Search in sources :

Example 1 with SSLContextManager

use of ch.csnc.extension.httpclient.SSLContextManager in project zaproxy by zaproxy.

the class CoreAPI method handleApiAction.

@Override
public ApiResponse handleApiAction(String name, JSONObject params) throws ApiException {
    Session session = Model.getSingleton().getSession();
    if (ACTION_ACCESS_URL.equals(name)) {
        URI uri;
        try {
            uri = new URI(params.getString(PARAM_URL), true);
        } catch (URIException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL, e);
        }
        HttpMessage request;
        try {
            request = new HttpMessage(new HttpRequestHeader(HttpRequestHeader.GET, uri, HttpHeader.HTTP11));
        } catch (HttpMalformedHeaderException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL, e);
        }
        return sendHttpMessage(request, getParam(params, PARAM_FOLLOW_REDIRECTS, false), name);
    } else if (ACTION_SHUTDOWN.equals(name)) {
        Thread thread = new Thread("ZAP-Shutdown") {

            @Override
            public void run() {
                try {
                    // Give the API a chance to return
                    sleep(1000);
                } catch (InterruptedException e) {
                // Ignore
                }
                try {
                    Control.getSingleton().shutdown(Model.getSingleton().getOptionsParam().getDatabaseParam().isCompactDatabase());
                    logger.info(Constant.PROGRAM_TITLE + " terminated.");
                } catch (Throwable e) {
                    logger.error("An error occurred while shutting down:", e);
                } finally {
                    System.exit(Control.getSingleton().getExitStatus());
                }
            }
        };
        thread.start();
    } else if (ACTION_SAVE_SESSION.equalsIgnoreCase(name)) {
        // Ignore case for backwards compatibility
        Path sessionPath = SessionUtils.getSessionPath(params.getString(PARAM_SESSION));
        String filename = sessionPath.toAbsolutePath().toString();
        final boolean overwrite = getParam(params, PARAM_OVERWRITE_SESSION, false);
        if (Files.exists(sessionPath)) {
            boolean sameSession = false;
            if (overwrite && !session.isNewState()) {
                try {
                    sameSession = Files.isSameFile(Paths.get(session.getFileName()), sessionPath);
                } catch (IOException e) {
                    logger.error("Failed to check if same session path:", e);
                    throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
                }
            }
            if (!overwrite || sameSession) {
                throw new ApiException(ApiException.Type.ALREADY_EXISTS, filename);
            }
        }
        this.savingSession = true;
        try {
            Control.getSingleton().saveSession(filename, this);
        } catch (Exception e) {
            logger.error("Failed to save the session:", e);
            this.savingSession = false;
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
        }
        // Wait for notification that its worked ok
        try {
            while (this.savingSession) {
                Thread.sleep(200);
            }
        } catch (InterruptedException e) {
            // Probably not an error
            logger.debug(e.getMessage(), e);
        }
        logger.debug("Can now return after saving session");
    } else if (ACTION_SNAPSHOT_SESSION.equalsIgnoreCase(name)) {
        // Ignore case for backwards compatibility
        if (session.isNewState()) {
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST);
        }
        List<String> actions = Control.getSingleton().getExtensionLoader().getActiveActions();
        if (!actions.isEmpty()) {
            throw new ApiException(ApiException.Type.BAD_STATE, "Active actions prevent the session snapshot: " + actions);
        }
        String fileName = ApiUtils.getOptionalStringParam(params, PARAM_SESSION);
        if (fileName == null || fileName.isEmpty()) {
            fileName = session.getFileName();
            if (fileName.endsWith(".session")) {
                fileName = fileName.substring(0, fileName.length() - 8);
            }
            fileName += "-" + dateFormat.format(new Date()) + ".session";
        } else {
            Path sessionPath = SessionUtils.getSessionPath(fileName);
            fileName = sessionPath.toAbsolutePath().toString();
            if (Files.exists(sessionPath)) {
                final boolean overwrite = getParam(params, PARAM_OVERWRITE_SESSION, false);
                boolean sameSession = false;
                try {
                    sameSession = Files.isSameFile(Paths.get(session.getFileName()), sessionPath);
                } catch (IOException e) {
                    logger.error("Failed to check if same session path:", e);
                    throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
                }
                if (!overwrite || sameSession) {
                    throw new ApiException(ApiException.Type.ALREADY_EXISTS, fileName);
                }
            }
        }
        this.savingSession = true;
        try {
            Control.getSingleton().snapshotSession(fileName, this);
        } catch (Exception e) {
            logger.error("Failed to snapshot the session:", e);
            this.savingSession = false;
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
        }
        // Wait for notification that its worked ok
        try {
            while (this.savingSession) {
                Thread.sleep(200);
            }
        } catch (InterruptedException e) {
            // Probably not an error
            logger.debug(e.getMessage(), e);
        }
        logger.debug("Can now return after saving session");
    } else if (ACTION_LOAD_SESSION.equalsIgnoreCase(name)) {
        // Ignore case for backwards compatibility
        Path sessionPath = SessionUtils.getSessionPath(params.getString(PARAM_SESSION));
        String filename = sessionPath.toAbsolutePath().toString();
        if (!Files.exists(sessionPath)) {
            throw new ApiException(ApiException.Type.DOES_NOT_EXIST, filename);
        }
        try {
            Control.getSingleton().runCommandLineOpenSession(filename);
        } catch (Exception e) {
            logger.error("Failed to load the session:", e);
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
        }
    } else if (ACTION_NEW_SESSION.equalsIgnoreCase(name)) {
        // Ignore case for backwards compatibility
        String sessionName = null;
        try {
            sessionName = params.getString(PARAM_SESSION);
        } catch (Exception e1) {
        // Ignore
        }
        if (sessionName == null || sessionName.length() == 0) {
            // Create a new 'unnamed' session
            Control.getSingleton().discardSession();
            try {
                Control.getSingleton().newSession();
            } catch (Exception e) {
                logger.error("Failed to create a new session:", e);
                throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
            }
        } else {
            Path sessionPath = SessionUtils.getSessionPath(sessionName);
            String filename = sessionPath.toAbsolutePath().toString();
            final boolean overwrite = getParam(params, PARAM_OVERWRITE_SESSION, false);
            if (Files.exists(sessionPath) && !overwrite) {
                throw new ApiException(ApiException.Type.ALREADY_EXISTS, filename);
            }
            try {
                Control.getSingleton().runCommandLineNewSession(filename);
            } catch (Exception e) {
                logger.error("Failed to create a new session:", e);
                throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
            }
        }
    } else if (ACTION_CLEAR_EXCLUDED_FROM_PROXY.equals(name)) {
        try {
            session.setExcludeFromProxyRegexs(new ArrayList<>());
        } catch (DatabaseException e) {
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
        }
    } else if (ACTION_EXCLUDE_FROM_PROXY.equals(name)) {
        String regex = params.getString(PARAM_REGEX);
        try {
            session.addExcludeFromProxyRegex(regex);
        } catch (DatabaseException e) {
            logger.error(e.getMessage(), e);
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, e.getMessage());
        } catch (PatternSyntaxException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_REGEX);
        }
    } else if (ACTION_SET_HOME_DIRECTORY.equals(name)) {
        File f = new File(params.getString(PARAM_DIR));
        if (f.exists() && f.isDirectory()) {
            Model.getSingleton().getOptionsParam().setUserDirectory(f);
        } else {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_DIR);
        }
    } else if (ACTION_SET_MODE.equals(name)) {
        try {
            Mode mode = Mode.valueOf(params.getString(PARAM_MODE).toLowerCase());
            if (View.isInitialised()) {
                View.getSingleton().getMainFrame().getMainToolbarPanel().setMode(mode);
                View.getSingleton().getMainFrame().getMainMenuBar().setMode(mode);
            } else {
                Control.getSingleton().setMode(mode);
            }
        } catch (Exception e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_MODE);
        }
    } else if (ACTION_GENERATE_ROOT_CA.equals(name)) {
        return getNetworkImplementor().handleApiAction("generateRootCaCert", params);
    } else if (ACTION_SEND_REQUEST.equals(name)) {
        HttpMessage request;
        try {
            request = createRequest(params.getString(PARAM_REQUEST));
        } catch (HttpMalformedHeaderException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_REQUEST, e);
        }
        validateForCurrentMode(request);
        return sendHttpMessage(request, getParam(params, PARAM_FOLLOW_REDIRECTS, false), name);
    } else if (ACTION_DELETE_ALL_ALERTS.equals(name)) {
        return API.getInstance().getImplementors().get(AlertAPI.PREFIX).handleApiAction(name, params);
    } else if (ACTION_DELETE_ALERT.equals(name)) {
        return API.getInstance().getImplementors().get(AlertAPI.PREFIX).handleApiAction(name, params);
    } else if (ACTION_COLLECT_GARBAGE.equals(name)) {
        System.gc();
        return ApiResponseElement.OK;
    } else if (ACTION_DELETE_SITE_NODE.equals(name)) {
        try {
            String url = params.getString(PARAM_URL);
            String method = getParam(params, PARAM_METHOD, "GET");
            String postData = getParam(params, PARAM_POST_DATA, "");
            URI uri = new URI(url, true);
            SiteMap siteMap = session.getSiteTree();
            SiteNode siteNode = siteMap.findNode(uri, method, postData);
            if (siteNode == null) {
                throw new ApiException(ApiException.Type.DOES_NOT_EXIST, PARAM_URL);
            }
            if (getExtHistory() != null) {
                getExtHistory().purge(siteMap, siteNode);
            }
            return ApiResponseElement.OK;
        } catch (URIException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_URL, e);
        }
    } else if (ACTION_ADD_PROXY_CHAIN_EXCLUDED_DOMAIN.equals(name)) {
        try {
            ConnectionParam connectionParam = Model.getSingleton().getOptionsParam().getConnectionParam();
            String value = params.getString(PARAM_VALUE);
            DomainMatcher domain;
            if (getParam(params, PARAM_IS_REGEX, false)) {
                domain = new DomainMatcher(DomainMatcher.createPattern(value));
            } else {
                domain = new DomainMatcher(value);
            }
            domain.setEnabled(getParam(params, PARAM_IS_ENABLED, true));
            List<DomainMatcher> domains = new ArrayList<>(connectionParam.getProxyExcludedDomains());
            domains.add(domain);
            connectionParam.setProxyExcludedDomains(domains);
        } catch (IllegalArgumentException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_VALUE, e);
        }
    } else if (ACTION_MODIFY_PROXY_CHAIN_EXCLUDED_DOMAIN.equals(name)) {
        try {
            ConnectionParam connectionParam = Model.getSingleton().getOptionsParam().getConnectionParam();
            int idx = params.getInt(PARAM_IDX);
            if (idx < 0 || idx >= connectionParam.getProxyExcludedDomains().size()) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
            }
            DomainMatcher oldDomain = connectionParam.getProxyExcludedDomains().get(idx);
            String value = getParam(params, PARAM_VALUE, oldDomain.getValue());
            if (value.isEmpty()) {
                value = oldDomain.getValue();
            }
            DomainMatcher newDomain;
            if (getParam(params, PARAM_IS_REGEX, oldDomain.isRegex())) {
                newDomain = new DomainMatcher(DomainMatcher.createPattern(value));
            } else {
                newDomain = new DomainMatcher(value);
            }
            newDomain.setEnabled(getParam(params, PARAM_IS_ENABLED, oldDomain.isEnabled()));
            if (!oldDomain.equals(newDomain)) {
                List<DomainMatcher> domains = new ArrayList<>(connectionParam.getProxyExcludedDomains());
                domains.set(idx, newDomain);
                connectionParam.setProxyExcludedDomains(domains);
            }
        } catch (JSONException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e);
        } catch (IllegalArgumentException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_VALUE, e);
        }
    } else if (ACTION_REMOVE_PROXY_CHAIN_EXCLUDED_DOMAIN.equals(name)) {
        try {
            ConnectionParam connectionParam = Model.getSingleton().getOptionsParam().getConnectionParam();
            int idx = params.getInt(PARAM_IDX);
            if (idx < 0 || idx >= connectionParam.getProxyExcludedDomains().size()) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX);
            }
            List<DomainMatcher> domains = new ArrayList<>(connectionParam.getProxyExcludedDomains());
            domains.remove(idx);
            connectionParam.setProxyExcludedDomains(domains);
        } catch (JSONException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_IDX, e);
        }
    } else if (ACTION_ENABLE_ALL_PROXY_CHAIN_EXCLUDED_DOMAINS.equals(name)) {
        setProxyChainExcludedDomainsEnabled(true);
    } else if (ACTION_DISABLE_ALL_PROXY_CHAIN_EXCLUDED_DOMAINS.equals(name)) {
        setProxyChainExcludedDomainsEnabled(false);
    } else if (ACTION_OPTION_MAXIMUM_ALERT_INSTANCES.equals(name)) {
        try {
            getAlertParam(ApiException.Type.BAD_ACTION).setMaximumInstances(params.getInt(PARAM_NUMBER_OF_INSTANCES));
        } catch (JSONException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_NUMBER_OF_INSTANCES, e);
        }
    } else if (ACTION_OPTION_MERGE_RELATED_ALERTS.equals(name)) {
        try {
            getAlertParam(ApiException.Type.BAD_ACTION).setMergeRelatedIssues(params.getBoolean(PARAM_ENABLED));
        } catch (JSONException e) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_ENABLED, e);
        }
    } else if (ACTION_OPTION_ALERT_OVERRIDES_FILE_PATH.equals(name)) {
        String filePath = getParam(params, PARAM_FILE_PATH, "");
        if (!filePath.isEmpty()) {
            File file = new File(filePath);
            if (!file.isFile() || !file.canRead()) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_FILE_PATH);
            }
        }
        getAlertParam(ApiException.Type.BAD_ACTION).setOverridesFilename(filePath);
        if (!Control.getSingleton().getExtensionLoader().getExtension(ExtensionAlert.class).reloadOverridesFile()) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_FILE_PATH);
        }
    } else if (ACTION_ENABLE_PKCS12_CLIENT_CERTIFICATE.equals(name)) {
        String filePath = getParam(params, PARAM_FILE_PATH, "");
        if (!filePath.isEmpty()) {
            File file = new File(filePath);
            if (!file.isFile() || !file.canRead()) {
                throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_FILE_PATH);
            }
        }
        String password = getParam(params, PARAM_PASSWORD, "");
        if (password.isEmpty()) {
            throw new ApiException(ApiException.Type.ILLEGAL_PARAMETER, PARAM_PASSWORD);
        }
        int certIndex = getParam(params, PARAM_INDEX, 0);
        if (certIndex < 0) {
            certIndex = 0;
        }
        OptionsParamCertificate certParams = Model.getSingleton().getOptionsParam().getCertificateParam();
        try {
            SSLContextManager contextManager = certParams.getSSLContextManager();
            int ksIndex = contextManager.loadPKCS12Certificate(filePath, password);
            contextManager.unlockKey(ksIndex, certIndex, password);
            contextManager.setDefaultKey(ksIndex, certIndex);
            certParams.setActiveCertificate();
            certParams.setEnableCertificate(true);
            logger.info("Client Certificate enabled from API");
        } catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException ex) {
            logger.error("The certificate could not be enabled due to an error", ex);
            throw new ApiException(ApiException.Type.INTERNAL_ERROR, ex);
        }
        return ApiResponseElement.OK;
    } else if (ACTION_DISABLE_CLIENT_CERTIFICATE.equals(name)) {
        Model.getSingleton().getOptionsParam().getCertificateParam().setEnableCertificate(false);
        logger.info("Client Certificate disabled from API");
        return ApiResponseElement.OK;
    } else {
        throw new ApiException(ApiException.Type.BAD_ACTION);
    }
    return ApiResponseElement.OK;
}
Also used : OptionsParamCertificate(org.parosproxy.paros.extension.option.OptionsParamCertificate) ArrayList(java.util.ArrayList) CertificateException(java.security.cert.CertificateException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) HttpRequestHeader(org.parosproxy.paros.network.HttpRequestHeader) URI(org.apache.commons.httpclient.URI) KeyManagementException(java.security.KeyManagementException) URIException(org.apache.commons.httpclient.URIException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) SiteMap(org.parosproxy.paros.model.SiteMap) List(java.util.List) ArrayList(java.util.ArrayList) DomainMatcher(org.zaproxy.zap.network.DomainMatcher) ExtensionAlert(org.zaproxy.zap.extension.alert.ExtensionAlert) PatternSyntaxException(java.util.regex.PatternSyntaxException) SiteNode(org.parosproxy.paros.model.SiteNode) Path(java.nio.file.Path) SSLContextManager(ch.csnc.extension.httpclient.SSLContextManager) Mode(org.parosproxy.paros.control.Control.Mode) JSONException(net.sf.json.JSONException) IOException(java.io.IOException) KeyStoreException(java.security.KeyStoreException) KeyStoreException(java.security.KeyStoreException) URIException(org.apache.commons.httpclient.URIException) HttpMalformedHeaderException(org.parosproxy.paros.network.HttpMalformedHeaderException) PatternSyntaxException(java.util.regex.PatternSyntaxException) KeyManagementException(java.security.KeyManagementException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) JSONException(net.sf.json.JSONException) IOException(java.io.IOException) DatabaseException(org.parosproxy.paros.db.DatabaseException) CertificateException(java.security.cert.CertificateException) Date(java.util.Date) ConnectionParam(org.parosproxy.paros.network.ConnectionParam) HttpMessage(org.parosproxy.paros.network.HttpMessage) DatabaseException(org.parosproxy.paros.db.DatabaseException) File(java.io.File) Session(org.parosproxy.paros.model.Session)

Example 2 with SSLContextManager

use of ch.csnc.extension.httpclient.SSLContextManager in project zaproxy by zaproxy.

the class OptionsParamCertificate method clientCertCheck.

/**
 * Enables ClientCertificate from -config CLI parameters Requires location, password and a flag
 * to use client certificate.
 */
private void clientCertCheck() {
    boolean enableClientCert = getBoolean(USE_CLIENT_CERT, false);
    String certPath = getString(CLIENT_CERT_LOCATION, "");
    String certPass = getString(CLIENT_CERT_PASSWORD, "");
    int certIndex = getInt(CLIENT_CERT_INDEX, 0);
    if (enableClientCert && !certPath.isEmpty() && !certPass.isEmpty()) {
        try {
            SSLContextManager contextManager = getSSLContextManager();
            int ksIndex = contextManager.loadPKCS12Certificate(certPath, certPass);
            contextManager.unlockKey(ksIndex, certIndex, certPass);
            contextManager.setDefaultKey(ksIndex, certIndex);
            setActiveCertificate();
            setEnableCertificate(true);
            logger.info("Client Certificate enabled from CLI");
            logger.info("Use -config certificate.persist=true to save settings");
        } catch (IOException | CertificateException | NoSuchAlgorithmException | KeyStoreException | KeyManagementException ex) {
            logger.error("The certificate could not be enabled due to an error", ex);
        }
    }
}
Also used : SSLContextManager(ch.csnc.extension.httpclient.SSLContextManager) CertificateException(java.security.cert.CertificateException) IOException(java.io.IOException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) KeyStoreException(java.security.KeyStoreException) KeyManagementException(java.security.KeyManagementException)

Aggregations

SSLContextManager (ch.csnc.extension.httpclient.SSLContextManager)2 IOException (java.io.IOException)2 KeyManagementException (java.security.KeyManagementException)2 KeyStoreException (java.security.KeyStoreException)2 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)2 CertificateException (java.security.cert.CertificateException)2 File (java.io.File)1 Path (java.nio.file.Path)1 ArrayList (java.util.ArrayList)1 Date (java.util.Date)1 List (java.util.List)1 PatternSyntaxException (java.util.regex.PatternSyntaxException)1 JSONException (net.sf.json.JSONException)1 URI (org.apache.commons.httpclient.URI)1 URIException (org.apache.commons.httpclient.URIException)1 Mode (org.parosproxy.paros.control.Control.Mode)1 DatabaseException (org.parosproxy.paros.db.DatabaseException)1 OptionsParamCertificate (org.parosproxy.paros.extension.option.OptionsParamCertificate)1 Session (org.parosproxy.paros.model.Session)1 SiteMap (org.parosproxy.paros.model.SiteMap)1