Changeset 15469 in josm for trunk

Timestamp:

2019-10-22T23:32:51+02:00 (4 years ago)

Author:

Don-vip

Message:

fix #10033, fix #15748, fix #17097 - drop remote control https support

Rationale: all modern browsers (including next version of Safari) allow mixed-content to localhost.

Cross-platform / cross-browser HTTPS support is a pain to maintain, was never completed, and is no longer needed.

Location:

trunk

Files:

• build.xml (modified) (3 diffs)
• josm-latest.jnlp (modified) (1 diff)
• josm.jnlp (modified) (1 diff)
• src/org/openstreetmap/josm/data/Preferences.java (modified) (1 diff)
• src/org/openstreetmap/josm/gui/MainApplication.java (modified) (2 diffs)
• src/org/openstreetmap/josm/gui/preferences/remotecontrol/RemoteControlPreference.java (modified) (9 diffs)
• src/org/openstreetmap/josm/io/remotecontrol/RemoteControl.java (modified) (4 diffs)
• src/org/openstreetmap/josm/io/remotecontrol/RemoteControlHttpsServer.java (deleted)
• src/org/openstreetmap/josm/tools/PlatformHook.java (modified) (2 diffs)
• src/org/openstreetmap/josm/tools/PlatformHookWindows.java (modified) (5 diffs)
• test/unit/org/openstreetmap/josm/io/remotecontrol/RemoteControlTest.java (modified) (6 diffs)
• test/unit/org/openstreetmap/josm/tools/PlatformHookOsxTest.java (modified) (1 diff)
• test/unit/org/openstreetmap/josm/tools/PlatformHookWindowsTest.java (modified) (4 diffs)

trunk/build.xml

@@ -198 +198 @@
                 <attribute name="Application-Name" value="JOSM - Java OpenStreetMap Editor"/>
                 <!-- Java 9 stuff. Entries are safely ignored by Java 8 -->
-                <attribute name="Add-Exports" value="java.base/sun.security.util java.base/sun.security.x509 java.desktop/com.apple.eawt java.desktop/com.sun.imageio.spi java.desktop/com.sun.imageio.plugins.jpeg javafx.graphics/com.sun.javafx.application jdk.deploy/com.sun.deploy.config" />
+                <attribute name="Add-Exports" value="java.desktop/com.apple.eawt java.desktop/com.sun.imageio.spi java.desktop/com.sun.imageio.plugins.jpeg javafx.graphics/com.sun.javafx.application jdk.deploy/com.sun.deploy.config" />
                 <attribute name="Add-Opens" value="java.base/java.lang java.base/java.nio java.base/jdk.internal.loader java.base/jdk.internal.ref java.desktop/javax.imageio.spi java.desktop/javax.swing.text.html java.prefs/java.util.prefs" />
             </manifest>
@@ -417 +417 @@
             <arg value="-Xdoclint:-html" if:set="isJava13" />
             <arg value="-html5" if:set="isJava9" />
-            <arg value="--add-exports" if:set="isJava9" />
-            <arg value="java.base/sun.security.util=ALL-UNNAMED" if:set="isJava9" />
-            <arg value="--add-exports" if:set="isJava9" />
-            <arg value="java.base/sun.security.x509=ALL-UNNAMED" if:set="isJava9" />
             <arg value="--add-exports" if:set="isJava9" unless:set="noJavaFX" />
             <arg value="javafx.graphics/com.sun.javafx.application=ALL-UNNAMED" if:set="isJava9" unless:set="noJavaFX" />
@@ -515 +511 @@
                     <jvmarg value="--add-modules" if:set="isJava9" unless:set="isJava11" />
                     <jvmarg value="java.activation,java.se.ee" if:set="isJava9" unless:set="isJava11" />
-                    <jvmarg value="--add-exports" if:set="isJava9" />
-                    <jvmarg value="java.base/sun.security.util=ALL-UNNAMED" if:set="isJava9" />
-                    <jvmarg value="--add-exports" if:set="isJava9" />
-                    <jvmarg value="java.base/sun.security.x509=ALL-UNNAMED" if:set="isJava9" />
                     <jvmarg value="--add-exports" if:set="isJava9" unless:set="noJavaFX" />
                     <jvmarg value="javafx.graphics/com.sun.javafx.application=ALL-UNNAMED" if:set="isJava9" unless:set="noJavaFX" />

trunk/josm-latest.jnlp

@@ -21 +21 @@
     </security>
     <resources>
-        <java version="1.8+" max-heap-size="2048m" java-vm-args="--add-modules=java.scripting,java.sql --add-exports=java.base/sun.security.util=ALL-UNNAMED --add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.desktop/com.apple.eawt=ALL-UNNAMED --add-exports=java.desktop/com.sun.imageio.spi=ALL-UNNAMED --add-exports=javafx.graphics/com.sun.javafx.application=ALL-UNNAMED --add-exports=jdk.deploy/com.sun.deploy.config=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED --add-opens=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.desktop/javax.imageio.spi=ALL-UNNAMED --add-exports=java.desktop/com.sun.imageio.plugins.jpeg=ALL-UNNAMED --add-opens=java.desktop/javax.swing.text.html=ALL-UNNAMED --add-opens=java.prefs/java.util.prefs=ALL-UNNAMED"/>
+        <java version="1.8+" max-heap-size="2048m" java-vm-args="--add-modules=java.scripting,java.sql --add-exports=java.desktop/com.apple.eawt=ALL-UNNAMED --add-exports=java.desktop/com.sun.imageio.spi=ALL-UNNAMED --add-exports=javafx.graphics/com.sun.javafx.application=ALL-UNNAMED --add-exports=jdk.deploy/com.sun.deploy.config=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED --add-opens=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.desktop/javax.imageio.spi=ALL-UNNAMED --add-exports=java.desktop/com.sun.imageio.plugins.jpeg=ALL-UNNAMED --add-opens=java.desktop/javax.swing.text.html=ALL-UNNAMED --add-opens=java.prefs/java.util.prefs=ALL-UNNAMED"/>
         <jar href="josm-latest.jar"/>
         <property name="java.util.Arrays.useLegacyMergeSort" value="true"/>

trunk/josm.jnlp

@@ -21 +21 @@
     </security>
     <resources>
-        <java version="1.8+" max-heap-size="2048m" java-vm-args="--add-modules=java.scripting,java.sql --add-exports=java.base/sun.security.util=ALL-UNNAMED --add-exports=java.base/sun.security.x509=ALL-UNNAMED --add-exports=java.desktop/com.apple.eawt=ALL-UNNAMED --add-exports=java.desktop/com.sun.imageio.spi=ALL-UNNAMED --add-exports=java.desktop/com.sun.imageio.plugins.jpeg=ALL-UNNAMED --add-exports=javafx.graphics/com.sun.javafx.application=ALL-UNNAMED --add-exports=jdk.deploy/com.sun.deploy.config=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED --add-opens=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.desktop/javax.imageio.spi=ALL-UNNAMED --add-opens=java.desktop/javax.swing.text.html=ALL-UNNAMED --add-opens=java.prefs/java.util.prefs=ALL-UNNAMED"/>
+        <java version="1.8+" max-heap-size="2048m" java-vm-args="--add-modules=java.scripting,java.sql --add-exports=java.desktop/com.apple.eawt=ALL-UNNAMED --add-exports=java.desktop/com.sun.imageio.spi=ALL-UNNAMED --add-exports=java.desktop/com.sun.imageio.plugins.jpeg=ALL-UNNAMED --add-exports=javafx.graphics/com.sun.javafx.application=ALL-UNNAMED --add-exports=jdk.deploy/com.sun.deploy.config=ALL-UNNAMED --add-opens=java.base/java.lang=ALL-UNNAMED --add-opens=java.base/java.nio=ALL-UNNAMED --add-opens=java.base/jdk.internal.loader=ALL-UNNAMED --add-opens=java.base/jdk.internal.ref=ALL-UNNAMED --add-opens=java.desktop/javax.imageio.spi=ALL-UNNAMED --add-opens=java.desktop/javax.swing.text.html=ALL-UNNAMED --add-opens=java.prefs/java.util.prefs=ALL-UNNAMED"/>
         <jar href="josm-tested.jar"/>
         <property name="java.util.Arrays.useLegacyMergeSort" value="true"/>

trunk/src/org/openstreetmap/josm/data/Preferences.java

@@ -83 +83 @@
 
     private static final String[] OBSOLETE_PREF_KEYS = {
+        "remotecontrol.https.enabled", /* remove entry after Dec. 2019 */
+        "remotecontrol.https.port", /* remove entry after Dec. 2019 */
     };
 

trunk/src/org/openstreetmap/josm/gui/MainApplication.java

@@ -27 +27 @@
 import java.security.CodeSource;
 import java.security.GeneralSecurityException;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
 import java.security.PermissionCollection;
 import java.security.Permissions;
 import java.security.Policy;
-import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Arrays;
@@ -929 +926 @@
         SwingUtilities.invokeLater(new GuiFinalizationWorker(args, proxySelector));
 
-        if (PlatformManager.isPlatformWindows()) {
-            try {
-                // Check for insecure certificates to remove.
-                // This is Windows-dependant code but it can't go to preStartupHook (need i18n)
-                // neither startupHook (need to be called before remote control)
-                PlatformHookWindows.removeInsecureCertificates();
-            } catch (NoSuchAlgorithmException | CertificateException | KeyStoreException | IOException e) {
-                Logging.error(e);
-            }
-        }
-
         if (RemoteControl.PROP_REMOTECONTROL_ENABLED.get()) {
             RemoteControl.start();

trunk/src/org/openstreetmap/josm/gui/preferences/remotecontrol/RemoteControlPreference.java

@@ -8 +8 @@
 import java.awt.GridBagLayout;
 import java.awt.event.ActionListener;
-import java.io.IOException;
-import java.security.GeneralSecurityException;
-import java.security.KeyStore;
-import java.security.KeyStoreException;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.CertificateException;
 import java.util.LinkedHashMap;
 import java.util.Map;
@@ -20 +14 @@
 import javax.swing.BorderFactory;
 import javax.swing.Box;
-import javax.swing.JButton;
 import javax.swing.JCheckBox;
 import javax.swing.JLabel;
-import javax.swing.JOptionPane;
 import javax.swing.JPanel;
 import javax.swing.JSeparator;
@@ -36 +28 @@
 import org.openstreetmap.josm.io.remotecontrol.PermissionPrefWithDefault;
 import org.openstreetmap.josm.io.remotecontrol.RemoteControl;
-import org.openstreetmap.josm.io.remotecontrol.RemoteControlHttpsServer;
 import org.openstreetmap.josm.io.remotecontrol.handler.RequestHandler;
 import org.openstreetmap.josm.spi.preferences.Config;
 import org.openstreetmap.josm.tools.GBC;
-import org.openstreetmap.josm.tools.Logging;
-import org.openstreetmap.josm.tools.PlatformHookWindows;
-import org.openstreetmap.josm.tools.PlatformManager;
 
 /**
@@ -73 +61 @@
     private final Map<PermissionPrefWithDefault, JCheckBox> prefs = new LinkedHashMap<>();
     private JCheckBox enableRemoteControl;
-    private JCheckBox enableHttpsSupport;
-
-    private JButton installCertificate;
-    private JButton uninstallCertificate;
 
     private final JCheckBox loadInNewLayer = new JCheckBox(tr("Download as new layer"));
@@ -93 +77 @@
 
         final JLabel portLabel = new JLabel("<html>"
-                + tr("JOSM will always listen at <b>port {0}</b> (http) and <b>port {1}</b> (https) on localhost."
-                + "<br>These ports are not configurable because they are referenced by external applications talking to JOSM.",
-                Config.getPref().get("remote.control.port", "8111"),
-                Config.getPref().get("remote.control.https.port", "8112")) + "</html>");
+                + tr("JOSM will always listen at <b>port {0}</b> (http) on localhost."
+                + "<br>This port is not configurable because it is referenced by external applications talking to JOSM.",
+                Config.getPref().get("remote.control.port", "8111")) + "</html>");
         portLabel.setFont(portLabel.getFont().deriveFont(Font.PLAIN));
         remote.add(portLabel, GBC.eol().insets(5, 5, 0, 10).fill(GBC.HORIZONTAL));
@@ -107 +90 @@
 
         remote.add(wrapper, GBC.eol().fill(GBC.HORIZONTAL).insets(5, 5, 5, 5));
-
-        boolean https = RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.get();
-
-        enableHttpsSupport = new JCheckBox(tr("Enable HTTPS support"), https);
-        wrapper.add(enableHttpsSupport, GBC.eol().fill(GBC.HORIZONTAL));
-
-        // Certificate installation only available on Windows for now, see #10033
-        if (PlatformManager.isPlatformWindows()) {
-            installCertificate = new JButton(tr("Install..."));
-            uninstallCertificate = new JButton(tr("Uninstall..."));
-            installCertificate.setToolTipText(tr("Install JOSM localhost certificate to system/browser root keystores"));
-            uninstallCertificate.setToolTipText(tr("Uninstall JOSM localhost certificate from system/browser root keystores"));
-            wrapper.add(new JLabel(tr("Certificate:")), GBC.std().insets(15, 5, 0, 0));
-            wrapper.add(installCertificate, GBC.std().insets(5, 5, 0, 0));
-            wrapper.add(uninstallCertificate, GBC.eol().insets(5, 5, 0, 0));
-            enableHttpsSupport.addActionListener(e -> installCertificate.setEnabled(enableHttpsSupport.isSelected()));
-            installCertificate.addActionListener(e -> {
-                try {
-                    boolean changed = RemoteControlHttpsServer.setupPlatform(
-                            RemoteControlHttpsServer.loadJosmKeystore());
-                    String msg = changed ?
-                            tr("Certificate has been successfully installed.") :
-                            tr("Certificate is already installed. Nothing to do.");
-                    Logging.info(msg);
-                    JOptionPane.showMessageDialog(wrapper, msg);
-                } catch (IOException | GeneralSecurityException ex) {
-                    Logging.error(ex);
-                }
-            });
-            uninstallCertificate.addActionListener(e -> {
-                try {
-                    String msg;
-                    KeyStore ks = PlatformHookWindows.getRootKeystore();
-                    if (ks.containsAlias(RemoteControlHttpsServer.ENTRY_ALIAS)) {
-                        Logging.info(tr("Removing certificate {0} from root keystore.", RemoteControlHttpsServer.ENTRY_ALIAS));
-                        ks.deleteEntry(RemoteControlHttpsServer.ENTRY_ALIAS);
-                        msg = tr("Certificate has been successfully uninstalled.");
-                    } else {
-                        msg = tr("Certificate is not installed. Nothing to do.");
-                    }
-                    Logging.info(msg);
-                    JOptionPane.showMessageDialog(wrapper, msg);
-                } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException ex) {
-                    Logging.error(ex);
-                }
-            });
-            installCertificate.setEnabled(https);
-        }
 
         wrapper.add(new JSeparator(), GBC.eop().fill(GBC.HORIZONTAL).insets(15, 5, 15, 5));
@@ -174 +109 @@
                 RequestHandler.globalConfirmationKey, RequestHandler.globalConfirmationDefault));
 
-        ActionListener remoteControlEnabled = e -> {
-            GuiHelper.setEnabledRec(wrapper, enableRemoteControl.isSelected());
-            enableHttpsSupport.setEnabled(RemoteControl.supportsHttps());
-            // 'setEnabled(false)' does not work for JLabel with html text, so do it manually
-            // FIXME: use QuadStateCheckBox to make checkboxes unset when disabled
-            if (installCertificate != null && uninstallCertificate != null) {
-                // Install certificate button is enabled if HTTPS is also enabled
-                installCertificate.setEnabled(enableRemoteControl.isSelected()
-                        && enableHttpsSupport.isSelected() && RemoteControl.supportsHttps());
-                // Uninstall certificate button is always enabled
-                uninstallCertificate.setEnabled(RemoteControl.supportsHttps());
-            }
-        };
+        ActionListener remoteControlEnabled = e -> GuiHelper.setEnabledRec(wrapper, enableRemoteControl.isSelected());
         enableRemoteControl.addActionListener(remoteControlEnabled);
         remoteControlEnabled.actionPerformed(null);
@@ -195 +118 @@
     public boolean ok() {
         boolean enabled = enableRemoteControl.isSelected();
-        boolean httpsEnabled = enableHttpsSupport.isSelected();
         boolean changed = RemoteControl.PROP_REMOTECONTROL_ENABLED.put(enabled);
-        boolean httpsChanged = RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.put(httpsEnabled);
         if (enabled) {
             for (Entry<PermissionPrefWithDefault, JCheckBox> p : prefs.entrySet()) {
@@ -211 +132 @@
                 RemoteControl.stop();
             }
-        } else if (httpsChanged) {
-            if (httpsEnabled) {
-                RemoteControlHttpsServer.restartRemoteControlHttpsServer();
-            } else {
-                RemoteControlHttpsServer.stopRemoteControlHttpsServer();
-            }
         }
         return false;

trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControl.java

@@ -11 +11 @@
 import org.openstreetmap.josm.io.remotecontrol.handler.RequestHandler;
 import org.openstreetmap.josm.spi.preferences.Config;
-import org.openstreetmap.josm.tools.Logging;
 
 /**
@@ -28 +27 @@
 
     /**
-     * If the remote control feature is enabled or disabled for HTTPS. If disabled,
-     * only HTTP access will be available.
-     * @since 7335
-     */
-    public static final BooleanProperty PROP_REMOTECONTROL_HTTPS_ENABLED = new BooleanProperty(
-            "remotecontrol.https.enabled", false);
-
-    /**
      * RemoteControl HTTP protocol version. Change minor number for compatible
      * interface extensions. Change major number in case of incompatible
@@ -48 +39 @@
     public static void start() {
         RemoteControlHttpServer.restartRemoteControlHttpServer();
-        if (supportsHttps()) {
-            RemoteControlHttpsServer.restartRemoteControlHttpsServer();
-        }
     }
 
@@ -59 +47 @@
     public static void stop() {
         RemoteControlHttpServer.stopRemoteControlHttpServer();
-        if (supportsHttps()) {
-            RemoteControlHttpsServer.stopRemoteControlHttpsServer();
-        }
-    }
-
-    /**
-     * Determines if the current JVM support HTTPS remote control.
-     * @return {@code true} if the JVM provides {@code sun.security.x509} classes
-     * @since 12703
-     */
-    public static boolean supportsHttps() {
-        try {
-            return Class.forName("sun.security.x509.GeneralName") != null;
-        } catch (ClassNotFoundException | SecurityException e) {
-            Logging.trace(e);
-            return false;
-        }
     }
 

trunk/src/org/openstreetmap/josm/tools/PlatformHook.java

@@ -10 +10 @@
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
-import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
@@ -162 +161 @@
     default String getOSBuildNumber() {
         return "";
-    }
-
-    /**
-     * Setup system keystore to add JOSM HTTPS certificate (for remote control).
-     * @param entryAlias The entry alias to use
-     * @param trustedCert the JOSM certificate for localhost
-     * @return {@code true} if something has changed as a result of the call (certificate installation, etc.)
-     * @throws KeyStoreException in case of error
-     * @throws IOException in case of error
-     * @throws CertificateException in case of error
-     * @throws NoSuchAlgorithmException in case of error
-     * @since 7343
-     */
-    default boolean setupHttpsCertificate(String entryAlias, KeyStore.TrustedCertificateEntry trustedCert)
-            throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
-        // TODO setup HTTPS certificate on Unix and OS X systems
-        return false;
     }
 

trunk/src/org/openstreetmap/josm/tools/PlatformHookWindows.java

@@ -32 +32 @@
 
 import java.awt.Desktop;
-import java.awt.GraphicsEnvironment;
 import java.io.BufferedWriter;
 import java.io.File;
@@ -50 +49 @@
 import java.nio.file.InvalidPathException;
 import java.nio.file.Path;
-import java.security.InvalidKeyException;
-import java.security.KeyFactory;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.MessageDigest;
 import java.security.NoSuchAlgorithmException;
-import java.security.NoSuchProviderException;
-import java.security.PublicKey;
-import java.security.SignatureException;
 import java.security.cert.Certificate;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
-import java.security.spec.InvalidKeySpecException;
-import java.security.spec.X509EncodedKeySpec;
 import java.text.ParseException;
 import java.util.ArrayList;
@@ -79 +71 @@
 import java.util.regex.Pattern;
 
-import javax.swing.JOptionPane;
-
 import org.openstreetmap.josm.data.Preferences;
 import org.openstreetmap.josm.data.StructUtils;
 import org.openstreetmap.josm.data.StructUtils.StructEntry;
 import org.openstreetmap.josm.data.StructUtils.WriteExplicitly;
-import org.openstreetmap.josm.gui.MainApplication;
 import org.openstreetmap.josm.io.CertificateAmendment.NativeCertAmend;
 import org.openstreetmap.josm.io.NetworkManager;
@@ -147 +136 @@
         }
     }
-
-    private static final byte[] INSECURE_PUBLIC_KEY = new byte[] {
-        0x30, (byte) 0x82, 0x1, 0x22, 0x30, 0xd, 0x6, 0x9, 0x2a, (byte) 0x86, 0x48,
-        (byte) 0x86, (byte) 0xf7, 0xd, 0x1, 0x1, 0x1, 0x5, 0x0, 0x3, (byte) 0x82, 0x1, 0xf, 0x0,
-        0x30, (byte) 0x82, 0x01, 0x0a, 0x02, (byte) 0x82, 0x01, 0x01, 0x00, (byte) 0x95, (byte) 0x95, (byte) 0x88,
-        (byte) 0x84, (byte) 0xc8, (byte) 0xd9, 0x6b, (byte) 0xc5, (byte) 0xda, 0x0b, 0x69, (byte) 0xbf, (byte) 0xfc,
-        0x7e, (byte) 0xb9, (byte) 0x96, 0x2c, (byte) 0xeb, (byte) 0x8f, (byte) 0xbc, 0x6e, 0x40, (byte) 0xe6, (byte) 0xe2,
-        (byte) 0xfc, (byte) 0xf1, 0x7f, 0x73, (byte) 0xa7, (byte) 0x9d, (byte) 0xde, (byte) 0xc7, (byte) 0x88, 0x57, 0x51,
-        (byte) 0x84, (byte) 0xed, (byte) 0x96, (byte) 0xfb, (byte) 0xe1, 0x38, (byte) 0xef, 0x08, 0x2b, (byte) 0xf3,
-        (byte) 0xc7, (byte) 0xc3, 0x5d, (byte) 0xfe, (byte) 0xf9, 0x51, (byte) 0xe6, 0x29, (byte) 0xfc, (byte) 0xe5, 0x0d,
-        (byte) 0xa1, 0x0d, (byte) 0xa8, (byte) 0xb4, (byte) 0xae, 0x26, 0x18, 0x19, 0x4d, 0x6c, 0x0c, 0x3b, 0x12, (byte) 0xba,
-        (byte) 0xbc, 0x5f, 0x32, (byte) 0xb3, (byte) 0xbe, (byte) 0x9d, 0x17, 0x0d, 0x4d, 0x2f, 0x1a, 0x48, (byte) 0xb7,
-        (byte) 0xac, (byte) 0xf7, 0x1a, 0x43, 0x01, (byte) 0x97, (byte) 0xf4, (byte) 0xf8, 0x4c, (byte) 0xbb, 0x6a, (byte) 0xbc,
-        0x33, (byte) 0xe1, 0x73, 0x1e, (byte) 0x86, (byte) 0xfb, 0x2e, (byte) 0xb1, 0x63, 0x75, (byte) 0x85, (byte) 0xdc,
-        (byte) 0x82, 0x6c, 0x28, (byte) 0xf1, (byte) 0xe3, (byte) 0x90, 0x63, (byte) 0x9d, 0x3d, 0x48, (byte) 0x8a, (byte) 0x8c,
-        0x47, (byte) 0xe2, 0x10, 0x0b, (byte) 0xef, (byte) 0x91, (byte) 0x94, (byte) 0xb0, 0x6c, 0x4c, (byte) 0x80, 0x76, 0x03,
-        (byte) 0xe1, (byte) 0xb6, (byte) 0x90, (byte) 0x87, (byte) 0xd9, (byte) 0xae, (byte) 0xf4, (byte) 0x8e, (byte) 0xe0,
-        (byte) 0x9f, (byte) 0xe7, 0x3a, 0x2c, 0x2f, 0x21, (byte) 0xd4, 0x46, (byte) 0xba, (byte) 0x95, 0x70, (byte) 0xa9, 0x5b,
-        0x20, 0x2a, (byte) 0xfa, 0x52, 0x3e, (byte) 0x9d, (byte) 0xd9, (byte) 0xef, 0x28, (byte) 0xc5, (byte) 0xd1, 0x60,
-        (byte) 0x89, 0x68, 0x6e, 0x7f, (byte) 0xd7, (byte) 0x9e, (byte) 0x89, 0x4c, (byte) 0xeb, 0x4d, (byte) 0xd2, (byte) 0xc6,
-        (byte) 0xf4, 0x2d, 0x02, 0x5d, (byte) 0xda, (byte) 0xde, 0x33, (byte) 0xfe, (byte) 0xc1, 0x7e, (byte) 0xde, 0x4f, 0x1f,
-        (byte) 0x9b, 0x6e, 0x6f, 0x0f, 0x66, 0x71, 0x19, (byte) 0xe9, 0x43, 0x3c, (byte) 0x83, 0x0a, 0x0f, 0x28, 0x21, (byte) 0xc8,
-        0x38, (byte) 0xd3, 0x4e, 0x48, (byte) 0xdf, (byte) 0xd4, (byte) 0x99, (byte) 0xb5, (byte) 0xc6, (byte) 0x8d, (byte) 0xd4,
-        (byte) 0xc1, 0x69, 0x58, 0x79, (byte) 0x82, 0x32, (byte) 0x82, (byte) 0xd4, (byte) 0x86, (byte) 0xe2, 0x04, 0x08, 0x63,
-        (byte) 0x87, (byte) 0xf0, 0x2a, (byte) 0xf6, (byte) 0xec, 0x3e, 0x51, 0x0f, (byte) 0xda, (byte) 0xb4, 0x67, 0x19, 0x5e,
-        0x16, 0x02, (byte) 0x9f, (byte) 0xf1, 0x19, 0x0c, 0x3e, (byte) 0xb8, 0x04, 0x49, 0x07, 0x53, 0x02, 0x03, 0x01, 0x00, 0x01
-    };
 
     private static final String WINDOWS_ROOT = "Windows-ROOT";
@@ -374 +336 @@
         ks.load(null, null);
         return ks;
-    }
-
-    /**
-     * Removes potential insecure certificates installed with previous versions of JOSM on Windows.
-     * @throws NoSuchAlgorithmException on unsupported signature algorithms
-     * @throws CertificateException if any of the certificates in the Windows keystore could not be loaded
-     * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the type "Windows-ROOT"
-     * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given
-     * @since 7335
-     */
-    public static void removeInsecureCertificates() throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
-        // We offered before a public private key we need now to remove from Windows PCs as it might be a huge security risk (see #10230)
-        PublicKey insecurePubKey = null;
-        try {
-            insecurePubKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(INSECURE_PUBLIC_KEY));
-        } catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
-            Logging.error(e);
-            return;
-        }
-        KeyStore ks = getRootKeystore();
-        Enumeration<String> en = ks.aliases();
-        Collection<String> insecureCertificates = new ArrayList<>();
-        while (en.hasMoreElements()) {
-            String alias = en.nextElement();
-            // Look for certificates associated with a private key
-            if (ks.isKeyEntry(alias)) {
-                try {
-                    ks.getCertificate(alias).verify(insecurePubKey);
-                    // If no exception, this is a certificate signed with the insecure key -> remove it
-                    insecureCertificates.add(alias);
-                } catch (InvalidKeyException | NoSuchProviderException | SignatureException e) {
-                    // If exception this is not a certificate related to JOSM, just trace it
-                    Logging.trace(alias + " --> " + e.getClass().getName());
-                    Logging.trace(e);
-                }
-            }
-        }
-        // Remove insecure certificates
-        if (!insecureCertificates.isEmpty()) {
-            StringBuilder message = new StringBuilder("<html>");
-            message.append(tr("A previous version of JOSM has installed a custom certificate "+
-                    "in order to provide HTTPS support for Remote Control:"))
-                   .append("<br><ul>");
-            for (String alias : insecureCertificates) {
-                message.append("<li>")
-                       .append(alias)
-                       .append("</li>");
-            }
-            message.append("</ul>")
-                   .append(tr("It appears it could be an important <b>security risk</b>.<br><br>"+
-                    "You are now going to be prompted by Windows to remove this insecure certificate.<br>"+
-                    "For your own safety, <b>please click Yes</b> in next dialog."))
-                   .append("</html>");
-            JOptionPane.showMessageDialog(MainApplication.getMainFrame(), message.toString(), tr("Warning"), JOptionPane.WARNING_MESSAGE);
-            for (String alias : insecureCertificates) {
-                Logging.warn(tr("Removing insecure certificate from {0} keystore: {1}", WINDOWS_ROOT, alias));
-                try {
-                    ks.deleteEntry(alias);
-                } catch (KeyStoreException e) {
-                    Logging.log(Logging.LEVEL_ERROR, tr("Unable to remove insecure certificate from keystore: {0}", e.getMessage()), e);
-                }
-            }
-        }
-    }
-
-    @Override
-    public boolean setupHttpsCertificate(String entryAlias, KeyStore.TrustedCertificateEntry trustedCert)
-            throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
-        KeyStore ks = getRootKeystore();
-        // Look for certificate to install
-        try {
-            String alias = ks.getCertificateAlias(trustedCert.getTrustedCertificate());
-            if (alias != null) {
-                // JOSM certificate found, return
-                Logging.debug(tr("JOSM localhost certificate found in {0} keystore: {1}", WINDOWS_ROOT, alias));
-                return false;
-            }
-        } catch (ArrayIndexOutOfBoundsException e) {
-            // catch error of JDK-8172244 as bug seems to not be fixed anytime soon
-            Logging.log(Logging.LEVEL_ERROR, "JDK-8172244 occurred. Abort HTTPS setup", e);
-            return false;
-        }
-        if (!GraphicsEnvironment.isHeadless()) {
-            // JOSM certificate not found, warn user
-            StringBuilder message = new StringBuilder("<html>");
-            message.append(tr("Remote Control is configured to provide HTTPS support.<br>"+
-                    "This requires to add a custom certificate generated by JOSM to the Windows Root CA store.<br><br>"+
-                    "You are now going to be prompted by Windows to confirm this operation.<br>"+
-                    "To enable proper HTTPS support, <b>please click Yes</b> in next dialog.<br><br>"+
-                    "If unsure, you can also click No then disable HTTPS support in Remote Control preferences."))
-                   .append("</html>");
-            JOptionPane.showMessageDialog(MainApplication.getMainFrame(), message.toString(),
-                    tr("HTTPS support in Remote Control"), JOptionPane.INFORMATION_MESSAGE);
-        }
-        // install it to Windows-ROOT keystore, used by IE, Chrome and Safari, but not by Firefox
-        Logging.info(tr("Adding JOSM localhost certificate to {0} keystore", WINDOWS_ROOT));
-        ks.setEntry(entryAlias, trustedCert, null);
-        return true;
     }
 

trunk/test/unit/org/openstreetmap/josm/io/remotecontrol/RemoteControlTest.java

@@ -11 +11 @@
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Paths;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore.TrustedCertificateEntry;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 
 import org.junit.After;
@@ -31 +21 @@
 import org.openstreetmap.josm.spi.preferences.Config;
 import org.openstreetmap.josm.testutils.JOSMTestRules;
-import org.openstreetmap.josm.tools.Logging;
 import org.openstreetmap.josm.tools.PlatformHookWindows;
 import org.openstreetmap.josm.tools.PlatformManager;
@@ -45 +34 @@
 
     private String httpBase;
-    private String httpsBase;
 
     private static class PlatformHookWindowsMock extends MockUp<PlatformHookWindows> {
@@ -67 +55 @@
     @Before
     public void setUp() throws GeneralSecurityException {
-        RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.put(true);
-        deleteKeystore();
-
         if (PlatformManager.isPlatformWindows() && "True".equals(System.getenv("APPVEYOR"))) {
             // appveyor doesn't like us tinkering with the root keystore, so mock this out
@@ -77 +62 @@
 
         RemoteControl.start();
-        disableCertificateValidation();
         httpBase = "http://127.0.0.1:"+Config.getPref().getInt("remote.control.port", 8111);
-        httpsBase = "https://127.0.0.1:"+Config.getPref().getInt("remote.control.https.port", 8112);
-    }
-
-    /**
-     * Deletes JOSM keystore, if it exists.
-     */
-    public static void deleteKeystore() {
-        try {
-            Files.deleteIfExists(Paths.get(
-                    RemoteControl.getRemoteControlDir()).resolve(RemoteControlHttpsServer.KEYSTORE_FILENAME));
-        } catch (IOException e) {
-            Logging.error(e);
-        }
-    }
-
-    /**
-     * Disable all HTTPS validation mechanisms as described
-     * <a href="http://stackoverflow.com/a/2893932/2257172">here</a> and
-     * <a href="http://stackoverflow.com/a/19542614/2257172">here</a>
-     * @throws GeneralSecurityException if a security error occurs
-     */
-    public void disableCertificateValidation() throws GeneralSecurityException {
-        // Create a trust manager that does not validate certificate chains
-        TrustManager[] trustAllCerts = new TrustManager[] {
-            new X509TrustManager() {
-                @Override
-                @SuppressFBWarnings(value = "WEAK_TRUST_MANAGER")
-                public X509Certificate[] getAcceptedIssuers() {
-                    return new X509Certificate[0];
-                }
-
-                @Override
-                @SuppressFBWarnings(value = "WEAK_TRUST_MANAGER")
-                public void checkClientTrusted(X509Certificate[] certs, String authType) {
-                }
-
-                @Override
-                @SuppressFBWarnings(value = "WEAK_TRUST_MANAGER")
-                public void checkServerTrusted(X509Certificate[] certs, String authType) {
-                }
-            }
-        };
-
-        // Install the all-trusting trust manager
-        SSLContext sc = SSLContext.getInstance("TLS");
-        sc.init(null, trustAllCerts, new SecureRandom());
-        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-
-        // Create all-trusting host name verifier
-        HostnameVerifier allHostsValid = (hostname, session) -> true;
-
-        // Install the all-trusting host verifier
-        HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
     }
 
@@ -149 +80 @@
     public void testHttpListOfCommands() throws Exception {
         testListOfCommands(httpBase);
-    }
-
-    /**
-     * Tests that sending an HTTPS request without command results in HTTP 400, with all available commands in error message.
-     * @throws Exception if an error occurs
-     */
-    @Test
-    public void testHttpsListOfCommands() throws Exception {
-        testListOfCommands(httpsBase);
     }
 

trunk/test/unit/org/openstreetmap/josm/tools/PlatformHookOsxTest.java

@@ -38 +38 @@
     public void testStartupHook() {
         hook.startupHook((a, b, c, d) -> System.out.println("callback"));
-    }
-
-    /**
-     * Test method for {@code PlatformHookOsx#setupHttpsCertificate}
-     * @throws Exception if an error occurs
-     */
-    @Test
-    public void testSetupHttpsCertificate() throws Exception {
-        assertFalse(hook.setupHttpsCertificate(null, null));
     }
 

trunk/test/unit/org/openstreetmap/josm/tools/PlatformHookWindowsTest.java

@@ -7 +7 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
-import static org.junit.Assume.assumeFalse;
 import static org.junit.Assert.fail;
 
@@ -13 +12 @@
 import java.io.File;
 import java.io.IOException;
-import java.security.KeyStore;
-import java.security.KeyStore.TrustedCertificateEntry;
 import java.security.KeyStoreException;
 import java.util.Collection;
@@ -22 +19 @@
 import org.openstreetmap.josm.JOSMFixture;
 import org.openstreetmap.josm.TestUtils;
-import org.openstreetmap.josm.io.remotecontrol.RemoteControlHttpsServer;
-import org.openstreetmap.josm.io.remotecontrol.RemoteControlTest;
 import org.openstreetmap.josm.spi.preferences.Config;
 
@@ -64 +59 @@
             try {
                 PlatformHookWindows.getRootKeystore();
-                fail("Expected KeyStoreException");
-            } catch (KeyStoreException e) {
-                Logging.info(e.getMessage());
-            }
-        }
-    }
-
-    /**
-     * Test method for {@code PlatformHookWindows#removeInsecureCertificates}
-     * @throws Exception if an error occurs
-     */
-    @Test
-    public void testRemoveInsecureCertificates() throws Exception {
-        if (PlatformManager.isPlatformWindows()) {
-            PlatformHookWindows.removeInsecureCertificates();
-        } else {
-            try {
-                PlatformHookWindows.removeInsecureCertificates();
-                fail("Expected KeyStoreException");
-            } catch (KeyStoreException e) {
-                Logging.info(e.getMessage());
-            }
-        }
-    }
-
-    /**
-     * Test method for {@code PlatformHookWindows#setupHttpsCertificate}
-     * @throws Exception if an error occurs
-     */
-    @Test
-    public void testSetupHttpsCertificate() throws Exception {
-        // appveyor doesn't like us tinkering with the root keystore
-        assumeFalse(PlatformManager.isPlatformWindows() && "True".equals(System.getenv("APPVEYOR")));
-
-        RemoteControlTest.deleteKeystore();
-        KeyStore ks = RemoteControlHttpsServer.loadJosmKeystore();
-        TrustedCertificateEntry trustedCert = new KeyStore.TrustedCertificateEntry(ks.getCertificate(ks.aliases().nextElement()));
-        if (PlatformManager.isPlatformWindows()) {
-            hook.setupHttpsCertificate(RemoteControlHttpsServer.ENTRY_ALIAS, trustedCert);
-        } else {
-            try {
-                hook.setupHttpsCertificate(RemoteControlHttpsServer.ENTRY_ALIAS, trustedCert);
                 fail("Expected KeyStoreException");
             } catch (KeyStoreException e) {