Lines 43-50
Link Here
|
43 |
package org.netbeans.modules.hudson.api; |
43 |
package org.netbeans.modules.hudson.api; |
44 |
|
44 |
|
45 |
import java.awt.EventQueue; |
45 |
import java.awt.EventQueue; |
|
|
46 |
import java.io.ByteArrayOutputStream; |
46 |
import java.io.FileNotFoundException; |
47 |
import java.io.FileNotFoundException; |
47 |
import java.io.IOException; |
48 |
import java.io.IOException; |
|
|
49 |
import java.io.InputStream; |
48 |
import java.io.InterruptedIOException; |
50 |
import java.io.InterruptedIOException; |
49 |
import java.io.OutputStream; |
51 |
import java.io.OutputStream; |
50 |
import java.net.HttpRetryException; |
52 |
import java.net.HttpRetryException; |
Lines 55-60
Link Here
|
55 |
import java.security.SecureRandom; |
57 |
import java.security.SecureRandom; |
56 |
import java.security.cert.CertificateException; |
58 |
import java.security.cert.CertificateException; |
57 |
import java.security.cert.X509Certificate; |
59 |
import java.security.cert.X509Certificate; |
|
|
60 |
import java.util.Collections; |
58 |
import java.util.HashMap; |
61 |
import java.util.HashMap; |
59 |
import java.util.HashSet; |
62 |
import java.util.HashSet; |
60 |
import java.util.LinkedHashMap; |
63 |
import java.util.LinkedHashMap; |
Lines 75-80
Link Here
|
75 |
import org.openide.util.Lookup; |
78 |
import org.openide.util.Lookup; |
76 |
import org.openide.util.NbBundle.Messages; |
79 |
import org.openide.util.NbBundle.Messages; |
77 |
import static org.netbeans.modules.hudson.api.Bundle.*; |
80 |
import static org.netbeans.modules.hudson.api.Bundle.*; |
|
|
81 |
import org.openide.filesystems.FileUtil; |
78 |
import org.openide.util.RequestProcessor; |
82 |
import org.openide.util.RequestProcessor; |
79 |
import org.openide.xml.XMLUtil; |
83 |
import org.openide.xml.XMLUtil; |
80 |
import org.w3c.dom.Document; |
84 |
import org.w3c.dom.Document; |
Lines 98-103
Link Here
|
98 |
*/ |
102 |
*/ |
99 |
private static final Map</*URL*/String,String[]> COOKIES = new HashMap<String,String[]>(); |
103 |
private static final Map</*URL*/String,String[]> COOKIES = new HashMap<String,String[]>(); |
100 |
|
104 |
|
|
|
105 |
private static final Map</*URL*/String,/*[field,crumb]*/String[]> crumbs = Collections.synchronizedMap(new HashMap<String,String[]>()); // #193008 |
106 |
|
101 |
private URL home; |
107 |
private URL home; |
102 |
private URL url; |
108 |
private URL url; |
103 |
private final Map<String,String> requestHeaders = new LinkedHashMap<String,String>(); |
109 |
private final Map<String,String> requestHeaders = new LinkedHashMap<String,String>(); |
Lines 313-318
Link Here
|
313 |
conn.setRequestProperty("Cookie", cookieBare); // NOI18N |
319 |
conn.setRequestProperty("Cookie", cookieBare); // NOI18N |
314 |
} |
320 |
} |
315 |
} |
321 |
} |
|
|
322 |
String[] fieldCrumb = crumbs.get(home.toString()); |
323 |
if (fieldCrumb != null) { |
324 |
conn.setRequestProperty(fieldCrumb[0], fieldCrumb[1]); |
325 |
} |
316 |
} |
326 |
} |
317 |
if (postData != null) { |
327 |
if (postData != null) { |
318 |
conn.setDoOutput(true); |
328 |
conn.setDoOutput(true); |
Lines 367-372
Link Here
|
367 |
if (retry != null) { |
377 |
if (retry != null) { |
368 |
LOG.log(Level.FINER, "Retrying after auth from {0}", authenticator); |
378 |
LOG.log(Level.FINER, "Retrying after auth from {0}", authenticator); |
369 |
conn = retry; |
379 |
conn = retry; |
|
|
380 |
try { // check for CSRF before continuing |
381 |
InputStream is = new ConnectionBuilder().url(new URL(home, "crumbIssuer/api/xml?xpath=concat(//crumbRequestField,'=',//crumb)")).homeURL(home).connection().getInputStream(); |
382 |
try { |
383 |
ByteArrayOutputStream baos = new ByteArrayOutputStream(); |
384 |
FileUtil.copy(is, baos); |
385 |
String crumb = baos.toString("UTF-8"); |
386 |
String[] crumbA = crumb.split("=", 2); |
387 |
if (crumbA.length == 2 && crumbA[0].indexOf('\n') == -1) { |
388 |
LOG.log(Level.FINER, "Received crumb: {0}", crumb); |
389 |
crumbs.put(home.toString(), crumbA); |
390 |
} else { |
391 |
LOG.log(Level.WARNING, "Bad crumb response: {0}", crumb); |
392 |
} |
393 |
} finally { |
394 |
is.close(); |
395 |
} |
396 |
} catch (FileNotFoundException x) { |
397 |
LOG.finer("not using crumbs"); |
398 |
} |
370 |
continue RETRY; |
399 |
continue RETRY; |
371 |
} |
400 |
} |
372 |
} |
401 |
} |