Changeset 13450 in josm for trunk/src/org/openstreetmap/josm/io/CertificateAmendment.java
- Timestamp:
- 2018-02-23T00:01:20+01:00 (6 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/org/openstreetmap/josm/io/CertificateAmendment.java
r12846 r13450 5 5 6 6 import java.io.ByteArrayInputStream; 7 import java.io.File;8 7 import java.io.IOException; 9 8 import java.io.InputStream; … … 49 48 * @since 11943 50 49 */ 51 public static class CertAmend { 52 private final String id; 50 public abstract static class CertAmend { 53 51 private final String filename; 54 52 private final String sha256; 55 53 56 CertAmend(String id, String filename, String sha256) { 57 this.id = id; 58 this.filename = filename; 59 this.sha256 = sha256; 60 } 61 62 /** 63 * Returns the certificate identifier. 64 * @return path for JOSM embedded certificate, alias for Windows platform certificate 65 */ 66 public final String getId() { 67 return id; 54 CertAmend(String filename, String sha256) { 55 this.filename = Objects.requireNonNull(filename); 56 this.sha256 = Objects.requireNonNull(sha256); 68 57 } 69 58 … … 87 76 88 77 /** 78 * An embedded certificate amendment. 79 * @since 13450 80 */ 81 public static class EmbeddedCertAmend extends CertAmend { 82 private final String url; 83 84 EmbeddedCertAmend(String url, String filename, String sha256) { 85 super(filename, sha256); 86 this.url = Objects.requireNonNull(url); 87 } 88 89 /** 90 * Returns the embedded URL in JOSM jar. 91 * @return path for JOSM embedded certificate 92 */ 93 public final String getUrl() { 94 return url; 95 } 96 97 @Override 98 public String toString() { 99 return url; 100 } 101 } 102 103 /** 104 * A certificate amendment relying on native platform certificate store. 105 * @since 13450 106 */ 107 public static class NativeCertAmend extends CertAmend { 108 private final String winAlias; 109 private final String macAlias; 110 111 NativeCertAmend(String winAlias, String macAlias, String filename, String sha256) { 112 super(filename, sha256); 113 this.winAlias = Objects.requireNonNull(winAlias); 114 this.macAlias = Objects.requireNonNull(macAlias); 115 } 116 117 /** 118 * Returns the Windows alias in System Root Certificates keystore. 119 * @return the Windows alias in System Root Certificates keystore 120 */ 121 public final String getWinAlias() { 122 return winAlias; 123 } 124 125 /** 126 * Returns the macOS alias in System Root Certificates keychain. 127 * @return the macOS alias in System Root Certificates keychain 128 */ 129 public final String getMacAlias() { 130 return macAlias; 131 } 132 133 @Override 134 public String toString() { 135 String result = winAlias; 136 if (!winAlias.equals(macAlias)) { 137 result += " / " + macAlias; 138 } 139 return result; 140 } 141 } 142 143 /** 89 144 * Certificates embedded in JOSM 90 145 */ 91 private static final CertAmend[] CERT_AMEND = {92 new CertAmend("resource://data/security/DST_Root_CA_X3.pem", "DST_Root_CA_X3.pem",146 private static final EmbeddedCertAmend[] CERT_AMEND = { 147 new EmbeddedCertAmend("resource://data/security/DST_Root_CA_X3.pem", "DST_Root_CA_X3.pem", 93 148 "0687260331a72403d909f105e69bcf0d32e1bd2493ffc6d9206d11bcd6770739") 94 149 }; … … 96 151 /** 97 152 * Certificates looked into platform native keystore and not embedded in JOSM. 98 * Identifiers must match Windows keystore aliases and Unix filenames for efficient search.99 */ 100 private static final CertAmend[] PLATFORM_CERT_AMEND = {153 * Identifiers must match Windows/macOS keystore aliases and Unix filenames for efficient search. 154 */ 155 private static final NativeCertAmend[] PLATFORM_CERT_AMEND = { 101 156 // Government of Netherlands 102 new CertAmend("Staat der Nederlanden Root CA - G2", "Staat_der_Nederlanden_Root_CA_-_G2.crt", 157 new NativeCertAmend("Staat der Nederlanden Root CA - G2", "Staat der Nederlanden Root CA - G2", 158 "Staat_der_Nederlanden_Root_CA_-_G2.crt", 103 159 "668c83947da63b724bece1743c31a0e6aed0db8ec5b31be377bb784f91b6716f"), 104 160 // Government of Netherlands 105 new CertAmend("Government of Netherlands G3", "Staat_der_Nederlanden_Root_CA_-_G3.crt", 161 new NativeCertAmend("Government of Netherlands G3", "Staat der Nederlanden Root CA - G3", 162 "Staat_der_Nederlanden_Root_CA_-_G3.crt", 106 163 "3c4fb0b95ab8b30032f432b86f535fe172c185d0fd39865837cf36187fa6f428"), 107 164 // Trusted and used by French Government - https://www.certigna.fr/autorites/index.xhtml?ac=Racine#lracine 108 new CertAmend("Certigna", "Certigna.crt",165 new NativeCertAmend("Certigna", "Certigna", "Certigna.crt", 109 166 "e3b6a2db2ed7ce48842f7ac53241c7b71d54144bfb40c11f3f1d0b42f5eea12d"), 110 167 }; … … 132 189 boolean certificateAdded = false; 133 190 // Add embedded certificates. Exit in case of error 134 for ( CertAmend certAmend : CERT_AMEND) {135 try (CachedFile certCF = new CachedFile(certAmend. id)) {191 for (EmbeddedCertAmend certAmend : CERT_AMEND) { 192 try (CachedFile certCF = new CachedFile(certAmend.url)) { 136 193 X509Certificate cert = (X509Certificate) cf.generateCertificate( 137 194 new ByteArrayInputStream(certCF.getByteContent())); … … 144 201 try { 145 202 // Try to add platform certificates. Do not exit in case of error (embedded certificates may be OK) 146 for ( CertAmend certAmend : PLATFORM_CERT_AMEND) {203 for (NativeCertAmend certAmend : PLATFORM_CERT_AMEND) { 147 204 X509Certificate cert = Main.platform.getX509Certificate(certAmend); 148 205 if (checkAndAddCertificate(md, cert, certAmend, keyStore)) { … … 170 227 throw new IllegalStateException( 171 228 tr("Error adding certificate {0} - certificate fingerprint mismatch. Expected {1}, was {2}", 172 certAmend .id, certAmend.sha256, sha256));229 certAmend, certAmend.sha256, sha256)); 173 230 } 174 231 if (certificateIsMissing(keyStore, cert)) { … … 176 233 Logging.debug(tr("Adding certificate for TLS connections: {0}", cert.getSubjectX500Principal().getName())); 177 234 } 178 String alias = "josm:" + new File(certAmend.id).getName();235 String alias = "josm:" + certAmend.filename; 179 236 keyStore.setCertificateEntry(alias, cert); 180 237 return true;
Note:
See TracChangeset
for help on using the changeset viewer.