diff options
| author | Michael Stahl <michael.stahl@allotropia.de> | 2023-11-07 19:55:07 +0100 |
|---|---|---|
| committer | Michael Stahl <michael.stahl@allotropia.de> | 2023-11-09 16:53:55 +0100 |
| commit | 8b0b453ecbf41a33a33e45756fddc7ec3fbddfc3 (patch) | |
| tree | 66dec83148e230b00a96cdfb4875415716faa84b /swext | |
| parent | b91daea3c1a38883c06cdd63c6eababe1df9e61d (diff) | |
swext: MediaWiki: implement AllowInsecureProtocols
Change-Id: I0406431f2f923db5ae0c2c6bb889e7058096ca5d
Reviewed-on: https://gerrit.libreoffice.org/c/core/+/159080
Tested-by: Jenkins
Reviewed-by: Michael Stahl <michael.stahl@allotropia.de>
Diffstat (limited to 'swext')
| -rw-r--r-- | swext/mediawiki/src/com/sun/star/wiki/Helper.java | 24 |
1 files changed, 23 insertions, 1 deletions
diff --git a/swext/mediawiki/src/com/sun/star/wiki/Helper.java b/swext/mediawiki/src/com/sun/star/wiki/Helper.java index 4a5ec943ad8c..e43091d2e269 100644 --- a/swext/mediawiki/src/com/sun/star/wiki/Helper.java +++ b/swext/mediawiki/src/com/sun/star/wiki/Helper.java @@ -38,6 +38,7 @@ import com.sun.star.frame.XModel; import com.sun.star.frame.XModuleManager; import com.sun.star.io.XInputStream; import com.sun.star.io.XOutputStream; +import com.sun.star.lang.IllegalArgumentException; import com.sun.star.lang.XMultiComponentFactory; import com.sun.star.lang.XMultiServiceFactory; import com.sun.star.lang.XComponent; @@ -54,6 +55,7 @@ import com.sun.star.util.XChangesBatch; import java.net.*; import java.io.*; import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; import javax.net.ssl.SSLException; import javax.swing.text.html.HTMLEditorKit; @@ -645,7 +647,27 @@ public class Helper } else { conn = (HttpURLConnection) uri.toURL().openConnection(); } - if (uri.getScheme().equals("https") && AllowUnknownCert(xContext, uri.getHost())) + + boolean isAllowedInsecure; + try { + XNameAccess xNameAccess = GetConfigNameAccess(xContext, "org.openoffice.Office.Security/Net"); + isAllowedInsecure = AnyConverter.toBoolean(xNameAccess.getByName("AllowInsecureProtocols")); + } catch (Exception e) { + throw new RuntimeException("failed to read configuration", e); + } + if (!isAllowedInsecure) { + if (!uri.getScheme().equals("https")) { + throw new IllegalArgumentException("insecure connection not allowed by configuration", null, (short)0); + } + try { + SSLContext context = SSLContext.getInstance("TLSv1.2"); + context.init(null, null, null); // defaults + ((HttpsURLConnection) conn).setSSLSocketFactory(context.getSocketFactory()); + } catch (Exception e) { + throw new RuntimeException("failed to create SSLContext", e); + } + } + else if (uri.getScheme().equals("https") && AllowUnknownCert(xContext, uri.getHost())) { // let unknown certificates be accepted ((HttpsURLConnection) conn).setSSLSocketFactory(new WikiProtocolSocketFactory()); |