2014-07-26T03:50:31+02:00 (10 years ago)

see #10230, see #10033 - big rework of HTTPS support for Remote Control:

  • HTTPS disabled by default, must be enabled in remote control preferences
  • Old certificate and private key removed from jar and Windows keystore if found, even if remote control disabled
  • New certificate generated at runtime with critical X509 extensions BasicConstraints (non-CA certificate), ExtendedKeyUsage (usage restriction for TLS server sessions)
  • New passwords generated at runtime (but stored in clear in user preferences)
  • Private key is no longer stored in Windows keystore (only certificate)
4 edited


  • trunk/src/org/openstreetmap/josm/tools/OpenBrowser.java

    r7029 r7335  
    4444        if (Desktop.isDesktopSupported()) {
    4545            try {
    46                 if (Main.platform instanceof PlatformHookWindows) {
     46                if (Main.isPlatformWindows()) {
    4747                    // Desktop API works fine under Windows, so we don't try any fallback in case of I/O exceptions because it's not API's fault
    4848                    Desktop.getDesktop().browse(uri);
  • trunk/src/org/openstreetmap/josm/tools/PlatformHook.java

    r7206 r7335  
    109109    /**
    110110     * Setup system keystore to add JOSM HTTPS certificate (for remote control).
    111      * @param privateKeyEntry the JOSM certificate for localhost and associated private key
     111     * @param trustedCert the JOSM certificate for localhost
    112112     * @throws KeyStoreException in case of error
    113113     * @throws IOException in case of error
    116116     * @since 7206
    117117     */
    118     public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry)
     118    public void setupHttpsCertificate(KeyStore.TrustedCertificateEntry trustedCert)
    119119            throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException;
  • trunk/src/org/openstreetmap/josm/tools/PlatformHookUnixoid.java

    r7318 r7335  
    359359    @Override
    360     public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry)
     360    public void setupHttpsCertificate(KeyStore.TrustedCertificateEntry trustedCert)
    361361            throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
    362362        // TODO setup HTTPS certificate on Unix systems
  • trunk/src/org/openstreetmap/josm/tools/PlatformHookWindows.java

    r7206 r7335  
    3030import java.io.File;
    3131import java.io.IOException;
     32import java.security.InvalidKeyException;
     33import java.security.KeyFactory;
    3234import java.security.KeyStore;
    3335import java.security.KeyStoreException;
    3436import java.security.NoSuchAlgorithmException;
    35 import java.security.cert.Certificate;
     37import java.security.NoSuchProviderException;
     38import java.security.PublicKey;
     39import java.security.SignatureException;
    3640import java.security.cert.CertificateException;
     41import java.security.spec.InvalidKeySpecException;
     42import java.security.spec.X509EncodedKeySpec;
     43import java.util.ArrayList;
     44import java.util.Collection;
    3745import java.util.Enumeration;
     47import javax.swing.JOptionPane;
    3949import org.openstreetmap.josm.Main;
    4454  */
    4555public class PlatformHookWindows extends PlatformHookUnixoid implements PlatformHook {
     57    private static final byte[] INSECURE_PUBLIC_KEY = new byte[] {
     58        0x30, (byte) 0x82, 0x1, 0x22, 0x30, 0xd, 0x6, 0x9, 0x2a, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xf7, 0xd, 0x1, 0x1, 0x1, 0x5, 0x0, 0x3, (byte) 0x82, 0x1, 0xf, 0x0,
     59        0x30, (byte) 0x82, 0x01, 0x0a, 0x02, (byte) 0x82, 0x01, 0x01, 0x00, (byte) 0x95, (byte) 0x95, (byte) 0x88,
     60        (byte) 0x84, (byte) 0xc8, (byte) 0xd9, 0x6b, (byte) 0xc5, (byte) 0xda, 0x0b, 0x69, (byte) 0xbf, (byte) 0xfc, 0x7e, (byte) 0xb9, (byte) 0x96, 0x2c, (byte) 0xeb, (byte) 0x8f,
     61        (byte) 0xbc, 0x6e, 0x40, (byte) 0xe6, (byte) 0xe2, (byte) 0xfc, (byte) 0xf1, 0x7f, 0x73, (byte) 0xa7, (byte) 0x9d, (byte) 0xde, (byte) 0xc7, (byte) 0x88,
     62        0x57, 0x51, (byte) 0x84, (byte) 0xed, (byte) 0x96, (byte) 0xfb, (byte) 0xe1, 0x38, (byte) 0xef, 0x08, 0x2b, (byte) 0xf3, (byte) 0xc7, (byte) 0xc3,
     63        0x5d, (byte) 0xfe, (byte) 0xf9, 0x51, (byte) 0xe6, 0x29, (byte) 0xfc, (byte) 0xe5, 0x0d, (byte) 0xa1, 0x0d, (byte) 0xa8, (byte) 0xb4, (byte) 0xae,
     64        0x26, 0x18, 0x19, 0x4d, 0x6c, 0x0c, 0x3b, 0x12, (byte) 0xba, (byte) 0xbc, 0x5f, 0x32, (byte) 0xb3, (byte) 0xbe,
     65        (byte) 0x9d, 0x17, 0x0d, 0x4d, 0x2f, 0x1a, 0x48, (byte) 0xb7, (byte) 0xac, (byte) 0xf7, 0x1a, 0x43, 0x01, (byte) 0x97,
     66        (byte) 0xf4, (byte) 0xf8, 0x4c, (byte) 0xbb, 0x6a, (byte) 0xbc, 0x33, (byte) 0xe1, 0x73, 0x1e, (byte) 0x86, (byte) 0xfb, 0x2e, (byte) 0xb1,
     67        0x63, 0x75, (byte) 0x85, (byte) 0xdc, (byte) 0x82, 0x6c, 0x28, (byte) 0xf1, (byte) 0xe3, (byte) 0x90, 0x63, (byte) 0x9d, 0x3d, 0x48,
     68        (byte) 0x8a, (byte) 0x8c, 0x47, (byte) 0xe2, 0x10, 0x0b, (byte) 0xef, (byte) 0x91, (byte) 0x94, (byte) 0xb0, 0x6c, 0x4c, (byte) 0x80, 0x76,
     69        0x03, (byte) 0xe1, (byte) 0xb6, (byte) 0x90, (byte) 0x87, (byte) 0xd9, (byte) 0xae, (byte) 0xf4, (byte) 0x8e, (byte) 0xe0, (byte) 0x9f, (byte) 0xe7, 0x3a, 0x2c,
     70        0x2f, 0x21, (byte) 0xd4, 0x46, (byte) 0xba, (byte) 0x95, 0x70, (byte) 0xa9, 0x5b, 0x20, 0x2a, (byte) 0xfa, 0x52, 0x3e,
     71        (byte) 0x9d, (byte) 0xd9, (byte) 0xef, 0x28, (byte) 0xc5, (byte) 0xd1, 0x60, (byte) 0x89, 0x68, 0x6e, 0x7f, (byte) 0xd7, (byte) 0x9e, (byte) 0x89,
     72        0x4c, (byte) 0xeb, 0x4d, (byte) 0xd2, (byte) 0xc6, (byte) 0xf4, 0x2d, 0x02, 0x5d, (byte) 0xda, (byte) 0xde, 0x33, (byte) 0xfe, (byte) 0xc1,
     73        0x7e, (byte) 0xde, 0x4f, 0x1f, (byte) 0x9b, 0x6e, 0x6f, 0x0f, 0x66, 0x71, 0x19, (byte) 0xe9, 0x43, 0x3c,
     74        (byte) 0x83, 0x0a, 0x0f, 0x28, 0x21, (byte) 0xc8, 0x38, (byte) 0xd3, 0x4e, 0x48, (byte) 0xdf, (byte) 0xd4, (byte) 0x99, (byte) 0xb5,
     75        (byte) 0xc6, (byte) 0x8d, (byte) 0xd4, (byte) 0xc1, 0x69, 0x58, 0x79, (byte) 0x82, 0x32, (byte) 0x82, (byte) 0xd4, (byte) 0x86, (byte) 0xe2, 0x04,
     76        0x08, 0x63, (byte) 0x87, (byte) 0xf0, 0x2a, (byte) 0xf6, (byte) 0xec, 0x3e, 0x51, 0x0f, (byte) 0xda, (byte) 0xb4, 0x67, 0x19,
     77        0x5e, 0x16, 0x02, (byte) 0x9f, (byte) 0xf1, 0x19, 0x0c, 0x3e, (byte) 0xb8, 0x04, 0x49, 0x07, 0x53, 0x02,
     78        0x03, 0x01, 0x00, 0x01
     79    };
     81    private static final String WINDOWS_ROOT = "Windows-ROOT";
    4783    @Override
    138174    }
    140     @Override
    141     public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry)
    142             throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
    143         KeyStore ks = KeyStore.getInstance("Windows-ROOT");
     176    /**
     177     * Loads Windows-ROOT keystore.
     178     * @return Windows-ROOT keystore
     179     * @throws NoSuchAlgorithmException if the algorithm used to check the integrity of the keystore cannot be found
     180     * @throws CertificateException if any of the certificates in the keystore could not be loaded
     181     * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given
     182     * @throws KeyStoreException if no Provider supports a KeyStore implementation for the type "Windows-ROOT"
     183     */
     184    private KeyStore getWindowsKeystore() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
     185        KeyStore ks = KeyStore.getInstance(WINDOWS_ROOT);
    144186        ks.load(null, null);
     187        return ks;
     188    }
     190    /**
     191     * Removes potential insecure certificates installed with previous versions of JOSM on Windows.
     192     * @throws NoSuchAlgorithmException on unsupported signature algorithms
     193     * @throws CertificateException if any of the certificates in the Windows keystore could not be loaded
     194     * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the type "Windows-ROOT"
     195     * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given
     196     * @since 7335
     197     */
     198    public void removeInsecureCertificates() throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
     199        // We offered before a public private key we need now to remove from Windows PCs as it might be a huge security risk (see #10230)
     200        PublicKey insecurePubKey = null;
     201        try {
     202            insecurePubKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(INSECURE_PUBLIC_KEY));
     203        } catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
     204            Main.error(e);
     205            return;
     206        }
     207        KeyStore ks = getWindowsKeystore();
    145208        Enumeration<String> en = ks.aliases();
     209        Collection<String> insecureCertificates = new ArrayList<>();
    146210        while (en.hasMoreElements()) {
    147211            String alias = en.nextElement();
    148             Certificate c = ks.getCertificate(alias);
    149             if (ks.isKeyEntry(alias) && c.equals(privateKeyEntry.getCertificate())) {
     212            // Look for certificates associated with a private key
     213            if (ks.isKeyEntry(alias)) {
     214                try {
     215                    ks.getCertificate(alias).verify(insecurePubKey);
     216                    // If no exception, this is a certificate signed with the insecure key -> remove it
     217                    insecureCertificates.add(alias);
     218                } catch (InvalidKeyException | NoSuchProviderException | SignatureException e) {
     219                    // If exception this is not a certificate related to JOSM, just trace it
     220                    Main.trace(alias + " --> " + e.getClass().getName());
     221                }
     222            }
     223        }
     224        // Remove insecure certificates
     225        if (!insecureCertificates.isEmpty()) {
     226            StringBuilder message = new StringBuilder("<html>");
     227            message.append(tr("A previous version of JOSM has installed a custom certificate in order to provide HTTPS support for Remote Control:"));
     228            message.append("<br><ul>");
     229            for (String alias : insecureCertificates) {
     230                message.append("<li>");
     231                message.append(alias);
     232                message.append("</li>");
     233            }
     234            message.append("</ul>");
     235            message.append(tr("It appears it could be an important <b>security risk</b>.<br><br>"+
     236                    "You are now going to be prompted by Windows to remove this insecure certificate.<br>For your own safety, <b>please click Yes</b> in next dialog."));
     237            message.append("</html>");
     238            JOptionPane.showMessageDialog(Main.parent, message.toString(), tr("Warning"), JOptionPane.WARNING_MESSAGE);
     239            for (String alias : insecureCertificates) {
     240                Main.warn(tr("Removing insecure certificate from {0} keystore: {1}", WINDOWS_ROOT, alias));
     241                try {
     242                    ks.deleteEntry(alias);
     243                } catch (KeyStoreException e) {
     244                    Main.error(tr("Unable to remove insecure certificate from keystore: {0}", e.getMessage()));
     245                }
     246            }
     247        }
     248    }
     250    @Override
     251    public void setupHttpsCertificate(KeyStore.TrustedCertificateEntry trustedCert)
     252            throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
     253        KeyStore ks = getWindowsKeystore();
     254        Enumeration<String> en = ks.aliases();
     256        while (en.hasMoreElements()) {
     257            String alias = en.nextElement();
     258            // Look for certificate to install
     259            if (ks.isKeyEntry(alias) && ks.getCertificate(alias).equals(trustedCert.getTrustedCertificate())) {
    150260                // JOSM certificate found, return
    151261                return;
    153263        }
    154264        // JOSM certificate not found, install it
    155         Main.info("Adding JOSM localhost certificate to Windows-ROOT keystore");
    156         ks.setEntry("josm_localhost", privateKeyEntry, new KeyStore.PasswordProtection("josm_ssl".toCharArray()));
     265        Main.info(tr("Adding JOSM localhost certificate to {0} keystore", WINDOWS_ROOT));
     266        ks.setEntry("josm_localhost", trustedCert, null);
    157267    }
Note: See TracChangeset for help on using the changeset viewer.