Ticket #17006: 17006-v2.patch

File 17006-v2.patch, 3.8 KB (added by GerdP, 4 weeks ago)
  • src/org/openstreetmap/josm/tools/PlatformHookWindows.java

     
    467467    @Override
    468468    public X509Certificate getX509Certificate(NativeCertAmend certAmend)
    469469            throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
    470         // Make a web request to target site to force Windows to update if needed its trust root store from its certificate trust list
    471         // A better, but a lot more complex method might be to get certificate list from Windows Registry with PowerShell
    472         // using (Get-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate').EncodedCtl)
    473         // then decode it using CertUtil -dump or calling CertCreateCTLContext API using JNI, and finally find and decode the certificate
    474         Logging.trace(webRequest(certAmend.getWebSite()));
    475470        // Get Windows Trust Root Store
    476471        KeyStore ks = getRootKeystore();
     472        Certificate result;
    477473        // Search by alias (fast)
    478         Certificate result = ks.getCertificate(certAmend.getWinAlias());
     474        try {
     475            result = ks.getCertificate(certAmend.getWinAlias());
     476        } catch (Exception e) {
     477            // Make a web request to target site to force Windows to update if needed its trust root store from its certificate trust list
     478            // A better, but a lot more complex method might be to get certificate list from Windows Registry with PowerShell
     479            // using (Get-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\SystemCertificates\\AuthRoot\\AutoUpdate').EncodedCtl)
     480            // then decode it using CertUtil -dump or calling CertCreateCTLContext API using JNI, and finally find and decode the certificate
     481            Logging.trace(webRequest(certAmend.getWebSite()));
     482            // Search again by alias (fast)
     483            result = ks.getCertificate(certAmend.getWinAlias());
     484        }
     485
    479486        if (result instanceof X509Certificate) {
    480487            return (X509Certificate) result;
    481488        }
     
    749756     */
    750757    public static int getPowerShellVersion() {
    751758        try {
    752             return Integer.parseInt(Utils.execOutput(Arrays.asList(
    753                     "powershell", "-Command", "$PSVersionTable.PSVersion.Major"), 2, TimeUnit.SECONDS));
    754         } catch (ExecutionException e) {
    755             // PowerShell 2.0 (included in Windows 7) does not even support this
    756             Logging.debug(e);
    757             return -1;
    758         } catch (NumberFormatException | IOException | InterruptedException e) {
     759            String version = WinRegistry.readString(HKEY_LOCAL_MACHINE, "SOFTWARE\\Microsoft\\Powershell\\3\\PowershellEngine", "PowershellVersion");
     760            if (version != null) {
     761                Matcher m = Pattern.compile("(\\d+)\\.(\\d+)(\\.\\d+.*)?").matcher(version);
     762                if (m.matches()) {
     763                    return Integer.parseInt(m.group(1));
     764                }
     765            }
     766        } catch (IllegalAccessException | InvocationTargetException | NumberFormatException e) {
    759767            Logging.error(e);
    760             return -1;
    761768        }
     769        return -1;
    762770    }
    763771
    764772    /**
     
    769777     * @throws IOException if any I/O error occurs
    770778     * @since 13458
    771779     */
    772     public static String webRequest(String uri) throws IOException {
     780    public String webRequest(String uri) throws IOException {
    773781        // With PS 6.0 (not yet released in Windows) we could simply use:
    774782        // Invoke-WebRequest -SSlProtocol Tsl12 $uri
    775783        // .NET framework < 4.5 does not support TLS 1.2 (https://stackoverflow.com/a/43240673/2257172)