Okhttp (#1)

* added support for okhttp3

* added support custom CA Certs

Author: eeisegn

CHANGELOG.md

@@ -11,14 +11,21 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 - Upcoming changes...
 
+## [0.5.0] - 2023-07-26
+### Added
+- Switched to okhttp for REST communication
+- Added custom HTTP certificate support (`customCert`)
+  - CLI option: `--ca-cert`
+### Fixed
+- Fixed issue with null json object printing
+
 ## [0.4.0] - 2023-07-07
 
 ### Added
 - Added long snippet generation check limit (`snippetLimit`)
 - Added command line option: `--snippet-limit` to support it
 
 ## [0.2.0] - 2023-07-04
-
 ### Added
 - First pass at the following Classes
     - Fingerprinting ([Winnowing](src/main/java/com/scanoss/Winnowing.java))
@@ -29,3 +36,4 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 [0.2.0]: https://github.com/scanoss/scanoss.java/compare/v0.0.0...v0.2.0
 [0.4.0]: https://github.com/scanoss/scanoss.java/compare/v0.2.0...v0.4.0
+[0.5.0]: https://github.com/scanoss/scanoss.java/compare/v0.4.0...v0.5.0

README.md

@@ -52,6 +52,14 @@ The package also ships with a sample CLI. It can be run using the example script
 scanos-cli.sh -h
 ```
 
+### Custom Certificate
+In order to connect to a SCANOSS server with a custom (self-signed) certificate,
+the keychain will need to be imported onto the CA Certs into the instance of java before proceeding:
+
+```bash
+keytool -cacerts -importcert -file custom-key-chain.pem
+```
+
 ## Development
 
 Before starting with development of this project, please read our [CONTRIBUTING](CONTRIBUTING.md)

SBOM.json

@@ -0,0 +1,189 @@
+{
+  "bomFormat": "CycloneDX",
+  "specVersion": "1.4",
+  "serialNumber": "urn:uuid:36e7c0cb-8330-4fe5-82ce-11061851147e",
+  "version": 1,
+  "components": [
+    {
+      "type": "library",
+      "name": "scanoss.java",
+      "publisher": "scanoss",
+      "version": "0.4.0",
+      "purl": "pkg:github/scanoss/scanoss.java",
+      "bom-ref": "pkg:github/scanoss/scanoss.java",
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "junit",
+      "publisher": "",
+      "version": "4.13.1",
+      "purl": "pkg:maven/junit/junit",
+      "bom-ref": "pkg:maven/junit/junit",
+      "licenses": [
+        {
+          "license": {
+            "id": "EPL-1.0"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "mockwebserver",
+      "publisher": "",
+      "version": "4.11.0",
+      "purl": "pkg:maven/com.squareup.okhttp3/mockwebserver",
+      "bom-ref": "pkg:maven/com.squareup.okhttp3/mockwebserver",
+      "licenses": [
+        {
+          "license": {
+            "name": "Apache-2.0"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "lombok",
+      "publisher": "",
+      "version": "1.18.26",
+      "purl": "pkg:maven/org.projectlombok/lombok",
+      "bom-ref": "pkg:maven/org.projectlombok/lombok",
+      "licenses": [
+        {
+          "license": {
+            "name": "MIT"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "okhttp",
+      "publisher": "",
+      "version": "4.11.0",
+      "purl": "pkg:maven/com.squareup.okhttp3/okhttp",
+      "bom-ref": "pkg:maven/com.squareup.okhttp3/okhttp",
+      "licenses": [
+        {
+          "license": {
+            "name": "Apache-2.0"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "commons-codec",
+      "publisher": "",
+      "version": "1.15",
+      "purl": "pkg:maven/commons-codec/commons-codec",
+      "bom-ref": "pkg:maven/commons-codec/commons-codec",
+      "licenses": [
+        {
+          "license": {
+            "name": "Apache-2.0"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "slf4j-api",
+      "publisher": "",
+      "version": "2.0.7",
+      "purl": "pkg:maven/org.slf4j/slf4j-api",
+      "bom-ref": "pkg:maven/org.slf4j/slf4j-api",
+      "licenses": [
+        {
+          "license": {
+            "name": "MIT"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "slf4j-simple",
+      "publisher": "",
+      "version": "2.0.7",
+      "purl": "pkg:maven/org.slf4j/slf4j-simple",
+      "bom-ref": "pkg:maven/org.slf4j/slf4j-simple",
+      "licenses": [
+        {
+          "license": {
+            "name": "MIT"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "tika-core",
+      "publisher": "",
+      "version": "2.7.0",
+      "purl": "pkg:maven/org.apache.tika/tika-core",
+      "bom-ref": "pkg:maven/org.apache.tika/tika-core",
+      "licenses": [
+        {
+          "license": {
+            "name": "Apache-2.0"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "picocli",
+      "publisher": "",
+      "version": "4.7.3",
+      "purl": "pkg:maven/info.picocli/picocli",
+      "bom-ref": "pkg:maven/info.picocli/picocli",
+      "licenses": [
+        {
+          "license": {
+            "name": "Apache-2.0"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "gson",
+      "publisher": "",
+      "version": "2.10.1",
+      "purl": "pkg:maven/com.google.code.gson/gson",
+      "bom-ref": "pkg:maven/com.google.code.gson/gson",
+      "licenses": [
+        {
+          "license": {
+            "id": "Apache-2.0"
+          }
+        }
+      ]
+    },
+    {
+      "type": "library",
+      "name": "jquery",
+      "publisher": "OpenJS Foundation and other contributors",
+      "version": "3.5.1",
+      "purl": "pkg:npm/jquery",
+      "bom-ref": "pkg:npm/jquery",
+      "licenses": [
+        {
+          "license": {
+            "id": "MIT"
+          }
+        }
+      ]
+    }
+  ],
+  "vulnerabilities": []
+}

pom.xml

@@ -6,7 +6,7 @@
 
     <groupId>com.scanoss</groupId>
     <artifactId>scanoss</artifactId>
-    <version>0.4.0</version>
+    <version>0.5.0</version>
     <packaging>jar</packaging>
     <name>scanoss.java</name>
     <url>https://github.com/scanoss/scanoss.java</url>
@@ -78,6 +78,16 @@
             <version>1.18.26</version>
             <optional>true</optional>
         </dependency>
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>okhttp</artifactId>
+            <version>4.11.0</version>
+        </dependency>
+        <dependency>
+            <groupId>com.squareup.okhttp3</groupId>
+            <artifactId>okhttp-tls</artifactId>
+            <version>4.11.0</version>
+        </dependency>
         <dependency>
             <groupId>commons-codec</groupId>
             <artifactId>commons-codec</artifactId>

src/main/java/com/scanoss/Scanner.java

@@ -37,6 +37,7 @@
 import java.io.IOException;
 import java.nio.file.*;
 import java.nio.file.attribute.BasicFileAttributes;
+import java.time.Duration;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Objects;
@@ -45,6 +46,8 @@
 import java.util.concurrent.Executors;
 import java.util.concurrent.Future;
 
+import static com.scanoss.ScanossConstants.*;
+
 /**
  * SCANOSS Scanner Class
  * <p>
@@ -68,26 +71,28 @@ public class Scanner {
     @Builder.Default
     private Boolean allFolders = Boolean.FALSE; // Enable Scanning of all folders (except hidden)
     @Builder.Default
-    private Integer numThreads = 5;  // Number of parallel threads to use when processing a folder
+    private Integer numThreads = DEFAULT_WORKER_THREADS;  // Number of parallel threads to use when processing a folder
     @Builder.Default
-    private Integer timeout = 120; // API POST timeout
+    private Duration timeout = Duration.ofSeconds(DEFAULT_TIMEOUT); // API POST timeout
     @Builder.Default
-    private Integer retryLimit = 5; // Retry limit for posting scan requests
+    private Integer retryLimit = DEFAULT_HTTP_RETRY_LIMIT; // Retry limit for posting scan requests
     private String url;  // Alternative scanning URL
     private String apiKey; // API key
     private String scanFlags; // Scan flags to pass to the API
     private String sbomType; // SBOM type (identify/ignore)
     private String sbom;  // SBOM to supply while scanning
     private int snippetLimit; // Size limit for a single line of generated snippet
+    private String customCert; // Custom certificate
     private Winnowing winnowing;
     private ScanApi scanApi;
     private ScanFileProcessor scanFileProcessor;
     private WfpFileProcessor wfpFileProcessor;
 
     @SuppressWarnings("unused")
     private Scanner(Boolean skipSnippets, Boolean allExtensions, Boolean obfuscate, Boolean hpsm,
-                    Boolean hiddenFilesFolders, Boolean allFolders, Integer numThreads, Integer timeout, Integer retryLimit,
-                    String url, String apiKey, String scanFlags, String sbomType, String sbom, Integer snippetLimit,
+                    Boolean hiddenFilesFolders, Boolean allFolders, Integer numThreads, Duration timeout,
+                    Integer retryLimit, String url, String apiKey, String scanFlags, String sbomType, String sbom,
+                    Integer snippetLimit, String customCert,
                     Winnowing winnowing, ScanApi scanApi,
                     ScanFileProcessor scanFileProcessor, WfpFileProcessor wfpFileProcessor
     ) {
@@ -106,13 +111,20 @@ private Scanner(Boolean skipSnippets, Boolean allExtensions, Boolean obfuscate,
         this.sbomType = sbomType;
         this.sbom = sbom;
         this.snippetLimit = snippetLimit;
+        this.customCert = customCert;
         this.winnowing = Objects.requireNonNullElseGet(winnowing, () ->
-                Winnowing.builder().skipSnippets(skipSnippets).allExtensions(allExtensions).obfuscate(obfuscate).hpsm(hpsm).snippetLimit(snippetLimit).build());
+                Winnowing.builder().skipSnippets(skipSnippets).allExtensions(allExtensions).obfuscate(obfuscate)
+                        .hpsm(hpsm).snippetLimit(snippetLimit)
+                        .build());
         this.scanApi = Objects.requireNonNullElseGet(scanApi, () ->
-                ScanApi.builder().url(url).apiKey(apiKey).timeout(timeout).retryLimit(retryLimit).flags(scanFlags).scanType(sbomType).sbom(sbom).build());
+                ScanApi.builder().url(url).apiKey(apiKey).timeout(timeout).retryLimit(retryLimit).flags(scanFlags)
+                        .scanType(sbomType).sbom(sbom).customCert(customCert)
+                        .build());
         this.scanFileProcessor = Objects.requireNonNullElseGet(scanFileProcessor, () ->
                 ScanFileProcessor.builder().winnowing(this.winnowing).scanApi(this.scanApi).build());
-        this.wfpFileProcessor = Objects.requireNonNullElseGet(wfpFileProcessor, () -> WfpFileProcessor.builder().winnowing(this.winnowing).build());
+        this.wfpFileProcessor = Objects.requireNonNullElseGet(wfpFileProcessor, () -> WfpFileProcessor.builder()
+                .winnowing(this.winnowing)
+                .build());
     }
 
     /**
@@ -288,9 +300,8 @@ public List<String> wfpFolder(@NonNull String folder) throws ScannerException, W
      * @return scan results string (in JSON format)
      * @throws ScannerException     Something in Scanning failed
      * @throws WinnowingException   Something in Winnowing failed
-     * @throws InterruptedException Scan API was interrupted
      */
-    public String scanFile(@NonNull String filename) throws ScannerException, WinnowingException, InterruptedException {
+    public String scanFile(@NonNull String filename) throws ScannerException, WinnowingException {
         String wfp = wfpFile(filename);
         if (wfp != null && !wfp.isEmpty()) {
             String response = this.scanApi.scan(wfp, "", 1);

src/main/java/com/scanoss/ScanossConstants.java

@@ -11,6 +11,18 @@
  */
 @SuppressWarnings("SpellCheckingInspection")
 public class ScanossConstants {
+    /**
+     * Default timeout for HTTP communication
+     */
+    public static final int DEFAULT_TIMEOUT = 120;
+    /**
+     * Default number of worker threads to use then processing files
+     */
+    public static final int DEFAULT_WORKER_THREADS = 5;
+    /**
+     * Default number of times to retry sending data to HTTP
+     */
+    public static final int DEFAULT_HTTP_RETRY_LIMIT = 5;
 
     static final int GRAM = 30; // Winnowing Gram size. Do NOT Modify
     static final int WINDOW = 64; // Winnowing Window size. Do NOT Modify