Changeset 15469 in josm for trunk/test

Timestamp:

2019-10-22T23:32:51+02:00 (5 years ago)

Author:

Don-vip

Message:

fix #10033, fix #15748, fix #17097 - drop remote control https support

Rationale: all modern browsers (including next version of Safari) allow mixed-content to localhost.

Cross-platform / cross-browser HTTPS support is a pain to maintain, was never completed, and is no longer needed.

Location:

trunk/test/unit/org/openstreetmap/josm

Files:

• io/remotecontrol/RemoteControlTest.java (modified) (6 diffs)
• tools/PlatformHookOsxTest.java (modified) (1 diff)
• tools/PlatformHookWindowsTest.java (modified) (4 diffs)

trunk/test/unit/org/openstreetmap/josm/io/remotecontrol/RemoteControlTest.java

@@ -11 +11 @@
 import java.net.URL;
 import java.nio.charset.StandardCharsets;
-import java.nio.file.Files;
-import java.nio.file.Paths;
 import java.security.GeneralSecurityException;
 import java.security.KeyStore.TrustedCertificateEntry;
-import java.security.SecureRandom;
-import java.security.cert.X509Certificate;
-
-import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.HttpsURLConnection;
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.TrustManager;
-import javax.net.ssl.X509TrustManager;
 
 import org.junit.After;
@@ -31 +21 @@
 import org.openstreetmap.josm.spi.preferences.Config;
 import org.openstreetmap.josm.testutils.JOSMTestRules;
-import org.openstreetmap.josm.tools.Logging;
 import org.openstreetmap.josm.tools.PlatformHookWindows;
 import org.openstreetmap.josm.tools.PlatformManager;
@@ -45 +34 @@
 
     private String httpBase;
-    private String httpsBase;
 
     private static class PlatformHookWindowsMock extends MockUp<PlatformHookWindows> {
@@ -67 +55 @@
     @Before
     public void setUp() throws GeneralSecurityException {
-        RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.put(true);
-        deleteKeystore();
-
         if (PlatformManager.isPlatformWindows() && "True".equals(System.getenv("APPVEYOR"))) {
             // appveyor doesn't like us tinkering with the root keystore, so mock this out
@@ -77 +62 @@
 
         RemoteControl.start();
-        disableCertificateValidation();
         httpBase = "http://127.0.0.1:"+Config.getPref().getInt("remote.control.port", 8111);
-        httpsBase = "https://127.0.0.1:"+Config.getPref().getInt("remote.control.https.port", 8112);
-    }
-
-    /**
-     * Deletes JOSM keystore, if it exists.
-     */
-    public static void deleteKeystore() {
-        try {
-            Files.deleteIfExists(Paths.get(
-                    RemoteControl.getRemoteControlDir()).resolve(RemoteControlHttpsServer.KEYSTORE_FILENAME));
-        } catch (IOException e) {
-            Logging.error(e);
-        }
-    }
-
-    /**
-     * Disable all HTTPS validation mechanisms as described
-     * <a href="http://stackoverflow.com/a/2893932/2257172">here</a> and
-     * <a href="http://stackoverflow.com/a/19542614/2257172">here</a>
-     * @throws GeneralSecurityException if a security error occurs
-     */
-    public void disableCertificateValidation() throws GeneralSecurityException {
-        // Create a trust manager that does not validate certificate chains
-        TrustManager[] trustAllCerts = new TrustManager[] {
-            new X509TrustManager() {
-                @Override
-                @SuppressFBWarnings(value = "WEAK_TRUST_MANAGER")
-                public X509Certificate[] getAcceptedIssuers() {
-                    return new X509Certificate[0];
-                }
-
-                @Override
-                @SuppressFBWarnings(value = "WEAK_TRUST_MANAGER")
-                public void checkClientTrusted(X509Certificate[] certs, String authType) {
-                }
-
-                @Override
-                @SuppressFBWarnings(value = "WEAK_TRUST_MANAGER")
-                public void checkServerTrusted(X509Certificate[] certs, String authType) {
-                }
-            }
-        };
-
-        // Install the all-trusting trust manager
-        SSLContext sc = SSLContext.getInstance("TLS");
-        sc.init(null, trustAllCerts, new SecureRandom());
-        HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
-
-        // Create all-trusting host name verifier
-        HostnameVerifier allHostsValid = (hostname, session) -> true;
-
-        // Install the all-trusting host verifier
-        HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid);
     }
 
@@ -149 +80 @@
     public void testHttpListOfCommands() throws Exception {
         testListOfCommands(httpBase);
-    }
-
-    /**
-     * Tests that sending an HTTPS request without command results in HTTP 400, with all available commands in error message.
-     * @throws Exception if an error occurs
-     */
-    @Test
-    public void testHttpsListOfCommands() throws Exception {
-        testListOfCommands(httpsBase);
     }
 

trunk/test/unit/org/openstreetmap/josm/tools/PlatformHookOsxTest.java

@@ -38 +38 @@
     public void testStartupHook() {
         hook.startupHook((a, b, c, d) -> System.out.println("callback"));
-    }
-
-    /**
-     * Test method for {@code PlatformHookOsx#setupHttpsCertificate}
-     * @throws Exception if an error occurs
-     */
-    @Test
-    public void testSetupHttpsCertificate() throws Exception {
-        assertFalse(hook.setupHttpsCertificate(null, null));
     }
 

trunk/test/unit/org/openstreetmap/josm/tools/PlatformHookWindowsTest.java

@@ -7 +7 @@
 import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertTrue;
-import static org.junit.Assume.assumeFalse;
 import static org.junit.Assert.fail;
 
@@ -13 +12 @@
 import java.io.File;
 import java.io.IOException;
-import java.security.KeyStore;
-import java.security.KeyStore.TrustedCertificateEntry;
 import java.security.KeyStoreException;
 import java.util.Collection;
@@ -22 +19 @@
 import org.openstreetmap.josm.JOSMFixture;
 import org.openstreetmap.josm.TestUtils;
-import org.openstreetmap.josm.io.remotecontrol.RemoteControlHttpsServer;
-import org.openstreetmap.josm.io.remotecontrol.RemoteControlTest;
 import org.openstreetmap.josm.spi.preferences.Config;
 
@@ -64 +59 @@
             try {
                 PlatformHookWindows.getRootKeystore();
-                fail("Expected KeyStoreException");
-            } catch (KeyStoreException e) {
-                Logging.info(e.getMessage());
-            }
-        }
-    }
-
-    /**
-     * Test method for {@code PlatformHookWindows#removeInsecureCertificates}
-     * @throws Exception if an error occurs
-     */
-    @Test
-    public void testRemoveInsecureCertificates() throws Exception {
-        if (PlatformManager.isPlatformWindows()) {
-            PlatformHookWindows.removeInsecureCertificates();
-        } else {
-            try {
-                PlatformHookWindows.removeInsecureCertificates();
-                fail("Expected KeyStoreException");
-            } catch (KeyStoreException e) {
-                Logging.info(e.getMessage());
-            }
-        }
-    }
-
-    /**
-     * Test method for {@code PlatformHookWindows#setupHttpsCertificate}
-     * @throws Exception if an error occurs
-     */
-    @Test
-    public void testSetupHttpsCertificate() throws Exception {
-        // appveyor doesn't like us tinkering with the root keystore
-        assumeFalse(PlatformManager.isPlatformWindows() && "True".equals(System.getenv("APPVEYOR")));
-
-        RemoteControlTest.deleteKeystore();
-        KeyStore ks = RemoteControlHttpsServer.loadJosmKeystore();
-        TrustedCertificateEntry trustedCert = new KeyStore.TrustedCertificateEntry(ks.getCertificate(ks.aliases().nextElement()));
-        if (PlatformManager.isPlatformWindows()) {
-            hook.setupHttpsCertificate(RemoteControlHttpsServer.ENTRY_ALIAS, trustedCert);
-        } else {
-            try {
-                hook.setupHttpsCertificate(RemoteControlHttpsServer.ENTRY_ALIAS, trustedCert);
                 fail("Expected KeyStoreException");
             } catch (KeyStoreException e) {