From 99131683216ef3529019b0502c513cc7aee5cba0 Mon Sep 17 00:00:00 2001
From: Mark Iantorno <markiantorno@gmail.com>
Date: Sat, 28 Nov 2020 09:47:19 -0500
Subject: [PATCH] Pay no attention to the man behind the curtain (#388)

* added back in help file, and removed network logging

* avoid checking ssl certs for build server

* fixing help file loading from cli jar
---
 RELEASE_NOTES.md                              |  3 ++
 .../client/network/FhirRequestBuilder.java    |  7 +--
 .../client/network/RetryInterceptor.java      |  2 +-
 .../npm/FilesystemPackageCacheManager.java    | 16 ++-----
 .../fhir/utilities/npm/SSLCertTruster.java    | 48 +++++++++++++++++++
 .../fhir/validation/cli/utils/Display.java    |  6 ++-
 .../hl7/fhir/validation/cli/utils/Params.java |  2 -
 7 files changed, 65 insertions(+), 19 deletions(-)
 create mode 100644 org.hl7.fhir.utilities/src/main/java/org/hl7/fhir/utilities/npm/SSLCertTruster.java

diff --git a/RELEASE_NOTES.md b/RELEASE_NOTES.md
index e69de29bb..178f02643 100644
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@@ -0,0 +1,3 @@
+* Removed logs from network calls
+* Added back in help file display
+* Avoiding checking ssl certs for build server, this needs to be fixed and should not be left in long term
\ No newline at end of file
diff --git a/org.hl7.fhir.r5/src/main/java/org/hl7/fhir/r5/utils/client/network/FhirRequestBuilder.java b/org.hl7.fhir.r5/src/main/java/org/hl7/fhir/r5/utils/client/network/FhirRequestBuilder.java
index c840d648c..e51a2c61e 100644
--- a/org.hl7.fhir.r5/src/main/java/org/hl7/fhir/r5/utils/client/network/FhirRequestBuilder.java
+++ b/org.hl7.fhir.r5/src/main/java/org/hl7/fhir/r5/utils/client/network/FhirRequestBuilder.java
@@ -319,9 +319,10 @@ public class FhirRequestBuilder {
       } catch (Exception e) {
         System.out.println("Error parsing response body passed in to logger ->\n" + e.getLocalizedMessage());
       }
-    } else {
-      System.out.println("Call to log HTTP response with null ToolingClientLogger set... are you forgetting to " +
-        "initialize your logger?");
     }
+//    else { // TODO fix logs
+//      System.out.println("Call to log HTTP response with null ToolingClientLogger set... are you forgetting to " +
+//        "initialize your logger?");
+//    }
   }
 }
diff --git a/org.hl7.fhir.r5/src/main/java/org/hl7/fhir/r5/utils/client/network/RetryInterceptor.java b/org.hl7.fhir.r5/src/main/java/org/hl7/fhir/r5/utils/client/network/RetryInterceptor.java
index 5e5d37871..f8d2ea97e 100644
--- a/org.hl7.fhir.r5/src/main/java/org/hl7/fhir/r5/utils/client/network/RetryInterceptor.java
+++ b/org.hl7.fhir.r5/src/main/java/org/hl7/fhir/r5/utils/client/network/RetryInterceptor.java
@@ -39,7 +39,7 @@ public class RetryInterceptor implements Interceptor {
             + "> from url -> " + chain.request().url() + ".");
           response.close();
         }
-        System.out.println(chain.request().method() + " attempt <" + (retryCounter + 1) + "> to url -> " + chain.request().url());
+        // System.out.println(chain.request().method() + " attempt <" + (retryCounter + 1) + "> to url -> " + chain.request().url());
         response = chain.proceed(request);
       } catch (IOException e) {
         try {
diff --git a/org.hl7.fhir.utilities/src/main/java/org/hl7/fhir/utilities/npm/FilesystemPackageCacheManager.java b/org.hl7.fhir.utilities/src/main/java/org/hl7/fhir/utilities/npm/FilesystemPackageCacheManager.java
index f51396162..feef72a9b 100644
--- a/org.hl7.fhir.utilities/src/main/java/org/hl7/fhir/utilities/npm/FilesystemPackageCacheManager.java
+++ b/org.hl7.fhir.utilities/src/main/java/org/hl7/fhir/utilities/npm/FilesystemPackageCacheManager.java
@@ -46,6 +46,7 @@ import org.hl7.fhir.utilities.npm.NpmPackage.NpmPackageFolder;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.net.ssl.*;
 import java.io.File;
 import java.io.FileInputStream;
 import java.io.FileNotFoundException;
@@ -57,6 +58,7 @@ import java.net.URL;
 import java.net.URLConnection;
 import java.nio.channels.FileChannel;
 import java.nio.channels.FileLock;
+import java.security.cert.X509Certificate;
 import java.sql.Timestamp;
 import java.text.ParseException;
 import java.text.SimpleDateFormat;
@@ -630,7 +632,9 @@ public class FilesystemPackageCacheManager extends BasePackageCacheManager imple
 
   private void loadFromBuildServer() throws IOException {
     URL url = new URL("https://build.fhir.org/ig/qas.json?nocache=" + System.currentTimeMillis());
-    HttpURLConnection connection = (HttpURLConnection) url.openConnection();
+    SSLCertTruster.trustAllHosts();
+    HttpsURLConnection connection = (HttpsURLConnection) url.openConnection();
+    connection.setHostnameVerifier(SSLCertTruster.DO_NOT_VERIFY);
     connection.setRequestMethod("GET");
     InputStream json = connection.getInputStream();
     buildInfo = (JsonArray) new com.google.gson.JsonParser().parse(TextFile.streamToString(json));
@@ -655,16 +659,6 @@ public class FilesystemPackageCacheManager extends BasePackageCacheManager imple
     buildLoaded = true; // whether it succeeds or not
   }
 
-  //  private String buildPath(String url) {
-//    for (JsonElement e : buildInfo) {
-//      JsonObject j = (JsonObject) e;
-//      if (j.has("url") && (url.equals(j.get("url").getAsString()) || j.get("url").getAsString().startsWith(url+"/ImplementationGuide"))) {
-//        return "https://build.fhir.org/ig/"+j.get("repo").getAsString();
-//      }
-//    }
-//    return null;
-//  }
-//
   private String getRepo(String path) {
     String[] p = path.split("\\/");
     return p[0] + "/" + p[1];
diff --git a/org.hl7.fhir.utilities/src/main/java/org/hl7/fhir/utilities/npm/SSLCertTruster.java b/org.hl7.fhir.utilities/src/main/java/org/hl7/fhir/utilities/npm/SSLCertTruster.java
new file mode 100644
index 000000000..3a147d703
--- /dev/null
+++ b/org.hl7.fhir.utilities/src/main/java/org/hl7/fhir/utilities/npm/SSLCertTruster.java
@@ -0,0 +1,48 @@
+package org.hl7.fhir.utilities.npm;
+
+import javax.net.ssl.*;
+import java.security.cert.X509Certificate;
+
+/**
+ * This is a _temporary_ fix to get around the fact that the build server's SSL certs have expired and people cannot
+ * publish IGs or run tests that rely on that box. The intention is to overhaul much of the current networking code
+ * to a more central, unified, HttpClient module.
+ * <p>
+ * If this is still in the code in 2021, contact markiantorno on github and yell at him.
+ */
+public class SSLCertTruster {
+
+  // always verify the host - dont check for certificate
+  final static HostnameVerifier DO_NOT_VERIFY = new HostnameVerifier() {
+    public boolean verify(String hostname, SSLSession session) {
+      return true;
+    }
+  };
+
+  /**
+   * Trust every server - don't check for any certificate
+   */
+  public static void trustAllHosts() {
+    // Create a trust manager that does not validate certificate chains
+    TrustManager[] trustAllCerts = new TrustManager[]{ new X509TrustManager() {
+      @Override
+      public void checkClientTrusted(X509Certificate[] x509Certificates, String s) {}
+
+      @Override
+      public void checkServerTrusted(X509Certificate[] x509Certificates, String s) {}
+
+      public X509Certificate[] getAcceptedIssuers() {
+        return new X509Certificate[]{};
+      }
+    }};
+
+    // Install the all-trusting trust manager
+    try {
+      SSLContext sc = SSLContext.getInstance("TLS");
+      sc.init(null, trustAllCerts, new java.security.SecureRandom());
+      HttpsURLConnection.setDefaultSSLSocketFactory(sc.getSocketFactory());
+    } catch (Exception e) {
+      e.printStackTrace();
+    }
+  }
+}
diff --git a/org.hl7.fhir.validation/src/main/java/org/hl7/fhir/validation/cli/utils/Display.java b/org.hl7.fhir.validation/src/main/java/org/hl7/fhir/validation/cli/utils/Display.java
index 2f8637f65..ebf74f78a 100644
--- a/org.hl7.fhir.validation/src/main/java/org/hl7/fhir/validation/cli/utils/Display.java
+++ b/org.hl7.fhir.validation/src/main/java/org/hl7/fhir/validation/cli/utils/Display.java
@@ -1,11 +1,13 @@
 package org.hl7.fhir.validation.cli.utils;
 
 import org.apache.commons.io.FileUtils;
+import org.apache.commons.io.IOUtils;
 import org.hl7.fhir.utilities.npm.FilesystemPackageCacheManager;
 import org.hl7.fhir.utilities.npm.ToolsVersion;
 
 import java.io.File;
 import java.io.IOException;
+import java.io.InputStream;
 
 /**
  * Class for displaying output to the cli user.
@@ -32,9 +34,9 @@ public class Display {
    */
   public static void displayHelpDetails() {
     ClassLoader classLoader = Display.class.getClassLoader();
-    File file = new File(classLoader.getResource("help.txt").getFile());
+    InputStream help = classLoader.getResourceAsStream("help.txt");
     try {
-      String data = FileUtils.readFileToString(file, "UTF-8");
+      String data = IOUtils.toString(help, "UTF-8");
       System.out.println(data);
     } catch (IOException e) {
       e.printStackTrace();
diff --git a/org.hl7.fhir.validation/src/main/java/org/hl7/fhir/validation/cli/utils/Params.java b/org.hl7.fhir.validation/src/main/java/org/hl7/fhir/validation/cli/utils/Params.java
index fcb40d1f6..c2ce5fc77 100644
--- a/org.hl7.fhir.validation/src/main/java/org/hl7/fhir/validation/cli/utils/Params.java
+++ b/org.hl7.fhir.validation/src/main/java/org/hl7/fhir/validation/cli/utils/Params.java
@@ -238,8 +238,6 @@ public class Params {
         cliContext.addSource(args[i]);
       }
     }
-    if (cliContext.getSources().isEmpty())
-      throw new Exception("Must provide at least one source file");
     return cliContext;
   }