Re: [JPP-Devel] [jump-pilot:bugs] #484 WMS Authentification fails

Thu, 21 Feb 2019 13:09:16 -0800 

ok, had a look at your addition.

1.
firstly, you add new thrown exceptions all over the place. this changes the methods 
signatures (bad). try to wrap it into the existing exception definition like "new 
IOException(e);"

Good idea, I'll change that.

2.
   private void setTrustOption(boolean trust, URL url)
           throws KeyManagementException, NoSuchAlgorithmException {
     SSLContext sc = SSLContext.getInstance("SSL");
     if (trust || trustedURLs.contains(url)) {
       sc.init(null, new TrustManager[]{trm}, null);
       trustedURLs.add(url);
     } else {
       sc.init(null, null, null);
     }
     HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
   }

sets the global SSLContext, for _all_ connections via HttpsURLConnection 
thereafter. this means all connections after a one time OK in your dialog will 
not check the cert anymore.

this definitely must be limited to _only_ affect new WMS connections.


Annoying :-( What would you advice ?
Maybe we can reset the context to default at the begining of WMService initializer, and set the trust manager only if the URL is already known, but the HttpsURLConnection would remain unchecked for other services initializing a connection ouside WMService, right ?
Maybe there is something to do with HttpsURLConnection.setHostNameVerifier ? 


3.
we should add CertificateException which signals a generally wrong cert. eg. 
different host name in cert
A kind of light certification ? Is the certificate supposed to contain the host URL ? How to read it ? From HttpsURLConnection.getLocalCertificate (I cannot see a host name in Certificate class) ? 

4.
i'll have a look at the dialog phrasing. it currently just spits out 
"UnverifiedCertificate". let me think of a proper error description.
Feel free to change : wording about encryption seems always encrypted to me... 

Michaël



so far ..ede


_______________________________________________
Jump-pilot-devel mailing list
Jump-pilot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel




_______________________________________________
Jump-pilot-devel mailing list
Jump-pilot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel

Reply via email to