Skip to content
Permalink
Browse files

Added a UI section to configure encryption of peers communications

  • Loading branch information...
luccioman committed May 2, 2018
1 parent 3b89c23 commit 692c1cfdde8d4763644784c0ca70b1e7b5e99db2
Showing with 51 additions and 0 deletions.
  1. +26 −0 htroot/ConfigNetwork_p.html
  2. +25 −0 htroot/ConfigNetwork_p.java
@@ -218,6 +218,32 @@ <h2>Network Configuration</h2>
</fieldset>
</form>
</fieldset>

<form method="post" action="ConfigNetwork_p.html" enctype="multipart/form-data" accept-charset="UTF-8">
<input type="hidden" name="transactionToken" value="#[transactionToken]#"/>
<fieldset>
<legend>
<label>Outgoing communications encryption</label>
</legend>
<dl>
<dt>Protocol operations encryption</dt>
<dd>
<label>
<input type="checkbox" name="network.unit.protocol.https.preferred" value="true" #(network.unit.protocol.https.preferred)#::checked="checked"#(/network.unit.protocol.https.preferred)# />
Prefer HTTPS for outgoing connexions to remote peers.
</label>
<p>When <abbr title="Transport Layer Security">TLS</abbr>/<abbr title="Secure Sockets Layer">SSL</abbr> is enabled on remote peers, it should be used to encrypt outgoing communications with them (for operations such as network presence, index transfer, remote crawl...).
Please note that contrary to strict TLS, certificates are not validated against trusted certificate authorities (CA), thus allowing YaCy peers to use self-signed certificates.
</p>
<p>Note also that encryption of remote search queries is configured with a dedicated setting in the <a href="ConfigPortal_p.html">Config Portal</a> page.</p>
</dd>
<dt></dt>
<dd>
<input type="submit" name="setEncryption" value="Save" class="btn btn-primary"/>
</dd>
</dl>
</fieldset>
</form>
#%env/templates/footer.template%#
</body>
</html>
@@ -91,6 +91,26 @@ public static serverObjects respond(
sb.switchNetwork(networkDefinition);
}
}

if (post.containsKey("setEncryption")) {
/*
* Settings will be modified : check this is a valid transaction using HTTP POST
* method
*/
TransactionManager.checkPostTransaction(header, post);

final boolean httpsPreferred = sb.getConfigBool(SwitchboardConstants.NETWORK_PROTOCOL_HTTPS_PREFERRED,
SwitchboardConstants.NETWORK_PROTOCOL_HTTPS_PREFERRED_DEFAULT);
final boolean newHttpsPreferred = post
.getBoolean(SwitchboardConstants.NETWORK_PROTOCOL_HTTPS_PREFERRED);
if (httpsPreferred == newHttpsPreferred) {
// no change
commit = 3;
} else {
commit = 1;
sb.setConfig(SwitchboardConstants.NETWORK_PROTOCOL_HTTPS_PREFERRED, newHttpsPreferred);
}
}

if ( post.containsKey("save") ) {
/* Settings will be modified : check this is a valid transaction using HTTP POST method */
@@ -211,6 +231,11 @@ public static serverObjects respond(
prop.put("networks_" + c++ + "_network", s);
}
prop.put("networks", c);

// set encryption setting
prop.put(SwitchboardConstants.NETWORK_PROTOCOL_HTTPS_PREFERRED,
sb.getConfigBool(SwitchboardConstants.NETWORK_PROTOCOL_HTTPS_PREFERRED,
SwitchboardConstants.NETWORK_PROTOCOL_HTTPS_PREFERRED_DEFAULT));

return prop;
}

0 comments on commit 692c1cf

Please sign in to comment.
You can’t perform that action at this time.