PageRenderTime 44ms CodeModel.GetById 18ms app.highlight 20ms RepoModel.GetById 1ms app.codeStats 0ms

/hudson-core/src/main/java/hudson/console/AnnotatedLargeText.java

http://github.com/hudson/hudson
Java | 173 lines | 104 code | 17 blank | 52 comment | 4 complexity | 6fd589855693bc5cb52ab78b16d30153 MD5 | raw file 
  1/*
  2 * The MIT License
  3 *
  4 * Copyright (c) 2004-2010, Sun Microsystems, Inc.
  5 *
  6 * Permission is hereby granted, free of charge, to any person obtaining a copy
  7 * of this software and associated documentation files (the "Software"), to deal
  8 * in the Software without restriction, including without limitation the rights
  9 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 10 * copies of the Software, and to permit persons to whom the Software is
 11 * furnished to do so, subject to the following conditions:
 12 *
 13 * The above copyright notice and this permission notice shall be included in
 14 * all copies or substantial portions of the Software.
 15 *
 16 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 17 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 18 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 19 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 20 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 21 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 22 * THE SOFTWARE.
 23 */
 24package hudson.console;
 25
 26import com.trilead.ssh2.crypto.Base64;
 27import hudson.model.Hudson;
 28import hudson.remoting.ObjectInputStreamEx;
 29import hudson.util.IOException2;
 30import hudson.util.Secret;
 31import hudson.util.TimeUnit2;
 32import org.apache.commons.io.output.ByteArrayOutputStream;
 33import org.kohsuke.stapler.Stapler;
 34import org.kohsuke.stapler.StaplerRequest;
 35import org.kohsuke.stapler.StaplerResponse;
 36import org.kohsuke.stapler.framework.io.ByteBuffer;
 37import org.kohsuke.stapler.framework.io.LargeText;
 38
 39import javax.crypto.Cipher;
 40import javax.crypto.CipherInputStream;
 41import javax.crypto.CipherOutputStream;
 42import java.io.ByteArrayInputStream;
 43import java.io.File;
 44import java.io.IOException;
 45import java.io.ObjectInputStream;
 46import java.io.ObjectOutputStream;
 47import java.io.OutputStream;
 48import java.io.Writer;
 49import java.nio.charset.Charset;
 50import java.security.GeneralSecurityException;
 51import java.util.zip.GZIPInputStream;
 52import java.util.zip.GZIPOutputStream;
 53
 54import static java.lang.Math.abs;
 55
 56/**
 57 * Extension to {@link LargeText} that handles annotations by {@link ConsoleAnnotator}.
 58 *
 59 * <p>
 60 * In addition to run each line through {@link ConsoleAnnotationOutputStream} for adding markup,
 61 * this class persists {@link ConsoleAnnotator} into a byte sequence and send it to the client
 62 * as an HTTP header. The client JavaScript sends it back next time it fetches the following output.
 63 *
 64 * <p>
 65 * The serialized {@link ConsoleAnnotator} is encrypted to avoid malicious clients from instantiating
 66 * arbitrary {@link ConsoleAnnotator}s.
 67 *
 68 * @param <T>
 69 *      Context type.
 70 * @author Kohsuke Kawaguchi
 71 * @since 1.349
 72 */
 73public class AnnotatedLargeText<T> extends LargeText {
 74    /**
 75     * Can be null.
 76     */
 77    private T context;
 78
 79    public AnnotatedLargeText(File file, Charset charset, boolean completed, T context) {
 80        super(file, charset, completed);
 81        this.context = context;
 82    }
 83
 84    public AnnotatedLargeText(ByteBuffer memory, Charset charset, boolean completed, T context) {
 85        super(memory, charset, completed);
 86        this.context = context;
 87    }
 88
 89    public void doProgressiveHtml(StaplerRequest req, StaplerResponse rsp) throws IOException {
 90        req.setAttribute("html",true);
 91        doProgressText(req,rsp);
 92    }
 93
 94    /**
 95     * Aliasing what I think was a wrong name in {@link LargeText}
 96     */
 97    public void doProgressiveText(StaplerRequest req, StaplerResponse rsp) throws IOException {
 98        doProgressText(req,rsp);
 99    }
100
101    /**
102     * For reusing code between text/html and text/plain, we run them both through the same code path
103     * and use this request attribute to differentiate. 
104     */
105    private boolean isHtml() {
106        return Stapler.getCurrentRequest().getAttribute("html")!=null;
107    }
108
109    @Override
110    protected void setContentType(StaplerResponse rsp) {
111        rsp.setContentType(isHtml() ? "text/html;charset=UTF-8" : "text/plain;charset=UTF-8");
112    }
113
114    private ConsoleAnnotator createAnnotator(StaplerRequest req) throws IOException {
115        try {
116            String base64 = req!=null ? req.getHeader("X-ConsoleAnnotator") : null;
117            if (base64!=null) {
118                Cipher sym = Secret.getCipher("AES");
119                sym.init(Cipher.DECRYPT_MODE, Hudson.getInstance().getSecretKeyAsAES128());
120
121                ObjectInputStream ois = new ObjectInputStreamEx(new GZIPInputStream(
122                        new CipherInputStream(new ByteArrayInputStream(Base64.decode(base64.toCharArray())),sym)),
123                        Hudson.getInstance().pluginManager.uberClassLoader);
124                long timestamp = ois.readLong();
125                if (TimeUnit2.HOURS.toMillis(1) > abs(System.currentTimeMillis()-timestamp))
126                    // don't deserialize something too old to prevent a replay attack
127                    return (ConsoleAnnotator)ois.readObject();
128            }
129        } catch (GeneralSecurityException e) {
130            throw new IOException2(e);
131        } catch (ClassNotFoundException e) {
132            throw new IOException2(e);
133        }
134        // start from scratch
135        return ConsoleAnnotator.initial(context==null ? null : context.getClass());
136    }
137
138    @Override
139    public long writeLogTo(long start, Writer w) throws IOException {
140        if (isHtml())
141            return writeHtmlTo(start, w);
142        else
143            return super.writeLogTo(start,w);
144    }
145
146    @Override
147    public long writeLogTo(long start, OutputStream out) throws IOException {
148        return super.writeLogTo(start, new PlainTextConsoleOutputStream(out));
149    }
150
151    public long writeHtmlTo(long start, Writer w) throws IOException {
152        ConsoleAnnotationOutputStream caw = new ConsoleAnnotationOutputStream(
153                w, createAnnotator(Stapler.getCurrentRequest()), context, charset);
154        long r = super.writeLogTo(start,caw);
155
156        try {
157            ByteArrayOutputStream baos = new ByteArrayOutputStream();
158            Cipher sym = Secret.getCipher("AES");
159            sym.init(Cipher.ENCRYPT_MODE, Hudson.getInstance().getSecretKeyAsAES128());
160            ObjectOutputStream oos = new ObjectOutputStream(new GZIPOutputStream(new CipherOutputStream(baos,sym)));
161            oos.writeLong(System.currentTimeMillis()); // send timestamp to prevent a replay attack
162            oos.writeObject(caw.getConsoleAnnotator());
163            oos.close();
164            StaplerResponse rsp = Stapler.getCurrentResponse();
165            if (rsp!=null)
166                rsp.setHeader("X-ConsoleAnnotator", new String(Base64.encode(baos.toByteArray())));
167        } catch (GeneralSecurityException e) {
168            throw new IOException2(e);
169        }
170        return r;
171    }
172
173}