1 /* 2 * Copyright (c) 2003, 2018 Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.net.spi; 27 28 import java.net.InetSocketAddress; 29 import java.net.Proxy; 30 import java.net.ProxySelector; 31 import java.net.SocketAddress; 32 import java.net.URI; 33 import java.util.Collections; 34 import java.util.List; 35 import java.io.IOException; 36 import java.security.AccessController; 37 import java.security.PrivilegedAction; 38 import java.util.StringJoiner; 39 import java.util.regex.Pattern; 40 import java.util.stream.Stream; 41 import sun.net.NetProperties; 42 import sun.net.SocksProxy; 43 import static java.util.regex.Pattern.quote; 44 import static java.util.stream.Collectors.collectingAndThen; 45 import static java.util.stream.Collectors.toList; 46 47 /** 48 * Supports proxy settings using system properties This proxy selector 49 * provides backward compatibility with the old http protocol handler 50 * as far as how proxy is set 51 * 52 * Most of the implementation copied from the old http protocol handler 53 * 54 * Supports http/https/ftp.proxyHost, http/https/ftp.proxyPort, 55 * proxyHost, proxyPort, and http/https/ftp.nonProxyHost, and socks. 56 * NOTE: need to do gopher as well 57 */ 58 public class DefaultProxySelector extends ProxySelector { 59 60 /** 61 * This is where we define all the valid System Properties we have to 62 * support for each given protocol. 63 * The format of this 2 dimensional array is : 64 * - 1 row per protocol (http, ftp, ...) 65 * - 1st element of each row is the protocol name 66 * - subsequent elements are prefixes for Host & Port properties 67 * listed in order of priority. 68 * Example: 69 * {"ftp", "ftp.proxy", "ftpProxy", "proxy", "socksProxy"}, 70 * means for FTP we try in that oder: 71 * + ftp.proxyHost & ftp.proxyPort 72 * + ftpProxyHost & ftpProxyPort 73 * + proxyHost & proxyPort 74 * + socksProxyHost & socksProxyPort 75 * 76 * Note that the socksProxy should *always* be the last on the list 77 */ 78 static final String[][] props = { 79 /* 80 * protocol, Property prefix 1, Property prefix 2, ... 81 */ 82 {"http", "http.proxy", "proxy", "socksProxy"}, 83 {"https", "https.proxy", "proxy", "socksProxy"}, 84 {"ftp", "ftp.proxy", "ftpProxy", "proxy", "socksProxy"}, 85 {"gopher", "gopherProxy", "socksProxy"}, 86 {"socket", "socksProxy"} 87 }; 88 89 private static final String SOCKS_PROXY_VERSION = "socksProxyVersion"; 90 91 private static boolean hasSystemProxies = false; 92 93 private static final List<Proxy> NO_PROXY_LIST = List.of(Proxy.NO_PROXY); 94 95 static { 96 final String key = "java.net.useSystemProxies"; 97 Boolean b = AccessController.doPrivileged( 98 new PrivilegedAction<Boolean>() { 99 public Boolean run() { 100 return NetProperties.getBoolean(key); 101 }}); 102 if (b != null && b.booleanValue()) { 103 java.security.AccessController.doPrivileged( 104 new java.security.PrivilegedAction<Void>() { 105 public Void run() { 106 System.loadLibrary("net"); 107 return null; 108 } 109 }); 110 hasSystemProxies = init(); 111 } 112 } 113 114 public static int socksProxyVersion() { 115 return AccessController.doPrivileged( 116 new PrivilegedAction<Integer>() { 117 @Override public Integer run() { 118 return NetProperties.getInteger(SOCKS_PROXY_VERSION, 5); 119 } 120 }); 121 } 122 123 /** 124 * How to deal with "non proxy hosts": 125 * since we do have to generate a pattern we don't want to do that if 126 * it's not necessary. Therefore we do cache the result, on a per-protocol 127 * basis, and change it only when the "source", i.e. the system property, 128 * did change. 129 */ 130 131 static class NonProxyInfo { 132 // Default value for nonProxyHosts, this provides backward compatibility 133 // by excluding localhost and its litteral notations. 134 static final String defStringVal = "localhost|127.*|[::1]|0.0.0.0|[::0]"; 135 136 String hostsSource; 137 Pattern pattern; 138 final String property; 139 final String defaultVal; 140 static NonProxyInfo ftpNonProxyInfo = new NonProxyInfo("ftp.nonProxyHosts", null, null, defStringVal); 141 static NonProxyInfo httpNonProxyInfo = new NonProxyInfo("http.nonProxyHosts", null, null, defStringVal); 142 static NonProxyInfo socksNonProxyInfo = new NonProxyInfo("socksNonProxyHosts", null, null, defStringVal); 143 144 NonProxyInfo(String p, String s, Pattern pattern, String d) { 145 property = p; 146 hostsSource = s; 147 this.pattern = pattern; 148 defaultVal = d; 149 } 150 } 151 152 153 /** 154 * select() method. Where all the hard work is done. 155 * Build a list of proxies depending on URI. 156 * Since we're only providing compatibility with the system properties 157 * from previous releases (see list above), that list will typically 158 * contain one single proxy, default being NO_PROXY. 159 * If we can get a system proxy it might contain more entries. 160 */ 161 public java.util.List<Proxy> select(URI uri) { 162 if (uri == null) { 163 throw new IllegalArgumentException("URI can't be null."); 164 } 165 String protocol = uri.getScheme(); 166 String host = uri.getHost(); 167 168 if (host == null) { 169 // This is a hack to ensure backward compatibility in two 170 // cases: 1. hostnames contain non-ascii characters, 171 // internationalized domain names. in which case, URI will 172 // return null, see BugID 4957669; 2. Some hostnames can 173 // contain '_' chars even though it's not supposed to be 174 // legal, in which case URI will return null for getHost, 175 // but not for getAuthority() See BugID 4913253 176 String auth = uri.getAuthority(); 177 if (auth != null) { 178 int i; 179 i = auth.indexOf('@'); 180 if (i >= 0) { 181 auth = auth.substring(i+1); 182 } 183 i = auth.lastIndexOf(':'); 184 if (i >= 0) { 185 auth = auth.substring(0,i); 186 } 187 host = auth; 188 } 189 } 190 191 if (protocol == null || host == null) { 192 throw new IllegalArgumentException("protocol = "+protocol+" host = "+host); 193 } 194 195 NonProxyInfo pinfo = null; 196 197 if ("http".equalsIgnoreCase(protocol)) { 198 pinfo = NonProxyInfo.httpNonProxyInfo; 199 } else if ("https".equalsIgnoreCase(protocol)) { 200 // HTTPS uses the same property as HTTP, for backward 201 // compatibility 202 pinfo = NonProxyInfo.httpNonProxyInfo; 203 } else if ("ftp".equalsIgnoreCase(protocol)) { 204 pinfo = NonProxyInfo.ftpNonProxyInfo; 205 } else if ("socket".equalsIgnoreCase(protocol)) { 206 pinfo = NonProxyInfo.socksNonProxyInfo; 207 } 208 209 /** 210 * Let's check the System properties for that protocol 211 */ 212 final String proto = protocol; 213 final NonProxyInfo nprop = pinfo; 214 final String urlhost = host.toLowerCase(); 215 216 /** 217 * This is one big doPrivileged call, but we're trying to optimize 218 * the code as much as possible. Since we're checking quite a few 219 * System properties it does help having only 1 call to doPrivileged. 220 * Be mindful what you do in here though! 221 */ 222 Proxy[] proxyArray = AccessController.doPrivileged( 223 new PrivilegedAction<Proxy[]>() { 224 public Proxy[] run() { 225 int i, j; 226 String phost = null; 227 int pport = 0; 228 String nphosts = null; 229 InetSocketAddress saddr = null; 230 231 // Then let's walk the list of protocols in our array 232 for (i=0; i<props.length; i++) { 233 if (props[i][0].equalsIgnoreCase(proto)) { 234 for (j = 1; j < props[i].length; j++) { 235 /* System.getProp() will give us an empty 236 * String, "" for a defined but "empty" 237 * property. 238 */ 239 phost = NetProperties.get(props[i][j]+"Host"); 240 if (phost != null && phost.length() != 0) 241 break; 242 } 243 if (phost == null || phost.isEmpty()) { 244 /** 245 * No system property defined for that 246 * protocol. Let's check System Proxy 247 * settings (Gnome, MacOsX & Windows) if 248 * we were instructed to. 249 */ 250 if (hasSystemProxies) { 251 String sproto; 252 if (proto.equalsIgnoreCase("socket")) 253 sproto = "socks"; 254 else 255 sproto = proto; 256 return getSystemProxies(sproto, urlhost); 257 } 258 return null; 259 } 260 // If a Proxy Host is defined for that protocol 261 // Let's get the NonProxyHosts property 262 if (nprop != null) { 263 nphosts = NetProperties.get(nprop.property); 264 synchronized (nprop) { 265 if (nphosts == null) { 266 if (nprop.defaultVal != null) { 267 nphosts = nprop.defaultVal; 268 } else { 269 nprop.hostsSource = null; 270 nprop.pattern = null; 271 } 272 } else if (!nphosts.isEmpty()) { 273 // add the required default patterns 274 // but only if property no set. If it 275 // is empty, leave empty. 276 nphosts += "|" + NonProxyInfo 277 .defStringVal; 278 } 279 if (nphosts != null) { 280 if (!nphosts.equals(nprop.hostsSource)) { 281 nprop.pattern = toPattern(nphosts); 282 nprop.hostsSource = nphosts; 283 } 284 } 285 if (shouldNotUseProxyFor(nprop.pattern, urlhost)) { 286 return null; 287 } 288 } 289 } 290 // We got a host, let's check for port 291 292 pport = NetProperties.getInteger(props[i][j]+"Port", 0).intValue(); 293 if (pport == 0 && j < (props[i].length - 1)) { 294 // Can't find a port with same prefix as Host 295 // AND it's not a SOCKS proxy 296 // Let's try the other prefixes for that proto 297 for (int k = 1; k < (props[i].length - 1); k++) { 298 if ((k != j) && (pport == 0)) 299 pport = NetProperties.getInteger(props[i][k]+"Port", 0).intValue(); 300 } 301 } 302 303 // Still couldn't find a port, let's use default 304 if (pport == 0) { 305 if (j == (props[i].length - 1)) // SOCKS 306 pport = defaultPort("socket"); 307 else 308 pport = defaultPort(proto); 309 } 310 // We did find a proxy definition. 311 // Let's create the address, but don't resolve it 312 // as this will be done at connection time 313 saddr = InetSocketAddress.createUnresolved(phost, pport); 314 // Socks is *always* the last on the list. 315 if (j == (props[i].length - 1)) { 316 return new Proxy[] {SocksProxy.create(saddr, socksProxyVersion())}; 317 } 318 return new Proxy[] {new Proxy(Proxy.Type.HTTP, saddr)}; 319 } 320 } 321 return null; 322 }}); 323 324 325 if (proxyArray != null) { 326 // Remove duplicate entries, while preserving order. 327 return Stream.of(proxyArray).distinct().collect( 328 collectingAndThen(toList(), Collections::unmodifiableList)); 329 } 330 331 // If no specific proxy was found, return a standard list containing 332 // only one NO_PROXY entry. 333 return NO_PROXY_LIST; 334 } 335 336 public void connectFailed(URI uri, SocketAddress sa, IOException ioe) { 337 if (uri == null || sa == null || ioe == null) { 338 throw new IllegalArgumentException("Arguments can't be null."); 339 } 340 // ignored 341 } 342 343 344 private int defaultPort(String protocol) { 345 if ("http".equalsIgnoreCase(protocol)) { 346 return 80; 347 } else if ("https".equalsIgnoreCase(protocol)) { 348 return 443; 349 } else if ("ftp".equalsIgnoreCase(protocol)) { 350 return 80; 351 } else if ("socket".equalsIgnoreCase(protocol)) { 352 return 1080; 353 } else if ("gopher".equalsIgnoreCase(protocol)) { 354 return 80; 355 } else { 356 return -1; 357 } 358 } 359 360 private static native boolean init(); 361 private synchronized native Proxy[] getSystemProxies(String protocol, String host); 362 363 /** 364 * @return {@code true} if given this pattern for non-proxy hosts and this 365 * urlhost the proxy should NOT be used to access this urlhost 366 */ 367 static boolean shouldNotUseProxyFor(Pattern pattern, String urlhost) { 368 if (pattern == null || urlhost.isEmpty()) 369 return false; 370 boolean matches = pattern.matcher(urlhost).matches(); 371 return matches; 372 } 373 374 /** 375 * @param mask non-null mask 376 * @return {@link java.util.regex.Pattern} corresponding to this mask 377 * or {@code null} in case mask should not match anything 378 */ 379 static Pattern toPattern(String mask) { 380 boolean disjunctionEmpty = true; 381 StringJoiner joiner = new StringJoiner("|"); 382 for (String disjunct : mask.split("\\|")) { 383 if (disjunct.isEmpty()) 384 continue; 385 disjunctionEmpty = false; 386 String regex = disjunctToRegex(disjunct.toLowerCase()); 387 joiner.add(regex); 388 } 389 return disjunctionEmpty ? null : Pattern.compile(joiner.toString()); 390 } 391 392 /** 393 * @param disjunct non-null mask disjunct 394 * @return java regex string corresponding to this mask 395 */ 396 static String disjunctToRegex(String disjunct) { 397 String regex; 398 if (disjunct.startsWith("*") && disjunct.endsWith("*")) { 399 regex = ".*" + quote(disjunct.substring(1, disjunct.length() - 1)) + ".*"; 400 } else if (disjunct.startsWith("*")) { 401 regex = ".*" + quote(disjunct.substring(1)); 402 } else if (disjunct.endsWith("*")) { 403 regex = quote(disjunct.substring(0, disjunct.length() - 1)) + ".*"; 404 } else { 405 regex = quote(disjunct); 406 } 407 return regex; 408 } 409 }