diff options
author | Manuel Bentele | 2021-12-21 16:08:37 +0100 |
---|---|---|
committer | Manuel Bentele | 2021-12-21 16:08:37 +0100 |
commit | e729056959b8e234d979a523521f1805347d1d08 (patch) | |
tree | d057f49d5d0e1d283dcc8c11821965571db9b44d /dozentenmodul | |
parent | [SERVER] Update log4j because of the CVE-2021-45105 security flaw (diff) | |
download | tutor-module-e729056959b8e234d979a523521f1805347d1d08.tar.gz tutor-module-e729056959b8e234d979a523521f1805347d1d08.tar.xz tutor-module-e729056959b8e234d979a523521f1805347d1d08.zip |
[CLIENT] Update httpclient library from version 4.5.x to version 5.y
Diffstat (limited to 'dozentenmodul')
5 files changed, 99 insertions, 70 deletions
diff --git a/dozentenmodul/pom.xml b/dozentenmodul/pom.xml index a20e1f14..7085b199 100755 --- a/dozentenmodul/pom.xml +++ b/dozentenmodul/pom.xml @@ -168,9 +168,9 @@ <scope>compile</scope> </dependency> <dependency> - <groupId>org.apache.httpcomponents</groupId> - <artifactId>httpclient</artifactId> - <version>[4.5,4.6)</version> + <groupId>org.apache.httpcomponents.client5</groupId> + <artifactId>httpclient5</artifactId> + <version>[5.0,6.0)</version> <scope>compile</scope> </dependency> <dependency> diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java index 52092d4f..93105e91 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java @@ -9,8 +9,8 @@ import java.util.List; import java.util.Map.Entry; import org.apache.commons.codec.binary.Base64; -import org.apache.http.ParseException; -import org.apache.http.client.ClientProtocolException; +import org.apache.hc.client5.http.ClientProtocolException; +import org.apache.hc.core5.http.ParseException; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.openslx.bwlp.thrift.iface.Satellite; diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java index 2f40f782..6a226e1e 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java @@ -6,10 +6,10 @@ import java.net.URI; import java.net.URISyntaxException; import java.net.URL; -import org.apache.http.HttpResponse; -import org.apache.http.ParseException; -import org.apache.http.client.ClientProtocolException; -import org.apache.http.util.EntityUtils; +import org.apache.hc.client5.http.ClientProtocolException; +import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse; +import org.apache.hc.core5.http.ParseException; +import org.apache.hc.core5.http.io.entity.EntityUtils; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; import org.openslx.bwlp.thrift.iface.AuthorizationError; @@ -135,7 +135,7 @@ public class ShibbolethEcp { final ECPAuthenticator auth = new ECPAuthenticator(ProxyConfigurator.getClient(), user, pass, new URI(idpUrl), BWLP_SP); auth.setRetryWithoutAt(true); - HttpResponse spResponse; + CloseableHttpResponse spResponse; try { spResponse = auth.authenticate(); } catch (ECPAuthenticationException e) { @@ -143,10 +143,10 @@ public class ShibbolethEcp { throw new TAuthorizationException(AuthorizationError.GENERIC_ERROR, e.getMessage()); } - if (spResponse.getStatusLine().getStatusCode() != 200) { + if (spResponse.getCode() != 200) { LOGGER.error("SP does not return HTTP status code 200"); throw new TAuthorizationException(AuthorizationError.GENERIC_ERROR, "SP says: " - + spResponse.getStatusLine().toString()); + + spResponse.getReasonPhrase()); } LOGGER.debug("Login complete, getting body"); diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java index 8011eaec..a6dede1c 100644 --- a/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java +++ b/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java @@ -7,25 +7,27 @@ import java.net.Socket; import java.text.MessageFormat; import java.util.concurrent.atomic.AtomicReference; -import org.apache.http.HttpException; -import org.apache.http.HttpHost; -import org.apache.http.HttpRequest; -import org.apache.http.HttpResponse; -import org.apache.http.client.config.RequestConfig; -import org.apache.http.client.methods.HttpGet; -import org.apache.http.config.Registry; -import org.apache.http.config.RegistryBuilder; -import org.apache.http.config.SocketConfig; -import org.apache.http.conn.routing.HttpRoute; -import org.apache.http.conn.socket.ConnectionSocketFactory; -import org.apache.http.conn.socket.PlainConnectionSocketFactory; -import org.apache.http.conn.ssl.SSLConnectionSocketFactory; -import org.apache.http.impl.client.CloseableHttpClient; -import org.apache.http.impl.client.HttpClientBuilder; -import org.apache.http.impl.conn.PoolingHttpClientConnectionManager; -import org.apache.http.impl.conn.SystemDefaultRoutePlanner; -import org.apache.http.protocol.HttpContext; -import org.apache.http.ssl.SSLContexts; +import org.apache.hc.client5.http.HttpRoute; +import org.apache.hc.client5.http.classic.methods.HttpGet; +import org.apache.hc.client5.http.config.ConnectionConfig; +import org.apache.hc.client5.http.config.RequestConfig; +import org.apache.hc.client5.http.config.TlsConfig; +import org.apache.hc.client5.http.impl.classic.CloseableHttpClient; +import org.apache.hc.client5.http.impl.classic.HttpClientBuilder; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager; +import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder; +import org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner; +import org.apache.hc.client5.http.socket.ConnectionSocketFactory; +import org.apache.hc.client5.http.socket.PlainConnectionSocketFactory; +import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder; +import org.apache.hc.core5.http.HttpException; +import org.apache.hc.core5.http.HttpHost; +import org.apache.hc.core5.http.HttpResponse; +import org.apache.hc.core5.http.URIScheme; +import org.apache.hc.core5.http.config.RegistryBuilder; +import org.apache.hc.core5.http.protocol.HttpContext; +import org.apache.hc.core5.http.ssl.TLS; +import org.apache.hc.core5.util.Timeout; import org.apache.logging.log4j.Level; import org.apache.logging.log4j.LogManager; import org.apache.logging.log4j.Logger; @@ -55,6 +57,12 @@ public class ProxyConfigurator { private static AtomicReference<CloseableHttpClient> apacheClient = new AtomicReference<>(); + private static final TLS[] SUPPORTED_TLS_VERSIONS = { TLS.V_1_3, TLS.V_1_2, TLS.V_1_1 }; + + private static final Timeout TIMEOUT_CONNECT = Timeout.ofSeconds(8); + private static final Timeout TIMEOUT_SOCKET = Timeout.ofSeconds(8); + private static final Timeout TIMEOUT_REQUEST = Timeout.ofSeconds(3); + /** * Initialization method. */ @@ -148,46 +156,49 @@ public class ProxyConfigurator { return inst; } - private static SSLConnectionSocketFactory createSslFactory() { - // TODO: Geht nich - for (String proto : new String[] { "TLSv1.2", "TLSv1.1", "TLS" }) { - try { - return new SSLConnectionSocketFactory(SSLContexts.custom().setProtocol(proto).build()); - } catch (Exception e) { - LOGGER.warn(proto + " not available", e); - } - } - return SSLConnectionSocketFactory.getSystemSocketFactory(); - } - private static HttpClientBuilder createShortTimeoutBuilder() { - HttpClientBuilder builder = HttpClientBuilder.create().setSSLSocketFactory(createSslFactory()); - builder.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(8000).build()); - PoolingHttpClientConnectionManager pm = new PoolingHttpClientConnectionManager(); - pm.setDefaultMaxPerRoute(4); - builder.setConnectionManager(pm); - return builder; + return HttpClientBuilder.create() + .setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create() + .setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create() + .setTlsVersions(ProxyConfigurator.SUPPORTED_TLS_VERSIONS) + .build()) + .setDefaultTlsConfig(TlsConfig.custom() + .setSupportedProtocols(ProxyConfigurator.SUPPORTED_TLS_VERSIONS) + .build()) + .setDefaultConnectionConfig(ConnectionConfig.custom() + .setConnectTimeout(ProxyConfigurator.TIMEOUT_CONNECT) + .setSocketTimeout(ProxyConfigurator.TIMEOUT_SOCKET) + .build()) + .setMaxConnPerRoute(4) + .build()); } private static HttpClientBuilder createSlxBuilder() { - HttpClientBuilder builder = HttpClientBuilder.create(); - builder.setRoutePlanner(new SlxRoutePlanner(null)); - builder.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(8000).build()); - Registry<ConnectionSocketFactory> csf = RegistryBuilder.<ConnectionSocketFactory> create() - .register("http", new SlxSocketFactory()) - .register("https", createSslFactory()) - .build(); - PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(csf); - cm.setDefaultMaxPerRoute(4); - builder.setConnectionManager(cm); - return builder; + + final RegistryBuilder<ConnectionSocketFactory> registryBuilder = RegistryBuilder.<ConnectionSocketFactory>create() + .register(URIScheme.HTTP.id, SlxSocketFactory.getSocketFactory()) + .register(URIScheme.HTTPS.id, SSLConnectionSocketFactoryBuilder.create() + .setTlsVersions(ProxyConfigurator.SUPPORTED_TLS_VERSIONS) + .build()); + + final PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(registryBuilder.build()); + connectionManager.setDefaultTlsConfig(TlsConfig.custom() + .setSupportedProtocols(ProxyConfigurator.SUPPORTED_TLS_VERSIONS) + .build()); + connectionManager.setDefaultConnectionConfig(ConnectionConfig.custom() + .setConnectTimeout(ProxyConfigurator.TIMEOUT_CONNECT) + .setSocketTimeout(ProxyConfigurator.TIMEOUT_SOCKET) + .build()); + connectionManager.setDefaultMaxPerRoute(4); + + return HttpClientBuilder.create() + .setRoutePlanner(new SlxRoutePlanner(null)) + .setConnectionManager(connectionManager); } private static boolean testHttpsMaster() { - RequestConfig requestConfig = RequestConfig.custom() - .setConnectionRequestTimeout(3000) - .setConnectTimeout(3000) - .setSocketTimeout(3000) + final RequestConfig requestConfig = RequestConfig.custom() + .setConnectionRequestTimeout(ProxyConfigurator.TIMEOUT_REQUEST) .build(); HttpGet httpGet = new HttpGet(ShibbolethEcp.BWLP_SP.toString()); httpGet.setConfig(requestConfig); @@ -196,8 +207,8 @@ public class ProxyConfigurator { "ver=\"urn:liberty:paos:2003-08\";\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\""); try { HttpResponse response = getClient().execute(httpGet); - LOGGER.debug("Master server replies with " + response.getStatusLine().getStatusCode()); - return response.getStatusLine().getStatusCode() == 200; + LOGGER.debug("Master server replies with " + response.getCode()); + return response.getCode() == 200; } catch (Exception e) { LOGGER.debug("Cannot reach master server via HTTPS", e); return false; @@ -205,6 +216,13 @@ public class ProxyConfigurator { } private static class SlxSocketFactory extends PlainConnectionSocketFactory { + + public static final SlxSocketFactory INSTANCE = new SlxSocketFactory(); + + public static SlxSocketFactory getSocketFactory() { + return INSTANCE; + } + @Override public Socket createSocket(HttpContext context) throws IOException { Object obj = context.getAttribute("openslx.l7proxy"); @@ -224,11 +242,11 @@ public class ProxyConfigurator { } @Override - public HttpRoute determineRoute(HttpHost host, HttpRequest request, HttpContext context) + public HttpHost determineProxy(final HttpHost target, final HttpContext context) throws HttpException { - HttpRoute route = super.determineRoute(host, request, context); - context.setAttribute("openslx.l7proxy", route); - return route; + HttpHost host = super.determineProxy(target, context); + context.setAttribute("openslx.l7proxy", host); + return host; } } diff --git a/dozentenmodul/src/main/properties/log4j2.properties b/dozentenmodul/src/main/properties/log4j2.properties index 1b68a76d..eaa9a669 100644 --- a/dozentenmodul/src/main/properties/log4j2.properties +++ b/dozentenmodul/src/main/properties/log4j2.properties @@ -23,3 +23,14 @@ appender.console.layout.type=PatternLayout appender.console.layout.pattern=[%t] %-5p %F - %m%n appender.console.filter.threshold.type=ThresholdFilter appender.console.filter.threshold.level=info + +# +# configuration for specific package or class loggers +# +loggers=httpclientContext,httpclientContent + +logger.httpclientContext.name=org.apache.hc.client5.http +logger.httpclientContext.level=warn + +logger.httpclientContent.name=org.apache.hc.client5.http.wire +logger.httpclientContent.level=warn |