1 /* 2 * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.net.spi; 27 28 import java.net.InetSocketAddress; 29 import java.net.Proxy; 30 import java.net.ProxySelector; 31 import java.net.SocketAddress; 32 import java.net.URI; 33 import java.util.Arrays; 34 import java.util.List; 35 import java.io.IOException; 36 import java.security.AccessController; 37 import java.security.PrivilegedAction; 38 import java.util.StringJoiner; 39 import java.util.regex.Pattern; 40 import sun.net.NetProperties; 41 import sun.net.SocksProxy; 42 import static java.util.regex.Pattern.quote; 43 44 /** 45 * Supports proxy settings using system properties This proxy selector 46 * provides backward compatibility with the old http protocol handler 47 * as far as how proxy is set 48 * 49 * Most of the implementation copied from the old http protocol handler 50 * 51 * Supports http/https/ftp.proxyHost, http/https/ftp.proxyPort, 52 * proxyHost, proxyPort, and http/https/ftp.nonProxyHost, and socks. 53 * NOTE: need to do gopher as well 54 */ 55 public class DefaultProxySelector extends ProxySelector { 56 57 /** 58 * This is where we define all the valid System Properties we have to 59 * support for each given protocol. 60 * The format of this 2 dimensional array is : 61 * - 1 row per protocol (http, ftp, ...) 62 * - 1st element of each row is the protocol name 63 * - subsequent elements are prefixes for Host & Port properties 64 * listed in order of priority. 65 * Example: 66 * {"ftp", "ftp.proxy", "ftpProxy", "proxy", "socksProxy"}, 67 * means for FTP we try in that oder: 68 * + ftp.proxyHost & ftp.proxyPort 69 * + ftpProxyHost & ftpProxyPort 70 * + proxyHost & proxyPort 71 * + socksProxyHost & socksProxyPort 72 * 73 * Note that the socksProxy should *always* be the last on the list 74 */ 75 static final String[][] props = { 76 /* 77 * protocol, Property prefix 1, Property prefix 2, ... 78 */ 79 {"http", "http.proxy", "proxy", "socksProxy"}, 80 {"https", "https.proxy", "proxy", "socksProxy"}, 81 {"ftp", "ftp.proxy", "ftpProxy", "proxy", "socksProxy"}, 82 {"gopher", "gopherProxy", "socksProxy"}, 83 {"socket", "socksProxy"} 84 }; 85 86 private static final String SOCKS_PROXY_VERSION = "socksProxyVersion"; 87 88 private static boolean hasSystemProxies = false; 89 90 private static final List<Proxy> NO_PROXY_LIST = List.of(Proxy.NO_PROXY); 91 92 static { 93 final String key = "java.net.useSystemProxies"; 94 Boolean b = AccessController.doPrivileged( 95 new PrivilegedAction<Boolean>() { 96 public Boolean run() { 97 return NetProperties.getBoolean(key); 98 }}); 99 if (b != null && b.booleanValue()) { 100 java.security.AccessController.doPrivileged( 101 new java.security.PrivilegedAction<Void>() { 102 public Void run() { 103 System.loadLibrary("net"); 104 return null; 105 } 106 }); 107 hasSystemProxies = init(); 108 } 109 } 110 111 public static int socksProxyVersion() { 112 return AccessController.doPrivileged( 113 new PrivilegedAction<Integer>() { 114 @Override public Integer run() { 115 return NetProperties.getInteger(SOCKS_PROXY_VERSION, 5); 116 } 117 }); 118 } 119 120 /** 121 * How to deal with "non proxy hosts": 122 * since we do have to generate a pattern we don't want to do that if 123 * it's not necessary. Therefore we do cache the result, on a per-protocol 124 * basis, and change it only when the "source", i.e. the system property, 125 * did change. 126 */ 127 128 static class NonProxyInfo { 129 // Default value for nonProxyHosts, this provides backward compatibility 130 // by excluding localhost and its litteral notations. 131 static final String defStringVal = "localhost|127.*|[::1]|0.0.0.0|[::0]"; 132 133 String hostsSource; 134 Pattern pattern; 135 final String property; 136 final String defaultVal; 137 static NonProxyInfo ftpNonProxyInfo = new NonProxyInfo("ftp.nonProxyHosts", null, null, defStringVal); 138 static NonProxyInfo httpNonProxyInfo = new NonProxyInfo("http.nonProxyHosts", null, null, defStringVal); 139 static NonProxyInfo socksNonProxyInfo = new NonProxyInfo("socksNonProxyHosts", null, null, defStringVal); 140 141 NonProxyInfo(String p, String s, Pattern pattern, String d) { 142 property = p; 143 hostsSource = s; 144 this.pattern = pattern; 145 defaultVal = d; 146 } 147 } 148 149 150 /** 151 * select() method. Where all the hard work is done. 152 * Build a list of proxies depending on URI. 153 * Since we're only providing compatibility with the system properties 154 * from previous releases (see list above), that list will typically 155 * contain one single proxy, default being NO_PROXY. 156 * If we can get a system proxy it might contain more entries. 157 */ 158 public java.util.List<Proxy> select(URI uri) { 159 if (uri == null) { 160 throw new IllegalArgumentException("URI can't be null."); 161 } 162 String protocol = uri.getScheme(); 163 String host = uri.getHost(); 164 165 if (host == null) { 166 // This is a hack to ensure backward compatibility in two 167 // cases: 1. hostnames contain non-ascii characters, 168 // internationalized domain names. in which case, URI will 169 // return null, see BugID 4957669; 2. Some hostnames can 170 // contain '_' chars even though it's not supposed to be 171 // legal, in which case URI will return null for getHost, 172 // but not for getAuthority() See BugID 4913253 173 String auth = uri.getAuthority(); 174 if (auth != null) { 175 int i; 176 i = auth.indexOf('@'); 177 if (i >= 0) { 178 auth = auth.substring(i+1); 179 } 180 i = auth.lastIndexOf(':'); 181 if (i >= 0) { 182 auth = auth.substring(0,i); 183 } 184 host = auth; 185 } 186 } 187 188 if (protocol == null || host == null) { 189 throw new IllegalArgumentException("protocol = "+protocol+" host = "+host); 190 } 191 192 NonProxyInfo pinfo = null; 193 194 if ("http".equalsIgnoreCase(protocol)) { 195 pinfo = NonProxyInfo.httpNonProxyInfo; 196 } else if ("https".equalsIgnoreCase(protocol)) { 197 // HTTPS uses the same property as HTTP, for backward 198 // compatibility 199 pinfo = NonProxyInfo.httpNonProxyInfo; 200 } else if ("ftp".equalsIgnoreCase(protocol)) { 201 pinfo = NonProxyInfo.ftpNonProxyInfo; 202 } else if ("socket".equalsIgnoreCase(protocol)) { 203 pinfo = NonProxyInfo.socksNonProxyInfo; 204 } 205 206 /** 207 * Let's check the System properties for that protocol 208 */ 209 final String proto = protocol; 210 final NonProxyInfo nprop = pinfo; 211 final String urlhost = host.toLowerCase(); 212 213 /** 214 * This is one big doPrivileged call, but we're trying to optimize 215 * the code as much as possible. Since we're checking quite a few 216 * System properties it does help having only 1 call to doPrivileged. 217 * Be mindful what you do in here though! 218 */ 219 Proxy[] proxyArray = AccessController.doPrivileged( 220 new PrivilegedAction<Proxy[]>() { 221 public Proxy[] run() { 222 int i, j; 223 String phost = null; 224 int pport = 0; 225 String nphosts = null; 226 InetSocketAddress saddr = null; 227 228 // Then let's walk the list of protocols in our array 229 for (i=0; i<props.length; i++) { 230 if (props[i][0].equalsIgnoreCase(proto)) { 231 for (j = 1; j < props[i].length; j++) { 232 /* System.getProp() will give us an empty 233 * String, "" for a defined but "empty" 234 * property. 235 */ 236 phost = NetProperties.get(props[i][j]+"Host"); 237 if (phost != null && phost.length() != 0) 238 break; 239 } 240 if (phost == null || phost.length() == 0) { 241 /** 242 * No system property defined for that 243 * protocol. Let's check System Proxy 244 * settings (Gnome, MacOsX & Windows) if 245 * we were instructed to. 246 */ 247 if (hasSystemProxies) { 248 String sproto; 249 if (proto.equalsIgnoreCase("socket")) 250 sproto = "socks"; 251 else 252 sproto = proto; 253 return getSystemProxies(sproto, urlhost); 254 } 255 return null; 256 } 257 // If a Proxy Host is defined for that protocol 258 // Let's get the NonProxyHosts property 259 if (nprop != null) { 260 nphosts = NetProperties.get(nprop.property); 261 synchronized (nprop) { 262 if (nphosts == null) { 263 if (nprop.defaultVal != null) { 264 nphosts = nprop.defaultVal; 265 } else { 266 nprop.hostsSource = null; 267 nprop.pattern = null; 268 } 269 } else if (nphosts.length() != 0) { 270 // add the required default patterns 271 // but only if property no set. If it 272 // is empty, leave empty. 273 nphosts += "|" + NonProxyInfo 274 .defStringVal; 275 } 276 if (nphosts != null) { 277 if (!nphosts.equals(nprop.hostsSource)) { 278 nprop.pattern = toPattern(nphosts); 279 nprop.hostsSource = nphosts; 280 } 281 } 282 if (shouldNotUseProxyFor(nprop.pattern, urlhost)) { 283 return null; 284 } 285 } 286 } 287 // We got a host, let's check for port 288 289 pport = NetProperties.getInteger(props[i][j]+"Port", 0).intValue(); 290 if (pport == 0 && j < (props[i].length - 1)) { 291 // Can't find a port with same prefix as Host 292 // AND it's not a SOCKS proxy 293 // Let's try the other prefixes for that proto 294 for (int k = 1; k < (props[i].length - 1); k++) { 295 if ((k != j) && (pport == 0)) 296 pport = NetProperties.getInteger(props[i][k]+"Port", 0).intValue(); 297 } 298 } 299 300 // Still couldn't find a port, let's use default 301 if (pport == 0) { 302 if (j == (props[i].length - 1)) // SOCKS 303 pport = defaultPort("socket"); 304 else 305 pport = defaultPort(proto); 306 } 307 // We did find a proxy definition. 308 // Let's create the address, but don't resolve it 309 // as this will be done at connection time 310 saddr = InetSocketAddress.createUnresolved(phost, pport); 311 // Socks is *always* the last on the list. 312 if (j == (props[i].length - 1)) { 313 return new Proxy[] {SocksProxy.create(saddr, socksProxyVersion())}; 314 } 315 return new Proxy[] {new Proxy(Proxy.Type.HTTP, saddr)}; 316 } 317 } 318 return null; 319 }}); 320 321 // If no specific proxy was found we return our standard list containing 322 // only one NO_PROXY entry. 323 return proxyArray == null ? NO_PROXY_LIST : List.of(proxyArray); 324 } 325 326 public void connectFailed(URI uri, SocketAddress sa, IOException ioe) { 327 if (uri == null || sa == null || ioe == null) { 328 throw new IllegalArgumentException("Arguments can't be null."); 329 } 330 // ignored 331 } 332 333 334 private int defaultPort(String protocol) { 335 if ("http".equalsIgnoreCase(protocol)) { 336 return 80; 337 } else if ("https".equalsIgnoreCase(protocol)) { 338 return 443; 339 } else if ("ftp".equalsIgnoreCase(protocol)) { 340 return 80; 341 } else if ("socket".equalsIgnoreCase(protocol)) { 342 return 1080; 343 } else if ("gopher".equalsIgnoreCase(protocol)) { 344 return 80; 345 } else { 346 return -1; 347 } 348 } 349 350 private static native boolean init(); 351 private synchronized native Proxy[] getSystemProxies(String protocol, String host); 352 353 /** 354 * @return {@code true} if given this pattern for non-proxy hosts and this 355 * urlhost the proxy should NOT be used to access this urlhost 356 */ 357 static boolean shouldNotUseProxyFor(Pattern pattern, String urlhost) { 358 if (pattern == null || urlhost.isEmpty()) 359 return false; 360 boolean matches = pattern.matcher(urlhost).matches(); 361 return matches; 362 } 363 364 /** 365 * @param mask non-null mask 366 * @return {@link java.util.regex.Pattern} corresponding to this mask 367 * or {@code null} in case mask should not match anything 368 */ 369 static Pattern toPattern(String mask) { 370 boolean disjunctionEmpty = true; 371 StringJoiner joiner = new StringJoiner("|"); 372 for (String disjunct : mask.split("\\|")) { 373 if (disjunct.isEmpty()) 374 continue; 375 disjunctionEmpty = false; 376 String regex = disjunctToRegex(disjunct.toLowerCase()); 377 joiner.add(regex); 378 } 379 return disjunctionEmpty ? null : Pattern.compile(joiner.toString()); 380 } 381 382 /** 383 * @param disjunct non-null mask disjunct 384 * @return java regex string corresponding to this mask 385 */ 386 static String disjunctToRegex(String disjunct) { 387 String regex; 388 if (disjunct.startsWith("*")) { 389 regex = ".*" + quote(disjunct.substring(1)); 390 } else if (disjunct.endsWith("*")) { 391 regex = quote(disjunct.substring(0, disjunct.length() - 1)) + ".*"; 392 } else { 393 regex = quote(disjunct); 394 } 395 return regex; 396 } 397 }