdk15on-146.jar* \
-storepass *STOREPASS*

PATH_TO_KEYSTORE points to a file where your keystore will be created. It MUST NOT EXIST.

PATH_TO_bcprov-jdk15on-146.jar.JAR is the path to the downloaded .jar libary.

STOREPASS is your newly created keystore password.

Include KeyStore in your Application

Copy your newly created keystore from PATH_TO_KEYSTORE to res/raw/certs.bks (certs.bks is just the file name; you can use whatever name you wish)

Create a key in res/values/strings.xml with

<!-- language: lang-xml -->

<resources>
...
<string name="store_pass">*STOREPASS*</string>
...
</resources>

Create a this class that inherits DefaultHttpClient

import android.content.Context;
import android.util.Log;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.HttpParams;

import java.io.IOException;
import java.io.InputStream;
import java.security.*;

public class MyHttpClient extends DefaultHttpClient {

private static Context appContext = null;
private static HttpParams params = null;
private static SchemeRegistry schmReg = null;
private static Scheme httpsScheme = null;
private static Scheme httpScheme = null;
private static String TAG = "MyHttpClient";

public MyHttpClient(Context myContext) {

appContext = myContext;

if (httpScheme == null || httpsScheme == null) {
httpScheme = new Scheme("http", PlainSocketFactory.getSocketFactory(), 80);
httpsScheme = new Scheme("https", mySSLSocketFactory(), 443);
}

getConnectionManager().getSchemeRegistry().register(httpScheme);
getConnectionManager().getSchemeRegistry().register(httpsScheme);

}

private SSLSocketFactory mySSLSocketFactory() {
SSLSocketFactory ret = null;
try {
final KeyStore ks = KeyStore.getInstance("BKS");

final InputStream inputStream = appContext.getResources().openRawResource(R.raw.certs);

ks.load(inputStream, appContext.getString(R.string.store_pass).toCharArray());
inputStream.close();

ret = new SSLSocketFactory(ks);
} catch (UnrecoverableKeyException ex) {
Log.d(TAG, ex.getMessage());
} catch (KeyStoreException ex) {
Log.d(TAG, ex.getMessage());
} catch (KeyManagementException ex) {
Log.d(TAG, ex.getMessage());
} catch (NoSuchAlgorithmException ex) {
Log.d(TAG, ex.getMessage());
} catch (IOException ex) {
Log.d(TAG, ex.getMessage());
} catch (Exception ex) {
Log.d(TAG, ex.getMessage());
} finally {
return ret;
}
}
}

Now simply use an instance of **MyHttpClient** as you would with **DefaultHttpClient** to make your HTTPS queries, and it will use and validate correctly your self-signed SSL certificates.

HttpResponse httpResponse;

HttpPost httpQuery = new HttpPost("https://yourserver.com";);
... set up your query ...

MyHttpClient myClient = new MyHttpClient(myContext);

try{

httpResponse = myClient.(peticionHttp);

// Check for 200 OK code
if (httpResponse.getStatusLine().getStatusCode() == HttpURLConnection.HTTP_OK) {
... do whatever you want with your response ...
}

}catch (Exception ex){
Log.d("httpError", ex.getMessage());
}

Offline