Adito (OpenVPN ALS) – Lars Werner
May 172015
 

The changes in Oracles Java 1.8 is significant. Earlier compiled versions of Adito (also called OpenVPN-ALS) is no longer valid and needs to be recompiled.

If you want to make Adito work on Java 1.8 or newer, follow the guide or download the SVN-installer with signed applet from here.

Please note that description is for Windows users, but the code-changes in step 5 can be implemented to Linux for correct compile.

1. Installing Java 8 JDK
Download the JDK from here: http://www.oracle.com/technetwork/java/javase/downloads/index.html
(Version tested was Java SE Development Kit 8u45; Windows x86; filename: jdk-8u45-windows-i586.exe)
Add your JDK-directory\bin to your PATH-settings. If you are unfamiliar, please read this guide: https://www3.ntu.edu.sg/home/ehchua/programming/howto/JDK_Howto.html
Typical installation directory: %programfiles%\Java\jdk1.8.0_45

The JDK will also install the JRE (Java Run time), so a simple test after installation is to run “java.exe -version” in a command-prompt

2. Downloading latest version of Adito source code
The SVN-version of Adito can be downloaded from the sourceforge: http://sourceforge.net/p/openvpn-als/code/HEAD/tarball
(If you are having trouble getting the version, try downloading TortoiseSVN: http://tortoisesvn.net/downloads.html

Then use the SVN-link to get the R706 version: svn://svn.code.sf.net/p/openvpn-als/code/adito/trunk )

Typical installation directory: c:\adito
3. Downloading ANT
Adito project is setup to use ANT for compilation. Download ANT from here: https://ant.apache.org/bindownload.cgi
(Tested version was apache-ant-1.9.4-bin.zip). Add the c:\ant\bin directory to the PATH-variable in system. As earlier done in the JDK installation.
 Typical installation directory: c:\ant

You can test ANT by typing “ant -version” in the command-prompt. It should state “Apache Ant(TM) version 1.9.4 compiled on April 29 2014”.

4. Copy tools.jar from the JDK to Adito installation
 In the JDK-directory %programfiles%\Java\jdk1.8.0_45\lib\ locate the the “tools.jar” file

Copy tools.jar to 2 destinations:

c:\adito\lib

%programfiles%\Java\jre1.8.0_45\lib

5. Modify adito-source to correct version
ANT uses the build.xml files to compile each component. Adito source is old and are unaware of java version later than 1.2. Changes made are compile-parameters that will ensure that java 1.8 is targeted.
Find build.xml files in these directories and change target=”1.x” to target=”1.8″:

C:\adito\clientcerts\build.xml, line 88

C:\adito\maverick-crypto\build.xml, line 40

C:\adito\maverick-multiplex\build.xml, line 62

C:\adito\maverick-ssl\build.xml, line 83 and 150

C:\adito\maverick-util\build.xml, line 43

C:\adito\ui\build.xml, line 118

Save all the files and you’re ready to compile.

6. Compile the Adito
Open a command-prompt and go to directory c:\adito, enter command: “ANT -projecthelp”

A list of commands will be shown:

clean              Removes compiled files

compile            Compile Adito.

console            Starts the Adito server in the foreground display all output to the console

dist               Create an executable, ready to distribute version of Adito

help               Displays some help.

install            Run the Adito installation wizard. The server must not be running.

install-agent      Install Adito Agent.

install-service    Install Adito as a service.

javadoc            Generate javadocs for everything

start              Starts the Adito in the background

start-using-java   Starts the Adito in the foreground without the OS-dependent wrapper

stop               Stops the running Adito. Note, this currently does not work on all platforms.

sysinfo            Display some system information

uninstall-service  Uninstall Adito service.

Write then “ant compile” to compile. It should end after a minute or two with:

BUILD SUCCESSFUL

Total time: 51 seconds

Please ignore the warnings and others messages during compile. It did not cause any problems with my installation.

Messages like “[javac] warning: [options] source value 1.5 is obsolete and will be removed in a future release” could potential be failing in the future.

To run the installer and first-time setup type: “ant install”. To run Adito normal just run “ant” in the directory, it is the same as “ant start-using-java”.

Wrapper does not work as expected, but my updated installer fixes that.

Please note that a Adito for Java 1.8-installer version is on its way, just waiting for a updated cert.

Jan 262014
 

Oracles recent Java changes have “forced” applets to be signed.
My point of view is that Oracle is bullying a lot of open source developers.
Many of us doesn’t have the funds for $100-$500 a year certificate fees.
There are one solution for open source developers to get a certificate for free; certum.eu

I have recently been granted 1 year certificate from Certum.eu and used it on the Adito project.
Certum.eu CA is included in Java, IE, Firefox, Chrome, etcetera; so end users have the chain already.
An article regarding signing existing jars, will be published later.

When you launch the client you still will get the SSL-certificate error.
To fix this you have to buy a SSL-certificate for you site, but for now Java accept self-signed SSL-certs.
SSL cert error still there

When the actual applet launch, the certificate present the signed-title.
Certum always add “Open source developer x, x” in their certificates.
Adito signed jar version

Please note that a certificate is not equal to safe code. When an applet has a cert, it is always executed outside the sandbox.
Meaning that you grant full access to your computer. Since I only provide the installer I cannot take any responsibility regarding what Adito does with your system! No changes has been done to the binaries on this release, only the cert and webpage template change.

After you pushed “run” the client run as normal
Lunch adito

Download the new version from the Adito SVN R706 page.
Please backup before you update!

 Posted by at 08:00:28
Jan 172014
 

Oracle have updated their Java with a lot of annoying popups.

Oracle probably think that this increase the security of their “swiss cheese executable container” called java.

Adito is no longer developed and at the time it was, Java was “the-way-todo-it”.

Adito from my site is a unsigned applet, the default setup action now is to block it.

The best way to get rid of the problem is to decrease the security settings to “Medium”.

But you can add exceptions for your own site, and still keep “security” high.

Below this method is explained.

Here is the problem when you run Adito without rights to run:

java warning 1

java block 1

java failed 1

To fix this go to the control-panel, then run Java-settings:

java controlpanel

Go to the security-tab and push the “Edit site list”:

java security

Add your site to the security list, this is the same as in your browser addressfield:

java security add site

java security add site localhost

Now when you reload your Adito-agent, you will be presented with this prompt:

java in browser accept agent

If you accept the risk, check it and push run.

(The Adito-agent is compiled by me, unchanged from source.)

The agent should be running like before.

 Posted by at 22:44:17
%d bloggers like this: