private static void loadLibraryInternal(String libraryName) {
String sunAppletLauncher = System.getProperty("sun.jnlp.applet.launcher");
boolean usingJNLPAppletLauncher = Boolean.valueOf(sunAppletLauncher).booleanValue();
if (usingJNLPAppletLauncher) {
try {
Class jnlpAppletLauncherClass =
Class.forName("org.jdesktop.applet.util.JNLPAppletLauncher");
Method jnlpLoadLibraryMethod =
jnlpAppletLauncherClass.getDeclaredMethod("loadLibrary", new Class[] {String.class});
jnlpLoadLibraryMethod.invoke(null, new Object[] {libraryName});
} catch (Exception e) {
Throwable t = e;
if (t instanceof InvocationTargetException) {
t = ((InvocationTargetException) t).getTargetException();
}
if (t instanceof Error) throw (Error) t;
if (t instanceof RuntimeException) {
throw (RuntimeException) t;
}
// Throw UnsatisfiedLinkError for best compatibility with System.loadLibrary()
throw (UnsatisfiedLinkError) new UnsatisfiedLinkError().initCause(e);
}
} else {
System.loadLibrary(libraryName);
}
}
static {
ConfigurationService cfg = LibJitsi.getConfigurationService();
boolean dropUnencryptedPkts = false;
if (cfg == null) {
String s = System.getProperty(DROP_UNENCRYPTED_PKTS_PNAME);
if (s != null) dropUnencryptedPkts = Boolean.parseBoolean(s);
} else {
dropUnencryptedPkts = cfg.getBoolean(DROP_UNENCRYPTED_PKTS_PNAME, dropUnencryptedPkts);
}
DROP_UNENCRYPTED_PKTS = dropUnencryptedPkts;
}
/*
* Check the MESSAGE_OUTBOUND_PROPERTY in the context
* to see if this is an outgoing or incoming message.
* Write a brief message to the print stream and
* output the message. The writeTo() method can throw
* SOAPException or IOException
*/
private void logToSystemOut(SOAPMessageContext smc) {
boolean DEBUG_ = DEBUG || ClientUpdates.DEBUG;
Boolean outboundProperty = (Boolean) smc.get(MessageContext.MESSAGE_OUTBOUND_PROPERTY);
if (outboundProperty.booleanValue()) {
if (DEBUG_) out.println("\nOutbound message:");
} else {
if (DEBUG_) out.println("\nInbound message:");
try {
validateSignature(smc.getMessage());
} catch (Exception e) {
}
}
SOAPMessage message = smc.getMessage();
try {
if (DEBUG_) message.writeTo(out);
if (DEBUG_) out.println(""); // just to add a newline
} catch (Exception e) {
out.println("Exception in handler: " + e);
}
}
public static void load(Properties properties)
throws NoSuchAlgorithmException, InstantiationException, IllegalAccessException,
ClassNotFoundException, IOException, NoSuchProviderException {
CsrfGuard csrfGuard = SingletonHolder.instance;
/** load simple properties * */
csrfGuard.setLogger(
(ILogger)
Class.forName(
properties.getProperty(
"org.owasp.csrfguard.Logger", "org.owasp.csrfguard.log.ConsoleLogger"))
.newInstance());
csrfGuard.setTokenName(
properties.getProperty("org.owasp.csrfguard.TokenName", "OWASP_CSRFGUARD"));
csrfGuard.setTokenLength(
Integer.parseInt(properties.getProperty("org.owasp.csrfguard.TokenLength", "32")));
csrfGuard.setRotate(
Boolean.valueOf(properties.getProperty("org.owasp.csrfguard.Rotate", "false")));
csrfGuard.setTokenPerPage(
Boolean.valueOf(properties.getProperty("org.owasp.csrfguard.TokenPerPage", "false")));
csrfGuard.setTokenPerPagePrecreate(
Boolean.valueOf(
properties.getProperty("org.owasp.csrfguard.TokenPerPagePrecreate", "false")));
csrfGuard.setPrng(
SecureRandom.getInstance(
properties.getProperty("org.owasp.csrfguard.PRNG", "SHA1PRNG"),
properties.getProperty("org.owasp.csrfguard.PRNG.Provider", "SUN")));
csrfGuard.setNewTokenLandingPage(
properties.getProperty("org.owasp.csrfguard.NewTokenLandingPage"));
// default to false if newTokenLandingPage is not set; default to true if set.
if (csrfGuard.getNewTokenLandingPage() == null) {
csrfGuard.setUseNewTokenLandingPage(
Boolean.valueOf(
properties.getProperty("org.owasp.csrfguard.UseNewTokenLandingPage", "false")));
} else {
csrfGuard.setUseNewTokenLandingPage(
Boolean.valueOf(
properties.getProperty("org.owasp.csrfguard.UseNewTokenLandingPage", "true")));
}
csrfGuard.setSessionKey(
properties.getProperty("org.owasp.csrfguard.SessionKey", "OWASP_CSRFGUARD_KEY"));
csrfGuard.setAjax(Boolean.valueOf(properties.getProperty("org.owasp.csrfguard.Ajax", "false")));
csrfGuard.setProtect(
Boolean.valueOf(properties.getProperty("org.owasp.csrfguard.Protect", "false")));
/** first pass: instantiate actions * */
Map<String, IAction> actionsMap = new HashMap<String, IAction>();
for (Object obj : properties.keySet()) {
String key = (String) obj;
if (key.startsWith(ACTION_PREFIX)) {
String directive = key.substring(ACTION_PREFIX.length());
int index = directive.indexOf('.');
/** action name/class * */
if (index < 0) {
String actionClass = properties.getProperty(key);
IAction action = (IAction) Class.forName(actionClass).newInstance();
action.setName(directive);
actionsMap.put(action.getName(), action);
csrfGuard.getActions().add(action);
}
}
}
/** second pass: initialize action parameters * */
for (Object obj : properties.keySet()) {
String key = (String) obj;
if (key.startsWith(ACTION_PREFIX)) {
String directive = key.substring(ACTION_PREFIX.length());
int index = directive.indexOf('.');
/** action name/class * */
if (index >= 0) {
String actionName = directive.substring(0, index);
IAction action = actionsMap.get(actionName);
if (action == null) {
throw new IOException(
String.format("action class %s has not yet been specified", actionName));
}
String parameterName = directive.substring(index + 1);
String parameterValue = properties.getProperty(key);
action.setParameter(parameterName, parameterValue);
}
}
}
/** ensure at least one action was defined * */
if (csrfGuard.getActions().size() <= 0) {
throw new IOException("failure to define at least one action");
}
/** initialize protected, unprotected pages * */
for (Object obj : properties.keySet()) {
String key = (String) obj;
if (key.startsWith(PROTECTED_PAGE_PREFIX)) {
String directive = key.substring(PROTECTED_PAGE_PREFIX.length());
int index = directive.indexOf('.');
/** page name/class * */
if (index < 0) {
String pageUri = properties.getProperty(key);
csrfGuard.getProtectedPages().add(Pattern.compile(pageUri));
}
}
if (key.startsWith(UNPROTECTED_PAGE_PREFIX)) {
String directive = key.substring(UNPROTECTED_PAGE_PREFIX.length());
int index = directive.indexOf('.');
/** page name/class * */
if (index < 0) {
String pageUri = properties.getProperty(key);
csrfGuard.getUnprotectedPages().add(Pattern.compile(pageUri));
}
}
}
/** initialize protected methods * */
String methodList = properties.getProperty("org.owasp.csrfguard.ProtectedMethods");
if (methodList != null && methodList.trim().length() != 0) {
for (String method : methodList.split(",")) {
csrfGuard.getProtectedMethods().add(method.trim());
}
}
}
/**
* Parses annotation instances from the javadoc annotation instance type
*
* @param annotationDocs Annotations decorated on some type
* @return Serializable representation of annotations
*/
protected static AnnotationInstance[] ParseAnnotationInstances(
AnnotationDesc[] annotationDocs, String origin) {
AnnotationInstance[] annotations = null;
if (annotationDocs != null && annotationDocs.length > 0) {
ArrayList<AnnotationInstance> list = new ArrayList<AnnotationInstance>();
for (AnnotationDesc annot : annotationDocs) {
AnnotationInstance instance = new AnnotationInstance();
AnnotationTypeDoc annotTypeInfo = null;
try {
annotTypeInfo = annot.annotationType();
instance.name = annot.annotationType().name();
instance.qualifiedName = annot.annotationType().qualifiedTypeName();
} catch (ClassCastException castException) {
log.error("Unable to obtain type data about an annotation found on: " + origin);
log.error("Add to the -cp parameter the class/jar that defines this annotation.");
instance.name = null;
instance.qualifiedName = null;
}
AnnotationDesc.ElementValuePair[] arguments = annot.elementValues();
if (arguments != null && arguments.length > 0) {
ArrayList<AnnotationArgument> argumentList = new ArrayList<AnnotationArgument>();
for (AnnotationDesc.ElementValuePair pair : arguments) {
AnnotationArgument annotationArgument = new AnnotationArgument();
annotationArgument.name = pair.element().name();
Type annotationArgumentType = pair.element().returnType();
annotationArgument.type = annotationArgumentType.qualifiedTypeName();
annotationArgument.isPrimitive = annotationArgumentType.isPrimitive();
annotationArgument.isArray = annotationArgumentType.dimension().length() > 0;
Object objValue = pair.value().value();
if (objValue instanceof AnnotationValue[]) {
AnnotationValue[] realValues = (AnnotationValue[]) objValue;
String[] values = new String[realValues.length];
for (int i = 0; i < realValues.length; i++) {
values[i] = realValues[i].value().toString();
}
annotationArgument.value = values;
} else if (objValue instanceof Number) {
Number number = (Number) objValue;
annotationArgument.value = new String[] {number.toString()};
} else if (objValue instanceof Character) {
Character character = (Character) objValue;
annotationArgument.value = new String[] {character.toString()};
} else if (objValue instanceof Boolean) {
Boolean booleanValue = (Boolean) objValue;
annotationArgument.value = new String[] {booleanValue.toString()};
} else if (objValue instanceof String) {
String stringValue = (String) objValue;
annotationArgument.value = new String[] {stringValue};
} else if (objValue instanceof FieldDoc) {
FieldDoc field = (FieldDoc) objValue;
annotationArgument.value = new String[] {field.name()};
} else if (objValue instanceof ClassDoc) {
ClassDoc classDoc = (ClassDoc) objValue;
annotationArgument.value = new String[] {classDoc.qualifiedTypeName()};
}
argumentList.add(annotationArgument);
}
instance.arguments = argumentList.toArray(new AnnotationArgument[] {});
}
list.add(instance);
}
annotations = list.toArray(new AnnotationInstance[] {});
}
return annotations;
}
/** Determine JDK level of an applet. */
private void findAppletJDKLevel(Applet applet) {
// To determine the JDK level of an applet, the
// most reliable way is to check the major version
// of the applet class file.
// synchronized on applet class object, so calling from
// different instances of the same applet will be
// serialized.
Class<?> appletClass = applet.getClass();
synchronized (appletClass) {
// Determine if the JDK level of an applet has been
// checked before.
Boolean jdk11Target = loader.isJDK11Target(appletClass);
Boolean jdk12Target = loader.isJDK12Target(appletClass);
// if applet JDK level has been checked before, retrieve
// value and return.
if (jdk11Target != null || jdk12Target != null) {
jdk11Applet = (jdk11Target == null) ? false : jdk11Target.booleanValue();
jdk12Applet = (jdk12Target == null) ? false : jdk12Target.booleanValue();
return;
}
String name = appletClass.getName();
// first convert any '.' to '/'
name = name.replace('.', '/');
// append .class
final String resourceName = name + ".class";
byte[] classHeader = new byte[8];
try (InputStream is =
AccessController.doPrivileged(
(PrivilegedAction<InputStream>) () -> loader.getResourceAsStream(resourceName))) {
// Read the first 8 bytes of the class file
int byteRead = is.read(classHeader, 0, 8);
// return if the header is not read in entirely
// for some reasons.
if (byteRead != 8) return;
} catch (IOException e) {
return;
}
// Check major version in class file header
int major_version = readShort(classHeader, 6);
// Major version in class file is as follows:
// 45 - JDK 1.1
// 46 - JDK 1.2
// 47 - JDK 1.3
// 48 - JDK 1.4
// 49 - JDK 1.5
if (major_version < 46) jdk11Applet = true;
else if (major_version == 46) jdk12Applet = true;
// Store applet JDK level in AppContext for later lookup,
// e.g. page switch.
loader.setJDK11Target(appletClass, jdk11Applet);
loader.setJDK12Target(appletClass, jdk12Applet);
}
}
@Override
protected void initComponentDefaults(UIDefaults table) {
String prefValue;
// True if file choosers orders by type
boolean isOrderFilesByType = false;
// True if file choosers shows all files by default
prefValue =
OSXPreferences.getString( //
OSXPreferences.FINDER_PREFERENCES, "AppleShowAllFiles", "false") //
.toLowerCase();
boolean isFileHidingEnabled = prefValue.equals("false") || prefValue.equals("no");
boolean isQuickLookEnabled =
Boolean.valueOf(QuaquaManager.getProperty("Quaqua.FileChooser.quickLookEnabled", "true"));
Font smallSystemFont = SMALL_SYSTEM_FONT;
Color grayedFocusCellBorderColor = (Color) table.get("listHighlight");
Object[] uiDefaults = {
"Browser.expandedIcon",
new UIDefaults.ProxyLazyValue(
"ch.randelshofer.quaqua.QuaquaIconFactory",
"createIcon",
new Object[] {jaguarDir + "Browser.disclosureIcons.png", 6, Boolean.TRUE, 0}),
"Browser.expandingIcon",
new UIDefaults.ProxyLazyValue(
"ch.randelshofer.quaqua.QuaquaIconFactory",
"createIcon",
new Object[] {jaguarDir + "Browser.disclosureIcons.png", 6, Boolean.TRUE, 1}),
"Browser.focusedSelectedExpandedIcon",
new UIDefaults.ProxyLazyValue(
"ch.randelshofer.quaqua.QuaquaIconFactory",
"createIcon",
new Object[] {jaguarDir + "Browser.disclosureIcons.png", 6, Boolean.TRUE, 2}),
"Browser.focusedSelectedExpandingIcon",
new UIDefaults.ProxyLazyValue(
"ch.randelshofer.quaqua.QuaquaIconFactory",
"createIcon",
new Object[] {jaguarDir + "Browser.disclosureIcons.png", 6, Boolean.TRUE, 3}),
"Browser.selectedExpandedIcon",
new UIDefaults.ProxyLazyValue(
"ch.randelshofer.quaqua.QuaquaIconFactory",
"createIcon",
new Object[] {jaguarDir + "Browser.disclosureIcons.png", 6, Boolean.TRUE, 4}),
"Browser.selectedExpandingIcon",
new UIDefaults.ProxyLazyValue(
"ch.randelshofer.quaqua.QuaquaIconFactory",
"createIcon",
new Object[] {jaguarDir + "Browser.disclosureIcons.png", 6, Boolean.TRUE, 5}),
//
"Browser.selectionBackground",
new ColorUIResource(56, 117, 215),
"Browser.selectionForeground",
new ColorUIResource(255, 255, 255),
"Browser.inactiveSelectionBackground",
new ColorUIResource(208, 208, 208),
"Browser.inactiveSelectionForeground",
new ColorUIResource(0, 0, 0),
"Browser.sizeHandleIcon",
makeIcon(getClass(), commonDir + "Browser.sizeHandleIcon.png"),
"FileChooser.homeFolderIcon",
LookAndFeel.makeIcon(getClass(), commonDir + "FileChooser.homeFolderIcon.png"),
//
"FileView.computerIcon",
LookAndFeel.makeIcon(getClass(), commonDir + "FileView.computerIcon.png"),
//
"FileChooser.fileHidingEnabled",
isFileHidingEnabled,
"FileChooser.quickLookEnabled",
isQuickLookEnabled,
"FileChooser.orderByType",
isOrderFilesByType,
"FileChooser.previewLabelForeground",
new ColorUIResource(0x000000),
"FileChooser.previewValueForeground",
new ColorUIResource(0x000000),
"FileChooser.previewLabelFont",
smallSystemFont,
"FileChooser.previewValueFont",
smallSystemFont,
"FileChooser.splitPaneDividerSize",
6,
"FileChooser.previewLabelInsets",
new InsetsUIResource(0, 0, 0, 4),
"FileChooser.cellTipOrigin",
new Point(18, 1),
"FileChooser.autovalidate",
Boolean.TRUE,
"FileChooser.browserFocusCellHighlightBorder",
new UIDefaults.ProxyLazyValue(
"javax.swing.plaf.BorderUIResource$EmptyBorderUIResource",
new Object[] {new Insets(1, 1, 1, 1)}),
"FileChooser.browserFocusCellHighlightBorderGrayed",
new UIDefaults.ProxyLazyValue(
"javax.swing.plaf.BorderUIResource$MatteBorderUIResource",
new Object[] {1, 1, 1, 1, grayedFocusCellBorderColor}),
"FileChooser.browserCellBorder",
new UIDefaults.ProxyLazyValue(
"javax.swing.plaf.BorderUIResource$EmptyBorderUIResource",
new Object[] {new Insets(1, 1, 1, 1)}),
"FileChooser.browserUseUnselectedExpandIconForLabeledFile",
Boolean.TRUE,
"Sheet.showAsSheet",
Boolean.TRUE,
};
table.putDefaults(uiDefaults);
}
private void handleLoginPost(
Request request, HttpServletResponse httpServletResponse, boolean secured) throws Exception {
String userId = request.getParameter(PARAM_USER_ID);
String password = request.getParameter(PARAM_PASSWORD);
String rememberAccountStr = request.getParameter(PARAM_REMEMBER_ACCOUNT);
boolean rememberAccount = Boolean.parseBoolean(rememberAccountStr);
LoginInfo.SessionInfo sessionInfo = UserHelpers.getSessionInfo(request);
logOut(sessionInfo.browserId);
User user = userDb.get(userId);
if (user == null) {
WebUtils.redirectToError("User " + userId + " not found", request, httpServletResponse);
return;
}
if (!user.checkPassword(password)) {
WebUtils.redirectToError("Invalid password", request, httpServletResponse);
return;
}
if (!user.active) {
WebUtils.redirectToError(
"Account for User " + userId + " needs to be activated", request, httpServletResponse);
return;
}
LOG.info("Logged in user " + userId);
sessionInfo.sessionId = null;
if (sessionInfo.browserId == null) {
sessionInfo.browserId = getRandomId();
} else {
for (LoginInfo loginInfo : loginInfoDb.getLoginsForBrowser(sessionInfo.browserId)) {
if (userId.equals(loginInfo.userId)) {
sessionInfo.sessionId = loginInfo.sessionId;
break;
}
}
}
long expireOn = System.currentTimeMillis() + Config.getConfig().loginExpireInterval;
if (sessionInfo.sessionId == null) {
sessionInfo.sessionId = getRandomId();
Config config = Config.getConfig();
loginInfoDb.add(
new LoginInfo(
sessionInfo.browserId,
sessionInfo.sessionId,
userId,
expireOn,
rememberAccount,
config.defaultStyle,
config.defaultItemsPerPage,
config.defaultFeedDateFormat));
LOG.info(String.format("Logging in in a new session. User: %s", user));
} else {
loginInfoDb.updateExpireTime(sessionInfo.browserId, sessionInfo.sessionId, expireOn);
LOG.info(String.format("Logging in in an existing session. User: %s", user));
}
WebUtils.saveCookies(
httpServletResponse, secured, sessionInfo.browserId, sessionInfo.sessionId);
httpServletResponse.sendRedirect("/");
}
private byte[] transform(Data dereferencedData, XMLCryptoContext context)
throws XMLSignatureException {
if (md == null) {
try {
md =
MessageDigest.getInstance(((DOMDigestMethod) digestMethod).getMessageDigestAlgorithm());
} catch (NoSuchAlgorithmException nsae) {
throw new XMLSignatureException(nsae);
}
}
md.reset();
DigesterOutputStream dos;
Boolean cache = (Boolean) context.getProperty("javax.xml.crypto.dsig.cacheReference");
if (cache != null && cache.booleanValue() == true) {
this.derefData = copyDerefData(dereferencedData);
dos = new DigesterOutputStream(md, true);
} else {
dos = new DigesterOutputStream(md);
}
OutputStream os = new UnsyncBufferedOutputStream(dos);
Data data = dereferencedData;
for (int i = 0, size = transforms.size(); i < size; i++) {
DOMTransform transform = (DOMTransform) transforms.get(i);
try {
if (i < size - 1) {
data = transform.transform(data, context);
} else {
data = transform.transform(data, context, os);
}
} catch (TransformException te) {
throw new XMLSignatureException(te);
}
}
try {
if (data != null) {
XMLSignatureInput xi;
if (data instanceof ApacheData) {
xi = ((ApacheData) data).getXMLSignatureInput();
} else if (data instanceof OctetStreamData) {
xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream());
} else if (data instanceof NodeSetData) {
TransformService spi =
TransformService.getInstance(CanonicalizationMethod.INCLUSIVE, "DOM");
data = spi.transform(data, context);
xi = new XMLSignatureInput(((OctetStreamData) data).getOctetStream());
} else {
throw new XMLSignatureException("unrecognized Data type");
}
xi.updateOutputStream(os);
}
os.flush();
if (cache != null && cache.booleanValue() == true) {
this.dis = dos.getInputStream();
}
return dos.getDigestValue();
} catch (Exception e) {
throw new XMLSignatureException(e);
}
}