Index: trunk/build.xml =================================================================== --- trunk/build.xml (revision 15468) +++ trunk/build.xml (revision 15469) @@ -198,5 +198,5 @@ - + @@ -417,8 +417,4 @@ - - - - @@ -515,8 +511,4 @@ - - - - Index: trunk/josm-latest.jnlp =================================================================== --- trunk/josm-latest.jnlp (revision 15468) +++ trunk/josm-latest.jnlp (revision 15469) @@ -21,5 +21,5 @@ - + Index: trunk/josm.jnlp =================================================================== --- trunk/josm.jnlp (revision 15468) +++ trunk/josm.jnlp (revision 15469) @@ -21,5 +21,5 @@ - + Index: trunk/src/org/openstreetmap/josm/data/Preferences.java =================================================================== --- trunk/src/org/openstreetmap/josm/data/Preferences.java (revision 15468) +++ trunk/src/org/openstreetmap/josm/data/Preferences.java (revision 15469) @@ -83,4 +83,6 @@ private static final String[] OBSOLETE_PREF_KEYS = { + "remotecontrol.https.enabled", /* remove entry after Dec. 2019 */ + "remotecontrol.https.port", /* remove entry after Dec. 2019 */ }; Index: trunk/src/org/openstreetmap/josm/gui/MainApplication.java =================================================================== --- trunk/src/org/openstreetmap/josm/gui/MainApplication.java (revision 15468) +++ trunk/src/org/openstreetmap/josm/gui/MainApplication.java (revision 15469) @@ -27,10 +27,7 @@ import java.security.CodeSource; import java.security.GeneralSecurityException; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; import java.security.PermissionCollection; import java.security.Permissions; import java.security.Policy; -import java.security.cert.CertificateException; import java.util.ArrayList; import java.util.Arrays; @@ -929,15 +926,4 @@ SwingUtilities.invokeLater(new GuiFinalizationWorker(args, proxySelector)); - if (PlatformManager.isPlatformWindows()) { - try { - // Check for insecure certificates to remove. - // This is Windows-dependant code but it can't go to preStartupHook (need i18n) - // neither startupHook (need to be called before remote control) - PlatformHookWindows.removeInsecureCertificates(); - } catch (NoSuchAlgorithmException | CertificateException | KeyStoreException | IOException e) { - Logging.error(e); - } - } - if (RemoteControl.PROP_REMOTECONTROL_ENABLED.get()) { RemoteControl.start(); Index: trunk/src/org/openstreetmap/josm/gui/preferences/remotecontrol/RemoteControlPreference.java =================================================================== --- trunk/src/org/openstreetmap/josm/gui/preferences/remotecontrol/RemoteControlPreference.java (revision 15468) +++ trunk/src/org/openstreetmap/josm/gui/preferences/remotecontrol/RemoteControlPreference.java (revision 15469) @@ -8,10 +8,4 @@ import java.awt.GridBagLayout; import java.awt.event.ActionListener; -import java.io.IOException; -import java.security.GeneralSecurityException; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.cert.CertificateException; import java.util.LinkedHashMap; import java.util.Map; @@ -20,8 +14,6 @@ import javax.swing.BorderFactory; import javax.swing.Box; -import javax.swing.JButton; import javax.swing.JCheckBox; import javax.swing.JLabel; -import javax.swing.JOptionPane; import javax.swing.JPanel; import javax.swing.JSeparator; @@ -36,11 +28,7 @@ import org.openstreetmap.josm.io.remotecontrol.PermissionPrefWithDefault; import org.openstreetmap.josm.io.remotecontrol.RemoteControl; -import org.openstreetmap.josm.io.remotecontrol.RemoteControlHttpsServer; import org.openstreetmap.josm.io.remotecontrol.handler.RequestHandler; import org.openstreetmap.josm.spi.preferences.Config; import org.openstreetmap.josm.tools.GBC; -import org.openstreetmap.josm.tools.Logging; -import org.openstreetmap.josm.tools.PlatformHookWindows; -import org.openstreetmap.josm.tools.PlatformManager; /** @@ -73,8 +61,4 @@ private final Map prefs = new LinkedHashMap<>(); private JCheckBox enableRemoteControl; - private JCheckBox enableHttpsSupport; - - private JButton installCertificate; - private JButton uninstallCertificate; private final JCheckBox loadInNewLayer = new JCheckBox(tr("Download as new layer")); @@ -93,8 +77,7 @@ final JLabel portLabel = new JLabel("" - + tr("JOSM will always listen at port {0} (http) and port {1} (https) on localhost." - + "
These ports are not configurable because they are referenced by external applications talking to JOSM.", - Config.getPref().get("remote.control.port", "8111"), - Config.getPref().get("remote.control.https.port", "8112")) + ""); + + tr("JOSM will always listen at port {0} (http) on localhost." + + "
This port is not configurable because it is referenced by external applications talking to JOSM.", + Config.getPref().get("remote.control.port", "8111")) + ""); portLabel.setFont(portLabel.getFont().deriveFont(Font.PLAIN)); remote.add(portLabel, GBC.eol().insets(5, 5, 0, 10).fill(GBC.HORIZONTAL)); @@ -107,52 +90,4 @@ remote.add(wrapper, GBC.eol().fill(GBC.HORIZONTAL).insets(5, 5, 5, 5)); - - boolean https = RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.get(); - - enableHttpsSupport = new JCheckBox(tr("Enable HTTPS support"), https); - wrapper.add(enableHttpsSupport, GBC.eol().fill(GBC.HORIZONTAL)); - - // Certificate installation only available on Windows for now, see #10033 - if (PlatformManager.isPlatformWindows()) { - installCertificate = new JButton(tr("Install...")); - uninstallCertificate = new JButton(tr("Uninstall...")); - installCertificate.setToolTipText(tr("Install JOSM localhost certificate to system/browser root keystores")); - uninstallCertificate.setToolTipText(tr("Uninstall JOSM localhost certificate from system/browser root keystores")); - wrapper.add(new JLabel(tr("Certificate:")), GBC.std().insets(15, 5, 0, 0)); - wrapper.add(installCertificate, GBC.std().insets(5, 5, 0, 0)); - wrapper.add(uninstallCertificate, GBC.eol().insets(5, 5, 0, 0)); - enableHttpsSupport.addActionListener(e -> installCertificate.setEnabled(enableHttpsSupport.isSelected())); - installCertificate.addActionListener(e -> { - try { - boolean changed = RemoteControlHttpsServer.setupPlatform( - RemoteControlHttpsServer.loadJosmKeystore()); - String msg = changed ? - tr("Certificate has been successfully installed.") : - tr("Certificate is already installed. Nothing to do."); - Logging.info(msg); - JOptionPane.showMessageDialog(wrapper, msg); - } catch (IOException | GeneralSecurityException ex) { - Logging.error(ex); - } - }); - uninstallCertificate.addActionListener(e -> { - try { - String msg; - KeyStore ks = PlatformHookWindows.getRootKeystore(); - if (ks.containsAlias(RemoteControlHttpsServer.ENTRY_ALIAS)) { - Logging.info(tr("Removing certificate {0} from root keystore.", RemoteControlHttpsServer.ENTRY_ALIAS)); - ks.deleteEntry(RemoteControlHttpsServer.ENTRY_ALIAS); - msg = tr("Certificate has been successfully uninstalled."); - } else { - msg = tr("Certificate is not installed. Nothing to do."); - } - Logging.info(msg); - JOptionPane.showMessageDialog(wrapper, msg); - } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | IOException ex) { - Logging.error(ex); - } - }); - installCertificate.setEnabled(https); - } wrapper.add(new JSeparator(), GBC.eop().fill(GBC.HORIZONTAL).insets(15, 5, 15, 5)); @@ -174,17 +109,5 @@ RequestHandler.globalConfirmationKey, RequestHandler.globalConfirmationDefault)); - ActionListener remoteControlEnabled = e -> { - GuiHelper.setEnabledRec(wrapper, enableRemoteControl.isSelected()); - enableHttpsSupport.setEnabled(RemoteControl.supportsHttps()); - // 'setEnabled(false)' does not work for JLabel with html text, so do it manually - // FIXME: use QuadStateCheckBox to make checkboxes unset when disabled - if (installCertificate != null && uninstallCertificate != null) { - // Install certificate button is enabled if HTTPS is also enabled - installCertificate.setEnabled(enableRemoteControl.isSelected() - && enableHttpsSupport.isSelected() && RemoteControl.supportsHttps()); - // Uninstall certificate button is always enabled - uninstallCertificate.setEnabled(RemoteControl.supportsHttps()); - } - }; + ActionListener remoteControlEnabled = e -> GuiHelper.setEnabledRec(wrapper, enableRemoteControl.isSelected()); enableRemoteControl.addActionListener(remoteControlEnabled); remoteControlEnabled.actionPerformed(null); @@ -195,7 +118,5 @@ public boolean ok() { boolean enabled = enableRemoteControl.isSelected(); - boolean httpsEnabled = enableHttpsSupport.isSelected(); boolean changed = RemoteControl.PROP_REMOTECONTROL_ENABLED.put(enabled); - boolean httpsChanged = RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.put(httpsEnabled); if (enabled) { for (Entry p : prefs.entrySet()) { @@ -211,10 +132,4 @@ RemoteControl.stop(); } - } else if (httpsChanged) { - if (httpsEnabled) { - RemoteControlHttpsServer.restartRemoteControlHttpsServer(); - } else { - RemoteControlHttpsServer.stopRemoteControlHttpsServer(); - } } return false; Index: trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControl.java =================================================================== --- trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControl.java (revision 15468) +++ trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControl.java (revision 15469) @@ -11,5 +11,4 @@ import org.openstreetmap.josm.io.remotecontrol.handler.RequestHandler; import org.openstreetmap.josm.spi.preferences.Config; -import org.openstreetmap.josm.tools.Logging; /** @@ -28,12 +27,4 @@ /** - * If the remote control feature is enabled or disabled for HTTPS. If disabled, - * only HTTP access will be available. - * @since 7335 - */ - public static final BooleanProperty PROP_REMOTECONTROL_HTTPS_ENABLED = new BooleanProperty( - "remotecontrol.https.enabled", false); - - /** * RemoteControl HTTP protocol version. Change minor number for compatible * interface extensions. Change major number in case of incompatible @@ -48,7 +39,4 @@ public static void start() { RemoteControlHttpServer.restartRemoteControlHttpServer(); - if (supportsHttps()) { - RemoteControlHttpsServer.restartRemoteControlHttpsServer(); - } } @@ -59,21 +47,4 @@ public static void stop() { RemoteControlHttpServer.stopRemoteControlHttpServer(); - if (supportsHttps()) { - RemoteControlHttpsServer.stopRemoteControlHttpsServer(); - } - } - - /** - * Determines if the current JVM support HTTPS remote control. - * @return {@code true} if the JVM provides {@code sun.security.x509} classes - * @since 12703 - */ - public static boolean supportsHttps() { - try { - return Class.forName("sun.security.x509.GeneralName") != null; - } catch (ClassNotFoundException | SecurityException e) { - Logging.trace(e); - return false; - } } Index: trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControlHttpsServer.java =================================================================== --- trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControlHttpsServer.java (revision 15468) +++ (revision ) @@ -1,439 +1,0 @@ -// License: GPL. For details, see LICENSE file. -package org.openstreetmap.josm.io.remotecontrol; - -import static org.openstreetmap.josm.tools.I18n.marktr; - -import java.io.IOException; -import java.io.InputStream; -import java.io.OutputStream; -import java.math.BigInteger; -import java.net.ServerSocket; -import java.net.Socket; -import java.net.SocketException; -import java.nio.file.Files; -import java.nio.file.Path; -import java.nio.file.Paths; -import java.nio.file.StandardOpenOption; -import java.security.GeneralSecurityException; -import java.security.KeyPair; -import java.security.KeyPairGenerator; -import java.security.KeyStore; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; -import java.security.PrivateKey; -import java.security.SecureRandom; -import java.security.cert.Certificate; -import java.security.cert.CertificateException; -import java.security.cert.X509Certificate; -import java.util.Arrays; -import java.util.Date; -import java.util.Enumeration; -import java.util.Locale; -import java.util.Vector; - -import javax.net.ssl.KeyManagerFactory; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLServerSocket; -import javax.net.ssl.SSLServerSocketFactory; -import javax.net.ssl.SSLSocket; -import javax.net.ssl.TrustManagerFactory; - -import org.openstreetmap.josm.data.preferences.StringProperty; -import org.openstreetmap.josm.spi.preferences.Config; -import org.openstreetmap.josm.tools.Logging; -import org.openstreetmap.josm.tools.PlatformManager; - -import sun.security.util.ObjectIdentifier; -import sun.security.x509.AlgorithmId; -import sun.security.x509.BasicConstraintsExtension; -import sun.security.x509.CertificateAlgorithmId; -import sun.security.x509.CertificateExtensions; -import sun.security.x509.CertificateSerialNumber; -import sun.security.x509.CertificateValidity; -import sun.security.x509.CertificateVersion; -import sun.security.x509.CertificateX509Key; -import sun.security.x509.DNSName; -import sun.security.x509.ExtendedKeyUsageExtension; -import sun.security.x509.GeneralName; -import sun.security.x509.GeneralNameInterface; -import sun.security.x509.GeneralNames; -import sun.security.x509.IPAddressName; -import sun.security.x509.OIDName; -import sun.security.x509.SubjectAlternativeNameExtension; -import sun.security.x509.URIName; -import sun.security.x509.X500Name; -import sun.security.x509.X509CertImpl; -import sun.security.x509.X509CertInfo; - -/** - * Simple HTTPS server that spawns a {@link RequestProcessor} for every secure connection. - * - * @since 6941 - */ -public class RemoteControlHttpsServer extends Thread { - - /** The server socket */ - private final ServerSocket server; - - /** The server instance for IPv4 */ - private static volatile RemoteControlHttpsServer instance4; - /** The server instance for IPv6 */ - private static volatile RemoteControlHttpsServer instance6; - - /** SSL context information for connections */ - private SSLContext sslContext; - - /* the default port for HTTPS remote control */ - private static final int HTTPS_PORT = 8112; - - /** - * JOSM keystore file name. - * @since 7337 - */ - public static final String KEYSTORE_FILENAME = "josm.keystore"; - - /** - * Preference for keystore password (automatically generated by JOSM). - * @since 7335 - */ - public static final StringProperty KEYSTORE_PASSWORD = new StringProperty("remotecontrol.https.keystore.password", ""); - - /** - * Preference for certificate password (automatically generated by JOSM). - * @since 7335 - */ - public static final StringProperty KEYENTRY_PASSWORD = new StringProperty("remotecontrol.https.keyentry.password", ""); - - /** - * Unique alias used to store JOSM localhost entry, both in JOSM keystore and system/browser keystores. - * @since 7343 - */ - public static final String ENTRY_ALIAS = "josm_localhost"; - - /** - * Creates a GeneralNameInterface object from known types. - * @param t one of 4 known types - * @param v value - * @return which one - * @throws IOException if any I/O error occurs - */ - private static GeneralNameInterface createGeneralNameInterface(String t, String v) throws IOException { - switch (t.toLowerCase(Locale.ENGLISH)) { - case "uri": return new URIName(v); - case "dns": return new DNSName(v); - case "ip": return new IPAddressName(v); - default: return new OIDName(v); - } - } - - /** - * Create a self-signed X.509 Certificate. - * @param dn the X.509 Distinguished Name, eg "CN=localhost, OU=JOSM, O=OpenStreetMap" - * @param pair the KeyPair - * @param days how many days from now the Certificate is valid for - * @param algorithm the signing algorithm, eg "SHA256withRSA" - * @param san SubjectAlternativeName extension (optional) - * @return the self-signed X.509 Certificate - * @throws GeneralSecurityException if any security error occurs - * @throws IOException if any I/O error occurs - */ - private static X509Certificate generateCertificate(String dn, KeyPair pair, int days, String algorithm, String san) - throws GeneralSecurityException, IOException { - X509CertInfo info = new X509CertInfo(); - Date from = new Date(); - Date to = new Date(from.getTime() + days * 86_400_000L); - CertificateValidity interval = new CertificateValidity(from, to); - BigInteger sn = new BigInteger(64, new SecureRandom()); - X500Name owner = new X500Name(dn); - - info.set(X509CertInfo.VALIDITY, interval); - info.set(X509CertInfo.SERIAL_NUMBER, new CertificateSerialNumber(sn)); - info.set(X509CertInfo.SUBJECT, owner); - info.set(X509CertInfo.ISSUER, owner); - - info.set(X509CertInfo.KEY, new CertificateX509Key(pair.getPublic())); - info.set(X509CertInfo.VERSION, new CertificateVersion(CertificateVersion.V3)); - AlgorithmId algo = new AlgorithmId(AlgorithmId.md5WithRSAEncryption_oid); - info.set(X509CertInfo.ALGORITHM_ID, new CertificateAlgorithmId(algo)); - - CertificateExtensions ext = new CertificateExtensions(); - // Critical: Not CA, max path len 0 - ext.set(BasicConstraintsExtension.NAME, new BasicConstraintsExtension(Boolean.TRUE, false, 0)); - // Critical: only allow TLS ("serverAuth" = 1.3.6.1.5.5.7.3.1) - ext.set(ExtendedKeyUsageExtension.NAME, new ExtendedKeyUsageExtension(Boolean.TRUE, - new Vector<>(Arrays.asList(new ObjectIdentifier("1.3.6.1.5.5.7.3.1"))))); - - if (san != null) { - int colonpos; - String[] ps = san.split(","); - GeneralNames gnames = new GeneralNames(); - for (String item: ps) { - colonpos = item.indexOf(':'); - if (colonpos < 0) { - throw new IllegalArgumentException("Illegal item " + item + " in " + san); - } - String t = item.substring(0, colonpos); - String v = item.substring(colonpos+1); - gnames.add(new GeneralName(createGeneralNameInterface(t, v))); - } - // Non critical - ext.set(SubjectAlternativeNameExtension.NAME, new SubjectAlternativeNameExtension(Boolean.FALSE, gnames)); - } - - info.set(X509CertInfo.EXTENSIONS, ext); - - // Sign the cert to identify the algorithm that's used. - PrivateKey privkey = pair.getPrivate(); - X509CertImpl cert = new X509CertImpl(info); - cert.sign(privkey, algorithm); - - // Update the algorithm, and resign. - algo = (AlgorithmId) cert.get(X509CertImpl.SIG_ALG); - info.set(CertificateAlgorithmId.NAME + "." + CertificateAlgorithmId.ALGORITHM, algo); - cert = new X509CertImpl(info); - cert.sign(privkey, algorithm); - return cert; - } - - /** - * Setup the JOSM internal keystore, used to store HTTPS certificate and private key. - * @return Path to the (initialized) JOSM keystore - * @throws IOException if an I/O error occurs - * @throws GeneralSecurityException if a security error occurs - * @since 7343 - */ - public static Path setupJosmKeystore() throws IOException, GeneralSecurityException { - - Path dir = Paths.get(RemoteControl.getRemoteControlDir()); - Path path = dir.resolve(KEYSTORE_FILENAME); - Files.createDirectories(dir); - - if (!path.toFile().exists()) { - Logging.debug("No keystore found, creating a new one"); - - // Create new keystore like previous one generated with JDK keytool as follows: - // keytool -genkeypair -storepass josm_ssl -keypass josm_ssl -alias josm_localhost -dname "CN=localhost, OU=JOSM, O=OpenStreetMap" - // -ext san=ip:127.0.0.1 -keyalg RSA -validity 1825 - - KeyPairGenerator generator = KeyPairGenerator.getInstance("RSA"); - generator.initialize(2048); - KeyPair pair = generator.generateKeyPair(); - - X509Certificate cert = generateCertificate("CN=localhost, OU=JOSM, O=OpenStreetMap", pair, 1825, "SHA256withRSA", - "dns:localhost,ip:127.0.0.1,ip:::1,uri:https://127.0.0.1:"+HTTPS_PORT+",uri:https://::1:"+HTTPS_PORT); - - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(null, null); - - // Generate new passwords. See https://stackoverflow.com/a/41156/2257172 - SecureRandom random = new SecureRandom(); - KEYSTORE_PASSWORD.put(new BigInteger(130, random).toString(32)); - KEYENTRY_PASSWORD.put(new BigInteger(130, random).toString(32)); - - char[] storePassword = KEYSTORE_PASSWORD.get().toCharArray(); - char[] entryPassword = KEYENTRY_PASSWORD.get().toCharArray(); - - ks.setKeyEntry(ENTRY_ALIAS, pair.getPrivate(), entryPassword, new Certificate[]{cert}); - try (OutputStream out = Files.newOutputStream(path, StandardOpenOption.CREATE)) { - ks.store(out, storePassword); - } - } - return path; - } - - /** - * Loads the JOSM keystore. - * @return the (initialized) JOSM keystore - * @throws IOException if an I/O error occurs - * @throws GeneralSecurityException if a security error occurs - * @since 7343 - */ - public static KeyStore loadJosmKeystore() throws IOException, GeneralSecurityException { - try (InputStream in = Files.newInputStream(setupJosmKeystore())) { - KeyStore ks = KeyStore.getInstance("JKS"); - ks.load(in, KEYSTORE_PASSWORD.get().toCharArray()); - - if (Logging.isDebugEnabled()) { - for (Enumeration aliases = ks.aliases(); aliases.hasMoreElements();) { - Logging.debug("Alias in JOSM keystore: {0}", aliases.nextElement()); - } - } - return ks; - } - } - - /** - * Initializes the TLS basics. - * @throws IOException if an I/O error occurs - * @throws GeneralSecurityException if a security error occurs - */ - private void initialize() throws IOException, GeneralSecurityException { - KeyStore ks = loadJosmKeystore(); - - KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); - kmf.init(ks, KEYENTRY_PASSWORD.get().toCharArray()); - - TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); - tmf.init(ks); - - sslContext = SSLContext.getInstance("TLSv1.2"); - sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - - if (Logging.isTraceEnabled()) { - Logging.trace("SSL Context protocol: {0}", sslContext.getProtocol()); - Logging.trace("SSL Context provider: {0}", sslContext.getProvider()); - } - - setupPlatform(ks); - } - - /** - * Setup the platform-dependant certificate stuff. - * @param josmKs The JOSM keystore, containing localhost certificate and private key. - * @return {@code true} if something has changed as a result of the call (certificate installation, etc.) - * @throws KeyStoreException if the keystore has not been initialized (loaded) - * @throws NoSuchAlgorithmException in case of error - * @throws CertificateException in case of error - * @throws IOException in case of error - * @since 7343 - */ - public static boolean setupPlatform(KeyStore josmKs) throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { - Enumeration aliases = josmKs.aliases(); - if (aliases.hasMoreElements()) { - return PlatformManager.getPlatform().setupHttpsCertificate(ENTRY_ALIAS, - new KeyStore.TrustedCertificateEntry(josmKs.getCertificate(aliases.nextElement()))); - } - return false; - } - - /** - * Starts or restarts the HTTPS server - */ - public static void restartRemoteControlHttpsServer() { - stopRemoteControlHttpsServer(); - if (RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.get()) { - int port = Config.getPref().getInt("remote.control.https.port", HTTPS_PORT); - try { - instance4 = new RemoteControlHttpsServer(port, false); - instance4.start(); - } catch (IOException | GeneralSecurityException ex) { - Logging.debug(ex); - Logging.warn(marktr("Cannot start IPv4 remotecontrol https server on port {0}: {1}"), - Integer.toString(port), ex.getLocalizedMessage()); - } - try { - instance6 = new RemoteControlHttpsServer(port, true); - instance6.start(); - } catch (IOException | GeneralSecurityException ex) { - /* only show error when we also have no IPv4 */ - if (instance4 == null) { - Logging.debug(ex); - Logging.warn(marktr("Cannot start IPv6 remotecontrol https server on port {0}: {1}"), - Integer.toString(port), ex.getLocalizedMessage()); - } - } - } - } - - /** - * Stops the HTTPS server - */ - public static void stopRemoteControlHttpsServer() { - if (instance4 != null) { - try { - instance4.stopServer(); - } catch (IOException ioe) { - Logging.error(ioe); - } - instance4 = null; - } - if (instance6 != null) { - try { - instance6.stopServer(); - } catch (IOException ioe) { - Logging.error(ioe); - } - instance6 = null; - } - } - - /** - * Constructs a new {@code RemoteControlHttpsServer}. - * @param port The port this server will listen on - * @param ipv6 Whether IPv6 or IPv4 server should be started - * @throws IOException when connection errors - * @throws GeneralSecurityException in case of SSL setup errors - * @since 8339 - */ - public RemoteControlHttpsServer(int port, boolean ipv6) throws IOException, GeneralSecurityException { - super("RemoteControl HTTPS Server"); - this.setDaemon(true); - - initialize(); - - // Create SSL Server factory - SSLServerSocketFactory factory = sslContext.getServerSocketFactory(); - if (Logging.isTraceEnabled()) { - Logging.trace("SSL factory - Supported Cipher suites: {0}", Arrays.toString(factory.getSupportedCipherSuites())); - } - - this.server = factory.createServerSocket(port, 1, ipv6 ? - RemoteControl.getInet6Address() : RemoteControl.getInet4Address()); - - if (Logging.isTraceEnabled() && server instanceof SSLServerSocket) { - SSLServerSocket sslServer = (SSLServerSocket) server; - Logging.trace("SSL server - Enabled Cipher suites: {0}", Arrays.toString(sslServer.getEnabledCipherSuites())); - Logging.trace("SSL server - Enabled Protocols: {0}", Arrays.toString(sslServer.getEnabledProtocols())); - Logging.trace("SSL server - Enable Session Creation: {0}", sslServer.getEnableSessionCreation()); - Logging.trace("SSL server - Need Client Auth: {0}", sslServer.getNeedClientAuth()); - Logging.trace("SSL server - Want Client Auth: {0}", sslServer.getWantClientAuth()); - Logging.trace("SSL server - Use Client Mode: {0}", sslServer.getUseClientMode()); - } - } - - /** - * The main loop, spawns a {@link RequestProcessor} for each connection. - */ - @Override - public void run() { - Logging.info(marktr("RemoteControl::Accepting secure remote connections on {0}:{1}"), - server.getInetAddress(), Integer.toString(server.getLocalPort())); - while (true) { - try { - @SuppressWarnings("resource") - Socket request = server.accept(); - if (Logging.isTraceEnabled() && request instanceof SSLSocket) { - SSLSocket sslSocket = (SSLSocket) request; - Logging.trace("SSL socket - Enabled Cipher suites: {0}", Arrays.toString(sslSocket.getEnabledCipherSuites())); - Logging.trace("SSL socket - Enabled Protocols: {0}", Arrays.toString(sslSocket.getEnabledProtocols())); - Logging.trace("SSL socket - Enable Session Creation: {0}", sslSocket.getEnableSessionCreation()); - Logging.trace("SSL socket - Need Client Auth: {0}", sslSocket.getNeedClientAuth()); - Logging.trace("SSL socket - Want Client Auth: {0}", sslSocket.getWantClientAuth()); - Logging.trace("SSL socket - Use Client Mode: {0}", sslSocket.getUseClientMode()); - Logging.trace("SSL socket - Session: {0}", sslSocket.getSession()); - } - RequestProcessor.processRequest(request); - } catch (SocketException e) { - if (!server.isClosed()) { - Logging.error(e); - } else { - // stop the thread automatically if server is stopped - return; - } - } catch (IOException ioe) { - Logging.error(ioe); - } - } - } - - /** - * Stops the HTTPS server. - * - * @throws IOException if any I/O error occurs - */ - public void stopServer() throws IOException { - Logging.info(marktr("RemoteControl::Server {0}:{1} stopped."), - server.getInetAddress(), Integer.toString(server.getLocalPort())); - server.close(); - } -} Index: trunk/src/org/openstreetmap/josm/tools/PlatformHook.java =================================================================== --- trunk/src/org/openstreetmap/josm/tools/PlatformHook.java (revision 15468) +++ trunk/src/org/openstreetmap/josm/tools/PlatformHook.java (revision 15469) @@ -10,5 +10,4 @@ import java.io.InputStreamReader; import java.nio.charset.StandardCharsets; -import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; @@ -162,21 +161,4 @@ default String getOSBuildNumber() { return ""; - } - - /** - * Setup system keystore to add JOSM HTTPS certificate (for remote control). - * @param entryAlias The entry alias to use - * @param trustedCert the JOSM certificate for localhost - * @return {@code true} if something has changed as a result of the call (certificate installation, etc.) - * @throws KeyStoreException in case of error - * @throws IOException in case of error - * @throws CertificateException in case of error - * @throws NoSuchAlgorithmException in case of error - * @since 7343 - */ - default boolean setupHttpsCertificate(String entryAlias, KeyStore.TrustedCertificateEntry trustedCert) - throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { - // TODO setup HTTPS certificate on Unix and OS X systems - return false; } Index: trunk/src/org/openstreetmap/josm/tools/PlatformHookWindows.java =================================================================== --- trunk/src/org/openstreetmap/josm/tools/PlatformHookWindows.java (revision 15468) +++ trunk/src/org/openstreetmap/josm/tools/PlatformHookWindows.java (revision 15469) @@ -32,5 +32,4 @@ import java.awt.Desktop; -import java.awt.GraphicsEnvironment; import java.io.BufferedWriter; import java.io.File; @@ -50,18 +49,11 @@ import java.nio.file.InvalidPathException; import java.nio.file.Path; -import java.security.InvalidKeyException; -import java.security.KeyFactory; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; -import java.security.NoSuchProviderException; -import java.security.PublicKey; -import java.security.SignatureException; import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; -import java.security.spec.InvalidKeySpecException; -import java.security.spec.X509EncodedKeySpec; import java.text.ParseException; import java.util.ArrayList; @@ -79,11 +71,8 @@ import java.util.regex.Pattern; -import javax.swing.JOptionPane; - import org.openstreetmap.josm.data.Preferences; import org.openstreetmap.josm.data.StructUtils; import org.openstreetmap.josm.data.StructUtils.StructEntry; import org.openstreetmap.josm.data.StructUtils.WriteExplicitly; -import org.openstreetmap.josm.gui.MainApplication; import org.openstreetmap.josm.io.CertificateAmendment.NativeCertAmend; import org.openstreetmap.josm.io.NetworkManager; @@ -147,31 +136,4 @@ } } - - private static final byte[] INSECURE_PUBLIC_KEY = new byte[] { - 0x30, (byte) 0x82, 0x1, 0x22, 0x30, 0xd, 0x6, 0x9, 0x2a, (byte) 0x86, 0x48, - (byte) 0x86, (byte) 0xf7, 0xd, 0x1, 0x1, 0x1, 0x5, 0x0, 0x3, (byte) 0x82, 0x1, 0xf, 0x0, - 0x30, (byte) 0x82, 0x01, 0x0a, 0x02, (byte) 0x82, 0x01, 0x01, 0x00, (byte) 0x95, (byte) 0x95, (byte) 0x88, - (byte) 0x84, (byte) 0xc8, (byte) 0xd9, 0x6b, (byte) 0xc5, (byte) 0xda, 0x0b, 0x69, (byte) 0xbf, (byte) 0xfc, - 0x7e, (byte) 0xb9, (byte) 0x96, 0x2c, (byte) 0xeb, (byte) 0x8f, (byte) 0xbc, 0x6e, 0x40, (byte) 0xe6, (byte) 0xe2, - (byte) 0xfc, (byte) 0xf1, 0x7f, 0x73, (byte) 0xa7, (byte) 0x9d, (byte) 0xde, (byte) 0xc7, (byte) 0x88, 0x57, 0x51, - (byte) 0x84, (byte) 0xed, (byte) 0x96, (byte) 0xfb, (byte) 0xe1, 0x38, (byte) 0xef, 0x08, 0x2b, (byte) 0xf3, - (byte) 0xc7, (byte) 0xc3, 0x5d, (byte) 0xfe, (byte) 0xf9, 0x51, (byte) 0xe6, 0x29, (byte) 0xfc, (byte) 0xe5, 0x0d, - (byte) 0xa1, 0x0d, (byte) 0xa8, (byte) 0xb4, (byte) 0xae, 0x26, 0x18, 0x19, 0x4d, 0x6c, 0x0c, 0x3b, 0x12, (byte) 0xba, - (byte) 0xbc, 0x5f, 0x32, (byte) 0xb3, (byte) 0xbe, (byte) 0x9d, 0x17, 0x0d, 0x4d, 0x2f, 0x1a, 0x48, (byte) 0xb7, - (byte) 0xac, (byte) 0xf7, 0x1a, 0x43, 0x01, (byte) 0x97, (byte) 0xf4, (byte) 0xf8, 0x4c, (byte) 0xbb, 0x6a, (byte) 0xbc, - 0x33, (byte) 0xe1, 0x73, 0x1e, (byte) 0x86, (byte) 0xfb, 0x2e, (byte) 0xb1, 0x63, 0x75, (byte) 0x85, (byte) 0xdc, - (byte) 0x82, 0x6c, 0x28, (byte) 0xf1, (byte) 0xe3, (byte) 0x90, 0x63, (byte) 0x9d, 0x3d, 0x48, (byte) 0x8a, (byte) 0x8c, - 0x47, (byte) 0xe2, 0x10, 0x0b, (byte) 0xef, (byte) 0x91, (byte) 0x94, (byte) 0xb0, 0x6c, 0x4c, (byte) 0x80, 0x76, 0x03, - (byte) 0xe1, (byte) 0xb6, (byte) 0x90, (byte) 0x87, (byte) 0xd9, (byte) 0xae, (byte) 0xf4, (byte) 0x8e, (byte) 0xe0, - (byte) 0x9f, (byte) 0xe7, 0x3a, 0x2c, 0x2f, 0x21, (byte) 0xd4, 0x46, (byte) 0xba, (byte) 0x95, 0x70, (byte) 0xa9, 0x5b, - 0x20, 0x2a, (byte) 0xfa, 0x52, 0x3e, (byte) 0x9d, (byte) 0xd9, (byte) 0xef, 0x28, (byte) 0xc5, (byte) 0xd1, 0x60, - (byte) 0x89, 0x68, 0x6e, 0x7f, (byte) 0xd7, (byte) 0x9e, (byte) 0x89, 0x4c, (byte) 0xeb, 0x4d, (byte) 0xd2, (byte) 0xc6, - (byte) 0xf4, 0x2d, 0x02, 0x5d, (byte) 0xda, (byte) 0xde, 0x33, (byte) 0xfe, (byte) 0xc1, 0x7e, (byte) 0xde, 0x4f, 0x1f, - (byte) 0x9b, 0x6e, 0x6f, 0x0f, 0x66, 0x71, 0x19, (byte) 0xe9, 0x43, 0x3c, (byte) 0x83, 0x0a, 0x0f, 0x28, 0x21, (byte) 0xc8, - 0x38, (byte) 0xd3, 0x4e, 0x48, (byte) 0xdf, (byte) 0xd4, (byte) 0x99, (byte) 0xb5, (byte) 0xc6, (byte) 0x8d, (byte) 0xd4, - (byte) 0xc1, 0x69, 0x58, 0x79, (byte) 0x82, 0x32, (byte) 0x82, (byte) 0xd4, (byte) 0x86, (byte) 0xe2, 0x04, 0x08, 0x63, - (byte) 0x87, (byte) 0xf0, 0x2a, (byte) 0xf6, (byte) 0xec, 0x3e, 0x51, 0x0f, (byte) 0xda, (byte) 0xb4, 0x67, 0x19, 0x5e, - 0x16, 0x02, (byte) 0x9f, (byte) 0xf1, 0x19, 0x0c, 0x3e, (byte) 0xb8, 0x04, 0x49, 0x07, 0x53, 0x02, 0x03, 0x01, 0x00, 0x01 - }; private static final String WINDOWS_ROOT = "Windows-ROOT"; @@ -374,102 +336,4 @@ ks.load(null, null); return ks; - } - - /** - * Removes potential insecure certificates installed with previous versions of JOSM on Windows. - * @throws NoSuchAlgorithmException on unsupported signature algorithms - * @throws CertificateException if any of the certificates in the Windows keystore could not be loaded - * @throws KeyStoreException if no Provider supports a KeyStoreSpi implementation for the type "Windows-ROOT" - * @throws IOException if there is an I/O or format problem with the keystore data, if a password is required but not given - * @since 7335 - */ - public static void removeInsecureCertificates() throws NoSuchAlgorithmException, CertificateException, KeyStoreException, IOException { - // We offered before a public private key we need now to remove from Windows PCs as it might be a huge security risk (see #10230) - PublicKey insecurePubKey = null; - try { - insecurePubKey = KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(INSECURE_PUBLIC_KEY)); - } catch (InvalidKeySpecException | NoSuchAlgorithmException e) { - Logging.error(e); - return; - } - KeyStore ks = getRootKeystore(); - Enumeration en = ks.aliases(); - Collection insecureCertificates = new ArrayList<>(); - while (en.hasMoreElements()) { - String alias = en.nextElement(); - // Look for certificates associated with a private key - if (ks.isKeyEntry(alias)) { - try { - ks.getCertificate(alias).verify(insecurePubKey); - // If no exception, this is a certificate signed with the insecure key -> remove it - insecureCertificates.add(alias); - } catch (InvalidKeyException | NoSuchProviderException | SignatureException e) { - // If exception this is not a certificate related to JOSM, just trace it - Logging.trace(alias + " --> " + e.getClass().getName()); - Logging.trace(e); - } - } - } - // Remove insecure certificates - if (!insecureCertificates.isEmpty()) { - StringBuilder message = new StringBuilder(""); - message.append(tr("A previous version of JOSM has installed a custom certificate "+ - "in order to provide HTTPS support for Remote Control:")) - .append("
    "); - for (String alias : insecureCertificates) { - message.append("
  • ") - .append(alias) - .append("
    • "); - } - message.append("
") - .append(tr("It appears it could be an important security risk.

"+ - "You are now going to be prompted by Windows to remove this insecure certificate.
"+ - "For your own safety, please click Yes in next dialog.")) - .append(""); - JOptionPane.showMessageDialog(MainApplication.getMainFrame(), message.toString(), tr("Warning"), JOptionPane.WARNING_MESSAGE); - for (String alias : insecureCertificates) { - Logging.warn(tr("Removing insecure certificate from {0} keystore: {1}", WINDOWS_ROOT, alias)); - try { - ks.deleteEntry(alias); - } catch (KeyStoreException e) { - Logging.log(Logging.LEVEL_ERROR, tr("Unable to remove insecure certificate from keystore: {0}", e.getMessage()), e); - } - } - } - } - - @Override - public boolean setupHttpsCertificate(String entryAlias, KeyStore.TrustedCertificateEntry trustedCert) - throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { - KeyStore ks = getRootKeystore(); - // Look for certificate to install - try { - String alias = ks.getCertificateAlias(trustedCert.getTrustedCertificate()); - if (alias != null) { - // JOSM certificate found, return - Logging.debug(tr("JOSM localhost certificate found in {0} keystore: {1}", WINDOWS_ROOT, alias)); - return false; - } - } catch (ArrayIndexOutOfBoundsException e) { - // catch error of JDK-8172244 as bug seems to not be fixed anytime soon - Logging.log(Logging.LEVEL_ERROR, "JDK-8172244 occurred. Abort HTTPS setup", e); - return false; - } - if (!GraphicsEnvironment.isHeadless()) { - // JOSM certificate not found, warn user - StringBuilder message = new StringBuilder(""); - message.append(tr("Remote Control is configured to provide HTTPS support.
"+ - "This requires to add a custom certificate generated by JOSM to the Windows Root CA store.

"+ - "You are now going to be prompted by Windows to confirm this operation.
"+ - "To enable proper HTTPS support, please click Yes in next dialog.

"+ - "If unsure, you can also click No then disable HTTPS support in Remote Control preferences.")) - .append(""); - JOptionPane.showMessageDialog(MainApplication.getMainFrame(), message.toString(), - tr("HTTPS support in Remote Control"), JOptionPane.INFORMATION_MESSAGE); - } - // install it to Windows-ROOT keystore, used by IE, Chrome and Safari, but not by Firefox - Logging.info(tr("Adding JOSM localhost certificate to {0} keystore", WINDOWS_ROOT)); - ks.setEntry(entryAlias, trustedCert, null); - return true; } Index: trunk/test/unit/org/openstreetmap/josm/io/remotecontrol/RemoteControlTest.java =================================================================== --- trunk/test/unit/org/openstreetmap/josm/io/remotecontrol/RemoteControlTest.java (revision 15468) +++ trunk/test/unit/org/openstreetmap/josm/io/remotecontrol/RemoteControlTest.java (revision 15469) @@ -11,16 +11,6 @@ import java.net.URL; import java.nio.charset.StandardCharsets; -import java.nio.file.Files; -import java.nio.file.Paths; import java.security.GeneralSecurityException; import java.security.KeyStore.TrustedCertificateEntry; -import java.security.SecureRandom; -import java.security.cert.X509Certificate; - -import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.HttpsURLConnection; -import javax.net.ssl.SSLContext; -import javax.net.ssl.TrustManager; -import javax.net.ssl.X509TrustManager; import org.junit.After; @@ -31,5 +21,4 @@ import org.openstreetmap.josm.spi.preferences.Config; import org.openstreetmap.josm.testutils.JOSMTestRules; -import org.openstreetmap.josm.tools.Logging; import org.openstreetmap.josm.tools.PlatformHookWindows; import org.openstreetmap.josm.tools.PlatformManager; @@ -45,5 +34,4 @@ private String httpBase; - private String httpsBase; private static class PlatformHookWindowsMock extends MockUp { @@ -67,7 +55,4 @@ @Before public void setUp() throws GeneralSecurityException { - RemoteControl.PROP_REMOTECONTROL_HTTPS_ENABLED.put(true); - deleteKeystore(); - if (PlatformManager.isPlatformWindows() && "True".equals(System.getenv("APPVEYOR"))) { // appveyor doesn't like us tinkering with the root keystore, so mock this out @@ -77,59 +62,5 @@ RemoteControl.start(); - disableCertificateValidation(); httpBase = "http://127.0.0.1:"+Config.getPref().getInt("remote.control.port", 8111); - httpsBase = "https://127.0.0.1:"+Config.getPref().getInt("remote.control.https.port", 8112); - } - - /** - * Deletes JOSM keystore, if it exists. - */ - public static void deleteKeystore() { - try { - Files.deleteIfExists(Paths.get( - RemoteControl.getRemoteControlDir()).resolve(RemoteControlHttpsServer.KEYSTORE_FILENAME)); - } catch (IOException e) { - Logging.error(e); - } - } - - /** - * Disable all HTTPS validation mechanisms as described - * here and - * here - * @throws GeneralSecurityException if a security error occurs - */ - public void disableCertificateValidation() throws GeneralSecurityException { - // Create a trust manager that does not validate certificate chains - TrustManager[] trustAllCerts = new TrustManager[] { - new X509TrustManager() { - @Override - @SuppressFBWarnings(value = "WEAK_TRUST_MANAGER") - public X509Certificate[] getAcceptedIssuers() { - return new X509Certificate[0]; - } - - @Override - @SuppressFBWarnings(value = "WEAK_TRUST_MANAGER") - public void checkClientTrusted(X509Certificate[] certs, String authType) { - } - - @Override - @SuppressFBWarnings(value = "WEAK_TRUST_MANAGER") - public void checkServerTrusted(X509Certificate[] certs, String authType) { - } - } - }; - - // Install the all-trusting trust manager - SSLContext sc = SSLContext.getInstance("TLS"); - sc.init(null, trustAllCerts, new SecureRandom()); - HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory()); - - // Create all-trusting host name verifier - HostnameVerifier allHostsValid = (hostname, session) -> true; - - // Install the all-trusting host verifier - HttpsURLConnection.setDefaultHostnameVerifier(allHostsValid); } @@ -149,13 +80,4 @@ public void testHttpListOfCommands() throws Exception { testListOfCommands(httpBase); - } - - /** - * Tests that sending an HTTPS request without command results in HTTP 400, with all available commands in error message. - * @throws Exception if an error occurs - */ - @Test - public void testHttpsListOfCommands() throws Exception { - testListOfCommands(httpsBase); } Index: trunk/test/unit/org/openstreetmap/josm/tools/PlatformHookOsxTest.java =================================================================== --- trunk/test/unit/org/openstreetmap/josm/tools/PlatformHookOsxTest.java (revision 15468) +++ trunk/test/unit/org/openstreetmap/josm/tools/PlatformHookOsxTest.java (revision 15469) @@ -38,13 +38,4 @@ public void testStartupHook() { hook.startupHook((a, b, c, d) -> System.out.println("callback")); - } - - /** - * Test method for {@code PlatformHookOsx#setupHttpsCertificate} - * @throws Exception if an error occurs - */ - @Test - public void testSetupHttpsCertificate() throws Exception { - assertFalse(hook.setupHttpsCertificate(null, null)); } Index: trunk/test/unit/org/openstreetmap/josm/tools/PlatformHookWindowsTest.java =================================================================== --- trunk/test/unit/org/openstreetmap/josm/tools/PlatformHookWindowsTest.java (revision 15468) +++ trunk/test/unit/org/openstreetmap/josm/tools/PlatformHookWindowsTest.java (revision 15469) @@ -7,5 +7,4 @@ import static org.junit.Assert.assertNull; import static org.junit.Assert.assertTrue; -import static org.junit.Assume.assumeFalse; import static org.junit.Assert.fail; @@ -13,6 +12,4 @@ import java.io.File; import java.io.IOException; -import java.security.KeyStore; -import java.security.KeyStore.TrustedCertificateEntry; import java.security.KeyStoreException; import java.util.Collection; @@ -22,6 +19,4 @@ import org.openstreetmap.josm.JOSMFixture; import org.openstreetmap.josm.TestUtils; -import org.openstreetmap.josm.io.remotecontrol.RemoteControlHttpsServer; -import org.openstreetmap.josm.io.remotecontrol.RemoteControlTest; import org.openstreetmap.josm.spi.preferences.Config; @@ -64,46 +59,4 @@ try { PlatformHookWindows.getRootKeystore(); - fail("Expected KeyStoreException"); - } catch (KeyStoreException e) { - Logging.info(e.getMessage()); - } - } - } - - /** - * Test method for {@code PlatformHookWindows#removeInsecureCertificates} - * @throws Exception if an error occurs - */ - @Test - public void testRemoveInsecureCertificates() throws Exception { - if (PlatformManager.isPlatformWindows()) { - PlatformHookWindows.removeInsecureCertificates(); - } else { - try { - PlatformHookWindows.removeInsecureCertificates(); - fail("Expected KeyStoreException"); - } catch (KeyStoreException e) { - Logging.info(e.getMessage()); - } - } - } - - /** - * Test method for {@code PlatformHookWindows#setupHttpsCertificate} - * @throws Exception if an error occurs - */ - @Test - public void testSetupHttpsCertificate() throws Exception { - // appveyor doesn't like us tinkering with the root keystore - assumeFalse(PlatformManager.isPlatformWindows() && "True".equals(System.getenv("APPVEYOR"))); - - RemoteControlTest.deleteKeystore(); - KeyStore ks = RemoteControlHttpsServer.loadJosmKeystore(); - TrustedCertificateEntry trustedCert = new KeyStore.TrustedCertificateEntry(ks.getCertificate(ks.aliases().nextElement())); - if (PlatformManager.isPlatformWindows()) { - hook.setupHttpsCertificate(RemoteControlHttpsServer.ENTRY_ALIAS, trustedCert); - } else { - try { - hook.setupHttpsCertificate(RemoteControlHttpsServer.ENTRY_ALIAS, trustedCert); fail("Expected KeyStoreException"); } catch (KeyStoreException e) {