On 21.02.2019 08:39, michael michaud wrote:
> OK, I started the change. I added a dialog in WMService to make it possible
> to accept or reject the connection to an url with uncertified authority.
> The main problem was to not break project loading when the project contains
> such WMSLayers. You already get the infinite loop problem I encountered (you
> let a comment in WMService in 2016-01). Hopefully, the problem is now fixed
> in OpenProjectWizard).
> I did not tried to persist URLs accepted by the user. It can be done later
> (not very urgent as the dialog is opened only once during a session for the
> same URL connection).
ok, had a look at your addition.
1.
firstly, you add new thrown exceptions all over the place. this changes the
methods signatures (bad). try to wrap it into the existing exception definition
like "new IOException(e);"
2.
private void setTrustOption(boolean trust, URL url)
throws KeyManagementException, NoSuchAlgorithmException {
SSLContext sc = SSLContext.getInstance("SSL");
if (trust || trustedURLs.contains(url)) {
sc.init(null, new TrustManager[]{trm}, null);
trustedURLs.add(url);
} else {
sc.init(null, null, null);
}
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
sets the global SSLContext, for _all_ connections via HttpsURLConnection
thereafter. this means all connections after a one time OK in your dialog will
not check the cert anymore.
this definitely must be limited to _only_ affect new WMS connections.
3.
we should add CertificateException which signals a generally wrong cert. eg.
different host name in cert
4.
i'll have a look at the dialog phrasing. it currently just spits out
"UnverifiedCertificate". let me think of a proper error description.
so far ..ede
_______________________________________________
Jump-pilot-devel mailing list
Jump-pilot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
