View Javadoc
1   /*
2    * This file is part of dependency-check-core.
3    *
4    * Licensed under the Apache License, Version 2.0 (the "License");
5    * you may not use this file except in compliance with the License.
6    * You may obtain a copy of the License at
7    *
8    *     http://www.apache.org/licenses/LICENSE-2.0
9    *
10   * Unless required by applicable law or agreed to in writing, software
11   * distributed under the License is distributed on an "AS IS" BASIS,
12   * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13   * See the License for the specific language governing permissions and
14   * limitations under the License.
15   *
16   * Copyright (c) 2014 Jeremy Long. All Rights Reserved.
17   */
18  package org.owasp.dependencycheck.utils;
19  
20  import edu.umd.cs.findbugs.annotations.SuppressFBWarnings;
21  import java.io.IOException;
22  import java.net.Authenticator;
23  import java.net.HttpURLConnection;
24  import java.net.InetSocketAddress;
25  import java.net.PasswordAuthentication;
26  import java.net.Proxy;
27  import java.net.SocketAddress;
28  import java.net.URL;
29  
30  /**
31   * A URLConnection Factory to create new connections. This encapsulates several configuration checks to ensure that the connection
32   * uses the correct proxy settings.
33   *
34   * @author Jeremy Long
35   */
36  public final class URLConnectionFactory {
37  
38      /**
39       * Private constructor for this factory.
40       */
41      private URLConnectionFactory() {
42      }
43  
44      /**
45       * Utility method to create an HttpURLConnection. If the application is configured to use a proxy this method will retrieve
46       * the proxy settings and use them when setting up the connection.
47       *
48       * @param url the url to connect to
49       * @return an HttpURLConnection
50       * @throws URLConnectionFailureException thrown if there is an exception
51       */
52      @SuppressFBWarnings(value = "RCN_REDUNDANT_NULLCHECK_OF_NULL_VALUE", justification = "Just being extra safe")
53      public static HttpURLConnection createHttpURLConnection(URL url) throws URLConnectionFailureException {
54          HttpURLConnection conn = null;
55          final String proxyUrl = Settings.getString(Settings.KEYS.PROXY_SERVER);
56          try {
57              if (proxyUrl != null) {
58                  final int proxyPort = Settings.getInt(Settings.KEYS.PROXY_PORT);
59                  final SocketAddress address = new InetSocketAddress(proxyUrl, proxyPort);
60  
61                  final String username = Settings.getString(Settings.KEYS.PROXY_USERNAME);
62                  final String password = Settings.getString(Settings.KEYS.PROXY_PASSWORD);
63                  if (username != null && password != null) {
64                      final Authenticator auth = new Authenticator() {
65                          @Override
66                          public PasswordAuthentication getPasswordAuthentication() {
67                              if (getRequestorType().equals(Authenticator.RequestorType.PROXY)) {
68                                  return new PasswordAuthentication(username, password.toCharArray());
69                              }
70                              return super.getPasswordAuthentication();
71                          }
72                      };
73                      Authenticator.setDefault(auth);
74                  }
75  
76                  final Proxy proxy = new Proxy(Proxy.Type.HTTP, address);
77                  conn = (HttpURLConnection) url.openConnection(proxy);
78              } else {
79                  conn = (HttpURLConnection) url.openConnection();
80              }
81              final int timeout = Settings.getInt(Settings.KEYS.CONNECTION_TIMEOUT, 10000);
82              conn.setConnectTimeout(timeout);
83              conn.setInstanceFollowRedirects(true);
84          } catch (IOException ex) {
85              if (conn != null) {
86                  try {
87                      conn.disconnect();
88                  } finally {
89                      conn = null;
90                  }
91              }
92              throw new URLConnectionFailureException("Error getting connection.", ex);
93          }
94          return conn;
95      }
96  
97      /**
98       * Utility method to create an HttpURLConnection. The use of a proxy here is optional as there may be cases where a proxy is
99       * configured but we don't want to use it (for example, if there's an internal repository configured)
100      *
101      * @param url the URL to connect to
102      * @param proxy whether to use the proxy (if configured)
103      * @return a newly constructed HttpURLConnection
104      * @throws URLConnectionFailureException thrown if there is an exception
105      */
106     public static HttpURLConnection createHttpURLConnection(URL url, boolean proxy) throws URLConnectionFailureException {
107         if (proxy) {
108             return createHttpURLConnection(url);
109         }
110         HttpURLConnection conn = null;
111         try {
112             conn = (HttpURLConnection) url.openConnection();
113             final int timeout = Settings.getInt(Settings.KEYS.CONNECTION_TIMEOUT, 10000);
114             conn.setConnectTimeout(timeout);
115             conn.setInstanceFollowRedirects(true);
116         } catch (IOException ioe) {
117             throw new URLConnectionFailureException("Error getting connection.", ioe);
118         }
119         return conn;
120     }
121 }