hey Mike,
easiest probably is to create and setDefaultSSLSocketFactory() that itself
checks the host and acts accordingly. but we'll se when i find the time.
..ede
On 23.02.2019 12:36, Michaël Michaud wrote:
> Ede,
>
> I moved the URLConnection strategy into a separate class. It will be easier
> to share if another service (WFS?) needs it.
>
> I also added the persistance mechanism with PersistantBlackboard.
>
> I tried to set the authorization on a per URL basis rather than globally. In
> fact, I still use the setDefaultSSLSocketFactory, but I set it back to
> default after each URLConnection creation. Not sure it works. I don't know
> how to test it without a second uncertified URL.
>
> Let me know if you think about a better strategy.
>
> Michaël
>
> Le 21/02/2019 à 10:41, edgar.sol...@web.de a écrit :
>> On 21.02.2019 08:39, michael michaud wrote:
>>> OK, I started the change. I added a dialog in WMService to make it possible
>>> to accept or reject the connection to an url with uncertified authority.
>>> The main problem was to not break project loading when the project contains
>>> such WMSLayers. You already get the infinite loop problem I encountered
>>> (you let a comment in WMService in 2016-01). Hopefully, the problem is now
>>> fixed in OpenProjectWizard).
>>> I did not tried to persist URLs accepted by the user. It can be done later
>>> (not very urgent as the dialog is opened only once during a session for the
>>> same URL connection).
>> ok, had a look at your addition.
>>
>> 1.
>> firstly, you add new thrown exceptions all over the place. this changes the
>> methods signatures (bad). try to wrap it into the existing exception
>> definition like "new IOException(e);"
>>
>> 2.
>> private void setTrustOption(boolean trust, URL url)
>> throws KeyManagementException, NoSuchAlgorithmException {
>> SSLContext sc = SSLContext.getInstance("SSL");
>> if (trust || trustedURLs.contains(url)) {
>> sc.init(null, new TrustManager[]{trm}, null);
>> trustedURLs.add(url);
>> } else {
>> sc.init(null, null, null);
>> }
>> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
>> }
>>
>> sets the global SSLContext, for _all_ connections via HttpsURLConnection
>> thereafter. this means all connections after a one time OK in your dialog
>> will not check the cert anymore.
>>
>> this definitely must be limited to _only_ affect new WMS connections.
>>
>> 3.
>> we should add CertificateException which signals a generally wrong cert. eg.
>> different host name in cert
>>
>> 4.
>> i'll have a look at the dialog phrasing. it currently just spits out
>> "UnverifiedCertificate". let me think of a proper error description.
>>
>> so far ..ede
>>
>>
>> _______________________________________________
>> Jump-pilot-devel mailing list
>> Jump-pilot-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
>>
>
>
> _______________________________________________
> Jump-pilot-devel mailing list
> Jump-pilot-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
_______________________________________________
Jump-pilot-devel mailing list
Jump-pilot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
