Ede,
I moved the URLConnection strategy into a separate class. It will be
easier to share if another service (WFS?) needs it.
I also added the persistance mechanism with PersistantBlackboard.
I tried to set the authorization on a per URL basis rather than
globally. In fact, I still use the setDefaultSSLSocketFactory, but I set
it back to default after each URLConnection creation. Not sure it works.
I don't know how to test it without a second uncertified URL.
Let me know if you think about a better strategy.
Michaël
Le 21/02/2019 à 10:41, edgar.sol...@web.de a écrit :
On 21.02.2019 08:39, michael michaud wrote:
OK, I started the change. I added a dialog in WMService to make it possible to
accept or reject the connection to an url with uncertified authority.
The main problem was to not break project loading when the project contains
such WMSLayers. You already get the infinite loop problem I encountered (you
let a comment in WMService in 2016-01). Hopefully, the problem is now fixed in
OpenProjectWizard).
I did not tried to persist URLs accepted by the user. It can be done later (not
very urgent as the dialog is opened only once during a session for the same URL
connection).
ok, had a look at your addition.
1.
firstly, you add new thrown exceptions all over the place. this changes the methods
signatures (bad). try to wrap it into the existing exception definition like "new
IOException(e);"
2.
private void setTrustOption(boolean trust, URL url)
throws KeyManagementException, NoSuchAlgorithmException {
SSLContext sc = SSLContext.getInstance("SSL");
if (trust || trustedURLs.contains(url)) {
sc.init(null, new TrustManager[]{trm}, null);
trustedURLs.add(url);
} else {
sc.init(null, null, null);
}
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
}
sets the global SSLContext, for _all_ connections via HttpsURLConnection
thereafter. this means all connections after a one time OK in your dialog will
not check the cert anymore.
this definitely must be limited to _only_ affect new WMS connections.
3.
we should add CertificateException which signals a generally wrong cert. eg.
different host name in cert
4.
i'll have a look at the dialog phrasing. it currently just spits out
"UnverifiedCertificate". let me think of a proper error description.
so far ..ede
_______________________________________________
Jump-pilot-devel mailing list
Jump-pilot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
_______________________________________________
Jump-pilot-devel mailing list
Jump-pilot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
