Changeset 7206 in josm for trunk/src/org/openstreetmap/josm/io
- Timestamp:
- 2014-06-01T17:55:24+02:00 (11 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControlHttpsServer.java
r7037 r7206 12 12 import java.net.Socket; 13 13 import java.net.SocketException; 14 import java.security.Key; 14 15 import java.security.KeyManagementException; 15 16 import java.security.KeyStore; 16 17 import java.security.KeyStoreException; 17 18 import java.security.NoSuchAlgorithmException; 18 import java.security.UnrecoverableKeyException; 19 import java.security.PrivateKey; 20 import java.security.UnrecoverableEntryException; 21 import java.security.cert.Certificate; 19 22 import java.security.cert.CertificateException; 20 23 import java.util.Arrays; … … 32 35 /** 33 36 * Simple HTTPS server that spawns a {@link RequestProcessor} for every secure connection. 34 * 37 * 35 38 * @since 6941 36 39 */ … … 42 45 private static RemoteControlHttpsServer instance; 43 46 private boolean initOK = false; 44 private SSLContext sslContext; 47 private SSLContext sslContext; 45 48 46 49 private static final String KEYSTORE_PATH = "/data/josm.keystore"; … … 53 56 KeyStore ks = KeyStore.getInstance("JKS"); 54 57 char[] password = KEYSTORE_PASSWORD.toCharArray(); 55 56 // Load keystore 58 59 // Load keystore generated with Java 7 keytool as follows: 60 // keytool -genkeypair -storepass josm_ssl -keypass josm_ssl -alias josm_localhost -dname "CN=localhost, OU=JOSM, O=OpenStreetMap" 61 // -ext san=ip:127.0.0.1 -keyalg RSA -validity 1825 57 62 try (InputStream in = RemoteControlHttpsServer.class.getResourceAsStream(KEYSTORE_PATH)) { 58 63 if (in == null) { … … 60 65 } else { 61 66 ks.load(in, password); 62 67 63 68 if (Main.isDebugEnabled()) { 64 69 for (Enumeration<String> aliases = ks.aliases(); aliases.hasMoreElements();) { … … 66 71 } 67 72 } 68 73 69 74 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); 70 75 kmf.init(ks, password); 71 76 72 77 TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); 73 78 tmf.init(ks); 74 79 75 80 sslContext = SSLContext.getInstance("TLS"); 76 81 sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 77 82 78 83 if (Main.isDebugEnabled()) { 79 84 Main.debug("SSL Context protocol: " + sslContext.getProtocol()); 80 85 Main.debug("SSL Context provider: " + sslContext.getProvider()); 81 86 } 82 87 88 Enumeration<String> aliases = ks.aliases(); 89 if (aliases.hasMoreElements()) { 90 String aliasKey = aliases.nextElement(); 91 Key key = ks.getKey(aliasKey, password); 92 Certificate[] chain = ks.getCertificateChain(aliasKey); 93 Main.platform.setupHttpsCertificate(new KeyStore.PrivateKeyEntry((PrivateKey) key, chain)); 94 } 95 83 96 initOK = true; 84 97 } 85 98 } 86 } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | 87 IOException | UnrecoverableKeyException | KeyManagementException e) {99 } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | 100 IOException | KeyManagementException | UnrecoverableEntryException e) { 88 101 Main.error(e); 89 102 } … … 136 149 super("RemoteControl HTTPS Server"); 137 150 this.setDaemon(true); 138 151 139 152 initialize(); 140 153 141 154 // Create SSL Server factory 142 155 SSLServerSocketFactory factory = sslContext.getServerSocketFactory(); … … 144 157 Main.debug("SSL factory - Supported Cipher suites: "+Arrays.toString(factory.getSupportedCipherSuites())); 145 158 } 146 159 147 160 // Start the server socket with only 1 connection. 148 161 // Also make sure we only listen … … 151 164 this.server = factory.createServerSocket(port, 1, 152 165 InetAddress.getByName(Main.pref.get("remote.control.host", "localhost"))); 153 166 154 167 if (Main.isDebugEnabled() && server instanceof SSLServerSocket) { 155 168 SSLServerSocket sslServer = (SSLServerSocket) server;
Note:
See TracChangeset
for help on using the changeset viewer.
