Skip to content

Commit

Permalink
bugfix for empty URIs
Browse files Browse the repository at this point in the history
  • Loading branch information
@wowasa
wowasa committed Nov 27, 2024
1 parent 49643f9 commit ec12665
Showing 1 changed file with 86 additions and 82 deletions.
168 changes: 86 additions & 82 deletions curation-ccr/src/main/java/eu/clarin/cmdi/curation/ccr/cache/CCRCache.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -7,6 +7,7 @@
import eu.clarin.cmdi.curation.commons.http.HttpUtils;
import lombok.extern.slf4j.Slf4j;
import org.apache.commons.lang3.EnumUtils;
import org.apache.commons.lang3.StringUtils;
import org.springframework.cache.annotation.Cacheable;
import org.springframework.stereotype.Component;
import org.xml.sax.Attributes;
Expand Down Expand Up @@ -58,124 +59,127 @@ public CCRCache(HttpUtils httpUtils, CCRConfig ccrConfig) {
public CCRConcept getCCRConcept(String conceptURI) throws CCRServiceNotAvailableException {

final CCRConcept[] concept = {null};
/*
* wowasa (2017-05-26): validation check might be switched off to bypass expired
* certificates. System-property can be set with the following entry in web.xml
* <env-entry> <env-entry-name>ccrservice.ssl.validate</env-entry-name>
* <env-entry-type>java.lang.String</env-entry-type>
* <env-entry-value>off</env-entry-value> </env-entry>
*/

if (System.getProperty("ccrservice.ssl.validate", "on").equalsIgnoreCase("off")) {
try {
log.warn("SSL-certificate check in CCRService deactivated");

TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}
if(StringUtils.isNotEmpty(conceptURI)) {
/*
* wowasa (2017-05-26): validation check might be switched off to bypass expired
* certificates. System-property can be set with the following entry in web.xml
* <env-entry> <env-entry-name>ccrservice.ssl.validate</env-entry-name>
* <env-entry-type>java.lang.String</env-entry-type>
* <env-entry-value>off</env-entry-value> </env-entry>
*/

if (System.getProperty("ccrservice.ssl.validate", "on").equalsIgnoreCase("off")) {
try {
log.warn("SSL-certificate check in CCRService deactivated");

TrustManager[] trustAllCerts = new TrustManager[]{new X509TrustManager() {
public java.security.cert.X509Certificate[] getAcceptedIssuers() {
return null;
}

public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
public void checkClientTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}

public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
}};
public void checkServerTrusted(java.security.cert.X509Certificate[] certs, String authType) {
}
}};

SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
SSLContext sc = SSLContext.getInstance("SSL");
sc.init(null, trustAllCerts, new java.security.SecureRandom());
HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());

String refHostName = new URL(ccrConfig.getRestApi()).getHost();
String refHostName = new URL(ccrConfig.getRestApi()).getHost();

HttpsURLConnection
.setDefaultHostnameVerifier((hostname, session) -> hostname.equals(refHostName));
HttpsURLConnection
.setDefaultHostnameVerifier((hostname, session) -> hostname.equals(refHostName));


}
catch (NoSuchAlgorithmException ex) {
}
catch (NoSuchAlgorithmException ex) {

log.error("SSL algorithm not available from SSL context");
throw new CCRServiceNotAvailableException(ex);
log.error("SSL algorithm not available from SSL context");
throw new CCRServiceNotAvailableException(ex);

}
catch (KeyManagementException ex) {
}
catch (KeyManagementException ex) {

log.error("couldn't set trust all certificate - this might be forbidden by policy settings");
throw new CCRServiceNotAvailableException(ex);
log.error("couldn't set trust all certificate - this might be forbidden by policy settings");
throw new CCRServiceNotAvailableException(ex);

}
catch (MalformedURLException ex) {
}
catch (MalformedURLException ex) {

log.error("can't extract hostname from URL '{}'", ccrConfig.getRestApi());
throw new CCRServiceNotAvailableException(ex);
}
} // end switch off validation check
log.error("can't extract hostname from URL '{}'", ccrConfig.getRestApi());
throw new CCRServiceNotAvailableException(ex);
}
} // end switch off validation check

String restApiUrlStr = ccrConfig.getRestApi() + ccrConfig.getQuery().replace("${conceptURI}", URLEncoder.encode(conceptURI, StandardCharsets.UTF_8));
String restApiUrlStr = ccrConfig.getRestApi() + ccrConfig.getQuery().replace("${conceptURI}", URLEncoder.encode(conceptURI, StandardCharsets.UTF_8));

try(InputStream in = httpUtils.getURLConnection(restApiUrlStr).getInputStream()) {
try (InputStream in = httpUtils.getURLConnection(restApiUrlStr).getInputStream()) {

SAXParser parser = fac.newSAXParser();
SAXParser parser = fac.newSAXParser();

parser.parse(in,
new DefaultHandler() {
parser.parse(in,
new DefaultHandler() {

private StringBuilder elementValue;
private StringBuilder elementValue;

String prefLabel;
CCRStatus status = CCRStatus.UNKNOWN;
String prefLabel;
CCRStatus status = CCRStatus.UNKNOWN;

@Override
public void startElement(String uri, String localName, String qName, Attributes attributes) {
@Override
public void startElement(String uri, String localName, String qName, Attributes attributes) {

switch (localName) {
switch (localName) {

case "prefLabel", "status" -> elementValue = new StringBuilder();
case "prefLabel", "status" -> elementValue = new StringBuilder();
}
}
}

@Override
public void endElement(String uri, String localName, String qName) {
@Override
public void endElement(String uri, String localName, String qName) {

switch (localName) {
switch (localName) {

case "prefLabel" -> this.prefLabel = this.elementValue.toString();
case "status" -> this.status = EnumUtils.getEnum(CCRStatus.class, this.elementValue.toString().toUpperCase(), CCRStatus.UNKNOWN);
case "prefLabel" -> this.prefLabel = this.elementValue.toString();
case "status" ->
this.status = EnumUtils.getEnum(CCRStatus.class, this.elementValue.toString().toUpperCase(), CCRStatus.UNKNOWN);
}
}
}

@Override
public void endDocument() {
@Override
public void endDocument() {

concept[0] = new CCRConcept(conceptURI, prefLabel, status);
}
concept[0] = new CCRConcept(conceptURI, prefLabel, status);
}

@Override
public void characters(char[] ch, int start, int length) {
if (elementValue == null) {
elementValue = new StringBuilder();
} else {
elementValue.append(ch, start, length);
@Override
public void characters(char[] ch, int start, int length) {
if (elementValue == null) {
elementValue = new StringBuilder();
} else {
elementValue.append(ch, start, length);
}
}
}
});
}
});
}

catch (ParserConfigurationException ex) {
catch (ParserConfigurationException ex) {

log.error("can't configure new SAXParser", ex);
throw new CCRServiceNotAvailableException(ex);
}
catch (IOException ex) {
log.error("can't configure new SAXParser", ex);
throw new CCRServiceNotAvailableException(ex);
}
catch (IOException ex) {

log.error("can't read URL '{}'", restApiUrlStr);
throw new CCRServiceNotAvailableException(ex);
}
log.error("can't read URL '{}'", restApiUrlStr);
}

catch (SAXException ex) {
catch (SAXException ex) {

log.info("can't parse file from URL'{}'", restApiUrlStr);
log.info("can't parse file from URL'{}'", restApiUrlStr);
}
}

return concept[0];
Expand Down

0 comments on commit ec12665

Please sign in to comment.