Examples with BasicCookieStore org.apache.http.impl.client.BasicCookieStore used on opensource projects

Example 61 with BasicCookieStore

use of org.apache.http.impl.client.BasicCookieStore in project zm-mailbox by Zimbra.

the class StatsImageServlet method doGet.

public void doGet(HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException {
    AuthToken authToken = getAdminAuthTokenFromCookie(req, resp);
    if (authToken == null)
        return;
    String imgName = null;
    InputStream is = null;
    boolean imgAvailable = true;
    boolean localServer = false;
    boolean systemWide = false;
    String serverAddr = "";
    String noDefaultImg = req.getParameter("nodef");
    boolean noDefault = false;
    if (noDefaultImg != null && !noDefaultImg.equals("") && noDefaultImg.equals("1")) {
        noDefault = true;
    }
    String reqPath = req.getRequestURI();
    try {
        // check if this is the logger host, otherwise proxy the request to the logger host
        String serviceHostname = Provisioning.getInstance().getLocalServer().getAttr(Provisioning.A_zimbraServiceHostname);
        String logHost = Provisioning.getInstance().getConfig().getAttr(Provisioning.A_zimbraLogHostname);
        if (!serviceHostname.equalsIgnoreCase(logHost)) {
            StringBuffer url = new StringBuffer("https");
            url.append("://").append(logHost).append(':').append(LC.zimbra_admin_service_port.value());
            url.append(reqPath);
            String queryStr = req.getQueryString();
            if (queryStr != null)
                url.append('?').append(queryStr);
            // create an HTTP client with the same cookies
            BasicCookieStore cookieStore = new BasicCookieStore();
            try {
                BasicClientCookie cookie = new BasicClientCookie(ZimbraCookie.COOKIE_ZM_ADMIN_AUTH_TOKEN, authToken.getEncoded());
                cookie.setDomain(logHost);
                cookie.setPath("/");
                cookie.setSecure(false);
                cookieStore.addCookie(cookie);
            } catch (AuthTokenException ate) {
                throw ServiceException.PROXY_ERROR(ate, url.toString());
            }
            HttpClientBuilder clientBuilder = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
            clientBuilder.setDefaultCookieStore(cookieStore);
            HttpGet get = new HttpGet(url.toString());
            HttpClient client = clientBuilder.build();
            HttpResponse httpResp = null;
            try {
                httpResp = HttpClientUtil.executeMethod(client, get);
                int statusCode = httpResp.getStatusLine().getStatusCode();
                if (statusCode != HttpStatus.SC_OK)
                    throw ServiceException.RESOURCE_UNREACHABLE(httpResp.getStatusLine().getReasonPhrase(), null);
                resp.setContentType("image/gif");
                ByteUtil.copy(httpResp.getEntity().getContent(), true, resp.getOutputStream(), false);
                return;
            } catch (HttpException | IOException e) {
                throw ServiceException.RESOURCE_UNREACHABLE(httpResp.getStatusLine().getReasonPhrase(), e);
            } finally {
                EntityUtils.consumeQuietly(httpResp.getEntity());
            }
        }
    } catch (Exception ex) {
        resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Image not found");
        return;
    }
    try {
        if (reqPath == null || reqPath.length() == 0) {
            resp.sendError(HttpServletResponse.SC_BAD_REQUEST);
            return;
        }
        if (mLog.isDebugEnabled())
            mLog.debug("received request to:(" + reqPath + ")");
        String[] reqParts = reqPath.split("/");
        String reqFilename = reqParts[3];
        imgName = LC.stats_img_folder.value() + File.separator + reqFilename;
        try {
            is = new FileInputStream(imgName);
        } catch (FileNotFoundException ex) {
            // unlikely case - only if the server's files are broken
            if (is != null)
                is.close();
            if (!noDefault) {
                imgName = LC.stats_img_folder.value() + File.separator + IMG_NOT_AVAIL;
                is = new FileInputStream(imgName);
            } else {
                resp.sendError(HttpServletResponse.SC_NOT_FOUND, "Image not found");
                return;
            }
        }
    } catch (Exception ex) {
        if (is != null)
            is.close();
        resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "FNF image File not found");
        return;
    }
    resp.setContentType("image/gif");
    ByteUtil.copy(is, true, resp.getOutputStream(), false);
}

Example 62 with BasicCookieStore

use of org.apache.http.impl.client.BasicCookieStore in project zm-mailbox by Zimbra.

the class ZimbraServlet method proxyServletRequest.

public static void proxyServletRequest(HttpServletRequest req, HttpServletResponse resp, Server server, String uri, AuthToken authToken) throws IOException, ServiceException, HttpException {
    if (server == null) {
        resp.sendError(HttpServletResponse.SC_BAD_REQUEST, "cannot find remote server");
        return;
    }
    HttpRequestBase method;
    String url = getProxyUrl(req, server, uri);
    mLog.debug("Proxy URL = %s", url);
    if (req.getMethod().equalsIgnoreCase("GET")) {
        method = new HttpGet(url);
    } else if (req.getMethod().equalsIgnoreCase("POST") || req.getMethod().equalsIgnoreCase("PUT")) {
        HttpPost post = new HttpPost(url);
        post.setEntity(new InputStreamEntity(req.getInputStream()));
        method = post;
    } else {
        resp.sendError(HttpServletResponse.SC_INTERNAL_SERVER_ERROR, "cannot proxy method: " + req.getMethod());
        return;
    }
    BasicCookieStore state = new BasicCookieStore();
    String hostname = method.getURI().getHost();
    if (authToken != null) {
        authToken.encode(state, false, hostname);
        if (JWTUtil.isJWT(authToken)) {
            try {
                method.addHeader(Constants.AUTH_HEADER, Constants.BEARER + " " + authToken.getEncoded());
            } catch (AuthTokenException e) {
                mLog.debug("auth header not set during request proxy");
            }
        }
    }
    try {
        proxyServletRequest(req, resp, method, state);
    } finally {
        method.releaseConnection();
    }
}

Example 63 with BasicCookieStore

use of org.apache.http.impl.client.BasicCookieStore in project zm-mailbox by Zimbra.

the class SpamExtract method extract.

private static void extract(String authToken, Account account, Server server, String query, File outdir, boolean delete, boolean raw) throws ServiceException, HttpException, SoapFaultException, IOException {
    String soapURL = getSoapURL(server, false);
    URL restURL = getServerURL(server, false);
    // CLI only, don't need conn mgr
    HttpClientBuilder hc = HttpClientBuilder.create();
    BasicCookieStore cookieStore = new BasicCookieStore();
    HttpGet gm = new HttpGet();
    hc.setRedirectStrategy(new DefaultRedirectStrategy());
    BasicClientCookie cookie = new BasicClientCookie(ZimbraCookie.COOKIE_ZM_AUTH_TOKEN, authToken);
    cookie.setDomain(restURL.getHost());
    cookie.setPath("/");
    cookie.setSecure(false);
    cookie.setExpiryDate(null);
    cookieStore.addCookie(cookie);
    hc.setDefaultCookieStore(cookieStore);
    HttpHost target = new HttpHost(restURL.getHost(), restURL.getPort(), null);
    SocketConfig config = SocketConfig.custom().setSoTimeout(60000).build();
    hc.setDefaultSocketConfig(config);
    if (verbose) {
        LOG.info("Mailbox requests to: " + restURL);
    }
    SoapHttpTransport transport = new SoapHttpTransport(soapURL);
    transport.setRetryCount(1);
    transport.setTimeout(0);
    transport.setAuthToken(authToken);
    int totalProcessed = 0;
    boolean haveMore = true;
    int offset = 0;
    while (haveMore) {
        Element searchReq = new Element.XMLElement(MailConstants.SEARCH_REQUEST);
        searchReq.addElement(MailConstants.A_QUERY).setText(query);
        searchReq.addAttribute(MailConstants.A_SEARCH_TYPES, MailItem.Type.MESSAGE.toString());
        searchReq.addAttribute(MailConstants.A_QUERY_OFFSET, offset);
        searchReq.addAttribute(MailConstants.A_LIMIT, BATCH_SIZE);
        try {
            if (LOG.isDebugEnabled()) {
                LOG.debug(searchReq.prettyPrint());
            }
            Element searchResp = transport.invoke(searchReq, false, true, account.getId());
            if (LOG.isDebugEnabled()) {
                LOG.debug(searchResp.prettyPrint());
            }
            StringBuilder deleteList = new StringBuilder();
            List<String> ids = new ArrayList<String>();
            for (Iterator<Element> iter = searchResp.elementIterator(MailConstants.E_MSG); iter.hasNext(); ) {
                offset++;
                Element e = iter.next();
                String mid = e.getAttribute(MailConstants.A_ID);
                if (mid == null) {
                    LOG.warn("null message id SOAP response");
                    continue;
                }
                LOG.debug("adding id %s", mid);
                ids.add(mid);
                if (ids.size() >= BATCH_SIZE || !iter.hasNext()) {
                    StringBuilder path = new StringBuilder(restURL.toString() + "/service/user/" + account.getName() + "/?fmt=tgz&list=" + StringUtils.join(ids, ","));
                    LOG.debug("sending request for path %s", path.toString());
                    List<String> extractedIds = extractMessages(hc, gm, path.toString(), outdir, raw);
                    if (ids.size() > extractedIds.size()) {
                        ids.removeAll(extractedIds);
                        LOG.warn("failed to extract %s", ids);
                    }
                    for (String id : extractedIds) {
                        deleteList.append(id).append(',');
                    }
                    ids.clear();
                }
                totalProcessed++;
            }
            haveMore = false;
            String more = searchResp.getAttribute(MailConstants.A_QUERY_MORE);
            if (more != null && more.length() > 0) {
                try {
                    int m = Integer.parseInt(more);
                    if (m > 0) {
                        haveMore = true;
                        try {
                            Thread.sleep(SLEEP_TIME);
                        } catch (InterruptedException e) {
                        }
                    }
                } catch (NumberFormatException nfe) {
                    LOG.warn("more flag from server not a number: " + more, nfe);
                }
            }
            if (delete && deleteList.length() > 0) {
                // -1 removes trailing comma
                deleteList.deleteCharAt(deleteList.length() - 1);
                Element msgActionReq = new Element.XMLElement(MailConstants.MSG_ACTION_REQUEST);
                Element action = msgActionReq.addElement(MailConstants.E_ACTION);
                action.addAttribute(MailConstants.A_ID, deleteList.toString());
                action.addAttribute(MailConstants.A_OPERATION, ItemAction.OP_HARD_DELETE);
                if (LOG.isDebugEnabled()) {
                    LOG.debug(msgActionReq.prettyPrint());
                }
                Element msgActionResp = transport.invoke(msgActionReq, false, true, account.getId());
                if (LOG.isDebugEnabled()) {
                    LOG.debug(msgActionResp.prettyPrint());
                }
                // put offset back to 0 so we always get top N messages even after delete
                offset = 0;
            }
        } finally {
            gm.releaseConnection();
        }
    }
    LOG.info("Total messages processed: " + totalProcessed);
}

Example 64 with BasicCookieStore

use of org.apache.http.impl.client.BasicCookieStore in project zm-mailbox by Zimbra.

the class TestFileUpload method testAdminUploadWithCsrfInHeader.

@Test
public void testAdminUploadWithCsrfInHeader() throws Exception {
    SoapHttpTransport transport = new SoapHttpTransport(TestUtil.getAdminSoapUrl());
    com.zimbra.soap.admin.message.AuthRequest req = new com.zimbra.soap.admin.message.AuthRequest(LC.zimbra_ldap_user.value(), LC.zimbra_ldap_password.value());
    req.setCsrfSupported(true);
    Element response = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
    com.zimbra.soap.admin.message.AuthResponse authResp = JaxbUtil.elementToJaxb(response);
    String authToken = authResp.getAuthToken();
    String csrfToken = authResp.getCsrfToken();
    int port = 7071;
    try {
        port = Provisioning.getInstance().getLocalServer().getIntAttr(Provisioning.A_zimbraAdminPort, 0);
    } catch (ServiceException e) {
        ZimbraLog.test.error("Unable to get admin SOAP port", e);
    }
    String Url = "https://localhost:" + port + ADMIN_UPLOAD_URL;
    HttpPost post = new HttpPost(Url);
    String contentType = "application/x-msdownload";
    HttpClientBuilder clientBuilder = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
    BasicCookieStore state = new BasicCookieStore();
    BasicClientCookie cookie = new BasicClientCookie(ZimbraCookie.authTokenCookieName(true), authToken);
    cookie.setDomain("localhost");
    cookie.setPath("/");
    cookie.setSecure(false);
    state.addCookie(cookie);
    clientBuilder.setDefaultCookieStore(state);
    RequestConfig reqConfig = RequestConfig.copy(ZimbraHttpConnectionManager.getInternalHttpConnMgr().getZimbraConnMgrParams().getReqConfig()).setCookieSpec(CookieSpecs.BROWSER_COMPATIBILITY).build();
    clientBuilder.setDefaultRequestConfig(reqConfig);
    MultipartEntityBuilder builder = MultipartEntityBuilder.create();
    builder.addBinaryBody(FILE_NAME, "some file content".getBytes(), ContentType.create(contentType), FILE_NAME);
    HttpEntity httpEntity = builder.build();
    post.setEntity(httpEntity);
    HttpClient client = clientBuilder.build();
    post.addHeader(Constants.CSRF_TOKEN, csrfToken);
    HttpResponse httpResponse = HttpClientUtil.executeMethod(client, post);
    int statusCode = httpResponse.getStatusLine().getStatusCode();
    Assert.assertEquals("This request should succeed. Getting status code " + statusCode, HttpStatus.SC_OK, statusCode);
    String resp = EntityUtils.toString(httpResponse.getEntity());
    Assert.assertNotNull("Response should not be empty", resp);
    Assert.assertTrue("Incorrect HTML response", resp.contains(RESP_STR));
}

Example 65 with BasicCookieStore

use of org.apache.http.impl.client.BasicCookieStore in project zm-mailbox by Zimbra.

the class TestFileUpload method testMissingCsrfAdminUpload.

@Test
public void testMissingCsrfAdminUpload() throws Exception {
    SoapHttpTransport transport = new SoapHttpTransport(TestUtil.getAdminSoapUrl());
    com.zimbra.soap.admin.message.AuthRequest req = new com.zimbra.soap.admin.message.AuthRequest(LC.zimbra_ldap_user.value(), LC.zimbra_ldap_password.value());
    req.setCsrfSupported(true);
    Element response = transport.invoke(JaxbUtil.jaxbToElement(req, SoapProtocol.SoapJS.getFactory()));
    com.zimbra.soap.admin.message.AuthResponse authResp = JaxbUtil.elementToJaxb(response);
    String authToken = authResp.getAuthToken();
    int port = 7071;
    try {
        port = Provisioning.getInstance().getLocalServer().getIntAttr(Provisioning.A_zimbraAdminPort, 0);
    } catch (ServiceException e) {
        ZimbraLog.test.error("Unable to get admin SOAP port", e);
    }
    String Url = "https://localhost:" + port + ADMIN_UPLOAD_URL;
    HttpPost post = new HttpPost(Url);
    String contentType = "application/x-msdownload";
    HttpClientBuilder clientBuilder = ZimbraHttpConnectionManager.getInternalHttpConnMgr().newHttpClient();
    BasicCookieStore state = new BasicCookieStore();
    BasicClientCookie cookie = new BasicClientCookie(ZimbraCookie.authTokenCookieName(true), authToken);
    cookie.setDomain("localhost");
    cookie.setPath("/");
    cookie.setSecure(false);
    state.addCookie(cookie);
    clientBuilder.setDefaultCookieStore(state);
    RequestConfig reqConfig = RequestConfig.copy(ZimbraHttpConnectionManager.getInternalHttpConnMgr().getZimbraConnMgrParams().getReqConfig()).setCookieSpec(CookieSpecs.BROWSER_COMPATIBILITY).build();
    clientBuilder.setDefaultRequestConfig(reqConfig);
    MultipartEntityBuilder builder = MultipartEntityBuilder.create();
    builder.addBinaryBody(FILE_NAME, "some file content".getBytes(), ContentType.create(contentType), FILE_NAME);
    HttpEntity httpEntity = builder.build();
    post.setEntity(httpEntity);
    HttpClient client = clientBuilder.build();
    HttpResponse httpResponse = HttpClientUtil.executeMethod(client, post);
    int statusCode = httpResponse.getStatusLine().getStatusCode();
    Assert.assertEquals("This request should succeed. Getting status code " + statusCode, HttpStatus.SC_OK, statusCode);
    String resp = EntityUtils.toString(httpResponse.getEntity());
    Assert.assertNotNull("Response should not be empty", resp);
    Assert.assertTrue("Incorrect HTML response", resp.contains(RESP_STR));
}