Author: saces Date: 2008-07-28 17:52:48 +0000 (Mon, 28 Jul 2008) New Revision: 21451
Modified: trunk/freenet/src/freenet/pluginmanager/PluginDownLoaderOfficial.java trunk/freenet/src/freenet/pluginmanager/PluginDownLoaderURL.java Log: use the new https uri for official plugins Modified: trunk/freenet/src/freenet/pluginmanager/PluginDownLoaderOfficial.java =================================================================== --- trunk/freenet/src/freenet/pluginmanager/PluginDownLoaderOfficial.java 2008-07-28 17:42:48 UTC (rev 21450) +++ trunk/freenet/src/freenet/pluginmanager/PluginDownLoaderOfficial.java 2008-07-28 17:52:48 UTC (rev 21451) @@ -3,14 +3,72 @@ * http://www.gnu.org/ for further details of the GPL. */ package freenet.pluginmanager; +import java.io.ByteArrayInputStream; +import java.io.File; +import java.io.FileInputStream; +import java.io.FileOutputStream; +import java.io.IOException; +import java.io.InputStream; import java.net.URL; +import java.security.KeyStore; +import java.security.cert.Certificate; +import java.security.cert.CertificateFactory; +import java.util.Collection; +import java.util.Iterator; +import freenet.support.Logger; +import freenet.support.io.Closer; + public class PluginDownLoaderOfficial extends PluginDownLoaderURL { + private final byte[] cert = ("-----BEGIN CERTIFICATE-----\n" + + "MIIHyTCCBbGgAwIBAgIBATANBgkqhkiG9w0BAQUFADB9MQswCQYDVQQGEwJJTDEW\n" + + "MBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMiU2VjdXJlIERpZ2l0YWwg\n" + + "Q2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3RhcnRDb20gQ2VydGlmaWNh\n" + + "dGlvbiBBdXRob3JpdHkwHhcNMDYwOTE3MTk0NjM2WhcNMzYwOTE3MTk0NjM2WjB9\n" + + "MQswCQYDVQQGEwJJTDEWMBQGA1UEChMNU3RhcnRDb20gTHRkLjErMCkGA1UECxMi\n" + + "U2VjdXJlIERpZ2l0YWwgQ2VydGlmaWNhdGUgU2lnbmluZzEpMCcGA1UEAxMgU3Rh\n" + + "cnRDb20gQ2VydGlmaWNhdGlvbiBBdXRob3JpdHkwggIiMA0GCSqGSIb3DQEBAQUA\n" + + "A4ICDwAwggIKAoICAQDBiNsJvGxGfHiflXu1M5DycmLWwTYgIiRezul38kMKogZk\n" + + "pMyONvg45iPwbm2xPN1yo4UcodM9tDMr0y+v/uqwQVlntsQGfQqedIXWeUyAN3rf\n" + + "OQVSWff0G0ZDpNKFhdLDcfN1YjS6LIp/Ho/u7TTQEceWzVI9ujPW3U3eCztKS5/C\n" + + "Ji/6tRYccjV3yjxd5srhJosaNnZcAdt0FCX+7bWgiA/deMotHweXMAEtcnn6RtYT\n" + + "Kqi5pquDSR3l8u/d5AGOGAqPY1MWhWKpDhk6zLVmpsJrdAfkK+F2PrRt2PZE4XNi\n" + + "HzvEvqBTViVsUQn3qqvKv3b9bZvzndu/PWa8DFaqr5hIlTpL36dYUNk4dalb6kMM\n" + + "Av+Z6+hsTXBbKWWc3apdzK8BMewM69KN6Oqce+Zu9ydmDBpI125C4z/eIT574Q1w\n" + + "+2OqqGwaVLRcJXrJosmLFqa7LH4XXgVNWG4SHQHuEhANxjJ/GP/89PrNbpHoNkm+\n" + + "Gkhpi8KWTRoSsmkXwQqQ1vp5Iki/untp+HDH+no32NgN0nZPV/+Qt+OR0t3vwmC3\n" + + "Zzrd/qqc8NSLf3Iizsafl7b4r4qgEKjZ+xjGtrVcUjyJthkqcwEKDwOzEmDyei+B\n" + + "26Nu/yYwl/WL3YlXtq09s68rxbd2AvCl1iuahhQqcvbjM4xdCUsT37uMdBNSSwID\n" + + "AQABo4ICUjCCAk4wDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAa4wHQYDVR0OBBYE\n" + + "FE4L7xqkQFulF2mHMMo0aEPQQa7yMGQGA1UdHwRdMFswLKAqoCiGJmh0dHA6Ly9j\n" + + "ZXJ0LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMCugKaAnhiVodHRwOi8vY3Js\n" + + "LnN0YXJ0Y29tLm9yZy9zZnNjYS1jcmwuY3JsMIIBXQYDVR0gBIIBVDCCAVAwggFM\n" + + "BgsrBgEEAYG1NwEBATCCATswLwYIKwYBBQUHAgEWI2h0dHA6Ly9jZXJ0LnN0YXJ0\n" + + "Y29tLm9yZy9wb2xpY3kucGRmMDUGCCsGAQUFBwIBFilodHRwOi8vY2VydC5zdGFy\n" + + "dGNvbS5vcmcvaW50ZXJtZWRpYXRlLnBkZjCB0AYIKwYBBQUHAgIwgcMwJxYgU3Rh\n" + + "cnQgQ29tbWVyY2lhbCAoU3RhcnRDb20pIEx0ZC4wAwIBARqBl0xpbWl0ZWQgTGlh\n" + + "YmlsaXR5LCByZWFkIHRoZSBzZWN0aW9uICpMZWdhbCBMaW1pdGF0aW9ucyogb2Yg\n" + + "dGhlIFN0YXJ0Q29tIENlcnRpZmljYXRpb24gQXV0aG9yaXR5IFBvbGljeSBhdmFp\n" + + "bGFibGUgYXQgaHR0cDovL2NlcnQuc3RhcnRjb20ub3JnL3BvbGljeS5wZGYwEQYJ\n" + + "YIZIAYb4QgEBBAQDAgAHMDgGCWCGSAGG+EIBDQQrFilTdGFydENvbSBGcmVlIFNT\n" + + "TCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTANBgkqhkiG9w0BAQUFAAOCAgEAFmyZ\n" + + "9GYMNPXQhV59CuzaEE44HF7fpiUFS5Eyweg78T3dRAlbB0mKKctmArexmvclmAk8\n" + + "jhvh3TaHK0u7aNM5Zj2gJsfyOZEdUauCe37Vzlrk4gNXcGmXCPleWKYK34wGmkUW\n" + + "FjgKXlf2Ysd6AgXmvB618p70qSmD+LIU424oh0TDkBreOKk8rENNZEXO3SipXPJz\n" + + "ewT4F+irsfMuXGRuczE6Eri8sxHkfY+BUZo7jYn0TZNmezwD7dOaHZrzZVD1oNB1\n" + + "ny+v8OqCQ5j4aZyJecRDjkZy42Q2Eq/3JR44iZB3fsNrarnDy0RLrHiQi+fHLB5L\n" + + "EUTINFInzQpdn4XBidUaePKVEFMy3YCEZnXZtWgo+2EuvoSoOMCZEoalHmdkrQYu\n" + + "L6lwhceWD3yJZfWOQ1QOq92lgDmUYMA0yZZwLKMS9R9Ie70cfmu3nZD0Ijuu+Pwq\n" + + "yvqCUqDvr0tVk+vBtfAii6w0TiYiBKGHLHVKt+V9E9e4DGTANtLJL4YSjCMJwRuC\n" + + "O3NJo2pXh5Tl1njFmUNj403gdy3hZZlyaQQaRwnmDwFWJPsfvw55qVguucQJAX6V\n" + + "um0ABj6y6koQOdjQK/W/7HW/lwLFCRsI3FU34oH7N4RDYiDK51ZLZer+bMEkkySh\n" + + "NOsF/5oirpt9P/FlUQqmMGqz9IgcgA38corog14=\n" + + "-----END CERTIFICATE-----\n").getBytes(); + public URL checkSource(String source) throws PluginNotFoundException { - // FIXME use the new uri - return super.checkSource("http://downloads.freenetproject.org/alpha/plugins/"; + source + ".jar.url"); - // return super.checkSource("https://checksums.freenetproject.org/latest/"; + source + ".jar.url"); + return super.checkSource("https://checksums.freenetproject.org/latest/"; + + source + ".jar"); } @Override @@ -23,4 +81,53 @@ return null; } + @Override + InputStream getInputStream() throws IOException { + File TMP_KEYSTORE = null; + FileInputStream fis = null; + InputStream is = null; + try { + TMP_KEYSTORE = File.createTempFile("keystore", ".tmp"); + TMP_KEYSTORE.deleteOnExit(); + + KeyStore ks = KeyStore.getInstance("JKS"); + ks.load(null, new char[0]); + + is = getCert(); + + CertificateFactory cf = CertificateFactory.getInstance("X.509"); + Collection c = cf.generateCertificates(is); + Iterator it = c.iterator(); + while(it.hasNext()) { + Certificate cert = (Certificate) it.next(); + ks.setCertificateEntry(cert.getPublicKey().toString(), cert); + } + ks.store(new FileOutputStream(TMP_KEYSTORE), new char[0]); + System.out.println("The CA has been imported into the trustStore"); + } catch(Exception e) { + System.err.println("Error while handling the CA :" + e.getMessage()); + throw new IOException("Error while handling the CA : "+e, e); + } finally { + Closer.close(fis); + } + + System.setProperty("javax.net.ssl.trustStore", TMP_KEYSTORE.toString()); + + return super.getInputStream(); + } + + private InputStream getCert() throws IOException { + + File certfile = new File("startssl.pem"); + + if (certfile.exists()) { + return new FileInputStream(certfile); + } + + System.err.println("Certficate file 'startssl.pem' not found. Using built in certificate"); + Logger.error(this, "Certficate file 'startssl.pem' not found. Using built in certificate"); + + return new ByteArrayInputStream(cert); + } + } Modified: trunk/freenet/src/freenet/pluginmanager/PluginDownLoaderURL.java =================================================================== --- trunk/freenet/src/freenet/pluginmanager/PluginDownLoaderURL.java 2008-07-28 17:42:48 UTC (rev 21450) +++ trunk/freenet/src/freenet/pluginmanager/PluginDownLoaderURL.java 2008-07-28 17:52:48 UTC (rev 21451) @@ -5,6 +5,7 @@ import java.io.IOException; import java.io.InputStream; +import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URL; import java.net.URLConnection; @@ -27,8 +28,8 @@ URLConnection urlConnection = getSource().openConnection(); urlConnection.setUseCaches(false); urlConnection.setAllowUserInteraction(false); - urlConnection.connect(); - return urlConnection.getInputStream(); + //urlConnection.connect(); + return openConnectionCheckRedirects(urlConnection); } @Override @@ -44,5 +45,54 @@ String getSHA1sum() throws PluginNotFoundException { return null; } + + static InputStream openConnectionCheckRedirects(URLConnection c) throws IOException + { + boolean redir; + int redirects = 0; + InputStream in = null; + do + { + if (c instanceof HttpURLConnection) + { + ((HttpURLConnection) c).setInstanceFollowRedirects(false); + } + // We want to open the input stream before getting headers + // because getHeaderField() et al swallow IOExceptions. + in = c.getInputStream(); + redir = false; + if (c instanceof HttpURLConnection) + { + HttpURLConnection http = (HttpURLConnection) c; + int stat = http.getResponseCode(); + if (stat >= 300 && stat <= 307 && stat != 306 && + stat != HttpURLConnection.HTTP_NOT_MODIFIED) + { + URL base = http.getURL(); + String loc = http.getHeaderField("Location"); + URL target = null; + if (loc != null) + { + target = new URL(base, loc); + } + http.disconnect(); + // Redirection should be allowed only for HTTP and HTTPS + // and should be limited to 5 redirections at most. + if (target == null || !(target.getProtocol().equals("http") + || target.getProtocol().equals("https") + || target.getProtocol().equals("ftp")) + || redirects >= 5) + { + throw new SecurityException("illegal URL redirect"); + } + redir = true; + c = target.openConnection(); + redirects++; + } + } + } + while (redir); + return in; + } +} -}
