Ticket #17006: 17006-v2.patch
File 17006-v2.patch, 3.8 KB (added by , 5 years ago) |
---|
-
src/org/openstreetmap/josm/tools/PlatformHookWindows.java
467 467 @Override 468 468 public X509Certificate getX509Certificate(NativeCertAmend certAmend) 469 469 throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { 470 // Make a web request to target site to force Windows to update if needed its trust root store from its certificate trust list471 // A better, but a lot more complex method might be to get certificate list from Windows Registry with PowerShell472 // using (Get-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate').EncodedCtl)473 // then decode it using CertUtil -dump or calling CertCreateCTLContext API using JNI, and finally find and decode the certificate474 Logging.trace(webRequest(certAmend.getWebSite()));475 470 // Get Windows Trust Root Store 476 471 KeyStore ks = getRootKeystore(); 472 Certificate result; 477 473 // Search by alias (fast) 478 Certificate result = ks.getCertificate(certAmend.getWinAlias()); 474 try { 475 result = ks.getCertificate(certAmend.getWinAlias()); 476 } catch (Exception e) { 477 // Make a web request to target site to force Windows to update if needed its trust root store from its certificate trust list 478 // A better, but a lot more complex method might be to get certificate list from Windows Registry with PowerShell 479 // using (Get-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate').EncodedCtl) 480 // then decode it using CertUtil -dump or calling CertCreateCTLContext API using JNI, and finally find and decode the certificate 481 Logging.trace(webRequest(certAmend.getWebSite())); 482 // Search again by alias (fast) 483 result = ks.getCertificate(certAmend.getWinAlias()); 484 } 485 479 486 if (result instanceof X509Certificate) { 480 487 return (X509Certificate) result; 481 488 } … … 749 756 */ 750 757 public static int getPowerShellVersion() { 751 758 try { 752 return Integer.parseInt(Utils.execOutput(Arrays.asList( 753 "powershell", "-Command", "$PSVersionTable.PSVersion.Major"), 2, TimeUnit.SECONDS)); 754 } catch (ExecutionException e) { 755 // PowerShell 2.0 (included in Windows 7) does not even support this 756 Logging.debug(e); 757 return -1; 758 } catch (NumberFormatException | IOException | InterruptedException e) { 759 String version = WinRegistry.readString(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Powershell\\3\\PowershellEngine", "PowershellVersion"); 760 if (version != null) { 761 Matcher m = Pattern.compile("(\\d+)\\.(\\d+)(\\.\\d+.*)?").matcher(version); 762 if (m.matches()) { 763 return Integer.parseInt(m.group(1)); 764 } 765 } 766 } catch (IllegalAccessException | InvocationTargetException | NumberFormatException e) { 759 767 Logging.error(e); 760 return -1;761 768 } 769 return -1; 762 770 } 763 771 764 772 /** … … 769 777 * @throws IOException if any I/O error occurs 770 778 * @since 13458 771 779 */ 772 public staticString webRequest(String uri) throws IOException {780 public String webRequest(String uri) throws IOException { 773 781 // With PS 6.0 (not yet released in Windows) we could simply use: 774 782 // Invoke-WebRequest -SSlProtocol Tsl12 $uri 775 783 // .NET framework < 4.5 does not support TLS 1.2 (https://stackoverflow.com/a/43240673/2257172)