diff --git a/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java b/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java index 09b1060eab0..7ae757fe6f2 100644 --- a/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java +++ b/jdk/src/java.base/share/classes/com/sun/net/ssl/internal/www/protocol/https/HttpsURLConnectionOldImpl.java @@ -39,6 +39,7 @@ import java.net.URL; import java.net.Proxy; import java.net.ProtocolException; import java.io.*; +import java.net.Authenticator; import javax.net.ssl.*; import java.security.Permission; import java.util.Map; @@ -489,4 +490,9 @@ public class HttpsURLConnectionOldImpl public void setChunkedStreamingMode (int chunklen) { delegate.setChunkedStreamingMode(chunklen); } + + @Override + public void setAuthenticator(Authenticator auth) { + delegate.setAuthenticator(auth); + } } diff --git a/jdk/src/java.base/share/classes/java/net/Authenticator.java b/jdk/src/java.base/share/classes/java/net/Authenticator.java index 81a87c79987..16af2845c8c 100644 --- a/jdk/src/java.base/share/classes/java/net/Authenticator.java +++ b/jdk/src/java.base/share/classes/java/net/Authenticator.java @@ -25,6 +25,8 @@ package java.net; +import sun.net.www.protocol.http.AuthenticatorKeys; + /** * The class Authenticator represents an object that knows how to obtain * authentication for a network connection. Usually, it will do this @@ -70,6 +72,7 @@ class Authenticator { private String requestingScheme; private URL requestingURL; private RequestorType requestingAuthType; + private final String key = AuthenticatorKeys.computeKey(this); /** * The type of the entity requesting authentication. @@ -348,6 +351,75 @@ class Authenticator { } } + /** + * Ask the given {@code authenticator} for a password. If the given + * {@code authenticator} is null, the authenticator, if any, that has been + * registered with the system using {@link #setDefault(java.net.Authenticator) + * setDefault} is used. + *

+ * First, if there is a security manager, its {@code checkPermission} + * method is called with a + * {@code NetPermission("requestPasswordAuthentication")} permission. + * This may result in a java.lang.SecurityException. + * + * @param authenticator the authenticator, or {@code null}. + * @param host The hostname of the site requesting authentication. + * @param addr The InetAddress of the site requesting authorization, + * or null if not known. + * @param port the port for the requested connection + * @param protocol The protocol that's requesting the connection + * ({@link java.net.Authenticator#getRequestingProtocol()}) + * @param prompt A prompt string for the user + * @param scheme The authentication scheme + * @param url The requesting URL that caused the authentication + * @param reqType The type (server or proxy) of the entity requesting + * authentication. + * + * @return The username/password, or {@code null} if one can't be gotten. + * + * @throws SecurityException + * if a security manager exists and its + * {@code checkPermission} method doesn't allow + * the password authentication request. + * + * @see SecurityManager#checkPermission + * @see java.net.NetPermission + * + * @since 9 + */ + public static PasswordAuthentication requestPasswordAuthentication( + Authenticator authenticator, + String host, + InetAddress addr, + int port, + String protocol, + String prompt, + String scheme, + URL url, + RequestorType reqType) { + + SecurityManager sm = System.getSecurityManager(); + if (sm != null) { + NetPermission requestPermission + = new NetPermission("requestPasswordAuthentication"); + sm.checkPermission(requestPermission); + } + + Authenticator a = authenticator == null ? theAuthenticator : authenticator; + if (a == null) { + return null; + } else { + return a.requestPasswordAuthenticationInstance(host, + addr, + port, + protocol, + prompt, + scheme, + url, + reqType); + } + } + /** * Ask this authenticator for a password. * @@ -493,4 +565,11 @@ class Authenticator { protected RequestorType getRequestorType () { return requestingAuthType; } + + static String getKey(Authenticator a) { + return a.key; + } + static { + AuthenticatorKeys.setAuthenticatorKeyAccess(Authenticator::getKey); + } } diff --git a/jdk/src/java.base/share/classes/java/net/HttpURLConnection.java b/jdk/src/java.base/share/classes/java/net/HttpURLConnection.java index 94b537d2658..9e428e59584 100644 --- a/jdk/src/java.base/share/classes/java/net/HttpURLConnection.java +++ b/jdk/src/java.base/share/classes/java/net/HttpURLConnection.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1996, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1996, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -102,6 +102,53 @@ public abstract class HttpURLConnection extends URLConnection { */ protected long fixedContentLengthLong = -1; + /** + * Supplies an {@link java.net.Authenticator Authenticator} to be used + * when authentication is requested through the HTTP protocol for + * this {@code HttpURLConnection}. + * If no authenticator is supplied, the + * {@linkplain Authenticator#setDefault(java.net.Authenticator) default + * authenticator} will be used. + * + * @implSpec The default behavior of this method is to unconditionally + * throw {@link UnsupportedOperationException}. Concrete + * implementations of {@code HttpURLConnection} + * which support supplying an {@code Authenticator} for a + * specific {@code HttpURLConnection} instance should + * override this method to implement a different behavior. + * + * @implNote Depending on authentication schemes, an implementation + * may or may not need to use the provided authenticator + * to obtain a password. For instance, an implementation that + * relies on third-party security libraries may still invoke the + * default authenticator if these libraries are configured + * to do so. + * Likewise, an implementation that supports transparent + * NTLM authentication may let the system attempt + * to connect using the system user credentials first, + * before invoking the provided authenticator. + *
+ * However, if an authenticator is specifically provided, + * then the underlying connection may only be reused for + * {@code HttpURLConnection} instances which share the same + * {@code Authenticator} instance, and authentication information, + * if cached, may only be reused for an {@code HttpURLConnection} + * sharing that same {@code Authenticator}. + * + * @param auth The {@code Authenticator} that should be used by this + * {@code HttpURLConnection}. + * + * @throws UnsupportedOperationException if setting an Authenticator is + * not supported by the underlying implementation. + * @throws IllegalStateException if URLConnection is already connected. + * @throws NullPointerException if the supplied {@code auth} is {@code null}. + * @since 9 + */ + public void setAuthenticator(Authenticator auth) { + throw new UnsupportedOperationException("Supplying an authenticator" + + " is not supported by " + this.getClass()); + } + /** * Returns the key for the {@code n}th header field. * Some implementations may treat the {@code 0}th diff --git a/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java b/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java index 580842b2faf..9237d37a354 100644 --- a/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java +++ b/jdk/src/java.base/share/classes/sun/net/www/http/HttpClient.java @@ -28,6 +28,7 @@ package sun.net.www.http; import java.io.*; import java.net.*; import java.util.Locale; +import java.util.Objects; import java.util.Properties; import sun.net.NetworkClient; import sun.net.ProgressSource; @@ -35,6 +36,7 @@ import sun.net.www.MessageHeader; import sun.net.www.HeaderParser; import sun.net.www.MeteredStream; import sun.net.www.ParseUtil; +import sun.net.www.protocol.http.AuthenticatorKeys; import sun.net.www.protocol.http.HttpURLConnection; import sun.util.logging.PlatformLogger; import static sun.net.www.protocol.http.HttpURLConnection.TunnelState.*; @@ -132,6 +134,8 @@ public class HttpClient extends NetworkClient { } } + protected volatile String authenticatorKey; + /** * A NOP method kept for backwards binary compatibility * @deprecated -- system properties are no longer cached. @@ -279,10 +283,12 @@ public class HttpClient extends NetworkClient { ret = null; } } - if (ret != null) { - if ((ret.proxy != null && ret.proxy.equals(p)) || - (ret.proxy == null && p == null)) { + String ak = httpuc == null ? AuthenticatorKeys.DEFAULT + : httpuc.getAuthenticatorKey(); + boolean compatible = Objects.equals(ret.proxy, p) + && Objects.equals(ret.getAuthenticatorKey(), ak); + if (compatible) { synchronized (ret) { ret.cachedHttpClient = true; assert ret.inCache; @@ -306,6 +312,9 @@ public class HttpClient extends NetworkClient { } if (ret == null) { ret = new HttpClient(url, p, to); + if (httpuc != null) { + ret.authenticatorKey = httpuc.getAuthenticatorKey(); + } } else { SecurityManager security = System.getSecurityManager(); if (security != null) { @@ -341,6 +350,12 @@ public class HttpClient extends NetworkClient { to, useCache, httpuc); } + public final String getAuthenticatorKey() { + String k = authenticatorKey; + if (k == null) return AuthenticatorKeys.DEFAULT; + return k; + } + /* return it to the cache as still usable, if: * 1) It's keeping alive, AND * 2) It still has some connections left, AND diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthCache.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthCache.java index 6af6dd6e2bf..5ca44fa64e6 100644 --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthCache.java +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthCache.java @@ -38,7 +38,8 @@ public interface AuthCache { /** * Put an entry in the cache. pkey is a string specified as follows: * - * A:[B:]C:D:E[:F] Between 4 and 6 fields separated by ":" + * A:[B:]C:D:E[:F][;key=value] Between 4 and 6 fields separated by ":", + * and an optional semicolon-separated key=value list postfix, * where the fields have the following meaning: * A is "s" or "p" for server or proxy authentication respectively * B is optional and is the {@link AuthScheme}, e.g. BASIC, DIGEST, NTLM, etc @@ -47,6 +48,11 @@ public interface AuthCache { * E is the port number * F is optional and if present is the realm * + * The semi-colon separated key=value list postfix can be used to + * provide additional contextual information, thus allowing + * to separate AuthCacheValue instances obtained from different + * contexts. + * * Generally, two entries are created for each AuthCacheValue, * one including the realm and one without the realm. * Also, for some schemes (digest) multiple entries may be created diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java index 487e17ecd37..7d0dae92a8a 100644 --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,6 +30,7 @@ import java.io.ObjectInputStream; import java.net.PasswordAuthentication; import java.net.URL; import java.util.HashMap; +import java.util.Objects; import sun.net.www.HeaderParser; @@ -190,8 +191,18 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone /** The shortest path from the URL we authenticated against. */ String path; + /** + * A key identifying the authenticator from which the credentials + * were obtained. + * {@link AuthenticatorKeys#DEFAULT} identifies the {@linkplain + * java.net.Authenticator#setDefault(java.net.Authenticator) default} + * authenticator. + */ + String authenticatorKey; + /** Use this constructor only for proxy entries */ - public AuthenticationInfo(char type, AuthScheme authScheme, String host, int port, String realm) { + public AuthenticationInfo(char type, AuthScheme authScheme, String host, + int port, String realm, String authenticatorKey) { this.type = type; this.authScheme = authScheme; this.protocol = ""; @@ -199,6 +210,7 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone this.port = port; this.realm = realm; this.path = null; + this.authenticatorKey = Objects.requireNonNull(authenticatorKey); } public Object clone() { @@ -214,7 +226,8 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone * Constructor used to limit the authorization to the path within * the URL. Use this constructor for origin server entries. */ - public AuthenticationInfo(char type, AuthScheme authScheme, URL url, String realm) { + public AuthenticationInfo(char type, AuthScheme authScheme, URL url, String realm, + String authenticatorKey) { this.type = type; this.authScheme = authScheme; this.protocol = url.getProtocol().toLowerCase(); @@ -231,7 +244,16 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone else { this.path = reducePath (urlPath); } + this.authenticatorKey = Objects.requireNonNull(authenticatorKey); + } + /** + * The {@linkplain java.net.Authenticator#getKey(java.net.Authenticator) key} + * of the authenticator that was used to obtain the credentials. + * @return The authenticator's key. + */ + public final String getAuthenticatorKey() { + return authenticatorKey; } /* @@ -256,13 +278,14 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone * don't yet know the realm * (i.e. when we're preemptively setting the auth). */ - static AuthenticationInfo getServerAuth(URL url) { + static AuthenticationInfo getServerAuth(URL url, String authenticatorKey) { int port = url.getPort(); if (port == -1) { port = url.getDefaultPort(); } String key = SERVER_AUTHENTICATION + ":" + url.getProtocol().toLowerCase() - + ":" + url.getHost().toLowerCase() + ":" + port; + + ":" + url.getHost().toLowerCase() + ":" + port + + ";auth=" + authenticatorKey; return getAuth(key, url); } @@ -272,13 +295,17 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone * In this case we do not use the path because the protection space * is identified by the host:port:realm only */ - static String getServerAuthKey(URL url, String realm, AuthScheme scheme) { + static String getServerAuthKey(URL url, String realm, AuthScheme scheme, + String authenticatorKey) { int port = url.getPort(); if (port == -1) { port = url.getDefaultPort(); } - String key = SERVER_AUTHENTICATION + ":" + scheme + ":" + url.getProtocol().toLowerCase() - + ":" + url.getHost().toLowerCase() + ":" + port + ":" + realm; + String key = SERVER_AUTHENTICATION + ":" + scheme + ":" + + url.getProtocol().toLowerCase() + + ":" + url.getHost().toLowerCase() + + ":" + port + ":" + realm + + ";auth=" + authenticatorKey; return key; } @@ -309,8 +336,10 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone * for preemptive header-setting. Note, the protocol field is always * blank for proxies. */ - static AuthenticationInfo getProxyAuth(String host, int port) { - String key = PROXY_AUTHENTICATION + "::" + host.toLowerCase() + ":" + port; + static AuthenticationInfo getProxyAuth(String host, int port, + String authenticatorKey) { + String key = PROXY_AUTHENTICATION + "::" + host.toLowerCase() + ":" + port + + ";auth=" + authenticatorKey; AuthenticationInfo result = (AuthenticationInfo) cache.get(key, null); return result; } @@ -320,9 +349,12 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone * Used in response to a challenge. Note, the protocol field is always * blank for proxies. */ - static String getProxyAuthKey(String host, int port, String realm, AuthScheme scheme) { - String key = PROXY_AUTHENTICATION + ":" + scheme + "::" + host.toLowerCase() - + ":" + port + ":" + realm; + static String getProxyAuthKey(String host, int port, String realm, + AuthScheme scheme, String authenticatorKey) { + String key = PROXY_AUTHENTICATION + ":" + scheme + + "::" + host.toLowerCase() + + ":" + port + ":" + realm + + ";auth=" + authenticatorKey; return key; } @@ -424,27 +456,34 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone String cacheKey(boolean includeRealm) { // This must be kept in sync with the getXXXAuth() methods in this // class. + String authenticatorKey = getAuthenticatorKey(); if (includeRealm) { return type + ":" + authScheme + ":" + protocol + ":" - + host + ":" + port + ":" + realm; + + host + ":" + port + ":" + realm + + ";auth=" + authenticatorKey; } else { - return type + ":" + protocol + ":" + host + ":" + port; + return type + ":" + protocol + ":" + host + ":" + port + + ";auth=" + authenticatorKey; } } String s1, s2; /* used for serialization of pw */ - private void readObject(ObjectInputStream s) + private synchronized void readObject(ObjectInputStream s) throws IOException, ClassNotFoundException { s.defaultReadObject (); pw = new PasswordAuthentication (s1, s2.toCharArray()); s1 = null; s2= null; + if (authenticatorKey == null) { + authenticatorKey = AuthenticatorKeys.DEFAULT; + } } private synchronized void writeObject(java.io.ObjectOutputStream s) throws IOException { + Objects.requireNonNull(authenticatorKey); s1 = pw.getUserName(); s2 = new String (pw.getPassword()); s.defaultWriteObject (); diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticatorKeys.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticatorKeys.java new file mode 100644 index 00000000000..3ae256ca50f --- /dev/null +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/AuthenticatorKeys.java @@ -0,0 +1,76 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +package sun.net.www.protocol.http; + +import java.net.Authenticator; +import java.util.concurrent.atomic.AtomicLong; + +/** + * A class used to tie a key to an authenticator instance. + */ +public final class AuthenticatorKeys { + private AuthenticatorKeys() { + throw new InternalError("Trying to instantiate static class"); + } + + public static final String DEFAULT = "default"; + private static final AtomicLong IDS = new AtomicLong(); + + public static String computeKey(Authenticator a) { + return System.identityHashCode(a) + "-" + IDS.incrementAndGet() + + "@" + a.getClass().getName(); + } + + /** + * Returns a key for the given authenticator. + * + * @param authenticator The authenticator; {@code null} should be + * passed when the {@linkplain + * Authenticator#setDefault(java.net.Authenticator) default} + * authenticator is meant. + * @return A key for the given authenticator, {@link #DEFAULT} for + * {@code null}. + */ + public static String getKey(Authenticator authenticator) { + if (authenticator == null) { + return DEFAULT; + } + return authenticatorKeyAccess.getKey(authenticator); + } + + @FunctionalInterface + public interface AuthenticatorKeyAccess { + public String getKey(Authenticator a); + } + + private static AuthenticatorKeyAccess authenticatorKeyAccess; + public static void setAuthenticatorKeyAccess(AuthenticatorKeyAccess access) { + if (authenticatorKeyAccess == null && access != null) { + authenticatorKeyAccess = access; + } + } + +} diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/BasicAuthentication.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/BasicAuthentication.java index e77da6157f1..db2e880e7e3 100644 --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/BasicAuthentication.java +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/BasicAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1997, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1997, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -32,6 +32,7 @@ import java.net.PasswordAuthentication; import java.io.IOException; import java.io.OutputStream; import java.util.Base64; +import java.util.Objects; import sun.net.www.HeaderParser; /** @@ -54,9 +55,11 @@ class BasicAuthentication extends AuthenticationInfo { * Create a BasicAuthentication */ public BasicAuthentication(boolean isProxy, String host, int port, - String realm, PasswordAuthentication pw) { + String realm, PasswordAuthentication pw, + String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, - AuthScheme.BASIC, host, port, realm); + AuthScheme.BASIC, host, port, realm, + Objects.requireNonNull(authenticatorKey)); String plain = pw.getUserName() + ":"; byte[] nameBytes = null; try { @@ -84,9 +87,11 @@ class BasicAuthentication extends AuthenticationInfo { * Create a BasicAuthentication */ public BasicAuthentication(boolean isProxy, String host, int port, - String realm, String auth) { + String realm, String auth, + String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, - AuthScheme.BASIC, host, port, realm); + AuthScheme.BASIC, host, port, realm, + Objects.requireNonNull(authenticatorKey)); this.auth = "Basic " + auth; } @@ -94,9 +99,11 @@ class BasicAuthentication extends AuthenticationInfo { * Create a BasicAuthentication */ public BasicAuthentication(boolean isProxy, URL url, String realm, - PasswordAuthentication pw) { + PasswordAuthentication pw, + String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, - AuthScheme.BASIC, url, realm); + AuthScheme.BASIC, url, realm, + Objects.requireNonNull(authenticatorKey)); String plain = pw.getUserName() + ":"; byte[] nameBytes = null; try { @@ -124,9 +131,10 @@ class BasicAuthentication extends AuthenticationInfo { * Create a BasicAuthentication */ public BasicAuthentication(boolean isProxy, URL url, String realm, - String auth) { + String auth, String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, - AuthScheme.BASIC, url, realm); + AuthScheme.BASIC, url, realm, + Objects.requireNonNull(authenticatorKey)); this.auth = "Basic " + auth; } @@ -202,4 +210,3 @@ class BasicAuthentication extends AuthenticationInfo { return npath; } } - diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java index 32fe64c609e..7d49792b099 100644 --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java @@ -38,6 +38,7 @@ import java.security.MessageDigest; import java.security.NoSuchAlgorithmException; import java.security.PrivilegedAction; import java.security.AccessController; +import java.util.Objects; import static sun.net.www.protocol.http.HttpURLConnection.HTTP_CONNECT; /** @@ -193,11 +194,12 @@ class DigestAuthentication extends AuthenticationInfo { */ public DigestAuthentication(boolean isProxy, URL url, String realm, String authMethod, PasswordAuthentication pw, - Parameters params) { + Parameters params, String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, AuthScheme.DIGEST, url, - realm); + realm, + Objects.requireNonNull(authenticatorKey)); this.authMethod = authMethod; this.pw = pw; this.params = params; @@ -205,12 +207,13 @@ class DigestAuthentication extends AuthenticationInfo { public DigestAuthentication(boolean isProxy, String host, int port, String realm, String authMethod, PasswordAuthentication pw, - Parameters params) { + Parameters params, String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, AuthScheme.DIGEST, host, port, - realm); + realm, + Objects.requireNonNull(authenticatorKey)); this.authMethod = authMethod; this.pw = pw; this.params = params; diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpCallerInfo.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpCallerInfo.java index 9537275ee37..038f7adfe90 100644 --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpCallerInfo.java +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpCallerInfo.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -25,6 +25,7 @@ package sun.net.www.protocol.http; +import java.net.Authenticator; import java.net.Authenticator.RequestorType; import java.net.InetAddress; import java.net.URL; @@ -49,6 +50,7 @@ public final class HttpCallerInfo { public final int port; public final InetAddress addr; public final RequestorType authType; + public final Authenticator authenticator; /** * Create a schemed object based on an un-schemed one. @@ -62,12 +64,13 @@ public final class HttpCallerInfo { this.addr = old.addr; this.authType = old.authType; this.scheme = scheme; + this.authenticator = old.authenticator; } /** * Constructor an un-schemed object for site access. */ - public HttpCallerInfo(URL url) { + public HttpCallerInfo(URL url, Authenticator a) { this.url= url; prompt = ""; host = url.getHost(); @@ -90,12 +93,13 @@ public final class HttpCallerInfo { protocol = url.getProtocol(); authType = RequestorType.SERVER; scheme = ""; + authenticator = a; } /** * Constructor an un-schemed object for proxy access. */ - public HttpCallerInfo(URL url, String host, int port) { + public HttpCallerInfo(URL url, String host, int port, Authenticator a) { this.url= url; this.host = host; this.port = port; @@ -104,5 +108,6 @@ public final class HttpCallerInfo { protocol = url.getProtocol(); authType = RequestorType.PROXY; scheme = ""; + authenticator = a; } } diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java index 058de37b3b8..5e23b043a69 100644 --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 1995, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 1995, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -78,6 +78,7 @@ import java.text.SimpleDateFormat; import java.util.TimeZone; import java.net.MalformedURLException; import java.nio.ByteBuffer; +import java.util.Objects; import java.util.Properties; import static sun.net.www.protocol.http.AuthScheme.BASIC; import static sun.net.www.protocol.http.AuthScheme.DIGEST; @@ -304,6 +305,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { protected HttpClient http; protected Handler handler; protected Proxy instProxy; + protected volatile Authenticator authenticator; + protected volatile String authenticatorKey; private CookieHandler cookieHandler; private final ResponseCache cacheHandler; @@ -433,6 +436,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { */ private static PasswordAuthentication privilegedRequestPasswordAuthentication( + final Authenticator authenticator, final String host, final InetAddress addr, final int port, @@ -448,7 +452,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { logger.finest("Requesting Authentication: host =" + host + " url = " + url); } PasswordAuthentication pass = Authenticator.requestPasswordAuthentication( - host, addr, port, protocol, + authenticator, host, addr, port, protocol, prompt, scheme, url, authType); if (logger.isLoggable(PlatformLogger.Level.FINEST)) { logger.finest("Authentication returned: " + (pass != null ? pass.toString() : "null")); @@ -507,6 +511,22 @@ public class HttpURLConnection extends java.net.HttpURLConnection { this.authObj = authObj; } + @Override + public synchronized void setAuthenticator(Authenticator auth) { + if (connecting || connected) { + throw new IllegalStateException( + "Authenticator must be set before connecting"); + } + authenticator = Objects.requireNonNull(auth); + authenticatorKey = AuthenticatorKeys.getKey(authenticator); + } + + public String getAuthenticatorKey() { + String k = authenticatorKey; + if (k == null) return AuthenticatorKeys.getKey(authenticator); + return k; + } + /* * checks the validity of http message header and throws * IllegalArgumentException if invalid. @@ -631,7 +651,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { requests.setIfNotSet("If-Modified-Since", fo.format(date)); } // check for preemptive authorization - AuthenticationInfo sauth = AuthenticationInfo.getServerAuth(url); + AuthenticationInfo sauth = AuthenticationInfo.getServerAuth(url, + getAuthenticatorKey()); if (sauth != null && sauth.supportsPreemptiveAuthorization() ) { // Sets "Authorization" requests.setIfNotSet(sauth.getHeaderName(), sauth.getHeaderValue(url,method)); @@ -800,15 +821,15 @@ public class HttpURLConnection extends java.net.HttpURLConnection { * if present */ protected void setProxiedClient (URL url, - String proxyHost, int proxyPort, - boolean useCache) + String proxyHost, int proxyPort, + boolean useCache) throws IOException { proxiedConnect(url, proxyHost, proxyPort, useCache); } protected void proxiedConnect(URL url, - String proxyHost, int proxyPort, - boolean useCache) + String proxyHost, int proxyPort, + boolean useCache) throws IOException { http = HttpClient.New (url, proxyHost, proxyPort, useCache, connectTimeout, this); @@ -878,10 +899,14 @@ public class HttpURLConnection extends java.net.HttpURLConnection { boolean redir; int redirects = 0; InputStream in; + Authenticator a = null; do { if (c instanceof HttpURLConnection) { ((HttpURLConnection) c).setInstanceFollowRedirects(false); + if (a == null) { + a = ((HttpURLConnection) c).authenticator; + } } // We want to open the input stream before @@ -912,6 +937,9 @@ public class HttpURLConnection extends java.net.HttpURLConnection { } redir = true; c = target.openConnection(); + if (a != null && c instanceof HttpURLConnection) { + ((HttpURLConnection)c).setAuthenticator(a); + } redirects++; } } @@ -1612,7 +1640,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { responses, new HttpCallerInfo(url, http.getProxyHostUsed(), - http.getProxyPortUsed()), + http.getProxyPortUsed(), + authenticator), dontUseNegotiate, disabledProxyingSchemes ); @@ -1684,7 +1713,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { srvHdr = new AuthenticationHeader ( "WWW-Authenticate", responses, - new HttpCallerInfo(url), + new HttpCallerInfo(url, authenticator), dontUseNegotiate ); @@ -1762,7 +1791,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { /* path could be an abs_path or a complete URI */ URL u = new URL (url, path); DigestAuthentication d = new DigestAuthentication ( - false, u, realm, "Digest", pw, digestparams); + false, u, realm, "Digest", pw, + digestparams, srv.authenticatorKey); d.addToCache (); } catch (Exception e) {} } @@ -2065,7 +2095,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { responses, new HttpCallerInfo(url, http.getProxyHostUsed(), - http.getProxyPortUsed()), + http.getProxyPortUsed(), + authenticator), dontUseNegotiate, disabledTunnelingSchemes ); @@ -2174,7 +2205,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { private void setPreemptiveProxyAuthentication(MessageHeader requests) throws IOException { AuthenticationInfo pauth = AuthenticationInfo.getProxyAuth(http.getProxyHostUsed(), - http.getProxyPortUsed()); + http.getProxyPortUsed(), + getAuthenticatorKey()); if (pauth != null && pauth.supportsPreemptiveAuthorization()) { String value; if (pauth instanceof DigestAuthentication) { @@ -2228,7 +2260,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { if (realm == null) realm = ""; - proxyAuthKey = AuthenticationInfo.getProxyAuthKey(host, port, realm, authScheme); + proxyAuthKey = AuthenticationInfo.getProxyAuthKey(host, port, realm, + authScheme, getAuthenticatorKey()); ret = AuthenticationInfo.getProxyAuth(proxyAuthKey); if (ret == null) { switch (authScheme) { @@ -2248,21 +2281,25 @@ public class HttpURLConnection extends java.net.HttpURLConnection { } PasswordAuthentication a = privilegedRequestPasswordAuthentication( + authenticator, host, addr, port, "http", realm, scheme, url, RequestorType.PROXY); if (a != null) { - ret = new BasicAuthentication(true, host, port, realm, a); + ret = new BasicAuthentication(true, host, port, realm, a, + getAuthenticatorKey()); } break; case DIGEST: a = privilegedRequestPasswordAuthentication( + authenticator, host, null, port, url.getProtocol(), realm, scheme, url, RequestorType.PROXY); if (a != null) { DigestAuthentication.Parameters params = new DigestAuthentication.Parameters(); ret = new DigestAuthentication(true, host, port, realm, - scheme, a, params); + scheme, a, params, + getAuthenticatorKey()); } break; case NTLM: @@ -2288,6 +2325,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { logger.finest("Trying Transparent NTLM authentication"); } else { a = privilegedRequestPasswordAuthentication( + authenticator, host, null, port, url.getProtocol(), "", scheme, url, RequestorType.PROXY); } @@ -2299,7 +2337,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { */ if (tryTransparentNTLMProxy || (!tryTransparentNTLMProxy && a != null)) { - ret = NTLMAuthenticationProxy.proxy.create(true, host, port, a); + ret = NTLMAuthenticationProxy.proxy.create(true, host, + port, a, getAuthenticatorKey()); } /* set to false so that we do not try again */ @@ -2330,7 +2369,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { URL u = new URL("http", host, port, "/"); String a = defaultAuth.authString(u, scheme, realm); if (a != null) { - ret = new BasicAuthentication (true, host, port, realm, a); + ret = new BasicAuthentication (true, host, port, realm, a, + getAuthenticatorKey()); // not in cache by default - cache on success } } catch (java.net.MalformedURLException ignored) { @@ -2383,7 +2423,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { domain = p.findValue ("domain"); if (realm == null) realm = ""; - serverAuthKey = AuthenticationInfo.getServerAuthKey(url, realm, authScheme); + serverAuthKey = AuthenticationInfo.getServerAuthKey(url, realm, authScheme, + getAuthenticatorKey()); ret = AuthenticationInfo.getServerAuth(serverAuthKey); InetAddress addr = null; if (ret == null) { @@ -2409,19 +2450,24 @@ public class HttpURLConnection extends java.net.HttpURLConnection { case BASIC: PasswordAuthentication a = privilegedRequestPasswordAuthentication( + authenticator, url.getHost(), addr, port, url.getProtocol(), realm, scheme, url, RequestorType.SERVER); if (a != null) { - ret = new BasicAuthentication(false, url, realm, a); + ret = new BasicAuthentication(false, url, realm, a, + getAuthenticatorKey()); } break; case DIGEST: a = privilegedRequestPasswordAuthentication( + authenticator, url.getHost(), addr, port, url.getProtocol(), realm, scheme, url, RequestorType.SERVER); if (a != null) { digestparams = new DigestAuthentication.Parameters(); - ret = new DigestAuthentication(false, url, realm, scheme, a, digestparams); + ret = new DigestAuthentication(false, url, realm, scheme, + a, digestparams, + getAuthenticatorKey()); } break; case NTLM: @@ -2452,6 +2498,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection { logger.finest("Trying Transparent NTLM authentication"); } else { a = privilegedRequestPasswordAuthentication( + authenticator, url.getHost(), addr, port, url.getProtocol(), "", scheme, url, RequestorType.SERVER); } @@ -2464,7 +2511,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { */ if (tryTransparentNTLMServer || (!tryTransparentNTLMServer && a != null)) { - ret = NTLMAuthenticationProxy.proxy.create(false, url1, a); + ret = NTLMAuthenticationProxy.proxy.create(false, + url1, a, getAuthenticatorKey()); } /* set to false so that we do not try again */ @@ -2488,7 +2536,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection { && defaultAuth.schemeSupported(scheme)) { String a = defaultAuth.authString(url, scheme, realm); if (a != null) { - ret = new BasicAuthentication (false, url, realm, a); + ret = new BasicAuthentication (false, url, realm, a, + getAuthenticatorKey()); // not in cache by default - cache on success } } diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java index 335670ee699..d7961a3f0f7 100644 --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/NTLMAuthenticationProxy.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2009, 2013, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2009, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -45,21 +45,22 @@ class NTLMAuthenticationProxy { static final boolean supported = proxy != null ? true : false; static final boolean supportsTransparentAuth = supported ? supportsTransparentAuth() : false; - private final Constructor threeArgCtr; - private final Constructor fiveArgCtr; + private final Constructor fourArgCtr; + private final Constructor sixArgCtr; - private NTLMAuthenticationProxy(Constructor threeArgCtr, - Constructor fiveArgCtr) { - this.threeArgCtr = threeArgCtr; - this.fiveArgCtr = fiveArgCtr; + private NTLMAuthenticationProxy(Constructor fourArgCtr, + Constructor sixArgCtr) { + this.fourArgCtr = fourArgCtr; + this.sixArgCtr = sixArgCtr; } AuthenticationInfo create(boolean isProxy, URL url, - PasswordAuthentication pw) { + PasswordAuthentication pw, + String authenticatorKey) { try { - return threeArgCtr.newInstance(isProxy, url, pw); + return fourArgCtr.newInstance(isProxy, url, pw, authenticatorKey); } catch (ReflectiveOperationException roe) { finest(roe); } @@ -70,9 +71,10 @@ class NTLMAuthenticationProxy { AuthenticationInfo create(boolean isProxy, String host, int port, - PasswordAuthentication pw) { + PasswordAuthentication pw, + String authenticatorKey) { try { - return fiveArgCtr.newInstance(isProxy, host, port, pw); + return sixArgCtr.newInstance(isProxy, host, port, pw, authenticatorKey); } catch (ReflectiveOperationException roe) { finest(roe); } @@ -115,21 +117,23 @@ class NTLMAuthenticationProxy { @SuppressWarnings("unchecked") private static NTLMAuthenticationProxy tryLoadNTLMAuthentication() { Class cl; - Constructor threeArg, fiveArg; + Constructor fourArg, sixArg; try { cl = (Class)Class.forName(clazzStr, true, null); if (cl != null) { - threeArg = cl.getConstructor(boolean.class, + fourArg = cl.getConstructor(boolean.class, URL.class, - PasswordAuthentication.class); - fiveArg = cl.getConstructor(boolean.class, + PasswordAuthentication.class, + String.class); + sixArg = cl.getConstructor(boolean.class, String.class, int.class, - PasswordAuthentication.class); + PasswordAuthentication.class, + String.class); supportsTA = cl.getDeclaredMethod(supportsTAStr); isTrustedSite = cl.getDeclaredMethod(isTrustedSiteStr, java.net.URL.class); - return new NTLMAuthenticationProxy(threeArg, - fiveArg); + return new NTLMAuthenticationProxy(fourArg, + sixArg); } } catch (ClassNotFoundException cnfe) { finest(cnfe); diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java index 820f3eda8a0..d7c379f0d47 100644 --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2014, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -68,7 +68,8 @@ class NegotiateAuthentication extends AuthenticationInfo { super(RequestorType.PROXY==hci.authType ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, hci.scheme.equalsIgnoreCase("Negotiate") ? NEGOTIATE : KERBEROS, hci.url, - ""); + "", + AuthenticatorKeys.getKey(hci.authenticator)); this.hci = hci; } diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java index eadd290e215..628323047bf 100644 --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,7 @@ import java.net.InetSocketAddress; import java.net.Proxy; import java.security.Principal; import java.security.cert.*; +import java.util.Objects; import java.util.StringTokenizer; import java.util.Vector; @@ -46,6 +47,7 @@ import javax.security.auth.x500.X500Principal; import javax.net.ssl.*; import sun.net.www.http.HttpClient; +import sun.net.www.protocol.http.AuthenticatorKeys; import sun.net.www.protocol.http.HttpURLConnection; import sun.security.action.*; @@ -334,8 +336,12 @@ final class HttpsClient extends HttpClient } if (ret != null) { - if ((ret.proxy != null && ret.proxy.equals(p)) || - (ret.proxy == null && p == Proxy.NO_PROXY)) { + String ak = httpuc == null ? AuthenticatorKeys.DEFAULT + : httpuc.getAuthenticatorKey(); + boolean compatible = ((ret.proxy != null && ret.proxy.equals(p)) || + (ret.proxy == null && p == Proxy.NO_PROXY)) + && Objects.equals(ret.getAuthenticatorKey(), ak); + if (compatible) { synchronized (ret) { ret.cachedHttpClient = true; assert ret.inCache; @@ -364,6 +370,9 @@ final class HttpsClient extends HttpClient } if (ret == null) { ret = new HttpsClient(sf, url, p, connectTimeout); + if (httpuc != null) { + ret.authenticatorKey = httpuc.getAuthenticatorKey(); + } } else { SecurityManager security = System.getSecurityManager(); if (security != null) { diff --git a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java index 429079804f0..1b2a584a79b 100644 --- a/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java +++ b/jdk/src/java.base/share/classes/sun/net/www/protocol/https/HttpsURLConnectionImpl.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2001, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2001, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -39,6 +39,7 @@ import java.net.URL; import java.net.Proxy; import java.net.ProtocolException; import java.io.*; +import java.net.Authenticator; import javax.net.ssl.*; import java.security.Permission; import java.security.Principal; @@ -517,4 +518,9 @@ public class HttpsURLConnectionImpl public void setChunkedStreamingMode (int chunklen) { delegate.setChunkedStreamingMode(chunklen); } + + @Override + public void setAuthenticator(Authenticator auth) { + delegate.setAuthenticator(auth); + } } diff --git a/jdk/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java b/jdk/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java index 85bbd53ad43..01213c04360 100644 --- a/jdk/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java +++ b/jdk/src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2015, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -34,6 +34,7 @@ import java.net.UnknownHostException; import java.net.URL; import java.security.GeneralSecurityException; import java.util.Base64; +import java.util.Objects; import sun.net.www.HeaderParser; import sun.net.www.protocol.http.AuthenticationInfo; @@ -116,11 +117,13 @@ public class NTLMAuthentication extends AuthenticationInfo { * If this notation is not used, then the domain will be taken * from a system property: "http.auth.ntlm.domain". */ - public NTLMAuthentication(boolean isProxy, URL url, PasswordAuthentication pw) { + public NTLMAuthentication(boolean isProxy, URL url, PasswordAuthentication pw, + String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, AuthScheme.NTLM, url, - ""); + "", + Objects.requireNonNull(authenticatorKey)); init (pw); } @@ -157,12 +160,14 @@ public class NTLMAuthentication extends AuthenticationInfo { * Constructor used for proxy entries */ public NTLMAuthentication(boolean isProxy, String host, int port, - PasswordAuthentication pw) { + PasswordAuthentication pw, + String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, AuthScheme.NTLM, host, port, - ""); + "", + Objects.requireNonNull(authenticatorKey)); init (pw); } @@ -242,4 +247,3 @@ public class NTLMAuthentication extends AuthenticationInfo { return result; } } - diff --git a/jdk/src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java b/jdk/src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java index 50e056862c9..212e03e834f 100644 --- a/jdk/src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java +++ b/jdk/src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2002, 2012, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2002, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -30,6 +30,7 @@ import java.net.InetAddress; import java.net.PasswordAuthentication; import java.net.UnknownHostException; import java.net.URL; +import java.util.Objects; import sun.net.www.HeaderParser; import sun.net.www.protocol.http.AuthenticationInfo; import sun.net.www.protocol.http.AuthScheme; @@ -88,11 +89,13 @@ public class NTLMAuthentication extends AuthenticationInfo { * If this notation is not used, then the domain will be taken * from a system property: "http.auth.ntlm.domain". */ - public NTLMAuthentication(boolean isProxy, URL url, PasswordAuthentication pw) { + public NTLMAuthentication(boolean isProxy, URL url, PasswordAuthentication pw, + String authenticatorKey) { super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION, AuthScheme.NTLM, url, - ""); + "", + Objects.requireNonNull(authenticatorKey)); init (pw); } @@ -122,12 +125,14 @@ public class NTLMAuthentication extends AuthenticationInfo { * Constructor used for proxy entries */ public NTLMAuthentication(boolean isProxy, String host, int port, - PasswordAuthentication pw) { + PasswordAuthentication pw, + String authenticatorKey) { super(isProxy?PROXY_AUTHENTICATION:SERVER_AUTHENTICATION, AuthScheme.NTLM, host, port, - ""); + "", + Objects.requireNonNull(authenticatorKey)); init (pw); } diff --git a/jdk/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java b/jdk/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java index db03ab580d1..43003bfb811 100644 --- a/jdk/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java +++ b/jdk/src/java.security.jgss/share/classes/sun/net/www/protocol/http/spnego/NegotiateCallbackHandler.java @@ -1,5 +1,5 @@ /* - * Copyright (c) 2005, 2010, Oracle and/or its affiliates. All rights reserved. + * Copyright (c) 2005, 2016, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it @@ -63,6 +63,7 @@ public class NegotiateCallbackHandler implements CallbackHandler { answered = true; PasswordAuthentication passAuth = Authenticator.requestPasswordAuthentication( + hci.authenticator, hci.host, hci.addr, hci.port, hci.protocol, hci.prompt, hci.scheme, hci.url, hci.authType); /** diff --git a/jdk/test/java/net/HttpURLConnection/SetAuthenticator/HTTPSetAuthenticatorTest.java b/jdk/test/java/net/HttpURLConnection/SetAuthenticator/HTTPSetAuthenticatorTest.java new file mode 100644 index 00000000000..543ebc5e821 --- /dev/null +++ b/jdk/test/java/net/HttpURLConnection/SetAuthenticator/HTTPSetAuthenticatorTest.java @@ -0,0 +1,295 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.IOException; +import java.net.Authenticator; +import java.net.HttpURLConnection; +import java.net.Proxy; +import java.net.URL; +import java.util.Arrays; +import java.util.stream.Collectors; +import java.util.stream.Stream; + +/** + * @test + * @bug 8169415 + * @library /lib/testlibrary/ + * @modules java.base/sun.net.www + * java.base/sun.net.www.protocol.http + * jdk.httpserver/sun.net.httpserver + * @build jdk.testlibrary.SimpleSSLContext HTTPTest HTTPTestServer HTTPTestClient HTTPSetAuthenticatorTest + * @summary A simple HTTP test that starts an echo server supporting the given + * authentication scheme, then starts a regular HTTP client to invoke it. + * The client first does a GET request on "/", then follows on + * with a POST request that sends "Hello World!" to the server. + * The client expects to receive "Hello World!" in return. + * The test supports several execution modes: + * SERVER: The server performs Server authentication; + * PROXY: The server pretends to be a proxy and performs + * Proxy authentication; + * SERVER307: The server redirects the client (307) to another + * server that perform Server authentication; + * PROXY305: The server attempts to redirect + * the client to a proxy using 305 code; + * This test runs the client several times, providing different + * authenticators to the HttpURLConnection and verifies that + * the authenticator is invoked as expected - validating that + * connections with different authenticators do not share each + * other's socket channel and authentication info. + * Note: BASICSERVER means that the server will let the underlying + * com.sun.net.httpserver.HttpServer perform BASIC + * authentication when in Server mode. There should be + * no real difference between BASICSERVER and BASIC - it should + * be transparent on the client side. + * @run main/othervm HTTPSetAuthenticatorTest NONE SERVER PROXY SERVER307 PROXY305 + * @run main/othervm HTTPSetAuthenticatorTest DIGEST SERVER + * @run main/othervm HTTPSetAuthenticatorTest DIGEST PROXY + * @run main/othervm HTTPSetAuthenticatorTest DIGEST PROXY305 + * @run main/othervm HTTPSetAuthenticatorTest DIGEST SERVER307 + * @run main/othervm HTTPSetAuthenticatorTest BASIC SERVER + * @run main/othervm HTTPSetAuthenticatorTest BASIC PROXY + * @run main/othervm HTTPSetAuthenticatorTest BASIC PROXY305 + * @run main/othervm HTTPSetAuthenticatorTest BASIC SERVER307 + * @run main/othervm HTTPSetAuthenticatorTest BASICSERVER SERVER + * @run main/othervm HTTPSetAuthenticatorTest BASICSERVER SERVER307 + * + * @author danielfuchs + */ +public class HTTPSetAuthenticatorTest extends HTTPTest { + + public static void main(String[] args) throws Exception { + String[] schemes; + String[] params; + if (args == null || args.length == 0) { + schemes = Stream.of(HttpSchemeType.values()) + .map(HttpSchemeType::name) + .collect(Collectors.toList()) + .toArray(new String[0]); + params = new String[0]; + } else { + schemes = new String[] { args[0] }; + params = Arrays.copyOfRange(args, 1, args.length); + } + for (String scheme : schemes) { + System.out.println("==== Testing with scheme=" + scheme + " ====\n"); + new HTTPSetAuthenticatorTest(HttpSchemeType.valueOf(scheme)) + .execute(params); + System.out.println(); + } + } + + final HttpSchemeType scheme; + public HTTPSetAuthenticatorTest(HttpSchemeType scheme) { + this.scheme = scheme; + } + + @Override + public HttpSchemeType getHttpSchemeType() { + return scheme; + } + + @Override + public int run(HTTPTestServer server, + HttpProtocolType protocol, + HttpAuthType mode) + throws IOException + { + HttpTestAuthenticator authOne = new HttpTestAuthenticator("dublin", "foox"); + HttpTestAuthenticator authTwo = new HttpTestAuthenticator("dublin", "foox"); + int expectedIncrement = scheme == HttpSchemeType.NONE + ? 0 : EXPECTED_AUTH_CALLS_PER_TEST; + int count; + int defaultCount = AUTHENTICATOR.count.get(); + + // Connect to the server with a GET request, then with a + // POST that contains "Hello World!" + // Uses authenticator #1 + System.out.println("\nClient: Using authenticator #1: " + + toString(authOne)); + HTTPTestClient.connect(protocol, server, mode, authOne); + count = authOne.count.get(); + if (count != expectedIncrement) { + throw new AssertionError("Authenticator #1 called " + count(count) + + " expected it to be called " + expected(expectedIncrement)); + } + + // Connect to the server with a GET request, then with a + // POST that contains "Hello World!" + // Uses authenticator #2 + System.out.println("\nClient: Using authenticator #2: " + + toString(authTwo)); + HTTPTestClient.connect(protocol, server, mode, authTwo); + count = authTwo.count.get(); + if (count != expectedIncrement) { + throw new AssertionError("Authenticator #2 called " + count(count) + + " expected it to be called " + expected(expectedIncrement)); + } + count = authTwo.count.get(); + if (count != expectedIncrement) { + throw new AssertionError("Authenticator #2 called " + count(count) + + " expected it to be called " + expected(expectedIncrement)); + } + + // Connect to the server with a GET request, then with a + // POST that contains "Hello World!" + // Uses authenticator #1 + System.out.println("\nClient: Using authenticator #1 again: " + + toString(authOne)); + HTTPTestClient.connect(protocol, server, mode, authOne); + count = authOne.count.get(); + if (count != expectedIncrement) { + throw new AssertionError("Authenticator #1 called " + count(count) + + " expected it to be called " + expected(expectedIncrement)); + } + count = authTwo.count.get(); + if (count != expectedIncrement) { + throw new AssertionError("Authenticator #2 called " + count(count) + + " expected it to be called " + expected(expectedIncrement)); + } + count = AUTHENTICATOR.count.get(); + if (count != defaultCount) { + throw new AssertionError("Default Authenticator called " + count(count) + + " expected it to be called " + expected(defaultCount)); + } + + // Now tries with the default authenticator: it should be invoked. + System.out.println("\nClient: Using the default authenticator: " + + toString(null)); + HTTPTestClient.connect(protocol, server, mode, null); + count = authOne.count.get(); + if (count != expectedIncrement) { + throw new AssertionError("Authenticator #1 called " + count(count) + + " expected it to be called " + expected(expectedIncrement)); + } + count = authTwo.count.get(); + if (count != expectedIncrement) { + throw new AssertionError("Authenticator #2 called " + count(count) + + " expected it to be called " + expected(expectedIncrement)); + } + count = AUTHENTICATOR.count.get(); + if (count != defaultCount + expectedIncrement) { + throw new AssertionError("Default Authenticator called " + count(count) + + " expected it to be called " + expected(defaultCount + expectedIncrement)); + } + + // Now tries with explicitly setting the default authenticator: it should + // be invoked again. + // Uncomment the code below when 8169068 is available. +// System.out.println("\nClient: Explicitly setting the default authenticator: " +// + toString(Authenticator.getDefault())); +// HTTPTestClient.connect(protocol, server, mode, Authenticator.getDefault()); +// count = authOne.count.get(); +// if (count != expectedIncrement) { +// throw new AssertionError("Authenticator #1 called " + count(count) +// + " expected it to be called " + expected(expectedIncrement)); +// } +// count = authTwo.count.get(); +// if (count != expectedIncrement) { +// throw new AssertionError("Authenticator #2 called " + count(count) +// + " expected it to be called " + expected(expectedIncrement)); +// } +// count = AUTHENTICATOR.count.get(); +// if (count != defaultCount + 2 * expectedIncrement) { +// throw new AssertionError("Default Authenticator called " + count(count) +// + " expected it to be called " +// + expected(defaultCount + 2 * expectedIncrement)); +// } + + // Now tries to set an authenticator on a connected connection. + URL url = url(protocol, server.getAddress(), "/"); + Proxy proxy = proxy(server, mode); + HttpURLConnection conn = openConnection(url, mode, proxy); + try { + conn.setAuthenticator(null); + throw new RuntimeException("Expected NullPointerException" + + " trying to set a null authenticator" + + " not raised."); + } catch (NullPointerException npe) { + System.out.println("Client: caught expected NPE" + + " trying to set a null authenticator: " + + npe); + } + conn.connect(); + try { + try { + conn.setAuthenticator(authOne); + throw new RuntimeException("Expected IllegalStateException" + + " trying to set an authenticator after connect" + + " not raised."); + } catch (IllegalStateException ise) { + System.out.println("Client: caught expected ISE" + + " trying to set an authenticator after connect: " + + ise); + } + // Uncomment the code below when 8169068 is available. +// try { +// conn.setAuthenticator(Authenticator.getDefault()); +// throw new RuntimeException("Expected IllegalStateException" +// + " trying to set an authenticator after connect" +// + " not raised."); +// } catch (IllegalStateException ise) { +// System.out.println("Client: caught expected ISE" +// + " trying to set an authenticator after connect: " +// + ise); +// } + try { + conn.setAuthenticator(null); + throw new RuntimeException("Expected" + + " IllegalStateException or NullPointerException" + + " trying to set a null authenticator after connect" + + " not raised."); + } catch (IllegalStateException | NullPointerException xxe) { + System.out.println("Client: caught expected " + + xxe.getClass().getSimpleName() + + " trying to set a null authenticator after connect: " + + xxe); + } + } finally { + conn.disconnect(); + } + + // double check that authOne and authTwo haven't been invoked. + count = authOne.count.get(); + if (count != expectedIncrement) { + throw new AssertionError("Authenticator #1 called " + count(count) + + " expected it to be called " + expected(expectedIncrement)); + } + count = authTwo.count.get(); + if (count != expectedIncrement) { + throw new AssertionError("Authenticator #2 called " + count(count) + + " expected it to be called " + expected(expectedIncrement)); + } + + // All good! + // return the number of times the default authenticator is supposed + // to have been called. + return scheme == HttpSchemeType.NONE ? 0 : 1 * EXPECTED_AUTH_CALLS_PER_TEST; + } + + static String toString(Authenticator a) { + return sun.net.www.protocol.http.AuthenticatorKeys.getKey(a); + } + +} diff --git a/jdk/test/java/net/HttpURLConnection/SetAuthenticator/HTTPTest.java b/jdk/test/java/net/HttpURLConnection/SetAuthenticator/HTTPTest.java new file mode 100644 index 00000000000..87e9a4b407f --- /dev/null +++ b/jdk/test/java/net/HttpURLConnection/SetAuthenticator/HTTPTest.java @@ -0,0 +1,283 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.IOException; +import java.io.UncheckedIOException; +import java.net.Authenticator; +import java.net.HttpURLConnection; +import java.net.InetSocketAddress; +import java.net.MalformedURLException; +import java.net.PasswordAuthentication; +import java.net.Proxy; +import java.net.URL; +import java.util.Locale; +import java.util.concurrent.atomic.AtomicInteger; +import java.util.logging.Level; +import java.util.logging.Logger; +import java.util.stream.Stream; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLSession; +import jdk.testlibrary.SimpleSSLContext; + +/** + * @test + * @bug 8169415 + * @library /lib/testlibrary/ + * @modules java.base/sun.net.www + * jdk.httpserver/sun.net.httpserver + * @build jdk.testlibrary.SimpleSSLContext HTTPTest HTTPTestServer HTTPTestClient + * @summary A simple HTTP test that starts an echo server supporting Digest + * authentication, then starts a regular HTTP client to invoke it. + * The client first does a GET request on "/", then follows on + * with a POST request that sends "Hello World!" to the server. + * The client expects to receive "Hello World!" in return. + * The test supports several execution modes: + * SERVER: The server performs Digest Server authentication; + * PROXY: The server pretends to be a proxy and performs + * Digest Proxy authentication; + * SERVER307: The server redirects the client (307) to another + * server that perform Digest authentication; + * PROXY305: The server attempts to redirect + * the client to a proxy using 305 code; + * @run main/othervm HTTPTest SERVER + * @run main/othervm HTTPTest PROXY + * @run main/othervm HTTPTest SERVER307 + * @run main/othervm HTTPTest PROXY305 + * + * @author danielfuchs + */ +public class HTTPTest { + + public static final boolean DEBUG = + Boolean.parseBoolean(System.getProperty("test.debug", "false")); + public static enum HttpAuthType { SERVER, PROXY, SERVER307, PROXY305 }; + public static enum HttpProtocolType { HTTP, HTTPS }; + public static enum HttpSchemeType { NONE, BASICSERVER, BASIC, DIGEST }; + public static final HttpAuthType DEFAULT_HTTP_AUTH_TYPE = HttpAuthType.SERVER; + public static final HttpProtocolType DEFAULT_PROTOCOL_TYPE = HttpProtocolType.HTTP; + public static final HttpSchemeType DEFAULT_SCHEME_TYPE = HttpSchemeType.DIGEST; + + public static class HttpTestAuthenticator extends Authenticator { + private final String realm; + private final String username; + // Used to prevent incrementation of 'count' when calling the + // authenticator from the server side. + private final ThreadLocal skipCount = new ThreadLocal<>(); + // count will be incremented every time getPasswordAuthentication() + // is called from the client side. + final AtomicInteger count = new AtomicInteger(); + + public HttpTestAuthenticator(String realm, String username) { + this.realm = realm; + this.username = username; + } + + @Override + protected PasswordAuthentication getPasswordAuthentication() { + if (skipCount.get() == null || skipCount.get().booleanValue() == false) { + System.out.println("Authenticator called: " + count.incrementAndGet()); + } + return new PasswordAuthentication(getUserName(), + new char[] {'b','a','r'}); + } + + // Called by the server side to get the password of the user + // being authentified. + public final char[] getPassword(String user) { + if (user.equals(username)) { + skipCount.set(Boolean.TRUE); + try { + return getPasswordAuthentication().getPassword(); + } finally { + skipCount.set(Boolean.FALSE); + } + } + throw new SecurityException("User unknown: " + user); + } + + public final String getUserName() { + return username; + } + public final String getRealm() { + return realm; + } + + } + public static final HttpTestAuthenticator AUTHENTICATOR; + static { + AUTHENTICATOR = new HttpTestAuthenticator("dublin", "foox"); + Authenticator.setDefault(AUTHENTICATOR); + } + + static { + try { + HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + public boolean verify(String hostname, SSLSession session) { + return true; + } + }); + SSLContext.setDefault(new SimpleSSLContext().get()); + } catch (IOException ex) { + throw new ExceptionInInitializerError(ex); + } + } + + static final Logger logger = Logger.getLogger ("com.sun.net.httpserver"); + static { + if (DEBUG) logger.setLevel(Level.ALL); + Stream.of(Logger.getLogger("").getHandlers()) + .forEach(h -> h.setLevel(Level.ALL)); + } + + static final int EXPECTED_AUTH_CALLS_PER_TEST = 1; + + public static void main(String[] args) throws Exception { + // new HTTPTest().execute(HttpAuthType.SERVER.name()); + new HTTPTest().execute(args); + } + + public void execute(String... args) throws Exception { + Stream modes; + if (args == null || args.length == 0) { + modes = Stream.of(HttpAuthType.values()); + } else { + modes = Stream.of(args).map(HttpAuthType::valueOf); + } + modes.forEach(this::test); + System.out.println("Test PASSED - Authenticator called: " + + expected(AUTHENTICATOR.count.get())); + } + + public void test(HttpAuthType mode) { + for (HttpProtocolType type: HttpProtocolType.values()) { + test(type, mode); + } + } + + public HttpSchemeType getHttpSchemeType() { + return DEFAULT_SCHEME_TYPE; + } + + public void test(HttpProtocolType protocol, HttpAuthType mode) { + if (mode == HttpAuthType.PROXY305 && protocol == HttpProtocolType.HTTPS ) { + // silently skip unsupported test combination + return; + } + System.out.println("\n**** Testing " + protocol + " " + + mode + " mode ****\n"); + int authCount = AUTHENTICATOR.count.get(); + int expectedIncrement = 0; + try { + // Creates an HTTP server that echoes back whatever is in the + // request body. + HTTPTestServer server = + HTTPTestServer.create(protocol, + mode, + AUTHENTICATOR, + getHttpSchemeType()); + try { + expectedIncrement += run(server, protocol, mode); + } finally { + server.stop(); + } + } catch (IOException ex) { + ex.printStackTrace(System.err); + throw new UncheckedIOException(ex); + } + int count = AUTHENTICATOR.count.get(); + if (count != authCount + expectedIncrement) { + throw new AssertionError("Authenticator called " + count(count) + + " expected it to be called " + + expected(authCount + expectedIncrement)); + } + } + + /** + * Runs the test with the given parameters. + * @param server The server + * @param protocol The protocol (HTTP/HTTPS) + * @param mode The mode (PROXY, SERVER, SERVER307...) + * @return The number of times the default authenticator should have been + * called. + * @throws IOException in case of connection or protocol issues + */ + public int run(HTTPTestServer server, + HttpProtocolType protocol, + HttpAuthType mode) + throws IOException + { + // Connect to the server with a GET request, then with a + // POST that contains "Hello World!" + HTTPTestClient.connect(protocol, server, mode, null); + // return the number of times the default authenticator is supposed + // to have been called. + return EXPECTED_AUTH_CALLS_PER_TEST; + } + + public static String count(int count) { + switch(count) { + case 0: return "not even once"; + case 1: return "once"; + case 2: return "twice"; + default: return String.valueOf(count) + " times"; + } + } + + public static String expected(int count) { + switch(count) { + default: return count(count); + } + } + public static String protocol(HttpProtocolType type) { + return type.name().toLowerCase(Locale.US); + } + + public static URL url(HttpProtocolType protocol, InetSocketAddress address, + String path) throws MalformedURLException { + return new URL(protocol(protocol), + address.getHostString(), + address.getPort(), path); + } + + public static Proxy proxy(HTTPTestServer server, HttpAuthType authType) { + return (authType == HttpAuthType.PROXY) + ? new Proxy(Proxy.Type.HTTP, server.getAddress()) + : null; + } + + public static HttpURLConnection openConnection(URL url, + HttpAuthType authType, + Proxy proxy) + throws IOException { + + HttpURLConnection conn = (HttpURLConnection) + (authType == HttpAuthType.PROXY + ? url.openConnection(proxy) + : url.openConnection()); + return conn; + } +} diff --git a/jdk/test/java/net/HttpURLConnection/SetAuthenticator/HTTPTestClient.java b/jdk/test/java/net/HttpURLConnection/SetAuthenticator/HTTPTestClient.java new file mode 100644 index 00000000000..3da0a7ae2d9 --- /dev/null +++ b/jdk/test/java/net/HttpURLConnection/SetAuthenticator/HTTPTestClient.java @@ -0,0 +1,91 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import java.io.IOException; +import java.net.Authenticator; +import java.net.HttpURLConnection; +import java.net.InetSocketAddress; +import java.net.Proxy; +import java.net.URL; +import javax.net.ssl.HttpsURLConnection; + +/** + * A simple Http client that connects to the HTTPTestServer. + * @author danielfuchs + */ +public class HTTPTestClient extends HTTPTest { + + public static void connect(HttpProtocolType protocol, + HTTPTestServer server, + HttpAuthType authType, + Authenticator auth) + throws IOException { + + InetSocketAddress address = server.getAddress(); + final URL url = url(protocol, address, "/"); + final Proxy proxy = proxy(server, authType); + + System.out.println("Client: FIRST request: " + url + " GET"); + HttpURLConnection conn = openConnection(url, authType, proxy); + configure(conn, auth); + System.out.println("Response code: " + conn.getResponseCode()); + String result = new String(conn.getInputStream().readAllBytes(), "UTF-8"); + System.out.println("Response body: " + result); + if (!result.isEmpty()) { + throw new RuntimeException("Unexpected response to GET: " + result); + } + System.out.println("\nClient: NEXT request: " + url + " POST"); + conn = openConnection(url, authType, proxy); + configure(conn, auth); + conn.setRequestMethod("POST"); + conn.setDoOutput(true); + conn.setDoInput(true); + conn.getOutputStream().write("Hello World!".getBytes("UTF-8")); + System.out.println("Response code: " + conn.getResponseCode()); + result = new String(conn.getInputStream().readAllBytes(), "UTF-8"); + System.out.println("Response body: " + result); + if ("Hello World!".equals(result)) { + System.out.println("Test passed!"); + } else { + throw new RuntimeException("Unexpected response to POST: " + result); + } + } + + private static void configure(HttpURLConnection conn, Authenticator auth) + throws IOException { + if (auth != null) { + conn.setAuthenticator(auth); + } + if (conn instanceof HttpsURLConnection) { + System.out.println("Client: configuring SSL connection"); + // We have set a default SSLContext so we don't need to do + // anything here. Otherwise it could look like: + // HttpsURLConnection httpsConn = (HttpsURLConnection)conn; + // httpsConn.setSSLSocketFactory( + // new SimpleSSLContext().get().getSocketFactory()); + } + } + +} diff --git a/jdk/test/java/net/HttpURLConnection/SetAuthenticator/HTTPTestServer.java b/jdk/test/java/net/HttpURLConnection/SetAuthenticator/HTTPTestServer.java new file mode 100644 index 00000000000..6479de13700 --- /dev/null +++ b/jdk/test/java/net/HttpURLConnection/SetAuthenticator/HTTPTestServer.java @@ -0,0 +1,995 @@ +/* + * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. Oracle designates this + * particular file as subject to the "Classpath" exception as provided + * by Oracle in the LICENSE file that accompanied this code. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +import com.sun.net.httpserver.BasicAuthenticator; +import com.sun.net.httpserver.Filter; +import com.sun.net.httpserver.Headers; +import com.sun.net.httpserver.HttpContext; +import com.sun.net.httpserver.HttpExchange; +import com.sun.net.httpserver.HttpHandler; +import com.sun.net.httpserver.HttpServer; +import com.sun.net.httpserver.HttpsConfigurator; +import com.sun.net.httpserver.HttpsParameters; +import com.sun.net.httpserver.HttpsServer; +import java.io.IOException; +import java.io.InputStream; +import java.io.OutputStream; +import java.io.OutputStreamWriter; +import java.io.PrintWriter; +import java.io.Writer; +import java.math.BigInteger; +import java.net.HttpURLConnection; +import java.net.InetAddress; +import java.net.InetSocketAddress; +import java.net.MalformedURLException; +import java.net.ServerSocket; +import java.net.Socket; +import java.net.URL; +import java.security.MessageDigest; +import java.security.NoSuchAlgorithmException; +import java.time.Instant; +import java.util.Arrays; +import java.util.Base64; +import java.util.List; +import java.util.Objects; +import java.util.Random; +import java.util.stream.Collectors; +import javax.net.ssl.SSLContext; +import sun.net.www.HeaderParser; + +/** + * A simple HTTP server that supports Digest authentication. + * By default this server will echo back whatever is present + * in the request body. + * @author danielfuchs + */ +public class HTTPTestServer extends HTTPTest { + + final HttpServer serverImpl; // this server endpoint + final HTTPTestServer redirect; // the target server where to redirect 3xx + final HttpHandler delegate; // unused + + private HTTPTestServer(HttpServer server, HTTPTestServer target, + HttpHandler delegate) { + this.serverImpl = server; + this.redirect = target; + this.delegate = delegate; + } + + public static void main(String[] args) + throws IOException { + + HTTPTestServer server = create(HTTPTest.DEFAULT_PROTOCOL_TYPE, + HTTPTest.DEFAULT_HTTP_AUTH_TYPE, + HTTPTest.AUTHENTICATOR, + HTTPTest.DEFAULT_SCHEME_TYPE); + try { + System.out.println("Server created at " + server.getAddress()); + System.out.println("Strike to exit"); + System.in.read(); + } finally { + System.out.println("stopping server"); + server.stop(); + } + } + + private static String toString(Headers headers) { + return headers.entrySet().stream() + .map((e) -> e.getKey() + ": " + e.getValue()) + .collect(Collectors.joining("\n")); + } + + public static HTTPTestServer create(HttpProtocolType protocol, + HttpAuthType authType, + HttpTestAuthenticator auth, + HttpSchemeType schemeType) + throws IOException { + return create(protocol, authType, auth, schemeType, null); + } + + public static HTTPTestServer create(HttpProtocolType protocol, + HttpAuthType authType, + HttpTestAuthenticator auth, + HttpSchemeType schemeType, + HttpHandler delegate) + throws IOException { + Objects.requireNonNull(authType); + Objects.requireNonNull(auth); + switch(authType) { + // A server that performs Server Digest authentication. + case SERVER: return createServer(protocol, authType, auth, + schemeType, delegate, "/"); + // A server that pretends to be a Proxy and performs + // Proxy Digest authentication. If protocol is HTTPS, + // then this will create a HttpsProxyTunnel that will + // handle the CONNECT request for tunneling. + case PROXY: return createProxy(protocol, authType, auth, + schemeType, delegate, "/"); + // A server that sends 307 redirect to a server that performs + // Digest authentication. + // Note: 301 doesn't work here because it transforms POST into GET. + case SERVER307: return createServerAndRedirect(protocol, + HttpAuthType.SERVER, + auth, schemeType, + delegate, 307); + // A server that sends 305 redirect to a proxy that performs + // Digest authentication. + case PROXY305: return createServerAndRedirect(protocol, + HttpAuthType.PROXY, + auth, schemeType, + delegate, 305); + default: + throw new InternalError("Unknown server type: " + authType); + } + } + + static HttpServer createHttpServer(HttpProtocolType protocol) throws IOException { + switch (protocol) { + case HTTP: return HttpServer.create(); + case HTTPS: return configure(HttpsServer.create()); + default: throw new InternalError("Unsupported protocol " + protocol); + } + } + + static HttpsServer configure(HttpsServer server) throws IOException { + try { + SSLContext ctx = SSLContext.getDefault(); + server.setHttpsConfigurator(new Configurator(ctx)); + } catch (NoSuchAlgorithmException ex) { + throw new IOException(ex); + } + return server; + } + + + static void setContextAuthenticator(HttpContext ctxt, + HttpTestAuthenticator auth) { + final String realm = auth.getRealm(); + com.sun.net.httpserver.Authenticator authenticator = + new BasicAuthenticator(realm) { + @Override + public boolean checkCredentials(String username, String pwd) { + return auth.getUserName().equals(username) + && new String(auth.getPassword(username)).equals(pwd); + } + }; + ctxt.setAuthenticator(authenticator); + } + + public static HTTPTestServer createServer(HttpProtocolType protocol, + HttpAuthType authType, + HttpTestAuthenticator auth, + HttpSchemeType schemeType, + HttpHandler delegate, + String path) + throws IOException { + Objects.requireNonNull(authType); + Objects.requireNonNull(auth); + + HttpServer impl = createHttpServer(protocol); + final HTTPTestServer server = new HTTPTestServer(impl, null, delegate); + final HttpHandler hh = server.createHandler(schemeType, auth, authType); + HttpContext ctxt = impl.createContext(path, hh); + server.configureAuthentication(ctxt, schemeType, auth, authType); + impl.bind(new InetSocketAddress("127.0.0.1", 0), 0); + impl.start(); + return server; + } + + public static HTTPTestServer createProxy(HttpProtocolType protocol, + HttpAuthType authType, + HttpTestAuthenticator auth, + HttpSchemeType schemeType, + HttpHandler delegate, + String path) + throws IOException { + Objects.requireNonNull(authType); + Objects.requireNonNull(auth); + + HttpServer impl = createHttpServer(protocol); + final HTTPTestServer server = protocol == HttpProtocolType.HTTPS + ? new HttpsProxyTunnel(impl, null, delegate) + : new HTTPTestServer(impl, null, delegate); + final HttpHandler hh = server.createHandler(schemeType, auth, authType); + HttpContext ctxt = impl.createContext(path, hh); + server.configureAuthentication(ctxt, schemeType, auth, authType); + + impl.bind(new InetSocketAddress("127.0.0.1", 0), 0); + impl.start(); + + return server; + } + + public static HTTPTestServer createServerAndRedirect( + HttpProtocolType protocol, + HttpAuthType targetAuthType, + HttpTestAuthenticator auth, + HttpSchemeType schemeType, + HttpHandler targetDelegate, + int code300) + throws IOException { + Objects.requireNonNull(targetAuthType); + Objects.requireNonNull(auth); + + // The connection between client and proxy can only + // be a plain connection: SSL connection to proxy + // is not supported by our client connection. + HttpProtocolType targetProtocol = targetAuthType == HttpAuthType.PROXY + ? HttpProtocolType.HTTP + : protocol; + HTTPTestServer redirectTarget = + (targetAuthType == HttpAuthType.PROXY) + ? createProxy(protocol, targetAuthType, + auth, schemeType, targetDelegate, "/") + : createServer(targetProtocol, targetAuthType, + auth, schemeType, targetDelegate, "/"); + HttpServer impl = createHttpServer(protocol); + final HTTPTestServer redirectingServer = + new HTTPTestServer(impl, redirectTarget, null); + InetSocketAddress redirectAddr = redirectTarget.getAddress(); + URL locationURL = url(targetProtocol, redirectAddr, "/"); + final HttpHandler hh = redirectingServer.create300Handler(locationURL, + HttpAuthType.SERVER, code300); + impl.createContext("/", hh); + impl.bind(new InetSocketAddress("127.0.0.1", 0), 0); + impl.start(); + return redirectingServer; + } + + public InetSocketAddress getAddress() { + return serverImpl.getAddress(); + } + + public void stop() { + serverImpl.stop(0); + if (redirect != null) { + redirect.stop(); + } + } + + protected void writeResponse(HttpExchange he) throws IOException { + if (delegate == null) { + he.sendResponseHeaders(HttpURLConnection.HTTP_OK, 0); + he.getResponseBody().write(he.getRequestBody().readAllBytes()); + } else { + delegate.handle(he); + } + } + + private HttpHandler createHandler(HttpSchemeType schemeType, + HttpTestAuthenticator auth, + HttpAuthType authType) { + return new HttpNoAuthHandler(authType); + } + + private void configureAuthentication(HttpContext ctxt, + HttpSchemeType schemeType, + HttpTestAuthenticator auth, + HttpAuthType authType) { + switch(schemeType) { + case DIGEST: + // DIGEST authentication is handled by the handler. + ctxt.getFilters().add(new HttpDigestFilter(auth, authType)); + break; + case BASIC: + // BASIC authentication is handled by the filter. + ctxt.getFilters().add(new HttpBasicFilter(auth, authType)); + break; + case BASICSERVER: + switch(authType) { + case PROXY: case PROXY305: + // HttpServer can't support Proxy-type authentication + // => we do as if BASIC had been specified, and we will + // handle authentication in the handler. + ctxt.getFilters().add(new HttpBasicFilter(auth, authType)); + break; + case SERVER: case SERVER307: + // Basic authentication is handled by HttpServer + // directly => the filter should not perform + // authentication again. + setContextAuthenticator(ctxt, auth); + ctxt.getFilters().add(new HttpNoAuthFilter(authType)); + break; + default: + throw new InternalError("Invalid combination scheme=" + + schemeType + " authType=" + authType); + } + case NONE: + // No authentication at all. + ctxt.getFilters().add(new HttpNoAuthFilter(authType)); + break; + default: + throw new InternalError("No such scheme: " + schemeType); + } + } + + private HttpHandler create300Handler(URL proxyURL, + HttpAuthType type, int code300) throws MalformedURLException { + return new Http3xxHandler(proxyURL, type, code300); + } + + // Abstract HTTP filter class. + private abstract static class AbstractHttpFilter extends Filter { + + final HttpAuthType authType; + final String type; + public AbstractHttpFilter(HttpAuthType authType, String type) { + this.authType = authType; + this.type = type; + } + + String getLocation() { + return "Location"; + } + String getAuthenticate() { + return authType == HttpAuthType.PROXY + ? "Proxy-Authenticate" : "WWW-Authenticate"; + } + String getAuthorization() { + return authType == HttpAuthType.PROXY + ? "Proxy-Authorization" : "Authorization"; + } + int getUnauthorizedCode() { + return authType == HttpAuthType.PROXY + ? HttpURLConnection.HTTP_PROXY_AUTH + : HttpURLConnection.HTTP_UNAUTHORIZED; + } + String getKeepAlive() { + return "keep-alive"; + } + String getConnection() { + return authType == HttpAuthType.PROXY + ? "Proxy-Connection" : "Connection"; + } + protected abstract boolean isAuthentified(HttpExchange he) throws IOException; + protected abstract void requestAuthentication(HttpExchange he) throws IOException; + protected void accept(HttpExchange he, Chain chain) throws IOException { + chain.doFilter(he); + } + + @Override + public String description() { + return "Filter for " + type; + } + @Override + public void doFilter(HttpExchange he, Chain chain) throws IOException { + try { + System.out.println(type + ": Got " + he.getRequestMethod() + + ": " + he.getRequestURI() + + "\n" + HTTPTestServer.toString(he.getRequestHeaders())); + if (!isAuthentified(he)) { + try { + requestAuthentication(he); + he.sendResponseHeaders(getUnauthorizedCode(), 0); + System.out.println(type + + ": Sent back " + getUnauthorizedCode()); + } finally { + he.close(); + } + } else { + accept(he, chain); + } + } catch (RuntimeException | Error | IOException t) { + System.err.println(type + + ": Unexpected exception while handling request: " + t); + t.printStackTrace(System.err); + he.close(); + throw t; + } + } + + } + + private final static class DigestResponse { + final String realm; + final String username; + final String nonce; + final String cnonce; + final String nc; + final String uri; + final String algorithm; + final String response; + final String qop; + final String opaque; + + public DigestResponse(String realm, String username, String nonce, + String cnonce, String nc, String uri, + String algorithm, String qop, String opaque, + String response) { + this.realm = realm; + this.username = username; + this.nonce = nonce; + this.cnonce = cnonce; + this.nc = nc; + this.uri = uri; + this.algorithm = algorithm; + this.qop = qop; + this.opaque = opaque; + this.response = response; + } + + String getAlgorithm(String defval) { + return algorithm == null ? defval : algorithm; + } + String getQoP(String defval) { + return qop == null ? defval : qop; + } + + // Code stolen from DigestAuthentication: + + private static final char charArray[] = { + '0', '1', '2', '3', '4', '5', '6', '7', + '8', '9', 'a', 'b', 'c', 'd', 'e', 'f' + }; + + private static String encode(String src, char[] passwd, MessageDigest md) { + try { + md.update(src.getBytes("ISO-8859-1")); + } catch (java.io.UnsupportedEncodingException uee) { + assert false; + } + if (passwd != null) { + byte[] passwdBytes = new byte[passwd.length]; + for (int i=0; i>> 4) & 0xf); + res.append(charArray[hashchar]); + hashchar = (digest[i] & 0xf); + res.append(charArray[hashchar]); + } + return res.toString(); + } + + public static String computeDigest(boolean isRequest, + String reqMethod, + char[] password, + DigestResponse params) + throws NoSuchAlgorithmException + { + + String A1, HashA1; + String algorithm = params.getAlgorithm("MD5"); + boolean md5sess = algorithm.equalsIgnoreCase ("MD5-sess"); + + MessageDigest md = MessageDigest.getInstance(md5sess?"MD5":algorithm); + + if (params.username == null) { + throw new IllegalArgumentException("missing username"); + } + if (params.realm == null) { + throw new IllegalArgumentException("missing realm"); + } + if (params.uri == null) { + throw new IllegalArgumentException("missing uri"); + } + if (params.nonce == null) { + throw new IllegalArgumentException("missing nonce"); + } + + A1 = params.username + ":" + params.realm + ":"; + HashA1 = encode(A1, password, md); + + String A2; + if (isRequest) { + A2 = reqMethod + ":" + params.uri; + } else { + A2 = ":" + params.uri; + } + String HashA2 = encode(A2, null, md); + String combo, finalHash; + + if ("auth".equals(params.qop)) { /* RRC2617 when qop=auth */ + if (params.cnonce == null) { + throw new IllegalArgumentException("missing nonce"); + } + if (params.nc == null) { + throw new IllegalArgumentException("missing nonce"); + } + combo = HashA1+ ":" + params.nonce + ":" + params.nc + ":" + + params.cnonce + ":auth:" +HashA2; + + } else { /* for compatibility with RFC2069 */ + combo = HashA1 + ":" + + params.nonce + ":" + + HashA2; + } + finalHash = encode(combo, null, md); + return finalHash; + } + + public static DigestResponse create(String raw) { + String username, realm, nonce, nc, uri, response, cnonce, + algorithm, qop, opaque; + HeaderParser parser = new HeaderParser(raw); + username = parser.findValue("username"); + realm = parser.findValue("realm"); + nonce = parser.findValue("nonce"); + nc = parser.findValue("nc"); + uri = parser.findValue("uri"); + cnonce = parser.findValue("cnonce"); + response = parser.findValue("response"); + algorithm = parser.findValue("algorithm"); + qop = parser.findValue("qop"); + opaque = parser.findValue("opaque"); + return new DigestResponse(realm, username, nonce, cnonce, nc, uri, + algorithm, qop, opaque, response); + } + + } + + private class HttpNoAuthFilter extends AbstractHttpFilter { + + public HttpNoAuthFilter(HttpAuthType authType) { + super(authType, authType == HttpAuthType.SERVER + ? "NoAuth Server" : "NoAuth Proxy"); + } + + @Override + protected boolean isAuthentified(HttpExchange he) throws IOException { + return true; + } + + @Override + protected void requestAuthentication(HttpExchange he) throws IOException { + throw new InternalError("Should not com here"); + } + + @Override + public String description() { + return "Passthrough Filter"; + } + + } + + // An HTTP Filter that performs Basic authentication + private class HttpBasicFilter extends AbstractHttpFilter { + + private final HttpTestAuthenticator auth; + public HttpBasicFilter(HttpTestAuthenticator auth, HttpAuthType authType) { + super(authType, authType == HttpAuthType.SERVER + ? "Basic Server" : "Basic Proxy"); + this.auth = auth; + } + + @Override + protected void requestAuthentication(HttpExchange he) + throws IOException { + he.getResponseHeaders().add(getAuthenticate(), + "Basic realm=\"" + auth.getRealm() + "\""); + System.out.println(type + ": Requesting Basic Authentication " + + he.getResponseHeaders().getFirst(getAuthenticate())); + } + + @Override + protected boolean isAuthentified(HttpExchange he) { + if (he.getRequestHeaders().containsKey(getAuthorization())) { + List authorization = + he.getRequestHeaders().get(getAuthorization()); + for (String a : authorization) { + System.out.println(type + ": processing " + a); + int sp = a.indexOf(' '); + if (sp < 0) return false; + String scheme = a.substring(0, sp); + if (!"Basic".equalsIgnoreCase(scheme)) { + System.out.println(type + ": Unsupported scheme '" + + scheme +"'"); + return false; + } + if (a.length() <= sp+1) { + System.out.println(type + ": value too short for '" + + scheme +"'"); + return false; + } + a = a.substring(sp+1); + return validate(a); + } + return false; + } + return false; + } + + boolean validate(String a) { + byte[] b = Base64.getDecoder().decode(a); + String userpass = new String (b); + int colon = userpass.indexOf (':'); + String uname = userpass.substring (0, colon); + String pass = userpass.substring (colon+1); + return auth.getUserName().equals(uname) && + new String(auth.getPassword(uname)).equals(pass); + } + + @Override + public String description() { + return "Filter for " + type; + } + + } + + + // An HTTP Filter that performs Digest authentication + private class HttpDigestFilter extends AbstractHttpFilter { + + // This is a very basic DIGEST - used only for the purpose of testing + // the client implementation. Therefore we can get away with never + // updating the server nonce as it makes the implementation of the + // server side digest simpler. + private final HttpTestAuthenticator auth; + private final byte[] nonce; + private final String ns; + public HttpDigestFilter(HttpTestAuthenticator auth, HttpAuthType authType) { + super(authType, authType == HttpAuthType.SERVER + ? "Digest Server" : "Digest Proxy"); + this.auth = auth; + nonce = new byte[16]; + new Random(Instant.now().toEpochMilli()).nextBytes(nonce); + ns = new BigInteger(1, nonce).toString(16); + } + + @Override + protected void requestAuthentication(HttpExchange he) + throws IOException { + he.getResponseHeaders().add(getAuthenticate(), + "Digest realm=\"" + auth.getRealm() + "\"," + + "\r\n qop=\"auth\"," + + "\r\n nonce=\"" + ns +"\""); + System.out.println(type + ": Requesting Digest Authentication " + + he.getResponseHeaders().getFirst(getAuthenticate())); + } + + @Override + protected boolean isAuthentified(HttpExchange he) { + if (he.getRequestHeaders().containsKey(getAuthorization())) { + List authorization = he.getRequestHeaders().get(getAuthorization()); + for (String a : authorization) { + System.out.println(type + ": processing " + a); + int sp = a.indexOf(' '); + if (sp < 0) return false; + String scheme = a.substring(0, sp); + if (!"Digest".equalsIgnoreCase(scheme)) { + System.out.println(type + ": Unsupported scheme '" + scheme +"'"); + return false; + } + if (a.length() <= sp+1) { + System.out.println(type + ": value too short for '" + scheme +"'"); + return false; + } + a = a.substring(sp+1); + DigestResponse dgr = DigestResponse.create(a); + return validate(he.getRequestMethod(), dgr); + } + return false; + } + return false; + } + + boolean validate(String reqMethod, DigestResponse dg) { + if (!"MD5".equalsIgnoreCase(dg.getAlgorithm("MD5"))) { + System.out.println(type + ": Unsupported algorithm " + + dg.algorithm); + return false; + } + if (!"auth".equalsIgnoreCase(dg.getQoP("auth"))) { + System.out.println(type + ": Unsupported qop " + + dg.qop); + return false; + } + try { + if (!dg.nonce.equals(ns)) { + System.out.println(type + ": bad nonce returned by client: " + + nonce + " expected " + ns); + return false; + } + if (dg.response == null) { + System.out.println(type + ": missing digest response."); + return false; + } + char[] pa = auth.getPassword(dg.username); + return verify(reqMethod, dg, pa); + } catch(IllegalArgumentException | SecurityException + | NoSuchAlgorithmException e) { + System.out.println(type + ": " + e.getMessage()); + return false; + } + } + + boolean verify(String reqMethod, DigestResponse dg, char[] pw) + throws NoSuchAlgorithmException { + String response = DigestResponse.computeDigest(true, reqMethod, pw, dg); + if (!dg.response.equals(response)) { + System.out.println(type + ": bad response returned by client: " + + dg.response + " expected " + response); + return false; + } else { + System.out.println(type + ": verified response " + response); + } + return true; + } + + @Override + public String description() { + return "Filter for DIGEST authentication"; + } + } + + // Abstract HTTP handler class. + private abstract static class AbstractHttpHandler implements HttpHandler { + + final HttpAuthType authType; + final String type; + public AbstractHttpHandler(HttpAuthType authType, String type) { + this.authType = authType; + this.type = type; + } + + String getLocation() { + return "Location"; + } + + @Override + public void handle(HttpExchange he) throws IOException { + try { + sendResponse(he); + } catch (RuntimeException | Error | IOException t) { + System.err.println(type + + ": Unexpected exception while handling request: " + t); + t.printStackTrace(System.err); + throw t; + } finally { + he.close(); + } + } + + protected abstract void sendResponse(HttpExchange he) throws IOException; + + } + + private class HttpNoAuthHandler extends AbstractHttpHandler { + + public HttpNoAuthHandler(HttpAuthType authType) { + super(authType, authType == HttpAuthType.SERVER + ? "NoAuth Server" : "NoAuth Proxy"); + } + + @Override + protected void sendResponse(HttpExchange he) throws IOException { + HTTPTestServer.this.writeResponse(he); + } + + } + + // A dummy HTTP Handler that redirects all incoming requests + // by sending a back 3xx response code (301, 305, 307 etc..) + private class Http3xxHandler extends AbstractHttpHandler { + + private final URL redirectTargetURL; + private final int code3XX; + public Http3xxHandler(URL proxyURL, HttpAuthType authType, int code300) { + super(authType, "Server" + code300); + this.redirectTargetURL = proxyURL; + this.code3XX = code300; + } + + int get3XX() { + return code3XX; + } + + @Override + public void sendResponse(HttpExchange he) throws IOException { + System.out.println(type + ": Got " + he.getRequestMethod() + + ": " + he.getRequestURI() + + "\n" + HTTPTestServer.toString(he.getRequestHeaders())); + System.out.println(type + ": Redirecting to " + + (authType == HttpAuthType.PROXY305 + ? "proxy" : "server")); + he.getResponseHeaders().add(getLocation(), + redirectTargetURL.toExternalForm().toString()); + he.sendResponseHeaders(get3XX(), 0); + System.out.println(type + ": Sent back " + get3XX() + " " + + getLocation() + ": " + redirectTargetURL.toExternalForm().toString()); + } + } + + static class Configurator extends HttpsConfigurator { + public Configurator(SSLContext ctx) { + super(ctx); + } + + @Override + public void configure (HttpsParameters params) { + params.setSSLParameters (getSSLContext().getSupportedSSLParameters()); + } + } + + // This is a bit hacky: HttpsProxyTunnel is an HTTPTestServer hidden + // behind a fake proxy that only understands CONNECT requests. + // The fake proxy is just a server socket that intercept the + // CONNECT and then redirect streams to the real server. + static class HttpsProxyTunnel extends HTTPTestServer + implements Runnable { + + final ServerSocket ss; + public HttpsProxyTunnel(HttpServer server, HTTPTestServer target, + HttpHandler delegate) + throws IOException { + super(server, target, delegate); + System.out.flush(); + System.err.println("WARNING: HttpsProxyTunnel is an experimental test class"); + ss = new ServerSocket(0, 0, InetAddress.getByName("127.0.0.1")); + start(); + } + + final void start() throws IOException { + Thread t = new Thread(this, "ProxyThread"); + t.setDaemon(true); + t.start(); + } + + @Override + public void stop() { + super.stop(); + try { + ss.close(); + } catch (IOException ex) { + if (DEBUG) ex.printStackTrace(System.out); + } + } + + // Pipe the input stream to the output stream. + private synchronized Thread pipe(InputStream is, OutputStream os, char tag) { + return new Thread("TunnelPipe("+tag+")") { + @Override + public void run() { + try { + try { + int c; + while ((c = is.read()) != -1) { + os.write(c); + os.flush(); + // if DEBUG prints a + or a - for each transferred + // character. + if (DEBUG) System.out.print(tag); + } + is.close(); + } finally { + os.close(); + } + } catch (IOException ex) { + if (DEBUG) ex.printStackTrace(System.out); + } + } + }; + } + + @Override + public InetSocketAddress getAddress() { + return new InetSocketAddress(ss.getInetAddress(), ss.getLocalPort()); + } + + // This is a bit shaky. It doesn't handle continuation + // lines, but our client shouldn't send any. + // Read a line from the input stream, swallowing the final + // \r\n sequence. Stops at the first \n, doesn't complain + // if it wasn't preceded by '\r'. + // + String readLine(InputStream r) throws IOException { + StringBuilder b = new StringBuilder(); + int c; + while ((c = r.read()) != -1) { + if (c == '\n') break; + b.appendCodePoint(c); + } + if (b.codePointAt(b.length() -1) == '\r') { + b.delete(b.length() -1, b.length()); + } + return b.toString(); + } + + @Override + public void run() { + Socket clientConnection = null; + try { + while (true) { + System.out.println("Tunnel: Waiting for client"); + Socket previous = clientConnection; + try { + clientConnection = ss.accept(); + } catch (IOException io) { + if (DEBUG) io.printStackTrace(System.out); + break; + } finally { + // close the previous connection + if (previous != null) previous.close(); + } + System.out.println("Tunnel: Client accepted"); + Socket targetConnection = null; + InputStream ccis = clientConnection.getInputStream(); + OutputStream ccos = clientConnection.getOutputStream(); + Writer w = new OutputStreamWriter( + clientConnection.getOutputStream(), "UTF-8"); + PrintWriter pw = new PrintWriter(w); + System.out.println("Tunnel: Reading request line"); + String requestLine = readLine(ccis); + System.out.println("Tunnel: Request line: " + requestLine); + if (requestLine.startsWith("CONNECT ")) { + // We should probably check that the next word following + // CONNECT is the host:port of our HTTPS serverImpl. + // Some improvement for a followup! + + // Read all headers until we find the empty line that + // signals the end of all headers. + while(!requestLine.equals("")) { + System.out.println("Tunnel: Reading header: " + + (requestLine = readLine(ccis))); + } + + targetConnection = new Socket( + serverImpl.getAddress().getAddress(), + serverImpl.getAddress().getPort()); + + // Then send the 200 OK response to the client + System.out.println("Tunnel: Sending " + + "HTTP/1.1 200 OK\r\n\r\n"); + pw.print("HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n"); + pw.flush(); + } else { + // This should not happen. If it does let our serverImpl + // deal with it. + throw new IOException("Tunnel: Unexpected status line: " + + requestLine); + } + + // Pipe the input stream of the client connection to the + // output stream of the target connection and conversely. + // Now the client and target will just talk to each other. + System.out.println("Tunnel: Starting tunnel pipes"); + Thread t1 = pipe(ccis, targetConnection.getOutputStream(), '+'); + Thread t2 = pipe(targetConnection.getInputStream(), ccos, '-'); + t1.start(); + t2.start(); + + // We have only 1 client... wait until it has finished before + // accepting a new connection request. + t1.join(); + t2.join(); + } + } catch (Throwable ex) { + try { + ss.close(); + } catch (IOException ex1) { + ex.addSuppressed(ex1); + } + ex.printStackTrace(System.err); + } + } + + } +} diff --git a/jdk/test/java/net/HttpURLConnection/getResponseCode.java b/jdk/test/java/net/HttpURLConnection/getResponseCode.java index eb6a64dc0c6..4eca0d5ea1a 100644 --- a/jdk/test/java/net/HttpURLConnection/getResponseCode.java +++ b/jdk/test/java/net/HttpURLConnection/getResponseCode.java @@ -24,6 +24,8 @@ /* * @test * @bug 4666195 + * @build getResponseCode + * @run main getResponseCode * @summary REGRESSION: HttpURLConnection.getResponseCode() returns always -1 */ import java.net.*;