Start of a password change form

src/java/net/i2p/i2pcontrol/security/SecurityManager.java

@@ -40,7 +40,7 @@ import java.util.Iterator;
  * Manage the password storing for I2PControl.
  */
 public class SecurityManager {
-    private final static String DEFAULT_AUTH_PASSWORD = "itoopie";
+    public final static String DEFAULT_AUTH_PASSWORD = "itoopie";
     private final HashMap<String, AuthToken> authTokens;
     private final SimpleTimer2.TimedEvent timer;
     private final KeyStore _ks;
@@ -148,17 +148,34 @@ public class SecurityManager {
         return Base64.encode(bytes);
     }
 
+    /**
+     * Is this password correct?
+     * @return true if password is valid.
+     * @since 0.12
+     */
+    public boolean isValid(String pwd) {
+        String storedPass = getSavedPasswdHash();
+        byte[] p1 = DataHelper.getASCII(getPasswdHash(pwd));
+        byte[] p2 = DataHelper.getASCII(storedPass);
+        return p1.length == p2.length && DataHelper.eqCT(p1, 0, p2, 0, p1.length);
+    }
+
+    /**
+     * Is this password correct?
+     * @return true if password is valid.
+     * @since 0.12
+     */
+    public boolean isDefaultPasswordValid() {
+        return isValid(DEFAULT_AUTH_PASSWORD);
+    }
 
     /**
      * Add a Authentication Token if the provided password is valid.
      * The token will be valid for one day.
-     * @return Returns AuthToken if password is valid. If password is invalid null will be returned.
+     * @return AuthToken if password is valid. If password is invalid null will be returned.
      */
     public AuthToken validatePasswd(String pwd) {
-        String storedPass = getSavedPasswdHash();
-        byte[] p1 = DataHelper.getASCII(getPasswdHash(pwd));
-        byte[] p2 = DataHelper.getASCII(storedPass);
-        if (p1.length == p2.length && DataHelper.eqCT(p1, 0, p2, 0, p1.length)) {
+        if (isValid(pwd)) {
             AuthToken token = new AuthToken(this, pwd);
             synchronized (authTokens) {
                 authTokens.put(token.getId(), token);

src/java/net/i2p/i2pcontrol/servlets/JSONRPC2Servlet.java

@@ -145,14 +145,45 @@ public class JSONRPC2Servlet extends HttpServlet {
 
     @Override
     protected void doGet(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
-        httpServletResponse.setContentType("text/plain");
+        httpServletResponse.setContentType("text/html");
         PrintWriter out = httpServletResponse.getWriter();
-        out.println("I2PControl RPC Service version " + I2PControlVersion.VERSION + " : Running");
+        out.println("<p>I2PControl RPC Service version " + I2PControlVersion.VERSION + " : Running");
+	if ("/password".equals(httpServletRequest.getServletPath())) {
+            out.println("<form method=\"POST\" action=\"password\">");
+            if (_secMan.isDefaultPasswordValid()) {
+                out.println("<p>The current API password is the default, \"" + _secMan.DEFAULT_AUTH_PASSWORD + "\". You should change it.");
+            } else {	
+                out.println("<p>Current API password:<input name=\"password\" type=\"password\">");
+            }
+            out.println("<p>New API password (twice):<input name=\"password2\" type=\"password\">" +
+                        "<input name=\"password3\" type=\"password\">" +
+                        "<input name=\"save\" type=\"submit\" value=\"Change API Password\">" +
+                        "<p>If you forget the API password, stop i2pcontrol, delete the file <tt>" + _conf.getConfFile() +
+                        "</tt>, and restart i2pcontrol.");
+        } else {	
+            out.println("<p><a href=\"password\">Change API Password</a>");
+        }
         out.close();
     }
 
+    /** @since 0.12 */
+    private void doPasswordChange(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
+        httpServletResponse.setContentType("text/html");
+        PrintWriter out = httpServletResponse.getWriter();
+        if (true) {
+            out.println("<p>API Password not changed");
+        } else {	
+            out.println("<p>API Password changed");
+        }
+        out.println("<p><a href=\"password\">Change API Password</a>");
+    }
+
     @Override
     protected void doPost(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws ServletException, IOException {
+	if ("/password".equals(httpServletRequest.getServletPath())) {
+            doPasswordChange(httpServletRequest, httpServletResponse);
+            return;
+        }
         String req = getRequest(httpServletRequest.getInputStream());
         httpServletResponse.setContentType("application/json");
         PrintWriter out = httpServletResponse.getWriter();

src/java/net/i2p/i2pcontrol/servlets/configuration/ConfigurationManager.java

@@ -45,6 +45,11 @@ public class ConfigurationManager {
         readConfFile();
     }
 
+    /** @since 0.12 */
+    public File getConfFile() {
+        return configLocation;
+    }
+
     /**
      * Collects arguments of the form --word, --word=otherword and -blah
      * to determine user parameters.