Merge branch 'master' into patch-12

Author: atuc2

build/checkstyle-import.xml

@@ -38,6 +38,7 @@
     <allow pkg="java.security"/>
 
     <allow pkg="org.apache.catalina"/>
+    <allow pkg="org.apache.coyote"/>
 
     <!-- chai -->
     <allow pkg="com.novell.ldapchai"/>

client/pom.xml

@@ -18,6 +18,15 @@
         <project.root.basedir>${project.basedir}/..</project.root.basedir>
     </properties>
 
+    <profiles>
+        <profile>
+            <id>skip-frontend</id>
+            <properties>
+                <skip.npm>true</skip.npm>
+            </properties>
+        </profile>
+    </profiles>
+
     <build>
         <plugins>
             <plugin>

data-service/pom.xml

@@ -140,7 +140,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.8.1</version>
+            <version>3.9</version>
         </dependency>
         <dependency>
             <groupId>com.sun.mail</groupId>

data-service/src/main/java/password/pwm/receiver/SummaryBean.java

@@ -125,11 +125,8 @@ static SummaryBean fromStorage( final Storage storage, final TimeDuration maxAge
                     final Statistic statistic = Statistic.forKey( statKey );
                     if ( statistic != null )
                     {
-                        if ( statistic.getType() == Statistic.Type.INCREMENTER )
-                        {
-                            final int count = Integer.parseInt( bean.getStatistics().get( statKey ) );
-                            incrementCounterMap( statCount, statistic.getLabel( null ), count );
-                        }
+                        final int count = Integer.parseInt( bean.getStatistics().get( statKey ) );
+                        incrementCounterMap( statCount, statistic.getLabel( null ), count );
                     }
                 }
             }

docker/pom.xml

@@ -34,7 +34,7 @@
             <plugin>
                 <groupId>com.google.cloud.tools</groupId>
                 <artifactId>jib-maven-plugin</artifactId>
-                <version>1.0.2</version>
+                <version>1.1.0</version>
                 <executions>
                     <execution>
                         <id>make-docker-image</id>

onejar/pom.xml

@@ -17,7 +17,7 @@
 
     <properties>
         <project.root.basedir>${project.basedir}/..</project.root.basedir>
-        <tomcat.version>9.0.16</tomcat.version>
+        <tomcat.version>9.0.19</tomcat.version>
     </properties>
 
     <build>

onejar/src/main/java/password/pwm/onejar/TomcatOnejarRunner.java

@@ -25,6 +25,7 @@
 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.startup.Tomcat;
 import org.apache.catalina.util.ServerInfo;
+import org.apache.coyote.http2.Http2Protocol;
 
 import javax.servlet.ServletException;
 import java.io.BufferedReader;
@@ -159,6 +160,7 @@ private Connector makeConnector( final OnejarConfig onejarConfig, final Properti
         }
         connector.setSecure( true );
         connector.setScheme( "https" );
+        connector.addUpgradeProtocol( new Http2Protocol() );
         connector.setAttribute( "SSLEnabled", "true" );
         connector.setAttribute( "keystoreFile", onejarConfig.getKeystoreFile().getAbsolutePath() );
         connector.setAttribute( "keystorePass", onejarConfig.getKeystorePass() );

pom.xml

@@ -247,7 +247,7 @@
                     <dependency>
                         <groupId>com.github.spotbugs</groupId>
                         <artifactId>spotbugs</artifactId>
-                        <version>3.1.12</version>
+                        <version>4.0.0-beta1</version>
                     </dependency>
                 </dependencies>
                 <configuration>
@@ -291,7 +291,7 @@
         <dependency>
             <groupId>com.github.spotbugs</groupId>
             <artifactId>spotbugs-annotations</artifactId>
-            <version>3.1.12</version>
+            <version>4.0.0-beta1</version>
             <scope>provided</scope>
         </dependency>
     </dependencies>

server/pom.xml

@@ -249,7 +249,7 @@
         <dependency>
             <groupId>org.apache.commons</groupId>
             <artifactId>commons-lang3</artifactId>
-            <version>3.8.1</version>
+            <version>3.9</version>
         </dependency>
         <dependency>
             <groupId>commons-validator</groupId>

server/src/main/java/password/pwm/AppProperty.java

@@ -78,7 +78,7 @@ public enum AppProperty
     CONFIG_EDITOR_QUERY_FILTER_TEST_LIMIT           ( "configEditor.queryFilter.testLimit" ),
     CONFIG_EDITOR_IDLE_TIMEOUT                      ( "configEditor.idleTimeoutSeconds" ),
     CONFIG_GUIDE_IDLE_TIMEOUT                       ( "configGuide.idleTimeoutSeconds" ),
-    CONFIG_MANAGER_ZIPDEBUG_MAXLOGLINES             ( "configManager.zipDebug.maxLogLines" ),
+    CONFIG_MANAGER_ZIPDEBUG_MAXLOGBYTES             ( "configManager.zipDebug.maxLogBytes" ),
     CONFIG_MANAGER_ZIPDEBUG_MAXLOGSECONDS           ( "configManager.zipDebug.maxLogSeconds" ),
     CLUSTER_DB_ENABLE                               ( "cluster.db.enable" ),
     CLUSTER_DB_HEARTBEAT_SECONDS                    ( "cluster.db.heartbeatSeconds" ),
@@ -194,6 +194,8 @@ public enum AppProperty
     HEALTHCHECK_MIN_CHECK_INTERVAL                  ( "healthCheck.minimumCheckIntervalSeconds" ),
     HEALTHCHECK_MAX_RECORD_AGE                      ( "healthCheck.maximumRecordAgeSeconds" ),
     HEALTHCHECK_MAX_FORCE_WAIT                      ( "healthCheck.maximumForceCheckWaitSeconds" ),
+    HEALTH_SUPPORT_BUNDLE_WRITE_INTERVAL_SECONDS    ( "health.supportBundle.file.writeIntervalSeconds" ),
+    HEALTH_SUPPORT_BUNDLE_FILE_WRITE_COUNT          ( "health.supportBundle.file.writeRetentionCount" ),
     HEALTH_CERTIFICATE_WARN_SECONDS                 ( "health.certificate.warnSeconds" ),
     HEALTH_LDAP_CAUTION_DURATION_MS                 ( "health.ldap.cautionDurationMS" ),
     HEALTH_LDAP_PROXY_WARN_PW_EXPIRE_SECONDS        ( "health.ldap.proxy.pwExpireWarnSeconds" ),

server/src/main/java/password/pwm/bean/LocalSessionStateBean.java

@@ -24,6 +24,8 @@
 
 import lombok.Data;
 import password.pwm.ldap.UserInfoBean;
+import password.pwm.util.EventRateMeter;
+import password.pwm.util.java.TimeDuration;
 
 import java.io.Serializable;
 import java.time.Instant;
@@ -64,8 +66,11 @@ public class LocalSessionStateBean implements Serializable
 
     private boolean passwordModified;
     private boolean privateUrlAccessed;
+    private boolean captchaBypassedViaParameter;
 
     private final AtomicInteger intruderAttempts = new AtomicInteger( 0 );
+    private final AtomicInteger requestCount = new AtomicInteger( 0 );
+    private final EventRateMeter.MovingAverage avgRequestDuration = new EventRateMeter.MovingAverage( TimeDuration.DAY );
     private boolean oauthInProgress;
 
     private boolean sessionIdRecycleNeeded;

server/src/main/java/password/pwm/config/stored/StoredConfigurationImpl.java

@@ -44,8 +44,8 @@
 import password.pwm.error.PwmUnrecoverableException;
 import password.pwm.i18n.Config;
 import password.pwm.i18n.PwmLocaleBundle;
-import password.pwm.util.i18n.LocaleHelper;
 import password.pwm.util.PasswordData;
+import password.pwm.util.i18n.LocaleHelper;
 import password.pwm.util.java.JavaHelper;
 import password.pwm.util.java.JsonUtil;
 import password.pwm.util.java.StringUtil;

server/src/main/java/password/pwm/config/value/FileValue.java

@@ -89,30 +89,30 @@ public static FileContent fromEncodedString( final String input )
                 throws IOException
         {
             final byte[] convertedBytes = StringUtil.base64Decode( input );
-            return new FileContent( new ImmutableByteArray( convertedBytes ) );
+            return new FileContent( ImmutableByteArray.of( convertedBytes ) );
         }
 
         public String toEncodedString( )
                 throws IOException
         {
-            return StringUtil.base64Encode( contents.getBytes(), StringUtil.Base64Options.GZIP );
+            return StringUtil.base64Encode( contents.copyOf(), StringUtil.Base64Options.GZIP );
         }
 
         public String md5sum( )
                 throws PwmUnrecoverableException
         {
-            return SecureEngine.hash( new ByteArrayInputStream( contents.getBytes() ), PwmHashAlgorithm.MD5 );
+            return SecureEngine.hash( new ByteArrayInputStream( contents.copyOf() ), PwmHashAlgorithm.MD5 );
         }
 
         public String sha1sum( )
                 throws PwmUnrecoverableException
         {
-            return SecureEngine.hash( new ByteArrayInputStream( contents.getBytes() ), PwmHashAlgorithm.SHA1 );
+            return SecureEngine.hash( new ByteArrayInputStream( contents.copyOf() ), PwmHashAlgorithm.SHA1 );
         }
 
         public int size( )
         {
-            return contents.getBytes().length;
+            return contents.copyOf().length;
         }
     }
 

server/src/main/java/password/pwm/health/HealthMessage.java

@@ -44,7 +44,7 @@ public enum HealthMessage
     LDAP_TestUserReadPwError( HealthStatus.WARN, HealthTopic.LDAP ),
     LDAP_TestUserOK( HealthStatus.GOOD, HealthTopic.LDAP ),
     Email_SendFailure( HealthStatus.WARN, HealthTopic.Email ),
-    PwNotify_Failure( HealthStatus.WARN, HealthTopic.Email ),
+    PwNotify_Failure( HealthStatus.WARN, HealthTopic.Application ),
     MissingResource( HealthStatus.DEBUG, HealthTopic.Integrity ),
     BrokenMethod( HealthStatus.DEBUG, HealthTopic.Integrity ),
     Appliance_PendingUpdates( HealthStatus.CAUTION, HealthTopic.Appliance ),

server/src/main/java/password/pwm/health/HealthMonitor.java

@@ -25,13 +25,22 @@
 import lombok.Value;
 import password.pwm.AppProperty;
 import password.pwm.PwmApplication;
+import password.pwm.bean.SessionLabel;
 import password.pwm.error.PwmException;
+import password.pwm.error.PwmUnrecoverableException;
+import password.pwm.http.servlet.configmanager.DebugItemGenerator;
 import password.pwm.svc.PwmService;
 import password.pwm.util.PwmScheduler;
+import password.pwm.util.java.FileSystemUtility;
+import password.pwm.util.java.JavaHelper;
 import password.pwm.util.java.TimeDuration;
 import password.pwm.util.logging.PwmLogger;
 
+import java.io.File;
+import java.io.FileOutputStream;
+import java.io.IOException;
 import java.io.Serializable;
+import java.nio.file.Files;
 import java.time.Instant;
 import java.util.ArrayList;
 import java.util.Collection;
@@ -44,6 +53,7 @@
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Future;
 import java.util.concurrent.atomic.AtomicInteger;
+import java.util.zip.ZipOutputStream;
 
 public class HealthMonitor implements PwmService
 {
@@ -64,6 +74,7 @@ public class HealthMonitor implements PwmService
     }
 
     private ExecutorService executorService;
+    private ExecutorService supportZipWriterService;
     private HealthMonitorSettings settings;
 
     private Map<HealthMonitorFlag, Serializable> healthProperties = new ConcurrentHashMap<>();
@@ -82,6 +93,26 @@ public HealthMonitor( )
     {
     }
 
+    public void init( final PwmApplication pwmApplication ) throws PwmException
+    {
+        status = STATUS.OPENING;
+        this.pwmApplication = pwmApplication;
+        settings = HealthMonitorSettings.fromConfiguration( pwmApplication.getConfig() );
+
+        if ( !Boolean.parseBoolean( pwmApplication.getConfig().readAppProperty( AppProperty.HEALTHCHECK_ENABLED ) ) )
+        {
+            LOGGER.debug( () -> "health monitor will remain inactive due to AppProperty " + AppProperty.HEALTHCHECK_ENABLED.getKey() );
+            status = STATUS.CLOSED;
+            return;
+        }
+
+        executorService = PwmScheduler.makeBackgroundExecutor( pwmApplication, this.getClass() );
+        supportZipWriterService = PwmScheduler.makeBackgroundExecutor( pwmApplication, this.getClass() );
+        scheduleNextZipOutput();
+
+        status = STATUS.OPEN;
+    }
+
     public Instant getLastHealthCheckTime( )
     {
         if ( status != STATUS.OPEN )
@@ -122,24 +153,6 @@ public STATUS status( )
         return status;
     }
 
-    public void init( final PwmApplication pwmApplication ) throws PwmException
-    {
-        status = STATUS.OPENING;
-        this.pwmApplication = pwmApplication;
-        settings = HealthMonitorSettings.fromConfiguration( pwmApplication.getConfig() );
-
-        if ( !Boolean.parseBoolean( pwmApplication.getConfig().readAppProperty( AppProperty.HEALTHCHECK_ENABLED ) ) )
-        {
-            LOGGER.debug( () -> "health monitor will remain inactive due to AppProperty " + AppProperty.HEALTHCHECK_ENABLED.getKey() );
-            status = STATUS.CLOSED;
-            return;
-        }
-
-        executorService = PwmScheduler.makeBackgroundExecutor( pwmApplication, this.getClass() );
-
-        status = STATUS.OPEN;
-    }
-
     public Set<HealthRecord> getHealthRecords( )
     {
         if ( status != STATUS.OPEN )
@@ -151,12 +164,12 @@ public Set<HealthRecord> getHealthRecords( )
         {
             final Instant startTime = Instant.now();
             LOGGER.trace( () ->  "begin force immediate check" );
-            final Future future = pwmApplication.getPwmScheduler().scheduleFutureJob( new ImmediateJob(), executorService, TimeDuration.ZERO );
+            final Future future = pwmApplication.getPwmScheduler().scheduleJob( new ImmediateJob(), executorService, TimeDuration.ZERO );
             settings.getMaximumForceCheckWait().pause( future::isDone );
             LOGGER.trace( () ->  "exit force immediate check, done=" + future.isDone() + ", " + TimeDuration.compactFromCurrent( startTime ) );
         }
 
-        pwmApplication.getPwmScheduler().scheduleFutureJob( new UpdateJob(), executorService, settings.getNominalCheckInterval() );
+        pwmApplication.getPwmScheduler().scheduleJob( new UpdateJob(), executorService, settings.getNominalCheckInterval() );
 
         {
             final HealthData localHealthData = this.healthData;
@@ -175,6 +188,10 @@ public void close( )
         {
             executorService.shutdown();
         }
+        if ( supportZipWriterService != null )
+        {
+            supportZipWriterService.shutdown();
+        }
         healthData = emptyHealthData();
         status = STATUS.CLOSED;
     }
@@ -299,4 +316,71 @@ private boolean recordsAreOutdated()
             return TimeDuration.fromCurrent( this.getTimeStamp() ).isLongerThan( settings.getMaximumRecordAge() );
         }
     }
+
+    private void scheduleNextZipOutput()
+    {
+        final int intervalSeconds = JavaHelper.silentParseInt( pwmApplication.getConfig().readAppProperty( AppProperty.HEALTH_SUPPORT_BUNDLE_WRITE_INTERVAL_SECONDS ), 0 );
+        if ( intervalSeconds > 0 )
+        {
+            final TimeDuration intervalDuration = TimeDuration.of( intervalSeconds, TimeDuration.Unit.SECONDS );
+            pwmApplication.getPwmScheduler().scheduleJob( new SupportZipFileWriter( pwmApplication ), supportZipWriterService, intervalDuration );
+        }
+    }
+
+    private class SupportZipFileWriter implements Runnable
+    {
+        private final PwmApplication pwmApplication;
+
+        SupportZipFileWriter( final PwmApplication pwmApplication )
+        {
+            this.pwmApplication = pwmApplication;
+        }
+
+        @Override
+        public void run()
+        {
+            try
+            {
+                writeSupportZipToAppPath();
+            }
+            catch ( Exception e )
+            {
+                LOGGER.debug( SessionLabel.HEALTH_SESSION_LABEL, () -> "error writing support zip to file system: " + e.getMessage() );
+            }
+
+            scheduleNextZipOutput();
+        }
+
+        private void writeSupportZipToAppPath()
+                throws IOException, PwmUnrecoverableException
+        {
+            final File appPath = pwmApplication.getPwmEnvironment().getApplicationPath();
+            if ( !appPath.exists() )
+            {
+                return;
+            }
+
+            final int rotationCount = JavaHelper.silentParseInt( pwmApplication.getConfig().readAppProperty( AppProperty.HEALTH_SUPPORT_BUNDLE_FILE_WRITE_COUNT ), 10 );
+            final DebugItemGenerator debugItemGenerator = new DebugItemGenerator( pwmApplication, SessionLabel.HEALTH_SESSION_LABEL );
+
+            final File supportPath = new File( appPath.getPath() + File.separator + "support" );
+
+            FileSystemUtility.mkdirs( supportPath );
+
+            final File supportFile = new File ( supportPath.getPath() + File.separator + debugItemGenerator.getFilename() );
+
+            FileSystemUtility.rotateBackups( supportFile, rotationCount );
+
+            final File newSupportFile = new File ( supportFile.getPath() + ".new" );
+            Files.deleteIfExists( newSupportFile.toPath() );
+
+            try ( ZipOutputStream zipOutputStream = new ZipOutputStream( new FileOutputStream( newSupportFile ) ) )
+            {
+                LOGGER.trace( SessionLabel.HEALTH_SESSION_LABEL, () -> "beginning periodic support bundle filesystem output" );
+                debugItemGenerator.outputZipDebugFile( zipOutputStream );
+            }
+
+            Files.move( newSupportFile.toPath(), supportFile.toPath() );
+        }
+    }
 }