Update to fix breaking change in ipfs v0.5.0

(use POST instead of GET)

Author: ianopolous

lib/cid.jar

@@ -4,7 +4,7 @@
 
     <groupId>com.github.ipfs</groupId>
     <artifactId>java-ipfs-http-client</artifactId>
-	<version>v1.2.3</version>
+	<version>v1.3.0</version>
 	<packaging>jar</packaging>
 
 	<name>java-ipfs-http-client</name>

lib/multibase.jar

@@ -676,9 +676,35 @@ private byte[] retrieve(String path) throws IOException {
     }
 
     private static byte[] get(URL target, int timeout) throws IOException {
-        HttpURLConnection conn = configureConnection(target, "GET", timeout);
+        HttpURLConnection conn = configureConnection(target, "POST", timeout);
+        conn.setDoOutput(true);
+        /* See IFFS commit for why this is a POST and not a GET https://github.com/ipfs/go-ipfs/pull/7097
+           This commit upgrades go-ipfs-cmds and configures the commands HTTP API Handler
+           to only allow POST/OPTIONS, disallowing GET and others in the handling of
+           command requests in the IPFS HTTP API (where before every type of request
+           method was handled, with GET/POST/PUT/PATCH being equivalent).
+
+           The Read-Only commands that the HTTP API attaches to the gateway endpoint will
+           additional handled GET as they did before (but stop handling PUT,DELETEs).
+
+           By limiting the request types we address the possibility that a website
+           accessed by a browser abuses the IPFS API by issuing GET requests to it which
+           have no Origin or Referrer set, and are thus bypass CORS and CSRF protections.
+
+           This is a breaking change for clients that relay on GET requests against the
+           HTTP endpoint (usually :5001). Applications integrating on top of the
+           gateway-read-only API should still work (including cross-domain access).
+        */
+        conn.setRequestMethod("POST");
+        conn.setRequestProperty("Content-Type", "application/json");
+        conn.setConnectTimeout(10_000);
+        conn.setReadTimeout(60_000);
 
         try {
+            OutputStream out = conn.getOutputStream();
+            out.write(new byte[0]);
+            out.flush();
+            out.close();
             InputStream in = conn.getInputStream();
             ByteArrayOutputStream resp = new ByteArrayOutputStream();
 
@@ -689,13 +715,10 @@ private static byte[] get(URL target, int timeout) throws IOException {
             return resp.toByteArray();
         } catch (ConnectException e) {
             throw new RuntimeException("Couldn't connect to IPFS daemon at "+target+"\n Is IPFS running?");
-        } catch (SocketTimeoutException e) {
-            throw new RuntimeException(String.format("timeout (%d ms) has been exceeded", timeout));
         } catch (IOException e) {
-            String err = Optional.ofNullable(conn.getErrorStream())
-                    .map(s->new String(readFully(s)))
-                    .orElse(e.getMessage());
-            throw new RuntimeException("IOException contacting IPFS daemon.\nTrailer: " + conn.getHeaderFields().get("Trailer") + " " + err, e);
+            InputStream errorStream = conn.getErrorStream();
+            String err = errorStream == null ? e.getMessage() : new String(readFully(errorStream));
+            throw new RuntimeException("IOException contacting IPFS daemon.\n"+err+"\nTrailer: " + conn.getHeaderFields().get("Trailer"), e);
         }
     }
 

lib/multihash.jar

@@ -30,8 +30,7 @@ default Cid cid() {
             MessageDigest md = MessageDigest.getInstance("SHA-256");
             md.update(raw);
             byte[] digest = md.digest();
-            Multihash h = new Multihash(Multihash.Type.sha2_256, digest);
-            return new Cid(1, Cid.Codec.DagCbor, h);
+            return new Cid(1, Cid.Codec.DagCbor, Multihash.Type.sha2_256, digest);
         } catch (NoSuchAlgorithmException e) {
             throw new RuntimeException(e.getMessage(), e);
         }