You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@jackrabbit.apache.org by GitBox <gi...@apache.org> on 2020/07/16 13:45:03 UTC
[GitHub] [jackrabbit] reschke commented on a change in pull request #92: JCR-4536 optionally allow insecure TLS connections (self-signed cert,
reschke commented on a change in pull request #92:
URL: https://github.com/apache/jackrabbit/pull/92#discussion_r455772487
##########
File path: jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/ConnectionOptions.java
##########
@@ -0,0 +1,447 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.spi2dav;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+
+/**
+ * Advanced connection options to use for connections to a remote repository.
+ *
+ */
+public final class ConnectionOptions {
+
+ private final boolean isUseSystemPropertes;
+ private final int maxConnections;
+ private final boolean isAllowSelfSignedCertificates;
+ private final boolean isDisableHostnameVerification;
+ private final String proxyHost;
+ private final int proxyPort;
+ private final String proxyProtocol;
+ private final String proxyUsername;
+ private final String proxyPassword;
+ private final int connectionTimeoutMs;
+ private final int requestTimeoutMs;
+ private final int socketTimeoutMs;
+
+ /**
+ * Boolean flag whether to use the default Java system properties for setting proxy, TLS and further options.
+ * Default = {@code false}.
+ *
+ * @see <a href="https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html">HttpClientBuilder</a>
+ */
Review comment:
we should be able to use {@link ...} here
##########
File path: jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/ConnectionOptions.java
##########
@@ -0,0 +1,447 @@
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.apache.jackrabbit.spi2dav;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
+
+/**
+ * Advanced connection options to use for connections to a remote repository.
+ *
+ */
+public final class ConnectionOptions {
+
+ private final boolean isUseSystemPropertes;
+ private final int maxConnections;
+ private final boolean isAllowSelfSignedCertificates;
+ private final boolean isDisableHostnameVerification;
+ private final String proxyHost;
+ private final int proxyPort;
+ private final String proxyProtocol;
+ private final String proxyUsername;
+ private final String proxyPassword;
+ private final int connectionTimeoutMs;
+ private final int requestTimeoutMs;
+ private final int socketTimeoutMs;
+
+ /**
+ * Boolean flag whether to use the default Java system properties for setting proxy, TLS and further options.
+ * Default = {@code false}.
+ *
+ * @see <a href="https://hc.apache.org/httpcomponents-client-ga/httpclient/apidocs/org/apache/http/impl/client/HttpClientBuilder.html">HttpClientBuilder</a>
+ */
+ public static final String PARAM_USE_SYSTEM_PROPERTIES = "connection.useSystemProperties";
+
+ /**
+ * Boolean flag whether to allow self-signed certificates of remote repositories.
+ * Default = {@code false}.
+ */
+ public static final String PARAM_ALLOW_SELF_SIGNED_CERTIFICATES = "connection.allowSelfSignedCertificates";
+
+ /**
+ * Boolean flag whether to disable the host name verification against the common name of the server's certificate.
+ * Default = {@code false}.
+ */
+ public static final String PARAM_DISABLE_HOSTNAME_VERIFICATION = "connection.disableHostnameVerification";
+
+ /**
+ * The host of a proxy server.
+ */
+ public static final String PARAM_PROXY_HOST = "connection.proxyHost";
+
+ /**
+ * Integer value for the proxy's port. Only effective if {@link #PARAM_PROXY_HOST} is used as well. If -1 or not set the default for the scheme will be used.
+ */
+ public static final String PARAM_PROXY_PORT = "connection.proxyPort";
+
+ /**
+ * The protocol for which to use the proxy. Only effective if {@link #PARAM_PROXY_HOST} is used as well.
+ */
+ public static final String PARAM_PROXY_PROTOCOL = "connection.proxyProtocol";
+
+ /**
+ * The user name to authenticate at the proxy. Only effective if {@link #PARAM_PROXY_HOST} is used as well.
+ */
+ public static final String PARAM_PROXY_USERNAME = "connection.proxyUsername";
+
+ /**
+ * The password to authenticate at the proxy. Only effective if {@link #PARAM_PROXY_HOST} and {@link #PARAM_PROXY_USERNAME} are used as well.
+ */
+ public static final String PARAM_PROXY_PASSWORD = "connection.proxyPassword";
+
+ /**
+ * The connection timeout in milliseconds as Integer. -1 for default, 0 for infinite.
+ */
+ public static final String PARAM_CONNECTION_TIMEOUT_MS = "connection.connectionTimeoutMs";
+
+ /**
+ * The request timeout in milliseconds as Integer. -1 for default, 0 for infinite.
+ */
+ public static final String PARAM_REQUEST_TIMEOUT_MS = "connection.requestTimeoutMs";
+
+ /**
+ * The request timeout in milliseconds as Integer. -1 for default, 0 for infinite.
+ */
+ public static final String PARAM_SOCKET_TIMEOUT_MS = "connection.socketTimeoutMs";
+
+ /**
+ * Optional configuration parameter: Its value defines the
+ * maximumConnectionsPerHost value on the HttpClient configuration and
+ * must be an int greater than zero.
+ * @deprecated Use {@link #PARAM_MAX_CONNECTIONS} instead.
+ */
+ @Deprecated
+ private static final String PARAM_MAX_CONNECTIONS_LEGACY = "MaxConnections";
+
+ /**
+ * Optional configuration parameter: Its value defines the
+ * maximumConnectionsPerHost value on the HttpClient configuration and
+ * must be an int greater than zero.
+ */
+ public static final String PARAM_MAX_CONNECTIONS = "connection.maxConnections";
+
+
+ /**
+ * Default value for the maximum number of connections per host such as
+ * configured with {@link PoolingHttpClientConnectionManager#setDefaultMaxPerRoute(int)}.
+ */
+ public static final int MAX_CONNECTIONS_DEFAULT = 20;
+
+ /**
+ * The default connection options with regular TLS settings, without proxy and not leveraging system properties
+ */
+ public static final ConnectionOptions DEFAULT = new ConnectionOptions.Builder().build();
+
+ private ConnectionOptions(boolean isUseSystemPropertes, int maxConnections, boolean isAllowSelfSignedCertificates, boolean isDisableHostnameVerification, int connectionTimeoutMs, int requestTimeoutMs, int socketTimeoutMs, String proxyHost, int proxyPort, String proxyProtocol, String proxyUsername, String proxyPassword) {
+ super();
+ this.isUseSystemPropertes = isUseSystemPropertes;
+ this.maxConnections = maxConnections;
+ this.isAllowSelfSignedCertificates = isAllowSelfSignedCertificates;
+ this.isDisableHostnameVerification = isDisableHostnameVerification;
+ this.connectionTimeoutMs = connectionTimeoutMs;
+ this.requestTimeoutMs = requestTimeoutMs;
+ this.socketTimeoutMs = socketTimeoutMs;
+ this.proxyHost = proxyHost;
+ this.proxyPort = proxyPort;
+ this.proxyProtocol = proxyProtocol;
+ this.proxyUsername = proxyUsername;
+ this.proxyPassword = proxyPassword;
+ }
+
+ public boolean isUseSystemPropertes() {
+ return isUseSystemPropertes;
+ }
+
+ public boolean isAllowSelfSignedCertificates() {
+ return isAllowSelfSignedCertificates;
+ }
+
+ public boolean isDisableHostnameVerification() {
+ return isDisableHostnameVerification;
+ }
+
+ public int getMaxConnections() {
+ return maxConnections;
+ }
+
+ public int getConnectionTimeoutMs() {
+ return connectionTimeoutMs;
+ }
+
+ public int getRequestTimeoutMs() {
+ return requestTimeoutMs;
+ }
+
+ public int getSocketTimeoutMs() {
+ return socketTimeoutMs;
+ }
+
+ public String getProxyHost() {
+ return proxyHost;
+ }
+
+ public int getProxyPort() {
+ return proxyPort;
+ }
+
+ public String getProxyProtocol() {
+ return proxyProtocol;
+ }
+
+ public String getProxyUsername() {
+ return proxyUsername;
+ }
+
+ public String getProxyPassword() {
+ return proxyPassword;
+ }
+
+ @Override
+ public int hashCode() {
+ final int prime = 31;
+ int result = 1;
+ result = prime * result + connectionTimeoutMs;
+ result = prime * result + (isAllowSelfSignedCertificates ? 1231 : 1237);
+ result = prime * result + (isDisableHostnameVerification ? 1231 : 1237);
+ result = prime * result + (isUseSystemPropertes ? 1231 : 1237);
+ result = prime * result + maxConnections;
+ result = prime * result + ((proxyHost == null) ? 0 : proxyHost.hashCode());
+ result = prime * result + ((proxyPassword == null) ? 0 : proxyPassword.hashCode());
+ result = prime * result + proxyPort;
+ result = prime * result + ((proxyProtocol == null) ? 0 : proxyProtocol.hashCode());
+ result = prime * result + ((proxyUsername == null) ? 0 : proxyUsername.hashCode());
+ result = prime * result + requestTimeoutMs;
+ result = prime * result + socketTimeoutMs;
+ return result;
+ }
+
+ @Override
+ public boolean equals(Object obj) {
+ if (this == obj)
+ return true;
+ if (obj == null)
+ return false;
+ if (getClass() != obj.getClass())
+ return false;
+ ConnectionOptions other = (ConnectionOptions) obj;
+ if (connectionTimeoutMs != other.connectionTimeoutMs)
+ return false;
+ if (isAllowSelfSignedCertificates != other.isAllowSelfSignedCertificates)
+ return false;
+ if (isDisableHostnameVerification != other.isDisableHostnameVerification)
+ return false;
+ if (isUseSystemPropertes != other.isUseSystemPropertes)
+ return false;
+ if (maxConnections != other.maxConnections)
+ return false;
+ if (proxyHost == null) {
+ if (other.proxyHost != null)
+ return false;
+ } else if (!proxyHost.equals(other.proxyHost))
+ return false;
+ if (proxyPassword == null) {
+ if (other.proxyPassword != null)
+ return false;
+ } else if (!proxyPassword.equals(other.proxyPassword))
+ return false;
+ if (proxyPort != other.proxyPort)
+ return false;
+ if (proxyProtocol == null) {
+ if (other.proxyProtocol != null)
+ return false;
+ } else if (!proxyProtocol.equals(other.proxyProtocol))
+ return false;
+ if (proxyUsername == null) {
+ if (other.proxyUsername != null)
+ return false;
+ } else if (!proxyUsername.equals(other.proxyUsername))
+ return false;
+ if (requestTimeoutMs != other.requestTimeoutMs)
+ return false;
+ if (socketTimeoutMs != other.socketTimeoutMs)
+ return false;
+ return true;
+ }
+
+ @Override
+ public String toString() {
+ return "ConnectionOptions [isUseSystemPropertes=" + isUseSystemPropertes + ", maxConnections=" + maxConnections
+ + ", isAllowSelfSignedCertificates=" + isAllowSelfSignedCertificates + ", isDisableHostnameVerification="
+ + isDisableHostnameVerification + ", proxyHost=" + proxyHost + ", proxyPort=" + proxyPort + ", proxyProtocol="
+ + proxyProtocol + ", proxyUsername=" + proxyUsername + ", proxyPassword=" + proxyPassword + ", connectionTimeoutMs="
+ + connectionTimeoutMs + ", requestTimeoutMs=" + requestTimeoutMs + ", socketTimeoutMs=" + socketTimeoutMs + "]";
+ }
+
+ public Map<String, String> toServiceFactoryParameters(String parameterPrefix) {
+ Map<String, String> parameters = new HashMap<>();
+ if (isUseSystemPropertes) {
+ parameters.put(parameterPrefix + PARAM_USE_SYSTEM_PROPERTIES, Boolean.toString(isUseSystemPropertes));
+ }
+ if (maxConnections != MAX_CONNECTIONS_DEFAULT) {
+ parameters.put(parameterPrefix + PARAM_MAX_CONNECTIONS, Integer.toString(maxConnections));
+ }
+ if (isAllowSelfSignedCertificates) {
+ parameters.put(parameterPrefix + PARAM_ALLOW_SELF_SIGNED_CERTIFICATES, Boolean.toString(isAllowSelfSignedCertificates));
+ }
+ if (isDisableHostnameVerification) {
+ parameters.put(parameterPrefix + PARAM_DISABLE_HOSTNAME_VERIFICATION, Boolean.toString(isDisableHostnameVerification));
+ }
+ if (connectionTimeoutMs != -1) {
+ parameters.put(parameterPrefix + PARAM_CONNECTION_TIMEOUT_MS, Integer.toString(connectionTimeoutMs));
+ }
+ if (requestTimeoutMs != -1) {
+ parameters.put(parameterPrefix + PARAM_REQUEST_TIMEOUT_MS, Integer.toString(requestTimeoutMs));
+ }
+ if (socketTimeoutMs != -1) {
+ parameters.put(parameterPrefix + PARAM_SOCKET_TIMEOUT_MS, Integer.toString(socketTimeoutMs));
+ }
+ if (proxyHost != null) {
+ parameters.put(parameterPrefix + PARAM_PROXY_HOST, proxyHost);
+ }
+ if (proxyPort != -1) {
+ parameters.put(parameterPrefix + PARAM_PROXY_PORT, Integer.toString(proxyPort));
+ }
+ if (proxyProtocol != null) {
+ parameters.put(parameterPrefix + PARAM_PROXY_PROTOCOL, proxyProtocol);
+ }
+ if (proxyUsername != null) {
+ parameters.put(parameterPrefix + PARAM_PROXY_USERNAME, proxyUsername);
+ }
+ if (proxyPassword != null) {
+ parameters.put(parameterPrefix + PARAM_PROXY_PASSWORD, proxyPassword);
+ }
+ return parameters;
+ }
+
+ public static ConnectionOptions fromServiceFactoryParameters(String parameterPrefix, Map<?, ?> parameters) {
+ return new ConnectionOptions(
+ getBooleanValueFromParameter(parameterPrefix, parameters, false, PARAM_USE_SYSTEM_PROPERTIES),
+ getIntegerValueFromParameter(parameterPrefix, parameters, MAX_CONNECTIONS_DEFAULT, PARAM_MAX_CONNECTIONS, PARAM_MAX_CONNECTIONS_LEGACY),
+ getBooleanValueFromParameter(parameterPrefix, parameters, false, PARAM_ALLOW_SELF_SIGNED_CERTIFICATES),
+ getBooleanValueFromParameter(parameterPrefix, parameters, false, PARAM_DISABLE_HOSTNAME_VERIFICATION),
+ getIntegerValueFromParameter(parameterPrefix, parameters, -1, PARAM_CONNECTION_TIMEOUT_MS),
+ getIntegerValueFromParameter(parameterPrefix, parameters, -1, PARAM_REQUEST_TIMEOUT_MS),
+ getIntegerValueFromParameter(parameterPrefix, parameters, -1, PARAM_SOCKET_TIMEOUT_MS),
+ getStringValueFromParameter(parameterPrefix, parameters, null, PARAM_PROXY_HOST),
+ getIntegerValueFromParameter(parameterPrefix, parameters, -1, PARAM_PROXY_PORT),
+ getStringValueFromParameter(parameterPrefix, parameters, null, PARAM_PROXY_PROTOCOL),
+ getStringValueFromParameter(parameterPrefix, parameters, null, PARAM_PROXY_USERNAME),
+ getStringValueFromParameter(parameterPrefix, parameters, null, PARAM_PROXY_PASSWORD));
+ }
+
+ private static int getIntegerValueFromParameter(String parameterPrefix, Map<?, ?> parameters, int defaultValue, String... parameterKeys) {
+ for (String key : parameterKeys) {
+ Object value = parameters.get(parameterPrefix+key);
+ if (value != null) {
+ try {
+ return Integer.parseInt(value.toString());
+ } catch ( NumberFormatException e ) {
+ // using default
Review comment:
maybe log the exception?
(also whitespace)
##########
File path: jackrabbit-spi2dav/src/main/java/org/apache/jackrabbit/spi2dav/RepositoryServiceImpl.java
##########
@@ -226,7 +243,9 @@
/**
* Default value for the maximum number of connections per host such as
* configured with {@link PoolingHttpClientConnectionManager#setDefaultMaxPerRoute(int)}.
+ * @deprecated Use {@link ConnectionOptions#MAX_CONNECTIONS_DEFAULT} instead
*/
+ @Deprecated
Review comment:
I believe we can just remove this.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
users@infra.apache.org