List of usage examples for org.apache.commons.httpclient URI getPathQuery
public String getPathQuery() throws URIException
From source file:com.urswolfer.intellij.plugin.gerrit.rest.SslSupport.java
@Nullable private static HttpMethod handleCertificateExceptionAndRetry(@NotNull IOException e, @NotNull String host, @NotNull HttpClient client, @NotNull URI uri, @NotNull ThrowableConvertor<String, HttpMethod, IOException> methodCreator) throws IOException { if (!isCertificateException(e)) { throw e;/* w ww. ja v a 2 s . c o m*/ } if (isTrusted(host)) { // creating a special configuration that allows connections to non-trusted HTTPS hosts // see the javadoc to EasySSLProtocolSocketFactory for details Protocol easyHttps = new Protocol("https", (ProtocolSocketFactory) new EasySSLProtocolSocketFactory(), 443); HostConfiguration hc = new HostConfiguration(); hc.setHost(host, 443, easyHttps); String relativeUri = new URI(uri.getPathQuery(), false).getURI(); // it is important to use relative URI here, otherwise our custom protocol won't work. // we have to recreate the method, because HttpMethod#setUri won't overwrite the host, // and changing host by hands (HttpMethodBase#setHostConfiguration) is deprecated. HttpMethod method = methodCreator.convert(relativeUri); client.executeMethod(hc, method); return method; } throw e; }
From source file:org.glite.slcs.shibclient.ShibbolethClient.java
/** * Parses and processes Pubcookie or CAS login form. * // w ww . j a v a2s . c o m * @param idp * @param htmlForm * @throws IOException * @throws RemoteException * @throws ServiceException * @throws AuthException */ private URI processIdPLoginForm(IdentityProvider idp, URI ssoLoginURI, String ssoQuery, InputStream htmlForm) throws IOException, RemoteException, ServiceException, AuthException { LOG.info("Parse and process " + idp.getAuthTypeName() + " login form: " + ssoLoginURI); boolean formFound = false; URI idpLoginFormResponseURI = null; // Parse the FORM with Jericho HTML Parser Source source = new Source(htmlForm); List<Element> forms = source.findAllElements(Tag.FORM); for (Element form : forms) { String formName = form.getAttributeValue("NAME"); // BUG FIX: UniL use a CAS login form with NO NAME defined. // first try with the form ID as NAME, otherwise use an empty name. // the metadata should also define an empty name for this particular // form. LOG.debug("form name= " + formName); if (formName == null) { LOG.warn("form have no NAME, try form ID..."); String formId = form.getAttributeValue("ID"); if (formId == null) { LOG.warn("form have no NAME and no ID, using empty name..."); formName = ""; } else { formName = formId; } } if (formName.equals(idp.getAuthFormName())) { formFound = true; String formAction = form.getAttributeValue("ACTION"); LOG.debug("form action=" + formAction); if (formAction == null || formAction.equals("")) { // no form action to POST, use default from metadata formAction = ssoLoginURI.getEscapedURI(); LOG.info("default form action=" + formAction); } else { URI formActionURI = new URI(formAction, false); if (formActionURI.isRelativeURI()) { // action URL is not absolute like: // http://localhost/cas/login?... formActionURI = new URI(ssoLoginURI, formActionURI.getPathQuery(), true); } formAction = formActionURI.getEscapedURI(); LOG.info("corrected form action=" + formAction); } String formMethod = form.getAttributeValue("METHOD"); LOG.debug("form name=" + formName + " action=" + formAction + " method=" + formMethod); if (!formAction.equals("") && formMethod.equalsIgnoreCase("POST")) { PostMethod postLoginFormMethod = new PostMethod(formAction); // add all HIDDEN fields to POST List<FormControl> formControls = form.findFormControls(); for (FormControl control : formControls) { FormControlType type = control.getFormControlType(); if (type.equals(FormControlType.HIDDEN)) { String name = control.getName(); Collection<String> values = control.getValues(); for (String value : values) { LOG.debug("add hidden: " + name + "=" + value); // add all hidden fields postLoginFormMethod.addParameter(name, value); } } } // add username field postLoginFormMethod.addParameter(idp.getAuthFormUsername(), this.credentials_.getUserName()); // add the PASSWORD field postLoginFormMethod.addParameter(idp.getAuthFormPassword(), this.credentials_.getPassword()); // execute the login POST LOG.info("POST LoginFormMethod: " + postLoginFormMethod.getURI()); int formLoginResponseStatus = executeMethod(postLoginFormMethod); LOG.debug(postLoginFormMethod.getStatusLine()); // XXX dumpHttpClientCookies(); // CAS, or FORM can, send a 302 + Location header back if (formLoginResponseStatus == 302 && (idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_CAS || idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_FORM)) { LOG.debug("Process " + idp.getAuthTypeName() + " redirect response (302 + Location header)..."); Header location = postLoginFormMethod.getResponseHeader("Location"); if (location != null) { String locationURL = location.getValue(); LOG.debug("302 Location: " + locationURL); // CAS: if location path (/cas/login) is not the IdP // 1.3 // SSO path (/shibboleth-idp/SSO) or the IdP 2.X // /Authn/RemoteUser // handler, then it's a wrong login URI locationURI = new URI(locationURL, false); String locationPath = locationURI.getPath(); String idpSSOURL = idp.getUrl(); URI idpSSOURI = new URI(idpSSOURL, false); String idpSSOPath = idpSSOURI.getPath(); if (LOG.isDebugEnabled()) { LOG.debug("location path: " + locationPath); LOG.debug("location is the /Authn/RemoteUser hanlder? " + locationPath.endsWith("/Authn/RemoteUser")); LOG.debug("IdP SSO path: " + idpSSOPath); } if (!locationPath.equals(idpSSOPath) && !locationPath.endsWith("/Authn/RemoteUser")) { LOG.error("Redirect response is not the SSO (" + idpSSOURL + ") or the /Authn/RemoteUser handler: " + locationURL); throw new AuthException( idp.getAuthTypeName() + " Authentication failed: " + this.credentials_); } idpLoginFormResponseURI = new URI(locationURL, false); LOG.debug("(" + idp.getAuthTypeName() + ": 302 + Location) idpLoginFormReponseURI= " + idpLoginFormResponseURI); } else { LOG.error(idp.getAuthTypeName() + ": Status 302 but no redirect Location header"); throw new AuthException( idp.getAuthTypeName() + " Authentication failed: " + this.credentials_); } } // IdP 2.1 FORM authN send 200 and directly the SAMLResponse // form else if (formLoginResponseStatus == 200 && idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_FORM) { // BUG FIX: check for Browser/POST hidden form element // SAMLResponse for valid authentication LOG.debug("check for SAMLResponse hidden element"); boolean samlResponseFound = false; InputStream authnLoginResponse = postLoginFormMethod.getResponseBodyAsStream(); Source authnSource = new Source(authnLoginResponse); List<Element> browserPOSTForms = authnSource.findAllElements(Tag.FORM); for (Element browserPOSTForm : browserPOSTForms) { List<FormControl> browserPOSTFormControls = browserPOSTForm.findFormControls(); for (FormControl control : browserPOSTFormControls) { FormControlType type = control.getFormControlType(); if (type.equals(FormControlType.HIDDEN)) { String name = control.getName(); if (name.equals("SAMLResponse")) { LOG.debug("Hidden element found: " + control.getName()); samlResponseFound = true; } } } } if (!samlResponseFound) { LOG.error( idp.getAuthTypeName() + ": no Browser/POST SAMLResponse hidden element found"); throw new AuthException( idp.getAuthTypeName() + " Authentication failed: " + this.credentials_); } LOG.debug("Process FORM (200 + full Browser/POST profile) response..."); idpLoginFormResponseURI = new URI(idp.getUrl(), false); // re-set the original SSO query params idpLoginFormResponseURI.setQuery(ssoQuery); LOG.debug("(FORM: 200 + Browser/POST) idpLoginFormReponseURI= " + idpLoginFormResponseURI); } // Pubcookie send 200 + fucking HTML form relay with hidden // fields!!! // <form method=post // action="https://aai-login.ethz.ch/PubCookie.reply" // name=relay> // then reply a redirect 302 + Location header else if (formLoginResponseStatus == 200 && idp.getAuthType() == IdentityProvider.SSO_AUTHTYPE_PUBCOOKIE) { LOG.debug("Process Pubcookie (200 + relay FORM) response..."); InputStream pubcookieLoginResponse = postLoginFormMethod.getResponseBodyAsStream(); Source pubcookieSource = new Source(pubcookieLoginResponse); PostMethod postPubcookieRelayMethod = null; List<Element> relayForms = pubcookieSource.findAllElements(Tag.FORM); for (Element relayForm : relayForms) { String relayFormAction = relayForm.getAttributeValue("ACTION"); LOG.debug("Pubcookie relay form action= " + relayFormAction); if (relayFormAction == null) { LOG.error("Pubcookie relay form action not found."); throw new RemoteException("Pubcookie relay form action not found"); } // create PubCookie relay POST postPubcookieRelayMethod = new PostMethod(relayFormAction); // add all HIDDEN fields to POST List<FormControl> relayFormControls = relayForm.findFormControls(); for (FormControl control : relayFormControls) { FormControlType type = control.getFormControlType(); if (type.equals(FormControlType.HIDDEN)) { String name = control.getName(); Collection<String> values = control.getValues(); for (String value : values) { LOG.debug("add hidden: " + name + "=" + value); // add all hidden fields postPubcookieRelayMethod.addParameter(name, value); } } } // add hidden fields } // for all relay forms if (postPubcookieRelayMethod != null) { LOG.debug("POST postPubcookieRelayMethod: " + postPubcookieRelayMethod.getURI()); int pubcookieRelayStatus = executeMethod(postPubcookieRelayMethod); LOG.debug(postPubcookieRelayMethod.getStatusLine()); Header location = postPubcookieRelayMethod.getResponseHeader("Location"); LOG.debug("postPubcookieRelayMethod.releaseConnection()"); postPubcookieRelayMethod.releaseConnection(); if (location != null) { String locationURL = location.getValue(); LOG.debug("302 Location: " + locationURL); // parse Location idpLoginFormResponseURI = new URI(locationURL, false); LOG.debug("(PubCookie: 302 + Location header) idpLoginFormReponseURI= " + idpLoginFormResponseURI); } else { LOG.error("Pubcookie relay response 302 + Location header not found"); throw new AuthException( idp.getAuthTypeName() + " Authentication failed: " + this.credentials_); } } else { LOG.error("Pubcookie relay form not found"); throw new AuthException( idp.getAuthTypeName() + " Authentication failed: " + this.credentials_); } // XXX dumpHttpClientCookies(); } else { LOG.error("Unexpected response status: " + formLoginResponseStatus + " AuthType:" + idp.getAuthTypeName()); throw new AuthException( idp.getAuthTypeName() + " Authentication failed: " + this.credentials_); } LOG.debug("POSTLoginFormMethod.releaseConnection()"); postLoginFormMethod.releaseConnection(); } // end if form action is set and method is POST } // end if form name match metadata } // end for all forms if (!formFound) { LOG.error("FORM name=" + idp.getAuthFormName() + " not found"); throw new ServiceException("FORM name=" + idp.getAuthFormName() + " not found"); } return idpLoginFormResponseURI; }
From source file:org.parosproxy.paros.core.scanner.plugin.TestExternalRedirect.java
public void scan(HttpMessage msg, String param, String value) { String locationHeader = null; String locationHeader2 = null; String redirect = ""; URI uri = null; msg = getNewMsg();/*from w w w. j av a 2 s . c o m*/ try { sendAndReceive(msg, false); if (msg.getResponseHeader().getStatusCode() != HttpStatusCode.MOVED_PERMANENTLY && msg.getResponseHeader().getStatusCode() != HttpStatusCode.FOUND) { // not redirect page, return; return; } locationHeader = msg.getResponseHeader().getHeader(HttpHeader.LOCATION); if (locationHeader == null) { return; } if (locationHeader.compareToIgnoreCase(value) == 0) { // URI found in param redirect = redirect1; } else if (locationHeader.compareToIgnoreCase(getURLDecode(value)) == 0) { redirect = getURLEncode(redirect1); } if (redirect != null) { uri = new URI(locationHeader, true); locationHeader2 = uri.getPathQuery(); if (locationHeader2.compareToIgnoreCase(value) == 0) { // path and query found in param redirect = redirect2; } else if (locationHeader2.compareToIgnoreCase(getURLDecode(value)) == 0) { redirect = getURLEncode(redirect2); } } if (redirect == null) { return; } } catch (Exception e) { } msg = getNewMsg(); setParameter(msg, param, redirect); try { sendAndReceive(msg, false); if (checkResult(msg, param + "=" + redirect)) { return; } } catch (Exception e) { } }
From source file:org.parosproxy.paros.core.scanner.plugin.TestMiscExternalRedirect.java
public void scan(HttpMessage msg, String param, String value) { String locationHeader = null; String locationHeader2 = null; String redirect = ""; URI uri = null; msg = getNewMsg();// w ww .ja v a 2 s . c om try { sendAndReceive(msg, false); if (msg.getResponseHeader().getStatusCode() != HttpStatusCode.MOVED_PERMANENTLY && msg.getResponseHeader().getStatusCode() != HttpStatusCode.FOUND) { // not redirect page, return; return; } locationHeader = msg.getResponseHeader().getHeader(HttpHeader.LOCATION); if (locationHeader == null) { return; } if (locationHeader.compareToIgnoreCase(value) == 0) { // URI found in param redirect = redirect1; } else if (locationHeader.compareToIgnoreCase(getURLDecode(value)) == 0) { redirect = getURLEncode(redirect1); } if (redirect != null) { uri = new URI(locationHeader, true); locationHeader2 = uri.getPathQuery(); if (locationHeader2.compareToIgnoreCase(value) == 0) { // path and query found in param redirect = redirect2; } else if (locationHeader2.compareToIgnoreCase(getURLDecode(value)) == 0) { redirect = getURLEncode(redirect2); } } if (redirect == null) { return; } } catch (Exception e) { } msg = getNewMsg(); setParameter(msg, param, redirect); try { sendAndReceive(msg, false); if (checkResult(msg, param + "=" + redirect)) { return; } } catch (Exception e) { } }
From source file:org.parosproxy.paros.network.HttpMessage.java
/** * Compare if 2 message is the same. 2 messages are the same if: * Host, port, path and query param and VALUEs are the same. For POST request, the body must be the same. * @param object//from www. ja v a 2s. c o m * @return */ @Override public boolean equals(Object object) { if (!(object instanceof HttpMessage)) { return false; } HttpMessage msg = (HttpMessage) object; boolean result = false; // compare method if (!this.getRequestHeader().getMethod().equalsIgnoreCase(msg.getRequestHeader().getMethod())) { return false; } // compare host, port and URI URI uri1 = this.getRequestHeader().getURI(); URI uri2 = msg.getRequestHeader().getURI(); if (uri1 == null) { if (uri2 != null) { return false; } return true; } else if (uri2 == null) { return false; } try { if (uri1.getHost() == null || uri2.getHost() == null || !uri1.getHost().equalsIgnoreCase(uri2.getHost())) { return false; } if (uri1.getPort() != uri2.getPort()) { return false; } String pathQuery1 = uri1.getPathQuery(); String pathQuery2 = uri2.getPathQuery(); if (pathQuery1 == null && pathQuery2 == null) { return true; } else if (pathQuery1 != null && pathQuery2 != null) { return pathQuery1.equalsIgnoreCase(pathQuery2); } else if (pathQuery1 == null || pathQuery2 == null) { return false; } if (this.getRequestHeader().getMethod().equalsIgnoreCase(HttpRequestHeader.POST)) { return this.getRequestBody().equals(msg.getRequestBody()); } result = true; } catch (URIException e) { try { result = this.getRequestHeader().getURI().toString() .equalsIgnoreCase(msg.getRequestHeader().getURI().toString()); } catch (Exception e1) { // ZAP: log error log.error(e.getMessage(), e); } } return result; }
From source file:org.zaproxy.zap.extension.callgraph.CallGraphFrame.java
/** * sets up the graph by retrieving the nodes and edges from the history table in the database * * @param urlPattern/*from w ww . ja v a 2 s .com*/ * @throws SQLException */ private void setupGraph(Pattern urlPattern) throws SQLException { Connection conn = null; Statement st = null; ResultSet rs = null; Map<String, String> schemaAuthorityToColor = new HashMap<String, String>(); // use some web safe colours. Currently, there are 24 colours. String[] colors = { "#FFFF00", "#FFCC00", "#FF9900", "#FF6600", "#FF3300", "#CCFF00", "#CCCC00", "#CC9900", "#CC6600", "#99FF00", "#999900", "#996600", "#CCFFCC", "#CCCCCC", "#99CCCC", "#9999CC", "#9966CC", "#66FFCC", "#6699CC", "#6666CC", "#33FFCC", "#33CCCC", "#3399CC", "#00FFCC" }; int colorsUsed = 0; try { // Create a pattern for the specified // get a new connection to the database to query it, since the existing database classes // do not cater for // ad-hoc queries on the table /* * TODO Add-ons should NOT make their own connections to the db any more - the db layer is plugable * so could be implemented in a completely different way * TODO: how? There is currently no API to do this. */ // Note: the db is a singleton instance, so do *not* close it!! Database db = Model.getSingleton().getDb(); if (!(db instanceof ParosDatabase)) { throw new InvalidParameterException(db.getClass().getCanonicalName()); } conn = ((ParosDatabaseServer) db.getDatabaseServer()).getNewConnection(); // we begin adding stuff to the graph, so begin a "transaction" on it. // we will close this after we add all the vertexes and edges to the graph graph.getModel().beginUpdate(); // prepare to add the vertices to the graph // this must include all URLs references as vertices, even if those URLs did not feature // in the history table in their own right // include entries of type 1 (proxied), 2 (spidered), 10 (Ajax spidered) from the // history st = conn.createStatement(); rs = st.executeQuery( "select distinct URI from HISTORY where histtype in (1,2,10) union distinct select distinct RIGHT(REGEXP_SUBSTRING (REQHEADER, 'Referer:.+') , LENGTH(REGEXP_SUBSTRING (REQHEADER, 'Referer:.+'))-LENGTH('Referer: ')) from HISTORY where REQHEADER like '%Referer%' and histtype in (1,2,10) order by 1"); for (; rs.next();) { String url = rs.getString(1); // remove urls that do not match the pattern specified (all sites / one site) Matcher urlmatcher = urlPattern.matcher(url); if (urlmatcher.find()) { // addVertex(url , url); try { URI uri = new URI(url, false); String schemaAuthority = uri.getScheme() + "://" + uri.getAuthority(); String path = uri.getPathQuery(); if (path == null) path = "/"; String color = schemaAuthorityToColor.get(schemaAuthority); if (color == null) { // not found already.. so assign this scheme and authority a color. if (colorsUsed >= colors.length) { throw new Exception("Too many scheme/authority combinations. Ne need more colours"); } color = colors[colorsUsed++]; schemaAuthorityToColor.put(schemaAuthority, color); } addVertex(path, url, "fillColor=" + color); } catch (Exception e) { log.error("Error graphing node for URL " + url, e); } } else { if (log.isDebugEnabled()) log.debug("URL " + url + " does not match the specified pattern " + urlPattern + ", so not adding it as a vertex"); } } // close the resultset and statement rs.close(); st.close(); // set up the edges in the graph st = conn.createStatement(); rs = st.executeQuery( "select distinct RIGHT(REGEXP_SUBSTRING (REQHEADER, 'Referer:.+') , LENGTH(REGEXP_SUBSTRING (REQHEADER, 'Referer:.+'))-LENGTH('Referer: ')), URI from HISTORY where REQHEADER like '%Referer%' and histtype in (1,2,10) order by 2"); mxGraphModel graphmodel = (mxGraphModel) graph.getModel(); for (; rs.next();) { String predecessor = rs.getString(1); String url = rs.getString(2); // now trim back all urls from the base url // Matcher predecessorurlmatcher = urlpattern.matcher(predecessor); // if (predecessorurlmatcher.find()) { // predecessor = predecessorurlmatcher.group(1); // } // Matcher urlmatcher = urlpattern.matcher(url); // if (urlmatcher.find()) { // url = urlmatcher.group(1); // } // remove urls that do not match the pattern specified (all sites / one site) Matcher urlmatcher1 = urlPattern.matcher(predecessor); if (!urlmatcher1.find()) { if (log.isDebugEnabled()) log.debug("Predecessor URL " + predecessor + " does not match the specified pattern " + urlPattern + ", so not adding it as a vertex"); continue; // to the next iteration } Matcher urlmatcher2 = urlPattern.matcher(url); if (!urlmatcher2.find()) { if (log.isDebugEnabled()) log.debug("URL " + url + " does not match the specified pattern " + urlPattern + ", so not adding it as a vertex"); continue; // to the next iteration } // check that we have added the url as a vertex in its own right.. definitely should // have happened.. mxCell predecessorVertex = (mxCell) graphmodel.getCell(predecessor); mxCell postdecessorVertex = (mxCell) graphmodel.getCell(url); if (predecessorVertex == null || postdecessorVertex == null) { log.warn("Could not find graph node for " + predecessor + " or for " + url + ". Ignoring it."); continue; } // add the edge (ie, add the dependency between 2 URLs) graph.insertEdge(parent, predecessorVertex.getId() + "-->" + postdecessorVertex.getId(), null, predecessorVertex, postdecessorVertex); } // once all the vertices and edges are drawn, look for root nodes (nodes with no // incoming edges) // we will display the full URl for these, rather than just the path, to aid viewing the // graph Object[] vertices = graph.getChildVertices(graph.getDefaultParent()); for (Object vertex : vertices) { Object[] incomingEdgesForVertex = graph.getIncomingEdges(vertex); if (incomingEdgesForVertex == null || (incomingEdgesForVertex != null && incomingEdgesForVertex.length == 0)) { // it's a root node. Set it's value (displayed label) to the same as it's id // (the full URL) mxCell vertextCasted = (mxCell) vertex; vertextCasted.setValue(vertextCasted.getId()); // now sort out the text metrics for the vertex, since the size of the displayed // text has been changed Dimension textsize = this.getTextDimension((String) vertextCasted.getValue(), this.fontmetrics); mxGeometry cellGeometry = vertextCasted.getGeometry(); cellGeometry.setHeight(textsize.getHeight()); cellGeometry.setWidth(textsize.getWidth()); vertextCasted.setGeometry(cellGeometry); } } } catch (SQLException e) { log.error("Error trying to setup the graph", e); throw e; } finally { if (rs != null && !rs.isClosed()) rs.close(); if (st != null && !st.isClosed()) st.close(); if (conn != null && !conn.isClosed()) conn.close(); // mark the "transaction" on the graph as complete graph.getModel().endUpdate(); } }