strepsirrhini/office-gobmx
9
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

swext: MediaWiki: implement AllowInsecureProtocols

Browse source 
Change-Id: I0406431f2f923db5ae0c2c6bb889e7058096ca5d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159080
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
This commit is contained in:
Michael Stahl 2023-11-07 19:55:07 +01:00
parent b91daea3c1
commit 8b0b453ecb
1 changed files with 23 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
swext/mediawiki/src/com/sun/star/wiki/Helper.java
View file

@ -38,6 +38,7 @@ import com.sun.star.frame.XModel;
import com.sun.star.frame.XModuleManager;
import com.sun.star.io.XInputStream;
import com.sun.star.io.XOutputStream;
import com.sun.star.lang.IllegalArgumentException;
import com.sun.star.lang.XMultiComponentFactory;
import com.sun.star.lang.XMultiServiceFactory;
import com.sun.star.lang.XComponent;
@ -54,6 +55,7 @@ import com.sun.star.util.XChangesBatch;
import java.net.*;
import java.io.*;
import javax.net.ssl.HttpsURLConnection;
import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLException;
import javax.swing.text.html.HTMLEditorKit;
@ -645,7 +647,27 @@ public class Helper
} else {
conn = (HttpURLConnection) uri.toURL().openConnection();
}
if (uri.getScheme().equals("https") && AllowUnknownCert(xContext, uri.getHost()))
boolean isAllowedInsecure;
try {
XNameAccess xNameAccess = GetConfigNameAccess(xContext, "org.openoffice.Office.Security/Net");
isAllowedInsecure = AnyConverter.toBoolean(xNameAccess.getByName("AllowInsecureProtocols"));
} catch (Exception e) {
throw new RuntimeException("failed to read configuration", e);
}
if (!isAllowedInsecure) {
if (!uri.getScheme().equals("https")) {
throw new IllegalArgumentException("insecure connection not allowed by configuration", null, (short)0);
}
try {
SSLContext context = SSLContext.getInstance("TLSv1.2");
context.init(null, null, null); // defaults
((HttpsURLConnection) conn).setSSLSocketFactory(context.getSocketFactory());
} catch (Exception e) {
throw new RuntimeException("failed to create SSLContext", e);
}
}
else if (uri.getScheme().equals("https") && AllowUnknownCert(xContext, uri.getHost()))
{
// let unknown certificates be accepted
((HttpsURLConnection) conn).setSSLSocketFactory(new WikiProtocolSocketFactory());