Author: bblfish
Date: Wed Nov 10 22:04:23 2010
New Revision: 1033752
URL: http://svn.apache.org/viewvc?rev=1033752&view=rev
Log:
catch ssl exceptions and log them. Also don't dereference local webids: get
them directly from triple store. (should check that this does not bypass some
security)
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/X509TrustManagerWrapperService.scala
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.users/core/src/main/scala/org/apache/clerezza/platform/users/WebDescriptionProvider.scala
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.users/core/src/main/scala/org/apache/clerezza/platform/users/WebIdGraphsService.scala
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/X509TrustManagerWrapperService.scala
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/X509TrustManagerWrapperService.scala?rev=1033752&r1=1033751&r2=1033752&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/X509TrustManagerWrapperService.scala
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.security.foafssl/core/src/main/scala/org/apache/clerezza/foafssl/ssl/X509TrustManagerWrapperService.scala
Wed Nov 10 22:04:23 2010
@@ -85,22 +85,31 @@ class X509TrustManagerWrapperService() e
new TrustAllClientsWrappingTrustManager(
trustManager) {
override def checkClientTrusted(chain:
Array[X509Certificate], authType: String): Unit = {
- val webIdUriRefs =
Utilities.getClaimedWebIds(chain)
- if (webIdUriRefs.length == 0) {
- trustManager.checkClientTrusted(chain,
authType)
- } else {
- val cert0 = chain(0)
- val now = new Date();
- if (now.after(cert0.getNotAfter()))
- throw new
CertificateExpiredException(String.format("The certificate expires after %c .
It is now %c . ", now, cert0.getNotAfter));
- if (now.before(cert0.getNotBefore()))
- throw new
CertificateNotYetValidException(String.format("The certificate is not valid
before %c. It is now %c .", now, cert0.getNotBefore));
- val publicKey = cert0.getPublicKey
- for (uriRef <- webIdUriRefs) {
- verify(uriRef, publicKey)
+ try {
+ val webIdUriRefs =
Utilities.getClaimedWebIds(chain)
+ if (webIdUriRefs.length == 0) {
+
trustManager.checkClientTrusted(chain, authType)
+ } else {
+ val cert0 = chain(0)
+ val now = new Date();
+ if
(now.after(cert0.getNotAfter()))
+ throw new
CertificateExpiredException(String.format("The certificate expires after %c .
It is now %c . ", now, cert0.getNotAfter));
+ if
(now.before(cert0.getNotBefore()))
+ throw new
CertificateNotYetValidException(String.format("The certificate is not valid
before %c. It is now %c .", now, cert0.getNotBefore));
+ val publicKey =
cert0.getPublicKey
+ for (uriRef <- webIdUriRefs) {
+ verify(uriRef,
publicKey)
+ }
}
+ return
+ } catch {
+ //todo: this should be more clever,
only displaying full stack trace if requested
+ //todo: currently could be a denial of
service attack - by filling up your hard drive
+ case ex: Throwable => {
+ logger.info("can't
check client",ex)
+ throw new
CertificateException("cannot check client"+ex.getMessage);
+ }
}
- return
}
}
}
@@ -171,6 +180,7 @@ class X509TrustManagerWrapperService() e
/**
+ * todo: question should this perhaps be a 2 position method (pubkey,
graphnode) ?
* @return true if the key could be verified
*/
private def verify(webId: UriRef, publicKey: PublicKey, tc:
TripleCollection): Boolean = {
@@ -254,22 +264,22 @@ class X509TrustManagerWrapperService() e
- /**
- * This takes any string and returns in order only those characters that
are
- * part of a hex string
- *
- * @param strval
- * any string
- * @return a pure hex string
- */
+ /**
+ * This takes any string and returns in order only those characters
that are
+ * part of a hex string
+ *
+ * @param strval
+ * any string
+ * @return a pure hex string
+ */
- private def cleanHex( strval: String) = {
+ private def cleanHex( strval: String) = {
def legal(c: Char) = { //in order of likelyhood of appearance
((c >= '0') && (c <= '9')) ||
((c >= 'A') && (c <= 'F')) ||
((c >= 'a') && (c <= 'f'))
}
- (for (c <- strval; if legal(c)) yield c)
- }
+ (for (c <- strval; if legal(c)) yield c)
+ }
}
\ No newline at end of file
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.users/core/src/main/scala/org/apache/clerezza/platform/users/WebDescriptionProvider.scala
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.users/core/src/main/scala/org/apache/clerezza/platform/users/WebDescriptionProvider.scala?rev=1033752&r1=1033751&r2=1033752&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.users/core/src/main/scala/org/apache/clerezza/platform/users/WebDescriptionProvider.scala
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.users/core/src/main/scala/org/apache/clerezza/platform/users/WebDescriptionProvider.scala
Wed Nov 10 22:04:23 2010
@@ -19,16 +19,11 @@
package org.apache.clerezza.platform.users
-import java.net.HttpURLConnection
-import java.net.URL
import org.apache.clerezza.platform.Constants
-import org.apache.clerezza.platform.config.PlatformConfig
-import org.apache.clerezza.platform.config.SystemConfig
import org.apache.clerezza.rdf.core.TripleCollection
import org.apache.clerezza.rdf.core.UriRef
import org.apache.clerezza.rdf.core.access.NoSuchEntityException
import org.apache.clerezza.rdf.core.access.TcManager
-import org.apache.clerezza.rdf.core.serializedform.Parser
import org.apache.clerezza.rdf.utils.GraphNode
import org.apache.clerezza.rdf.utils.UnionMGraph
import org.osgi.service.component.ComponentContext
@@ -84,6 +79,7 @@ class WebDescriptionProvider {
def getWebDescription(uri: UriRef, update: Boolean): GraphNode = {
val webIdGraphs = webIdGraphsService.getWebIdGraphs(uri)
+ if (webIdGraphs.isLocal) return new
GraphNode(uri,webIdGraphs.localGraph)
if (update) {
webIdGraphs.updateLocalCache()
}
Modified:
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.users/core/src/main/scala/org/apache/clerezza/platform/users/WebIdGraphsService.scala
URL:
http://svn.apache.org/viewvc/incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.users/core/src/main/scala/org/apache/clerezza/platform/users/WebIdGraphsService.scala?rev=1033752&r1=1033751&r2=1033752&view=diff
==============================================================================
---
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.users/core/src/main/scala/org/apache/clerezza/platform/users/WebIdGraphsService.scala
(original)
+++
incubator/clerezza/trunk/org.apache.clerezza.parent/org.apache.clerezza.platform.users/core/src/main/scala/org/apache/clerezza/platform/users/WebIdGraphsService.scala
Wed Nov 10 22:04:23 2010
@@ -195,9 +195,9 @@ class WebIdGraphsService() {
connection match {
case hc: HttpURLConnection =>
hc.addRequestProperty("Accept", acceptHeader);
}
- val mediaType = connection.getContentType()
connection.connect()
val in = connection.getInputStream()
+ val mediaType = connection.getContentType()
val remoteTriples = parser.parse(in, mediaType,
representationGraphUri)
localCache.clear()
localCache.addAll(remoteTriples)
