Changeset 7335 in josm for trunk/src/org/openstreetmap/josm/tools
- Timestamp:
- 2014-07-26T03:50:31+02:00 (10 years ago)
- Location:
- trunk/src/org/openstreetmap/josm/tools
- Files:
-
- 4 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/org/openstreetmap/josm/tools/OpenBrowser.java
r7029 r7335 44 44 if (Desktop.isDesktopSupported()) { 45 45 try { 46 if (Main. platform instanceof PlatformHookWindows) {46 if (Main.isPlatformWindows()) { 47 47 // Desktop API works fine under Windows, so we don't try any fallback in case of I/O exceptions because it's not API's fault 48 48 Desktop.getDesktop().browse(uri); -
trunk/src/org/openstreetmap/josm/tools/PlatformHook.java
r7206 r7335 109 109 /** 110 110 * Setup system keystore to add JOSM HTTPS certificate (for remote control). 111 * @param privateKeyEntry the JOSM certificate for localhost and associated private key111 * @param trustedCert the JOSM certificate for localhost 112 112 * @throws KeyStoreException in case of error 113 113 * @throws IOException in case of error … … 116 116 * @since 7206 117 117 */ 118 public void setupHttpsCertificate(KeyStore. PrivateKeyEntry privateKeyEntry)118 public void setupHttpsCertificate(KeyStore.TrustedCertificateEntry trustedCert) 119 119 throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException; 120 120 } -
trunk/src/org/openstreetmap/josm/tools/PlatformHookUnixoid.java
r7318 r7335 358 358 359 359 @Override 360 public void setupHttpsCertificate(KeyStore. PrivateKeyEntry privateKeyEntry)360 public void setupHttpsCertificate(KeyStore.TrustedCertificateEntry trustedCert) 361 361 throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { 362 362 // TODO setup HTTPS certificate on Unix systems -
trunk/src/org/openstreetmap/josm/tools/PlatformHookWindows.java
r7206 r7335 30 30 import java.io.File; 31 31 import java.io.IOException; 32 import java.security.InvalidKeyException; 33 import java.security.KeyFactory; 32 34 import java.security.KeyStore; 33 35 import java.security.KeyStoreException; 34 36 import java.security.NoSuchAlgorithmException; 35 import java.security.cert.Certificate; 37 import java.security.NoSuchProviderException; 38 import java.security.PublicKey; 39 import java.security.SignatureException; 36 40 import java.security.cert.CertificateException; 41 import java.security.spec.InvalidKeySpecException; 42 import java.security.spec.X509EncodedKeySpec; 43 import java.util.ArrayList; 44 import java.util.Collection; 37 45 import java.util.Enumeration; 46 47 import javax.swing.JOptionPane; 38 48 39 49 import org.openstreetmap.josm.Main; … … 44 54 */ 45 55 public class PlatformHookWindows extends PlatformHookUnixoid implements PlatformHook { 56 57 private static final byte[] INSECURE_PUBLIC_KEY = new byte[] { 58 0x30, (byte) 0x82, 0x1, 0x22, 0x30, 0xd, 0x6, 0x9, 0x2a, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xf7, 0xd, 0x1, 0x1, 0x1, 0x5, 0x0, 0x3, (byte) 0x82, 0x1, 0xf, 0x0, 59 0x30, (byte) 0x82, 0x01, 0x0a, 0x02, (byte) 0x82, 0x01, 0x01, 0x00, (byte) 0x95, (byte) 0x95, (byte) 0x88, 60 (byte) 0x84, (byte) 0xc8, (byte) 0xd9, 0x6b, (byte) 0xc5, (byte) 0xda, 0x0b, 0x69, (byte) 0xbf, (byte) 0xfc, 0x7e, (byte) 0xb9, (byte) 0x96, 0x2c, (byte) 0xeb, (byte) 0x8f, 61 (byte) 0xbc, 0x6e, 0x40, (byte) 0xe6, (byte) 0xe2, (byte) 0xfc, (byte) 0xf1, 0x7f, 0x73, (byte) 0xa7, (byte) 0x9d, (byte) 0xde, (byte) 0xc7, (byte) 0x88, 62 0x57, 0x51, (byte) 0x84, (byte) 0xed, (byte) 0x96, (byte) 0xfb, (byte) 0xe1, 0x38, (byte) 0xef, 0x08, 0x2b, (byte) 0xf3, (byte) 0xc7, (byte) 0xc3, 63 0x5d, (byte) 0xfe, (byte) 0xf9, 0x51, (byte) 0xe6, 0x29, (byte) 0xfc, (byte) 0xe5, 0x0d, (byte) 0xa1, 0x0d, (byte) 0xa8, (byte) 0xb4, (byte) 0xae, 64 0x26, 0x18, 0x19, 0x4d, 0x6c, 0x0c, 0x3b, 0x12, (byte) 0xba, (byte) 0xbc, 0x5f, 0x32, (byte) 0xb3, (byte) 0xbe, 65 (byte) 0x9d, 0x17, 0x0d, 0x4d, 0x2f, 0x1a, 0x48, (byte) 0xb7, (byte) 0xac, (byte) 0xf7, 0x1a, 0x43, 0x01, (byte) 0x97, 66 (byte) 0xf4, (byte) 0xf8, 0x4c, (byte) 0xbb, 0x6a, (byte) 0xbc, 0x33, (byte) 0xe1, 0x73, 0x1e, (byte) 0x86, (byte) 0xfb, 0x2e, (byte) 0xb1, 67 0x63, 0x75, (byte) 0x85, (byte) 0xdc, (byte) 0x82, 0x6c, 0x28, (byte) 0xf1, (byte) 0xe3, (byte) 0x90, 0x63, (byte) 0x9d, 0x3d, 0x48, 68 (byte) 0x8a, (byte) 0x8c, 0x47, (byte) 0xe2, 0x10, 0x0b, (byte) 0xef, (byte) 0x91, (byte) 0x94, (byte) 0xb0, 0x6c, 0x4c, (byte) 0x80, 0x76, 69 0x03, (byte) 0xe1, (byte) 0xb6, (byte) 0x90, (byte) 0x87, (byte) 0xd9, (byte) 0xae, (byte) 0xf4, (byte) 0x8e, (byte) 0xe0, (byte) 0x9f, (byte) 0xe7, 0x3a, 0x2c, 70 0x2f, 0x21, (byte) 0xd4, 0x46, (byte) 0xba, (byte) 0x95, 0x70, (byte) 0xa9, 0x5b, 0x20, 0x2a, (byte) 0xfa, 0x52, 0x3e, 71 (byte) 0x9d, (byte) 0xd9, (byte) 0xef, 0x28, (byte) 0xc5, (byte) 0xd1, 0x60, (byte) 0x89, 0x68, 0x6e, 0x7f, (byte) 0xd7, (byte) 0x9e, (byte) 0x89, 72 0x4c, (byte) 0xeb, 0x4d, (byte) 0xd2, (byte) 0xc6, (byte) 0xf4, 0x2d, 0x02, 0x5d, (byte) 0xda, (byte) 0xde, 0x33, (byte) 0xfe, (byte) 0xc1, 73 0x7e, (byte) 0xde, 0x4f, 0x1f, (byte) 0x9b, 0x6e, 0x6f, 0x0f, 0x66, 0x71, 0x19, (byte) 0xe9, 0x43, 0x3c, 74 (byte) 0x83, 0x0a, 0x0f, 0x28, 0x21, (byte) 0xc8, 0x38, (byte) 0xd3, 0x4e, 0x48, (byte) 0xdf, (byte) 0xd4, (byte) 0x99, (byte) 0xb5, 75 (byte) 0xc6, (byte) 0x8d, (byte) 0xd4, (byte) 0xc1, 0x69, 0x58, 0x79, (byte) 0x82, 0x32, (byte) 0x82, (byte) 0xd4, (byte) 0x86, (byte) 0xe2, 0x04, 76 0x08, 0x63, (byte) 0x87, (byte) 0xf0, 0x2a, (byte) 0xf6, (byte) 0xec, 0x3e, 0x51, 0x0f, (byte) 0xda, (byte) 0xb4, 0x67, 0x19, 77 0x5e, 0x16, 0x02, (byte) 0x9f, (byte) 0xf1, 0x19, 0x0c, 0x3e, (byte) 0xb8, 0x04, 0x49, 0x07, 0x53, 0x02, 78 0x03, 0x01, 0x00, 0x01 79 }; 80 81 private static final String WINDOWS_ROOT = "Windows-ROOT"; 46 82 47 83 @Override … … 138 174 } 139 175 140 @Override 141 public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry) 142 throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { 143 KeyStore ks = KeyStore.getInstance("Windows-ROOT"); 176 /** 177 * Loads Windows-ROOT keystore. 178 * @return Windows-ROOT keystore 179 * @throws NoSuchAlgorithmException if the algorithm used to check the integrity of the keystore cannot be found 180 * @throws CertificateException if any of the certificates in the keystore could not be loaded 181 * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given 182 * @throws KeyStoreException if no Provider supports a KeyStore implementation for the type "Windows-ROOT" 183 */ 184 private KeyStore getWindowsKeystore() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException { 185 KeyStore ks = KeyStore.getInstance(WINDOWS_ROOT); 144 186 ks.load(null, null); 187 return ks; 188 } 189 190 /** 191 * Removes potential insecure certificates installed with previous versions of JOSM on Windows. 192 * @throws NoSuchAlgorithmException on unsupported signature algorithms 193 * @throws CertificateException if any of the certificates in the Windows keystore could not be loaded 194 * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the type "Windows-ROOT" 195 * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given 196 * @since 7335 197 */ 198 public void removeInsecureCertificates() throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException { 199 // We offered before a public private key we need now to remove from Windows PCs as it might be a huge security risk (see #10230) 200 PublicKey insecurePubKey = null; 201 try { 202 insecurePubKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(INSECURE_PUBLIC_KEY)); 203 } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { 204 Main.error(e); 205 return; 206 } 207 KeyStore ks = getWindowsKeystore(); 145 208 Enumeration<String> en = ks.aliases(); 209 Collection<String> insecureCertificates = new ArrayList<>(); 146 210 while (en.hasMoreElements()) { 147 211 String alias = en.nextElement(); 148 Certificate c = ks.getCertificate(alias); 149 if (ks.isKeyEntry(alias) && c.equals(privateKeyEntry.getCertificate())) { 212 // Look for certificates associated with a private key 213 if (ks.isKeyEntry(alias)) { 214 try { 215 ks.getCertificate(alias).verify(insecurePubKey); 216 // If no exception, this is a certificate signed with the insecure key -> remove it 217 insecureCertificates.add(alias); 218 } catch (InvalidKeyException | NoSuchProviderException | SignatureException e) { 219 // If exception this is not a certificate related to JOSM, just trace it 220 Main.trace(alias + " --> " + e.getClass().getName()); 221 } 222 } 223 } 224 // Remove insecure certificates 225 if (!insecureCertificates.isEmpty()) { 226 StringBuilder message = new StringBuilder("<html>"); 227 message.append(tr("A previous version of JOSM has installed a custom certificate in order to provide HTTPS support for Remote Control:")); 228 message.append("<br><ul>"); 229 for (String alias : insecureCertificates) { 230 message.append("<li>"); 231 message.append(alias); 232 message.append("</li>"); 233 } 234 message.append("</ul>"); 235 message.append(tr("It appears it could be an important <b>security risk</b>.<br><br>"+ 236 "You are now going to be prompted by Windows to remove this insecure certificate.<br>For your own safety, <b>please click Yes</b> in next dialog.")); 237 message.append("</html>"); 238 JOptionPane.showMessageDialog(Main.parent, message.toString(), tr("Warning"), JOptionPane.WARNING_MESSAGE); 239 for (String alias : insecureCertificates) { 240 Main.warn(tr("Removing insecure certificate from {0} keystore: {1}", WINDOWS_ROOT, alias)); 241 try { 242 ks.deleteEntry(alias); 243 } catch (KeyStoreException e) { 244 Main.error(tr("Unable to remove insecure certificate from keystore: {0}", e.getMessage())); 245 } 246 } 247 } 248 } 249 250 @Override 251 public void setupHttpsCertificate(KeyStore.TrustedCertificateEntry trustedCert) 252 throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { 253 KeyStore ks = getWindowsKeystore(); 254 Enumeration<String> en = ks.aliases(); 255 256 while (en.hasMoreElements()) { 257 String alias = en.nextElement(); 258 // Look for certificate to install 259 if (ks.isKeyEntry(alias) && ks.getCertificate(alias).equals(trustedCert.getTrustedCertificate())) { 150 260 // JOSM certificate found, return 151 261 return; … … 153 263 } 154 264 // JOSM certificate not found, install it 155 Main.info( "Adding JOSM localhost certificate to Windows-ROOT keystore");156 ks.setEntry("josm_localhost", privateKeyEntry, new KeyStore.PasswordProtection("josm_ssl".toCharArray()));265 Main.info(tr("Adding JOSM localhost certificate to {0} keystore", WINDOWS_ROOT)); 266 ks.setEntry("josm_localhost", trustedCert, null); 157 267 } 158 268 }
Note:
See TracChangeset
for help on using the changeset viewer.