You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@cordova.apache.org by Ax...@telekom.de on 2013/12/11 10:27:18 UTC
Support self-signed certs in FileTransfer
Hi,
I think that the trustAllHosts parameter in FileTransfer is convenient but evil.
I propose to add support for self-signed certs to FileTransfer.
There does NOT seem to be an open issue for this on Jira:
https://issues.apache.org/jira/browse/CB-3576?jql=project%20%3D%20CB%20AND%20text%20~%20self-signed
Do you think that this is a good/needed/superfluous effort?
Should I create an issue?
I created an initial Android implementation here:
https://github.com/AxelNennker/cordova-plugin-file-transfer
Usage would be as follows:
- Add a line like this to www/config.xml
<preference name="org.apache.cordova.file-transfer.cacerts" value="cacerts.pem" />
Put the cert into a file and store it into the projects asset directory
ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ ls -l platforms/android/assets/
insgesamt 8
-rwxrwxrwx 1 root root 1310 Dez 10 21:46 cacerts.pem
drwxrwxrwx 1 root root 4096 Dez 10 22:51 www
ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ cat platforms/android/assets/cacerts.pem
-----BEGIN CERTIFICATE-----
MIIDizCCAnOgAwIBAgIJAPh3RC7M50KHMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
BAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UE
CgwOVC1MYWJzIE5lbm5rZXIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMzEyMTAy
MDQyNTFaFw0xNDEyMTAyMDQyNTFaMFwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZC
ZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UECgwOVC1MYWJzIE5lbm5rZXIx
EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
ggEBANmBMf9r86HiavL10WzVpbBt03JY9JUppwY1BZKtjejw9b7tLypgueBAGBSB
jpb5KoaIj01xkGMCySK15JNOgwf2U3zbgmt/IBg5Vk3tBxvGr9i2S3wqmJgeXpcb
8mAgkf/93l2/a/anftwIE6XfmWZqy4nxdX+AZ9hKnyfZs2bW1zxzydOlcFH3NB2e
LXWFbYOtTt4jrP9VIM4FL1I+q9RVi5zjNLWayLsEpIRtD9h/kZ5A4S+r16XYvzqp
vec5oJ+bOEs7kA2FtFzFeZXASxLd+5Zlx0j/uB0J+iY9y0TOWTcePRJV+d8nQB5p
rpQ9zBxHiLJmnO+0sn6N1/FnomUCAwEAAaNQME4wHQYDVR0OBBYEFCXon1DQdFzw
URRTzdQGWQ2I0abMMB8GA1UdIwQYMBaAFCXon1DQdFzwURRTzdQGWQ2I0abMMAwG
A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAM17byCO4c/wiDgLYHywM6jd
fsNP8FL+Bm6Itv1s6mNEQELR8XdQJHGB+TU3WAZk8avXNvFzPwpEN3f/QvAQjN7l
noXT+rRkRHJKALSZe2AfBDP7WX9ibk5Vnm3PVnQa46f8vbvuxVEUu5e1YKcR1kXe
booucDCp1g3vc9K6tbSyKS04CA+ys6pKHpqlxxVqSxe+1Kii3CeBLVcDXYrQvI22
bi7xIMmV5njur+vkJKaHZtM6LuGe0k5Yw881/CBHCf7Vg3iZt8cqXC1OUo4qLV30
0x+alWlFoz9xtiKcfiaQwQL8O3Uip9VoK52XFGbi9yiTqTDuc1zYpHX8V/cbS3U=
-----END CERTIFICATE-----
ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$
The implementation is here:
https://github.com/AxelNennker/cordova-plugin-file-transfer/blob/master/src/android/FileTransfer.java#L100
I have a general question: How does an application programmer (cordova user) specify resources to be added to the project.
I think that merges could be a way to do this but this always merges files into the platforms www directory.
On Android this is platforms/android/assets/www but I don't want the file there.
Cheers
Axel
Re: Support self-signed certs in FileTransfer
Posted by Axel Nennker <ig...@gmail.com>.
Actually this is not only for enterprise apps.
The way I implemented the first version is so that _only_ this cert is
trusted but no other.
If you have an app talking to your backend you might want to pin the SSL
connection to certs shipped with the app.
If you renew the cert you would add the new cert to the list of trusted
certs.
Using self-signed certs is only one use case.
Sorry for the misleading subject line of my initial email.
Maybe this should be renamed to "Allow app to specify trusted certs for
FileTransfer".
To the resources discussion: A plugin is not the solution. I want to
provide parameters to a plugin. I think we can not assume that app
developers want to write plugins they want to use them (with parameters).
An ugly "solution" would be to put the cert(s) into config.xml
<preference name="org.apache.cordova.plugin.filetransfer.cacerts">
------- BEGIN CERTIFICATE ---------
MII....
</preference>
Axel
2013/12/11 Andrew Grieve <ag...@chromium.org>
> Yeah, plugins should be able to have resource files. <resource> might be a
> better tag name.
>
> I actually like the idea of app-level self-signed certs. For many, putting
> certs on device is too much trouble to be feasible. If you're building an
> enterprise app, putting the cert in your app makes sense.
>
> Would be good if it could be done app-wide instead of on a per-plugin basis
> though.
>
>
> On Wed, Dec 11, 2013 at 9:39 AM, Ian Clelland <iclelland@chromium.org
> >wrote:
>
> > On Wed, Dec 11, 2013 at 9:36 AM, Ian Clelland <iclelland@chromium.org
> > >wrote:
> >
> > > As to the other question, for adding arbitrary resources, the best
> route
> > > would probably be to create a plugin that ships with the application,
> > that
> > > includes that file. Plugins should have the ability to place arbitrary
> > > files, while I think applications currently do not.
> > >
> >
> > I just looked through plugman, and at least the android handler doesn't
> do
> > this. <source-file> necessarily goes to /src/, <lib-file> necessarily
> goes
> > to /libs/, and there are no other options.
> >
> > :(
> >
> > What do we think of adding something like <asset-file> to the plugin
> spec?
> > Or to the top-level {config|app}.xml, so that devs can do this at the
> > application level?
> >
> > Ian
> >
> >
> > >
> > >
> > > On Wed, Dec 11, 2013 at 4:27 AM, <Ax...@telekom.de> wrote:
> > >
> > >> Hi,
> > >>
> > >>
> > >>
> > >> I think that the trustAllHosts parameter in FileTransfer is convenient
> > >> but evil.
> > >>
> > >>
> > >>
> > >> I propose to add support for self-signed certs to FileTransfer.
> > >>
> > >> There does NOT seem to be an open issue for this on Jira:
> > >>
> > >>
> > >>
> >
> https://issues.apache.org/jira/browse/CB-3576?jql=project%20%3D%20CB%20AND%20text%20~%20self-signed
> > >>
> > >>
> > >>
> > >> Do you think that this is a good/needed/superfluous effort?
> > >>
> > >> Should I create an issue?
> > >>
> > >>
> > >>
> > >> I created an initial Android implementation here:
> > >>
> > >> https://github.com/AxelNennker/cordova-plugin-file-transfer
> > >>
> > >>
> > >>
> > >> Usage would be as follows:
> > >>
> > >> - Add a line like this to www/config.xml
> > >>
> > >> <preference name="org.apache.cordova.file-transfer.cacerts"
> > >> value="cacerts.pem" />
> > >>
> > >>
> > >>
> > >> Put the cert into a file and store it into the projects asset
> directory
> > >>
> > >> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ ls -l
> > >> platforms/android/assets/
> > >>
> > >> insgesamt 8
> > >>
> > >> -rwxrwxrwx 1 root root 1310 Dez 10 21:46 cacerts.pem
> > >>
> > >> drwxrwxrwx 1 root root 4096 Dez 10 22:51 www
> > >>
> > >> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ cat
> > >> platforms/android/assets/cacerts.pem
> > >>
> > >> -----BEGIN CERTIFICATE-----
> > >>
> > >> MIIDizCCAnOgAwIBAgIJAPh3RC7M50KHMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
> > >>
> > >> BAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UE
> > >>
> > >> CgwOVC1MYWJzIE5lbm5rZXIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMzEyMTAy
> > >>
> > >> MDQyNTFaFw0xNDEyMTAyMDQyNTFaMFwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZC
> > >>
> > >> ZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UECgwOVC1MYWJzIE5lbm5rZXIx
> > >>
> > >> EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
> > >>
> > >> ggEBANmBMf9r86HiavL10WzVpbBt03JY9JUppwY1BZKtjejw9b7tLypgueBAGBSB
> > >>
> > >> jpb5KoaIj01xkGMCySK15JNOgwf2U3zbgmt/IBg5Vk3tBxvGr9i2S3wqmJgeXpcb
> > >>
> > >> 8mAgkf/93l2/a/anftwIE6XfmWZqy4nxdX+AZ9hKnyfZs2bW1zxzydOlcFH3NB2e
> > >>
> > >> LXWFbYOtTt4jrP9VIM4FL1I+q9RVi5zjNLWayLsEpIRtD9h/kZ5A4S+r16XYvzqp
> > >>
> > >> vec5oJ+bOEs7kA2FtFzFeZXASxLd+5Zlx0j/uB0J+iY9y0TOWTcePRJV+d8nQB5p
> > >>
> > >> rpQ9zBxHiLJmnO+0sn6N1/FnomUCAwEAAaNQME4wHQYDVR0OBBYEFCXon1DQdFzw
> > >>
> > >> URRTzdQGWQ2I0abMMB8GA1UdIwQYMBaAFCXon1DQdFzwURRTzdQGWQ2I0abMMAwG
> > >>
> > >> A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAM17byCO4c/wiDgLYHywM6jd
> > >>
> > >> fsNP8FL+Bm6Itv1s6mNEQELR8XdQJHGB+TU3WAZk8avXNvFzPwpEN3f/QvAQjN7l
> > >>
> > >> noXT+rRkRHJKALSZe2AfBDP7WX9ibk5Vnm3PVnQa46f8vbvuxVEUu5e1YKcR1kXe
> > >>
> > >> booucDCp1g3vc9K6tbSyKS04CA+ys6pKHpqlxxVqSxe+1Kii3CeBLVcDXYrQvI22
> > >>
> > >> bi7xIMmV5njur+vkJKaHZtM6LuGe0k5Yw881/CBHCf7Vg3iZt8cqXC1OUo4qLV30
> > >>
> > >> 0x+alWlFoz9xtiKcfiaQwQL8O3Uip9VoK52XFGbi9yiTqTDuc1zYpHX8V/cbS3U=
> > >>
> > >> -----END CERTIFICATE-----
> > >>
> > >> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$
> > >>
> > >>
> > >>
> > >> The implementation is here:
> > >>
> > >>
> > >>
> >
> https://github.com/AxelNennker/cordova-plugin-file-transfer/blob/master/src/android/FileTransfer.java#L100
> > >>
> > >>
> > >>
> > >> I have a general question: How does an application programmer (cordova
> > >> user) specify resources to be added to the project.
> > >>
> > >> I think that merges could be a way to do this but this always merges
> > >> files into the platforms www directory.
> > >>
> > >> On Android this is platforms/android/assets/www but I don't want the
> > file
> > >> there.
> > >>
> > >>
> > >>
> > >> Cheers
> > >>
> > >> Axel
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >
> >
>
Re: Support self-signed certs in FileTransfer
Posted by Andrew Grieve <ag...@chromium.org>.
Yeah, plugins should be able to have resource files. <resource> might be a
better tag name.
I actually like the idea of app-level self-signed certs. For many, putting
certs on device is too much trouble to be feasible. If you're building an
enterprise app, putting the cert in your app makes sense.
Would be good if it could be done app-wide instead of on a per-plugin basis
though.
On Wed, Dec 11, 2013 at 9:39 AM, Ian Clelland <ic...@chromium.org>wrote:
> On Wed, Dec 11, 2013 at 9:36 AM, Ian Clelland <iclelland@chromium.org
> >wrote:
>
> > As to the other question, for adding arbitrary resources, the best route
> > would probably be to create a plugin that ships with the application,
> that
> > includes that file. Plugins should have the ability to place arbitrary
> > files, while I think applications currently do not.
> >
>
> I just looked through plugman, and at least the android handler doesn't do
> this. <source-file> necessarily goes to /src/, <lib-file> necessarily goes
> to /libs/, and there are no other options.
>
> :(
>
> What do we think of adding something like <asset-file> to the plugin spec?
> Or to the top-level {config|app}.xml, so that devs can do this at the
> application level?
>
> Ian
>
>
> >
> >
> > On Wed, Dec 11, 2013 at 4:27 AM, <Ax...@telekom.de> wrote:
> >
> >> Hi,
> >>
> >>
> >>
> >> I think that the trustAllHosts parameter in FileTransfer is convenient
> >> but evil.
> >>
> >>
> >>
> >> I propose to add support for self-signed certs to FileTransfer.
> >>
> >> There does NOT seem to be an open issue for this on Jira:
> >>
> >>
> >>
> https://issues.apache.org/jira/browse/CB-3576?jql=project%20%3D%20CB%20AND%20text%20~%20self-signed
> >>
> >>
> >>
> >> Do you think that this is a good/needed/superfluous effort?
> >>
> >> Should I create an issue?
> >>
> >>
> >>
> >> I created an initial Android implementation here:
> >>
> >> https://github.com/AxelNennker/cordova-plugin-file-transfer
> >>
> >>
> >>
> >> Usage would be as follows:
> >>
> >> - Add a line like this to www/config.xml
> >>
> >> <preference name="org.apache.cordova.file-transfer.cacerts"
> >> value="cacerts.pem" />
> >>
> >>
> >>
> >> Put the cert into a file and store it into the projects asset directory
> >>
> >> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ ls -l
> >> platforms/android/assets/
> >>
> >> insgesamt 8
> >>
> >> -rwxrwxrwx 1 root root 1310 Dez 10 21:46 cacerts.pem
> >>
> >> drwxrwxrwx 1 root root 4096 Dez 10 22:51 www
> >>
> >> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ cat
> >> platforms/android/assets/cacerts.pem
> >>
> >> -----BEGIN CERTIFICATE-----
> >>
> >> MIIDizCCAnOgAwIBAgIJAPh3RC7M50KHMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
> >>
> >> BAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UE
> >>
> >> CgwOVC1MYWJzIE5lbm5rZXIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMzEyMTAy
> >>
> >> MDQyNTFaFw0xNDEyMTAyMDQyNTFaMFwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZC
> >>
> >> ZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UECgwOVC1MYWJzIE5lbm5rZXIx
> >>
> >> EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
> >>
> >> ggEBANmBMf9r86HiavL10WzVpbBt03JY9JUppwY1BZKtjejw9b7tLypgueBAGBSB
> >>
> >> jpb5KoaIj01xkGMCySK15JNOgwf2U3zbgmt/IBg5Vk3tBxvGr9i2S3wqmJgeXpcb
> >>
> >> 8mAgkf/93l2/a/anftwIE6XfmWZqy4nxdX+AZ9hKnyfZs2bW1zxzydOlcFH3NB2e
> >>
> >> LXWFbYOtTt4jrP9VIM4FL1I+q9RVi5zjNLWayLsEpIRtD9h/kZ5A4S+r16XYvzqp
> >>
> >> vec5oJ+bOEs7kA2FtFzFeZXASxLd+5Zlx0j/uB0J+iY9y0TOWTcePRJV+d8nQB5p
> >>
> >> rpQ9zBxHiLJmnO+0sn6N1/FnomUCAwEAAaNQME4wHQYDVR0OBBYEFCXon1DQdFzw
> >>
> >> URRTzdQGWQ2I0abMMB8GA1UdIwQYMBaAFCXon1DQdFzwURRTzdQGWQ2I0abMMAwG
> >>
> >> A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAM17byCO4c/wiDgLYHywM6jd
> >>
> >> fsNP8FL+Bm6Itv1s6mNEQELR8XdQJHGB+TU3WAZk8avXNvFzPwpEN3f/QvAQjN7l
> >>
> >> noXT+rRkRHJKALSZe2AfBDP7WX9ibk5Vnm3PVnQa46f8vbvuxVEUu5e1YKcR1kXe
> >>
> >> booucDCp1g3vc9K6tbSyKS04CA+ys6pKHpqlxxVqSxe+1Kii3CeBLVcDXYrQvI22
> >>
> >> bi7xIMmV5njur+vkJKaHZtM6LuGe0k5Yw881/CBHCf7Vg3iZt8cqXC1OUo4qLV30
> >>
> >> 0x+alWlFoz9xtiKcfiaQwQL8O3Uip9VoK52XFGbi9yiTqTDuc1zYpHX8V/cbS3U=
> >>
> >> -----END CERTIFICATE-----
> >>
> >> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$
> >>
> >>
> >>
> >> The implementation is here:
> >>
> >>
> >>
> https://github.com/AxelNennker/cordova-plugin-file-transfer/blob/master/src/android/FileTransfer.java#L100
> >>
> >>
> >>
> >> I have a general question: How does an application programmer (cordova
> >> user) specify resources to be added to the project.
> >>
> >> I think that merges could be a way to do this but this always merges
> >> files into the platforms www directory.
> >>
> >> On Android this is platforms/android/assets/www but I don't want the
> file
> >> there.
> >>
> >>
> >>
> >> Cheers
> >>
> >> Axel
> >>
> >>
> >>
> >>
> >>
> >>
> >>
> >
>
Re: Support self-signed certs in FileTransfer
Posted by Ian Clelland <ic...@chromium.org>.
On Wed, Dec 11, 2013 at 9:36 AM, Ian Clelland <ic...@chromium.org>wrote:
> As to the other question, for adding arbitrary resources, the best route
> would probably be to create a plugin that ships with the application, that
> includes that file. Plugins should have the ability to place arbitrary
> files, while I think applications currently do not.
>
I just looked through plugman, and at least the android handler doesn't do
this. <source-file> necessarily goes to /src/, <lib-file> necessarily goes
to /libs/, and there are no other options.
:(
What do we think of adding something like <asset-file> to the plugin spec?
Or to the top-level {config|app}.xml, so that devs can do this at the
application level?
Ian
>
>
> On Wed, Dec 11, 2013 at 4:27 AM, <Ax...@telekom.de> wrote:
>
>> Hi,
>>
>>
>>
>> I think that the trustAllHosts parameter in FileTransfer is convenient
>> but evil.
>>
>>
>>
>> I propose to add support for self-signed certs to FileTransfer.
>>
>> There does NOT seem to be an open issue for this on Jira:
>>
>>
>> https://issues.apache.org/jira/browse/CB-3576?jql=project%20%3D%20CB%20AND%20text%20~%20self-signed
>>
>>
>>
>> Do you think that this is a good/needed/superfluous effort?
>>
>> Should I create an issue?
>>
>>
>>
>> I created an initial Android implementation here:
>>
>> https://github.com/AxelNennker/cordova-plugin-file-transfer
>>
>>
>>
>> Usage would be as follows:
>>
>> - Add a line like this to www/config.xml
>>
>> <preference name="org.apache.cordova.file-transfer.cacerts"
>> value="cacerts.pem" />
>>
>>
>>
>> Put the cert into a file and store it into the projects asset directory
>>
>> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ ls -l
>> platforms/android/assets/
>>
>> insgesamt 8
>>
>> -rwxrwxrwx 1 root root 1310 Dez 10 21:46 cacerts.pem
>>
>> drwxrwxrwx 1 root root 4096 Dez 10 22:51 www
>>
>> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ cat
>> platforms/android/assets/cacerts.pem
>>
>> -----BEGIN CERTIFICATE-----
>>
>> MIIDizCCAnOgAwIBAgIJAPh3RC7M50KHMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
>>
>> BAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UE
>>
>> CgwOVC1MYWJzIE5lbm5rZXIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMzEyMTAy
>>
>> MDQyNTFaFw0xNDEyMTAyMDQyNTFaMFwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZC
>>
>> ZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UECgwOVC1MYWJzIE5lbm5rZXIx
>>
>> EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
>>
>> ggEBANmBMf9r86HiavL10WzVpbBt03JY9JUppwY1BZKtjejw9b7tLypgueBAGBSB
>>
>> jpb5KoaIj01xkGMCySK15JNOgwf2U3zbgmt/IBg5Vk3tBxvGr9i2S3wqmJgeXpcb
>>
>> 8mAgkf/93l2/a/anftwIE6XfmWZqy4nxdX+AZ9hKnyfZs2bW1zxzydOlcFH3NB2e
>>
>> LXWFbYOtTt4jrP9VIM4FL1I+q9RVi5zjNLWayLsEpIRtD9h/kZ5A4S+r16XYvzqp
>>
>> vec5oJ+bOEs7kA2FtFzFeZXASxLd+5Zlx0j/uB0J+iY9y0TOWTcePRJV+d8nQB5p
>>
>> rpQ9zBxHiLJmnO+0sn6N1/FnomUCAwEAAaNQME4wHQYDVR0OBBYEFCXon1DQdFzw
>>
>> URRTzdQGWQ2I0abMMB8GA1UdIwQYMBaAFCXon1DQdFzwURRTzdQGWQ2I0abMMAwG
>>
>> A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAM17byCO4c/wiDgLYHywM6jd
>>
>> fsNP8FL+Bm6Itv1s6mNEQELR8XdQJHGB+TU3WAZk8avXNvFzPwpEN3f/QvAQjN7l
>>
>> noXT+rRkRHJKALSZe2AfBDP7WX9ibk5Vnm3PVnQa46f8vbvuxVEUu5e1YKcR1kXe
>>
>> booucDCp1g3vc9K6tbSyKS04CA+ys6pKHpqlxxVqSxe+1Kii3CeBLVcDXYrQvI22
>>
>> bi7xIMmV5njur+vkJKaHZtM6LuGe0k5Yw881/CBHCf7Vg3iZt8cqXC1OUo4qLV30
>>
>> 0x+alWlFoz9xtiKcfiaQwQL8O3Uip9VoK52XFGbi9yiTqTDuc1zYpHX8V/cbS3U=
>>
>> -----END CERTIFICATE-----
>>
>> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$
>>
>>
>>
>> The implementation is here:
>>
>>
>> https://github.com/AxelNennker/cordova-plugin-file-transfer/blob/master/src/android/FileTransfer.java#L100
>>
>>
>>
>> I have a general question: How does an application programmer (cordova
>> user) specify resources to be added to the project.
>>
>> I think that merges could be a way to do this but this always merges
>> files into the platforms www directory.
>>
>> On Android this is platforms/android/assets/www but I don't want the file
>> there.
>>
>>
>>
>> Cheers
>>
>> Axel
>>
>>
>>
>>
>>
>>
>>
>
Re: Support self-signed certs in FileTransfer
Posted by Ian Clelland <ic...@chromium.org>.
There was some talk on the list a couple months ago about this -- not for
file-transfer specifically, but the general idea of supporting custom
certificates, or CAs in Cordova.
I think that, after a number of emails, we concluded that for users who
have legitimate custom certificate requirements, that there should be
os-policy-level mechanisms for adding custom certs, and that the individual
application was the wrong level to be managing them. (Somebody please step
in and tell me if I'm misremembering this)
As to the other question, for adding arbitrary resources, the best route
would probably be to create a plugin that ships with the application, that
includes that file. Plugins should have the ability to place arbitrary
files, while I think applications currently do not.
On Wed, Dec 11, 2013 at 4:27 AM, <Ax...@telekom.de> wrote:
> Hi,
>
>
>
> I think that the trustAllHosts parameter in FileTransfer is convenient but
> evil.
>
>
>
> I propose to add support for self-signed certs to FileTransfer.
>
> There does NOT seem to be an open issue for this on Jira:
>
>
> https://issues.apache.org/jira/browse/CB-3576?jql=project%20%3D%20CB%20AND%20text%20~%20self-signed
>
>
>
> Do you think that this is a good/needed/superfluous effort?
>
> Should I create an issue?
>
>
>
> I created an initial Android implementation here:
>
> https://github.com/AxelNennker/cordova-plugin-file-transfer
>
>
>
> Usage would be as follows:
>
> - Add a line like this to www/config.xml
>
> <preference name="org.apache.cordova.file-transfer.cacerts"
> value="cacerts.pem" />
>
>
>
> Put the cert into a file and store it into the projects asset directory
>
> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ ls -l
> platforms/android/assets/
>
> insgesamt 8
>
> -rwxrwxrwx 1 root root 1310 Dez 10 21:46 cacerts.pem
>
> drwxrwxrwx 1 root root 4096 Dez 10 22:51 www
>
> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ cat
> platforms/android/assets/cacerts.pem
>
> -----BEGIN CERTIFICATE-----
>
> MIIDizCCAnOgAwIBAgIJAPh3RC7M50KHMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
>
> BAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UE
>
> CgwOVC1MYWJzIE5lbm5rZXIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMzEyMTAy
>
> MDQyNTFaFw0xNDEyMTAyMDQyNTFaMFwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZC
>
> ZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UECgwOVC1MYWJzIE5lbm5rZXIx
>
> EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
>
> ggEBANmBMf9r86HiavL10WzVpbBt03JY9JUppwY1BZKtjejw9b7tLypgueBAGBSB
>
> jpb5KoaIj01xkGMCySK15JNOgwf2U3zbgmt/IBg5Vk3tBxvGr9i2S3wqmJgeXpcb
>
> 8mAgkf/93l2/a/anftwIE6XfmWZqy4nxdX+AZ9hKnyfZs2bW1zxzydOlcFH3NB2e
>
> LXWFbYOtTt4jrP9VIM4FL1I+q9RVi5zjNLWayLsEpIRtD9h/kZ5A4S+r16XYvzqp
>
> vec5oJ+bOEs7kA2FtFzFeZXASxLd+5Zlx0j/uB0J+iY9y0TOWTcePRJV+d8nQB5p
>
> rpQ9zBxHiLJmnO+0sn6N1/FnomUCAwEAAaNQME4wHQYDVR0OBBYEFCXon1DQdFzw
>
> URRTzdQGWQ2I0abMMB8GA1UdIwQYMBaAFCXon1DQdFzwURRTzdQGWQ2I0abMMAwG
>
> A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAM17byCO4c/wiDgLYHywM6jd
>
> fsNP8FL+Bm6Itv1s6mNEQELR8XdQJHGB+TU3WAZk8avXNvFzPwpEN3f/QvAQjN7l
>
> noXT+rRkRHJKALSZe2AfBDP7WX9ibk5Vnm3PVnQa46f8vbvuxVEUu5e1YKcR1kXe
>
> booucDCp1g3vc9K6tbSyKS04CA+ys6pKHpqlxxVqSxe+1Kii3CeBLVcDXYrQvI22
>
> bi7xIMmV5njur+vkJKaHZtM6LuGe0k5Yw881/CBHCf7Vg3iZt8cqXC1OUo4qLV30
>
> 0x+alWlFoz9xtiKcfiaQwQL8O3Uip9VoK52XFGbi9yiTqTDuc1zYpHX8V/cbS3U=
>
> -----END CERTIFICATE-----
>
> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$
>
>
>
> The implementation is here:
>
>
> https://github.com/AxelNennker/cordova-plugin-file-transfer/blob/master/src/android/FileTransfer.java#L100
>
>
>
> I have a general question: How does an application programmer (cordova
> user) specify resources to be added to the project.
>
> I think that merges could be a way to do this but this always merges files
> into the platforms www directory.
>
> On Android this is platforms/android/assets/www but I don't want the file
> there.
>
>
>
> Cheers
>
> Axel
>
>
>
>
>
>
>