From d1d53ee65b66fd1c2c782c5d68141de15f53957f Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Sat, 9 May 2015 07:58:40 -0400
Subject: [PATCH] updated to use HTTP or HTTPS as appropriate for the download
 URL

Former-commit-id: a285898cfb8ae9d2dd92549b8136c64cc551d1a4
---
 .../dependencycheck/data/nexus/MavenArtifact.java | 15 +++++++++++----
 1 file changed, 11 insertions(+), 4 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/MavenArtifact.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/MavenArtifact.java
index ad020c1f3..7ad47b928 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/MavenArtifact.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nexus/MavenArtifact.java
@@ -27,7 +27,7 @@ public class MavenArtifact {
     /**
      * The base URL for download artifacts from Central.
      */
-    private static final String CENTRAL_CONTENT_URL = "http://search.maven.org/remotecontent?filepath=";
+    private static final String CENTRAL_CONTENT_URL = "//search.maven.org/remotecontent?filepath=";
 
     /**
      * The groupId
@@ -80,19 +80,26 @@ public class MavenArtifact {
      * @param version the version
      * @param jarAvailable if the jar file is available from central
      * @param pomAvailable if the pom file is available from central
+     * @param secureDownload if the jar and pom files should be downloaded using HTTPS.
      */
-    public MavenArtifact(String groupId, String artifactId, String version, boolean jarAvailable, boolean pomAvailable) {
+    public MavenArtifact(String groupId, String artifactId, String version, boolean jarAvailable, boolean pomAvailable, boolean secureDownload) {
         this.groupId = groupId;
         this.artifactId = artifactId;
         this.version = version;
+        String base;
+        if (secureDownload) {
+            base = "https:" + CENTRAL_CONTENT_URL;
+        } else {
+            base = "http:" + CENTRAL_CONTENT_URL;
+        }
         if (jarAvailable) {
             //org/springframework/spring-core/3.2.0.RELEASE/spring-core-3.2.0.RELEASE.pom
-            this.artifactUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/"
+            this.artifactUrl = base + groupId.replace('.', '/') + "/" + artifactId + "/"
                     + version + "/" + artifactId + "-" + version + ".jar";
         }
         if (pomAvailable) {
             //org/springframework/spring-core/3.2.0.RELEASE/spring-core-3.2.0.RELEASE.pom
-            this.pomUrl = this.CENTRAL_CONTENT_URL + groupId.replace('.', '/') + "/" + artifactId.replace('.', '/') + "/"
+            this.pomUrl = base + groupId.replace('.', '/') + "/" + artifactId + "/"
                     + version + "/" + artifactId + "-" + version + ".pom";
         }
     }