Details
-
Type: Bug
-
Status: Closed (View Workflow)
-
Priority: Major
-
Resolution: Done
-
Affects Version/s: None
-
Fix Version/s: 9.1.10 Major Release
-
Labels:None
-
Story Points:1
-
Epic Link:
-
Sprint:Summer 2 2022 June 6, Summer 3 2022 June 21
Description
Situation: A user reported a problem with IGB on Windows where they were unable to interact with the "Trust following certificate" modal that appeared. Because they were unable to interact with the modal, the user was unable to use IGB.
Task: Reproduce the issue on Windows and investigate why the modal is unable to be interacted with.
Attachments
Issue Links
Activity
To view the modal popup consistently you need to modify the code in IGBTrustManager.java checkServerTrusted() so that the modal appears every time a certificate is authenticated.
For example:
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) { StringBuilder certificates = new StringBuilder("\n\n"); IGB app = IGB.getInstance(); for (X509Certificate cert : certs) { certificates.append(cert.getIssuerX500Principal().getName()).append(",").append("\n"); } JComponent comp = (app == null) ? null : app.getFrame().getRootPane(); // try { //kiran:IGBF-1362: First try to validate the certificate using the default trust store // defaultTm.checkServerTrusted(certs,authType); logger.info("Authenticated {} certificates using default trust store",certificates.toString().replace("\n", "").replace("\r", "")); // } catch (CertificateException e) { //if certificate not found then ask the user to validate the certificate boolean response = ModalUtils.confirmPanel(comp, "Trust following certificate? " + certificates.toString(), PreferenceUtils.getCertificatePrefsNode(), certificates.toString(), true, "Do not show this again for the publisher above"); if (!response) { throw new RuntimeException("Untrusted certificate."); } // } }
Nowlan Freese
added a comment - - edited To view the modal popup consistently you need to modify the code in IGBTrustManager.java checkServerTrusted() so that the modal appears every time a certificate is authenticated.
For example:
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
StringBuilder certificates = new StringBuilder( "\n\n" );
IGB app = IGB.getInstance();
for (X509Certificate cert : certs) {
certificates.append(cert.getIssuerX500Principal().getName()).append( "," ).append( "\n" );
}
JComponent comp = (app == null ) ? null : app.getFrame().getRootPane();
// try {
//kiran:IGBF-1362: First try to validate the certificate using the default trust store
// defaultTm.checkServerTrusted(certs,authType);
logger.info( "Authenticated {} certificates using default trust store" ,certificates.toString().replace( "\n" , "").replace(" \r ", " "));
// } catch (CertificateException e) {
// if certificate not found then ask the user to validate the certificate
boolean response = ModalUtils.confirmPanel(comp, "Trust following certificate? " + certificates.toString(),
PreferenceUtils.getCertificatePrefsNode(), certificates.toString(), true , "Do not show this again for the publisher above" );
if (!response) {
throw new RuntimeException( "Untrusted certificate." );
}
// }
}
After discussion we have decided to close this ticket and open the following tickets:
IGBF-3136- This ticket will remove the modal from IGBTrustManager checkServerTrusted(). If a certificate is invalid, checkServerTrusted() will print the certificate information in the IGB log.IGBF-3137 - This ticket will migrate the modal logic used in IGBTrustManager to the IGB App Manager. If a certificate is invalid the user will be presented with the option of trusting or rejecting the certificate.
IGBF-3138 - This ticket will investigate the role of the Update plugin in IGB on checking for updated versions of IGB on startup.