diff --git a/core/src/main/java/lucee/commons/net/HTTPUtil.java b/core/src/main/java/lucee/commons/net/HTTPUtil.java index f9392d4cc9..fa0fd94358 100755 --- a/core/src/main/java/lucee/commons/net/HTTPUtil.java +++ b/core/src/main/java/lucee/commons/net/HTTPUtil.java @@ -21,12 +21,15 @@ import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.UnsupportedEncodingException; +import java.net.HttpURLConnection; import java.net.MalformedURLException; import java.net.URI; import java.net.URISyntaxException; import java.net.URL; import java.security.GeneralSecurityException; +import java.util.ArrayList; import java.util.HashMap; +import java.util.List; import java.util.Map; import java.util.Map.Entry; import java.util.concurrent.ConcurrentHashMap; @@ -38,6 +41,7 @@ import org.apache.http.Header; import org.apache.http.HttpResponse; +import org.apache.http.message.BasicHeader; import lucee.commons.digest.Hash; import lucee.commons.io.IOUtil; @@ -694,10 +698,77 @@ public static boolean isSecure(URL url) { return StringUtil.indexOfIgnoreCase(url.getProtocol(), "https") != -1; } - public static void validateDownload(URL url, HttpResponse response, Resource res, boolean deleteFileWhenInvalid, Exception cause) throws IOException { + public static interface HeadersCollection { + public Header[] getHeaders(String name); + } + + public static class HeadersHttpURLConnection implements HeadersCollection { + + private HttpURLConnection conn; + + public HeadersHttpURLConnection(HttpURLConnection conn) { + this.conn = conn; + } + + @Override + public Header[] getHeaders(String name) { + String val = conn.getHeaderField(name); + if (!StringUtil.isEmpty(val, true)) { + return new Header[] { new BasicHeader(name, val) }; + } + return null; + } + } + + public static class HeadersHTTPResponse implements HeadersCollection { + + private HTTPResponse response; + + public HeadersHTTPResponse(HTTPResponse response) { + this.response = response; + } + + @Override + public Header[] getHeaders(String name) { + List
list = new ArrayList<>(); + for (lucee.commons.net.http.Header header: response.getAllHeaders()) { + if (name.equals(header.getName())) { + list.add(new BasicHeader(header.getName(), header.getValue())); + } + } + return list.toArray(new Header[list.size()]); + } + } + + public static class HeadersHttpResponse implements HeadersCollection { + + private HttpResponse response; + + public HeadersHttpResponse(HttpResponse response) { + this.response = response; + } + + @Override + public Header[] getHeaders(String name) { + return response.getHeaders(name); + } + } + + public static void validateDownload(URL url, HttpURLConnection conn, Resource res, boolean deleteFileWhenInvalid, Exception cause) throws IOException { + _validateDownload(url, new HeadersHttpURLConnection(conn), res, deleteFileWhenInvalid, cause); + } + + public static void validateDownload(URL url, HTTPResponse rsp, Resource res, boolean deleteFileWhenInvalid, Exception cause) throws IOException { + _validateDownload(url, new HeadersHTTPResponse(rsp), res, deleteFileWhenInvalid, cause); + } + + public static void validateDownload(URL url, HttpResponse rsp, Resource res, boolean deleteFileWhenInvalid, Exception cause) throws IOException { + _validateDownload(url, new HeadersHttpResponse(rsp), res, deleteFileWhenInvalid, cause); + } + + private static void _validateDownload(URL url, HeadersCollection headersCollection, Resource res, boolean deleteFileWhenInvalid, Exception cause) throws IOException { // in case of an exception, the file may was not created if (cause != null && !res.exists()) return; - Header[] headers; Header h; String label, name; @@ -706,7 +777,7 @@ public static void validateDownload(URL url, HttpResponse response, Resource res name = e.getKey(); label = name.toUpperCase(); for (String hn: e.getValue()) { - headers = response.getHeaders(hn); + headers = headersCollection.getHeaders(hn); if (headers != null && headers.length > 0) { h = headers[0]; if (!StringUtil.isEmpty(h.getValue(), true)) { @@ -717,7 +788,6 @@ public static void validateDownload(URL url, HttpResponse response, Resource res else if ("sha256".equalsIgnoreCase(name)) fileHash = Hash.sha256(res); else if ("sha512".equalsIgnoreCase(name)) fileHash = Hash.sha512(res); else continue; - if (!fileHash.equalsIgnoreCase(h.getValue())) { if (deleteFileWhenInvalid) { res.remove(true); @@ -739,7 +809,7 @@ public static void validateDownload(URL url, HttpResponse response, Resource res // Digest validation for (String hn: VALIDATION_HEADERS) { - headers = response.getHeaders(hn); + headers = headersCollection.getHeaders(hn); if (headers != null && headers.length > 0) { h = headers[0]; String raw = h.getValue(); diff --git a/core/src/main/java/lucee/runtime/config/DeployHandler.java b/core/src/main/java/lucee/runtime/config/DeployHandler.java index 0c199fdab9..5e8d14829c 100644 --- a/core/src/main/java/lucee/runtime/config/DeployHandler.java +++ b/core/src/main/java/lucee/runtime/config/DeployHandler.java @@ -38,6 +38,7 @@ import lucee.commons.lang.StringUtil; import lucee.commons.lang.types.RefBoolean; import lucee.commons.lang.types.RefBooleanImpl; +import lucee.commons.net.HTTPUtil; import lucee.commons.net.http.HTTPEngine; import lucee.commons.net.http.HTTPResponse; import lucee.commons.net.http.Header; @@ -428,6 +429,9 @@ public static Resource downloadExtension(Config config, ExtensionDefintion ed, L Resource res = SystemUtil.getTempDirectory().getRealResource(ed.getId() + "-" + ed.getVersion() + ".lex"); ResourceUtil.touch(res); IOUtil.copy(rsp.getContentAsStream(), res, true); + + HTTPUtil.validateDownload(url, rsp, res, true, null); + if (log != null) log.info("main", "Downloaded extension [" + ed + "] to [" + res + "]"); return res; diff --git a/core/src/main/java/lucee/runtime/config/s3/BundleProvider.java b/core/src/main/java/lucee/runtime/config/s3/BundleProvider.java index cb633c54ef..e0406d25cc 100644 --- a/core/src/main/java/lucee/runtime/config/s3/BundleProvider.java +++ b/core/src/main/java/lucee/runtime/config/s3/BundleProvider.java @@ -49,9 +49,12 @@ import lucee.commons.io.SystemUtil; import lucee.commons.io.log.Log; import lucee.commons.io.log.LogUtil; +import lucee.commons.io.res.Resource; +import lucee.commons.io.res.util.ResourceUtil; import lucee.commons.lang.ExceptionUtil; import lucee.commons.lang.Pair; import lucee.commons.lang.StringUtil; +import lucee.commons.net.HTTPUtil; import lucee.commons.net.http.HTTPResponse; import lucee.commons.net.http.httpclient.HTTPEngine4Impl; import lucee.loader.engine.CFMLEngine; @@ -358,8 +361,10 @@ public File downloadBundle(BundleDefinition bd) throws IOException { } } - - IOUtil.copy((InputStream) conn.getContent(), new FileOutputStream(jar), true, true); + Resource tmp = SystemUtil.getTempFile("jar", false); + IOUtil.copy((InputStream) conn.getContent(), tmp.getOutputStream(), true, true); + HTTPUtil.validateDownload(updateUrl, conn, tmp, true, null); + ResourceUtil.toFile(tmp).renameTo(jar); conn.disconnect(); return jar; /* diff --git a/core/src/main/java/lucee/runtime/thread/ThreadUtil.java b/core/src/main/java/lucee/runtime/thread/ThreadUtil.java index 33440f6f85..b5a4515b28 100755 --- a/core/src/main/java/lucee/runtime/thread/ThreadUtil.java +++ b/core/src/main/java/lucee/runtime/thread/ThreadUtil.java @@ -33,7 +33,6 @@ import javax.servlet.http.HttpSession; import lucee.aprint; -import lucee.print; import lucee.commons.io.DevNullOutputStream; import lucee.commons.io.SystemUtil; import lucee.commons.io.log.LogUtil; @@ -256,11 +255,6 @@ public static ExecutorService createExecutorService(int maxThreads, boolean allo return Executors.newFixedThreadPool(maxThreads); } - public static void main(String[] args) { - ExecutorService t = createExecutorService(); - print.e(t); - } - public static ExecutorService createExecutorService() { if (SystemUtil.JAVA_VERSION >= SystemUtil.JAVA_VERSION_19) { // FUTURE use newVirtualThreadPerTaskExecutor natively @@ -271,7 +265,6 @@ public static ExecutorService createExecutorService() { return (ExecutorService) methodHandle.invoke(); } catch (Throwable e) { - print.e(e); ExceptionUtil.rethrowIfNecessary(e); LogUtil.log("threading", e); } diff --git a/loader/build.xml b/loader/build.xml index d9d589e96e..1fb90c3512 100644 --- a/loader/build.xml +++ b/loader/build.xml @@ -2,7 +2,7 @@ - + diff --git a/loader/pom.xml b/loader/pom.xml index d6a5e82f94..f693501b75 100644 --- a/loader/pom.xml +++ b/loader/pom.xml @@ -3,7 +3,7 @@ org.lucee lucee - 6.2.0.240-SNAPSHOT + 6.2.0.241-SNAPSHOT jar Lucee Loader Build