Commit 74a7a188 authored by Guus der Kinderen's avatar Guus der Kinderen

OF-1004 (i18n): Hard-coded text should be replaced with i18n placeholders.

parent 7291d823
......@@ -1554,10 +1554,13 @@ server2server.settings.title=Server to Server Settings
server2server.settings.info=Use the forms below to configure settings for connections to remote \
servers. You can also {0}view{1} the current remote server connections.
server2server.settings.enabled.legend=Service Enabled
server2server.settings.boxtitle=Plain-text (with STARTTLS) connections
server2server.settings.boxinfo=Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).
server2server.settings.label_disable=Disabled
server2server.settings.label_disable_info=Remote servers are not allowed to exchange packets with this server.
server2server.settings.label_enable=Enabled
server2server.settings.label_enable_info=Remote servers can exchange packets with this server on port
server2server.settings.label_port=Port number
server2server.settings.valid.port=Please enter a valid port.
server2server.settings.update=Idle connections settings updated successfully.
server2server.settings.valid.idle_minutes=Please enter a valid number for max idle minutes.
......@@ -1599,6 +1602,12 @@ component.settings.label_disable=Disabled
component.settings.label_disable_info=External components are not allowed to connect to this server.
component.settings.label_enable=Enabled
component.settings.label_enable_info=External components can connect to this server.
component.settings.plaintext.boxtitle=Plain-text (with STARTTLS) connections
component.settings.plaintext.info=Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).
component.settings.plaintext.label_enable=Enabled
component.settings.legacymode.boxtitle=Encrypted (legacy-mode) connections
component.settings.legacymode.info=Connections of this type are established using encryption immediately (as opposed to using STARTTLS). This type of connectivity is commonly referred to as the "legacy" method of establishing encrypted communications.
component.settings.legacymode.label_enable=Enabled
component.settings.port=Port:
component.settings.valid.port=Please enter a valid port.
component.settings.defaultSecret=Default shared secret:
......@@ -1628,6 +1637,38 @@ component.settings.confirm.allowed=Component is now allowed to connect to the se
component.settings.confirm.blocked=Component is now not allowed to connect to the server.
component.settings.confirm.deleted=Component information was deleted.
# Advanced connection settings page
connection.advanced.settings.error.connectiontype=The connection type is unrecognized.
connection.advanced.settings.error.connectionmode=The connection mode is unrecognized.
connection.advanced.settings.info=The configuration on this page applies to {0} connections.
connection.advanced.settings.tcp.boxtitle=TCP Settings
connection.advanced.settings.tcp.label_enable=Enabled
connection.advanced.settings.tcp.label_readbuffer=Read buffer
connection.advanced.settings.tcp.label_readbuffer_suffix=(in bytes - empty for unlimited size)
connection.advanced.settings.starttls.boxtitle=STARTTLS policy
connection.advanced.settings.starttls.label_disabled=<b>Disabled</b> - Encryption is not allowed.
connection.advanced.settings.starttls.label_optional=<b>Optional</b> - Encryption may be used, but is not required.
connection.advanced.settings.starttls.label_required=<b>Required</b> - Connections cannot be established unless they are encrypted.
connection.advanced.settings.clientauth.boxtitle=Mutual Authentication
connection.advanced.settings.clientauth.info=In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.
connection.advanced.settings.clientauth.label_disabled=<b>Disabled</b> - Peer certificates are not verified.
connection.advanced.settings.clientauth.label_wanted=<b>Wanted</b> - Peer certificates are verified, but only when they are presented by the peer.
connection.advanced.settings.clientauth.label_needed=<b>Needed</b> - A connection cannot be established if the peer does not present a valid certificate.
connection.advanced.settings.certchain.boxtitle=Certificate chain checking
connection.advanced.settings.certchain.info=These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.
connection.advanced.settings.certchain.label_selfsigned=Allow peer certificates to be self-signed.
connection.advanced.settings.certchain.label_validity=Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).
connection.advanced.settings.protocols.boxtitle=Encryption Protocols
connection.advanced.settings.protocols.info=These are all encryption protocols that this instance of Openfire supports. Those with a checked box are enabled, and can be used to establish an encrypted connection. Deselecting all values will cause a default to be restored.
connection.advanced.settings.protocols.sslv2hello.info=When setting up a new encrypted connection some encryption protocols allow you to have part of the handshake (the 'hello') encapsulated in an SSLv2 format. The SSLv2Hello option below controls this encapsulation. When disabled, all incoming data must conform to the SSLv3/TLSv1 handshake format, and all outgoing data (which applies to outbound server-to-server connections) will conform to the SSLv3/TLSv1 format.
connection.advanced.settings.ciphersuites.boxtitle=Encryption Cipher Suites
connection.advanced.settings.ciphersuites.info=These are all encryption cipher suites that this instance of Openfire supports. Those in the list on the left are enabled, and can be used to establish an encrypted connection. Removing all values from that list will cause a default to be restored.
connection.advanced.settings.ciphersuites.label_enable=Enabled
connection.advanced.settings.ciphersuites.label_supported=Supported
connection.advanced.settings.misc.boxtitle=Miscellaneous settings
connection.advanced.settings.misc.label_workers=Maximum worker threads
# Session conflict Page
session.conflict.title=Conflict Policy
......@@ -2144,6 +2185,12 @@ ssl.settings.client.customSSL=Old SSL method:
ssl.settings.client.customTLS=TLS method:
ssl.settings.client.custom.mutualauth.socket=Mutual authentication (socket connections)
ssl.settings.client.custom.mutualauth.bosh=Mutual authentication (BOSH connections)
ssl.settings.client.plaintext.boxtitle=Plain-text (with STARTTLS) connections
ssl.settings.client.plaintext.info=Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).
ssl.settings.client.plaintext.label_enable=Enabled
ssl.settings.client.legacymode.boxtitle=Encrypted (legacy-mode) connections
ssl.settings.client.legacymode.info=Connections of this type are established using encryption immediately (as opposed to using STARTTLS). This type of connectivity is commonly referred to as the "legacy" method of establishing encrypted communications.
ssl.settings.client.legacymode.label_enable=Enabled
ssl.settings.available=Available
ssl.settings.notavailable=Not Available
ssl.settings.required=Required
......@@ -2193,6 +2240,28 @@ ssl.certificates.not-valid-after=Not valid after
ssl.certificates.signature=Signature
ssl.certificates.signature-algorithm=Signature Algorithm
ssl.certificates.signature-algorithm-parameters=Signature Algorithm Parameters
ssl.certificates.identity-store=Identity store
ssl.certificates.trust-store=Trust store
# Store Management page
ssl.certificates.store-management.title=Certificate Stores
ssl.certificates.store-management.info-1=Certificates are used (through TLS and SSL protocols) to establish secure connections between servers and clients. When a secured connection is being created, parties can retrieve a certificate from the other party and (amongst others) examine the issuer of those certificates. If the issuer is trusted, a secured layer of communication can be established.
ssl.certificates.store-management.info-2=Certificates are kept in specialized repositories, or 'stores'. Openfire provides two types of stores: <ul><li><em>Identity stores</em> are used to store certificates that identify this instance of Openfire. On request, they certificates from these stores are transmitted to other parties which use them to identify your server. </li> <li><em>Trust stores</em> contain certificates that identify parties that you choose to trust. Trust stores often do not include the certificate from the remote party directly, but instead holds certificates from organizations that are trusted to identify the certificate of the remote party. Such organizations are commonly referred to as "Certificate Authorities".</li></ul>
ssl.certificates.store-management.info-3=This section of the admin panel is dedicated to management of the various key and trust stores that act as repositories for sets of security certificates. By default, a small set of stores is re-used for various purposes, but Openfire allows you to configure a distinct set of stores for each connection type.
ssl.certificates.store-management.socket-c2s-stores.title=XMPP Client Stores
ssl.certificates.store-management.socket-c2s-stores.info=These stores are used for regular, TCP-based client-to-server XMPP communication. Two stores are provided\: one identity store and a trust store. Openfire ships with an empty trust store, as in typical environments, certificate-based authentication of clients is not required.
ssl.certificates.store-management.socket-s2s-stores.title=Server Federation Stores
ssl.certificates.store-management.socket-s2s-stores.info=These stores are used for erver-to-server XMPP communication, which establishes server federation. Two stores are provided\: one identity store and a trust store. Openfire ships with a trust store filled with certificates of generally accepted certificate authorities.
ssl.certificates.store-management.bosh-c2s-stores.title=BOSH (HTTP Binding) Stores
ssl.certificates.store-management.bosh-c2s-stores.info=These stores are used for BOSH-based XMPP communication. Two stores are provided\: an identity store and a client trust store.
ssl.certificates.store-management.admin-console-stores.title=Admin Console Stores
ssl.certificates.store-management.admin-console-stores.info=These stores are used for the web-based admin console (you're looking at it right now\!). Again, two stores are provided an identity store and a trust store (used for optional authentication of browsers that use the admin panel).
ssl.certificates.store-management.component-stores.title=External Component Stores
ssl.certificates.store-management.component-stores.info=These stores are used to establish connections with external components.
ssl.certificates.store-management.connection-manager-stores.title=Connection Manager Stores
ssl.certificates.store-management.connection-manager-stores.info=These stores are used to establish connections with Openfire Connection Managers.ssl.certificates.store-management.socket-s2s-stores.title=Server Federation Stores
ssl.certificates.store-management.manage=Manage Store Contents
# Openfire Certificates Page
......@@ -2946,7 +3015,11 @@ ssl.import.certificate.keystore.info=Use the form below to import a private key
ssl.import.certificate.keystore.boxtitle=Import Private Key and Certificate
ssl.import.certificate.keystore.pass-phrase=Pass Phrase used for creating Private Key:
ssl.import.certificate.keystore.private-key=Content of Private Key file:
ssl.import.certificate.keystore.private-key.title=Private Key
ssl.import.certificate.keystore.private-key.info=Please provide the PEM representation of the private key that should be used to identify Openfire.
ssl.import.certificate.keystore.certificate=Content of Certificate file:
ssl.import.certificate.keystore.certificate.title=Certificate
ssl.import.certificate.keystore.certificate.info=Please provide the PEM representation of the certificate chain that represents the identity of Openfire. Note that the certificate chain must be based on the private key provided above.
ssl.import.certificate.keystore.error.private-key=Please specify the content of the private key.
ssl.import.certificate.keystore.error.certificate=Please specify the content of the certificate to import.
ssl.import.certificate.keystore.error.import=There was an error while trying to import the private key and signed certificate.
......
......@@ -241,8 +241,8 @@
<c:forEach var="err" items="${errors}">
<admin:infobox type="error">
<c:choose>
<c:when test="${err.key eq 'connectionType'}">The connection type is unrecognized.</c:when>
<c:when test="${err.key eq 'connectionMode'}">The connection mode is unrecognized.</c:when>
<c:when test="${err.key eq 'connectionType'}"><fmt:message key="connection.advanced.settings.error.connectiontype"/></c:when>
<c:when test="${err.key eq 'connectionMode'}"><fmt:message key="connection.advanced.settings.error.connectionmode"/></c:when>
<c:otherwise>
<c:if test="${not empty err.value}">
<fmt:message key="admin.error"/>: <c:out value="${err.value}"/>
......@@ -275,97 +275,104 @@
<!-- Introduction at the top of the page -->
<p>
The configuration on this page applies to ${connectionModeTranslation} ${connectionTypeTranslation} connections.
<fmt:message key="connection.advanced.settings.info">
<fmt:param value="${connectionModeTranslation} ${connectionTypeTranslation}" />
</fmt:message>
</p>
<form action="connection-settings-advanced.jsp?connectionType=${connectionType}&connectionMode=${connectionMode}" onsubmit="selectAllOptions('cipherSuitesEnabled')" method="post">
<input type="hidden" name="update" value="true" />
<admin:contentBox title="TCP Settings">
<fmt:message key="connection.advanced.settings.tcp.boxtitle" var="tcpboxtitle"/>
<admin:contentBox title="${tcpboxtitle}">
<table cellpadding="3" cellspacing="0" border="0">
<tr valign="middle">
<td width="100%" colspan="2"><input type="checkbox" name="enabled" id="enabled" ${configuration.enabled ? 'checked' : ''}/><label for="enabled">Enabled</label></td>
<td width="100%" colspan="2"><input type="checkbox" name="enabled" id="enabled" ${configuration.enabled ? 'checked' : ''}/><label for="enabled"><fmt:message key="connection.advanced.settings.tcp.label_enable"/></label></td>
</tr>
<tr valign="middle">
<td width="1%" nowrap><label for="tcpPort">Port number</label></td>
<td width="1%" nowrap><label for="tcpPort"><fmt:message key="ports.port"/></label></td>
<td width="99%"><input type="text" name="tcpPort" id="tcpPort" value="${configuration.port}"/></td>
</tr>
<tr valign="middle">
<td width="1%" nowrap><label for="readBuffer">Read buffer</label></td>
<td width="99%"><input type="text" name="readBuffer" id="readBuffer" value="${configuration.maxBufferSize gt 0 ? configuration.maxBufferSize : ''}" readonly/> (in bytes - empty for unlimited size)</td>
<td width="1%" nowrap><label for="readBuffer"><fmt:message key="connection.advanced.settings.tcp.label_readbuffer"/></label></td>
<td width="99%"><input type="text" name="readBuffer" id="readBuffer" value="${configuration.maxBufferSize gt 0 ? configuration.maxBufferSize : ''}" readonly/> <fmt:message key="connection.advanced.settings.tcp.label_readbuffer_suffix"/></td>
</tr>
</table>
</admin:contentBox>
<c:if test="${connectionMode eq 'plain'}">
<admin:contentBox title="STARTTLS policy">
<fmt:message key="connection.advanced.settings.starttls.boxtitle" var="starttlsboxtitle"/>
<admin:contentBox title="${starttlsboxtitle}">
<table cellpadding="3" cellspacing="0" border="0">
<tr valign="middle">
<td>
<input type="radio" name="tlspolicy" value="disabled" id="tlspolicy-disabled" ${configuration.tlsPolicy.name() eq 'disabled' ? 'checked' : ''} onclick="applyDisplayable()"/>
<label for="tlspolicy-disabled"><b>Disabled</b> - Encryption is not allowed.</label>
<label for="tlspolicy-disabled"><fmt:message key="connection.advanced.settings.starttls.label_disabled"/></label>
</td>
</tr>
<tr valign="middle">
<td>
<input type="radio" name="tlspolicy" value="optional" id="tlspolicy-optional" ${configuration.tlsPolicy.name() eq 'optional' ? 'checked' : ''} onclick="applyDisplayable()"/>
<label for="tlspolicy-optional"><b>Optional</b> - Encryption may be used, but is not required.</label>
<label for="tlspolicy-optional"><fmt:message key="connection.advanced.settings.starttls.label_optional"/></label>
</td>
</tr>
<tr valign="middle">
<td>
<input type="radio" name="tlspolicy" value="required" id="tlspolicy-required" ${configuration.tlsPolicy.name() eq 'required' ? 'checked' : ''} onclick="applyDisplayable()"/>
<label for="tlspolicy-required"><b>Required</b> - Connections cannot be established unless they are encrypted.</label>
<label for="tlspolicy-required"><fmt:message key="connection.advanced.settings.starttls.label_required"/></label>
</td>
</tr>
</table>
</admin:contentBox>
</c:if>
<admin:contentBox title="Mutual Authentication">
<p>In addition to requiring peers to use encryption (which will force them to verify the security certificates of this Openfire instance) an additional level of security can be enabled. With this option, the server can be configured to verify certificates that are to be provided by the peers. This is commonly referred to as 'mutual authentication'.</p>
<fmt:message key="connection.advanced.settings.clientauth.boxtitle" var="clientauthboxtitle"/>
<admin:contentBox title="${clientauthboxtitle}">
<p><fmt:message key="connection.advanced.settings.clientauth.info"/></p>
<table cellpadding="3" cellspacing="0" border="0" class="tlsconfig">
<tr valign="middle">
<td>
<input type="radio" name="mutualauthentication" value="disabled" id="mutualauthentication-disabled" ${configuration.clientAuth.name() eq 'disabled' ? 'checked' : ''}/>
<label for="mutualauthentication-disabled"><b>Disabled</b> - Peer certificates are not verified.</label>
<label for="mutualauthentication-disabled"><fmt:message key="connection.advanced.settings.clientauth.label_disabled"/></label>
</td>
</tr>
<tr valign="middle">
<td>
<input type="radio" name="mutualauthentication" value="wanted" id="mutualauthentication-wanted" ${configuration.clientAuth.name() eq 'wanted' ? 'checked' : ''}/>
<label for="mutualauthentication-wanted"><b>Wanted</b> - Peer certificates are verified, but only when they are presented by the peer.</label>
<label for="mutualauthentication-wanted"><fmt:message key="connection.advanced.settings.clientauth.label_wanted"/></label>
</td>
</tr>
<tr valign="middle">
<td>
<input type="radio" name="mutualauthentication" value="needed" id="mutualauthentication-needed" ${configuration.clientAuth.name() eq 'needed' ? 'checked' : ''}/>
<label for="mutualauthentication-needed"><b>Needed</b> - A connection cannot be established if the peer does not present a valid certificate.</label>
<label for="mutualauthentication-needed"><fmt:message key="connection.advanced.settings.clientauth.label_needed"/></label>
</td>
</tr>
</table>
</admin:contentBox>
<admin:contentBox title="Certificate chain checking">
<p>These options configure some aspects of the verification/validation of the certificates that are presented by peers while setting up encrypted connections.</p>
<fmt:message key="connection.advanced.settings.certchain.boxtitle" var="certchainboxtitle"/>
<admin:contentBox title="${certchainboxtitle}">
<p><fmt:message key="connection.advanced.settings.certchain.info"/></p>
<table cellpadding="3" cellspacing="0" border="0" class="tlsconfig">
<tr valign="middle">
<td>
<input type="checkbox" name="accept-self-signed-certificates" id="accept-self-signed-certificates" ${configuration.acceptSelfSignedCertificates ? 'checked' : ''}/><label for="accept-self-signed-certificates">Allow peer certificates to be self-signed.</label>
<input type="checkbox" name="accept-self-signed-certificates" id="accept-self-signed-certificates" ${configuration.acceptSelfSignedCertificates ? 'checked' : ''}/><label for="accept-self-signed-certificates"><fmt:message key="connection.advanced.settings.certchain.label_selfsigned"/></label>
</td>
</tr>
<tr valign="middle">
<td>
<input type="checkbox" name="verify-certificate-validity" id="verify-certificate-validity" ${configuration.verifyCertificateValidity ? 'checked' : ''}/><label for="verify-certificate-validity">Verify that the certificate is currently valid (based on the 'notBefore' and 'notAfter' values of the certificate).</label>
<input type="checkbox" name="verify-certificate-validity" id="verify-certificate-validity" ${configuration.verifyCertificateValidity ? 'checked' : ''}/><label for="verify-certificate-validity"><fmt:message key="connection.advanced.settings.certchain.label_validity"/></label>
</td>
</tr>
</table>
</admin:contentBox>
<admin:contentBox title="Encryption protocols">
<p>These are all encryption protocols that this instance of Openfire supports. Those with a checked box are enabled, and can be used to establish an encrypted connection. Deselecting all values will cause a default to be restored.</p>
<fmt:message key="connection.advanced.settings.protocols.boxtitle" var="protocolsboxtitle"/>
<admin:contentBox title="${protocolsboxtitle}">
<p><fmt:message key="connection.advanced.settings.protocols.info"/></p>
<table cellpadding="3" cellspacing="0" border="0" class="tlsconfig">
<c:forEach var="supportedProtocol" items="${supportedProtocols}">
<c:if test="${supportedProtocol ne 'SSLv2Hello'}">
......@@ -382,13 +389,7 @@
<c:if test="${supportedProtocols.contains( 'SSLv2Hello' )}">
<br/>
<c:set var="supportedProtocol" value="SSLv2Hello"/>
<p>
When setting up a new encrypted connection some encryption protocols allow you to have part of the
handshake (the 'hello') encapsulated in an SSLv2 format. The SSLv2Hello option below controls this
encapsulation. When disabled, all incoming data must conform to the SSLv3/TLSv1 handshake format, and
all outgoing data (which applies to outbound server-to-server connections) will conform to the SSLv3/TLSv1
format.
</p>
<p><fmt:message key="connection.advanced.settings.protocols.sslv2hello.info"/></p>
<table cellpadding="3" cellspacing="0" border="0" class="tlsconfig">
<c:set var="idForForm">protocol-<c:out value="${supportedProtocol}"/></c:set>
<c:set var="enabled" value="${configuration.encryptionProtocols.contains(supportedProtocol)}"/>
......@@ -401,10 +402,11 @@
</c:if>
</admin:contentBox>
<admin:contentBox title="Encryption cipher suites">
<p>These are all encryption cipher suites that this instance of Openfire supports. Those in the list on the left are enabled, and can be used to establish an encrypted connection. Removing all values from that list will cause a default to be restored.</p>
<fmt:message key="connection.advanced.settings.ciphersuites.boxtitle" var="ciphersuitesboxtitle"/>
<admin:contentBox title="${ciphersuitesboxtitle}">
<p><fmt:message key="connection.advanced.settings.ciphersuites.info"/></p>
<table cellpadding="3" cellspacing="0" border="0" class="tlsconfig">
<tr><th>Enabled</th><th></th><th>Supported</th></tr>
<tr><th><fmt:message key="connection.advanced.settings.ciphersuites.label_enable"/></th><th></th><th><fmt:message key="connection.advanced.settings.ciphersuites.label_supported"/></th></tr>
<tr>
<td>
<select name="cipherSuitesEnabled" id="cipherSuitesEnabled" size="10" multiple>
......@@ -432,10 +434,11 @@
</table>
</admin:contentBox>
<admin:contentBox title="Miscellaneous settings">
<fmt:message key="connection.advanced.settings.misc.boxtitle" var="miscboxtitle"/>
<admin:contentBox title="${miscboxtitle}">
<table cellpadding="3" cellspacing="0" border="0">
<tr valign="middle">
<td width="1%" nowrap><label for="maxThreads">Maximum worker threads</label></td>
<td width="1%" nowrap><label for="maxThreads"><fmt:message key="connection.advanced.settings.misc.label_workers"/></label></td>
<td width="99%"><input type="text" name="maxThreads" id="maxThreads" value="${configuration.maxThreadPoolSize}" readonly/></td>
</tr>
</table>
......
......@@ -260,16 +260,17 @@
<form action="connection-settings-external-components.jsp" method="post">
<admin:contentBox title="Plain-text (with STARTTLS) connections">
<fmt:message key="component.settings.plaintext.boxtitle" var="plaintextboxtitle"/>
<admin:contentBox title="${plaintextboxtitle}">
<p>Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).</p>
<p><fmt:message key="component.settings.plaintext.info"/></p>
<table cellpadding="3" cellspacing="0" border="0">
<tr valign="middle">
<td colspan="2"><input type="checkbox" name="plaintext-enabled" id="plaintext-enabled" onclick="applyDisplayable('plaintext')" ${plaintextConfiguration.enabled ? 'checked' : ''}/><label for="plaintext-enabled">Enabled</label></td>
<td colspan="2"><input type="checkbox" name="plaintext-enabled" id="plaintext-enabled" onclick="applyDisplayable('plaintext')" ${plaintextConfiguration.enabled ? 'checked' : ''}/><label for="plaintext-enabled"><fmt:message key="component.settings.plaintext.label_enable"/></label></td>
</tr>
<tr valign="middle">
<td width="1%" nowrap><label for="plaintext-tcpPort">Port number</label></td>
<td width="1%" nowrap><label for="plaintext-tcpPort"><fmt:message key="ports.port"/></label></td>
<td width="99%"><input type="text" name="plaintext-tcpPort" id="plaintext-tcpPort" value="${plaintextConfiguration.port}"/></td>
</tr>
<tr valign="middle">
......@@ -279,16 +280,17 @@
</admin:contentBox>
<admin:contentBox title="Encrypted (legacy-mode) connections">
<fmt:message key="component.settings.legacymode.boxtitle" var="legacymodeboxtitle"/>
<admin:contentBox title="${legacymodeboxtitle}">
<p>Connections of this type are established using encryption immediately (as opposed to using STARTTLS). This type of connectivity is commonly referred to as the "legacy" method of establishing encrypted communications.</p>
<p><fmt:message key="component.settings.legacymode.info"/></p>
<table cellpadding="3" cellspacing="0" border="0">
<tr valign="middle">
<td colspan="2"><input type="checkbox" name="legacymode-enabled" id="legacymode-enabled" onclick="applyDisplayable('legacymode')" ${legacymodeConfiguration.enabled ? 'checked' : ''}/><label for="legacymode-enabled">Enabled</label></td>
<td colspan="2"><input type="checkbox" name="legacymode-enabled" id="legacymode-enabled" onclick="applyDisplayable('legacymode')" ${legacymodeConfiguration.enabled ? 'checked' : ''}/><label for="legacymode-enabled"><fmt:message key="component.settings.legacymode.label_enable"/></label></td>
</tr>
<tr valign="middle">
<td width="1%" nowrap><label for="legacymode-tcpPort">Port number</label></td>
<td width="1%" nowrap><label for="legacymode-tcpPort"><fmt:message key="ports.port"/></label></td>
<td width="99%"><input type="text" name="legacymode-tcpPort" id="legacymode-tcpPort" value="${legacymodeConfiguration.port}"></td>
</tr>
<tr valign="middle">
......
......@@ -127,16 +127,17 @@
<form action="connection-settings-socket-c2s.jsp" method="post">
<admin:contentBox title="Plain-text (with STARTTLS) connections">
<fmt:message key="ssl.settings.client.plaintext.boxtitle" var="plaintextboxtitle"/>
<admin:contentBox title="${plaintextboxtitle}">
<p>Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).</p>
<p><fmt:message key="ssl.settings.client.plaintext.info"/></p>
<table cellpadding="3" cellspacing="0" border="0">
<tr valign="middle">
<td colspan="2"><input type="checkbox" name="plaintext-enabled" id="plaintext-enabled" onclick="applyDisplayable('plaintext')" ${plaintextConfiguration.enabled ? 'checked' : ''}/><label for="plaintext-enabled">Enabled</label></td>
<td colspan="2"><input type="checkbox" name="plaintext-enabled" id="plaintext-enabled" onclick="applyDisplayable('plaintext')" ${plaintextConfiguration.enabled ? 'checked' : ''}/><label for="plaintext-enabled"><fmt:message key="ssl.settings.client.plaintext.label_enable"/></label></td>
</tr>
<tr valign="middle">
<td width="1%" nowrap><label for="plaintext-tcpPort">Port number</label></td>
<td width="1%" nowrap><label for="plaintext-tcpPort"><fmt:message key="ports.port"/></label></td>
<td width="99%"><input type="text" name="plaintext-tcpPort" id="plaintext-tcpPort" value="${plaintextConfiguration.port}"/></td>
</tr>
<tr valign="middle">
......@@ -146,16 +147,17 @@
</admin:contentBox>
<admin:contentBox title="Encrypted (legacy-mode) connections">
<fmt:message key="ssl.settings.client.legacymode.boxtitle" var="legacymodeboxtitle"/>
<admin:contentBox title="${legacymodeboxtitle}">
<p>Connections of this type are established using encryption immediately (as opposed to using STARTTLS). This type of connectivity is commonly referred to as the "legacy" method of establishing encrypted communications.</p>
<p><fmt:message key="ssl.settings.client.legacymode.info"/></p>
<table cellpadding="3" cellspacing="0" border="0">
<tr valign="middle">
<td colspan="2"><input type="checkbox" name="legacymode-enabled" id="legacymode-enabled" onclick="applyDisplayable('legacymode')" ${legacymodeConfiguration.enabled ? 'checked' : ''}/><label for="legacymode-enabled">Enabled</label></td>
<td colspan="2"><input type="checkbox" name="legacymode-enabled" id="legacymode-enabled" onclick="applyDisplayable('legacymode')" ${legacymodeConfiguration.enabled ? 'checked' : ''}/><label for="legacymode-enabled"><fmt:message key="ssl.settings.client.legacymode.label_enable"/></label></td>
</tr>
<tr valign="middle">
<td width="1%" nowrap><label for="legacymode-tcpPort">Port number</label></td>
<td width="1%" nowrap><label for="legacymode-tcpPort"><fmt:message key="ports.port"/></label></td>
<td width="99%"><input type="text" name="legacymode-tcpPort" id="legacymode-tcpPort" value="${legacymodeConfiguration.port}"></td>
</tr>
<tr valign="middle">
......
......@@ -263,16 +263,17 @@
<form action="connection-settings-socket-s2s.jsp" method="post">
<admin:contentBox title="Plain-text (with STARTTLS) connections">
<fmt:message key="server2server.settings.boxtitle" var="boxtitle"/>
<admin:contentBox title="${boxtitle}">
<p>Openfire can accept plain-text connections, which, depending on the policy that is configured here, can be upgraded to encrypted connections (using the STARTTLS protocol).</p>
<p><fmt:message key="server2server.settings.boxinfo"/></p>
<table cellpadding="3" cellspacing="0" border="0">
<tr valign="middle">
<td colspan="2"><input type="checkbox" name="plaintext-enabled" id="plaintext-enabled" onclick="applyDisplayable('plaintext')" ${plaintextConfiguration.enabled ? 'checked' : ''}/><label for="plaintext-enabled">Enabled</label></td>
<td colspan="2"><input type="checkbox" name="plaintext-enabled" id="plaintext-enabled" onclick="applyDisplayable('plaintext')" ${plaintextConfiguration.enabled ? 'checked' : ''}/><label for="plaintext-enabled"><fmt:message key="server2server.settings.label_enable"/></label></td>
</tr>
<tr valign="middle">
<td width="1%" nowrap><label for="plaintext-tcpPort">Port number</label></td>
<td width="1%" nowrap><label for="plaintext-tcpPort"><fmt:message key="ports.port"/></label></td>
<td width="99%"><input type="text" name="plaintext-tcpPort" id="plaintext-tcpPort" value="${plaintextConfiguration.port}"/></td>
</tr>
<tr valign="middle">
......
......@@ -108,9 +108,9 @@
<!-- BEGIN 'Import Private Key and Certificate' -->
<form action="import-keystore-certificate.jsp?connectionType=${connectionType}" method="post">
<c:set var="title">Private Key</c:set>
<c:set var="title"><fmt:message key="ssl.import.certificate.keystore.private-key.title"/></c:set>
<admin:contentBox title="${title}">
<p>Please provide the PEM representation of the private key that should be used to identify Openfire.</p>
<p><fmt:message key="ssl.import.certificate.keystore.private-key.info"/></p>
<table cellpadding="3" cellspacing="0" border="0">
<tr valign="top">
<td width="1%" nowrap class="c1">
......@@ -131,9 +131,9 @@
</table>
</admin:contentBox>
<c:set var="title">Certificate</c:set>
<c:set var="title"><fmt:message key="ssl.import.certificate.keystore.certificate.title"/></c:set>
<admin:contentBox title="${title}">
<p>Please provide the PEM representation of the certificate chain that represents the identity of Openfire. Note that the certificate chain must be based on the private key provided above.</p>
<p><fmt:message key="ssl.import.certificate.keystore.certificate.info"/></p>
<table cellpadding="3" cellspacing="0" border="0">
<tr valign="top">
<td width="1%" nowrap class="c1">
......
<%@ page errorPage="error.jsp"%>
<%@ page import="org.jivesoftware.util.ParamUtils" %>
<%@ page import="java.util.Map" %>
<%@ page import="java.util.HashMap" %>
<%@ page import="org.jivesoftware.openfire.spi.ConnectionType" %>
<%@ page import="org.jivesoftware.openfire.keystore.CertificateStoreManager" %>
<%@ page import="org.jivesoftware.openfire.XMPPServer" %>
<%@ taglib uri="admin" prefix="admin" %>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %>
......@@ -21,7 +19,7 @@
%>
<html>
<head>
<title>Certificate Stores</title>
<title><fmt:message key="ssl.certificates.store-management.title"/></title>
<meta name="pageID" content="security-certificate-store-management"/>
</head>
<body>
......@@ -30,7 +28,7 @@
<admin:infobox type="error">
<c:choose>
<c:when test="${err.key eq 'template'}">
An unexpected error occurred.
<fmt:message key="admin.error"/>
</c:when>
<c:otherwise>
<c:if test="${not empty err.value}">
......@@ -43,70 +41,35 @@
</c:forEach>
<p>
Certificates are used (through TLS and SSL protocols) to establish secure connections between servers and clients.
When a secured connection is being created, parties can retrieve a certificate from the other party and (amongst
others) examine the issuer of those certificates. If the issuer is trusted, a secured layer of communication can be
established.
<fmt:message key="ssl.certificates.store-management.info-1"/>
</p>
<p>
Certificates are kept in specialized repositories, or 'stores'. Openfire provides two types of stores:
<ul>
<li><em>Identity stores</em> are used to store certificates that identify this instance of Openfire. On request,
they certificates from these stores are transmitted to other parties which use them to identify your server.
</li>
<li><em>Trust stores</em> contain certificates that identify parties that you choose to trust. Trust stores often do
not include the certificate from the remote party directly, but instead holds certificates from organizations
that are trusted to identify the certificate of the remote party. Such organizations are commonly referred to as
"Certificate Authorities".
</li>
</ul>
<fmt:message key="ssl.certificates.store-management.info-2"/>
</p>
<p>
This section of the admin panel is dedicated to management of the various key and trust stores that act as
repositories for sets of security certificates. By default, a small set of stores is re-used for various purposes,
but Openfire allows you to configure a distinct set of stores for each connection type.
</p>
<fmt:message key="ssl.certificates.store-management.info-3"/></p>
<c:forEach items="${connectionTypes}" var="connectionType">
<c:set var="title">
<c:choose>
<c:when test="${connectionType eq 'SOCKET_C2S'}">XMPP Client Stores</c:when>
<c:when test="${connectionType eq 'SOCKET_S2S'}">Server Federation Stores</c:when>
<c:when test="${connectionType eq 'BOSH_C2S'}">BOSH (HTTP Binding) Stores</c:when>
<c:when test="${connectionType eq 'WEBADMIN'}">Admin Console Stores</c:when>
<c:when test="${connectionType eq 'COMPONENT'}">External Component Stores</c:when>
<c:when test="${connectionType eq 'CONNECTION_MANAGER'}">Connection Manager Stores</c:when>
<c:when test="${connectionType eq 'SOCKET_C2S'}"><fmt:message key="ssl.certificates.store-management.socket-c2s-stores.title"/></c:when>
<c:when test="${connectionType eq 'SOCKET_S2S'}"><fmt:message key="ssl.certificates.store-management.socket-s2s-stores.title"/></c:when>
<c:when test="${connectionType eq 'BOSH_C2S'}"><fmt:message key="ssl.certificates.store-management.bosh-c2s-stores.title"/></c:when>
<c:when test="${connectionType eq 'WEBADMIN'}"><fmt:message key="ssl.certificates.store-management.admin-console-stores.title"/></c:when>
<c:when test="${connectionType eq 'COMPONENT'}"><fmt:message key="ssl.certificates.store-management.component-stores.title"/></c:when>
<c:when test="${connectionType eq 'CONNECTION_MANAGER'}"><fmt:message key="ssl.certificates.store-management.connection-manager-stores.title"/></c:when>
</c:choose>
</c:set>
<c:set var="description">
<c:choose>
<c:when test="${connectionType eq 'SOCKET_C2S'}">
These stores are used for regular, TCP-based client-to-server XMPP communication. Two stores are provided:
one identity store and a trust store. Openfire ships with an empty trust store, as in typical
environments, certificate-based authentication of clients is not required.
</c:when>
<c:when test="${connectionType eq 'SOCKET_S2S'}">
These stores are used for erver-to-server XMPP communication, which establishes server federation.
Two stores are provided: one identity store and a trust store. Openfire ships with a trust store filled
with certificates of generally accepted certificate authorities.
</c:when>
<c:when test="${connectionType eq 'BOSH_C2S'}">
These stores are used for BOSH-based XMPP communication. Two stores are provided: an identity store
and a client trust store.
</c:when>
<c:when test="${connectionType eq 'WEBADMIN'}">
These stores are used for the web-based admin console (you're looking at it right now!). Again, two stores are
provided an identity store and a trust store (used for optional authentication of browsers that use the admin
panel).
</c:when>
<c:when test="${connectionType eq 'COMPONENT'}">
These stores are used to establish connections with external components.
</c:when>
<c:when test="${connectionType eq 'CONNECTION_MANAGER'}">
These stores are used to establish connections with Openfire Connection Managers.
</c:when>
<c:when test="${connectionType eq 'SOCKET_C2S'}"><fmt:message key="ssl.certificates.store-management.socket-c2s-stores.info"/></c:when>
<c:when test="${connectionType eq 'SOCKET_S2S'}"><fmt:message key="ssl.certificates.store-management.socket-s2s-stores.info"/></c:when>
<c:when test="${connectionType eq 'BOSH_C2S'}"><fmt:message key="ssl.certificates.store-management.bosh-c2s-stores.info"/></c:when>
<c:when test="${connectionType eq 'WEBADMIN'}"><fmt:message key="ssl.certificates.store-management.admin-console-stores.info"/></c:when>
<c:when test="${connectionType eq 'COMPONENT'}"><fmt:message key="ssl.certificates.store-management.component-stores.info"/></c:when>
<c:when test="${connectionType eq 'CONNECTION_MANAGER'}"><fmt:message key="ssl.certificates.store-management.connection-manager-stores.info"/></c:when>
</c:choose>
</c:set>
......@@ -118,14 +81,14 @@
<table cellpadding="0" cellspacing="0" border="0">
<tbody>
<tr>
<td><label for="loc-key-socket">Identity Store:</label></td>
<td><label for="loc-key-socket"><fmt:message key="ssl.certificates.identity-store"/>:</label></td>
<td><input id="loc-key-socket" name="loc-key-socket" type="text" size="80" readonly value="${certificateStoreManager.getIdentityStore(connectionType).configuration.file}"/></td>
<td><a href="security-keystore.jsp?connectionType=${connectionType}">Manage Store Contents</a></td>
<td><a href="security-keystore.jsp?connectionType=${connectionType}"><fmt:message key="ssl.certificates.store-management.manage"/></a></td>
</tr>
<tr>
<td><label for="loc-trust-socket-c2s">Trust Store:</label></td>
<td><label for="loc-trust-socket-c2s"><fmt:message key="ssl.certificates.trust-store"/>:</label></td>
<td><input id="loc-trust-socket-c2s" name="loc-trust-socket-c2s" type="text" size="80" readonly value="${certificateStoreManager.getTrustStore(connectionType).configuration.file}"/></td>
<td><a href="security-truststore.jsp?connectionType=${connectionType}">Manage Store Contents</a></td>
<td><a href="security-truststore.jsp?connectionType=${connectionType}"><fmt:message key="ssl.certificates.store-management.manage"/></a></td>
</tr>
</tbody>
</table>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment