1 /*
   2  * Copyright 1995-2003 Sun Microsystems, Inc.  All Rights Reserved.
   3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
   4  *
   5  * This code is free software; you can redistribute it and/or modify it
   6  * under the terms of the GNU General Public License version 2 only, as
   7  * published by the Free Software Foundation.  Sun designates this
   8  * particular file as subject to the "Classpath" exception as provided
   9  * by Sun in the LICENSE file that accompanied this code.
  10  *
  11  * This code is distributed in the hope that it will be useful, but WITHOUT
  12  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
  13  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
  14  * version 2 for more details (a copy is included in the LICENSE file that
  15  * accompanied this code).
  16  *
  17  * You should have received a copy of the GNU General Public License version
  18  * 2 along with this work; if not, write to the Free Software Foundation,
  19  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
  20  *
  21  * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,
  22  * CA 95054 USA or visit www.sun.com if you need additional information or
  23  * have any questions.
  24  */
  25 
  26 package sun.net.www.protocol.http;
  27 
  28 import java.io.*;
  29 import java.net.*;
  30 import java.util.Hashtable;
  31 import java.util.LinkedList;
  32 import java.util.ListIterator;
  33 import java.util.Enumeration;
  34 import java.util.HashMap;
  35 
  36 import sun.net.www.HeaderParser;
  37 
  38 
  39 /**
  40  * AuthenticationInfo: Encapsulate the information needed to
  41  * authenticate a user to a server.
  42  *
  43  * @author Jon Payne
  44  * @author Herb Jellinek
  45  * @author Bill Foote
  46  */
  47 // REMIND:  It would be nice if this class understood about partial matching.
  48 //      If you're authorized for foo.com, chances are high you're also
  49 //      authorized for baz.foo.com.
  50 // NB:  When this gets implemented, be careful about the uncaching
  51 //      policy in HttpURLConnection.  A failure on baz.foo.com shouldn't
  52 //      uncache foo.com!
  53 
  54 abstract class AuthenticationInfo extends AuthCacheValue implements Cloneable {
  55 
  56     // Constants saying what kind of authroization this is.  This determines
  57     // the namespace in the hash table lookup.
  58     static final char SERVER_AUTHENTICATION = 's';
  59     static final char PROXY_AUTHENTICATION = 'p';
  60 
  61     /**
  62      * If true, then simultaneous authentication requests to the same realm/proxy
  63      * are serialized, in order to avoid a user having to type the same username/passwords
  64      * repeatedly, via the Authenticator. Default is false, which means that this
  65      * behavior is switched off.
  66      */
  67     static boolean serializeAuth;
  68 
  69     static {
  70         serializeAuth = java.security.AccessController.doPrivileged(
  71             new sun.security.action.GetBooleanAction(
  72                 "http.auth.serializeRequests")).booleanValue();
  73     }
  74 
  75     /* AuthCacheValue: */
  76 
  77     transient protected PasswordAuthentication pw;
  78 
  79     public PasswordAuthentication credentials() {
  80         return pw;
  81     }
  82 
  83     public AuthCacheValue.Type getAuthType() {
  84         return type == SERVER_AUTHENTICATION ?
  85             AuthCacheValue.Type.Server:
  86             AuthCacheValue.Type.Proxy;
  87     }
  88 
  89     AuthScheme getAuthScheme() {
  90         return authScheme;
  91     }
  92 
  93     public String getHost() {
  94         return host;
  95     }
  96     public int getPort() {
  97         return port;
  98     }
  99     public String getRealm() {
 100         return realm;
 101     }
 102     public String getPath() {
 103         return path;
 104     }
 105     public String getProtocolScheme() {
 106         return protocol;
 107     }
 108 
 109     /**
 110      * requests is used to ensure that interaction with the
 111      * Authenticator for a particular realm is single threaded.
 112      * ie. if multiple threads need to get credentials from the user
 113      * at the same time, then all but the first will block until
 114      * the first completes its authentication.
 115      */
 116     static private HashMap requests = new HashMap ();
 117 
 118     /* check if a request for this destination is in progress
 119      * return false immediately if not. Otherwise block until
 120      * request is finished and return true
 121      */
 122     static private boolean requestIsInProgress (String key) {
 123         if (!serializeAuth) {
 124             /* behavior is disabled. Revert to concurrent requests */
 125             return false;
 126         }
 127         synchronized (requests) {
 128             Thread t, c;
 129             c = Thread.currentThread();
 130             if ((t=(Thread)requests.get(key))==null) {
 131                 requests.put (key, c);
 132                 return false;
 133             }
 134             if (t == c) {
 135                 return false;
 136             }
 137             while (requests.containsKey(key)) {
 138                 try {
 139                     requests.wait ();
 140                 } catch (InterruptedException e) {}
 141             }
 142         }
 143         /* entry may be in cache now. */
 144         return true;
 145     }
 146 
 147     /* signal completion of an authentication (whether it succeeded or not)
 148      * so that other threads can continue.
 149      */
 150     static private void requestCompleted (String key) {
 151         synchronized (requests) {
 152             boolean waspresent = requests.remove (key) != null;
 153             assert waspresent;
 154             requests.notifyAll();
 155         }
 156     }
 157 
 158     //public String toString () {
 159         //return ("{"+type+":"+authScheme+":"+protocol+":"+host+":"+port+":"+realm+":"+path+"}");
 160     //}
 161 
 162     // REMIND:  This cache just grows forever.  We should put in a bounded
 163     //          cache, or maybe something using WeakRef's.
 164 
 165     /** The type (server/proxy) of authentication this is.  Used for key lookup */
 166     char type;
 167 
 168     /** The authentication scheme (basic/digest). Also used for key lookup */
 169     AuthScheme authScheme;
 170 
 171     /** The protocol/scheme (i.e. http or https ). Need to keep the caches
 172      *  logically separate for the two protocols. This field is only used
 173      *  when constructed with a URL (the normal case for server authentication)
 174      *  For proxy authentication the protocol is not relevant.
 175      */
 176     String protocol;
 177 
 178     /** The host we're authenticating against. */
 179     String host;
 180 
 181     /** The port on the host we're authenticating against. */
 182     int port;
 183 
 184     /** The realm we're authenticating against. */
 185     String realm;
 186 
 187     /** The shortest path from the URL we authenticated against. */
 188     String path;
 189 
 190     /** Use this constructor only for proxy entries */
 191     AuthenticationInfo(char type, AuthScheme authScheme, String host, int port, String realm) {
 192         this.type = type;
 193         this.authScheme = authScheme;
 194         this.protocol = "";
 195         this.host = host.toLowerCase();
 196         this.port = port;
 197         this.realm = realm;
 198         this.path = null;
 199     }
 200 
 201     public Object clone() {
 202         try {
 203             return super.clone ();
 204         } catch (CloneNotSupportedException e) {
 205             // Cannot happen because Cloneable implemented by AuthenticationInfo
 206             return null;
 207         }
 208     }
 209 
 210     /*
 211      * Constructor used to limit the authorization to the path within
 212      * the URL. Use this constructor for origin server entries.
 213      */
 214     AuthenticationInfo(char type, AuthScheme authScheme, URL url, String realm) {
 215         this.type = type;
 216         this.authScheme = authScheme;
 217         this.protocol = url.getProtocol().toLowerCase();
 218         this.host = url.getHost().toLowerCase();
 219         this.port = url.getPort();
 220         if (this.port == -1) {
 221             this.port = url.getDefaultPort();
 222         }
 223         this.realm = realm;
 224 
 225         String urlPath = url.getPath();
 226         if (urlPath.length() == 0)
 227             this.path = urlPath;
 228         else {
 229             this.path = reducePath (urlPath);
 230         }
 231 
 232     }
 233 
 234     /*
 235      * reduce the path to the root of where we think the
 236      * authorization begins. This could get shorter as
 237      * the url is traversed up following a successful challenge.
 238      */
 239     static String reducePath (String urlPath) {
 240         int sepIndex = urlPath.lastIndexOf('/');
 241         int targetSuffixIndex = urlPath.lastIndexOf('.');
 242         if (sepIndex != -1)
 243             if (sepIndex < targetSuffixIndex)
 244                 return urlPath.substring(0, sepIndex+1);
 245             else
 246                 return urlPath;
 247         else
 248             return urlPath;
 249     }
 250 
 251     /**
 252      * Returns info for the URL, for an HTTP server auth.  Used when we
 253      * don't yet know the realm
 254      * (i.e. when we're preemptively setting the auth).
 255      */
 256     static AuthenticationInfo getServerAuth(URL url) {
 257         int port = url.getPort();
 258         if (port == -1) {
 259             port = url.getDefaultPort();
 260         }
 261         String key = SERVER_AUTHENTICATION + ":" + url.getProtocol().toLowerCase()
 262                 + ":" + url.getHost().toLowerCase() + ":" + port;
 263         return getAuth(key, url);
 264     }
 265 
 266     /**
 267      * Returns info for the URL, for an HTTP server auth.  Used when we
 268      * do know the realm (i.e. when we're responding to a challenge).
 269      * In this case we do not use the path because the protection space
 270      * is identified by the host:port:realm only
 271      */
 272     static AuthenticationInfo getServerAuth(URL url, String realm, AuthScheme scheme) {
 273         int port = url.getPort();
 274         if (port == -1) {
 275             port = url.getDefaultPort();
 276         }
 277         String key = SERVER_AUTHENTICATION + ":" + scheme + ":" + url.getProtocol().toLowerCase()
 278                      + ":" + url.getHost().toLowerCase() + ":" + port + ":" + realm;
 279         AuthenticationInfo cached = getAuth(key, null);
 280         if ((cached == null) && requestIsInProgress (key)) {
 281             /* check the cache again, it might contain an entry */
 282             cached = getAuth(key, null);
 283         }
 284         return cached;
 285     }
 286 
 287 
 288     /**
 289      * Return the AuthenticationInfo object from the cache if it's path is
 290      * a substring of the supplied URLs path.
 291      */
 292     static AuthenticationInfo getAuth(String key, URL url) {
 293         if (url == null) {
 294             return (AuthenticationInfo)cache.get (key, null);
 295         } else {
 296             return (AuthenticationInfo)cache.get (key, url.getPath());
 297         }
 298     }
 299 
 300     /**
 301      * Returns a firewall authentication, for the given host/port.  Used
 302      * for preemptive header-setting. Note, the protocol field is always
 303      * blank for proxies.
 304      */
 305     static AuthenticationInfo getProxyAuth(String host, int port) {
 306         String key = PROXY_AUTHENTICATION + "::" + host.toLowerCase() + ":" + port;
 307         AuthenticationInfo result = (AuthenticationInfo) cache.get(key, null);
 308         return result;
 309     }
 310 
 311     /**
 312      * Returns a firewall authentication, for the given host/port and realm.
 313      * Used in response to a challenge. Note, the protocol field is always
 314      * blank for proxies.
 315      */
 316     static AuthenticationInfo getProxyAuth(String host, int port, String realm, AuthScheme scheme) {
 317         String key = PROXY_AUTHENTICATION + ":" + scheme + "::" + host.toLowerCase()
 318                         + ":" + port + ":" + realm;
 319         AuthenticationInfo cached = (AuthenticationInfo) cache.get(key, null);
 320         if ((cached == null) && requestIsInProgress (key)) {
 321             /* check the cache again, it might contain an entry */
 322             cached = (AuthenticationInfo) cache.get(key, null);
 323         }
 324         return cached;
 325     }
 326 
 327 
 328     /**
 329      * Add this authentication to the cache
 330      */
 331     void addToCache() {
 332         cache.put (cacheKey(true), this);
 333         if (supportsPreemptiveAuthorization()) {
 334             cache.put (cacheKey(false), this);
 335         }
 336         endAuthRequest();
 337     }
 338 
 339     void endAuthRequest () {
 340         if (!serializeAuth) {
 341             return;
 342         }
 343         synchronized (requests) {
 344             requestCompleted (cacheKey(true));
 345         }
 346     }
 347 
 348     /**
 349      * Remove this authentication from the cache
 350      */
 351     void removeFromCache() {
 352         cache.remove(cacheKey(true), this);
 353         if (supportsPreemptiveAuthorization()) {
 354             cache.remove(cacheKey(false), this);
 355         }
 356     }
 357 
 358     /**
 359      * @return true if this authentication supports preemptive authorization
 360      */
 361     abstract boolean supportsPreemptiveAuthorization();
 362 
 363     /**
 364      * @return the name of the HTTP header this authentication wants set.
 365      *          This is used for preemptive authorization.
 366      */
 367     abstract String getHeaderName();
 368 
 369     /**
 370      * Calculates and returns the authentication header value based
 371      * on the stored authentication parameters. If the calculation does not depend
 372      * on the URL or the request method then these parameters are ignored.
 373      * @param url The URL
 374      * @param method The request method
 375      * @return the value of the HTTP header this authentication wants set.
 376      *          Used for preemptive authorization.
 377      */
 378     abstract String getHeaderValue(URL url, String method);
 379 
 380     /**
 381      * Set header(s) on the given connection.  Subclasses must override
 382      * This will only be called for
 383      * definitive (i.e. non-preemptive) authorization.
 384      * @param conn The connection to apply the header(s) to
 385      * @param p A source of header values for this connection, if needed.
 386      * @param raw The raw header field (if needed)
 387      * @return true if all goes well, false if no headers were set.
 388      */
 389     abstract boolean setHeaders(HttpURLConnection conn, HeaderParser p, String raw);
 390 
 391     /**
 392      * Check if the header indicates that the current auth. parameters are stale.
 393      * If so, then replace the relevant field with the new value
 394      * and return true. Otherwise return false.
 395      * returning true means the request can be retried with the same userid/password
 396      * returning false means we have to go back to the user to ask for a new
 397      * username password.
 398      */
 399     abstract boolean isAuthorizationStale (String header);
 400 
 401     /**
 402      * Give a key for hash table lookups.
 403      * @param includeRealm if you want the realm considered.  Preemptively
 404      *          setting an authorization is done before the realm is known.
 405      */
 406     String cacheKey(boolean includeRealm) {
 407         // This must be kept in sync with the getXXXAuth() methods in this
 408         // class.
 409         if (includeRealm) {
 410             return type + ":" + authScheme + ":" + protocol + ":"
 411                         + host + ":" + port + ":" + realm;
 412         } else {
 413             return type + ":" + protocol + ":" + host + ":" + port;
 414         }
 415     }
 416 
 417     String s1, s2;  /* used for serialization of pw */
 418 
 419     private void readObject(ObjectInputStream s)
 420         throws IOException, ClassNotFoundException
 421     {
 422         s.defaultReadObject ();
 423         pw = new PasswordAuthentication (s1, s2.toCharArray());
 424         s1 = null; s2= null;
 425     }
 426 
 427     private synchronized void writeObject(java.io.ObjectOutputStream s)
 428         throws IOException
 429     {
 430         s1 = pw.getUserName();
 431         s2 = new String (pw.getPassword());
 432         s.defaultWriteObject ();
 433     }
 434 }