use of org.zaproxy.zap.ZapHttpConnectionManager in project zaproxy by zaproxy.
the class HttpSender method executeMethod.
public int executeMethod(HttpMethod method, HttpState state) throws IOException {
int responseCode = -1;
String hostName;
hostName = method.getURI().getHost();
method.setDoAuthentication(true);
HostConfiguration hc = null;
HttpClient requestClient;
if (isConnectionUpgrade(method)) {
requestClient = new HttpClient(new ZapHttpConnectionManager());
if (param.isUseProxy(hostName)) {
requestClient.getHostConfiguration().setProxy(param.getProxyChainName(), param.getProxyChainPort());
if (param.isUseProxyChainAuth()) {
requestClient.getState().setProxyCredentials(getAuthScope(param), getNTCredentials(param));
}
}
} else if (param.isUseProxy(hostName)) {
requestClient = clientViaProxy;
} else {
requestClient = client;
}
if (this.initiator == CHECK_FOR_UPDATES_INITIATOR) {
// Use the 'strict' SSLConnector, ie one that performs all the usual cert checks
// The 'standard' one 'trusts' everything
// This is to ensure that all 'check-for update' calls are made to the expected https urls
// without this is would be possible to intercept and change the response which could result
// in the user downloading and installing a malicious add-on
hc = new HostConfiguration() {
@Override
public synchronized void setHost(URI uri) {
try {
setHost(new HttpHost(uri.getHost(), uri.getPort(), getProtocol()));
} catch (URIException e) {
throw new IllegalArgumentException(e.toString());
}
}
;
};
hc.setHost(hostName, method.getURI().getPort(), new Protocol("https", (ProtocolSocketFactory) new SSLConnector(false), 443));
if (param.isUseProxy(hostName)) {
hc.setProxyHost(new ProxyHost(param.getProxyChainName(), param.getProxyChainPort()));
if (param.isUseProxyChainAuth()) {
requestClient.getState().setProxyCredentials(getAuthScope(param), getNTCredentials(param));
}
}
}
// ZAP: Check if a custom state is being used
if (state != null) {
// Make sure cookies are enabled
method.getParams().setCookiePolicy(CookiePolicy.BROWSER_COMPATIBILITY);
}
responseCode = requestClient.executeMethod(hc, method, state);
return responseCode;
}
Aggregations