/*
* reserved comment block
* DO NOT REMOVE OR ALTER!
*/
/**
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*/
package com.sun.org.apache.xml.internal.security.utils.resolver.implementations;
import java.io.ByteArrayOutputStream;
import java.io.IOException;
import java.io.InputStream;
import java.net.InetSocketAddress;
import java.net.MalformedURLException;
import java.net.Proxy;
import java.net.URISyntaxException;
import java.net.URI;
import java.net.URL;
import java.net.URLConnection;
import java.nio.charset.StandardCharsets;
import com.sun.org.apache.xml.internal.security.signature.XMLSignatureInput;
import com.sun.org.apache.xml.internal.security.utils.XMLUtils;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverContext;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverException;
import com.sun.org.apache.xml.internal.security.utils.resolver.ResourceResolverSpi;
/**
* A simple ResourceResolver for HTTP requests. This class handles only 'pure'
* HTTP URIs which means without a fragment. The Fragment handling is done by the
* {@link ResolverFragment} class.
*
* If the user has a corporate HTTP proxy which is to be used, the usage can be
* switched on by setting properties for the resolver:
*
* resourceResolver.setProperty("http.proxy.host", "proxy.company.com"); * resourceResolver.setProperty("http.proxy.port", "8080"); * * // if we need a password for the proxy * resourceResolver.setProperty("http.proxy.username", "proxyuser3"); * resourceResolver.setProperty("http.proxy.password", "secretca"); ** * @see Java Tip 42: Write Java apps that work with proxy-based firewalls * @see JDK docs for network properties * @see The JAVA FAQ Question 9.5: How do I make Java work with a proxy server? */ public class ResolverDirectHTTP extends ResourceResolverSpi { private static final com.sun.org.slf4j.internal.Logger LOG = com.sun.org.slf4j.internal.LoggerFactory.getLogger(ResolverDirectHTTP.class); /** Field properties[] */ private static final String properties[] = { "http.proxy.host", "http.proxy.port", "http.proxy.username", "http.proxy.password", "http.basic.username", "http.basic.password" }; /** Field HttpProxyHost */ private static final int HttpProxyHost = 0; /** Field HttpProxyPort */ private static final int HttpProxyPort = 1; /** Field HttpProxyUser */ private static final int HttpProxyUser = 2; /** Field HttpProxyPass */ private static final int HttpProxyPass = 3; /** Field HttpProxyUser */ private static final int HttpBasicUser = 4; /** Field HttpProxyPass */ private static final int HttpBasicPass = 5; @Override public boolean engineIsThreadSafe() { return true; } /** * {@inheritDoc} */ @Override public XMLSignatureInput engineResolveURI(ResourceResolverContext context) throws ResourceResolverException { try { // calculate new URI URI uriNew = getNewURI(context.uriToResolve, context.baseUri); URL url = uriNew.toURL(); URLConnection urlConnection = openConnection(url); // check if Basic authentication is required String auth = urlConnection.getHeaderField("WWW-Authenticate"); if (auth != null && auth.startsWith("Basic")) { // do http basic authentication String user = engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpBasicUser]); String pass = engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpBasicPass]); if (user != null && pass != null) { urlConnection = openConnection(url); String password = user + ":" + pass; String encodedPassword = XMLUtils.encodeToString(password.getBytes(StandardCharsets.ISO_8859_1)); // set authentication property in the http header urlConnection.setRequestProperty("Authorization", "Basic " + encodedPassword); } } String mimeType = urlConnection.getHeaderField("Content-Type"); try (ByteArrayOutputStream baos = new ByteArrayOutputStream(); InputStream inputStream = urlConnection.getInputStream()) { byte[] buf = new byte[4096]; int read = 0; int summarized = 0; while ((read = inputStream.read(buf)) >= 0) { baos.write(buf, 0, read); summarized += read; } LOG.debug("Fetched {} bytes from URI {}", summarized, uriNew.toString()); XMLSignatureInput result = new XMLSignatureInput(baos.toByteArray()); result.setSecureValidation(context.secureValidation); result.setSourceURI(uriNew.toString()); result.setMIMEType(mimeType); return result; } } catch (URISyntaxException ex) { throw new ResourceResolverException(ex, context.uriToResolve, context.baseUri, "generic.EmptyMessage"); } catch (MalformedURLException ex) { throw new ResourceResolverException(ex, context.uriToResolve, context.baseUri, "generic.EmptyMessage"); } catch (IOException ex) { throw new ResourceResolverException(ex, context.uriToResolve, context.baseUri, "generic.EmptyMessage"); } catch (IllegalArgumentException e) { throw new ResourceResolverException(e, context.uriToResolve, context.baseUri, "generic.EmptyMessage"); } } private URLConnection openConnection(URL url) throws IOException { String proxyHostProp = engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyHost]); String proxyPortProp = engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyPort]); String proxyUser = engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyUser]); String proxyPass = engineGetProperty(ResolverDirectHTTP.properties[ResolverDirectHTTP.HttpProxyPass]); Proxy proxy = null; if (proxyHostProp != null && proxyPortProp != null) { int port = Integer.parseInt(proxyPortProp); proxy = new Proxy(Proxy.Type.HTTP, new InetSocketAddress(proxyHostProp, port)); } URLConnection urlConnection; if (proxy != null) { urlConnection = url.openConnection(proxy); if (proxyUser != null && proxyPass != null) { String password = proxyUser + ":" + proxyPass; String authString = "Basic " + XMLUtils.encodeToString(password.getBytes(StandardCharsets.ISO_8859_1)); urlConnection.setRequestProperty("Proxy-Authorization", authString); } } else { urlConnection = url.openConnection(); } return urlConnection; } /** * We resolve http URIs without fragment... * * @param context * @return true if can be resolved */ public boolean engineCanResolveURI(ResourceResolverContext context) { if (context.uriToResolve == null) { LOG.debug("quick fail, uri == null"); return false; } if (context.uriToResolve.equals("") || context.uriToResolve.charAt(0) == '#') { LOG.debug("quick fail for empty URIs and local ones"); return false; } LOG.debug("I was asked whether I can resolve {}", context.uriToResolve); if (context.uriToResolve.startsWith("http:") || context.baseUri != null && context.baseUri.startsWith("http:")) { LOG.debug("I state that I can resolve {}", context.uriToResolve); return true; } LOG.debug("I state that I can't resolve {}", context.uriToResolve); return false; } /** * {@inheritDoc} */ public String[] engineGetPropertyKeys() { return ResolverDirectHTTP.properties.clone(); } private static URI getNewURI(String uri, String baseURI) throws URISyntaxException { URI newUri = null; if (baseURI == null || "".equals(baseURI)) { newUri = new URI(uri); } else { newUri = new URI(baseURI).resolve(uri); } // if the URI contains a fragment, ignore it if (newUri.getFragment() != null) { URI uriNewNoFrag = new URI(newUri.getScheme(), newUri.getSchemeSpecificPart(), null); return uriNewNoFrag; } return newUri; } }