HtmlLibraryManagerConfigHealthCheck.java
6.75 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
/*
* Decompiled with CFR 0_118.
*
* Could not load the following classes:
* org.apache.felix.scr.annotations.Component
* org.apache.felix.scr.annotations.Properties
* org.apache.felix.scr.annotations.Property
* org.apache.felix.scr.annotations.PropertyUnbounded
* org.apache.felix.scr.annotations.Reference
* org.apache.felix.scr.annotations.Service
* org.apache.sling.commons.osgi.PropertiesUtil
* org.apache.sling.hc.api.HealthCheck
* org.apache.sling.hc.api.Result
* org.apache.sling.hc.api.ResultLog
* org.apache.sling.hc.util.FormattingResultLog
* org.osgi.framework.InvalidSyntaxException
* org.osgi.service.cm.Configuration
* org.osgi.service.cm.ConfigurationAdmin
*/
package com.adobe.cq.security.hc.bundles.impl;
import java.io.IOException;
import java.util.Dictionary;
import org.apache.felix.scr.annotations.Component;
import org.apache.felix.scr.annotations.Properties;
import org.apache.felix.scr.annotations.Property;
import org.apache.felix.scr.annotations.PropertyUnbounded;
import org.apache.felix.scr.annotations.Reference;
import org.apache.felix.scr.annotations.Service;
import org.apache.sling.commons.osgi.PropertiesUtil;
import org.apache.sling.hc.api.HealthCheck;
import org.apache.sling.hc.api.Result;
import org.apache.sling.hc.api.ResultLog;
import org.apache.sling.hc.util.FormattingResultLog;
import org.osgi.framework.InvalidSyntaxException;
import org.osgi.service.cm.Configuration;
import org.osgi.service.cm.ConfigurationAdmin;
@Component(metatype=1, label="HTML Library Manager Health Check", description="Checks if the default CQ HTML Library Manager configuration follows the security guidelines.")
@Properties(value={@Property(name="hc.name", value={"CQ HTML Library Manager Config"}, label="Name", description="Name of the health check."), @Property(name="hc.tags", unbounded=PropertyUnbounded.ARRAY, value={"cq", "security", "production"}, label="Tags", description="Tags for the health check."), @Property(name="hc.mbean.name", value={"htmlLibraryMangerConfig"}, label="MBean Name", description="Name of the JMX mbean to register for this check.")})
@Service(value={HealthCheck.class})
public class HtmlLibraryManagerConfigHealthCheck
implements HealthCheck {
@Reference
private ConfigurationAdmin configurationAdmin;
private static final String HTML_LIBRARY_MGR_PID = "com.adobe.granite.ui.clientlibs.impl.HtmlLibraryManagerImpl";
private static final String MINIFY_PROP = "htmllibmanager.minify";
private static final String GZIP_PROP = "htmllibmanager.gzip";
private static final String DEBUG_PROP = "htmllibmanager.debug";
private static final String TIMING_PROP = "htmllibmanager.timing";
public Result execute() {
FormattingResultLog resultLog = new FormattingResultLog();
boolean success = true;
String filter = "(service.pid=com.adobe.granite.ui.clientlibs.impl.HtmlLibraryManagerImpl)";
try {
Configuration[] htmlLibraryMgrCfg = this.configurationAdmin.listConfigurations(filter);
if (htmlLibraryMgrCfg == null) {
resultLog.warn("The CQ HTML Library Manager configuration has not been changed. It is recommended to change the configuration for production environments.", new Object[0]);
success = false;
} else {
for (Configuration config : htmlLibraryMgrCfg) {
Dictionary properties = config.getProperties();
boolean minifyEnabled = PropertiesUtil.toBoolean(properties.get("htmllibmanager.minify"), (boolean)false);
boolean gzipEnabled = PropertiesUtil.toBoolean(properties.get("htmllibmanager.gzip"), (boolean)false);
boolean debugEnabled = PropertiesUtil.toBoolean(properties.get("htmllibmanager.debug"), (boolean)false);
boolean timingEnabled = PropertiesUtil.toBoolean(properties.get("htmllibmanager.timing"), (boolean)false);
if (!minifyEnabled) {
resultLog.warn("Minification is not enabled.", new Object[0]);
} else {
resultLog.debug("Minification is enabled.", new Object[0]);
}
if (!gzipEnabled) {
resultLog.warn("Gzip compression for JavaScript / CSS files is not enabled.", new Object[0]);
} else {
resultLog.debug("Gzip compression for JavaScript / CSS files is enabled.", new Object[0]);
}
if (debugEnabled) {
resultLog.warn("Debugging is enabled.", new Object[0]);
} else {
resultLog.debug("Debugging is not enabled.", new Object[0]);
}
if (timingEnabled) {
resultLog.warn("JavaScript load timing is enabled.", new Object[0]);
} else {
resultLog.debug("JavaScript load timing is not enabled.", new Object[0]);
}
if (minifyEnabled && gzipEnabled && !debugEnabled && !timingEnabled) continue;
success = false;
}
}
if (success) {
resultLog.debug("The CQ HTML Library Manager is configured in accordance with the security guidelines.", new Object[0]);
} else {
resultLog.debug("[You can change the CQ HTML Library Manager configuration via the Configuration Manager.](/system/console/configMgr/com.adobe.granite.ui.clientlibs.impl.HtmlLibraryManagerImpl)", new Object[0]);
resultLog.debug("[Check the 'OSGI Settings' section in the security guidelines.](https://www.adobe.com/go/aem6_2_docs_security_osgi_en)", new Object[0]);
}
resultLog.debug("[Minification and Gzip compression should be used in production environments to reduce the size of JavaScript / CSS files and improve performance.]( )", new Object[0]);
resultLog.debug("[Debugging and JavaScript load timing should be disabled in production environments.]( )", new Object[0]);
}
catch (InvalidSyntaxException e) {
resultLog.warn("Could not access CQ HTML Library Manager configuration.", new Object[0]);
}
catch (IOException e) {
resultLog.warn("Could not access CQ HTML Library Manager configuration.", new Object[0]);
}
return new Result((ResultLog)resultLog);
}
protected void bindConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
this.configurationAdmin = configurationAdmin;
}
protected void unbindConfigurationAdmin(ConfigurationAdmin configurationAdmin) {
if (this.configurationAdmin == configurationAdmin) {
this.configurationAdmin = null;
}
}
}