[IGBF-3136] Remove modal from IGBTrustManager - JIRA UNCC

Details

Type: Improvement
Status: Closed (View Workflow)
Priority: Major
Resolution: Done
Affects Version/s: None
Fix Version/s: 9.1.10 Major Release
Labels:
None

Story Points:
1
Epic Link:
Improve IGB for users
Sprint:
Summer 3 2022 June 21, Summer 4 2022 July 4

Description

Situation: IGBTrustManager checkServerTrusted() currently presents the user with a modal when a certificate is invalid. However, this modal can cause issues if it appears during IGB startup.

Task: Remove the modal from checkServerTrusted(). Replace it with additional logging of the invalid certificate.

Attachments

Options
- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

Attachments

IGBF-3136-Fixed.png
113 kB
06/Jul/22 10:54 AM

Issue Links

relates to

IGBF-3130 Investigate trust following certificate modal

Closed

Activity

Ascending order - Click to sort in descending order

Hide

Permalink

Karthik Raveendran added a comment - 29/Jun/22 10:15 AM

The code changes has been pushed. See commit

Show

Karthik Raveendran added a comment - 29/Jun/22 10:15 AM The code changes has been pushed. See commit

Hide

Permalink

Nowlan Freese added a comment - 29/Jun/22 11:52 AM - edited

Testing:

Started IGB
In the Data Sources tab of the Preferences window:
Added https://bioviztest3.bioviz.org/quickload/example/ as an unsecure https quickload (has bad certs).
Added https://data.cyverse.org/dav-anon/iplant/home/shared/BioViz/rnaseq as a secure https quickload.
Opened the A_thaliana_Jun_2009 genome.

Log:
The untrusted certificate from bioviz.org:
11:30:49.304 INFO c.a.igb.util.IGBTrustManager - Untrusted certificate: CN=*.bioviz.org,O=Ann Loraine,L=Concord,ST=North Carolina,C=US; CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US;

The trusted certificates (there are two) from cyverse.org:
11:30:49.750 INFO c.a.igb.util.IGBTrustManager - Authenticated CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US,CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US,OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US,OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US, certificates using default trust store

11:30:50.518 INFO c.a.igb.util.IGBTrustManager - Authenticated CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US,CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US,OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US,OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US, certificates using default trust store

The https://bioviztest3.bioviz.org/quickload/example/ quickload with the bad cert is showing as an untrusted certificate *.bioviz.org.
The https://data.cyverse.org/dav-anon/iplant/home/shared/BioViz/rnaseq with the good cert is showing as authenticated through certs.godaddy.
I was able to load data from both quickloads successfully (the bad cert did not stop IGB from loading the data).
There was no modal popup.

My only thought would be, do we want to include the subject in the log when the authentication is successful?

Show

Nowlan Freese added a comment - 29/Jun/22 11:52 AM - edited Testing: Started IGB In the Data Sources tab of the Preferences window: Added https://bioviztest3.bioviz.org/quickload/example/ as an unsecure https quickload (has bad certs). Added https://data.cyverse.org/dav-anon/iplant/home/shared/BioViz/rnaseq as a secure https quickload. Opened the A_thaliana_Jun_2009 genome. Log: The untrusted certificate from bioviz.org: 11:30:49.304 INFO c.a.igb.util.IGBTrustManager - Untrusted certificate: CN=*.bioviz.org,O=Ann Loraine,L=Concord,ST=North Carolina,C=US; CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US; The trusted certificates (there are two) from cyverse.org: 11:30:49.750 INFO c.a.igb.util.IGBTrustManager - Authenticated CN=Go Daddy Secure Certificate Authority - G2,OU= http://certs.godaddy.com/repository/,O=GoDaddy.com\ , Inc.,L=Scottsdale,ST=Arizona,C=US,CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US,OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US,OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US, certificates using default trust store 11:30:50.518 INFO c.a.igb.util.IGBTrustManager - Authenticated CN=Go Daddy Secure Certificate Authority - G2,OU= http://certs.godaddy.com/repository/,O=GoDaddy.com\ , Inc.,L=Scottsdale,ST=Arizona,C=US,CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US,OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US,OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US, certificates using default trust store The https://bioviztest3.bioviz.org/quickload/example/ quickload with the bad cert is showing as an untrusted certificate *.bioviz.org. The https://data.cyverse.org/dav-anon/iplant/home/shared/BioViz/rnaseq with the good cert is showing as authenticated through certs.godaddy. I was able to load data from both quickloads successfully (the bad cert did not stop IGB from loading the data). There was no modal popup. My only thought would be, do we want to include the subject in the log when the authentication is successful?

Hide

Permalink

Nowlan Freese added a comment - 01/Jul/22 10:13 AM - edited

Change "Authenticated" to "Trusted certificate:"
Change from "issuer" to "subject" when the certificate is trusted.
Remove final semi colon ";".

Show

Nowlan Freese added a comment - 01/Jul/22 10:13 AM - edited Change "Authenticated" to "Trusted certificate:" Change from "issuer" to "subject" when the certificate is trusted. Remove final semi colon ";".

Hide

Permalink

Karthik Raveendran added a comment - 01/Jul/22 5:53 PM

Changes submitted. Commit

Show

Karthik Raveendran added a comment - 01/Jul/22 5:53 PM Changes submitted. Commit

Hide

Permalink

Nowlan Freese added a comment - 05/Jul/22 11:12 AM

Ready for pull request.

Log now shows the following:

This is the untrusted certificate from test3.bioviz.org:
c.a.igb.util.IGBTrustManager - Untrusted Certificates: CN=*.bioviz.org,O=Ann Loraine,L=Concord,ST=North Carolina,C=US; CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US

These are the two trusted certificates from Quickload hosted on CyVerse:
c.a.igb.util.IGBTrustManager - Trusted Certificates:CN=*.cyverse.org; CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US; CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US; OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

c.a.igb.util.IGBTrustManager - Trusted Certificates:CN=*.cyverse.org; CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US; CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US; OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Show

Nowlan Freese added a comment - 05/Jul/22 11:12 AM Ready for pull request. Log now shows the following: This is the untrusted certificate from test3.bioviz.org: c.a.igb.util.IGBTrustManager - Untrusted Certificates: CN=*.bioviz.org,O=Ann Loraine,L=Concord,ST=North Carolina,C=US; CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US These are the two trusted certificates from Quickload hosted on CyVerse: c.a.igb.util.IGBTrustManager - Trusted Certificates:CN=*.cyverse.org; CN=Go Daddy Secure Certificate Authority - G2,OU= http://certs.godaddy.com/repository/,O=GoDaddy.com\ , Inc.,L=Scottsdale,ST=Arizona,C=US; CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US; OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US c.a.igb.util.IGBTrustManager - Trusted Certificates:CN=*.cyverse.org; CN=Go Daddy Secure Certificate Authority - G2,OU= http://certs.godaddy.com/repository/,O=GoDaddy.com\ , Inc.,L=Scottsdale,ST=Arizona,C=US; CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US; OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Hide

Permalink

Karthik Raveendran added a comment - 06/Jul/22 10:09 AM - edited

Pull request submitted https://bitbucket.org/lorainelab/integrated-genome-browser/pull-requests/899

Show

Karthik Raveendran added a comment - 06/Jul/22 10:09 AM - edited Pull request submitted https://bitbucket.org/lorainelab/integrated-genome-browser/pull-requests/899

Hide

Permalink

Ann Loraine added a comment - 06/Jul/22 10:42 AM - edited

Above PR merged into master branch. Master branch installers built and ready for testing. See Downloads section of team repository.

Note: The Apple installer is not notarized, so your OS will probably show you the following error when you run it: "“Integrated Genome Browser Installer” can’t be opened because Apple cannot check it for malicious software." To run it, open a Finder window and navigate to the installer file. Holding the Control key, right-click the installer icon and choose "Open".

Show

Ann Loraine added a comment - 06/Jul/22 10:42 AM - edited Above PR merged into master branch. Master branch installers built and ready for testing. See Downloads section of team repository. Note: The Apple installer is not notarized, so your OS will probably show you the following error when you run it: "“Integrated Genome Browser Installer” can’t be opened because Apple cannot check it for malicious software." To run it, open a Finder window and navigate to the installer file. Holding the Control key, right-click the installer icon and choose "Open".

Hide

Permalink

Ann Loraine added a comment - 06/Jul/22 10:56 AM - edited

Installed new master branch and confirmed error message printed to "Log" tabbed panel upon adding Quickload data source with expired certificate.

Clicked "Copy All To Clipboard" in Log window, and pasted below :

10:50:53.346 INFO com.affymetrix.igb.Activator - IGB Started
10:50:53.379 [main] INFO com.affymetrix.main.OSGiHandler - Starting Bundle: org.tukaani.xz
10:50:53.380 [main] INFO com.affymetrix.main.OSGiHandler - OSGi is started with org.apache.felix.framework version 5.2.0
10:50:54.944 INFO o.l.i.appstore.IgbAppServerLauncher - Started REST endpoint.
10:51:05.512 INFO c.a.igb.view.load.GeneralLoadUtils - Loaded Araport in 379.5 ms
10:51:07.145 INFO c.a.igb.view.load.GeneralLoadUtils - Loaded Araport in 665.4 ms
10:52:52.643 INFO o.l.i.q.QuickloadDataProvider - Initializing Quickload Server https://bioviztest3.bioviz.org/quickload/bar/
10:52:52.958 WARN o.l.i.quickload.util.QuickloadUtils - Optional quickload synonyms.txt file could not be loaded from https://bioviztest3.bioviz.org/quickload/bar/synonyms.txt
10:52:53.063 WARN o.l.i.quickload.util.QuickloadUtils - Optional species.txt could not be loaded from: https://bioviztest3.bioviz.org/quickload/bar/species.txt
10:52:53.122 INFO c.a.igb.util.IGBTrustManager - Untrusted Certificates: CN=*.bioviz.org,O=Ann Loraine,L=Concord,ST=North Carolina,C=US; CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US

Show

Ann Loraine added a comment - 06/Jul/22 10:56 AM - edited Installed new master branch and confirmed error message printed to "Log" tabbed panel upon adding Quickload data source with expired certificate. Clicked "Copy All To Clipboard" in Log window, and pasted below : 10:50:53.346 INFO com.affymetrix.igb.Activator - IGB Started 10:50:53.379 [main] INFO com.affymetrix.main.OSGiHandler - Starting Bundle: org.tukaani.xz 10:50:53.380 [main] INFO com.affymetrix.main.OSGiHandler - OSGi is started with org.apache.felix.framework version 5.2.0 10:50:54.944 INFO o.l.i.appstore.IgbAppServerLauncher - Started REST endpoint. 10:51:05.512 INFO c.a.igb.view.load.GeneralLoadUtils - Loaded Araport in 379.5 ms 10:51:07.145 INFO c.a.igb.view.load.GeneralLoadUtils - Loaded Araport in 665.4 ms 10:52:52.643 INFO o.l.i.q.QuickloadDataProvider - Initializing Quickload Server https://bioviztest3.bioviz.org/quickload/bar/ 10:52:52.958 WARN o.l.i.quickload.util.QuickloadUtils - Optional quickload synonyms.txt file could not be loaded from https://bioviztest3.bioviz.org/quickload/bar/synonyms.txt 10:52:53.063 WARN o.l.i.quickload.util.QuickloadUtils - Optional species.txt could not be loaded from: https://bioviztest3.bioviz.org/quickload/bar/species.txt 10:52:53.122 INFO c.a.igb.util.IGBTrustManager - Untrusted Certificates: CN=*.bioviz.org,O=Ann Loraine,L=Concord,ST=North Carolina,C=US; CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US

Hide

Permalink

Nowlan Freese added a comment - 07/Jul/22 5:04 PM

Installed new master branch and followed testing in my previous comment.

Logs appeared correctly and I was able to load data from the Quickload with an untrusted certificate.

Closing ticket.

Logs:
17:01:06.592 INFO c.a.igb.util.IGBTrustManager - Untrusted Certificates: CN=*.bioviz.org,O=Ann Loraine,L=Concord,ST=North Carolina,C=US; CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US

17:01:07.185 INFO c.a.igb.util.IGBTrustManager - Trusted Certificates:CN=*.cyverse.org; CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US; CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US; OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US
1
7:01:08.124 INFO c.a.igb.util.IGBTrustManager - Trusted Certificates:CN=*.cyverse.org; CN=Go Daddy Secure Certificate Authority - G2,OU=http://certs.godaddy.com/repository/,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US; CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US; OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

Show

Nowlan Freese added a comment - 07/Jul/22 5:04 PM Installed new master branch and followed testing in my previous comment. Logs appeared correctly and I was able to load data from the Quickload with an untrusted certificate. Closing ticket. Logs: 17:01:06.592 INFO c.a.igb.util.IGBTrustManager - Untrusted Certificates: CN=*.bioviz.org,O=Ann Loraine,L=Concord,ST=North Carolina,C=US; CN=DigiCert SHA2 Secure Server CA,O=DigiCert Inc,C=US 17:01:07.185 INFO c.a.igb.util.IGBTrustManager - Trusted Certificates:CN=*.cyverse.org; CN=Go Daddy Secure Certificate Authority - G2,OU= http://certs.godaddy.com/repository/,O=GoDaddy.com\ , Inc.,L=Scottsdale,ST=Arizona,C=US; CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US; OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US 1 7:01:08.124 INFO c.a.igb.util.IGBTrustManager - Trusted Certificates:CN=*.cyverse.org; CN=Go Daddy Secure Certificate Authority - G2,OU= http://certs.godaddy.com/repository/,O=GoDaddy.com\ , Inc.,L=Scottsdale,ST=Arizona,C=US; CN=Go Daddy Root Certificate Authority - G2,O=GoDaddy.com\, Inc.,L=Scottsdale,ST=Arizona,C=US; OU=Go Daddy Class 2 Certification Authority,O=The Go Daddy Group\, Inc.,C=US

People

Assignee:

Karthik Raveendran

Reporter:

Nowlan Freese

Votes:

0 Vote for this issue

Watchers:

3 Start watching this issue

Dates

Created:

24/Jun/22 12:08 PM

Updated:

04/Aug/22 4:42 PM

Resolved:

07/Jul/22 5:04 PM