1 /*
2 * Copyright (c) 2003, 2017, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.net.spi;
27
28 import java.net.InetSocketAddress;
29 import java.net.Proxy;
30 import java.net.ProxySelector;
31 import java.net.SocketAddress;
32 import java.net.URI;
33 import java.util.Arrays;
34 import java.util.List;
35 import java.io.IOException;
36 import java.security.AccessController;
37 import java.security.PrivilegedAction;
38 import java.util.StringJoiner;
39 import java.util.regex.Pattern;
40 import sun.net.NetProperties;
41 import sun.net.SocksProxy;
42 import static java.util.regex.Pattern.quote;
43
44 /**
45 * Supports proxy settings using system properties This proxy selector
46 * provides backward compatibility with the old http protocol handler
47 * as far as how proxy is set
48 *
49 * Most of the implementation copied from the old http protocol handler
50 *
51 * Supports http/https/ftp.proxyHost, http/https/ftp.proxyPort,
52 * proxyHost, proxyPort, and http/https/ftp.nonProxyHost, and socks.
53 * NOTE: need to do gopher as well
54 */
55 public class DefaultProxySelector extends ProxySelector {
56
57 /**
58 * This is where we define all the valid System Properties we have to
59 * support for each given protocol.
60 * The format of this 2 dimensional array is :
61 * - 1 row per protocol (http, ftp, ...)
62 * - 1st element of each row is the protocol name
63 * - subsequent elements are prefixes for Host & Port properties
64 * listed in order of priority.
65 * Example:
66 * {"ftp", "ftp.proxy", "ftpProxy", "proxy", "socksProxy"},
67 * means for FTP we try in that oder:
68 * + ftp.proxyHost & ftp.proxyPort
69 * + ftpProxyHost & ftpProxyPort
70 * + proxyHost & proxyPort
71 * + socksProxyHost & socksProxyPort
72 *
73 * Note that the socksProxy should *always* be the last on the list
74 */
75 static final String[][] props = {
76 /*
77 * protocol, Property prefix 1, Property prefix 2, ...
78 */
79 {"http", "http.proxy", "proxy", "socksProxy"},
80 {"https", "https.proxy", "proxy", "socksProxy"},
81 {"ftp", "ftp.proxy", "ftpProxy", "proxy", "socksProxy"},
82 {"gopher", "gopherProxy", "socksProxy"},
83 {"socket", "socksProxy"}
84 };
85
86 private static final String SOCKS_PROXY_VERSION = "socksProxyVersion";
87
88 private static boolean hasSystemProxies = false;
89
90 private static final List<Proxy> NO_PROXY_LIST = List.of(Proxy.NO_PROXY);
91
92 static {
93 final String key = "java.net.useSystemProxies";
94 Boolean b = AccessController.doPrivileged(
95 new PrivilegedAction<Boolean>() {
96 public Boolean run() {
97 return NetProperties.getBoolean(key);
98 }});
99 if (b != null && b.booleanValue()) {
100 java.security.AccessController.doPrivileged(
101 new java.security.PrivilegedAction<Void>() {
102 public Void run() {
103 System.loadLibrary("net");
104 return null;
105 }
106 });
107 hasSystemProxies = init();
108 }
109 }
110
111 public static int socksProxyVersion() {
112 return AccessController.doPrivileged(
113 new PrivilegedAction<Integer>() {
114 @Override public Integer run() {
115 return NetProperties.getInteger(SOCKS_PROXY_VERSION, 5);
116 }
117 });
118 }
119
120 /**
121 * How to deal with "non proxy hosts":
122 * since we do have to generate a pattern we don't want to do that if
123 * it's not necessary. Therefore we do cache the result, on a per-protocol
124 * basis, and change it only when the "source", i.e. the system property,
125 * did change.
126 */
127
128 static class NonProxyInfo {
129 // Default value for nonProxyHosts, this provides backward compatibility
130 // by excluding localhost and its litteral notations.
131 static final String defStringVal = "localhost|127.*|[::1]|0.0.0.0|[::0]";
132
133 String hostsSource;
134 Pattern pattern;
135 final String property;
136 final String defaultVal;
137 static NonProxyInfo ftpNonProxyInfo = new NonProxyInfo("ftp.nonProxyHosts", null, null, defStringVal);
138 static NonProxyInfo httpNonProxyInfo = new NonProxyInfo("http.nonProxyHosts", null, null, defStringVal);
139 static NonProxyInfo socksNonProxyInfo = new NonProxyInfo("socksNonProxyHosts", null, null, defStringVal);
140
141 NonProxyInfo(String p, String s, Pattern pattern, String d) {
142 property = p;
143 hostsSource = s;
144 this.pattern = pattern;
145 defaultVal = d;
146 }
147 }
148
149
150 /**
151 * select() method. Where all the hard work is done.
152 * Build a list of proxies depending on URI.
153 * Since we're only providing compatibility with the system properties
154 * from previous releases (see list above), that list will typically
155 * contain one single proxy, default being NO_PROXY.
156 * If we can get a system proxy it might contain more entries.
157 */
158 public java.util.List<Proxy> select(URI uri) {
159 if (uri == null) {
160 throw new IllegalArgumentException("URI can't be null.");
161 }
162 String protocol = uri.getScheme();
163 String host = uri.getHost();
164
165 if (host == null) {
166 // This is a hack to ensure backward compatibility in two
167 // cases: 1. hostnames contain non-ascii characters,
168 // internationalized domain names. in which case, URI will
169 // return null, see BugID 4957669; 2. Some hostnames can
170 // contain '_' chars even though it's not supposed to be
171 // legal, in which case URI will return null for getHost,
172 // but not for getAuthority() See BugID 4913253
173 String auth = uri.getAuthority();
174 if (auth != null) {
175 int i;
176 i = auth.indexOf('@');
177 if (i >= 0) {
178 auth = auth.substring(i+1);
179 }
180 i = auth.lastIndexOf(':');
181 if (i >= 0) {
182 auth = auth.substring(0,i);
183 }
184 host = auth;
185 }
186 }
187
188 if (protocol == null || host == null) {
189 throw new IllegalArgumentException("protocol = "+protocol+" host = "+host);
190 }
191
192 NonProxyInfo pinfo = null;
193
194 if ("http".equalsIgnoreCase(protocol)) {
195 pinfo = NonProxyInfo.httpNonProxyInfo;
196 } else if ("https".equalsIgnoreCase(protocol)) {
197 // HTTPS uses the same property as HTTP, for backward
198 // compatibility
199 pinfo = NonProxyInfo.httpNonProxyInfo;
200 } else if ("ftp".equalsIgnoreCase(protocol)) {
201 pinfo = NonProxyInfo.ftpNonProxyInfo;
202 } else if ("socket".equalsIgnoreCase(protocol)) {
203 pinfo = NonProxyInfo.socksNonProxyInfo;
204 }
205
206 /**
207 * Let's check the System properties for that protocol
208 */
209 final String proto = protocol;
210 final NonProxyInfo nprop = pinfo;
211 final String urlhost = host.toLowerCase();
212
213 /**
214 * This is one big doPrivileged call, but we're trying to optimize
215 * the code as much as possible. Since we're checking quite a few
216 * System properties it does help having only 1 call to doPrivileged.
217 * Be mindful what you do in here though!
218 */
219 Proxy[] proxyArray = AccessController.doPrivileged(
220 new PrivilegedAction<Proxy[]>() {
221 public Proxy[] run() {
222 int i, j;
223 String phost = null;
224 int pport = 0;
225 String nphosts = null;
226 InetSocketAddress saddr = null;
227
228 // Then let's walk the list of protocols in our array
229 for (i=0; i<props.length; i++) {
230 if (props[i][0].equalsIgnoreCase(proto)) {
231 for (j = 1; j < props[i].length; j++) {
232 /* System.getProp() will give us an empty
233 * String, "" for a defined but "empty"
234 * property.
235 */
236 phost = NetProperties.get(props[i][j]+"Host");
237 if (phost != null && phost.length() != 0)
238 break;
239 }
240 if (phost == null || phost.length() == 0) {
241 /**
242 * No system property defined for that
243 * protocol. Let's check System Proxy
244 * settings (Gnome, MacOsX & Windows) if
245 * we were instructed to.
246 */
247 if (hasSystemProxies) {
248 String sproto;
249 if (proto.equalsIgnoreCase("socket"))
250 sproto = "socks";
251 else
252 sproto = proto;
253 return getSystemProxies(sproto, urlhost);
254 }
255 return null;
256 }
257 // If a Proxy Host is defined for that protocol
258 // Let's get the NonProxyHosts property
259 if (nprop != null) {
260 nphosts = NetProperties.get(nprop.property);
261 synchronized (nprop) {
262 if (nphosts == null) {
263 if (nprop.defaultVal != null) {
264 nphosts = nprop.defaultVal;
265 } else {
266 nprop.hostsSource = null;
267 nprop.pattern = null;
268 }
269 } else if (nphosts.length() != 0) {
270 // add the required default patterns
271 // but only if property no set. If it
272 // is empty, leave empty.
273 nphosts += "|" + NonProxyInfo
274 .defStringVal;
275 }
276 if (nphosts != null) {
277 if (!nphosts.equals(nprop.hostsSource)) {
278 nprop.pattern = toPattern(nphosts);
279 nprop.hostsSource = nphosts;
280 }
281 }
282 if (shouldNotUseProxyFor(nprop.pattern, urlhost)) {
283 return null;
284 }
285 }
286 }
287 // We got a host, let's check for port
288
289 pport = NetProperties.getInteger(props[i][j]+"Port", 0).intValue();
290 if (pport == 0 && j < (props[i].length - 1)) {
291 // Can't find a port with same prefix as Host
292 // AND it's not a SOCKS proxy
293 // Let's try the other prefixes for that proto
294 for (int k = 1; k < (props[i].length - 1); k++) {
295 if ((k != j) && (pport == 0))
296 pport = NetProperties.getInteger(props[i][k]+"Port", 0).intValue();
297 }
298 }
299
300 // Still couldn't find a port, let's use default
301 if (pport == 0) {
302 if (j == (props[i].length - 1)) // SOCKS
303 pport = defaultPort("socket");
304 else
305 pport = defaultPort(proto);
306 }
307 // We did find a proxy definition.
308 // Let's create the address, but don't resolve it
309 // as this will be done at connection time
310 saddr = InetSocketAddress.createUnresolved(phost, pport);
311 // Socks is *always* the last on the list.
312 if (j == (props[i].length - 1)) {
313 return new Proxy[] {SocksProxy.create(saddr, socksProxyVersion())};
314 }
315 return new Proxy[] {new Proxy(Proxy.Type.HTTP, saddr)};
316 }
317 }
318 return null;
319 }});
320
321 // If no specific proxy was found we return our standard list containing
322 // only one NO_PROXY entry.
323 return proxyArray == null ? NO_PROXY_LIST : List.of(proxyArray);
324 }
325
326 public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {
327 if (uri == null || sa == null || ioe == null) {
328 throw new IllegalArgumentException("Arguments can't be null.");
329 }
330 // ignored
331 }
332
333
334 private int defaultPort(String protocol) {
335 if ("http".equalsIgnoreCase(protocol)) {
336 return 80;
337 } else if ("https".equalsIgnoreCase(protocol)) {
338 return 443;
339 } else if ("ftp".equalsIgnoreCase(protocol)) {
340 return 80;
341 } else if ("socket".equalsIgnoreCase(protocol)) {
342 return 1080;
343 } else if ("gopher".equalsIgnoreCase(protocol)) {
344 return 80;
345 } else {
346 return -1;
347 }
348 }
349
350 private static native boolean init();
351 private synchronized native Proxy[] getSystemProxies(String protocol, String host);
352
353 /**
354 * @return {@code true} if given this pattern for non-proxy hosts and this
355 * urlhost the proxy should NOT be used to access this urlhost
356 */
357 static boolean shouldNotUseProxyFor(Pattern pattern, String urlhost) {
358 if (pattern == null || urlhost.isEmpty())
359 return false;
360 boolean matches = pattern.matcher(urlhost).matches();
361 return matches;
362 }
363
364 /**
365 * @param mask non-null mask
366 * @return {@link java.util.regex.Pattern} corresponding to this mask
367 * or {@code null} in case mask should not match anything
368 */
369 static Pattern toPattern(String mask) {
370 boolean disjunctionEmpty = true;
371 StringJoiner joiner = new StringJoiner("|");
372 for (String disjunct : mask.split("\\|")) {
373 if (disjunct.isEmpty())
374 continue;
375 disjunctionEmpty = false;
376 String regex = disjunctToRegex(disjunct.toLowerCase());
377 joiner.add(regex);
378 }
379 return disjunctionEmpty ? null : Pattern.compile(joiner.toString());
380 }
381
382 /**
383 * @param disjunct non-null mask disjunct
384 * @return java regex string corresponding to this mask
385 */
386 static String disjunctToRegex(String disjunct) {
387 String regex;
388 if (disjunct.startsWith("*")) {
389 regex = ".*" + quote(disjunct.substring(1));
390 } else if (disjunct.endsWith("*")) {
391 regex = quote(disjunct.substring(0, disjunct.length() - 1)) + ".*";
392 } else {
393 regex = quote(disjunct);
394 }
395 return regex;
396 }
397 }