Hi Stefan,
Hey nice website !
I could not find a way to get WMS addresses from your site, but I found
one ssl wms in the default addresses we have in OpenJUMP.
It does not work if I set the trust option to false back just "after"
returning the new URLConnection. I modified the code right now and it
works if I set the defaut trust option to untrust just "before" a new
connection. The drawback is that it is set to trust all the time between
two connections, so that if someone use a HttpsURLConnection without
using the URLConnectionProvider, he is in trust mode.
Michaël
Le 23/02/2019 à 16:56, Stefan Steiniger a écrit :
Hi Michael,
As you said you may need another uncertified url to test: you can try
with GeoNode demo, or my GeoNode instance: http://datos.cedeus.cl
(both with GeoServer backend)
Cheers,
Stefan
On Sat, Feb 23, 2019, 08:36 Michaël Michaud,
<m.michael.mich...@orange.fr <mailto:m.michael.mich...@orange.fr>> wrote:
Ede,
I moved the URLConnection strategy into a separate class. It will be
easier to share if another service (WFS?) needs it.
I also added the persistance mechanism with PersistantBlackboard.
I tried to set the authorization on a per URL basis rather than
globally. In fact, I still use the setDefaultSSLSocketFactory, but
I set
it back to default after each URLConnection creation. Not sure it
works.
I don't know how to test it without a second uncertified URL.
Let me know if you think about a better strategy.
Michaël
Le 21/02/2019 à 10:41, edgar.sol...@web.de
<mailto:edgar.sol...@web.de> a écrit :
> On 21.02.2019 08:39, michael michaud wrote:
>> OK, I started the change. I added a dialog in WMService to make
it possible to accept or reject the connection to an url with
uncertified authority.
>> The main problem was to not break project loading when the
project contains such WMSLayers. You already get the infinite loop
problem I encountered (you let a comment in WMService in 2016-01).
Hopefully, the problem is now fixed in OpenProjectWizard).
>> I did not tried to persist URLs accepted by the user. It can be
done later (not very urgent as the dialog is opened only once
during a session for the same URL connection).
> ok, had a look at your addition.
>
> 1.
> firstly, you add new thrown exceptions all over the place. this
changes the methods signatures (bad). try to wrap it into the
existing exception definition like "new IOException(e);"
>
> 2.
> private void setTrustOption(boolean trust, URL url)
> throws KeyManagementException, NoSuchAlgorithmException {
> SSLContext sc = SSLContext.getInstance("SSL");
> if (trust || trustedURLs.contains(url)) {
> sc.init(null, new TrustManager[]{trm}, null);
> trustedURLs.add(url);
> } else {
> sc.init(null, null, null);
> }
>
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
> }
>
> sets the global SSLContext, for _all_ connections via
HttpsURLConnection thereafter. this means all connections after a
one time OK in your dialog will not check the cert anymore.
>
> this definitely must be limited to _only_ affect new WMS
connections.
>
> 3.
> we should add CertificateException which signals a generally
wrong cert. eg. different host name in cert
>
> 4.
> i'll have a look at the dialog phrasing. it currently just spits
out "UnverifiedCertificate". let me think of a proper error
description.
>
> so far ..ede
>
>
> _______________________________________________
> Jump-pilot-devel mailing list
> Jump-pilot-devel@lists.sourceforge.net
<mailto:Jump-pilot-devel@lists.sourceforge.net>
> https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
>
_______________________________________________
Jump-pilot-devel mailing list
Jump-pilot-devel@lists.sourceforge.net
<mailto:Jump-pilot-devel@lists.sourceforge.net>
https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
_______________________________________________
Jump-pilot-devel mailing list
Jump-pilot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
_______________________________________________
Jump-pilot-devel mailing list
Jump-pilot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
