as described before. we have several libraries providing HTTP(S) for us.
implementing a global setting would mean to have to implement it for them all
and finding out which ones are used.
for now i'd say let's polish your approach and be done with it.. ede
On 22.02.2019 08:54, Michaël Michaud wrote:
> Ede
>
> ... I think I see your first idea. Maybe it would be better to solve the
> problem out of WMService, in a dedicated Connection manager responsible for
> security management and used by every service needing HttpsURLConnection.
>
> Michaël
>
> Le 21/02/2019 à 10:41, edgar.sol...@web.de a écrit :
>> On 21.02.2019 08:39, michael michaud wrote:
>>> OK, I started the change. I added a dialog in WMService to make it possible
>>> to accept or reject the connection to an url with uncertified authority.
>>> The main problem was to not break project loading when the project contains
>>> such WMSLayers. You already get the infinite loop problem I encountered
>>> (you let a comment in WMService in 2016-01). Hopefully, the problem is now
>>> fixed in OpenProjectWizard).
>>> I did not tried to persist URLs accepted by the user. It can be done later
>>> (not very urgent as the dialog is opened only once during a session for the
>>> same URL connection).
>> ok, had a look at your addition.
>>
>> 1.
>> firstly, you add new thrown exceptions all over the place. this changes the
>> methods signatures (bad). try to wrap it into the existing exception
>> definition like "new IOException(e);"
>>
>> 2.
>> private void setTrustOption(boolean trust, URL url)
>> throws KeyManagementException, NoSuchAlgorithmException {
>> SSLContext sc = SSLContext.getInstance("SSL");
>> if (trust || trustedURLs.contains(url)) {
>> sc.init(null, new TrustManager[]{trm}, null);
>> trustedURLs.add(url);
>> } else {
>> sc.init(null, null, null);
>> }
>> HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
>> }
>>
>> sets the global SSLContext, for _all_ connections via HttpsURLConnection
>> thereafter. this means all connections after a one time OK in your dialog
>> will not check the cert anymore.
>>
>> this definitely must be limited to _only_ affect new WMS connections.
>>
>> 3.
>> we should add CertificateException which signals a generally wrong cert. eg.
>> different host name in cert
>>
>> 4.
>> i'll have a look at the dialog phrasing. it currently just spits out
>> "UnverifiedCertificate". let me think of a proper error description.
>>
>> so far ..ede
>>
>>
>> _______________________________________________
>> Jump-pilot-devel mailing list
>> Jump-pilot-devel@lists.sourceforge.net
>> https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
>>
>
>
> _______________________________________________
> Jump-pilot-devel mailing list
> Jump-pilot-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
_______________________________________________
Jump-pilot-devel mailing list
Jump-pilot-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/jump-pilot-devel
