summaryrefslogtreecommitdiffstats
path: root/dozentenmodul
diff options
context:
space:
mode:
authorManuel Bentele2021-12-21 16:08:37 +0100
committerManuel Bentele2021-12-21 16:08:37 +0100
commite729056959b8e234d979a523521f1805347d1d08 (patch)
treed057f49d5d0e1d283dcc8c11821965571db9b44d /dozentenmodul
parent[SERVER] Update log4j because of the CVE-2021-45105 security flaw (diff)
downloadtutor-module-e729056959b8e234d979a523521f1805347d1d08.tar.gz
tutor-module-e729056959b8e234d979a523521f1805347d1d08.tar.xz
tutor-module-e729056959b8e234d979a523521f1805347d1d08.zip
[CLIENT] Update httpclient library from version 4.5.x to version 5.y
Diffstat (limited to 'dozentenmodul')
-rwxr-xr-xdozentenmodul/pom.xml6
-rw-r--r--dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java4
-rw-r--r--dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java14
-rw-r--r--dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java134
-rw-r--r--dozentenmodul/src/main/properties/log4j2.properties11
5 files changed, 99 insertions, 70 deletions
diff --git a/dozentenmodul/pom.xml b/dozentenmodul/pom.xml
index a20e1f14..7085b199 100755
--- a/dozentenmodul/pom.xml
+++ b/dozentenmodul/pom.xml
@@ -168,9 +168,9 @@
<scope>compile</scope>
</dependency>
<dependency>
- <groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpclient</artifactId>
- <version>[4.5,4.6)</version>
+ <groupId>org.apache.httpcomponents.client5</groupId>
+ <artifactId>httpclient5</artifactId>
+ <version>[5.0,6.0)</version>
<scope>compile</scope>
</dependency>
<dependency>
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java
index 52092d4f..93105e91 100644
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/EcpAuthenticator.java
@@ -9,8 +9,8 @@ import java.util.List;
import java.util.Map.Entry;
import org.apache.commons.codec.binary.Base64;
-import org.apache.http.ParseException;
-import org.apache.http.client.ClientProtocolException;
+import org.apache.hc.client5.http.ClientProtocolException;
+import org.apache.hc.core5.http.ParseException;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.openslx.bwlp.thrift.iface.Satellite;
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java
index 2f40f782..6a226e1e 100644
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/authentication/ShibbolethEcp.java
@@ -6,10 +6,10 @@ import java.net.URI;
import java.net.URISyntaxException;
import java.net.URL;
-import org.apache.http.HttpResponse;
-import org.apache.http.ParseException;
-import org.apache.http.client.ClientProtocolException;
-import org.apache.http.util.EntityUtils;
+import org.apache.hc.client5.http.ClientProtocolException;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpResponse;
+import org.apache.hc.core5.http.ParseException;
+import org.apache.hc.core5.http.io.entity.EntityUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.openslx.bwlp.thrift.iface.AuthorizationError;
@@ -135,7 +135,7 @@ public class ShibbolethEcp {
final ECPAuthenticator auth = new ECPAuthenticator(ProxyConfigurator.getClient(), user, pass, new URI(idpUrl), BWLP_SP);
auth.setRetryWithoutAt(true);
- HttpResponse spResponse;
+ CloseableHttpResponse spResponse;
try {
spResponse = auth.authenticate();
} catch (ECPAuthenticationException e) {
@@ -143,10 +143,10 @@ public class ShibbolethEcp {
throw new TAuthorizationException(AuthorizationError.GENERIC_ERROR, e.getMessage());
}
- if (spResponse.getStatusLine().getStatusCode() != 200) {
+ if (spResponse.getCode() != 200) {
LOGGER.error("SP does not return HTTP status code 200");
throw new TAuthorizationException(AuthorizationError.GENERIC_ERROR, "SP says: "
- + spResponse.getStatusLine().toString());
+ + spResponse.getReasonPhrase());
}
LOGGER.debug("Login complete, getting body");
diff --git a/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java b/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java
index 8011eaec..a6dede1c 100644
--- a/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java
+++ b/dozentenmodul/src/main/java/org/openslx/dozmod/util/ProxyConfigurator.java
@@ -7,25 +7,27 @@ import java.net.Socket;
import java.text.MessageFormat;
import java.util.concurrent.atomic.AtomicReference;
-import org.apache.http.HttpException;
-import org.apache.http.HttpHost;
-import org.apache.http.HttpRequest;
-import org.apache.http.HttpResponse;
-import org.apache.http.client.config.RequestConfig;
-import org.apache.http.client.methods.HttpGet;
-import org.apache.http.config.Registry;
-import org.apache.http.config.RegistryBuilder;
-import org.apache.http.config.SocketConfig;
-import org.apache.http.conn.routing.HttpRoute;
-import org.apache.http.conn.socket.ConnectionSocketFactory;
-import org.apache.http.conn.socket.PlainConnectionSocketFactory;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
-import org.apache.http.impl.client.CloseableHttpClient;
-import org.apache.http.impl.client.HttpClientBuilder;
-import org.apache.http.impl.conn.PoolingHttpClientConnectionManager;
-import org.apache.http.impl.conn.SystemDefaultRoutePlanner;
-import org.apache.http.protocol.HttpContext;
-import org.apache.http.ssl.SSLContexts;
+import org.apache.hc.client5.http.HttpRoute;
+import org.apache.hc.client5.http.classic.methods.HttpGet;
+import org.apache.hc.client5.http.config.ConnectionConfig;
+import org.apache.hc.client5.http.config.RequestConfig;
+import org.apache.hc.client5.http.config.TlsConfig;
+import org.apache.hc.client5.http.impl.classic.CloseableHttpClient;
+import org.apache.hc.client5.http.impl.classic.HttpClientBuilder;
+import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManager;
+import org.apache.hc.client5.http.impl.io.PoolingHttpClientConnectionManagerBuilder;
+import org.apache.hc.client5.http.impl.routing.SystemDefaultRoutePlanner;
+import org.apache.hc.client5.http.socket.ConnectionSocketFactory;
+import org.apache.hc.client5.http.socket.PlainConnectionSocketFactory;
+import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactoryBuilder;
+import org.apache.hc.core5.http.HttpException;
+import org.apache.hc.core5.http.HttpHost;
+import org.apache.hc.core5.http.HttpResponse;
+import org.apache.hc.core5.http.URIScheme;
+import org.apache.hc.core5.http.config.RegistryBuilder;
+import org.apache.hc.core5.http.protocol.HttpContext;
+import org.apache.hc.core5.http.ssl.TLS;
+import org.apache.hc.core5.util.Timeout;
import org.apache.logging.log4j.Level;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
@@ -55,6 +57,12 @@ public class ProxyConfigurator {
private static AtomicReference<CloseableHttpClient> apacheClient = new AtomicReference<>();
+ private static final TLS[] SUPPORTED_TLS_VERSIONS = { TLS.V_1_3, TLS.V_1_2, TLS.V_1_1 };
+
+ private static final Timeout TIMEOUT_CONNECT = Timeout.ofSeconds(8);
+ private static final Timeout TIMEOUT_SOCKET = Timeout.ofSeconds(8);
+ private static final Timeout TIMEOUT_REQUEST = Timeout.ofSeconds(3);
+
/**
* Initialization method.
*/
@@ -148,46 +156,49 @@ public class ProxyConfigurator {
return inst;
}
- private static SSLConnectionSocketFactory createSslFactory() {
- // TODO: Geht nich
- for (String proto : new String[] { "TLSv1.2", "TLSv1.1", "TLS" }) {
- try {
- return new SSLConnectionSocketFactory(SSLContexts.custom().setProtocol(proto).build());
- } catch (Exception e) {
- LOGGER.warn(proto + " not available", e);
- }
- }
- return SSLConnectionSocketFactory.getSystemSocketFactory();
- }
-
private static HttpClientBuilder createShortTimeoutBuilder() {
- HttpClientBuilder builder = HttpClientBuilder.create().setSSLSocketFactory(createSslFactory());
- builder.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(8000).build());
- PoolingHttpClientConnectionManager pm = new PoolingHttpClientConnectionManager();
- pm.setDefaultMaxPerRoute(4);
- builder.setConnectionManager(pm);
- return builder;
+ return HttpClientBuilder.create()
+ .setConnectionManager(PoolingHttpClientConnectionManagerBuilder.create()
+ .setSSLSocketFactory(SSLConnectionSocketFactoryBuilder.create()
+ .setTlsVersions(ProxyConfigurator.SUPPORTED_TLS_VERSIONS)
+ .build())
+ .setDefaultTlsConfig(TlsConfig.custom()
+ .setSupportedProtocols(ProxyConfigurator.SUPPORTED_TLS_VERSIONS)
+ .build())
+ .setDefaultConnectionConfig(ConnectionConfig.custom()
+ .setConnectTimeout(ProxyConfigurator.TIMEOUT_CONNECT)
+ .setSocketTimeout(ProxyConfigurator.TIMEOUT_SOCKET)
+ .build())
+ .setMaxConnPerRoute(4)
+ .build());
}
private static HttpClientBuilder createSlxBuilder() {
- HttpClientBuilder builder = HttpClientBuilder.create();
- builder.setRoutePlanner(new SlxRoutePlanner(null));
- builder.setDefaultSocketConfig(SocketConfig.custom().setSoTimeout(8000).build());
- Registry<ConnectionSocketFactory> csf = RegistryBuilder.<ConnectionSocketFactory> create()
- .register("http", new SlxSocketFactory())
- .register("https", createSslFactory())
- .build();
- PoolingHttpClientConnectionManager cm = new PoolingHttpClientConnectionManager(csf);
- cm.setDefaultMaxPerRoute(4);
- builder.setConnectionManager(cm);
- return builder;
+
+ final RegistryBuilder<ConnectionSocketFactory> registryBuilder = RegistryBuilder.<ConnectionSocketFactory>create()
+ .register(URIScheme.HTTP.id, SlxSocketFactory.getSocketFactory())
+ .register(URIScheme.HTTPS.id, SSLConnectionSocketFactoryBuilder.create()
+ .setTlsVersions(ProxyConfigurator.SUPPORTED_TLS_VERSIONS)
+ .build());
+
+ final PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(registryBuilder.build());
+ connectionManager.setDefaultTlsConfig(TlsConfig.custom()
+ .setSupportedProtocols(ProxyConfigurator.SUPPORTED_TLS_VERSIONS)
+ .build());
+ connectionManager.setDefaultConnectionConfig(ConnectionConfig.custom()
+ .setConnectTimeout(ProxyConfigurator.TIMEOUT_CONNECT)
+ .setSocketTimeout(ProxyConfigurator.TIMEOUT_SOCKET)
+ .build());
+ connectionManager.setDefaultMaxPerRoute(4);
+
+ return HttpClientBuilder.create()
+ .setRoutePlanner(new SlxRoutePlanner(null))
+ .setConnectionManager(connectionManager);
}
private static boolean testHttpsMaster() {
- RequestConfig requestConfig = RequestConfig.custom()
- .setConnectionRequestTimeout(3000)
- .setConnectTimeout(3000)
- .setSocketTimeout(3000)
+ final RequestConfig requestConfig = RequestConfig.custom()
+ .setConnectionRequestTimeout(ProxyConfigurator.TIMEOUT_REQUEST)
.build();
HttpGet httpGet = new HttpGet(ShibbolethEcp.BWLP_SP.toString());
httpGet.setConfig(requestConfig);
@@ -196,8 +207,8 @@ public class ProxyConfigurator {
"ver=\"urn:liberty:paos:2003-08\";\"urn:oasis:names:tc:SAML:2.0:profiles:SSO:ecp\"");
try {
HttpResponse response = getClient().execute(httpGet);
- LOGGER.debug("Master server replies with " + response.getStatusLine().getStatusCode());
- return response.getStatusLine().getStatusCode() == 200;
+ LOGGER.debug("Master server replies with " + response.getCode());
+ return response.getCode() == 200;
} catch (Exception e) {
LOGGER.debug("Cannot reach master server via HTTPS", e);
return false;
@@ -205,6 +216,13 @@ public class ProxyConfigurator {
}
private static class SlxSocketFactory extends PlainConnectionSocketFactory {
+
+ public static final SlxSocketFactory INSTANCE = new SlxSocketFactory();
+
+ public static SlxSocketFactory getSocketFactory() {
+ return INSTANCE;
+ }
+
@Override
public Socket createSocket(HttpContext context) throws IOException {
Object obj = context.getAttribute("openslx.l7proxy");
@@ -224,11 +242,11 @@ public class ProxyConfigurator {
}
@Override
- public HttpRoute determineRoute(HttpHost host, HttpRequest request, HttpContext context)
+ public HttpHost determineProxy(final HttpHost target, final HttpContext context)
throws HttpException {
- HttpRoute route = super.determineRoute(host, request, context);
- context.setAttribute("openslx.l7proxy", route);
- return route;
+ HttpHost host = super.determineProxy(target, context);
+ context.setAttribute("openslx.l7proxy", host);
+ return host;
}
}
diff --git a/dozentenmodul/src/main/properties/log4j2.properties b/dozentenmodul/src/main/properties/log4j2.properties
index 1b68a76d..eaa9a669 100644
--- a/dozentenmodul/src/main/properties/log4j2.properties
+++ b/dozentenmodul/src/main/properties/log4j2.properties
@@ -23,3 +23,14 @@ appender.console.layout.type=PatternLayout
appender.console.layout.pattern=[%t] %-5p %F - %m%n
appender.console.filter.threshold.type=ThresholdFilter
appender.console.filter.threshold.level=info
+
+#
+# configuration for specific package or class loggers
+#
+loggers=httpclientContext,httpclientContent
+
+logger.httpclientContext.name=org.apache.hc.client5.http
+logger.httpclientContext.level=warn
+
+logger.httpclientContent.name=org.apache.hc.client5.http.wire
+logger.httpclientContent.level=warn