333.i2p: Пробема с android xmpp

You are not logged in

Пробема с android xmpp « Книга жалоб и предложений « Разработка i2pd

Sat, 06 May 2023, 09:01pm	#1
q Участник Registered: May 2023 Последний раз: Fri, 12 May 2023 Сообщения: 3	На сервере prosody с настроенным i2pd, 3072 бит ssl.(также проверял и с 2048 бит и 4096) На пк клиент pidgin работает На телефоне в клиентах monocles chat и conversations i2p пишет домен не верифицируется и домен не мподдается проверке соответственно
Offline	Link

Wed, 10 May 2023, 03:43pm	#2
Qball Участник Registered: March 2023 Последний раз: Tue, 12 Mar 2024 Сообщения: 21	Your question translated: On the prosody server with i2pd configured, 3072 bits of ssl.(also checked with 2048 bits and 4096) On a PC, the pidgin client is running On the phone, in the monocles chat and conversations clients, i2p writes the domain is not verified and the domain is not verifiable, respectively Most likely you have to register through Tor or clearnet with the xmpp server. If you tried xmpp.ilita.i2p you have to import their certificate. Try with danwin1210.de (see website). The i2p eepsite is daniel.i2p
Offline	Link

Wed, 10 May 2023, 03:43pm

Qball: Участник; Registered: March 2023; Последний раз: Tue, 12 Mar 2024; Сообщения: 21

Your question translated:
On the prosody server with i2pd configured, 3072 bits of ssl.(also checked with 2048 bits and 4096)
On a PC, the pidgin client is running
On the phone, in the monocles chat and conversations clients, i2p writes the domain is not verified and the domain is not verifiable, respectively

Most likely you have to register through Tor or clearnet with the xmpp server. If you tried xmpp.ilita.i2p you have to import their certificate. Try with danwin1210.de (see website). The i2p eepsite is daniel.i2p

Offline

Link

Fri, 12 May 2023, 03:41pm	#3
q Участник Registered: May 2023 Последний раз: Fri, 12 May 2023 Сообщения: 3	but i want have my own xmmp server in i2p
Offline	Link

Sat, 13 May 2023, 09:34pm	#4
Qball Участник Registered: March 2023 Последний раз: Tue, 12 Mar 2024 Сообщения: 21	Those who don't know, teach. I have never setup of xmpp server and on top i2p setup has challenges (3-4 simultaneous users per router by my estimate). If I would start today and daniel.i2p software did not work (he has instructions for Tor) I would try openfire: https://www.igniterealtime.org/projects/openfire/ It is the most used xmpp by far. Gajim client does not work for me and I use Psi+. When you do the testing: 1. Create a family and all the routers should be in the family. 2. The final testing should be with the routers subscribing to each other and xmpp before you actually you move to the final stage: just a subscription to xmpp server.
Offline	Link

Sat, 13 May 2023, 09:34pm

Qball: Участник; Registered: March 2023; Последний раз: Tue, 12 Mar 2024; Сообщения: 21

Those who don't know, teach. I have never setup of xmpp server and on top i2p setup has challenges (3-4 simultaneous users per router by my estimate). If I would start today and daniel.i2p software did not work (he has instructions for Tor) I would try openfire:
https://www.igniterealtime.org/projects/openfire/
It is the most used xmpp by far. Gajim client does not work for me and I use Psi+.
When you do the testing:
1. Create a family and all the routers should be in the family.
2. The final testing should be with the routers subscribing to each other and xmpp before you actually you move to the final stage: just a subscription to xmpp server.

Offline

Link

Sun, 14 May 2023, 12:21pm #5

Sun, 14 May 2023, 12:21pm	#5
In-seriousness Участник Registered: March 2023 Последний раз: Mon, 15 May 2023 Сообщения: 10	It can be a bit tricky to get started. Have you made an admin user? Eg. `sudo prosodyctl adduser admin@____.b32.i2p` Are you sure the i2p tunnels are made correctly? You may need two 'server' tunnels, one for client-to-server (C2S) and another for possible server-to-server (S2S) interactions? I have notes for i2pd that say: `tunnels.conf [prosody-s2s] type=server host=127.0.0.1 port=5269 inport=5269 keys=prosody.dat [prosody-c2s] type=server host=127.0.0.1 port=5222 inport=5222 keys=prosody.dat` I remember that the ArchWiki for Prosody can be helpful resource. You **may** need a package, 'lua-bit32', as stated by the PurpleI2P team "bit32 library for lua is required for 'mod_darknet' module". But maybe, not. If you use a self-signed certificate then you will, at least once, need to verify it in the Conversations/Pidgin client apps. It will ask to verify the certificate against a SHA256 thumbprint (most likely?). To see your certificate in that format, this might help. `openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/prosody/certs/*.b32.i2p.crt` I understand Prosody to be a very fine choice, and there should be no need to switch to another fine choice like Openfire. Likewise, Pidgin is known to be a decent client. Anyway, tell us how you go. Last edited: Sun, 14 May 2023, 12:52pm от In-seriousness
Offline	Link

In-seriousness: Участник; Registered: March 2023; Последний раз: Mon, 15 May 2023; Сообщения: 10

It can be a bit tricky to get started. Have you made an admin user? Eg.

sudo prosodyctl adduser admin@____.b32.i2p

Are you sure the i2p tunnels are made correctly? You may need two 'server' tunnels, one for client-to-server (C2S) and another for possible server-to-server (S2S) interactions?

I have notes for i2pd that say:

tunnels.conf

[prosody-s2s]
type=server
host=127.0.0.1
port=5269
inport=5269
keys=prosody.dat

[prosody-c2s]
type=server
host=127.0.0.1
port=5222
inport=5222
keys=prosody.dat

I remember that the ArchWiki for Prosody can be helpful resource.

You ****may**** need a package, 'lua-bit32', as stated by the PurpleI2P team "bit32 library for lua is required for 'mod_darknet' module". But maybe, not.

If you use a self-signed certificate then you will, at least once, need to verify it in the Conversations/Pidgin client apps. It will ask to verify the certificate against a SHA256 thumbprint (most likely?). To see your certificate in that format, this might help.

openssl x509 -noout -fingerprint -sha256 -inform pem -in /etc/prosody/certs/*.b32.i2p.crt

I understand Prosody to be a very fine choice, and there should be no need to switch to another fine choice like Openfire. Likewise, Pidgin is known to be a decent client.

Anyway, tell us how you go.

Last edited: Sun, 14 May 2023, 12:52pm от In-seriousness

Offline Link

Mon, 19 Jun 2023, 02:18pm	#6
Qball Участник Registered: March 2023 Последний раз: Tue, 12 Mar 2024 Сообщения: 21	Self signed certificates are always a problem in Android. You can try this: https://stackoverflow.com/questions/1217141/sel... I faced this issue yesterday, while migrating our company's RESTful API to HTTPS, but using self-signed SSL certificates. I've looking everywhere, but all the "correct" marked answers I've found consisted of disabling certificate validation, clearly overriding all the sense of SSL. I finally came to a solution: Create Local KeyStore To enable your app to validate your self-signed certificates, you need to provide a custom keystore with the certificates in a manner that Android can trust your endpoint. The format for such custom keystores is "BKS" from BouncyCastle, so you need the 1.46 version of BouncyCastleProvider that you can download here. You also need your self-signed certificate, I will assume it's named self_cert.pem. Now the command for creating your keystore is: <!-- language: lang-sh --> $ keytool -import -v -trustcacerts -alias 0 \ -file PATH_TO_SELF_CERT.PEM \ -keystore PATH_TO_KEYSTORE \ -storetype BKS \ -provider org.bouncycastle.jce.provider.BouncyCastleProvider \ -providerpath PATH_TO_bcprov-jdk15on-146.jar \ -storepass STOREPASS PATH_TO_KEYSTORE points to a file where your keystore will be created. It MUST NOT EXIST. PATH_TO_bcprov-jdk15on-146.jar.JAR is the path to the downloaded .jar libary. STOREPASS is your newly created keystore password. Include KeyStore in your Application Copy your newly created keystore from PATH_TO_KEYSTORE to res/raw/certs.bks (certs.bks is just the file name; you can use whatever name you wish) Create a key in res/values/strings.xml with <!-- language: lang-xml --> <resources> ... <string name="store_pass">STOREPASS</string> ... </resources> Create a this class that inherits DefaultHttpClient import android.content.Context; import android.util.Log; import org.apache.http.conn.scheme.PlainSocketFactory; import org.apache.http.conn.scheme.Scheme; import org.apache.http.conn.scheme.SchemeRegistry; import org.apache.http.conn.ssl.SSLSocketFactory; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.params.HttpParams; import java.io.IOException; import java.io.InputStream; import java.security.; public class MyHttpClient extends DefaultHttpClient { private static Context appContext = null; private static HttpParams params = null; private static SchemeRegistry schmReg = null; private static Scheme httpsScheme = null; private static Scheme httpScheme = null; private static String TAG = "MyHttpClient"; public MyHttpClient(Context myContext) { appContext = myContext; if (httpScheme == null \|\| httpsScheme == null) { httpScheme = new Scheme("http", PlainSocketFactory.getSocketFactory(), 80); httpsScheme = new Scheme("https", mySSLSocketFactory(), 443); } getConnectionManager().getSchemeRegistry().register(httpScheme); getConnectionManager().getSchemeRegistry().register(httpsScheme); } private SSLSocketFactory mySSLSocketFactory() { SSLSocketFactory ret = null; try { final KeyStore ks = KeyStore.getInstance("BKS"); final InputStream inputStream = appContext.getResources().openRawResource(R.raw.certs); ks.load(inputStream, appContext.getString(R.string.store_pass).toCharArray()); inputStream.close(); ret = new SSLSocketFactory(ks); } catch (UnrecoverableKeyException ex) { Log.d(TAG, ex.getMessage()); } catch (KeyStoreException ex) { Log.d(TAG, ex.getMessage()); } catch (KeyManagementException ex) { Log.d(TAG, ex.getMessage()); } catch (NoSuchAlgorithmException ex) { Log.d(TAG, ex.getMessage()); } catch (IOException ex) { Log.d(TAG, ex.getMessage()); } catch (Exception ex) { Log.d(TAG, ex.getMessage()); } finally { return ret; } } } Now simply use an instance of MyHttpClient* as you would with DefaultHttpClient to make your HTTPS queries, and it will use and validate correctly your self-signed SSL certificates. HttpResponse httpResponse; HttpPost httpQuery = new HttpPost("https://yourserver.com";); ... set up your query ... MyHttpClient myClient = new MyHttpClient(myContext); try{ httpResponse = myClient.(peticionHttp); // Check for 200 OK code if (httpResponse.getStatusLine().getStatusCode() == HttpURLConnection.HTTP_OK) { ... do whatever you want with your response ... } }catch (Exception ex){ Log.d("httpError", ex.getMessage()); }
Offline	Link

Mon, 19 Jun 2023, 02:18pm

Qball: Участник; Registered: March 2023; Последний раз: Tue, 12 Mar 2024; Сообщения: 21

Self signed certificates are always a problem in Android. You can try this:
https://stackoverflow.com/questions/1217141/sel...

I faced this issue yesterday, while migrating our company's RESTful API to HTTPS, but using self-signed SSL certificates.

I've looking everywhere, but all the "correct" marked answers I've found consisted of disabling certificate validation, clearly overriding all the sense of SSL.

I finally came to a solution:

Create Local KeyStore

To enable your app to validate your self-signed certificates, you need to provide a custom keystore with the certificates in a manner that Android can trust your endpoint.

The format for such custom keystores is "BKS" from BouncyCastle, so you need the 1.46 version of BouncyCastleProvider that you can download here.

You also need your self-signed certificate, I will assume it's named self_cert.pem.

Now the command for creating your keystore is:

$ keytool -import -v -trustcacerts -alias 0 \
-file *PATH_TO_SELF_CERT.PEM* \
-keystore *PATH_TO_KEYSTORE* \
-storetype BKS \
-provider org.bouncycastle.jce.provider.BouncyCastleProvider \
-providerpath *PATH_TO_bcprov-jdk15on-146.jar* \
-storepass *STOREPASS*

PATH_TO_KEYSTORE points to a file where your keystore will be created. It MUST NOT EXIST.

PATH_TO_bcprov-jdk15on-146.jar.JAR is the path to the downloaded .jar libary.

STOREPASS is your newly created keystore password.

Include KeyStore in your Application

Copy your newly created keystore from PATH_TO_KEYSTORE to res/raw/certs.bks (certs.bks is just the file name; you can use whatever name you wish)

Create a key in res/values/strings.xml with

<resources>
...
<string name="store_pass">*STOREPASS*</string>
...
</resources>

Create a this class that inherits DefaultHttpClient

import android.content.Context;
import android.util.Log;
import org.apache.http.conn.scheme.PlainSocketFactory;
import org.apache.http.conn.scheme.Scheme;
import org.apache.http.conn.scheme.SchemeRegistry;
import org.apache.http.conn.ssl.SSLSocketFactory;
import org.apache.http.impl.client.DefaultHttpClient;
import org.apache.http.params.HttpParams;

import java.io.IOException;
import java.io.InputStream;
import java.security.*;

public class MyHttpClient extends DefaultHttpClient {

private static Context appContext = null;
private static HttpParams params = null;
private static SchemeRegistry schmReg = null;
private static Scheme httpsScheme = null;
private static Scheme httpScheme = null;
private static String TAG = "MyHttpClient";

public MyHttpClient(Context myContext) {

appContext = myContext;

if (httpScheme == null || httpsScheme == null) {
httpScheme = new Scheme("http", PlainSocketFactory.getSocketFactory(), 80);
httpsScheme = new Scheme("https", mySSLSocketFactory(), 443);
}

getConnectionManager().getSchemeRegistry().register(httpScheme);
getConnectionManager().getSchemeRegistry().register(httpsScheme);

}

private SSLSocketFactory mySSLSocketFactory() {
SSLSocketFactory ret = null;
try {
final KeyStore ks = KeyStore.getInstance("BKS");

final InputStream inputStream = appContext.getResources().openRawResource(R.raw.certs);

ks.load(inputStream, appContext.getString(R.string.store_pass).toCharArray());
inputStream.close();

ret = new SSLSocketFactory(ks);
} catch (UnrecoverableKeyException ex) {
Log.d(TAG, ex.getMessage());
} catch (KeyStoreException ex) {
Log.d(TAG, ex.getMessage());
} catch (KeyManagementException ex) {
Log.d(TAG, ex.getMessage());
} catch (NoSuchAlgorithmException ex) {
Log.d(TAG, ex.getMessage());
} catch (IOException ex) {
Log.d(TAG, ex.getMessage());
} catch (Exception ex) {
Log.d(TAG, ex.getMessage());
} finally {
return ret;
}
}
}

Now simply use an instance of **MyHttpClient** as you would with **DefaultHttpClient** to make your HTTPS queries, and it will use and validate correctly your self-signed SSL certificates.

HttpResponse httpResponse;

HttpPost httpQuery = new HttpPost("https://yourserver.com";);
... set up your query ...

MyHttpClient myClient = new MyHttpClient(myContext);

try{

httpResponse = myClient.(peticionHttp);

// Check for 200 OK code
if (httpResponse.getStatusLine().getStatusCode() == HttpURLConnection.HTTP_OK) {
... do whatever you want with your response ...
}

}catch (Exception ex){
Log.d("httpError", ex.getMessage());
}

Offline

Link

В начало » Форум Темы » Разработка i2pd » Книга жалоб и предложений

Последний зарегистрированный пользователь: mittwerkz