From ba4b3b98c255fd0026085cbc33d2f2bc16245434 Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 31 Aug 2024 20:53:18 +0300 Subject: [PATCH 1/2] SPARK-2336 Remove PLUGIN_REPOSITORY_USE_PROXY config and always use a proxy if configured in a system --- core/src/main/java/org/jivesoftware/resource/Default.java | 1 - .../jivesoftware/sparkimpl/plugin/viewer/PluginViewer.java | 6 ------ core/src/main/resources/default.properties | 5 ----- 3 files changed, 12 deletions(-) diff --git a/core/src/main/java/org/jivesoftware/resource/Default.java b/core/src/main/java/org/jivesoftware/resource/Default.java index ed487de4a..384995330 100644 --- a/core/src/main/java/org/jivesoftware/resource/Default.java +++ b/core/src/main/java/org/jivesoftware/resource/Default.java @@ -144,7 +144,6 @@ public class Default { public static final String PLUGIN_BLACKLIST = "PLUGIN_BLACKLIST"; public static final String PLUGIN_BLACKLIST_CLASS = "PLUGIN_BLACKLIST_CLASS"; public static final String PLUGIN_REPOSITORY = "PLUGIN_REPOSITORY"; - public static final String PLUGIN_REPOSITORY_USE_PROXY = "PLUGIN_REPOSITORY_USE_PROXY"; public static final String PROXY_PROTOCOL = "PROXY_PROTOCOL"; public static final String IDLE_LOCK = "IDLE_LOCK"; public static final String IDLE_TIME = "IDLE_TIME"; diff --git a/core/src/main/java/org/jivesoftware/sparkimpl/plugin/viewer/PluginViewer.java b/core/src/main/java/org/jivesoftware/sparkimpl/plugin/viewer/PluginViewer.java index 26bb125ae..79071fbab 100644 --- a/core/src/main/java/org/jivesoftware/sparkimpl/plugin/viewer/PluginViewer.java +++ b/core/src/main/java/org/jivesoftware/sparkimpl/plugin/viewer/PluginViewer.java @@ -306,8 +306,6 @@ public Object construct() final HttpGet request = new HttpGet(retrieveListURL); HttpHost proxy = null; - if ( Default.getBoolean( Default.PLUGIN_REPOSITORY_USE_PROXY ) ) - { String proxyHost = System.getProperty( "http.proxyHost" ); String proxyPort = System.getProperty( "http.proxyPort" ); if ( ModelUtil.hasLength( proxyHost ) && ModelUtil.hasLength(proxyPort) ) { @@ -317,7 +315,6 @@ public Object construct() Log.error( e ); } } - } try (final CloseableHttpClient httpClient = HttpClients.custom() @@ -383,8 +380,6 @@ private void downloadPlugin( final PublicPlugin plugin ) final HttpGet request = new HttpGet(plugin.getDownloadURL()); HttpHost proxy = null; - if ( Default.getBoolean( Default.PLUGIN_REPOSITORY_USE_PROXY ) ) - { String proxyHost = System.getProperty( "http.proxyHost" ); String proxyPort = System.getProperty( "http.proxyPort" ); if ( ModelUtil.hasLength( proxyHost ) && ModelUtil.hasLength(proxyPort) ) { @@ -394,7 +389,6 @@ private void downloadPlugin( final PublicPlugin plugin ) Log.error( e ); } } - } try (final CloseableHttpClient httpClient = HttpClients.custom() diff --git a/core/src/main/resources/default.properties b/core/src/main/resources/default.properties index 23eae9b3a..84c51b4db 100644 --- a/core/src/main/resources/default.properties +++ b/core/src/main/resources/default.properties @@ -273,11 +273,6 @@ APPLICATION_LINK_TXT = www.igniterealtime.org # for a sample structure see trunk/documentation/sample_plugin_repository.xml # default: http://www.igniterealtime.org/updater/plugins.jsp PLUGIN_REPOSITORY = http://www.igniterealtime.org/updater/plugins.jsp -# Use Sparks global Proxy to connect to the repository? -# if your repository lies within your network, this probably needs to be disabled -# default: true -PLUGIN_REPOSITORY_USE_PROXY = true -#http://www.igniterealtime.org/updater/plugins.jsp # Disable Installing of Plugins # set true if you want to disable installing of Plugins INSTALL_PLUGINS_DISABLED = From 313110dacac3626a769ac4b9ca0d2dc54d7382e6 Mon Sep 17 00:00:00 2001 From: Sergey Ponomarev Date: Sat, 31 Aug 2024 20:56:41 +0300 Subject: [PATCH 2/2] SPARK-2336 Use system HTTP client that will initialize proxy itself --- .../sparkimpl/plugin/viewer/PluginViewer.java | 27 +------ .../AcceptAllCertsConnectionManager.java | 73 ------------------- .../sparkimpl/updater/CheckUpdates.java | 38 +--------- .../plugin/fileupload/ChatRoomDecorator.java | 8 +- 4 files changed, 5 insertions(+), 141 deletions(-) delete mode 100644 core/src/main/java/org/jivesoftware/sparkimpl/updater/AcceptAllCertsConnectionManager.java diff --git a/core/src/main/java/org/jivesoftware/sparkimpl/plugin/viewer/PluginViewer.java b/core/src/main/java/org/jivesoftware/sparkimpl/plugin/viewer/PluginViewer.java index 79071fbab..f6fcde1cb 100644 --- a/core/src/main/java/org/jivesoftware/sparkimpl/plugin/viewer/PluginViewer.java +++ b/core/src/main/java/org/jivesoftware/sparkimpl/plugin/viewer/PluginViewer.java @@ -45,7 +45,6 @@ import org.jivesoftware.sparkimpl.settings.JiveInfo; import org.jivesoftware.sparkimpl.settings.local.LocalPreferences; import org.jivesoftware.sparkimpl.settings.local.SettingsManager; -import org.jivesoftware.sparkimpl.updater.AcceptAllCertsConnectionManager; import org.xml.sax.SAXException; import javax.swing.*; @@ -304,24 +303,7 @@ private void loadAvailablePlugins() public Object construct() { final HttpGet request = new HttpGet(retrieveListURL); - - HttpHost proxy = null; - String proxyHost = System.getProperty( "http.proxyHost" ); - String proxyPort = System.getProperty( "http.proxyPort" ); - if ( ModelUtil.hasLength( proxyHost ) && ModelUtil.hasLength(proxyPort) ) { - try{ - proxy = new HttpHost(proxyHost, Integer.parseInt(proxyPort)); - } catch ( NumberFormatException e ) { - Log.error( e ); - } - } - - try (final CloseableHttpClient httpClient = - HttpClients.custom() - .setConnectionManager(AcceptAllCertsConnectionManager.getInstance()) - .setProxy(proxy) - .build(); - ) { + try (final CloseableHttpClient httpClient = HttpClients.createSystem()) { return httpClient.execute(request, response -> { if (response.getCode() != 200) { return null; @@ -390,12 +372,7 @@ private void downloadPlugin( final PublicPlugin plugin ) } } - try (final CloseableHttpClient httpClient = - HttpClients.custom() - .setConnectionManager(AcceptAllCertsConnectionManager.getInstance()) - .setProxy(proxy) - .build(); - ) { + try (final CloseableHttpClient httpClient = HttpClients.createSystem()) { httpClient.execute(request, response -> { if (response.getCode() != 200) { return null; diff --git a/core/src/main/java/org/jivesoftware/sparkimpl/updater/AcceptAllCertsConnectionManager.java b/core/src/main/java/org/jivesoftware/sparkimpl/updater/AcceptAllCertsConnectionManager.java deleted file mode 100644 index 75c2ada77..000000000 --- a/core/src/main/java/org/jivesoftware/sparkimpl/updater/AcceptAllCertsConnectionManager.java +++ /dev/null @@ -1,73 +0,0 @@ -/** - * Copyright (C) 2023 Ignite Realtime Foundation. All rights reserved. - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ -package org.jivesoftware.sparkimpl.updater; - -import org.apache.hc.client5.http.impl.io.BasicHttpClientConnectionManager; -import org.apache.hc.client5.http.socket.ConnectionSocketFactory; -import org.apache.hc.client5.http.socket.PlainConnectionSocketFactory; -import org.apache.hc.client5.http.ssl.NoopHostnameVerifier; -import org.apache.hc.client5.http.ssl.SSLConnectionSocketFactory; -import org.apache.hc.core5.http.config.Registry; -import org.apache.hc.core5.http.config.RegistryBuilder; -import org.apache.hc.core5.ssl.SSLContexts; -import org.apache.hc.core5.ssl.TrustStrategy; - -import javax.net.ssl.SSLContext; -import java.security.KeyManagementException; -import java.security.KeyStoreException; -import java.security.NoSuchAlgorithmException; - -/** - * A HTTP Client connection manager that knowingly by-passes all verification of TLS certificates. - * - * This SHOULD NOT be used for productive systems due to security reasons, unless it is a conscious decision and you are - * perfectly aware of security implications of accepting self-signed certificates. - * - * Usage example: - * - * AcceptAllCertsConnectionManager connectionManager = AcceptAllCertsConnectionManager.getInstance(); - * try( CloseableHttpClient httpClient = HttpClients.custom() - * .setConnectionManager(connectionManager) - * .build(); - * - * CloseableHttpResponse response = (CloseableHttpResponse) httpClient - * .execute(getMethod, new CustomHttpClientResponseHandler())) { - * - * final int statusCode = response.getCode(); - * assertThat(statusCode, equalTo(HttpStatus.SC_OK)); - * }; - * - * @author Guus der Kinderen, guus.der.kinderen@gmail.com - */ -public class AcceptAllCertsConnectionManager extends BasicHttpClientConnectionManager -{ - public static BasicHttpClientConnectionManager getInstance() throws NoSuchAlgorithmException, KeyStoreException, KeyManagementException - { - // Taken from https://www.baeldung.com/httpclient-ssl - final TrustStrategy acceptingTrustStrategy = (cert, authType) -> true; - final SSLContext sslContext = SSLContexts.custom() - .loadTrustMaterial(null, acceptingTrustStrategy) - .build(); - final SSLConnectionSocketFactory sslsf = new SSLConnectionSocketFactory(sslContext, NoopHostnameVerifier.INSTANCE); - final Registry socketFactoryRegistry = - RegistryBuilder. create() - .register("https", sslsf) - .register("http", new PlainConnectionSocketFactory()) - .build(); - - return new BasicHttpClientConnectionManager(socketFactoryRegistry); - } -} diff --git a/core/src/main/java/org/jivesoftware/sparkimpl/updater/CheckUpdates.java b/core/src/main/java/org/jivesoftware/sparkimpl/updater/CheckUpdates.java index 7146501b2..bdbff76e1 100644 --- a/core/src/main/java/org/jivesoftware/sparkimpl/updater/CheckUpdates.java +++ b/core/src/main/java/org/jivesoftware/sparkimpl/updater/CheckUpdates.java @@ -114,18 +114,6 @@ else if (sparkPluginInstalled) { * @return true if there is a new build available for download. */ public SparkVersion isNewBuildAvailableFromJivesoftware() { - - HttpHost proxy = null; - String proxyHost = System.getProperty( "http.proxyHost" ); - String proxyPort = System.getProperty( "http.proxyPort" ); - if ( ModelUtil.hasLength( proxyHost ) && ModelUtil.hasLength(proxyPort) ) { - try{ - proxy = new HttpHost(proxyHost, Integer.parseInt(proxyPort)); - } catch ( NumberFormatException e ) { - Log.error( e ); - } - } - final String os; if (Spark.isWindows()) { os = "windows"; @@ -144,12 +132,7 @@ else if (Spark.isMac()) { // if (isBetaCheckingEnabled) { // post.addParameter("beta", "true"); // } - try (final CloseableHttpClient httpClient = - HttpClients.custom() - .setConnectionManager(AcceptAllCertsConnectionManager.getInstance()) - .setProxy(proxy) - .build() - ) { + try (final CloseableHttpClient httpClient = HttpClients.createSystem()) { final ClassicHttpRequest request = ClassicRequestBuilder.post(mainUpdateURL) .addParameter("os", os) .setHeader("User-Agent", "Spark HttpFileUpload") @@ -179,24 +162,7 @@ public void downloadUpdate(final File downloadedFile, final SparkVersion version final java.util.Timer timer = new java.util.Timer(); final HttpGet request = new HttpGet(version.getDownloadURL()); - - HttpHost proxy = null; - String proxyHost = System.getProperty( "http.proxyHost" ); - String proxyPort = System.getProperty( "http.proxyPort" ); - if ( ModelUtil.hasLength( proxyHost ) && ModelUtil.hasLength(proxyPort) ) { - try{ - proxy = new HttpHost(proxyHost, Integer.parseInt(proxyPort)); - } catch ( NumberFormatException e ) { - Log.error( e ); - } - } - - try (final CloseableHttpClient httpClient = - HttpClients.custom() - .setConnectionManager(AcceptAllCertsConnectionManager.getInstance()) - .setProxy(proxy) - .build(); - ) { + try (final CloseableHttpClient httpClient = HttpClients.createSystem()) { httpClient.execute(request, response -> { if (response.getCode() != 200) { return null; diff --git a/plugins/fileupload/src/main/java/org/jivesoftware/spark/plugin/fileupload/ChatRoomDecorator.java b/plugins/fileupload/src/main/java/org/jivesoftware/spark/plugin/fileupload/ChatRoomDecorator.java index 0d4e12269..00b9aee93 100644 --- a/plugins/fileupload/src/main/java/org/jivesoftware/spark/plugin/fileupload/ChatRoomDecorator.java +++ b/plugins/fileupload/src/main/java/org/jivesoftware/spark/plugin/fileupload/ChatRoomDecorator.java @@ -31,7 +31,6 @@ import org.jivesoftware.spark.ui.ChatRoom; import org.jivesoftware.spark.util.GraphicUtils; import org.jivesoftware.spark.util.log.Log; -import org.jivesoftware.sparkimpl.updater.AcceptAllCertsConnectionManager; import org.jxmpp.jid.EntityBareJid; import org.jxmpp.jid.impl.JidCreate; @@ -124,12 +123,7 @@ private void handleUpload(File file, ChatRoom room, Message.Type type) private void uploadFile(File file, UploadRequest response, ChatRoom room, Message.Type type) { Log.debug("About to upload file for room " + room.getBareJid() + " via HTTP PUT to URL " + response.putUrl); - - try (final CloseableHttpClient httpClient = - HttpClients.custom() - .setConnectionManager(AcceptAllCertsConnectionManager.getInstance()) - .build() - ) { + try (final CloseableHttpClient httpClient = HttpClients.createSystem()) { final ClassicHttpRequest request = ClassicRequestBuilder.put(response.putUrl) .setEntity(new FileEntity(file, ContentType.create("application/binary"))) .setHeader("User-Agent", "Spark HttpFileUpload")