Changeset 13451 in josm
- Timestamp:
- 2018-02-24T17:14:11+01:00 (6 years ago)
- Location:
- trunk/src/org/openstreetmap/josm
- Files:
-
- 2 edited
-
io/CertificateAmendment.java (modified) (3 diffs)
-
tools/PlatformHookWindows.java (modified) (3 diffs)
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/org/openstreetmap/josm/io/CertificateAmendment.java
r13450 r13451 108 108 private final String winAlias; 109 109 private final String macAlias; 110 111 NativeCertAmend(String winAlias, String macAlias, String filename, String sha256) { 110 private final String httpsWebSite; 111 112 NativeCertAmend(String winAlias, String macAlias, String filename, String sha256, String httpsWebSite) { 112 113 super(filename, sha256); 113 114 this.winAlias = Objects.requireNonNull(winAlias); 114 115 this.macAlias = Objects.requireNonNull(macAlias); 116 this.httpsWebSite = Objects.requireNonNull(httpsWebSite); 115 117 } 116 118 … … 129 131 public final String getMacAlias() { 130 132 return macAlias; 133 } 134 135 /** 136 * Returns the https website we need to call to notify Windows we need its root certificate. 137 * @return the https website signed with this root CA 138 * @since 13451 139 */ 140 public String getWebSite() { 141 return httpsWebSite; 131 142 } 132 143 … … 157 168 new NativeCertAmend("Staat der Nederlanden Root CA - G2", "Staat der Nederlanden Root CA - G2", 158 169 "Staat_der_Nederlanden_Root_CA_-_G2.crt", 159 "668c83947da63b724bece1743c31a0e6aed0db8ec5b31be377bb784f91b6716f"), 170 "668c83947da63b724bece1743c31a0e6aed0db8ec5b31be377bb784f91b6716f", 171 "https://roottest-g2.pkioverheid.nl"), 160 172 // Government of Netherlands 161 173 new NativeCertAmend("Government of Netherlands G3", "Staat der Nederlanden Root CA - G3", 162 174 "Staat_der_Nederlanden_Root_CA_-_G3.crt", 163 "3c4fb0b95ab8b30032f432b86f535fe172c185d0fd39865837cf36187fa6f428"), 175 "3c4fb0b95ab8b30032f432b86f535fe172c185d0fd39865837cf36187fa6f428", 176 "https://roottest-g3.pkioverheid.nl"), 164 177 // Trusted and used by French Government - https://www.certigna.fr/autorites/index.xhtml?ac=Racine#lracine 165 178 new NativeCertAmend("Certigna", "Certigna", "Certigna.crt", 166 "e3b6a2db2ed7ce48842f7ac53241c7b71d54144bfb40c11f3f1d0b42f5eea12d"), 179 "e3b6a2db2ed7ce48842f7ac53241c7b71d54144bfb40c11f3f1d0b42f5eea12d", 180 "https://www.certigna.fr"), 167 181 }; 168 182 -
trunk/src/org/openstreetmap/josm/tools/PlatformHookWindows.java
r13450 r13451 59 59 import java.security.spec.X509EncodedKeySpec; 60 60 import java.util.ArrayList; 61 import java.util.Arrays; 61 62 import java.util.Collection; 62 63 import java.util.Enumeration; … … 64 65 import java.util.Locale; 65 66 import java.util.Properties; 67 import java.util.concurrent.ExecutionException; 66 68 67 69 import javax.swing.JOptionPane; … … 441 443 public X509Certificate getX509Certificate(NativeCertAmend certAmend) 442 444 throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { 445 // Make a web request to target site to force Windows to update if needed its trust root store from its certificate trust list 446 // A better, but a lot more complex method might be to get certificate list from Windows Registry with PowerShell 447 // using (Get-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate').EncodedCtl) 448 // then decode it using CertUtil -dump or calling CertCreateCTLContext API using JNI, and finally find and decode the certificate 449 try { 450 // https://stackoverflow.com/a/41618979/2257172 451 Utils.execOutput(Arrays.asList("powershell", "-Command", 452 "[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12;" + 453 "Invoke-WebRequest " + certAmend.getWebSite())); 454 } catch (ExecutionException | InterruptedException e) { 455 Logging.error(e); 456 } 457 // Get Windows Trust Root Store 443 458 KeyStore ks = getRootKeystore(); 444 459 // Search by alias (fast)
Note:
See TracChangeset
for help on using the changeset viewer.
