Index: /trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControlHttpsServer.java =================================================================== --- /trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControlHttpsServer.java (revision 7205) +++ /trunk/src/org/openstreetmap/josm/io/remotecontrol/RemoteControlHttpsServer.java (revision 7206) @@ -12,9 +12,12 @@ import java.net.Socket; import java.net.SocketException; +import java.security.Key; import java.security.KeyManagementException; import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; -import java.security.UnrecoverableKeyException; +import java.security.PrivateKey; +import java.security.UnrecoverableEntryException; +import java.security.cert.Certificate; import java.security.cert.CertificateException; import java.util.Arrays; @@ -32,5 +35,5 @@ /** * Simple HTTPS server that spawns a {@link RequestProcessor} for every secure connection. - * + * * @since 6941 */ @@ -42,5 +45,5 @@ private static RemoteControlHttpsServer instance; private boolean initOK = false; - private SSLContext sslContext; + private SSLContext sslContext; private static final String KEYSTORE_PATH = "/data/josm.keystore"; @@ -53,6 +56,8 @@ KeyStore ks = KeyStore.getInstance("JKS"); char[] password = KEYSTORE_PASSWORD.toCharArray(); - - // Load keystore + + // Load keystore generated with Java 7 keytool as follows: + // keytool -genkeypair -storepass josm_ssl -keypass josm_ssl -alias josm_localhost -dname "CN=localhost, OU=JOSM, O=OpenStreetMap" + // -ext san=ip:127.0.0.1 -keyalg RSA -validity 1825 try (InputStream in = RemoteControlHttpsServer.class.getResourceAsStream(KEYSTORE_PATH)) { if (in == null) { @@ -60,5 +65,5 @@ } else { ks.load(in, password); - + if (Main.isDebugEnabled()) { for (Enumeration aliases = ks.aliases(); aliases.hasMoreElements();) { @@ -66,24 +71,32 @@ } } - + KeyManagerFactory kmf = KeyManagerFactory.getInstance("SunX509"); kmf.init(ks, password); - + TrustManagerFactory tmf = TrustManagerFactory.getInstance("SunX509"); tmf.init(ks); - + sslContext = SSLContext.getInstance("TLS"); sslContext.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); - + if (Main.isDebugEnabled()) { Main.debug("SSL Context protocol: " + sslContext.getProtocol()); Main.debug("SSL Context provider: " + sslContext.getProvider()); } - + + Enumeration aliases = ks.aliases(); + if (aliases.hasMoreElements()) { + String aliasKey = aliases.nextElement(); + Key key = ks.getKey(aliasKey, password); + Certificate[] chain = ks.getCertificateChain(aliasKey); + Main.platform.setupHttpsCertificate(new KeyStore.PrivateKeyEntry((PrivateKey) key, chain)); + } + initOK = true; } } - } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | - IOException | UnrecoverableKeyException | KeyManagementException e) { + } catch (KeyStoreException | NoSuchAlgorithmException | CertificateException | + IOException | KeyManagementException | UnrecoverableEntryException e) { Main.error(e); } @@ -136,7 +149,7 @@ super("RemoteControl HTTPS Server"); this.setDaemon(true); - + initialize(); - + // Create SSL Server factory SSLServerSocketFactory factory = sslContext.getServerSocketFactory(); @@ -144,5 +157,5 @@ Main.debug("SSL factory - Supported Cipher suites: "+Arrays.toString(factory.getSupportedCipherSuites())); } - + // Start the server socket with only 1 connection. // Also make sure we only listen @@ -151,5 +164,5 @@ this.server = factory.createServerSocket(port, 1, InetAddress.getByName(Main.pref.get("remote.control.host", "localhost"))); - + if (Main.isDebugEnabled() && server instanceof SSLServerSocket) { SSLServerSocket sslServer = (SSLServerSocket) server; Index: /trunk/src/org/openstreetmap/josm/tools/PlatformHook.java =================================================================== --- /trunk/src/org/openstreetmap/josm/tools/PlatformHook.java (revision 7205) +++ /trunk/src/org/openstreetmap/josm/tools/PlatformHook.java (revision 7206) @@ -4,4 +4,8 @@ import java.io.File; import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; /** @@ -102,3 +106,15 @@ */ public String getOSDescription(); + + /** + * Setup system keystore to add JOSM HTTPS certificate (for remote control). + * @param privateKeyEntry the JOSM certificate for localhost and associated private key + * @throws KeyStoreException in case of error + * @throws IOException in case of error + * @throws CertificateException in case of error + * @throws NoSuchAlgorithmException in case of error + * @since 7206 + */ + public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry) + throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException; } Index: /trunk/src/org/openstreetmap/josm/tools/PlatformHookUnixoid.java =================================================================== --- /trunk/src/org/openstreetmap/josm/tools/PlatformHookUnixoid.java (revision 7205) +++ /trunk/src/org/openstreetmap/josm/tools/PlatformHookUnixoid.java (revision 7206) @@ -16,4 +16,8 @@ import java.net.URISyntaxException; import java.nio.charset.StandardCharsets; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.CertificateException; import java.util.Arrays; @@ -25,7 +29,5 @@ /** - * see PlatformHook.java - * - * BTW: THIS IS A STUB. See comments below for details. + * {@code PlatformHook} base implementation. * * Don't write (Main.platform instanceof PlatformHookUnixoid) because other platform @@ -364,3 +366,9 @@ }); } + + @Override + public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry) + throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { + // TODO setup HTTPS certificate on Unix systems + } } Index: /trunk/src/org/openstreetmap/josm/tools/PlatformHookWindows.java =================================================================== --- /trunk/src/org/openstreetmap/josm/tools/PlatformHookWindows.java (revision 7205) +++ /trunk/src/org/openstreetmap/josm/tools/PlatformHookWindows.java (revision 7206) @@ -30,4 +30,12 @@ import java.io.File; import java.io.IOException; +import java.security.KeyStore; +import java.security.KeyStoreException; +import java.security.NoSuchAlgorithmException; +import java.security.cert.Certificate; +import java.security.cert.CertificateException; +import java.util.Enumeration; + +import org.openstreetmap.josm.Main; /** @@ -129,3 +137,22 @@ ((System.getenv("ProgramFiles(x86)") == null) ? "32" : "64") + "-Bit"; } + + @Override + public void setupHttpsCertificate(KeyStore.PrivateKeyEntry privateKeyEntry) + throws KeyStoreException, NoSuchAlgorithmException, CertificateException, IOException { + KeyStore ks = KeyStore.getInstance("Windows-ROOT"); + ks.load(null, null); + Enumeration en = ks.aliases(); + while (en.hasMoreElements()) { + String alias = en.nextElement(); + Certificate c = ks.getCertificate(alias); + if (ks.isKeyEntry(alias) && c.equals(privateKeyEntry.getCertificate())) { + // JOSM certificate found, return + return; + } + } + // JOSM certificate not found, install it + Main.info("Adding JOSM localhost certificate to Windows-ROOT keystore"); + ks.setEntry("josm_localhost", privateKeyEntry, new KeyStore.PasswordProtection("josm_ssl".toCharArray())); + } }