Examples with SuppressForbidden - de.thetaphi.forbiddenapis.SuppressForbidden

Example 1 with SuppressForbidden

use of de.thetaphi.forbiddenapis.SuppressForbidden in project knox by apache.

the class KnoxSession method executeNow.

@SuppressForbidden
public CloseableHttpResponse executeNow(HttpRequest request) throws IOException {
    /* check for kerberos */
    if (isKerberos) {
        Subject subject = Subject.getSubject(AccessController.getContext());
        try {
            if (subject == null) {
                LOG.noSubjectAvailable();
                Configuration jaasConf;
                try {
                    jaasConf = new JAASClientConfig(jaasConfigURL);
                } catch (Exception e) {
                    LOG.failedToLoadJAASConfiguration(jaasConfigURL.toExternalForm());
                    throw new KnoxShellException(e.toString(), e);
                }
                LoginContext lc = new LoginContext(JGSS_LOGIN_MOUDLE, null, new TextCallbackHandler(), jaasConf);
                lc.login();
                subject = lc.getSubject();
            }
            return Subject.doAs(subject, (PrivilegedAction<CloseableHttpResponse>) () -> {
                CloseableHttpResponse response;
                try {
                    response = client.execute(host, request, context);
                    if (response.getStatusLine().getStatusCode() < 400) {
                        return response;
                    } else {
                        throw new ErrorResponse(request.getRequestLine().getUri() + ": ", response);
                    }
                } catch (final IOException e) {
                    throw new KnoxShellException(e.toString(), e);
                }
            });
        } catch (final LoginException e) {
            throw new KnoxShellException(e.toString(), e);
        }
    } else {
        CloseableHttpResponse response = client.execute(host, request, context);
        if (response.getStatusLine().getStatusCode() < 400) {
            return response;
        } else {
            throw new ErrorResponse(request.getRequestLine().getUri() + ": ", response);
        }
    }
}

Also used : LoginContext(javax.security.auth.login.LoginContext) Configuration(javax.security.auth.login.Configuration) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) LoginException(javax.security.auth.login.LoginException) IOException(java.io.IOException) Subject(javax.security.auth.Subject) LoginException(javax.security.auth.login.LoginException) OverlappingFileLockException(java.nio.channels.OverlappingFileLockException) URISyntaxException(java.net.URISyntaxException) TimeoutException(java.util.concurrent.TimeoutException) KeyStoreException(java.security.KeyStoreException) GeneralSecurityException(java.security.GeneralSecurityException) FileNotFoundException(java.io.FileNotFoundException) NoSuchAlgorithmException(java.security.NoSuchAlgorithmException) IOException(java.io.IOException) CertificateException(java.security.cert.CertificateException) ExecutionException(java.util.concurrent.ExecutionException) TextCallbackHandler(com.sun.security.auth.callback.TextCallbackHandler) SuppressForbidden(de.thetaphi.forbiddenapis.SuppressForbidden)

Example 2 with SuppressForbidden

use of de.thetaphi.forbiddenapis.SuppressForbidden in project checkstyle by checkstyle.

the class PackageDeclarationCheckTest method testEmptyFile.

@SuppressForbidden
@Test
public void testEmptyFile() throws Exception {
    final DefaultConfiguration checkConfig = createModuleConfig(PackageDeclarationCheck.class);
    final String[] expected = CommonUtil.EMPTY_STRING_ARRAY;
    verify(checkConfig, getNonCompilablePath("InputPackageDeclarationEmptyFile.java"), expected);
}

Also used : DefaultConfiguration(com.puppycrawl.tools.checkstyle.DefaultConfiguration) Test(org.junit.jupiter.api.Test) SuppressForbidden(de.thetaphi.forbiddenapis.SuppressForbidden)

Example 3 with SuppressForbidden

use of de.thetaphi.forbiddenapis.SuppressForbidden in project knox by apache.

the class KnoxSession method createClient.

@SuppressForbidden
protected CloseableHttpClient createClient(ClientContext clientContext) throws GeneralSecurityException {
    // SSL
    HostnameVerifier hostnameVerifier = NoopHostnameVerifier.INSTANCE;
    TrustStrategy trustStrategy = null;
    if (clientContext.connection().secure()) {
        hostnameVerifier = SSLConnectionSocketFactory.getDefaultHostnameVerifier();
    } else {
        trustStrategy = TrustSelfSignedStrategy.INSTANCE;
        System.out.println("**************** WARNING ******************\n" + "This is an insecure client instance and may\n" + "leave the interactions subject to a man in\n" + "the middle attack. Please use the login()\n" + "method instead of loginInsecure() for any\n" + "sensitive or production usecases.\n" + "*******************************************");
    }
    KeyStore trustStore = getTrustStore(clientContext);
    SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(trustStore, trustStrategy).build();
    Registry<ConnectionSocketFactory> registry = RegistryBuilder.<ConnectionSocketFactory>create().register("http", PlainConnectionSocketFactory.getSocketFactory()).register("https", new SSLConnectionSocketFactory(sslContext, hostnameVerifier)).build();
    // Pool
    PoolingHttpClientConnectionManager connectionManager = new PoolingHttpClientConnectionManager(registry);
    connectionManager.setMaxTotal(clientContext.pool().maxTotal());
    connectionManager.setDefaultMaxPerRoute(clientContext.pool().defaultMaxPerRoute());
    ConnectionConfig connectionConfig = ConnectionConfig.custom().setBufferSize(clientContext.connection().bufferSize()).build();
    connectionManager.setDefaultConnectionConfig(connectionConfig);
    SocketConfig socketConfig = SocketConfig.custom().setSoKeepAlive(clientContext.socket().keepalive()).setSoLinger(clientContext.socket().linger()).setSoReuseAddress(clientContext.socket().reuseAddress()).setSoTimeout(clientContext.socket().timeout()).setTcpNoDelay(clientContext.socket().tcpNoDelay()).build();
    connectionManager.setDefaultSocketConfig(socketConfig);
    // Auth
    URI uri = URI.create(clientContext.url());
    host = new HttpHost(uri.getHost(), uri.getPort(), uri.getScheme());
    /* kerberos auth */
    if (clientContext.kerberos().enable()) {
        isKerberos = true;
        /* set up system properties */
        if (!StringUtils.isBlank(clientContext.kerberos().krb5Conf())) {
            System.setProperty("java.security.krb5.conf", clientContext.kerberos().krb5Conf());
        }
        if (!StringUtils.isBlank(clientContext.kerberos().jaasConf())) {
            File f = new File(clientContext.kerberos().jaasConf());
            if (f.exists()) {
                try {
                    jaasConfigURL = f.getCanonicalFile().toURI().toURL();
                    LOG.jaasConfigurationLocation(jaasConfigURL.toExternalForm());
                } catch (IOException e) {
                    LOG.failedToLocateJAASConfiguration(e.getMessage());
                }
            } else {
                LOG.jaasConfigurationDoesNotExist(f.getAbsolutePath());
            }
        }
        // Fall back to the default JAAS config
        if (jaasConfigURL == null) {
            LOG.usingDefaultJAASConfiguration();
            jaasConfigURL = getClass().getResource(DEFAULT_JAAS_FILE);
            LOG.jaasConfigurationLocation(jaasConfigURL.toExternalForm());
        }
        if (clientContext.kerberos().debug()) {
            System.setProperty("sun.security.krb5.debug", "true");
            System.setProperty("sun.security.jgss.debug", "true");
        }
        // (KNOX-2001) Log a warning if the useSubjectCredsOnly restriction is "relaxed"
        String useSubjectCredsOnly = System.getProperty("javax.security.auth.useSubjectCredsOnly");
        if (useSubjectCredsOnly != null && !Boolean.parseBoolean(useSubjectCredsOnly)) {
            LOG.useSubjectCredsOnlyIsFalse();
        }
        final Registry<AuthSchemeProvider> authSchemeRegistry = RegistryBuilder.<AuthSchemeProvider>create().register(AuthSchemes.SPNEGO, new SPNegoSchemeFactory(true)).build();
        return HttpClients.custom().setConnectionManager(connectionManager).setDefaultAuthSchemeRegistry(authSchemeRegistry).setDefaultCredentialsProvider(EMPTY_CREDENTIALS_PROVIDER).build();
    } else {
        AuthCache authCache = new BasicAuthCache();
        BasicScheme authScheme = new BasicScheme();
        authCache.put(host, authScheme);
        context = new BasicHttpContext();
        context.setAttribute(org.apache.http.client.protocol.HttpClientContext.AUTH_CACHE, authCache);
        CredentialsProvider credentialsProvider = null;
        if (clientContext.username() != null && clientContext.password() != null) {
            credentialsProvider = new BasicCredentialsProvider();
            credentialsProvider.setCredentials(new AuthScope(host.getHostName(), host.getPort()), new UsernamePasswordCredentials(clientContext.username(), clientContext.password()));
        }
        return HttpClients.custom().setConnectionManager(connectionManager).setDefaultCredentialsProvider(credentialsProvider).build();
    }
}

Also used : TrustStrategy(org.apache.http.conn.ssl.TrustStrategy) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) BasicHttpContext(org.apache.http.protocol.BasicHttpContext) BasicAuthCache(org.apache.http.impl.client.BasicAuthCache) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) URI(java.net.URI) SSLConnectionSocketFactory(org.apache.http.conn.ssl.SSLConnectionSocketFactory) ConnectionSocketFactory(org.apache.http.conn.socket.ConnectionSocketFactory) PlainConnectionSocketFactory(org.apache.http.conn.socket.PlainConnectionSocketFactory) HttpHost(org.apache.http.HttpHost) ConnectionConfig(org.apache.http.config.ConnectionConfig) BasicScheme(org.apache.http.impl.auth.BasicScheme) SocketConfig(org.apache.http.config.SocketConfig) AuthCache(org.apache.http.client.AuthCache) BasicAuthCache(org.apache.http.impl.client.BasicAuthCache) SSLContext(javax.net.ssl.SSLContext) IOException(java.io.IOException) SPNegoSchemeFactory(org.apache.http.impl.auth.SPNegoSchemeFactory) BasicCredentialsProvider(org.apache.http.impl.client.BasicCredentialsProvider) CredentialsProvider(org.apache.http.client.CredentialsProvider) KeyStore(java.security.KeyStore) NoopHostnameVerifier(org.apache.http.conn.ssl.NoopHostnameVerifier) HostnameVerifier(javax.net.ssl.HostnameVerifier) PoolingHttpClientConnectionManager(org.apache.http.impl.conn.PoolingHttpClientConnectionManager) UsernamePasswordCredentials(org.apache.http.auth.UsernamePasswordCredentials) AuthScope(org.apache.http.auth.AuthScope) AuthSchemeProvider(org.apache.http.auth.AuthSchemeProvider) File(java.io.File) SuppressForbidden(de.thetaphi.forbiddenapis.SuppressForbidden)

Aggregations

SuppressForbidden (de.thetaphi.forbiddenapis.SuppressForbidden)3 IOException (java.io.IOException)2 DefaultConfiguration (com.puppycrawl.tools.checkstyle.DefaultConfiguration)1 TextCallbackHandler (com.sun.security.auth.callback.TextCallbackHandler)1 File (java.io.File)1 FileNotFoundException (java.io.FileNotFoundException)1 URI (java.net.URI)1 URISyntaxException (java.net.URISyntaxException)1 OverlappingFileLockException (java.nio.channels.OverlappingFileLockException)1 GeneralSecurityException (java.security.GeneralSecurityException)1 KeyStore (java.security.KeyStore)1 KeyStoreException (java.security.KeyStoreException)1 NoSuchAlgorithmException (java.security.NoSuchAlgorithmException)1 CertificateException (java.security.cert.CertificateException)1 ExecutionException (java.util.concurrent.ExecutionException)1 TimeoutException (java.util.concurrent.TimeoutException)1 HostnameVerifier (javax.net.ssl.HostnameVerifier)1 SSLContext (javax.net.ssl.SSLContext)1 Subject (javax.security.auth.Subject)1 Configuration (javax.security.auth.login.Configuration)1