infernap12/jdk
1
0
Fork 0
mirror of https://github.com/openjdk/jdk.git synced 2026-02-04 23:48:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

8262027: Improve how HttpConnection detects a closed channel when taking/returning a connection to the pool

Browse Source 
Reviewed-by: chegar, michaelm
This commit is contained in:
Daniel Fuchs 2021-02-24 10:50:35 +00:00
parent 382e38dd24
commit 0d2dbd2995
4 changed files with 601 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

51
src/java.net.http/share/classes/jdk/internal/net/http/HttpConnection.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -150,6 +150,51 @@ abstract class HttpConnection implements Closeable {
(connected() ? !getConnectionFlow().isFinished() : true);
}
/**
* Forces a call to the native implementation of the
* connection's channel to verify that this channel is still
* open.
* <p>
* This method should only be called just after an HTTP/1.1
* connection is retrieved from the HTTP/1.1 connection pool.
* It is used to trigger an early detection of the channel state,
* before handling the connection over to the HTTP stack.
* It helps minimizing race conditions where the selector manager
* thread hasn't woken up - or hasn't raised the event, before
* the connection was retrieved from the pool. It helps reduce
* the occurrence of "HTTP/1.1 parser received no bytes"
* exception, when the server closes the connection while
* it's being taken out of the pool.
* <p>
* This method attempts to read one byte from the underlying
* channel. Because the connection was in the pool - there
* should be nothing to read.
* <p>
* If {@code read} manages to read a byte off the connection, this is a
* protocol error: the method closes the connection and returns false.
* If {@code read} returns EOF, the method closes the connection and
* returns false.
* If {@code read} throws an exception, the method returns false.
* Otherwise, {@code read} returns 0, the channel appears to be
* still open, and the method returns true.
* @return true if the channel appears to be still open.
*/
final boolean checkOpen() {
if (isOpen()) {
try {
// channel is non blocking
int read = channel().read(ByteBuffer.allocate(1));
if (read == 0) return true;
close();
} catch (IOException x) {
debug.log("Pooled connection is no longer operational: %s",
x.toString());
return false;
}
}
return false;
}
interface HttpPublisher extends FlowTube.TubePublisher {
void enqueue(List<ByteBuffer> buffers) throws IOException;
void enqueueUnordered(List<ByteBuffer> buffers) throws IOException;
@ -206,7 +251,7 @@ abstract class HttpConnection implements Closeable {
if (!secure) {
c = pool.getConnection(false, addr, proxy);
if (c != null && c.isOpen() /* may have been eof/closed when in the pool */) {
if (c != null && c.checkOpen() /* may have been eof/closed when in the pool */) {
final HttpConnection conn = c;
if (DEBUG_LOGGER.on())
DEBUG_LOGGER.log(conn.getConnectionFlow()
@ -350,7 +395,7 @@ abstract class HttpConnection implements Closeable {
.map((s) -> !s.equalsIgnoreCase("close"))
.orElse(true);
if (keepAlive && isOpen()) {
if (keepAlive && checkOpen()) {
Log.logTrace("Returning connection to the pool: {0}", this);
pool.returnToPool(this);
} else {

323
test/jdk/java/net/httpclient/HttpsTunnelAuthTest.java Normal file
View File

@ -0,0 +1,323 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import java.io.IOException;
import java.net.ProxySelector;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpClient.Version;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.http.HttpResponse.BodyHandlers;
import java.nio.charset.StandardCharsets;
import java.util.Arrays;
import java.util.Base64;
import java.util.List;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.net.ssl.SSLContext;
import jdk.test.lib.net.SimpleSSLContext;
import static java.lang.System.out;
/**
* @test
* @bug 8262027
* @summary Verify that it's possible to handle proxy authentication manually
* even when using an HTTPS tunnel. This test uses an authenticating
* proxy (basic auth) serving an authenticated server (basic auth).
* The test also helps verifying the fix for 8262027.
* @library /test/lib http2/server
* @build jdk.test.lib.net.SimpleSSLContext HttpServerAdapters ProxyServer HttpsTunnelAuthTest
* @modules java.net.http/jdk.internal.net.http.common
* java.net.http/jdk.internal.net.http.frame
* java.net.http/jdk.internal.net.http.hpack
* java.logging
* java.base/sun.net.www.http
* java.base/sun.net.www
* java.base/sun.net
* @run main/othervm -Djdk.httpclient.HttpClient.log=requests,headers,errors
* -Djdk.http.auth.tunneling.disabledSchemes
* -Djdk.httpclient.allowRestrictedHeaders=connection
* -Djdk.internal.httpclient.debug=true
* HttpsTunnelAuthTest
*
*/
//-Djdk.internal.httpclient.debug=true -Dtest.debug=true
public class HttpsTunnelAuthTest implements HttpServerAdapters, AutoCloseable {
static final String data[] = {
"Lorem ipsum",
"dolor sit amet",
"consectetur adipiscing elit, sed do eiusmod tempor",
"quis nostrud exercitation ullamco",
"laboris nisi",
"ut",
"aliquip ex ea commodo consequat." +
"Duis aute irure dolor in reprehenderit in voluptate velit esse" +
"cillum dolore eu fugiat nulla pariatur.",
"Excepteur sint occaecat cupidatat non proident."
};
static final SSLContext context;
static {
try {
context = new SimpleSSLContext().get();
SSLContext.setDefault(context);
} catch (Exception x) {
throw new ExceptionInInitializerError(x);
}
}
final String realm = "earth";
final String sUserName = "arthur";
final String pUserName = "porpoise";
final String sPassword = "dent";
final String pPassword = "fish";
final String proxyAuth = "Basic " + Base64.getEncoder().withoutPadding()
.encodeToString((pUserName+":"+pPassword).getBytes(StandardCharsets.US_ASCII));
final String serverAuth = "Basic " + Base64.getEncoder().withoutPadding()
.encodeToString((sUserName+":"+sPassword).getBytes(StandardCharsets.UTF_8));
final DigestEchoServer.HttpTestAuthenticator testAuth =
new DigestEchoServer.HttpTestAuthenticator(realm, sUserName);
DigestEchoServer http1Server;
DigestEchoServer https1Server;
DigestEchoServer https2Server;
ProxyServer proxy;
ProxySelector proxySelector;
HttpClient client;
HttpsTunnelAuthTest() {
}
void setUp() throws IOException {
// Creates an HTTP/1.1 Server that will authenticate for
// arthur with password dent
http1Server = DigestEchoServer.createServer(Version.HTTP_1_1,
"http",
DigestEchoServer.HttpAuthType.SERVER,
testAuth,
DigestEchoServer.HttpAuthSchemeType.BASICSERVER,
new HttpTestEchoHandler(),
"/");
// Creates a TLS HTTP/1.1 Server that will authenticate for
// arthur with password dent
https1Server = DigestEchoServer.createServer(Version.HTTP_1_1,
"https",
DigestEchoServer.HttpAuthType.SERVER,
testAuth,
DigestEchoServer.HttpAuthSchemeType.BASICSERVER,
new HttpTestEchoHandler(),
"/");
// Creates a TLS HTTP/2 Server that will authenticate for
// arthur with password dent
https2Server = DigestEchoServer.createServer(Version.HTTP_2,
"https",
DigestEchoServer.HttpAuthType.SERVER,
testAuth,
DigestEchoServer.HttpAuthSchemeType.BASICSERVER,
new HttpTestEchoHandler(), "/");
// Creates a proxy server that will authenticate for
// porpoise with password fish.
proxy = new ProxyServer(0, true, pUserName, pPassword);
// Creates a proxy selector that unconditionally select the
// above proxy.
var ps = proxySelector = ProxySelector.of(proxy.getProxyAddress());
// Creates a client that uses the above proxy selector
client = newHttpClient(ps);
}
@Override
public void close() throws Exception {
if (proxy != null) close(proxy::stop);
if (http1Server != null) close(http1Server::stop);
if (https1Server != null) close(https1Server::stop);
if (https2Server != null) close(https2Server::stop);
}
private void close(AutoCloseable closeable) {
try {
closeable.close();
} catch (Exception x) {
// OK.
}
}
public HttpClient newHttpClient(ProxySelector ps) {
HttpClient.Builder builder = HttpClient
.newBuilder()
.sslContext(context)
.proxy(ps);
return builder.build();
}
public static void main(String[] args) throws Exception {
try (HttpsTunnelAuthTest test = new HttpsTunnelAuthTest()) {
test.setUp();
// tests proxy and server authentication through:
// - plain proxy connection to plain HTTP/1.1 server,
test.test(Version.HTTP_1_1, "http", "/foo/http1");
// can't really test plain proxy connection to plain HTTP/2 server:
// this is not supported: we downgrade to HTTP/1.1 in that case
// so that is actually somewhat equivalent to the first case:
// therefore we will use a new client to force re-authentication
// of the proxy connection.
test.client = test.newHttpClient(test.proxySelector);
test.test(Version.HTTP_2, "http", "/foo/http2");
// - proxy tunnel SSL connection to HTTP/1.1 server
test.test(Version.HTTP_1_1, "https", "/foo/https1");
// - proxy tunnel SSl connection to HTTP/2 server
test.test(Version.HTTP_2, "https", "/foo/https2");
}
}
DigestEchoServer server(String scheme, Version version) {
return switch (scheme) {
case "https" -> secure(version);
case "http" -> unsecure(version);
default -> throw new IllegalArgumentException(scheme);
};
}
DigestEchoServer unsecure(Version version) {
return switch (version) {
// when accessing HTTP/2 through a proxy we downgrade to HTTP/1.1
case HTTP_1_1, HTTP_2 -> http1Server;
default -> throw new IllegalArgumentException(String.valueOf(version));
};
}
DigestEchoServer secure(Version version) {
return switch (version) {
case HTTP_1_1 -> https1Server;
case HTTP_2 -> https2Server;
default -> throw new IllegalArgumentException(String.valueOf(version));
};
}
Version expectedVersion(String scheme, Version version) {
// when trying to send a plain HTTP/2 request through a proxy
// it should be downgraded to HTTP/1
return "http".equals(scheme) ? Version.HTTP_1_1 : version;
}
public void test(Version version, String scheme, String path) throws Exception {
System.out.printf("%nTesting %s, %s, %s%n", version, scheme, path);
DigestEchoServer server = server(scheme, version);
try {
URI uri = jdk.test.lib.net.URIBuilder.newBuilder()
.scheme(scheme)
.host("localhost")
.port(server.getServerAddress().getPort())
.path(path).build();
out.println("Proxy is: " + proxySelector.select(uri));
List<String> lines = List.of(Arrays.copyOfRange(data, 0, data.length));
assert lines.size() == data.length;
String body = lines.stream().collect(Collectors.joining("\r\n"));
HttpRequest.BodyPublisher reqBody = HttpRequest.BodyPublishers.ofString(body);
// Build first request, with no authorization header
HttpRequest.Builder req1Builder = HttpRequest
.newBuilder(uri)
.version(Version.HTTP_2)
.POST(reqBody);
HttpRequest req1 = req1Builder.build();
out.printf("%nPosting to %s server at: %s%n", expectedVersion(scheme, version), req1);
// send first request, with no authorization: we expect 407
HttpResponse<Stream<String>> response = client.send(req1, BodyHandlers.ofLines());
out.println("Checking response: " + response);
if (response.body() != null) response.body().sequential().forEach(out::println);
// check that we got 407, and check that we got the expected
// Proxy-Authenticate header
if (response.statusCode() != 407) {
throw new RuntimeException("Unexpected status code: " + response);
}
var pAuthenticate = response.headers().firstValue("proxy-authenticate").get();
if (!pAuthenticate.equals("Basic realm=\"proxy realm\"")) {
throw new RuntimeException("Unexpected proxy-authenticate: " + pAuthenticate);
}
// Second request will have Proxy-Authorization, no Authorization.
// We should get 401 from the server this time.
out.printf("%nPosting with Proxy-Authorization to %s server at: %s%n", expectedVersion(scheme, version), req1);
HttpRequest authReq1 = HttpRequest.newBuilder(req1, (k, v)-> true)
.header("proxy-authorization", proxyAuth).build();
response = client.send(authReq1, BodyHandlers.ofLines());
out.println("Checking response: " + response);
if (response.body() != null) response.body().sequential().forEach(out::println);
// Check that we have 401, and that we got the expected
// WWW-Authenticate header
if (response.statusCode() != 401) {
throw new RuntimeException("Unexpected status code: " + response);
}
var sAuthenticate = response.headers().firstValue("www-authenticate").get();
if (!sAuthenticate.startsWith("Basic realm=\"earth\"")) {
throw new RuntimeException("Unexpected authenticate: " + sAuthenticate);
}
// Third request has both Proxy-Authorization and Authorization,
// so we now expect 200
out.printf("%nPosting with Authorization to %s server at: %s%n", expectedVersion(scheme, version), req1);
HttpRequest authReq2 = HttpRequest.newBuilder(authReq1, (k, v)-> true)
.header("authorization", serverAuth).build();
response = client.send(authReq2, BodyHandlers.ofLines());
out.println("Checking response: " + response);
// Check that we have 200 and the expected body echoed back.
// Check that the response version is as expected too.
if (response.statusCode() != 200) {
throw new RuntimeException("Unexpected status code: " + response);
}
if (response.version() != expectedVersion(scheme, version)) {
throw new RuntimeException("Unexpected protocol version: "
+ response.version());
}
List<String> respLines = response.body().collect(Collectors.toList());
if (!lines.equals(respLines)) {
throw new RuntimeException("Unexpected response 1: " + respLines);
}
} catch(Throwable t) {
out.println("Unexpected exception: exiting: " + t);
t.printStackTrace(out);
throw t;
}
}
}

264
test/jdk/java/net/httpclient/ProxyServer.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2019, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -23,10 +23,16 @@
import java.net.*;
import java.io.*;
import java.nio.ByteBuffer;
import java.nio.channels.ServerSocketChannel;
import java.nio.channels.SocketChannel;
import java.util.*;
import java.security.*;
import java.util.concurrent.CopyOnWriteArrayList;
import static java.nio.charset.StandardCharsets.US_ASCII;
import static java.nio.charset.StandardCharsets.UTF_8;
import static java.nio.charset.StandardCharsets.ISO_8859_1;
import static java.util.Arrays.asList;
import static java.util.stream.Collectors.toList;
@ -38,7 +44,22 @@ import static java.util.stream.Collectors.toList;
*/
public class ProxyServer extends Thread implements Closeable {
ServerSocket listener;
// could use the test library here - Platform.isWindows(),
// but it would force all tests that use ProxyServer to
// build it. Let's keep it simple.
static final boolean IS_WINDOWS;
static {
PrivilegedAction<String> action =
() -> System.getProperty("os.name", "unknown");
String osName = AccessController.doPrivileged(action);
IS_WINDOWS = osName.toLowerCase(Locale.ROOT).startsWith("win");
}
public static boolean isWindows() {
return IS_WINDOWS;
}
ServerSocketChannel listener;
int port;
volatile boolean debug;
private final Credentials credentials; // may be null
@ -84,10 +105,10 @@ public class ProxyServer extends Thread implements Closeable {
throws IOException
{
this.debug = debug;
listener = new ServerSocket();
listener.setReuseAddress(false);
listener = ServerSocketChannel.open();
listener.setOption(StandardSocketOptions.SO_REUSEADDR, false);
listener.bind(new InetSocketAddress(InetAddress.getLoopbackAddress(), port));
this.port = listener.getLocalPort();
this.port = ((InetSocketAddress)listener.getLocalAddress()).getPort();
this.credentials = credentials;
setName("ProxyListener");
setDaemon(true);
@ -107,6 +128,10 @@ public class ProxyServer extends Thread implements Closeable {
return port;
}
public InetSocketAddress getProxyAddress() throws IOException {
return (InetSocketAddress)listener.getLocalAddress();
}
/**
* Shuts down the proxy, probably aborting any connections
* currently open
@ -143,11 +168,11 @@ public class ProxyServer extends Thread implements Closeable {
int id = 0;
try {
while (!done) {
Socket s = listener.accept();
SocketChannel s = listener.accept();
id++;
Connection c = new Connection(s, id);
if (debug)
System.out.println("Proxy: accepted new connection: " + s);
System.out.println("Proxy: accepted new connection: " + c);
connections.add(c);
c.init();
}
@ -165,7 +190,7 @@ public class ProxyServer extends Thread implements Closeable {
class Connection {
private final int id;
Socket clientSocket, serverSocket;
SocketChannel clientSocket, serverSocket;
Thread out, in;
volatile InputStream clientIn, serverIn;
volatile OutputStream clientOut, serverOut;
@ -173,11 +198,11 @@ public class ProxyServer extends Thread implements Closeable {
final static int CR = 13;
final static int LF = 10;
Connection(Socket s, int id) throws IOException {
Connection(SocketChannel s, int id) throws IOException {
this.id = id;
this.clientSocket= s;
this.clientIn = new BufferedInputStream(s.getInputStream());
this.clientOut = s.getOutputStream();
this.clientIn = new BufferedInputStream(s.socket().getInputStream());
this.clientOut = s.socket().getOutputStream();
}
byte[] readHeaders(InputStream is) throws IOException {
@ -288,37 +313,67 @@ public class ProxyServer extends Thread implements Closeable {
public void init() {
try {
byte[] buf;
String host;
List<String> headers;
boolean authorized = false;
while (true) {
buf = readHeaders(clientIn);
if (findCRLF(buf) == -1) {
if (debug)
System.out.println("Proxy: no CRLF closing, buf contains:["
+ new String(buf, UTF_8) + "]" );
+ new String(buf, ISO_8859_1) + "]" );
close();
return;
}
List<String> headers = asList(new String(buf, UTF_8).split("\r\n"));
headers = asList(new String(buf, ISO_8859_1).split("\r\n"));
host = findFirst(headers, "host");
// check authorization credentials, if required by the server
if (credentials != null && !authorized(credentials, headers)) {
String resp = "HTTP/1.1 407 Proxy Authentication Required\r\n" +
"Content-Length: 0\r\n" +
"Proxy-Authenticate: Basic realm=\"proxy realm\"\r\n\r\n";
clientOut.write(resp.getBytes(UTF_8));
if (credentials != null) {
if (!authorized(credentials, headers)) {
String resp = "HTTP/1.1 407 Proxy Authentication Required\r\n" +
"Content-Length: 0\r\n" +
"Proxy-Authenticate: Basic realm=\"proxy realm\"\r\n\r\n";
clientSocket.setOption(StandardSocketOptions.TCP_NODELAY, true);
clientSocket.setOption(StandardSocketOptions.SO_LINGER, 2);
var buffer = ByteBuffer.wrap(resp.getBytes(ISO_8859_1));
clientSocket.write(buffer);
if (debug) {
var linger = clientSocket.getOption(StandardSocketOptions.SO_LINGER);
var nodelay = clientSocket.getOption(StandardSocketOptions.TCP_NODELAY);
System.out.printf("Proxy: unauthorized; 407 sent (%s/%s), linger: %s, nodelay: %s%n",
buffer.position(), buffer.position() + buffer.remaining(), linger, nodelay);
}
if (shouldCloseAfter407(headers)) {
closeConnection();
return;
}
continue;
}
authorized = true;
break;
} else {
break;
}
}
int p = findCRLF(buf);
String cmd = new String(buf, 0, p, "US-ASCII");
String cmd = new String(buf, 0, p, ISO_8859_1);
String[] params = cmd.split(" ");
if (params[0].equals("CONNECT")) {
doTunnel(params[1]);
} else {
doProxy(params[1], buf, p, cmd);
// TODO:
// this does not really work as it should: it also establishes
// a tunnel (proxyCommon). So it works as long as the client only
// sends a single plain request through the proxy - as all
// other requests would otherwise be tunneled to the
// server identified in the first request.
// It seems enough for our purpose for now, though.
// Fixing this would imply dealing with Content-Length, Transfer-Encoding,
// etc, both when writing to and reading from the server.
doProxy(params[1], cmd, headers, host, authorized);
}
} catch (Throwable e) {
if (debug) {
@ -329,25 +384,136 @@ public class ProxyServer extends Thread implements Closeable {
}
}
void doProxy(String dest, byte[] buf, int p, String cmdLine)
String findFirst(List<String> headers, String key) {
var h = key.toLowerCase(Locale.ROOT) + ": ";
return headers.stream()
.filter((s) -> s.toLowerCase(Locale.ROOT).startsWith(h))
.findFirst()
.map((s) -> s.substring(h.length()))
.map(String::trim)
.orElse(null);
}
private long drain(SocketChannel socket) throws IOException {
boolean isBlocking = socket.isBlocking();
if (isBlocking) {
socket.configureBlocking(false);
}
try {
ByteBuffer buffer = ByteBuffer.allocate(1024);
int read;
long drained = 0;
while ((read = socket.read(buffer)) > 0) {
drained += read;
buffer.position(0);
buffer.limit(buffer.capacity());
}
return drained;
} finally {
if (isBlocking) {
socket.configureBlocking(true);
}
}
}
void closeConnection() throws IOException {
if (debug) {
var linger = clientSocket.getOption(StandardSocketOptions.SO_LINGER);
var nodelay = clientSocket.getOption(StandardSocketOptions.TCP_NODELAY);
System.out.printf("Proxy: closing connection id=%s, linger: %s, nodelay: %s%n",
id, linger, nodelay);
}
long drained = drain(clientSocket);
if (debug) {
System.out.printf("Proxy: drained: %s%n", drained);
}
clientSocket.shutdownOutput();
try {
// On windows, we additionally need to delay before
// closing the socket. Otherwise we get a reset on the
// client side (The connection was aborted by a software
// on the host machine).
// Delay 500ms before actually closing the socket
if (isWindows()) Thread.sleep(500);
} catch (InterruptedException x) {
// OK
}
clientSocket.shutdownInput();
close();
}
// If the client sends a request body we will need to close the connection
// otherwise, we can keep it open.
private boolean shouldCloseAfter407(List<String> headers) throws IOException {
var te = findFirst(headers, "transfer-encoding");
if (te != null) {
// processing transfer encoding not implemented
if (debug) {
System.out.println("Proxy: transfer-encoding with 407, closing connection");
}
return true; // should close
}
var cl = findFirst(headers, "content-length");
int n = -1;
try {
n = Integer.parseInt(cl);
if (debug) {
System.out.printf("Proxy: content-length: %d%n", cl);
}
} catch (IllegalFormatException x) {
if (debug) {
System.out.println("Proxy: bad content-length, closing connection");
}
return true; // should close
}
if (n > 0 || n < -1) {
if (debug) {
System.out.println("Proxy: request body with 407, closing connection");
}
return true; // should close
}
var cmdline = headers.get(0);
int m = cmdline.indexOf(' ');
var method = (m > 0) ? cmdline.substring(0, m) : null;
var nobody = List.of("GET", "HEAD");
if (n == 0 || nobody.contains(m)) {
var available = clientIn.available();
var drained = drain(clientSocket);
if (drained > 0 || available > 0) {
if (debug) {
System.out.printf("Proxy: unexpected bytes (%d) with 407, closing connection%n",
drained + available);
}
return true; // should close
}
// can keep open: CL=0 or no CL and GET or HEAD
return false;
} else {
if (debug) {
System.out.println("Proxy: possible body with 407, closing connection");
}
return true; // should close
}
}
void doProxy(String dest, String cmdLine, List<String> headers, String host, boolean authorized)
throws IOException
{
try {
URI uri = new URI(dest);
if (!uri.isAbsolute()) {
throw new IOException("request URI not absolute");
if (host == null) {
throw new IOException("request URI not absolute");
} else {
uri = new URI("http://" + host + dest);
}
}
if (debug) System.out.printf("Proxy: uri=%s%n", uri);
dest = uri.getAuthority();
// now extract the path from the URI and recreate the cmd line
int sp = cmdLine.indexOf(' ');
String method = cmdLine.substring(0, sp);
cmdLine = method + " " + uri.getPath() + " HTTP/1.1";
int x = cmdLine.length() - 1;
int i = p;
while (x >=0) {
buf[i--] = (byte)cmdLine.charAt(x--);
}
i++;
commonInit(dest, 80);
OutputStream sout;
@ -356,8 +522,25 @@ public class ProxyServer extends Thread implements Closeable {
sout = serverOut;
}
// might fail if we're closing but we don't care.
sout.write(buf, i, buf.length-i);
proxyCommon();
byte[] CRLF = new byte[] { (byte) '\r', (byte) '\n'};
sout.write(cmdLine.getBytes(ISO_8859_1));
sout.write(CRLF);
if (debug) System.out.printf("Proxy Forwarding: %s%n", cmdLine);
for (int l=1; l<headers.size(); l++) {
var s = headers.get(l);
if (!authorized || !s.toLowerCase(Locale.ROOT).startsWith("proxy-authorization")) {
sout.write(s.getBytes(ISO_8859_1));
sout.write(CRLF);
if (debug) System.out.printf("Proxy Forwarding: %s%n", s);
} else {
if (debug) System.out.printf("Proxy Skipping: %s%n", s);
}
}
sout.write(CRLF);
if (debug) System.out.printf("Proxy Forwarding: %n");
// This will now establish a tunnel :-(
proxyCommon(debug);
} catch (URISyntaxException e) {
throw new IOException(e);
@ -375,20 +558,25 @@ public class ProxyServer extends Thread implements Closeable {
}
if (debug)
System.out.printf("Proxy: connecting to (%s/%d)\n", hostport[0], port);
serverSocket = new Socket(hostport[0], port);
serverOut = serverSocket.getOutputStream();
serverSocket = SocketChannel.open();
serverSocket.connect(new InetSocketAddress(hostport[0], port));
serverOut = serverSocket.socket().getOutputStream();
serverIn = new BufferedInputStream(serverSocket.getInputStream());
serverIn = new BufferedInputStream(serverSocket.socket().getInputStream());
}
synchronized void proxyCommon() throws IOException {
synchronized void proxyCommon(boolean log) throws IOException {
if (closing) return;
out = new Thread(() -> {
try {
byte[] bb = new byte[8000];
int n;
int body = 0;
while ((n = clientIn.read(bb)) != -1) {
serverOut.write(bb, 0, n);
body += n;
if (log)
System.out.printf("Proxy Forwarding [request body]: total %d%n", body);
}
closing = true;
serverSocket.close();
@ -404,8 +592,12 @@ public class ProxyServer extends Thread implements Closeable {
try {
byte[] bb = new byte[8000];
int n;
int resp = 0;
while ((n = serverIn.read(bb)) != -1) {
clientOut.write(bb, 0, n);
resp += n;
if (log) System.out.printf("Proxy Forwarding [response]: %s%n", new String(bb, 0, n, UTF_8));
if (log) System.out.printf("Proxy Forwarding [response]: total %d%n", resp);
}
closing = true;
serverSocket.close();
@ -430,7 +622,7 @@ public class ProxyServer extends Thread implements Closeable {
commonInit(dest, 443);
// might fail if we're closing, but we don't care.
clientOut.write("HTTP/1.1 200 OK\r\n\r\n".getBytes());
proxyCommon();
proxyCommon(false);
}
@Override

4
test/jdk/java/net/httpclient/whitebox/java.net.http/jdk/internal/net/http/ConnectionPoolTest.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2017, 2020, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2017, 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -402,7 +402,7 @@ public class ConnectionPoolTest {
}
@Override
public int read(ByteBuffer dst) throws IOException {
return error();
return isConnected() ? 0 : -1;
}
@Override
public long read(ByteBuffer[] dsts, int offset, int length) throws IOException {