Return-Path: Delivered-To: apmail-continuum-commits-archive@www.apache.org Received: (qmail 88243 invoked from network); 8 Oct 2008 05:07:19 -0000 Received: from hermes.apache.org (HELO mail.apache.org) (140.211.11.2) by minotaur.apache.org with SMTP; 8 Oct 2008 05:07:19 -0000 Received: (qmail 19417 invoked by uid 500); 8 Oct 2008 05:07:18 -0000 Delivered-To: apmail-continuum-commits-archive@continuum.apache.org Received: (qmail 19392 invoked by uid 500); 8 Oct 2008 05:07:18 -0000 Mailing-List: contact commits-help@continuum.apache.org; run by ezmlm Precedence: bulk List-Help: List-Unsubscribe: List-Post: List-Id: Reply-To: dev@continuum.apache.org Delivered-To: mailing list commits@continuum.apache.org Received: (qmail 19383 invoked by uid 99); 8 Oct 2008 05:07:18 -0000 Received: from athena.apache.org (HELO athena.apache.org) (140.211.11.136) by apache.org (qpsmtpd/0.29) with ESMTP; Tue, 07 Oct 2008 22:07:18 -0700 X-ASF-Spam-Status: No, hits=-1999.9 required=10.0 tests=ALL_TRUSTED,DNS_FROM_SECURITYSAGE X-Spam-Check-By: apache.org Received: from [140.211.11.4] (HELO eris.apache.org) (140.211.11.4) by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 08 Oct 2008 05:06:23 +0000 Received: by eris.apache.org (Postfix, from userid 65534) id C37B023888AF; Tue, 7 Oct 2008 22:06:28 -0700 (PDT) Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit Subject: svn commit: r702699 - /continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/project/builder/AbstractContinuumProjectBuilder.java Date: Wed, 08 Oct 2008 05:06:28 -0000 To: commits@continuum.apache.org From: evenisse@apache.org X-Mailer: svnmailer-1.0.8 Message-Id: <20081008050628.C37B023888AF@eris.apache.org> X-Virus-Checked: Checked by ClamAV on apache.org Author: evenisse Date: Tue Oct 7 22:06:28 2008 New Revision: 702699 URL: http://svn.apache.org/viewvc?rev=702699&view=rev Log: merge -r 702697:702698 from continuum-1.2.x branch. [CONTINUUM-1914] Hide passwords in continuum logs Modified: continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/project/builder/AbstractContinuumProjectBuilder.java Modified: continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/project/builder/AbstractContinuumProjectBuilder.java URL: http://svn.apache.org/viewvc/continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/project/builder/AbstractContinuumProjectBuilder.java?rev=702699&r1=702698&r2=702699&view=diff ============================================================================== --- continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/project/builder/AbstractContinuumProjectBuilder.java (original) +++ continuum/trunk/continuum-core/src/main/java/org/apache/maven/continuum/project/builder/AbstractContinuumProjectBuilder.java Tue Oct 7 22:06:28 2008 @@ -19,17 +19,6 @@ * under the License. */ -import java.io.File; -import java.io.FileNotFoundException; -import java.io.FileWriter; -import java.io.IOException; -import java.io.InputStream; -import java.net.MalformedURLException; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.URL; -import java.net.UnknownHostException; - import org.apache.commons.io.IOUtils; import org.apache.http.HttpException; import org.apache.http.HttpResponse; @@ -57,6 +46,17 @@ import org.codehaus.plexus.util.IOUtil; import org.codehaus.plexus.util.StringUtils; +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileWriter; +import java.io.IOException; +import java.io.InputStream; +import java.net.MalformedURLException; +import java.net.URI; +import java.net.URISyntaxException; +import java.net.URL; +import java.net.UnknownHostException; + /** * @author Trygve Laugstøl @@ -68,23 +68,23 @@ { private static final String TMP_DIR = System.getProperty( "java.io.tmpdir" ); - + private DefaultHttpClient httpClient; - - + + public void initialize() throws InitializationException { SchemeRegistry schemeRegistry = new SchemeRegistry(); // http scheme - schemeRegistry.register( new Scheme( "http", PlainSocketFactory.getSocketFactory(), 80 ) ); + schemeRegistry.register( new Scheme( "http", PlainSocketFactory.getSocketFactory(), 80 ) ); // https scheme - SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory(); - + SSLSocketFactory sslSocketFactory = SSLSocketFactory.getSocketFactory(); + // ignore cert sslSocketFactory.setHostnameVerifier( SSLSocketFactory.ALLOW_ALL_HOSTNAME_VERIFIER ); schemeRegistry.register( new Scheme( "https", sslSocketFactory, 443 ) ); - + HttpParams params = new BasicHttpParams(); // TODO put this values to a configuration way ??? params.setParameter( ConnManagerPNames.MAX_TOTAL_CONNECTIONS, new Integer( 30 ) ); @@ -92,24 +92,30 @@ HttpProtocolParams.setVersion( params, HttpVersion.HTTP_1_1 ); ClientConnectionManager cm = new ThreadSafeClientConnManager( params, schemeRegistry ); - + httpClient = new DefaultHttpClient( cm, params ); - + } - protected File createMetadataFile( URL metadata, String username, String password, ContinuumProjectBuildingResult result ) + protected File createMetadataFile( URL metadata, String username, String password, + ContinuumProjectBuildingResult result ) throws IOException, URISyntaxException, HttpException { - getLogger().info( "Downloading " + metadata.toExternalForm() ); + String url = metadata.toExternalForm(); + if ( metadata.getProtocol().startsWith( "http" ) ) + { + url = hidePasswordInUrl( url ); + } + getLogger().info( "Downloading " + url ); InputStream is = null; - + if ( metadata.getProtocol().startsWith( "http" ) ) { URI uri = metadata.toURI(); HttpGet httpGet = new HttpGet( uri ); - + // basic auth if ( username != null && password != null ) { @@ -117,21 +123,21 @@ .setCredentials( new AuthScope( uri.getHost(), uri.getPort() ), new UsernamePasswordCredentials( username, password ) ); } - + HttpResponse httpResponse = httpClient.execute( httpGet ); - + // basic auth int res = httpResponse.getStatusLine().getStatusCode(); - switch (res) + switch ( res ) { - case 200 : + case 200: break; case 401: getLogger().error( "Error adding project: Unauthorized " + metadata, null ); result.addError( ContinuumProjectBuildingResult.ERROR_UNAUTHORIZED ); return null; - default : + default: getLogger().warn( "skip non handled http return code " + res ); } is = IOUtils.toInputStream( EntityUtils.toString( httpResponse.getEntity(), EntityUtils @@ -178,9 +184,9 @@ // FIXME should deleted after has been reading File uploadDirectory = new File( continuumTmpDir, baseDirectory ); - + uploadDirectory.deleteOnExit(); - + // resolve any '..' as it will cause issues uploadDirectory = uploadDirectory.getCanonicalFile(); @@ -203,6 +209,22 @@ return file; } + private String hidePasswordInUrl( String url ) + { + int indexAt = url.indexOf( "@" ); + + if ( indexAt < 0 ) + { + return url; + } + + String s = url.substring( 0, indexAt ); + + int pos = s.lastIndexOf( ":" ); + + return s.substring( 0, pos + 1 ) + "*****" + url.substring( indexAt ); + } + /** * Create metadata file and handle exceptions, adding the errors to the result object. * @@ -233,7 +255,7 @@ { getLogger().info( "Malformed URL: " + metadata, e ); result.addError( ContinuumProjectBuildingResult.ERROR_MALFORMED_URL ); - } + } catch ( UnknownHostException e ) { getLogger().info( "Unknown host: " + metadata, e ); @@ -248,7 +270,7 @@ { getLogger().warn( "Could not download the URL: " + metadata, e ); result.addError( ContinuumProjectBuildingResult.ERROR_UNKNOWN ); - } + } return null; }