Remote control HTTPS stays broken when keystore is unopenable

[midgard]

What steps will reproduce the problem?

1. Remove preferences.xml (sometimes it gets corrupted and discarded, so this can occur naturally)
2. remotecontrol/josm.keystore is now useless because the key for it is lost
3. Open JOSM

What is the expected result?

JOSM discards the keystore, creates a new one.

What happens instead?

JOSM logs the messages below and does not start the remote control over HTTPS. It will never again start over HTTPS until you manually remove the file remotecontrol/josm.keystore.

INFO: RemoteControl::Accepting remote connections on /127.0.0.1:8111
INFO: RemoteControl::Accepting remote connections on /0:0:0:0:0:0:0:1:8111
FINE: java.io.IOException: Keystore was tampered with, or password was incorrect. Cause: java.security.UnrecoverableKeyException: Password verification failed
WARNING: Cannot start IPv4 remotecontrol https server on port 8112: Keystore was tampered with, or password was incorrect
FINE: java.io.IOException: Keystore was tampered with, or password was incorrect. Cause: java.security.UnrecoverableKeyException: Password verification failed
WARNING: Cannot start IPv6 remotecontrol https server on port 8112: Keystore was tampered with, or password was incorrect

Please provide any additional information below. Attach a screenshot if possible.

URL:http://josm.openstreetmap.de/svn/trunk
Repository:UUID: 0c6e7542-c601-0410-84e7-c038aed88b3b
Last:Changed Date: 2017-12-31 03:09:43 +0100 (Sun, 31 Dec 2017)
Build-Date:2017-12-31 02:33:46
Revision:13265
Relative:URL: ^/trunk

Identification: JOSM/1.5 (13265) Linux
Memory Usage: 407 MB / 1749 MB (311 MB allocated, but free)
Java version: 1.8.0_144-b01, Oracle Corporation, OpenJDK 64-Bit Server VM
VM arguments: [-Djosm.restart=true, -Dawt.useSystemAAFontSettings=on]

Plugins:
+ Mapillary (v1.5.9)
+ apache-commons (33668)
+ apache-http (32699)
+ buildings_tools (33735)
+ ext_tools (33889)
+ reverter (33865)
+ tageditor (33806)
+ todo (30303)
+ turnlanes-tagging (260)
+ turnrestrictions (33780)
+ utilsplugin2 (33742)

Last errors/warnings:
- W: No configuration settings found.  Using hardcoded default values for all pools.
- W: Cannot start IPv4 remotecontrol https server on port 8112: Keystore was tampered with, or password was incorrect
- W: Cannot start IPv6 remotecontrol https server on port 8112: Keystore was tampered with, or password was incorrect

[Don-vip]

See #10033 comments. We're discussing about geting rid of https completely or not.

[midgard]

Okay, that's fine if it's just for localhost. Just make sure to coordinate with the osm-website guys. ;)

[Don-vip]

Don't worry we won't remove anything before OSM website :)

[Don-vip]

This also needs to be fixed if https support is kept.

[stoecker]

Hmm. As I'd prefer certs in X.509 this should be gone. Keystore all in memory. Much like the root cert loader.

[marc_marc]

same issue ticket:10033#comment:87 same fix (don't forget to readd the certif for ​https://127.0.0.1:8112 into the nagivator for overpass turbo)

[midgard]

That's not a fix, that's a workaround. In this issue's description, this workaround is already mentioned.

[Don-vip]

In 15469/josm:

fix #10033, fix #15748, fix #17097 - drop remote control https support

Rationale: all modern browsers (including next version of Safari) allow mixed-content to localhost.

Cross-platform / cross-browser HTTPS support is a pain to maintain, was never completed, and is no longer needed.