Actually this is not only for enterprise apps.
The way I implemented the first version is so that _only_ this cert is
trusted but no other.
If you have an app talking to your backend you might want to pin the SSL
connection to certs shipped with the app.
If you renew the cert you would add the new cert to the list of trusted
certs.
Using self-signed certs is only one use case.
Sorry for the misleading subject line of my initial email.
Maybe this should be renamed to "Allow app to specify trusted certs for
FileTransfer".
To the resources discussion: A plugin is not the solution. I want to
provide parameters to a plugin. I think we can not assume that app
developers want to write plugins they want to use them (with parameters).
An ugly "solution" would be to put the cert(s) into config.xml
<preference name="org.apache.cordova.plugin.filetransfer.cacerts">
------- BEGIN CERTIFICATE ---------
MII....
</preference>
Axel
2013/12/11 Andrew Grieve <agri...@chromium.org>
> Yeah, plugins should be able to have resource files. <resource> might be a
> better tag name.
>
> I actually like the idea of app-level self-signed certs. For many, putting
> certs on device is too much trouble to be feasible. If you're building an
> enterprise app, putting the cert in your app makes sense.
>
> Would be good if it could be done app-wide instead of on a per-plugin basis
> though.
>
>
> On Wed, Dec 11, 2013 at 9:39 AM, Ian Clelland <iclell...@chromium.org
> >wrote:
>
> > On Wed, Dec 11, 2013 at 9:36 AM, Ian Clelland <iclell...@chromium.org
> > >wrote:
> >
> > > As to the other question, for adding arbitrary resources, the best
> route
> > > would probably be to create a plugin that ships with the application,
> > that
> > > includes that file. Plugins should have the ability to place arbitrary
> > > files, while I think applications currently do not.
> > >
> >
> > I just looked through plugman, and at least the android handler doesn't
> do
> > this. <source-file> necessarily goes to /src/, <lib-file> necessarily
> goes
> > to /libs/, and there are no other options.
> >
> > :(
> >
> > What do we think of adding something like <asset-file> to the plugin
> spec?
> > Or to the top-level {config|app}.xml, so that devs can do this at the
> > application level?
> >
> > Ian
> >
> >
> > >
> > >
> > > On Wed, Dec 11, 2013 at 4:27 AM, <axel.nenn...@telekom.de> wrote:
> > >
> > >> Hi,
> > >>
> > >>
> > >>
> > >> I think that the trustAllHosts parameter in FileTransfer is convenient
> > >> but evil.
> > >>
> > >>
> > >>
> > >> I propose to add support for self-signed certs to FileTransfer.
> > >>
> > >> There does NOT seem to be an open issue for this on Jira:
> > >>
> > >>
> > >>
> >
> https://issues.apache.org/jira/browse/CB-3576?jql=project%20%3D%20CB%20AND%20text%20~%20self-signed
> > >>
> > >>
> > >>
> > >> Do you think that this is a good/needed/superfluous effort?
> > >>
> > >> Should I create an issue?
> > >>
> > >>
> > >>
> > >> I created an initial Android implementation here:
> > >>
> > >> https://github.com/AxelNennker/cordova-plugin-file-transfer
> > >>
> > >>
> > >>
> > >> Usage would be as follows:
> > >>
> > >> - Add a line like this to www/config.xml
> > >>
> > >> <preference name="org.apache.cordova.file-transfer.cacerts"
> > >> value="cacerts.pem" />
> > >>
> > >>
> > >>
> > >> Put the cert into a file and store it into the projects asset
> directory
> > >>
> > >> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ ls -l
> > >> platforms/android/assets/
> > >>
> > >> insgesamt 8
> > >>
> > >> -rwxrwxrwx 1 root root 1310 Dez 10 21:46 cacerts.pem
> > >>
> > >> drwxrwxrwx 1 root root 4096 Dez 10 22:51 www
> > >>
> > >> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$ cat
> > >> platforms/android/assets/cacerts.pem
> > >>
> > >> -----BEGIN CERTIFICATE-----
> > >>
> > >> MIIDizCCAnOgAwIBAgIJAPh3RC7M50KHMA0GCSqGSIb3DQEBBQUAMFwxCzAJBgNV
> > >>
> > >> BAYTAkRFMQ8wDQYDVQQIDAZCZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UE
> > >>
> > >> CgwOVC1MYWJzIE5lbm5rZXIxEjAQBgNVBAMMCWxvY2FsaG9zdDAeFw0xMzEyMTAy
> > >>
> > >> MDQyNTFaFw0xNDEyMTAyMDQyNTFaMFwxCzAJBgNVBAYTAkRFMQ8wDQYDVQQIDAZC
> > >>
> > >> ZXJsaW4xDzANBgNVBAcMBkJlcmxpbjEXMBUGA1UECgwOVC1MYWJzIE5lbm5rZXIx
> > >>
> > >> EjAQBgNVBAMMCWxvY2FsaG9zdDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoC
> > >>
> > >> ggEBANmBMf9r86HiavL10WzVpbBt03JY9JUppwY1BZKtjejw9b7tLypgueBAGBSB
> > >>
> > >> jpb5KoaIj01xkGMCySK15JNOgwf2U3zbgmt/IBg5Vk3tBxvGr9i2S3wqmJgeXpcb
> > >>
> > >> 8mAgkf/93l2/a/anftwIE6XfmWZqy4nxdX+AZ9hKnyfZs2bW1zxzydOlcFH3NB2e
> > >>
> > >> LXWFbYOtTt4jrP9VIM4FL1I+q9RVi5zjNLWayLsEpIRtD9h/kZ5A4S+r16XYvzqp
> > >>
> > >> vec5oJ+bOEs7kA2FtFzFeZXASxLd+5Zlx0j/uB0J+iY9y0TOWTcePRJV+d8nQB5p
> > >>
> > >> rpQ9zBxHiLJmnO+0sn6N1/FnomUCAwEAAaNQME4wHQYDVR0OBBYEFCXon1DQdFzw
> > >>
> > >> URRTzdQGWQ2I0abMMB8GA1UdIwQYMBaAFCXon1DQdFzwURRTzdQGWQ2I0abMMAwG
> > >>
> > >> A1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAM17byCO4c/wiDgLYHywM6jd
> > >>
> > >> fsNP8FL+Bm6Itv1s6mNEQELR8XdQJHGB+TU3WAZk8avXNvFzPwpEN3f/QvAQjN7l
> > >>
> > >> noXT+rRkRHJKALSZe2AfBDP7WX9ibk5Vnm3PVnQa46f8vbvuxVEUu5e1YKcR1kXe
> > >>
> > >> booucDCp1g3vc9K6tbSyKS04CA+ys6pKHpqlxxVqSxe+1Kii3CeBLVcDXYrQvI22
> > >>
> > >> bi7xIMmV5njur+vkJKaHZtM6LuGe0k5Yw881/CBHCf7Vg3iZt8cqXC1OUo4qLV30
> > >>
> > >> 0x+alWlFoz9xtiKcfiaQwQL8O3Uip9VoK52XFGbi9yiTqTDuc1zYpHX8V/cbS3U=
> > >>
> > >> -----END CERTIFICATE-----
> > >>
> > >> ignisvulpis@ubuntu:/host/cordova-plugin-file-transfer/phonegap$
> > >>
> > >>
> > >>
> > >> The implementation is here:
> > >>
> > >>
> > >>
> >
> https://github.com/AxelNennker/cordova-plugin-file-transfer/blob/master/src/android/FileTransfer.java#L100
> > >>
> > >>
> > >>
> > >> I have a general question: How does an application programmer (cordova
> > >> user) specify resources to be added to the project.
> > >>
> > >> I think that merges could be a way to do this but this always merges
> > >> files into the platforms www directory.
> > >>
> > >> On Android this is platforms/android/assets/www but I don't want the
> > file
> > >> there.
> > >>
> > >>
> > >>
> > >> Cheers
> > >>
> > >> Axel
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >>
> > >
> >
>
