- Timestamp:
- 2014-06-01T17:55:24+02:00 (10 years ago)
- Location:
- trunk
- Files:
-
- 5 edited
Legend:
- Unmodified
- Added
- Removed
-
trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControlHttpsServer.java
r7037 r7206 12 12 import java.net.Socket; 13 13 import java.net.SocketException; 14 import java.security.Key; 14 15 import java.security.KeyManagementException; 15 16 import java.security.KeyStore; 16 17 import java.security.KeyStoreException; 17 18 import java.security.NoSuchAlgorithmException; 18 import java.security.UnrecoverableKeyException; 19 import java.security.PrivateKey; 20 import java.security.UnrecoverableEntryException; 21 import java.security.cert.Certificate; 19 22 import java.security.cert.CertificateException; 20 23 import java.util.Arrays; … … 32 35 /** 33 36 * Simple HTTPS server that spawns a {@link RequestProcessor} for every secure connection. 34 * 37 * 35 38 * @since 6941 36 39 */ … … 42 45 private static RemoteControlHttpsServer instance; 43 46 private boolean initOK = false; 44 private SSLContext sslContext; 47 private SSLContext sslContext; 45 48 46 49 private static final String KEYSTORE_PATH = "/data/josm.keystore"; … … 53 56 KeyStore ks = KeyStore.getInstance("JKS"); 54 57 char[] password = KEYSTORE_PASSWORD.toCharArray(); 55 56 // Load keystore 58 59 // Load keystore generated with Java 7 keytool as follows: 60 // keytool -genkeypair -storepass josm_ssl -keypass josm_ssl -alias josm_localhost -dname "CN=localhost, OU=JOSM, O=OpenStreetMap" 61 // -ext san=ip:127.0.0.1 -keyalg RSA -validity 1825 57 62 try (InputStream in = RemoteControlHttpsServer.class.getResourceAsStream(KEYSTORE_PATH)) { 58 63 if (in == null) { … … 60 65 } else { 61 66 ks.load(in, password); 62 67 63 68 if (Main.isDebugEnabled()) { 64 69 for (Enumeration<String> aliases = ks.aliases(); aliases.hasMoreElements();) { … … 66 71 } 67 72 } 68 73 69 74 KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); 70 75 kmf.init(ks, password); 71 76 72 77 TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); 73 78 tmf.init(ks); 74 79 75 80 sslContext = SSLContext.getInstance("TLS"); 76 81 sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); 77 82 78 83 if (Main.isDebugEnabled()) { 79 84 Main.debug("SSL Context protocol: " + sslContext.getProtocol()); 80 85 Main.debug("SSL Context provider: " + sslContext.getProvider()); 81 86 } 82 87 88 Enumeration<String> aliases = ks.aliases(); 89 if (aliases.hasMoreElements()) { 90 String aliasKey = aliases.nextElement(); 91 Key key = ks.getKey(aliasKey, password); 92 Certificate[] chain = ks.getCertificateChain(aliasKey); 93 Main.platform.setupHttpsCertificate(new KeyStore.PrivateKeyEntry((PrivateKey) key, chain)); 94 } 95 83 96 initOK = true; 84 97 } 85 98 } 86 } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | 87 IOException | UnrecoverableKeyException | KeyManagementException e) {99 } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | 100 IOException | KeyManagementException | UnrecoverableEntryException e) { 88 101 Main.error(e); 89 102 } … … 136 149 super("RemoteControl HTTPS Server"); 137 150 this.setDaemon(true); 138 151 139 152 initialize(); 140 153 141 154 // Create SSL Server factory 142 155 SSLServerSocketFactory factory = sslContext.getServerSocketFactory(); … … 144 157 Main.debug("SSL factory - Supported Cipher suites: "+Arrays.toString(factory.getSupportedCipherSuites())); 145 158 } 146 159 147 160 // Start the server socket with only 1 connection. 148 161 // Also make sure we only listen … … 151 164 this.server = factory.createServerSocket(port, 1, 152 165 InetAddress.getByName(Main.pref.get("remote.control.host", "localhost"))); 153 166 154 167 if (Main.isDebugEnabled() && server instanceof SSLServerSocket) { 155 168 SSLServerSocket sslServer = (SSLServerSocket) server; -
trunk/src/org/openstreetmap/josm/tools/PlatformHook.java
r6830 r7206 4 4 import java.io.File; 5 5 import java.io.IOException; 6 import java.security.KeyStore; 7 import java.security.KeyStoreException; 8 import java.security.NoSuchAlgorithmException; 9 import java.security.cert.CertificateException; 6 10 7 11 /** … … 102 106 */ 103 107 public String getOSDescription(); 108 109 /** 110 * Setup system keystore to add JOSM HTTPS certificate (for remote control). 111 * @param privateKeyEntry the JOSM certificate for localhost and associated private key 112 * @throws KeyStoreException in case of error 113 * @throws IOException in case of error 114 * @throws CertificateException in case of error 115 * @throws NoSuchAlgorithmException in case of error 116 * @since 7206 117 */ 118 public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry) 119 throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException; 104 120 } -
trunk/src/org/openstreetmap/josm/tools/PlatformHookUnixoid.java
r7082 r7206 16 16 import java.net.URISyntaxException; 17 17 import java.nio.charset.StandardCharsets; 18 import java.security.KeyStore; 19 import java.security.KeyStoreException; 20 import java.security.NoSuchAlgorithmException; 21 import java.security.cert.CertificateException; 18 22 import java.util.Arrays; 19 23 … … 25 29 26 30 /** 27 * see PlatformHook.java 28 * 29 * BTW: THIS IS A STUB. See comments below for details. 31 * {@code PlatformHook} base implementation. 30 32 * 31 33 * Don't write (Main.platform instanceof PlatformHookUnixoid) because other platform … … 364 366 }); 365 367 } 368 369 @Override 370 public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry) 371 throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { 372 // TODO setup HTTPS certificate on Unix systems 373 } 366 374 } -
trunk/src/org/openstreetmap/josm/tools/PlatformHookWindows.java
r7001 r7206 30 30 import java.io.File; 31 31 import java.io.IOException; 32 import java.security.KeyStore; 33 import java.security.KeyStoreException; 34 import java.security.NoSuchAlgorithmException; 35 import java.security.cert.Certificate; 36 import java.security.cert.CertificateException; 37 import java.util.Enumeration; 38 39 import org.openstreetmap.josm.Main; 32 40 33 41 /** … … 129 137 ((System.getenv("ProgramFiles(x86)") == null) ? "32" : "64") + "-Bit"; 130 138 } 139 140 @Override 141 public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry) 142 throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { 143 KeyStore ks = KeyStore.getInstance("Windows-ROOT"); 144 ks.load(null, null); 145 Enumeration<String> en = ks.aliases(); 146 while (en.hasMoreElements()) { 147 String alias = en.nextElement(); 148 Certificate c = ks.getCertificate(alias); 149 if (ks.isKeyEntry(alias) && c.equals(privateKeyEntry.getCertificate())) { 150 // JOSM certificate found, return 151 return; 152 } 153 } 154 // JOSM certificate not found, install it 155 Main.info("Adding JOSM localhost certificate to Windows-ROOT keystore"); 156 ks.setEntry("josm_localhost", privateKeyEntry, new KeyStore.PasswordProtection("josm_ssl".toCharArray())); 157 } 131 158 }
Note:
See TracChangeset
for help on using the changeset viewer.