cordova-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ian Clelland <iclell...@chromium.org>
Subject Re: Support self-signed certs in FileTransfer
Date Wed, 11 Dec 2013 14:36:30 GMT
There was some talk on the list a couple months ago about this -- not  for
file-transfer specifically, but the general idea of supporting custom
certificates, or CAs in Cordova.

I think that, after a number of emails, we concluded that for users who
have legitimate custom certificate requirements, that there should be
os-policy-level mechanisms for adding custom certs, and that the individual
application was the wrong level to be managing them. (Somebody please step
in and tell me if I'm misremembering this)

As to the other question, for adding arbitrary resources, the best route
would probably be to create a plugin that ships with the application, that
includes that file. Plugins should have the ability to place arbitrary
files, while I think applications currently do not.


On Wed, Dec 11, 2013 at 4:27 AM, <Axel.Nennker@telekom.de> wrote:

> Hi,
>
>
>
> I think that the trustAllHosts parameter in FileTransfer is convenient but
> evil.
>
>
>
> I propose to add support for self-signed certs to FileTransfer.
>
> There does NOT seem to be an open issue for this on Jira:
>
>
> https://issues.apache.org/jira/browse/CB-3576?jql=project%20%3D%20CB%20AND%20text%20~%20self-signed
>
>
>
> Do you think that this is a good/needed/superfluous effort?
>
> Should I create an issue?
>
>
>
> I created an initial Android implementation here:
>
> https://github.com/AxelNennker/cordova-plugin-file-transfer
>
>
>
> Usage would be as follows:
>
> - Add a line like this to www/config.xml
>
>     <preference name="org.apache.cordova.file-transfer.cacerts"
> value="cacerts.pem" />
>
>
>
> Put the cert into a file and store it into the projects asset directory
>
> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ ls -l
> platforms/android/assets/
>
> insgesamt 8
>
> -rwxrwxrwx 1 root root 1310 Dez 10 21:46 cacerts.pem
>
> drwxrwxrwx 1 root root 4096 Dez 10 22:51 www
>
> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ cat
> platforms/android/assets/cacerts.pem
>
> -----BEGIN CERTIFICATE-----
>
> MIIDizCCAnOgAwIBAgIJAPh3RC7M50KHMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
>
> BAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UE
>
> CgwOVC1MYWJzIE5lbm5rZXIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMzEyMTAy
>
> MDQyNTFaFw0xNDEyMTAyMDQyNTFaMFwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZC
>
> ZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UECgwOVC1MYWJzIE5lbm5rZXIx
>
> EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
>
> ggEBANmBMf9r86HiavL10WzVpbBt03JY9JUppwY1BZKtjejw9b7tLypgueBAGBSB
>
> jpb5KoaIj01xkGMCySK15JNOgwf2U3zbgmt/IBg5Vk3tBxvGr9i2S3wqmJgeXpcb
>
> 8mAgkf/93l2/a/anftwIE6XfmWZqy4nxdX+AZ9hKnyfZs2bW1zxzydOlcFH3NB2e
>
> LXWFbYOtTt4jrP9VIM4FL1I+q9RVi5zjNLWayLsEpIRtD9h/kZ5A4S+r16XYvzqp
>
> vec5oJ+bOEs7kA2FtFzFeZXASxLd+5Zlx0j/uB0J+iY9y0TOWTcePRJV+d8nQB5p
>
> rpQ9zBxHiLJmnO+0sn6N1/FnomUCAwEAAaNQME4wHQYDVR0OBBYEFCXon1DQdFzw
>
> URRTzdQGWQ2I0abMMB8GA1UdIwQYMBaAFCXon1DQdFzwURRTzdQGWQ2I0abMMAwG
>
> A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAM17byCO4c/wiDgLYHywM6jd
>
> fsNP8FL+Bm6Itv1s6mNEQELR8XdQJHGB+TU3WAZk8avXNvFzPwpEN3f/QvAQjN7l
>
> noXT+rRkRHJKALSZe2AfBDP7WX9ibk5Vnm3PVnQa46f8vbvuxVEUu5e1YKcR1kXe
>
> booucDCp1g3vc9K6tbSyKS04CA+ys6pKHpqlxxVqSxe+1Kii3CeBLVcDXYrQvI22
>
> bi7xIMmV5njur+vkJKaHZtM6LuGe0k5Yw881/CBHCf7Vg3iZt8cqXC1OUo4qLV30
>
> 0x+alWlFoz9xtiKcfiaQwQL8O3Uip9VoK52XFGbi9yiTqTDuc1zYpHX8V/cbS3U=
>
> -----END CERTIFICATE-----
>
> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$
>
>
>
> The implementation is here:
>
>
> https://github.com/AxelNennker/cordova-plugin-file-transfer/blob/master/src/android/FileTransfer.java#L100
>
>
>
> I have a general question: How does an application programmer (cordova
> user) specify resources to be added to the project.
>
> I think that merges could be a way to do this but this always merges files
> into the platforms www directory.
>
> On Android this is platforms/android/assets/www but I don't want the file
> there.
>
>
>
> Cheers
>
> Axel
>
>
>
>
>
>
>

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message