From 330e803675d041db8829721fce051a557e17254b Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 28 Feb 2014 06:25:08 -0500 Subject: [PATCH] refactored the creation of the HttpUrlConnection objects to a factory Former-commit-id: a4532bd8195b69cfe274d2dc58268db9010f5cdd --- .../data/nexus/NexusSearch.java | 6 +- .../dependencycheck/utils/Downloader.java | 89 +------------ .../utils/URLConnectionFactory.java | 118 ++++++++++++++++++ .../utils/URLConnectionFailureException.java | 68 ++++++++++ 4 files changed, 194 insertions(+), 87 deletions(-) create mode 100644 dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java create mode 100644 dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java index 37974892c..11f509e44 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/NexusSearch.java @@ -27,9 +27,9 @@ import javax.xml.parsers.DocumentBuilder; import javax.xml.parsers.DocumentBuilderFactory; import javax.xml.xpath.XPath; import javax.xml.xpath.XPathFactory; -import org.owasp.dependencycheck.utils.Downloader; import org.owasp.dependencycheck.utils.InvalidSettingException; import org.owasp.dependencycheck.utils.Settings; +import org.owasp.dependencycheck.utils.URLConnectionFactory; import org.w3c.dom.Document; /** @@ -102,7 +102,7 @@ public class NexusSearch { // or proxy is specifically // set to false URLConnection conn = null; - conn = Downloader.getConnection(url, useProxy); + conn = URLConnectionFactory.createHttpURLConnection(url, useProxy); conn.setDoOutput(true); @@ -151,7 +151,7 @@ public class NexusSearch { */ public boolean preflightRequest() { try { - HttpURLConnection conn = Downloader.getConnection(new URL(rootURL, "status")); + HttpURLConnection conn = URLConnectionFactory.createHttpURLConnection(new URL(rootURL, "status")); conn.addRequestProperty("Accept", "application/xml"); conn.connect(); if (conn.getResponseCode() != 200) { diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java index c7816b124..3680b7941 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/Downloader.java @@ -22,12 +22,7 @@ import java.io.File; import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; -import java.net.Authenticator; import java.net.HttpURLConnection; -import java.net.InetSocketAddress; -import java.net.PasswordAuthentication; -import java.net.Proxy; -import java.net.SocketAddress; import java.net.URISyntaxException; import java.net.URL; import java.util.logging.Level; @@ -58,7 +53,7 @@ public final class Downloader { public static void fetchFile(URL url, File outputPath) throws DownloadFailedException { HttpURLConnection conn = null; try { - conn = Downloader.getConnection(url); + conn = URLConnectionFactory.createHttpURLConnection(url); conn.setRequestProperty("Accept-Encoding", "gzip, deflate"); conn.connect(); } catch (IOException ex) { @@ -149,11 +144,13 @@ public final class Downloader { } else { HttpURLConnection conn = null; try { - conn = Downloader.getConnection(url); + conn = URLConnectionFactory.createHttpURLConnection(url); conn.setRequestMethod("HEAD"); conn.connect(); timestamp = conn.getLastModified(); - } catch (Exception ex) { + } catch (URLConnectionFailureException ex) { + throw new DownloadFailedException("Error creating URL Connection for HTTP HEAD request.", ex); + } catch (IOException ex) { throw new DownloadFailedException("Error making HTTP HEAD request.", ex); } finally { if (conn != null) { @@ -167,80 +164,4 @@ public final class Downloader { } return timestamp; } - - /** - * Utility method to get an HttpURLConnection. If the app is configured to use a proxy this method will retrieve the - * proxy settings and use them when setting up the connection. - * - * @param url the url to connect to - * @return an HttpURLConnection - * @throws DownloadFailedException thrown if there is an exception - */ - public static HttpURLConnection getConnection(URL url) throws DownloadFailedException { - HttpURLConnection conn = null; - Proxy proxy = null; - final String proxyUrl = Settings.getString(Settings.KEYS.PROXY_URL); - try { - if (proxyUrl != null) { - final int proxyPort = Settings.getInt(Settings.KEYS.PROXY_PORT); - final SocketAddress addr = new InetSocketAddress(proxyUrl, proxyPort); - - final String username = Settings.getString(Settings.KEYS.PROXY_USERNAME); - final String password = Settings.getString(Settings.KEYS.PROXY_PASSWORD); - if (username != null && password != null) { - final Authenticator auth = new Authenticator() { - @Override - public PasswordAuthentication getPasswordAuthentication() { - if (getRequestorType().equals(RequestorType.PROXY)) { - return new PasswordAuthentication(username, password.toCharArray()); - } - return super.getPasswordAuthentication(); - } - }; - Authenticator.setDefault(auth); - } - - proxy = new Proxy(Proxy.Type.HTTP, addr); - conn = (HttpURLConnection) url.openConnection(proxy); - } else { - conn = (HttpURLConnection) url.openConnection(); - } - final int timeout = Settings.getInt(Settings.KEYS.CONNECTION_TIMEOUT, 60000); - conn.setConnectTimeout(timeout); - } catch (IOException ex) { - if (conn != null) { - try { - conn.disconnect(); - } finally { - conn = null; - } - } - throw new DownloadFailedException("Error getting connection.", ex); - } - return conn; - } - - /** - * Utility method to get an HttpURLConnection. The use of a proxy here is optional as there - * may be cases where a proxy is configured but we don't want to use it (for example, if there's - * an internal repository configured) - * - * @param url the url to connect to - * @parem proxy whether to use the proxy (if configured) - * @throws DownloadFailedException thrown if there is an exception - */ - public static HttpURLConnection getConnection(URL url, boolean proxy) throws DownloadFailedException { - if (proxy) { - return getConnection(url); - } - HttpURLConnection conn = null; - try { - conn = (HttpURLConnection)url.openConnection(); - final int timeout = Settings.getInt(Settings.KEYS.CONNECTION_TIMEOUT, 60000); - conn.setConnectTimeout(timeout); - } catch (IOException ioe) { - throw new DownloadFailedException("Error getting connection.", ioe); - } - return conn; - } } diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java new file mode 100644 index 000000000..4f9bb884e --- /dev/null +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFactory.java @@ -0,0 +1,118 @@ +/* + * This file is part of dependency-check-core. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2014 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.utils; + +import java.io.IOException; +import java.net.Authenticator; +import java.net.HttpURLConnection; +import java.net.InetSocketAddress; +import java.net.PasswordAuthentication; +import java.net.Proxy; +import java.net.SocketAddress; +import java.net.URL; + +/** + * A URLConnection Factory to create new connections. This encapsulates several configuration checks to ensure that the + * connection uses the correct proxy settings. + * + * @author Jeremy Long + */ +public class URLConnectionFactory { + + /** + * Private constructor for this factory. + */ + private URLConnectionFactory() { + } + + /** + * Utility method to create an HttpURLConnection. If the application is configured to use a proxy this method will + * retrieve the proxy settings and use them when setting up the connection. + * + * @param url the url to connect to + * @return an HttpURLConnection + * @throws URLConnectionFailureException thrown if there is an exception + */ + public static HttpURLConnection createHttpURLConnection(URL url) throws URLConnectionFailureException { + HttpURLConnection conn = null; + Proxy proxy = null; + final String proxyUrl = Settings.getString(Settings.KEYS.PROXY_URL); + try { + if (proxyUrl != null) { + final int proxyPort = Settings.getInt(Settings.KEYS.PROXY_PORT); + final SocketAddress addr = new InetSocketAddress(proxyUrl, proxyPort); + + final String username = Settings.getString(Settings.KEYS.PROXY_USERNAME); + final String password = Settings.getString(Settings.KEYS.PROXY_PASSWORD); + if (username != null && password != null) { + final Authenticator auth = new Authenticator() { + @Override + public PasswordAuthentication getPasswordAuthentication() { + if (getRequestorType().equals(Authenticator.RequestorType.PROXY)) { + return new PasswordAuthentication(username, password.toCharArray()); + } + return super.getPasswordAuthentication(); + } + }; + Authenticator.setDefault(auth); + } + + proxy = new Proxy(Proxy.Type.HTTP, addr); + conn = (HttpURLConnection) url.openConnection(proxy); + } else { + conn = (HttpURLConnection) url.openConnection(); + } + final int timeout = Settings.getInt(Settings.KEYS.CONNECTION_TIMEOUT, 60000); + conn.setConnectTimeout(timeout); + } catch (IOException ex) { + if (conn != null) { + try { + conn.disconnect(); + } finally { + conn = null; + } + } + throw new URLConnectionFailureException("Error getting connection.", ex); + } + return conn; + } + + /** + * Utility method to create an HttpURLConnection. The use of a proxy here is optional as there may be cases where a + * proxy is configured but we don't want to use it (for example, if there's an internal repository configured) + * + * @param url the url to connect to + * @param proxy whether to use the proxy (if configured) + * @return a newly constructed HttpURLConnection + * @throws URLConnectionFailureException thrown if there is an exception + */ + public static HttpURLConnection createHttpURLConnection(URL url, boolean proxy) throws URLConnectionFailureException { + if (proxy) { + return createHttpURLConnection(url); + } + HttpURLConnection conn = null; + try { + conn = (HttpURLConnection) url.openConnection(); + final int timeout = Settings.getInt(Settings.KEYS.CONNECTION_TIMEOUT, 60000); + conn.setConnectTimeout(timeout); + } catch (IOException ioe) { + throw new URLConnectionFailureException("Error getting connection.", ioe); + } + return conn; + } +} diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java new file mode 100644 index 000000000..fa7fb9cd8 --- /dev/null +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/utils/URLConnectionFailureException.java @@ -0,0 +1,68 @@ +/* + * This file is part of dependency-check-core. + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + * + * Copyright (c) 2014 Jeremy Long. All Rights Reserved. + */ +package org.owasp.dependencycheck.utils; + +import java.io.IOException; + +/** + * An exception used when the creation of an URLConnection fails. + * + * @author Jeremy Long + */ +public class URLConnectionFailureException extends IOException { + + /** + * The serial version UID. + */ + private static final long serialVersionUID = 1L; + + /** + * Creates a new URLConnectionFailureException. + */ + public URLConnectionFailureException() { + super(); + } + + /** + * Creates a new URLConnectionFailureException. + * + * @param msg a message for the exception. + */ + public URLConnectionFailureException(String msg) { + super(msg); + } + + /** + * Creates a new URLConnectionFailureException. + * + * @param ex the cause of the download failure. + */ + public URLConnectionFailureException(Throwable ex) { + super(ex); + } + + /** + * Creates a new URLConnectionFailureException. + * + * @param msg a message for the exception. + * @param ex the cause of the download failure. + */ + public URLConnectionFailureException(String msg, Throwable ex) { + super(msg, ex); + } +}