You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@santuario.apache.org by gi...@apache.org on 2012/07/31 17:03:34 UTC
svn commit: r1367599 - in
/santuario/xml-security-java/branches/1.5.x-fixes/src:
main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java
test/java/org/apache/xml/security/test/utils/resolver/ResolverDirectHTTPTest.java
Author: giger
Date: Tue Jul 31 15:03:33 2012
New Revision: 1367599
URL: http://svn.apache.org/viewvc?rev=1367599&view=rev
Log:
- Fix multiple possible race conditions
- Fix Proxy-Authentication header
Modified:
santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java (contents, props changed)
santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/utils/resolver/ResolverDirectHTTPTest.java (contents, props changed)
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java?rev=1367599&r1=1367598&r2=1367599&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java Tue Jul 31 15:03:33 2012
@@ -21,7 +21,9 @@ package org.apache.xml.security.utils.re
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
+import java.net.InetSocketAddress;
import java.net.MalformedURLException;
+import java.net.Proxy;
import java.net.URISyntaxException;
import java.net.URI;
import java.net.URL;
@@ -103,83 +105,32 @@ public class ResolverDirectHTTP extends
public XMLSignatureInput engineResolve(Attr uri, String baseURI)
throws ResourceResolverException {
try {
- boolean useProxy = false;
- String proxyHost =
- engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyHost]);
- String proxyPort =
- engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyPort]);
-
- if ((proxyHost != null) && (proxyPort != null)) {
- useProxy = true;
- }
-
- String oldProxySet = null;
- String oldProxyHost = null;
- String oldProxyPort = null;
- // switch on proxy usage
- if (useProxy) {
- if (log.isDebugEnabled()) {
- log.debug("Use of HTTP proxy enabled: " + proxyHost + ":" + proxyPort);
- }
- oldProxySet = System.getProperty("http.proxySet");
- oldProxyHost = System.getProperty("http.proxyHost");
- oldProxyPort = System.getProperty("http.proxyPort");
- System.setProperty("http.proxySet", "true");
- System.setProperty("http.proxyHost", proxyHost);
- System.setProperty("http.proxyPort", proxyPort);
- }
-
- boolean switchBackProxy =
- ((oldProxySet != null) && (oldProxyHost != null) && (oldProxyPort != null));
// calculate new URI
- URI uriNew = null;
- try {
- uriNew = getNewURI(uri.getNodeValue(), baseURI);
- } catch (URISyntaxException ex) {
- throw new ResourceResolverException("generic.EmptyMessage", ex, uri, baseURI);
- }
-
+ URI uriNew = getNewURI(uri.getNodeValue(), baseURI);
URL url = uriNew.toURL();
- URLConnection urlConnection = url.openConnection();
+ URLConnection urlConnection;
+ urlConnection = openConnection(url);
- {
- // set proxy pass
- String proxyUser =
- engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyUser]);
- String proxyPass =
- engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyPass]);
+ // check if Basic authentication is required
+ String auth = urlConnection.getHeaderField("WWW-Authenticate");
- if ((proxyUser != null) && (proxyPass != null)) {
- String password = proxyUser + ":" + proxyPass;
- String encodedPassword = Base64.encode(password.getBytes("ISO-8859-1"));
+ if (auth != null && auth.startsWith("Basic")) {
+ // do http basic authentication
+ String user =
+ engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpBasicUser]);
+ String pass =
+ engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpBasicPass]);
- // or was it Proxy-Authenticate ?
- urlConnection.setRequestProperty("Proxy-Authorization", encodedPassword);
- }
- }
+ if ((user != null) && (pass != null)) {
+ urlConnection = openConnection(url);
+
+ String password = user + ":" + pass;
+ String encodedPassword = Base64.encode(password.getBytes("ISO-8859-1"));
- {
- // check if Basic authentication is required
- String auth = urlConnection.getHeaderField("WWW-Authenticate");
-
- if (auth != null && auth.startsWith("Basic")) {
- // do http basic authentication
- String user =
- engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpBasicUser]);
- String pass =
- engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpBasicPass]);
-
- if ((user != null) && (pass != null)) {
- urlConnection = url.openConnection();
-
- String password = user + ":" + pass;
- String encodedPassword = Base64.encode(password.getBytes("ISO-8859-1"));
-
- // set authentication property in the http header
- urlConnection.setRequestProperty("Authorization",
- "Basic " + encodedPassword);
- }
+ // set authentication property in the http header
+ urlConnection.setRequestProperty("Authorization",
+ "Basic " + encodedPassword);
}
}
@@ -204,19 +155,50 @@ public class ResolverDirectHTTP extends
result.setSourceURI(uriNew.toString());
result.setMIMEType(mimeType);
- // switch off proxy usage
- if (useProxy && switchBackProxy) {
- System.setProperty("http.proxySet", oldProxySet);
- System.setProperty("http.proxyHost", oldProxyHost);
- System.setProperty("http.proxyPort", oldProxyPort);
- }
-
return result;
+ } catch (URISyntaxException ex) {
+ throw new ResourceResolverException("generic.EmptyMessage", ex, uri, baseURI);
} catch (MalformedURLException ex) {
throw new ResourceResolverException("generic.EmptyMessage", ex, uri, baseURI);
} catch (IOException ex) {
throw new ResourceResolverException("generic.EmptyMessage", ex, uri, baseURI);
+ } catch (IllegalArgumentException e) {
+ throw new ResourceResolverException("generic.EmptyMessage", e, uri, baseURI);
+ }
+ }
+
+ private URLConnection openConnection(URL url) throws IOException {
+
+ String proxyHostProp =
+ engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyHost]);
+ String proxyPortProp =
+ engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyPort]);
+ String proxyUser =
+ engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyUser]);
+ String proxyPass =
+ engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyPass]);
+
+ Proxy proxy = null;
+ if ((proxyHostProp != null) && (proxyPortProp != null)) {
+ int port = Integer.parseInt(proxyPortProp);
+ proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHostProp, port));
+ }
+
+ URLConnection urlConnection;
+ if (proxy != null) {
+ urlConnection = url.openConnection(proxy);
+
+ if ((proxyUser != null) && (proxyPass != null)) {
+ String password = proxyUser + ":" + proxyPass;
+ String authString = "Basic " + Base64.encode(password.getBytes("ISO-8859-1"));
+
+ urlConnection.setRequestProperty("Proxy-Authorization", authString);
+ }
+ } else {
+ urlConnection = url.openConnection();
}
+
+ return urlConnection;
}
/**
@@ -266,7 +248,7 @@ public class ResolverDirectHTTP extends
* @inheritDoc
*/
public String[] engineGetPropertyKeys() {
- return (String[]) ResolverDirectHTTP.properties.clone();
+ return ResolverDirectHTTP.properties.clone();
}
private static URI getNewURI(String uri, String baseURI) throws URISyntaxException {
Propchange: santuario/xml-security-java/branches/1.5.x-fixes/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Tue Jul 31 15:03:33 2012
@@ -0,0 +1,4 @@
+/santuario/branches/java_xmldsig11_ecdsa/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java:996119-1049476
+/santuario/xml-security-java/branches/java_xmldsig11_ecdsa/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java:1049477-1053382
+/santuario/xml-security-java/trunk/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java:1367582
+/xml/security/branches/java_xmldsig11_ecdsa/src/main/java/org/apache/xml/security/utils/resolver/implementations/ResolverDirectHTTP.java:965952-996118
Modified: santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/utils/resolver/ResolverDirectHTTPTest.java
URL: http://svn.apache.org/viewvc/santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/utils/resolver/ResolverDirectHTTPTest.java?rev=1367599&r1=1367598&r2=1367599&view=diff
==============================================================================
--- santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/utils/resolver/ResolverDirectHTTPTest.java (original)
+++ santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/utils/resolver/ResolverDirectHTTPTest.java Tue Jul 31 15:03:33 2012
@@ -18,30 +18,132 @@
*/
package org.apache.xml.security.test.utils.resolver;
-import javax.xml.parsers.DocumentBuilderFactory;
-
import org.apache.xml.security.Init;
+import org.apache.xml.security.signature.XMLSignatureInput;
import org.apache.xml.security.utils.resolver.ResourceResolver;
import org.apache.xml.security.utils.resolver.ResourceResolverException;
+import org.apache.xml.security.utils.resolver.implementations.ResolverDirectHTTP;
+import org.junit.Assert;
+import org.junit.Before;
+import org.junit.Ignore;
+import org.junit.Test;
import org.w3c.dom.Attr;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
+import javax.xml.parsers.DocumentBuilderFactory;
+
public class ResolverDirectHTTPTest extends org.junit.Assert {
-
- @org.junit.Test
- public void testBug40783() throws Exception{
+
+ //change these properties to match your environment
+ private static final String url = "http://www.apache.org";
+ private static final String proxyHost = "127.0.0.1";
+ private static final String proxyPort = "3128";
+ private static final String proxyUsername = "proxyUser";
+ private static final String proxyPassword = "proxyPass";
+ private static final String serverUsername = "serverUser";
+ private static final String serverPassword = "serverPass";
+
+ @Before
+ public void setUp() {
+ org.apache.xml.security.Init.init();
+ }
+
+ @Test
+ public void testBug40783() throws Exception {
Init.init();
- Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
Attr uri = doc.createAttribute("id");
uri.setNodeValue("urn:ddd:uuu");
- ((Element)doc.createElement("test")).setAttributeNode(uri);
+ ((Element) doc.createElement("test")).setAttributeNode(uri);
try {
- ResourceResolver resolver = ResourceResolver.getInstance(uri, null);
+ ResourceResolver resolver = ResourceResolver.getInstance(uri, null);
fail("No exception thrown, but resolver found: " + resolver);
} catch (ResourceResolverException e) {
//
}
}
+ @Test
+ @Ignore
+ public void testProxyAuth() throws Exception {
+ Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Attr uri = doc.createAttribute("URI");
+ uri.setNodeValue(url);
+
+ ResolverDirectHTTP resolverDirectHTTP = new ResolverDirectHTTP();
+ resolverDirectHTTP.engineSetProperty("http.proxy.host",proxyHost);
+ resolverDirectHTTP.engineSetProperty("http.proxy.port", proxyPort);
+ resolverDirectHTTP.engineSetProperty("http.proxy.username", proxyUsername);
+ resolverDirectHTTP.engineSetProperty("http.proxy.password", proxyPassword);
+ XMLSignatureInput xmlSignatureInput = resolverDirectHTTP.engineResolve(uri, url);
+ }
+
+ @Test
+ @Ignore
+ public void testProxyAuthWithWrongPassword() throws Exception {
+ Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Attr uri = doc.createAttribute("URI");
+ uri.setNodeValue(url);
+
+ ResolverDirectHTTP resolverDirectHTTP = new ResolverDirectHTTP();
+ resolverDirectHTTP.engineSetProperty("http.proxy.host",proxyHost);
+ resolverDirectHTTP.engineSetProperty("http.proxy.port", proxyPort);
+ resolverDirectHTTP.engineSetProperty("http.proxy.username", proxyUsername);
+ resolverDirectHTTP.engineSetProperty("http.proxy.password", "wrongPassword");
+ try {
+ XMLSignatureInput xmlSignatureInput = resolverDirectHTTP.engineResolve(uri, url);
+ Assert.fail("Expected ResourceResolverException");
+ } catch (ResourceResolverException e) {
+ Assert.assertEquals("Server returned HTTP response code: 407 for URL: " + url, e.getMessage());
+ }
+ }
+
+ @Test
+ @Ignore
+ public void testServerAuth() throws Exception {
+ Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Attr uri = doc.createAttribute("URI");
+ uri.setNodeValue(url);
+
+ ResolverDirectHTTP resolverDirectHTTP = new ResolverDirectHTTP();
+ resolverDirectHTTP.engineSetProperty("http.basic.username", serverUsername);
+ resolverDirectHTTP.engineSetProperty("http.basic.password", serverPassword);
+ XMLSignatureInput xmlSignatureInput = resolverDirectHTTP.engineResolve(uri, url);
+ }
+
+ @Test
+ @Ignore
+ public void testServerAuthWithWrongPassword() throws Exception {
+ Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Attr uri = doc.createAttribute("URI");
+ uri.setNodeValue(url);
+
+ ResolverDirectHTTP resolverDirectHTTP = new ResolverDirectHTTP();
+ resolverDirectHTTP.engineSetProperty("http.basic.username", serverUsername);
+ resolverDirectHTTP.engineSetProperty("http.basic.password", "wrongPassword");
+ try {
+ XMLSignatureInput xmlSignatureInput = resolverDirectHTTP.engineResolve(uri, url);
+ Assert.fail("Expected ResourceResolverException");
+ } catch (ResourceResolverException e) {
+ Assert.assertEquals("Server returned HTTP response code: 401 for URL: " + url, e.getMessage());
+ }
+ }
+
+ @Test
+ @Ignore
+ public void testProxyAndServerAuth() throws Exception {
+ Document doc = DocumentBuilderFactory.newInstance().newDocumentBuilder().newDocument();
+ Attr uri = doc.createAttribute("URI");
+ uri.setNodeValue(url);
+
+ ResolverDirectHTTP resolverDirectHTTP = new ResolverDirectHTTP();
+ resolverDirectHTTP.engineSetProperty("http.proxy.host",proxyHost);
+ resolverDirectHTTP.engineSetProperty("http.proxy.port", proxyPort);
+ resolverDirectHTTP.engineSetProperty("http.proxy.username", proxyUsername);
+ resolverDirectHTTP.engineSetProperty("http.proxy.password", proxyPassword);
+ resolverDirectHTTP.engineSetProperty("http.basic.username", serverUsername);
+ resolverDirectHTTP.engineSetProperty("http.basic.password", serverPassword);
+ XMLSignatureInput xmlSignatureInput = resolverDirectHTTP.engineResolve(uri, url);
+ }
}
Propchange: santuario/xml-security-java/branches/1.5.x-fixes/src/test/java/org/apache/xml/security/test/utils/resolver/ResolverDirectHTTPTest.java
------------------------------------------------------------------------------
--- svn:mergeinfo (added)
+++ svn:mergeinfo Tue Jul 31 15:03:33 2012
@@ -0,0 +1,4 @@
+/santuario/branches/java_xmldsig11_ecdsa/src/test/java/org/apache/xml/security/test/utils/resolver/ResolverDirectHTTPTest.java:996119-1049476
+/santuario/xml-security-java/branches/java_xmldsig11_ecdsa/src/test/java/org/apache/xml/security/test/utils/resolver/ResolverDirectHTTPTest.java:1049477-1053382
+/santuario/xml-security-java/trunk/src/test/java/org/apache/xml/security/test/dom/utils/resolver/ResolverDirectHTTPTest.java:1367582
+/xml/security/branches/java_xmldsig11_ecdsa/src/test/java/org/apache/xml/security/test/utils/resolver/ResolverDirectHTTPTest.java:965952-996118