Hi Michael,
As you said you may need another uncertified url to test: you can try with
GeoNode demo, or my GeoNode instance: http://datos.cedeus.cl (both with
GeoServer backend)
Cheers,
Stefan
On Sat, Feb 23, 2019, 08:36 Michaël Michaud, <m.michael.mich...@orange.fr>
wrote:
> Ede,
>
> I moved the URLConnection strategy into a separate class. It will be
> easier to share if another service (WFS?) needs it.
>
> I also added the persistance mechanism with PersistantBlackboard.
>
> I tried to set the authorization on a per URL basis rather than
> globally. In fact, I still use the setDefaultSSLSocketFactory, but I set
> it back to default after each URLConnection creation. Not sure it works.
> I don't know how to test it without a second uncertified URL.
>
> Let me know if you think about a better strategy.
>
> Michaël
>
> Le 21/02/2019 à 10:41, edgar.sol...@web.de a écrit :
> > On 21.02.2019 08:39, michael michaud wrote:
> >> OK, I started the change. I added a dialog in WMService to make it
> possible to accept or reject the connection to an url with uncertified
> authority.
> >> The main problem was to not break project loading when the project
> contains such WMSLayers. You already get the infinite loop problem I
> encountered (you let a comment in WMService in 2016-01). Hopefully, the
> problem is now fixed in OpenProjectWizard).
> >> I did not tried to persist URLs accepted by the user. It can be done
> later (not very urgent as the dialog is opened only once during a session
> for the same URL connection).
> > ok, had a look at your addition.
> >
> > 1.
> > firstly, you add new thrown exceptions all over the place. this changes
> the methods signatures (bad). try to wrap it into the existing exception
> definition like "new IOException(e);"
> >
> > 2.
> > private void setTrustOption(boolean trust, URL url)
> > throws KeyManagementException, NoSuchAlgorithmException {
> > SSLContext sc = SSLContext.getInstance("SSL");
> > if (trust || trustedURLs.contains(url)) {
> > sc.init(null, new TrustManager[]{trm}, null);
> > trustedURLs.add(url);
> > } else {
> > sc.init(null, null, null);
> > }
> >
> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
> > }
> >
> > sets the global SSLContext, for _all_ connections via HttpsURLConnection
> thereafter. this means all connections after a one time OK in your dialog
> will not check the cert anymore.
> >
> > this definitely must be limited to _only_ affect new WMS connections.
> >
> > 3.
> > we should add CertificateException which signals a generally wrong cert.
> eg. different host name in cert
> >
> > 4.
> > i'll have a look at the dialog phrasing. it currently just spits out
> "UnverifiedCertificate". let me think of a proper error description.
> >
> > so far ..ede
> >
> >
> > _______________________________________________
> > Jump-pilot-devel mailing list
> > Jump-pilot-devel@lists.sourceforge.net
> > https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
> >
>
>
> _______________________________________________
> Jump-pilot-devel mailing list
> Jump-pilot-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
>
_______________________________________________
Jump-pilot-devel mailing list
Jump-pilot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
