To view the modal popup consistently you need to modify the code in IGBTrustManager.java checkServerTrusted() so that the modal appears every time a certificate is authenticated.

For example:

    public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {

        StringBuilder certificates = new StringBuilder("\n\n");
        IGB app = IGB.getInstance();
        for (X509Certificate cert : certs) {
            certificates.append(cert.getIssuerX500Principal().getName()).append(",").append("\n");
        }
        JComponent comp = (app == null) ? null : app.getFrame().getRootPane();
//        try {
            //kiran:IGBF-1362: First try to validate the certificate using the default trust store
//            defaultTm.checkServerTrusted(certs,authType);
            logger.info("Authenticated {} certificates using default trust store",certificates.toString().replace("\n", "").replace("\r", ""));
//        } catch (CertificateException e) {
            //if certificate not found then ask the user to validate the certificate
            boolean response = ModalUtils.confirmPanel(comp, "Trust following certificate? " + certificates.toString(),
                    PreferenceUtils.getCertificatePrefsNode(), certificates.toString(), true, "Do not show this again for the publisher above");

            if (!response) {
                throw new RuntimeException("Untrusted certificate.");
            }
//        }
    }

What calls the checkServerTrusted() method?

Answer: See comment below.

Is it called when App Store apps are loaded, or just when Quickloads or genome data are loaded?

Answer: When loading Apps from the App Manager the certificates are checked through checkServerTrusted(). So any modifications of checkServerTrusted() will need to test the App Manager as well.

If the user selects "No" in the modal, is the quickload data still made available?

Answer: The data are not made available and a "java.lang.RuntimeException: Untrusted certificate" is thrown. So this appears to be working correctly.

Can you interact with the modal on a Windows machine?

Answer: Yes, see comment below, we were unable to replicate this issue.

Idea from Karthik: Mark Data Sources in the Data Sources tab of the Preferences window that have issues with their certificates. We could include additional information in the info modal (click on the i next to the data source). When a user adds a new quickload we could check the certs and display a modal if there is an issue with the certs (somewhat unclear, but it appears that new quickload certs are only checked when the user selects a genome).

What calls checkServerTrusted()?

Quickload data added by user
QuickloadUtils.java getGenomeVersionData() > isValidRepositoryUrl(annotsXmlUrl) -> isValidRepository() -> AnnotsURL.openConnection()).getResponseCode() - this makes a call to checkServerTrusted()

IGB App Manager
BundleActionManager.java isInternetReachable() -> urlConnect.getContent() - this makes a call to checkServerTrusted()
BundleActionManager.java installBundle() -> resolver.deploy(Resolver.START) - this makes a call to checkServerTrusted()

If we do keep the current modal in checkServerTrusted() it may be worth changing or adding the following line:

certificates.append(cert.getIssuerX500Principal().getName()).append(",").append("\n");

to

certificates.append(cert.getSubjectX500Principal().getName()).append(",").append("\n");

The modal is less cryptic as the "Subject" includes the website address associated with the certificate. For example, this quickload https://data.cyverse.org/dav-anon/iplant/home/shared/BioViz/rnaseq asks if it is okay to trust the certificate from *.cyverse.org.

Testing with Karthik on Windows 11 was unable to replicate the issue where the modal became unresponsive to input from the user.

Currently, the default Quickloads included in igbDefaultPrefs.json do not have their certs checked until a genome is loaded that includes data from the Quickload.

Proposed ideal business logic:

1. # User starts IGB.
2. As IGB starts, default Quickloads are checked for valid certs.
   1. During IGB startup, if a cert is not valid, that Quickload’s (or DAS) cert is marked as invalid (and stored somewhere that we can retrieve the status of).
      1. Where are the Quickload statuses stored (data provider manager)?
      2. Question, are the default Quickloads stored with the user added Quickloads?
3. User navigates to the Data Sources tab of the Preferences window.
4. IGB retrieves status of the available Quickloads, including previously added user quickloads and IGB default quickloads.
5. Any Quickload that is marked as having an invalid cert is highlighted (orange?).
6. User adds new Quickload that includes https.
7. IGB checks if Quickload is reachable.
8. IGB checks if cert is valid.
   1. Cert is valid.
      1. IGB completes process of further validating and then adding Quickload as new data source.
   2. Cert is invalid.
      1. Modal appears informing user that cert is invalid and asking user if they would still like to add the Quickload.
         1. User wants to add Quickload that has invalid cert.
            1. IGB completes process of further validating and then adding Quickload as new data source.
            2. The new Quickload is highlighted (orange?).
         2. User does not want to add Quickload that has invalid cert.
            1. The Quickload is removed from the Data Sources tab.

• Clicking the ouroborus (refresh) icon in the Data Sources tab will check the status of the cert.
• Clicking the i icon in the Data Sources tab will include information on the status of the cert, the issuer, and the subject.
• If a user has opted to use a Quickload with invalid certs, no modal will appear when they select a genome.
• If a default Quickload has invalid certs, no modal will appear when they select a genome.
• If an app installed through the IGB App Manager has invalid certs, the modal will appear.
• Nowlan: Investigate how IGBTrustManager works with DAS.
• Karthik: Investigate getting rid of IGBTrustManager.

Suggestion: You could test getting rid of the IGBTrustManager using the old expired bioviz certificate.

On Friday scrum, NF and AL recalled an additional instance of IGB over-riding a base Java function related to opening SSL connections. Now linked to the ticket: IGBF-3001

BioViz Test host https://bioviztest3.bioviz.org/ is up and running with expired "start" bioviz.org certificate installed, along with the DigiCert server chain certificate previously installed.

After discussion between Nowlan and Karthik, the current approach will be to remove the modal from the IGBTrustManager and add the modal logic to the App Store specifically, as well as improve the logic for informing the user that a Quickload's certificates are invalid.

AL: Suggests get rid of modal, print to log instead for everything. Observe and document effects when an App Store jar file is being accessed or downloaded from a host with a bogus SSL certificate. You can probably observe the latter behavior by setting up a repository.xml that directs IGB to download 'jar' from an https URL that's bogus due to expired or non-existent certificate.

After discussion we have decided to close this ticket and open the following tickets:

IGBF-3136 - This ticket will remove the modal from IGBTrustManager checkServerTrusted(). If a certificate is invalid, checkServerTrusted() will print the certificate information in the IGB log.
IGBF-3137 - This ticket will migrate the modal logic used in IGBTrustManager to the IGB App Manager. If a certificate is invalid the user will be presented with the option of trusting or rejecting the certificate.
IGBF-3138 - This ticket will investigate the role of the Update plugin in IGB on checking for updated versions of IGB on startup.