Add requested changes

issue-10462/secure-pending-operation-6.2
Rajitha Kumara 6 months ago
parent 1576ef86d0
commit 2eb73213f3

@ -727,19 +727,20 @@ public class ApplicationManagerImpl implements ApplicationManager {
* @throws ResourceManagementException if error occurred while uploading * @throws ResourceManagementException if error occurred while uploading
*/ */
private ApplicationReleaseDTO uploadCustomAppReleaseArtifacts(ApplicationReleaseDTO releaseDTO, ApplicationArtifact applicationArtifact, private ApplicationReleaseDTO uploadCustomAppReleaseArtifacts(ApplicationReleaseDTO releaseDTO, ApplicationArtifact applicationArtifact,
String deviceType) String deviceType)
throws ResourceManagementException, ApplicationManagementException { throws ResourceManagementException, ApplicationManagementException {
int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true); int tenantId = PrivilegedCarbonContext.getThreadLocalCarbonContext().getTenantId(true);
ApplicationStorageManager applicationStorageManager = APIUtil.getApplicationStorageManager(); ApplicationStorageManager applicationStorageManager = APIUtil.getApplicationStorageManager();
try { try {
String md5OfApp = applicationStorageManager.getMD5(Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath()))); String md5OfApp = applicationStorageManager.
getMD5(Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath())));
validateReleaseBinaryFileHash(md5OfApp); validateReleaseBinaryFileHash(md5OfApp);
releaseDTO.setUuid(UUID.randomUUID().toString()); releaseDTO.setUuid(UUID.randomUUID().toString());
releaseDTO.setAppHashValue(md5OfApp); releaseDTO.setAppHashValue(md5OfApp);
releaseDTO.setInstallerName(applicationArtifact.getInstallerName()); releaseDTO.setInstallerName(applicationArtifact.getInstallerName());
applicationStorageManager.uploadReleaseArtifact(releaseDTO, deviceType, applicationStorageManager.uploadReleaseArtifact(releaseDTO, deviceType,
Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath())), tenantId); Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath())), tenantId);
} catch (IOException e) { } catch (IOException e) {
String msg = "Error occurred when uploading release artifact into the server"; String msg = "Error occurred when uploading release artifact into the server";
log.error(msg); log.error(msg);
@ -748,6 +749,7 @@ public class ApplicationManagerImpl implements ApplicationManager {
String msg = "Error occurred while md5sum value retrieving process: application UUID " String msg = "Error occurred while md5sum value retrieving process: application UUID "
+ releaseDTO.getUuid(); + releaseDTO.getUuid();
log.error(msg, e); log.error(msg, e);
throw new ApplicationManagementException(msg, e);
} }
return addImageArtifacts(releaseDTO, applicationArtifact, tenantId); return addImageArtifacts(releaseDTO, applicationArtifact, tenantId);
} }
@ -896,7 +898,8 @@ public class ApplicationManagerImpl implements ApplicationManager {
log.error(msg); log.error(msg);
throw new ApplicationManagementException(msg); throw new ApplicationManagementException(msg);
} }
String md5OfApp = applicationStorageManager.getMD5(Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath()))); String md5OfApp = applicationStorageManager.
getMD5(Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath())));
if (md5OfApp == null) { if (md5OfApp == null) {
String msg = "Error occurred while md5sum value retrieving process: application UUID " String msg = "Error occurred while md5sum value retrieving process: application UUID "
+ applicationReleaseDTO.getUuid(); + applicationReleaseDTO.getUuid();
@ -910,10 +913,9 @@ public class ApplicationManagerImpl implements ApplicationManager {
throw new BadRequestException(msg); throw new BadRequestException(msg);
} }
applicationReleaseDTO.setAppHashValue(md5OfApp); applicationReleaseDTO.setAppHashValue(md5OfApp);
applicationStorageManager
applicationStorageManager .uploadReleaseArtifact(applicationReleaseDTO, deviceType,
.uploadReleaseArtifact(applicationReleaseDTO, deviceType, Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath())), tenantId);
Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath())), tenantId);
} catch (StorageManagementException e) { } catch (StorageManagementException e) {
String msg = "Error occurred while md5sum value retrieving process: application UUID " String msg = "Error occurred while md5sum value retrieving process: application UUID "
+ applicationReleaseDTO.getUuid(); + applicationReleaseDTO.getUuid();
@ -969,9 +971,9 @@ public class ApplicationManagerImpl implements ApplicationManager {
if (!applicationReleaseDTO.getAppHashValue().equals(md5OfApp)) { if (!applicationReleaseDTO.getAppHashValue().equals(md5OfApp)) {
applicationReleaseDTO.setInstallerName(applicationArtifact.getInstallerName()); applicationReleaseDTO.setInstallerName(applicationArtifact.getInstallerName());
ApplicationInstaller applicationInstaller = applicationStorageManager ApplicationInstaller applicationInstaller = applicationStorageManager
.getAppInstallerData(Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath())), deviceType); .getAppInstallerData(Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath())), deviceType);
String packageName = applicationInstaller.getPackageName(); String packageName = applicationInstaller.getPackageName();
try { try {
ConnectionManagerUtil.getDBConnection(); ConnectionManagerUtil.getDBConnection();
@ -981,13 +983,13 @@ public class ApplicationManagerImpl implements ApplicationManager {
log.error(msg); log.error(msg);
throw new BadRequestException(msg); throw new BadRequestException(msg);
} }
if (applicationReleaseDTO.getPackageName() == null){ if (applicationReleaseDTO.getPackageName() == null) {
String msg = "Found null value for application release package name for application " String msg = "Found null value for application release package name for application "
+ "release which has UUID: " + applicationReleaseDTO.getUuid(); + "release which has UUID: " + applicationReleaseDTO.getUuid();
log.error(msg); log.error(msg);
throw new ApplicationManagementException(msg); throw new ApplicationManagementException(msg);
} }
if (!applicationReleaseDTO.getPackageName().equals(packageName)){ if (!applicationReleaseDTO.getPackageName().equals(packageName)) {
String msg = "Package name of the new artifact does not match with the package name of " String msg = "Package name of the new artifact does not match with the package name of "
+ "the exiting application release. Package name of the existing app release " + "the exiting application release. Package name of the existing app release "
+ applicationReleaseDTO.getPackageName() + " and package name of the new " + applicationReleaseDTO.getPackageName() + " and package name of the new "
@ -1000,11 +1002,11 @@ public class ApplicationManagerImpl implements ApplicationManager {
applicationReleaseDTO.setPackageName(packageName); applicationReleaseDTO.setPackageName(packageName);
String deletingAppHashValue = applicationReleaseDTO.getAppHashValue(); String deletingAppHashValue = applicationReleaseDTO.getAppHashValue();
applicationReleaseDTO.setAppHashValue(md5OfApp); applicationReleaseDTO.setAppHashValue(md5OfApp);
applicationStorageManager.uploadReleaseArtifact(applicationReleaseDTO, deviceType, applicationStorageManager.uploadReleaseArtifact(applicationReleaseDTO, deviceType,
Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath())), Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath())),
tenantId); tenantId);
applicationStorageManager.copyImageArtifactsAndDeleteInstaller(deletingAppHashValue, applicationStorageManager.copyImageArtifactsAndDeleteInstaller(deletingAppHashValue,
applicationReleaseDTO, tenantId); applicationReleaseDTO, tenantId);
} catch (DBConnectionException e) { } catch (DBConnectionException e) {
String msg = "Error occurred when getting database connection for verifying application " String msg = "Error occurred when getting database connection for verifying application "
+ "release existing for new app hash value."; + "release existing for new app hash value.";
@ -3625,11 +3627,11 @@ public class ApplicationManagerImpl implements ApplicationManager {
applicationReleaseDTO.get().setInstallerName(applicationArtifact.getInstallerName()); applicationReleaseDTO.get().setInstallerName(applicationArtifact.getInstallerName());
String deletingAppHashValue = applicationReleaseDTO.get().getAppHashValue(); String deletingAppHashValue = applicationReleaseDTO.get().getAppHashValue();
applicationReleaseDTO.get().setAppHashValue(md5OfApp); applicationReleaseDTO.get().setAppHashValue(md5OfApp);
applicationStorageManager. applicationStorageManager.
uploadReleaseArtifact(applicationReleaseDTO.get(), deviceTypeObj.getName(), uploadReleaseArtifact(applicationReleaseDTO.get(), deviceTypeObj.getName(),
Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath())), tenantId); Files.newInputStream(Paths.get(applicationArtifact.getInstallerPath())), tenantId);
applicationStorageManager.copyImageArtifactsAndDeleteInstaller(deletingAppHashValue, applicationStorageManager.copyImageArtifactsAndDeleteInstaller(deletingAppHashValue,
applicationReleaseDTO.get(), tenantId); applicationReleaseDTO.get(), tenantId);
} catch (DBConnectionException e) { } catch (DBConnectionException e) {
String msg = "Error occurred when getting database connection for verifying application" String msg = "Error occurred when getting database connection for verifying application"
+ " release existing for new app hash value."; + " release existing for new app hash value.";

@ -156,7 +156,6 @@ public class ApplicationStorageManagerImpl implements ApplicationStorageManager
public void uploadReleaseArtifact(ApplicationReleaseDTO applicationReleaseDTO, public void uploadReleaseArtifact(ApplicationReleaseDTO applicationReleaseDTO,
String deviceType, InputStream binaryFile, int tenantId) throws ResourceManagementException { String deviceType, InputStream binaryFile, int tenantId) throws ResourceManagementException {
try { try {
//byte [] content = IOUtils.toByteArray(binaryFile);
String artifactDirectoryPath = String artifactDirectoryPath =
storagePath + tenantId + File.separator + applicationReleaseDTO.getAppHashValue() + File.separator storagePath + tenantId + File.separator + applicationReleaseDTO.getAppHashValue() + File.separator
+ Constants.APP_ARTIFACT; + Constants.APP_ARTIFACT;

@ -31,6 +31,7 @@ import io.entgra.device.mgt.core.device.mgt.common.exceptions.NotFoundException;
import org.apache.commons.logging.Log; import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import java.io.IOException;
import java.io.InputStream; import java.io.InputStream;
import java.net.URL; import java.net.URL;
import java.nio.file.FileSystems; import java.nio.file.FileSystems;
@ -103,8 +104,13 @@ public class FileTransferServiceImpl implements FileTransferService {
@Override @Override
public boolean isExistsOnLocal(URL downloadUrl) throws FileTransferServiceException { public boolean isExistsOnLocal(URL downloadUrl) throws FileTransferServiceException {
try { try {
return FileTransferServiceHelperUtil.resolve(downloadUrl) != null; FileDescriptor fileDescriptor = FileTransferServiceHelperUtil.resolve(downloadUrl);
} catch (FileTransferServiceHelperUtilException e) { if (fileDescriptor != null && fileDescriptor.getFile() != null) {
fileDescriptor.getFile().close();
return true;
}
return false;
} catch (FileTransferServiceHelperUtilException | IOException e) {
String msg = "Error occurred while checking the existence of artifact on the local environment"; String msg = "Error occurred while checking the existence of artifact on the local environment";
log.error(msg, e); log.error(msg, e);
throw new FileTransferServiceException(msg, e); throw new FileTransferServiceException(msg, e);

@ -244,9 +244,10 @@ public class FileTransferServiceHelperUtil {
} }
private static FileDescriptor resolve(String []urlSegments) throws FileTransferServiceHelperUtilException { private static FileDescriptor resolve(String []urlSegments) throws FileTransferServiceHelperUtilException {
// check the possibility of url is pointing to a file resides in the default storage path
if (urlSegments.length < 4) { if (urlSegments.length < 4) {
if (log.isDebugEnabled()) { if (log.isDebugEnabled()) {
log.debug("URL path segments contain less than 2 segments"); log.debug("URL path segments contain less than 4 segments");
} }
return null; return null;
} }

Loading…
Cancel
Save