Changeset 7335 in josm for trunk

Timestamp:

2014-07-26T03:50:31+02:00 (11 years ago)

Author:

Don-vip

Message:

see #10230, see #10033 - big rework of HTTPS support for Remote Control:

• HTTPS disabled by default, must be enabled in remote control preferences
• Old certificate and private key removed from jar and Windows keystore if found, even if remote control disabled
• New certificate generated at runtime with critical X509 extensions BasicConstraints (non-CA certificate), ExtendedKeyUsage (usage restriction for TLS server sessions)
• New passwords generated at runtime (but stored in clear in user preferences)
• Private key is no longer stored in Windows keystore (only certificate)

Location:

trunk

Files:

• data/josm.keystore (deleted)
• src/org/openstreetmap/josm/Main.java (modified) (1 diff)
• src/org/openstreetmap/josm/actions/FullscreenToggleAction.java (modified) (3 diffs)
• src/org/openstreetmap/josm/actions/RestartAction.java (modified) (2 diffs)
• src/org/openstreetmap/josm/actions/ShowStatusReportAction.java (modified) (3 diffs)
• src/org/openstreetmap/josm/data/validation/OsmValidator.java (modified) (1 diff)
• src/org/openstreetmap/josm/gui/MainApplication.java (modified) (6 diffs)
• src/org/openstreetmap/josm/gui/preferences/remotecontrol/RemoteControlPreference.java (modified) (5 diffs)
• src/org/openstreetmap/josm/io/remotecontrol/RemoteControl.java (modified) (4 diffs)
• src/org/openstreetmap/josm/io/remotecontrol/RemoteControlHttpsServer.java (modified) (9 diffs)
• src/org/openstreetmap/josm/tools/OpenBrowser.java (modified) (1 diff)
• src/org/openstreetmap/josm/tools/PlatformHook.java (modified) (2 diffs)
• src/org/openstreetmap/josm/tools/PlatformHookUnixoid.java (modified) (1 diff)
• src/org/openstreetmap/josm/tools/PlatformHookWindows.java (modified) (4 diffs)

trunk/src/org/openstreetmap/josm/Main.java

@@ -1514 +1514 @@
         return Main.platform instanceof PlatformHookOsx;
     }
+
+    /**
+     * Determines if we are currently running on Windows.
+     * @return {@code true} if we are currently running on Windows
+     * @since 7335
+     */
+    public static boolean isPlatformWindows() {
+        return Main.platform instanceof PlatformHookWindows;
+    }
 }

trunk/src/org/openstreetmap/josm/actions/FullscreenToggleAction.java

@@ -21 +21 @@
 
 import org.openstreetmap.josm.Main;
-import org.openstreetmap.josm.tools.PlatformHookWindows;
 import org.openstreetmap.josm.tools.Shortcut;
 
@@ -77 +76 @@
             }
         }
-        
+
         boolean selected = isSelected();
 
@@ -95 +94 @@
         // screen by default (it's a simulated mode, but should be ok)
         String exclusive = Main.pref.get("draw.fullscreen.exclusive-mode", "auto");
-        if ("true".equals(exclusive) || ("auto".equals(exclusive) && !(Main.platform instanceof PlatformHookWindows))) {
+        if ("true".equals(exclusive) || ("auto".equals(exclusive) && !Main.isPlatformWindows())) {
             gd.setFullScreenWindow(selected ? frame : null);
         }

trunk/src/org/openstreetmap/josm/actions/RestartAction.java

@@ -18 +18 @@
 import org.openstreetmap.josm.gui.HelpAwareOptionPane.ButtonSpec;
 import org.openstreetmap.josm.tools.ImageProvider;
-import org.openstreetmap.josm.tools.PlatformHookWindows;
 import org.openstreetmap.josm.tools.Shortcut;
 
@@ -76 +75 @@
             // java binary
             final String java = System.getProperty("java.home") + File.separator + "bin" + File.separator +
-                    (Main.platform instanceof PlatformHookWindows ? "java.exe" : "java");
+                    (Main.isPlatformWindows() ? "java.exe" : "java");
             if (!new File(java).isFile()) {
                 throw new IOException("Unable to find suitable java runtime at "+java);

trunk/src/org/openstreetmap/josm/actions/ShowStatusReportAction.java

@@ -31 +31 @@
 import org.openstreetmap.josm.tools.OpenBrowser;
 import org.openstreetmap.josm.tools.PlatformHookUnixoid;
-import org.openstreetmap.josm.tools.PlatformHookWindows;
 import org.openstreetmap.josm.tools.Shortcut;
 import org.openstreetmap.josm.tools.Utils;
@@ -105 +104 @@
         try {
             final String envJavaHome = System.getenv("JAVA_HOME");
-            final String envJavaHomeAlt = Main.platform instanceof PlatformHookWindows ? "%JAVA_HOME%" : "${JAVA_HOME}";
+            final String envJavaHomeAlt = Main.isPlatformWindows() ? "%JAVA_HOME%" : "${JAVA_HOME}";
             final String propJavaHome = System.getProperty("java.home");
             final String propJavaHomeAlt = "<java.home>";
@@ -160 +159 @@
         try {
             Map<String, Setting<?>> settings = Main.pref.getAllSettings();
-            settings.remove("osm-server.username");
-            settings.remove("osm-server.password");
-            settings.remove("oauth.access-token.key");
-            settings.remove("oauth.access-token.secret");
             Set<String> keys = new HashSet<>(settings.keySet());
             for (String key : keys) {
-                if (key.startsWith("marker.show")) {
+                // Remove sensitive information from status report
+                if (key.startsWith("marker.show") || key.contains("username") || key.contains("password") || key.contains("access-token")) {
                     settings.remove(key);
                 }

trunk/src/org/openstreetmap/josm/data/validation/OsmValidator.java

@@ -145 +145 @@
 
     /**
-     * Returns the plugin's directory of the plugin
+     * Returns the validator directory.
      *
-     * @return The directory of the plugin
+     * @return The validator directory
      */
     public static String getValidatorDir() {

trunk/src/org/openstreetmap/josm/gui/MainApplication.java

@@ -13 +13 @@
 import java.awt.event.WindowEvent;
 import java.io.File;
+import java.io.IOException;
 import java.io.InputStream;
 import java.net.Authenticator;
@@ -19 +20 @@
 import java.security.AllPermission;
 import java.security.CodeSource;
+import java.security.KeyStoreException;
+import java.security.NoSuchAlgorithmException;
 import java.security.PermissionCollection;
 import java.security.Permissions;
 import java.security.Policy;
+import java.security.cert.CertificateException;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -59 +63 @@
 import org.openstreetmap.josm.tools.ImageProvider;
 import org.openstreetmap.josm.tools.OsmUrlToBounds;
+import org.openstreetmap.josm.tools.PlatformHookWindows;
 import org.openstreetmap.josm.tools.Utils;
 
@@ -323 +328 @@
             // Enable JOSM debug level
             logLevel = 4;
-            // Enable debug in OAuth signpost
-            Preferences.updateSystemProperty("debug", "true");
             Main.info(tr("Printing debugging messages to console"));
         }
@@ -331 +334 @@
             // Enable JOSM debug level
             logLevel = 5;
+            // Enable debug in OAuth signpost via system preference, but only at trace level
+            Preferences.updateSystemProperty("debug", "true");
             Main.info(tr("Enabled detailed debug level (trace)"));
         }
@@ -435 +440 @@
 
         SwingUtilities.invokeLater(new GuiFinalizationWorker(args, proxySelector));
+
+        if (Main.isPlatformWindows()) {
+            try {
+                // Check for insecure certificates to remove.
+                // This is Windows-dependant code but it can't go to preStartupHook (need i18n) neither startupHook (need to be called before remote control)
+                ((PlatformHookWindows)Main.platform).removeInsecureCertificates();
+            } catch (NoSuchAlgorithmException | CertificateException | KeyStoreException | IOException e) {
+                error(e);
+            }
+        }
 
         if (RemoteControl.PROP_REMOTECONTROL_ENABLED.get()) {

trunk/src/org/openstreetmap/josm/gui/preferences/remotecontrol/RemoteControlPreference.java

@@ -28 +28 @@
 import org.openstreetmap.josm.io.remotecontrol.PermissionPrefWithDefault;
 import org.openstreetmap.josm.io.remotecontrol.RemoteControl;
+import org.openstreetmap.josm.io.remotecontrol.RemoteControlHttpsServer;
 import org.openstreetmap.josm.io.remotecontrol.handler.RequestHandler;
 import org.openstreetmap.josm.tools.GBC;
@@ -59 +60 @@
     private final Map<PermissionPrefWithDefault, JCheckBox> prefs = new LinkedHashMap<>();
     private JCheckBox enableRemoteControl;
+    private JCheckBox enableHttpsSupport;
     private JCheckBox loadInNewLayer = new JCheckBox(tr("Download objects to new layer"));
     private JCheckBox alwaysAskUserConfirm = new JCheckBox(tr("Confirm all Remote Control actions manually"));
@@ -89 +91 @@
         remote.add(wrapper, GBC.eol().fill(GBC.HORIZONTAL).insets(5, 5, 5, 5));
 
-        wrapper.add(new JLabel(tr("Permitted actions:")), GBC.eol());
+        enableHttpsSupport = new JCheckBox(tr("Enable HTTPS support"), RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.get());
+        wrapper.add(enableHttpsSupport, GBC.eol().fill(GBC.HORIZONTAL));
+        wrapper.add(new JSeparator(), GBC.eop().fill(GBC.HORIZONTAL).insets(15, 5, 15, 5));
+
+        wrapper.add(new JLabel(tr("Permitted actions:")), GBC.eol().insets(5, 0, 0, 0));
         for (JCheckBox p : prefs.values()) {
             wrapper.add(p, GBC.eol().insets(15, 5, 0, 0).fill(GBC.HORIZONTAL));
@@ -120 +126 @@
     public boolean ok() {
         boolean enabled = enableRemoteControl.isSelected();
+        boolean httpsEnabled = enableHttpsSupport.isSelected();
         boolean changed = RemoteControl.PROP_REMOTECONTROL_ENABLED.put(enabled);
+        boolean httpsChanged = RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.put(httpsEnabled);
         if (enabled) {
             for (Entry<PermissionPrefWithDefault, JCheckBox> p : prefs.entrySet()) {
@@ -134 +142 @@
                 RemoteControl.stop();
             }
+        } else if (httpsChanged) {
+            if (httpsEnabled) {
+                RemoteControlHttpsServer.restartRemoteControlHttpsServer();
+            } else {
+                RemoteControlHttpsServer.stopRemoteControlHttpsServer();
+            }
         }
         return false;

trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControl.java

@@ -2 +2 @@
 package org.openstreetmap.josm.io.remotecontrol;
 
+import org.openstreetmap.josm.Main;
 import org.openstreetmap.josm.data.preferences.BooleanProperty;
 import org.openstreetmap.josm.io.remotecontrol.handler.RequestHandler;
@@ -11 +12 @@
  * and increment the major version and set minor to 0 on incompatible changes.
  */
-public class RemoteControl
-{
+public class RemoteControl {
+
     /**
      * If the remote control feature is enabled or disabled. If disabled,
@@ -18 +19 @@
      */
     public static final BooleanProperty PROP_REMOTECONTROL_ENABLED = new BooleanProperty("remotecontrol.enabled", false);
+
+    /**
+     * If the remote control feature is enabled or disabled for HTTPS. If disabled,
+     * only HTTP access will be available.
+     * @since 7335
+     */
+    public static final BooleanProperty PROP_REMOTECONTROL_HTTPS_ENABLED = new BooleanProperty("remotecontrol.https.enabled", false);
 
     /**
@@ -54 +62 @@
         RequestProcessor.addRequestHandlerClass(command, handlerClass);
     }
+
+    /**
+     * Returns the remote control directory.
+     * @return The remote control directory
+     * @since 7335
+     */
+    public static String getRemoteControlDir() {
+        return Main.pref.getPreferencesDir() + "remotecontrol/";
+    }
 }

trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControlHttpsServer.java

@@ -7 +7 @@
 import java.io.IOException;
 import java.io.InputStream;
+import java.math.BigInteger;
 import java.net.BindException;
 import java.net.InetAddress;
@@ -12 +13 @@
 import java.net.Socket;
 import java.net.SocketException;
-import java.security.Key;
-import java.security.KeyManagementException;
+import java.nio.file.Files;
+import java.nio.file.Path;
+import java.nio.file.Paths;
+import java.nio.file.StandardOpenOption;
+import java.security.GeneralSecurityException;
+import java.security.KeyPair;
+import java.security.KeyPairGenerator;
 import java.security.KeyStore;
-import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
 import java.security.PrivateKey;
-import java.security.UnrecoverableEntryException;
+import java.security.SecureRandom;
 import java.security.cert.Certificate;
-import java.security.cert.CertificateException;
+import java.security.cert.X509Certificate;
 import java.util.Arrays;
+import java.util.Date;
 import java.util.Enumeration;
+import java.util.Vector;
 
 import javax.net.ssl.KeyManagerFactory;
@@ -32 +39 @@
 
 import org.openstreetmap.josm.Main;
+import org.openstreetmap.josm.data.preferences.StringProperty;
+
+import sun.security.util.ObjectIdentifier;
+import sun.security.x509.AlgorithmId;
+import sun.security.x509.BasicConstraintsExtension;
+import sun.security.x509.CertificateAlgorithmId;
+import sun.security.x509.CertificateExtensions;
+import sun.security.x509.CertificateIssuerName;
+import sun.security.x509.CertificateSerialNumber;
+import sun.security.x509.CertificateSubjectName;
+import sun.security.x509.CertificateValidity;
+import sun.security.x509.CertificateVersion;
+import sun.security.x509.CertificateX509Key;
+import sun.security.x509.DNSName;
+import sun.security.x509.ExtendedKeyUsageExtension;
+import sun.security.x509.GeneralName;
+import sun.security.x509.GeneralNameInterface;
+import sun.security.x509.GeneralNames;
+import sun.security.x509.IPAddressName;
+import sun.security.x509.OIDName;
+import sun.security.x509.SubjectAlternativeNameExtension;
+import sun.security.x509.URIName;
+import sun.security.x509.X500Name;
+import sun.security.x509.X509CertImpl;
+import sun.security.x509.X509CertInfo;
 
 /**
@@ -47 +79 @@
     private SSLContext sslContext;
 
-    private static final String KEYSTORE_PATH = "/data/josm.keystore";
-    private static final String KEYSTORE_PASSWORD = "josm_ssl";
+    private static final String KEYSTORE_FILENAME = "josm.keystore";
+
+    /**
+     * Preference for keystore password (automatically generated by JOSM).
+     * @since 7335
+     */
+    public StringProperty KEYSTORE_PASSWORD = new StringProperty("remotecontrol.https.keystore.password", "");
+
+    /**
+     * Preference for certificate password (automatically generated by JOSM).
+     * @since 7335
+     */
+    public StringProperty KEYENTRY_PASSWORD = new StringProperty("remotecontrol.https.keyentry.password", "");
+
+    /**
+     * Creates a GeneralName object from known types.
+     * @param t one of 4 known types
+     * @param v value
+     * @return which one
+     * @throws IOException
+     */
+    private static GeneralName createGeneralName(String t, String v) throws IOException {
+        GeneralNameInterface gn;
+        switch (t.toLowerCase()) {
+            case "uri": gn = new URIName(v); break;
+            case "dns": gn = new DNSName(v); break;
+            case "ip": gn = new IPAddressName(v); break;
+            default: gn = new OIDName(v);
+        }
+        return new GeneralName(gn);
+    }
+
+    /**
+     * Create a self-signed X.509 Certificate.
+     * @param dn the X.509 Distinguished Name, eg "CN=localhost, OU=JOSM, O=OpenStreetMap"
+     * @param pair the KeyPair
+     * @param days how many days from now the Certificate is valid for
+     * @param algorithm the signing algorithm, eg "SHA256withRSA"
+     * @param san SubjectAlternativeName extension (optional)
+     */
+    private static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm, String san) throws GeneralSecurityException, IOException {
+        PrivateKey privkey = pair.getPrivate();
+        X509CertInfo info = new X509CertInfo();
+        Date from = new Date();
+        Date to = new Date(from.getTime() + days * 86400000l);
+        CertificateValidity interval = new CertificateValidity(from, to);
+        BigInteger sn = new BigInteger(64, new SecureRandom());
+        X500Name owner = new X500Name(dn);
+
+        info.set(X509CertInfo.VALIDITY, interval);
+        info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn));
+        info.set(X509CertInfo.SUBJECT, new CertificateSubjectName(owner));
+        info.set(X509CertInfo.ISSUER, new CertificateIssuerName(owner));
+        info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic()));
+        info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3));
+        AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid);
+        info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo));
+
+        CertificateExtensions ext = new CertificateExtensions();
+        // Critical: Not CA, max path len 0
+        ext.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(true, false, 0));
+        // Critical: only allow TLS ("serverAuth" = 1.3.6.1.5.5.7.3.1)
+        ext.set(ExtendedKeyUsageExtension.NAME, new ExtendedKeyUsageExtension(true,
+                new Vector<ObjectIdentifier>(Arrays.asList(new ObjectIdentifier("1.3.6.1.5.5.7.3.1")))));
+
+        if (san != null) {
+            int colonpos;
+            String[] ps = san.split(",");
+            GeneralNames gnames = new GeneralNames();
+            for(String item: ps) {
+                colonpos = item.indexOf(':');
+                if (colonpos < 0) {
+                    throw new IllegalArgumentException("Illegal item " + item + " in " + san);
+                }
+                String t = item.substring(0, colonpos);
+                String v = item.substring(colonpos+1);
+                gnames.add(createGeneralName(t, v));
+            }
+            // Non critical
+            ext.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(false, gnames));
+        }
+
+        info.set(X509CertInfo.EXTENSIONS, ext);
+
+        // Sign the cert to identify the algorithm that's used.
+        X509CertImpl cert = new X509CertImpl(info);
+        cert.sign(privkey, algorithm);
+
+        // Update the algorithm, and resign.
+        algo = (AlgorithmId)cert.get(X509CertImpl.SIG_ALG);
+        info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo);
+        cert = new X509CertImpl(info);
+        cert.sign(privkey, algorithm);
+        return cert;
+    }
 
     private void initialize() {
         if (!initOK) {
             try {
-                // Create new keystore
-                KeyStore ks = KeyStore.getInstance("JKS");
-                char[] password = KEYSTORE_PASSWORD.toCharArray();
-
-                // Load keystore generated with Java 7 keytool as follows:
-                // keytool -genkeypair -storepass josm_ssl -keypass josm_ssl -alias josm_localhost -dname "CN=localhost, OU=JOSM, O=OpenStreetMap"
-                // -ext san=ip:127.0.0.1 -keyalg RSA -validity 1825
-                try (InputStream in = RemoteControlHttpsServer.class.getResourceAsStream(KEYSTORE_PATH)) {
-                    if (in == null) {
-                        Main.error(tr("Unable to find JOSM keystore at {0}. Remote control will not be available on HTTPS.", KEYSTORE_PATH));
-                    } else {
-                        ks.load(in, password);
-
-                        if (Main.isDebugEnabled()) {
-                            for (Enumeration<String> aliases = ks.aliases(); aliases.hasMoreElements();) {
-                                Main.debug("Alias in keystore: "+aliases.nextElement());
-                            }
+                char[] storePassword = KEYSTORE_PASSWORD.get().toCharArray();
+                char[] entryPassword = KEYENTRY_PASSWORD.get().toCharArray();
+
+                Path dir = Paths.get(RemoteControl.getRemoteControlDir());
+                Path path = dir.resolve(KEYSTORE_FILENAME);
+                Files.createDirectories(dir);
+
+                if (!Files.exists(path)) {
+                    Main.debug("No keystore found, creating a new one");
+
+                    // Create new keystore like previous one generated with JDK keytool as follows:
+                    // keytool -genkeypair -storepass josm_ssl -keypass josm_ssl -alias josm_localhost -dname "CN=localhost, OU=JOSM, O=OpenStreetMap"
+                    // -ext san=ip:127.0.0.1 -keyalg RSA -validity 1825
+
+                    KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA");
+                    generator.initialize(2048);
+                    KeyPair pair = generator.generateKeyPair();
+
+                    X509Certificate cert = generateCertificate("CN=localhost, OU=JOSM, O=OpenStreetMap", pair, 1825, "SHA256withRSA", "ip:127.0.0.1");
+
+                    KeyStore ks = KeyStore.getInstance("JKS");
+                    ks.load(null, null);
+
+                    // Generate new passwords. See https://stackoverflow.com/a/41156/2257172
+                    SecureRandom random = new SecureRandom();
+                    KEYSTORE_PASSWORD.put(new BigInteger(130, random).toString(32));
+                    KEYENTRY_PASSWORD.put(new BigInteger(130, random).toString(32));
+
+                    storePassword = KEYSTORE_PASSWORD.get().toCharArray();
+                    entryPassword = KEYENTRY_PASSWORD.get().toCharArray();
+
+                    ks.setKeyEntry("josm_localhost", pair.getPrivate(), entryPassword, new Certificate[]{cert});
+                    ks.store(Files.newOutputStream(path, StandardOpenOption.CREATE), storePassword);
+                }
+
+                try (InputStream in = Files.newInputStream(path)) {
+                    // Load keystore
+                    KeyStore ks = KeyStore.getInstance("JKS");
+                    ks.load(in, storePassword);
+
+                    if (Main.isDebugEnabled()) {
+                        for (Enumeration<String> aliases = ks.aliases(); aliases.hasMoreElements();) {
+                            Main.debug("Alias in keystore: "+aliases.nextElement());
                         }
-
-                        KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
-                        kmf.init(ks, password);
-
-                        TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
-                        tmf.init(ks);
-
-                        sslContext = SSLContext.getInstance("TLS");
-                        sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
-
-                        if (Main.isDebugEnabled()) {
-                            Main.debug("SSL Context protocol: " + sslContext.getProtocol());
-                            Main.debug("SSL Context provider: " + sslContext.getProvider());
-                        }
-
-                        Enumeration<String> aliases = ks.aliases();
-                        if (aliases.hasMoreElements()) {
-                            String aliasKey = aliases.nextElement();
-                            Key key = ks.getKey(aliasKey, password);
-                            Certificate[] chain = ks.getCertificateChain(aliasKey);
-                            Main.platform.setupHttpsCertificate(new KeyStore.PrivateKeyEntry((PrivateKey) key, chain));
-                        }
-
-                        initOK = true;
                     }
-                }
-            } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException |
-                    IOException | KeyManagementException | UnrecoverableEntryException e) {
+
+                    KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509");
+                    kmf.init(ks, entryPassword);
+
+                    TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509");
+                    tmf.init(ks);
+
+                    sslContext = SSLContext.getInstance("TLS");
+                    sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);
+
+                    if (Main.isTraceEnabled()) {
+                        Main.trace("SSL Context protocol: " + sslContext.getProtocol());
+                        Main.trace("SSL Context provider: " + sslContext.getProvider());
+                    }
+
+                    Enumeration<String> aliases = ks.aliases();
+                    if (aliases.hasMoreElements()) {
+                        Main.platform.setupHttpsCertificate(new KeyStore.TrustedCertificateEntry(ks.getCertificate(aliases.nextElement())));
+                    }
+
+                    initOK = true;
+                }
+            } catch (IOException | GeneralSecurityException e) {
                 Main.error(e);
             }
@@ -112 +259 @@
             stopRemoteControlHttpsServer();
 
-            instance = new RemoteControlHttpsServer(port);
-            if (instance.initOK) {
-                instance.start();
+            if (RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.get()) {
+                instance = new RemoteControlHttpsServer(port);
+                if (instance.initOK) {
+                    instance.start();
+                }
             }
         } catch (BindException ex) {
@@ -152 +301 @@
         initialize();
 
+        if (!initOK) {
+            Main.error(tr("Unable to initialize Remote Control HTTPS Server"));
+            return;
+        }
+
         // Create SSL Server factory
         SSLServerSocketFactory factory = sslContext.getServerSocketFactory();
-        if (Main.isDebugEnabled()) {
-            Main.debug("SSL factory - Supported Cipher suites: "+Arrays.toString(factory.getSupportedCipherSuites()));
+        if (Main.isTraceEnabled()) {
+            Main.trace("SSL factory - Supported Cipher suites: "+Arrays.toString(factory.getSupportedCipherSuites()));
         }
 
@@ -165 +319 @@
             InetAddress.getByName(Main.pref.get("remote.control.host", "localhost")));
 
-        if (Main.isDebugEnabled() && server instanceof SSLServerSocket) {
+        if (Main.isTraceEnabled() && server instanceof SSLServerSocket) {
             SSLServerSocket sslServer = (SSLServerSocket) server;
-            Main.debug("SSL server - Enabled Cipher suites: "+Arrays.toString(sslServer.getEnabledCipherSuites()));
-            Main.debug("SSL server - Enabled Protocols: "+Arrays.toString(sslServer.getEnabledProtocols()));
-            Main.debug("SSL server - Enable Session Creation: "+sslServer.getEnableSessionCreation());
-            Main.debug("SSL server - Need Client Auth: "+sslServer.getNeedClientAuth());
-            Main.debug("SSL server - Want Client Auth: "+sslServer.getWantClientAuth());
-            Main.debug("SSL server - Use Client Mode: "+sslServer.getUseClientMode());
+            Main.trace("SSL server - Enabled Cipher suites: "+Arrays.toString(sslServer.getEnabledCipherSuites()));
+            Main.trace("SSL server - Enabled Protocols: "+Arrays.toString(sslServer.getEnabledProtocols()));
+            Main.trace("SSL server - Enable Session Creation: "+sslServer.getEnableSessionCreation());
+            Main.trace("SSL server - Need Client Auth: "+sslServer.getNeedClientAuth());
+            Main.trace("SSL server - Want Client Auth: "+sslServer.getWantClientAuth());
+            Main.trace("SSL server - Use Client Mode: "+sslServer.getUseClientMode());
         }
     }
@@ -187 +341 @@
                 @SuppressWarnings("resource")
                 Socket request = server.accept();
-                if (Main.isDebugEnabled() && request instanceof SSLSocket) {
+                if (Main.isTraceEnabled() && request instanceof SSLSocket) {
                     SSLSocket sslSocket = (SSLSocket) request;
-                    Main.debug("SSL socket - Enabled Cipher suites: "+Arrays.toString(sslSocket.getEnabledCipherSuites()));
-                    Main.debug("SSL socket - Enabled Protocols: "+Arrays.toString(sslSocket.getEnabledProtocols()));
-                    Main.debug("SSL socket - Enable Session Creation: "+sslSocket.getEnableSessionCreation());
-                    Main.debug("SSL socket - Need Client Auth: "+sslSocket.getNeedClientAuth());
-                    Main.debug("SSL socket - Want Client Auth: "+sslSocket.getWantClientAuth());
-                    Main.debug("SSL socket - Use Client Mode: "+sslSocket.getUseClientMode());
-                    Main.debug("SSL socket - Session: "+sslSocket.getSession());
+                    Main.trace("SSL socket - Enabled Cipher suites: "+Arrays.toString(sslSocket.getEnabledCipherSuites()));
+                    Main.trace("SSL socket - Enabled Protocols: "+Arrays.toString(sslSocket.getEnabledProtocols()));
+                    Main.trace("SSL socket - Enable Session Creation: "+sslSocket.getEnableSessionCreation());
+                    Main.trace("SSL socket - Need Client Auth: "+sslSocket.getNeedClientAuth());
+                    Main.trace("SSL socket - Want Client Auth: "+sslSocket.getWantClientAuth());
+                    Main.trace("SSL socket - Use Client Mode: "+sslSocket.getUseClientMode());
+                    Main.trace("SSL socket - Session: "+sslSocket.getSession());
                 }
                 RequestProcessor.processRequest(request);
@@ -214 +368 @@
      */
     public void stopServer() throws IOException {
-        server.close();
-        Main.info(marktr("RemoteControl::Server (https) stopped."));
+        if (server != null) {
+            server.close();
+            Main.info(marktr("RemoteControl::Server (https) stopped."));
+        }
     }
 }

trunk/src/org/openstreetmap/josm/tools/OpenBrowser.java

@@ -44 +44 @@
         if (Desktop.isDesktopSupported()) {
             try {
-                if (Main.platform instanceof PlatformHookWindows) {
+                if (Main.isPlatformWindows()) {
                     // Desktop API works fine under Windows, so we don't try any fallback in case of I/O exceptions because it's not API's fault
                     Desktop.getDesktop().browse(uri);

trunk/src/org/openstreetmap/josm/tools/PlatformHook.java

@@ -109 +109 @@
     /**
      * Setup system keystore to add JOSM HTTPS certificate (for remote control).
-     * @param privateKeyEntry the JOSM certificate for localhost and associated private key
+     * @param trustedCert the JOSM certificate for localhost
      * @throws KeyStoreException in case of error
      * @throws IOException in case of error
@@ -116 +116 @@
      * @since 7206
      */
-    public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry)
+    public void setupHttpsCertificate(KeyStore.TrustedCertificateEntry trustedCert)
             throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException;
 }

trunk/src/org/openstreetmap/josm/tools/PlatformHookUnixoid.java

@@ -358 +358 @@
 
     @Override
-    public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry)
+    public void setupHttpsCertificate(KeyStore.TrustedCertificateEntry trustedCert)
             throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
         // TODO setup HTTPS certificate on Unix systems

trunk/src/org/openstreetmap/josm/tools/PlatformHookWindows.java

@@ -30 +30 @@
 import java.io.File;
 import java.io.IOException;
+import java.security.InvalidKeyException;
+import java.security.KeyFactory;
 import java.security.KeyStore;
 import java.security.KeyStoreException;
 import java.security.NoSuchAlgorithmException;
-import java.security.cert.Certificate;
+import java.security.NoSuchProviderException;
+import java.security.PublicKey;
+import java.security.SignatureException;
 import java.security.cert.CertificateException;
+import java.security.spec.InvalidKeySpecException;
+import java.security.spec.X509EncodedKeySpec;
+import java.util.ArrayList;
+import java.util.Collection;
 import java.util.Enumeration;
+
+import javax.swing.JOptionPane;
 
 import org.openstreetmap.josm.Main;
@@ -44 +54 @@
   */
 public class PlatformHookWindows extends PlatformHookUnixoid implements PlatformHook {
+
+    private static final byte[] INSECURE_PUBLIC_KEY = new byte[] {
+        0x30, (byte) 0x82, 0x1, 0x22, 0x30, 0xd, 0x6, 0x9, 0x2a, (byte) 0x86, 0x48, (byte) 0x86, (byte) 0xf7, 0xd, 0x1, 0x1, 0x1, 0x5, 0x0, 0x3, (byte) 0x82, 0x1, 0xf, 0x0,
+        0x30, (byte) 0x82, 0x01, 0x0a, 0x02, (byte) 0x82, 0x01, 0x01, 0x00, (byte) 0x95, (byte) 0x95, (byte) 0x88,
+        (byte) 0x84, (byte) 0xc8, (byte) 0xd9, 0x6b, (byte) 0xc5, (byte) 0xda, 0x0b, 0x69, (byte) 0xbf, (byte) 0xfc, 0x7e, (byte) 0xb9, (byte) 0x96, 0x2c, (byte) 0xeb, (byte) 0x8f,
+        (byte) 0xbc, 0x6e, 0x40, (byte) 0xe6, (byte) 0xe2, (byte) 0xfc, (byte) 0xf1, 0x7f, 0x73, (byte) 0xa7, (byte) 0x9d, (byte) 0xde, (byte) 0xc7, (byte) 0x88,
+        0x57, 0x51, (byte) 0x84, (byte) 0xed, (byte) 0x96, (byte) 0xfb, (byte) 0xe1, 0x38, (byte) 0xef, 0x08, 0x2b, (byte) 0xf3, (byte) 0xc7, (byte) 0xc3,
+        0x5d, (byte) 0xfe, (byte) 0xf9, 0x51, (byte) 0xe6, 0x29, (byte) 0xfc, (byte) 0xe5, 0x0d, (byte) 0xa1, 0x0d, (byte) 0xa8, (byte) 0xb4, (byte) 0xae,
+        0x26, 0x18, 0x19, 0x4d, 0x6c, 0x0c, 0x3b, 0x12, (byte) 0xba, (byte) 0xbc, 0x5f, 0x32, (byte) 0xb3, (byte) 0xbe,
+        (byte) 0x9d, 0x17, 0x0d, 0x4d, 0x2f, 0x1a, 0x48, (byte) 0xb7, (byte) 0xac, (byte) 0xf7, 0x1a, 0x43, 0x01, (byte) 0x97,
+        (byte) 0xf4, (byte) 0xf8, 0x4c, (byte) 0xbb, 0x6a, (byte) 0xbc, 0x33, (byte) 0xe1, 0x73, 0x1e, (byte) 0x86, (byte) 0xfb, 0x2e, (byte) 0xb1,
+        0x63, 0x75, (byte) 0x85, (byte) 0xdc, (byte) 0x82, 0x6c, 0x28, (byte) 0xf1, (byte) 0xe3, (byte) 0x90, 0x63, (byte) 0x9d, 0x3d, 0x48,
+        (byte) 0x8a, (byte) 0x8c, 0x47, (byte) 0xe2, 0x10, 0x0b, (byte) 0xef, (byte) 0x91, (byte) 0x94, (byte) 0xb0, 0x6c, 0x4c, (byte) 0x80, 0x76,
+        0x03, (byte) 0xe1, (byte) 0xb6, (byte) 0x90, (byte) 0x87, (byte) 0xd9, (byte) 0xae, (byte) 0xf4, (byte) 0x8e, (byte) 0xe0, (byte) 0x9f, (byte) 0xe7, 0x3a, 0x2c,
+        0x2f, 0x21, (byte) 0xd4, 0x46, (byte) 0xba, (byte) 0x95, 0x70, (byte) 0xa9, 0x5b, 0x20, 0x2a, (byte) 0xfa, 0x52, 0x3e,
+        (byte) 0x9d, (byte) 0xd9, (byte) 0xef, 0x28, (byte) 0xc5, (byte) 0xd1, 0x60, (byte) 0x89, 0x68, 0x6e, 0x7f, (byte) 0xd7, (byte) 0x9e, (byte) 0x89,
+        0x4c, (byte) 0xeb, 0x4d, (byte) 0xd2, (byte) 0xc6, (byte) 0xf4, 0x2d, 0x02, 0x5d, (byte) 0xda, (byte) 0xde, 0x33, (byte) 0xfe, (byte) 0xc1,
+        0x7e, (byte) 0xde, 0x4f, 0x1f, (byte) 0x9b, 0x6e, 0x6f, 0x0f, 0x66, 0x71, 0x19, (byte) 0xe9, 0x43, 0x3c,
+        (byte) 0x83, 0x0a, 0x0f, 0x28, 0x21, (byte) 0xc8, 0x38, (byte) 0xd3, 0x4e, 0x48, (byte) 0xdf, (byte) 0xd4, (byte) 0x99, (byte) 0xb5,
+        (byte) 0xc6, (byte) 0x8d, (byte) 0xd4, (byte) 0xc1, 0x69, 0x58, 0x79, (byte) 0x82, 0x32, (byte) 0x82, (byte) 0xd4, (byte) 0x86, (byte) 0xe2, 0x04,
+        0x08, 0x63, (byte) 0x87, (byte) 0xf0, 0x2a, (byte) 0xf6, (byte) 0xec, 0x3e, 0x51, 0x0f, (byte) 0xda, (byte) 0xb4, 0x67, 0x19,
+        0x5e, 0x16, 0x02, (byte) 0x9f, (byte) 0xf1, 0x19, 0x0c, 0x3e, (byte) 0xb8, 0x04, 0x49, 0x07, 0x53, 0x02,
+        0x03, 0x01, 0x00, 0x01
+    };
+
+    private static final String WINDOWS_ROOT = "Windows-ROOT";
 
     @Override
@@ -138 +174 @@
     }
 
-    @Override
-    public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry)
-            throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
-        KeyStore ks = KeyStore.getInstance("Windows-ROOT");
+    /**
+     * Loads Windows-ROOT keystore.
+     * @return Windows-ROOT keystore
+     * @throws NoSuchAlgorithmException if the algorithm used to check the integrity of the keystore cannot be found
+     * @throws CertificateException if any of the certificates in the keystore could not be loaded
+     * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given
+     * @throws KeyStoreException if no Provider supports a KeyStore implementation for the type "Windows-ROOT"
+     */
+    private KeyStore getWindowsKeystore() throws NoSuchAlgorithmException, CertificateException, IOException, KeyStoreException {
+        KeyStore ks = KeyStore.getInstance(WINDOWS_ROOT);
         ks.load(null, null);
+        return ks;
+    }
+
+    /**
+     * Removes potential insecure certificates installed with previous versions of JOSM on Windows.
+     * @throws NoSuchAlgorithmException on unsupported signature algorithms
+     * @throws CertificateException if any of the certificates in the Windows keystore could not be loaded
+     * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the type "Windows-ROOT"
+     * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given
+     * @since 7335
+     */
+    public void removeInsecureCertificates() throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException {
+        // We offered before a public private key we need now to remove from Windows PCs as it might be a huge security risk (see #10230)
+        PublicKey insecurePubKey = null;
+        try {
+            insecurePubKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(INSECURE_PUBLIC_KEY));
+        } catch (InvalidKeySpecException | NoSuchAlgorithmException e) {
+            Main.error(e);
+            return;
+        }
+        KeyStore ks = getWindowsKeystore();
         Enumeration<String> en = ks.aliases();
+        Collection<String> insecureCertificates = new ArrayList<>();
         while (en.hasMoreElements()) {
             String alias = en.nextElement();
-            Certificate c = ks.getCertificate(alias);
-            if (ks.isKeyEntry(alias) && c.equals(privateKeyEntry.getCertificate())) {
+            // Look for certificates associated with a private key
+            if (ks.isKeyEntry(alias)) {
+                try {
+                    ks.getCertificate(alias).verify(insecurePubKey);
+                    // If no exception, this is a certificate signed with the insecure key -> remove it
+                    insecureCertificates.add(alias);
+                } catch (InvalidKeyException | NoSuchProviderException | SignatureException e) {
+                    // If exception this is not a certificate related to JOSM, just trace it
+                    Main.trace(alias + " --> " + e.getClass().getName());
+                }
+            }
+        }
+        // Remove insecure certificates
+        if (!insecureCertificates.isEmpty()) {
+            StringBuilder message = new StringBuilder("<html>");
+            message.append(tr("A previous version of JOSM has installed a custom certificate in order to provide HTTPS support for Remote Control:"));
+            message.append("<br><ul>");
+            for (String alias : insecureCertificates) {
+                message.append("<li>");
+                message.append(alias);
+                message.append("</li>");
+            }
+            message.append("</ul>");
+            message.append(tr("It appears it could be an important <b>security risk</b>.<br><br>"+
+                    "You are now going to be prompted by Windows to remove this insecure certificate.<br>For your own safety, <b>please click Yes</b> in next dialog."));
+            message.append("</html>");
+            JOptionPane.showMessageDialog(Main.parent, message.toString(), tr("Warning"), JOptionPane.WARNING_MESSAGE);
+            for (String alias : insecureCertificates) {
+                Main.warn(tr("Removing insecure certificate from {0} keystore: {1}", WINDOWS_ROOT, alias));
+                try {
+                    ks.deleteEntry(alias);
+                } catch (KeyStoreException e) {
+                    Main.error(tr("Unable to remove insecure certificate from keystore: {0}", e.getMessage()));
+                }
+            }
+        }
+    }
+
+    @Override
+    public void setupHttpsCertificate(KeyStore.TrustedCertificateEntry trustedCert)
+            throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException {
+        KeyStore ks = getWindowsKeystore();
+        Enumeration<String> en = ks.aliases();
+
+        while (en.hasMoreElements()) {
+            String alias = en.nextElement();
+            // Look for certificate to install
+            if (ks.isKeyEntry(alias) && ks.getCertificate(alias).equals(trustedCert.getTrustedCertificate())) {
                 // JOSM certificate found, return
                 return;
@@ -153 +263 @@
         }
         // JOSM certificate not found, install it
-        Main.info("Adding JOSM localhost certificate to Windows-ROOT keystore");
-        ks.setEntry("josm_localhost", privateKeyEntry, new KeyStore.PasswordProtection("josm_ssl".toCharArray()));
+        Main.info(tr("Adding JOSM localhost certificate to {0} keystore", WINDOWS_ROOT));
+        ks.setEntry("josm_localhost", trustedCert, null);
     }
 }