Ignore:
Timestamp:
2014-07-26T03:50:31+02:00 (10 years ago)
Author:
Don-vip
Message:

see #10230, see #10033 - big rework of HTTPS support for Remote Control:

  • HTTPS disabled by default, must be enabled in remote control preferences
  • Old certificate and private key removed from jar and Windows keystore if found, even if remote control disabled
  • New certificate generated at runtime with critical X509 extensions BasicConstraints (non-CA certificate), ExtendedKeyUsage (usage restriction for TLS server sessions)
  • New passwords generated at runtime (but stored in clear in user preferences)
  • Private key is no longer stored in Windows keystore (only certificate)
Location:
trunk/src/org/openstreetmap/josm/gui
Files:
2 edited

Legend:

Unmodified
Added
Removed

  • trunk/src/org/openstreetmap/josm/gui/MainApplication.java

    r7187 r7335  
    1313import java.awt.event.WindowEvent;
    1414import java.io.File;
     15import java.io.IOException;
    1516import java.io.InputStream;
    1617import java.net.Authenticator;
     
    1920import java.security.AllPermission;
    2021import java.security.CodeSource;
     22import java.security.KeyStoreException;
     23import java.security.NoSuchAlgorithmException;
    2124import java.security.PermissionCollection;
    2225import java.security.Permissions;
    2326import java.security.Policy;
     27import java.security.cert.CertificateException;
    2428import java.util.ArrayList;
    2529import java.util.Collection;
     
    5963import org.openstreetmap.josm.tools.ImageProvider;
    6064import org.openstreetmap.josm.tools.OsmUrlToBounds;
     65import org.openstreetmap.josm.tools.PlatformHookWindows;
    6166import org.openstreetmap.josm.tools.Utils;
    6267
     
    323328            // Enable JOSM debug level
    324329            logLevel = 4;
    325             // Enable debug in OAuth signpost
    326             Preferences.updateSystemProperty("debug", "true");
    327330            Main.info(tr("Printing debugging messages to console"));
    328331        }
     
    331334            // Enable JOSM debug level
    332335            logLevel = 5;
     336            // Enable debug in OAuth signpost via system preference, but only at trace level
     337            Preferences.updateSystemProperty("debug", "true");
    333338            Main.info(tr("Enabled detailed debug level (trace)"));
    334339        }
     
    435440
    436441        SwingUtilities.invokeLater(new GuiFinalizationWorker(args, proxySelector));
     442
     443        if (Main.isPlatformWindows()) {
     444            try {
     445                // Check for insecure certificates to remove.
     446                // This is Windows-dependant code but it can't go to preStartupHook (need i18n) neither startupHook (need to be called before remote control)
     447                ((PlatformHookWindows)Main.platform).removeInsecureCertificates();
     448            } catch (NoSuchAlgorithmException | CertificateException | KeyStoreException | IOException e) {
     449                error(e);
     450            }
     451        }
    437452
    438453        if (RemoteControl.PROP_REMOTECONTROL_ENABLED.get()) {

  • trunk/src/org/openstreetmap/josm/gui/preferences/remotecontrol/RemoteControlPreference.java

    r7005 r7335  
    2828import org.openstreetmap.josm.io.remotecontrol.PermissionPrefWithDefault;
    2929import org.openstreetmap.josm.io.remotecontrol.RemoteControl;
     30import org.openstreetmap.josm.io.remotecontrol.RemoteControlHttpsServer;
    3031import org.openstreetmap.josm.io.remotecontrol.handler.RequestHandler;
    3132import org.openstreetmap.josm.tools.GBC;
     
    5960    private final Map<PermissionPrefWithDefault, JCheckBox> prefs = new LinkedHashMap<>();
    6061    private JCheckBox enableRemoteControl;
     62    private JCheckBox enableHttpsSupport;
    6163    private JCheckBox loadInNewLayer = new JCheckBox(tr("Download objects to new layer"));
    6264    private JCheckBox alwaysAskUserConfirm = new JCheckBox(tr("Confirm all Remote Control actions manually"));
     
    8991        remote.add(wrapper, GBC.eol().fill(GBC.HORIZONTAL).insets(5, 5, 5, 5));
    9092
    91         wrapper.add(new JLabel(tr("Permitted actions:")), GBC.eol());
     93        enableHttpsSupport = new JCheckBox(tr("Enable HTTPS support"), RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.get());
     94        wrapper.add(enableHttpsSupport, GBC.eol().fill(GBC.HORIZONTAL));
     95        wrapper.add(new JSeparator(), GBC.eop().fill(GBC.HORIZONTAL).insets(15, 5, 15, 5));
     96
     97        wrapper.add(new JLabel(tr("Permitted actions:")), GBC.eol().insets(5, 0, 0, 0));
    9298        for (JCheckBox p : prefs.values()) {
    9399            wrapper.add(p, GBC.eol().insets(15, 5, 0, 0).fill(GBC.HORIZONTAL));
     
    120126    public boolean ok() {
    121127        boolean enabled = enableRemoteControl.isSelected();
     128        boolean httpsEnabled = enableHttpsSupport.isSelected();
    122129        boolean changed = RemoteControl.PROP_REMOTECONTROL_ENABLED.put(enabled);
     130        boolean httpsChanged = RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.put(httpsEnabled);
    123131        if (enabled) {
    124132            for (Entry<PermissionPrefWithDefault, JCheckBox> p : prefs.entrySet()) {
     
    134142                RemoteControl.stop();
    135143            }
     144        } else if (httpsChanged) {
     145            if (httpsEnabled) {
     146                RemoteControlHttpsServer.restartRemoteControlHttpsServer();
     147            } else {
     148                RemoteControlHttpsServer.stopRemoteControlHttpsServer();
     149            }
    136150        }
    137151        return false;
Note: See TracChangeset for help on using the changeset viewer.