1 /*
2 * Copyright (c) 1995, 2018, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.net.www.protocol.http;
27
28 import java.security.PrivilegedAction;
29 import java.util.Arrays;
30 import java.net.URL;
31 import java.net.URLConnection;
32 import java.net.ProtocolException;
33 import java.net.HttpRetryException;
34 import java.net.PasswordAuthentication;
35 import java.net.Authenticator;
36 import java.net.HttpCookie;
37 import java.net.InetAddress;
38 import java.net.UnknownHostException;
39 import java.net.SocketTimeoutException;
40 import java.net.SocketPermission;
41 import java.net.Proxy;
42 import java.net.ProxySelector;
43 import java.net.URI;
44 import java.net.InetSocketAddress;
45 import java.net.CookieHandler;
46 import java.net.ResponseCache;
47 import java.net.CacheResponse;
48 import java.net.SecureCacheResponse;
49 import java.net.CacheRequest;
50 import java.net.URLPermission;
51 import java.net.Authenticator.RequestorType;
52 import java.security.AccessController;
53 import java.security.PrivilegedExceptionAction;
54 import java.security.PrivilegedActionException;
55 import java.io.*;
56 import java.util.ArrayList;
57 import java.util.Collections;
58 import java.util.Date;
59 import java.util.Map;
60 import java.util.List;
61 import java.util.Locale;
62 import java.util.StringTokenizer;
63 import java.util.Iterator;
64 import java.util.HashSet;
65 import java.util.HashMap;
66 import java.util.Set;
67 import java.util.StringJoiner;
68 import jdk.internal.misc.JavaNetHttpCookieAccess;
69 import jdk.internal.misc.SharedSecrets;
70 import sun.net.*;
71 import sun.net.www.*;
72 import sun.net.www.http.HttpClient;
73 import sun.net.www.http.PosterOutputStream;
74 import sun.net.www.http.ChunkedInputStream;
75 import sun.net.www.http.ChunkedOutputStream;
76 import sun.util.logging.PlatformLogger;
77 import java.text.SimpleDateFormat;
78 import java.util.TimeZone;
79 import java.net.MalformedURLException;
80 import java.nio.ByteBuffer;
81 import java.util.Objects;
82 import java.util.Properties;
83 import static sun.net.www.protocol.http.AuthScheme.BASIC;
84 import static sun.net.www.protocol.http.AuthScheme.DIGEST;
85 import static sun.net.www.protocol.http.AuthScheme.NTLM;
86 import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
87 import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
88 import static sun.net.www.protocol.http.AuthScheme.UNKNOWN;
89 import sun.security.action.GetIntegerAction;
90 import sun.security.action.GetPropertyAction;
91
92 /**
93 * A class to represent an HTTP connection to a remote object.
94 */
95
96
97 public class HttpURLConnection extends java.net.HttpURLConnection {
98
99 static String HTTP_CONNECT = "CONNECT";
100
101 static final String version;
102 public static final String userAgent;
103
104 /* max # of allowed re-directs */
105 static final int defaultmaxRedirects = 20;
106 static final int maxRedirects;
107
108 /* Not all servers support the (Proxy)-Authentication-Info headers.
109 * By default, we don't require them to be sent
110 */
111 static final boolean validateProxy;
112 static final boolean validateServer;
113
114 /** A, possibly empty, set of authentication schemes that are disabled
115 * when proxying plain HTTP ( not HTTPS ). */
116 static final Set<String> disabledProxyingSchemes;
117
118 /** A, possibly empty, set of authentication schemes that are disabled
119 * when setting up a tunnel for HTTPS ( HTTP CONNECT ). */
120 static final Set<String> disabledTunnelingSchemes;
121
122 private StreamingOutputStream strOutputStream;
123 private static final String RETRY_MSG1 =
124 "cannot retry due to proxy authentication, in streaming mode";
125 private static final String RETRY_MSG2 =
126 "cannot retry due to server authentication, in streaming mode";
127 private static final String RETRY_MSG3 =
128 "cannot retry due to redirection, in streaming mode";
129
130 /*
131 * System properties related to error stream handling:
132 *
133 * sun.net.http.errorstream.enableBuffering = <boolean>
134 *
135 * With the above system property set to true (default is false),
136 * when the response code is >=400, the HTTP handler will try to
137 * buffer the response body (up to a certain amount and within a
138 * time limit). Thus freeing up the underlying socket connection
139 * for reuse. The rationale behind this is that usually when the
140 * server responds with a >=400 error (client error or server
141 * error, such as 404 file not found), the server will send a
142 * small response body to explain who to contact and what to do to
143 * recover. With this property set to true, even if the
144 * application doesn't call getErrorStream(), read the response
145 * body, and then call close(), the underlying socket connection
146 * can still be kept-alive and reused. The following two system
147 * properties provide further control to the error stream
148 * buffering behaviour.
149 *
150 * sun.net.http.errorstream.timeout = <int>
151 * the timeout (in millisec) waiting the error stream
152 * to be buffered; default is 300 ms
153 *
154 * sun.net.http.errorstream.bufferSize = <int>
155 * the size (in bytes) to use for the buffering the error stream;
156 * default is 4k
157 */
158
159
160 /* Should we enable buffering of error streams? */
161 private static boolean enableESBuffer = false;
162
163 /* timeout waiting for read for buffered error stream;
164 */
165 private static int timeout4ESBuffer = 0;
166
167 /* buffer size for buffered error stream;
168 */
169 private static int bufSize4ES = 0;
170
171 /*
172 * Restrict setting of request headers through the public api
173 * consistent with JavaScript XMLHttpRequest2 with a few
174 * exceptions. Disallowed headers are silently ignored for
175 * backwards compatibility reasons rather than throwing a
176 * SecurityException. For example, some applets set the
177 * Host header since old JREs did not implement HTTP 1.1.
178 * Additionally, any header starting with Sec- is
179 * disallowed.
180 *
181 * The following headers are allowed for historical reasons:
182 *
183 * Accept-Charset, Accept-Encoding, Cookie, Cookie2, Date,
184 * Referer, TE, User-Agent, headers beginning with Proxy-.
185 *
186 * The following headers are allowed in a limited form:
187 *
188 * Connection: close
189 *
190 * See http://www.w3.org/TR/XMLHttpRequest2.
191 */
192 private static final boolean allowRestrictedHeaders;
193 private static final Set<String> restrictedHeaderSet;
194 private static final String[] restrictedHeaders = {
195 /* Restricted by XMLHttpRequest2 */
196 //"Accept-Charset",
197 //"Accept-Encoding",
198 "Access-Control-Request-Headers",
199 "Access-Control-Request-Method",
200 "Connection", /* close is allowed */
201 "Content-Length",
202 //"Cookie",
203 //"Cookie2",
204 "Content-Transfer-Encoding",
205 //"Date",
206 //"Expect",
207 "Host",
208 "Keep-Alive",
209 "Origin",
210 // "Referer",
211 // "TE",
212 "Trailer",
213 "Transfer-Encoding",
214 "Upgrade",
215 //"User-Agent",
216 "Via"
217 };
218
219 private static String getNetProperty(String name) {
220 PrivilegedAction<String> pa = () -> NetProperties.get(name);
221 return AccessController.doPrivileged(pa);
222 }
223
224 private static Set<String> schemesListToSet(String list) {
225 if (list == null || list.isEmpty())
226 return Collections.emptySet();
227
228 Set<String> s = new HashSet<>();
229 String[] parts = list.split("\\s*,\\s*");
230 for (String part : parts)
231 s.add(part.toLowerCase(Locale.ROOT));
232 return s;
233 }
234
235 static {
236 Properties props = GetPropertyAction.privilegedGetProperties();
237 maxRedirects = GetIntegerAction.privilegedGetProperty(
238 "http.maxRedirects", defaultmaxRedirects);
239 version = props.getProperty("java.version");
240 String agent = props.getProperty("http.agent");
241 if (agent == null) {
242 agent = "Java/"+version;
243 } else {
244 agent = agent + " Java/"+version;
245 }
246 userAgent = agent;
247
248 // A set of net properties to control the use of authentication schemes
249 // when proxing/tunneling.
250 String p = getNetProperty("jdk.http.auth.tunneling.disabledSchemes");
251 disabledTunnelingSchemes = schemesListToSet(p);
252 p = getNetProperty("jdk.http.auth.proxying.disabledSchemes");
253 disabledProxyingSchemes = schemesListToSet(p);
254
255 validateProxy = Boolean.parseBoolean(
256 props.getProperty("http.auth.digest.validateProxy"));
257 validateServer = Boolean.parseBoolean(
258 props.getProperty("http.auth.digest.validateServer"));
259
260 enableESBuffer = Boolean.parseBoolean(
261 props.getProperty("sun.net.http.errorstream.enableBuffering"));
262 timeout4ESBuffer = GetIntegerAction.privilegedGetProperty(
263 "sun.net.http.errorstream.timeout", 300);
264 if (timeout4ESBuffer <= 0) {
265 timeout4ESBuffer = 300; // use the default
266 }
267
268 bufSize4ES = GetIntegerAction.privilegedGetProperty(
269 "sun.net.http.errorstream.bufferSize", 4096);
270 if (bufSize4ES <= 0) {
271 bufSize4ES = 4096; // use the default
272 }
273
274 allowRestrictedHeaders = Boolean.parseBoolean(
275 props.getProperty("sun.net.http.allowRestrictedHeaders"));
276 if (!allowRestrictedHeaders) {
277 restrictedHeaderSet = new HashSet<>(restrictedHeaders.length);
278 for (int i=0; i < restrictedHeaders.length; i++) {
279 restrictedHeaderSet.add(restrictedHeaders[i].toLowerCase());
280 }
281 } else {
282 restrictedHeaderSet = null;
283 }
284 }
285
286 static final String httpVersion = "HTTP/1.1";
287 static final String acceptString =
288 "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2";
289
290 // the following http request headers should NOT have their values
291 // returned for security reasons.
292 private static final String[] EXCLUDE_HEADERS = {
293 "Proxy-Authorization",
294 "Authorization"
295 };
296
297 // also exclude system cookies when any might be set
298 private static final String[] EXCLUDE_HEADERS2= {
299 "Proxy-Authorization",
300 "Authorization",
301 "Cookie",
302 "Cookie2"
303 };
304
305 protected HttpClient http;
306 protected Handler handler;
307 protected Proxy instProxy;
308 protected volatile Authenticator authenticator;
309 protected volatile String authenticatorKey;
310
311 private CookieHandler cookieHandler;
312 private final ResponseCache cacheHandler;
313
314 // the cached response, and cached response headers and body
315 protected CacheResponse cachedResponse;
316 private MessageHeader cachedHeaders;
317 private InputStream cachedInputStream;
318
319 /* output stream to server */
320 protected PrintStream ps = null;
321
322
323 /* buffered error stream */
324 private InputStream errorStream = null;
325
326 /* User set Cookies */
327 private boolean setUserCookies = true;
328 private String userCookies = null;
329 private String userCookies2 = null;
330
331 /* We only have a single static authenticator for now.
332 * REMIND: backwards compatibility with JDK 1.1. Should be
333 * eliminated for JDK 2.0.
334 */
335 @Deprecated
336 private static HttpAuthenticator defaultAuth;
337
338 /* all the headers we send
339 * NOTE: do *NOT* dump out the content of 'requests' in the
340 * output or stacktrace since it may contain security-sensitive
341 * headers such as those defined in EXCLUDE_HEADERS.
342 */
343 private MessageHeader requests;
344
345 /* The headers actually set by the user are recorded here also
346 */
347 private MessageHeader userHeaders;
348
349 /* Headers and request method cannot be changed
350 * once this flag is set in :-
351 * - getOutputStream()
352 * - getInputStream())
353 * - connect()
354 * Access synchronized on this.
355 */
356 private boolean connecting = false;
357
358 /* The following two fields are only used with Digest Authentication */
359 String domain; /* The list of authentication domains */
360 DigestAuthentication.Parameters digestparams;
361
362 /* Current credentials in use */
363 AuthenticationInfo currentProxyCredentials = null;
364 AuthenticationInfo currentServerCredentials = null;
365 boolean needToCheck = true;
366 private boolean doingNTLM2ndStage = false; /* doing the 2nd stage of an NTLM server authentication */
367 private boolean doingNTLMp2ndStage = false; /* doing the 2nd stage of an NTLM proxy authentication */
368
369 /* try auth without calling Authenticator. Used for transparent NTLM authentication */
370 private boolean tryTransparentNTLMServer = true;
371 private boolean tryTransparentNTLMProxy = true;
372 private boolean useProxyResponseCode = false;
373
374 /* Used by Windows specific code */
375 private Object authObj;
376
377 /* Set if the user is manually setting the Authorization or Proxy-Authorization headers */
378 boolean isUserServerAuth;
379 boolean isUserProxyAuth;
380
381 String serverAuthKey, proxyAuthKey;
382
383 /* Progress source */
384 protected ProgressSource pi;
385
386 /* all the response headers we get back */
387 private MessageHeader responses;
388 /* the stream _from_ the server */
389 private InputStream inputStream = null;
390 /* post stream _to_ the server, if any */
391 private PosterOutputStream poster = null;
392
393 /* Indicates if the std. request headers have been set in requests. */
394 private boolean setRequests=false;
395
396 /* Indicates whether a request has already failed or not */
397 private boolean failedOnce=false;
398
399 /* Remembered Exception, we will throw it again if somebody
400 calls getInputStream after disconnect */
401 private Exception rememberedException = null;
402
403 /* If we decide we want to reuse a client, we put it here */
404 private HttpClient reuseClient = null;
405
406 /* Tunnel states */
407 public enum TunnelState {
408 /* No tunnel */
409 NONE,
410
411 /* Setting up a tunnel */
412 SETUP,
413
414 /* Tunnel has been successfully setup */
415 TUNNELING
416 }
417
418 private TunnelState tunnelState = TunnelState.NONE;
419
420 /* Redefine timeouts from java.net.URLConnection as we need -1 to mean
421 * not set. This is to ensure backward compatibility.
422 */
423 private int connectTimeout = NetworkClient.DEFAULT_CONNECT_TIMEOUT;
424 private int readTimeout = NetworkClient.DEFAULT_READ_TIMEOUT;
425
426 /* A permission converted from a URLPermission */
427 private SocketPermission socketPermission;
428
429 /* Logging support */
430 private static final PlatformLogger logger =
431 PlatformLogger.getLogger("sun.net.www.protocol.http.HttpURLConnection");
432
433 /*
434 * privileged request password authentication
435 *
436 */
437 private static PasswordAuthentication
438 privilegedRequestPasswordAuthentication(
439 final Authenticator authenticator,
440 final String host,
441 final InetAddress addr,
442 final int port,
443 final String protocol,
444 final String prompt,
445 final String scheme,
446 final URL url,
447 final RequestorType authType) {
448 return java.security.AccessController.doPrivileged(
449 new java.security.PrivilegedAction<>() {
450 public PasswordAuthentication run() {
451 if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
452 logger.finest("Requesting Authentication: host =" + host + " url = " + url);
453 }
454 PasswordAuthentication pass = Authenticator.requestPasswordAuthentication(
455 authenticator, host, addr, port, protocol,
456 prompt, scheme, url, authType);
457 if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
458 logger.finest("Authentication returned: " + (pass != null ? pass.toString() : "null"));
459 }
460 return pass;
461 }
462 });
463 }
464
465 private boolean isRestrictedHeader(String key, String value) {
466 if (allowRestrictedHeaders) {
467 return false;
468 }
469
470 key = key.toLowerCase();
471 if (restrictedHeaderSet.contains(key)) {
472 /*
473 * Exceptions to restricted headers:
474 *
475 * Allow "Connection: close".
476 */
477 if (key.equals("connection") && value.equalsIgnoreCase("close")) {
478 return false;
479 }
480 return true;
481 } else if (key.startsWith("sec-")) {
482 return true;
483 }
484 return false;
485 }
486
487 /*
488 * Checks the validity of http message header and whether the header
489 * is restricted and throws IllegalArgumentException if invalid or
490 * restricted.
491 */
492 private boolean isExternalMessageHeaderAllowed(String key, String value) {
493 checkMessageHeader(key, value);
494 if (!isRestrictedHeader(key, value)) {
495 return true;
496 }
497 return false;
498 }
499
500 /* Logging support */
501 public static PlatformLogger getHttpLogger() {
502 return logger;
503 }
504
505 /* Used for Windows NTLM implementation */
506 public Object authObj() {
507 return authObj;
508 }
509
510 public void authObj(Object authObj) {
511 this.authObj = authObj;
512 }
513
514 @Override
515 public synchronized void setAuthenticator(Authenticator auth) {
516 if (connecting || connected) {
517 throw new IllegalStateException(
518 "Authenticator must be set before connecting");
519 }
520 authenticator = Objects.requireNonNull(auth);
521 authenticatorKey = AuthenticatorKeys.getKey(authenticator);
522 }
523
524 public String getAuthenticatorKey() {
525 String k = authenticatorKey;
526 if (k == null) return AuthenticatorKeys.getKey(authenticator);
527 return k;
528 }
529
530 /*
531 * checks the validity of http message header and throws
532 * IllegalArgumentException if invalid.
533 */
534 private void checkMessageHeader(String key, String value) {
535 char LF = '\n';
536 int index = key.indexOf(LF);
537 int index1 = key.indexOf(':');
538 if (index != -1 || index1 != -1) {
539 throw new IllegalArgumentException(
540 "Illegal character(s) in message header field: " + key);
541 }
542 else {
543 if (value == null) {
544 return;
545 }
546
547 index = value.indexOf(LF);
548 while (index != -1) {
549 index++;
550 if (index < value.length()) {
551 char c = value.charAt(index);
552 if ((c==' ') || (c=='\t')) {
553 // ok, check the next occurrence
554 index = value.indexOf(LF, index);
555 continue;
556 }
557 }
558 throw new IllegalArgumentException(
559 "Illegal character(s) in message header value: " + value);
560 }
561 }
562 }
563
564 public synchronized void setRequestMethod(String method)
565 throws ProtocolException {
566 if (connecting) {
567 throw new IllegalStateException("connect in progress");
568 }
569 super.setRequestMethod(method);
570 }
571
572 /* adds the standard key/val pairs to reqests if necessary & write to
573 * given PrintStream
574 */
575 private void writeRequests() throws IOException {
576 /* print all message headers in the MessageHeader
577 * onto the wire - all the ones we've set and any
578 * others that have been set
579 */
580 // send any pre-emptive authentication
581 if (http.usingProxy && tunnelState() != TunnelState.TUNNELING) {
582 setPreemptiveProxyAuthentication(requests);
583 }
584 if (!setRequests) {
585
586 /* We're very particular about the order in which we
587 * set the request headers here. The order should not
588 * matter, but some careless CGI programs have been
589 * written to expect a very particular order of the
590 * standard headers. To name names, the order in which
591 * Navigator3.0 sends them. In particular, we make *sure*
592 * to send Content-type: <> and Content-length:<> second
593 * to last and last, respectively, in the case of a POST
594 * request.
595 */
596 if (!failedOnce) {
597 checkURLFile();
598 requests.prepend(method + " " + getRequestURI()+" " +
599 httpVersion, null);
600 }
601 if (!getUseCaches()) {
602 requests.setIfNotSet ("Cache-Control", "no-cache");
603 requests.setIfNotSet ("Pragma", "no-cache");
604 }
605 requests.setIfNotSet("User-Agent", userAgent);
606 int port = url.getPort();
607 String host = stripIPv6ZoneId(url.getHost());
608 if (port != -1 && port != url.getDefaultPort()) {
609 host += ":" + String.valueOf(port);
610 }
611 String reqHost = requests.findValue("Host");
612 if (reqHost == null ||
613 (!reqHost.equalsIgnoreCase(host) && !checkSetHost()))
614 {
615 requests.set("Host", host);
616 }
617 requests.setIfNotSet("Accept", acceptString);
618
619 /*
620 * For HTTP/1.1 the default behavior is to keep connections alive.
621 * However, we may be talking to a 1.0 server so we should set
622 * keep-alive just in case, except if we have encountered an error
623 * or if keep alive is disabled via a system property
624 */
625
626 // Try keep-alive only on first attempt
627 if (!failedOnce && http.getHttpKeepAliveSet()) {
628 if (http.usingProxy && tunnelState() != TunnelState.TUNNELING) {
629 requests.setIfNotSet("Proxy-Connection", "keep-alive");
630 } else {
631 requests.setIfNotSet("Connection", "keep-alive");
632 }
633 } else {
634 /*
635 * RFC 2616 HTTP/1.1 section 14.10 says:
636 * HTTP/1.1 applications that do not support persistent
637 * connections MUST include the "close" connection option
638 * in every message
639 */
640 requests.setIfNotSet("Connection", "close");
641 }
642 // Set modified since if necessary
643 long modTime = getIfModifiedSince();
644 if (modTime != 0 ) {
645 Date date = new Date(modTime);
646 //use the preferred date format according to RFC 2068(HTTP1.1),
647 // RFC 822 and RFC 1123
648 SimpleDateFormat fo =
649 new SimpleDateFormat ("EEE, dd MMM yyyy HH:mm:ss 'GMT'", Locale.US);
650 fo.setTimeZone(TimeZone.getTimeZone("GMT"));
651 requests.setIfNotSet("If-Modified-Since", fo.format(date));
652 }
653 // check for preemptive authorization
654 AuthenticationInfo sauth = AuthenticationInfo.getServerAuth(url,
655 getAuthenticatorKey());
656 if (sauth != null && sauth.supportsPreemptiveAuthorization() ) {
657 // Sets "Authorization"
658 requests.setIfNotSet(sauth.getHeaderName(), sauth.getHeaderValue(url,method));
659 currentServerCredentials = sauth;
660 }
661
662 if (!method.equals("PUT") && (poster != null || streaming())) {
663 requests.setIfNotSet ("Content-type",
664 "application/x-www-form-urlencoded");
665 }
666
667 boolean chunked = false;
668
669 if (streaming()) {
670 if (chunkLength != -1) {
671 requests.set ("Transfer-Encoding", "chunked");
672 chunked = true;
673 } else { /* fixed content length */
674 if (fixedContentLengthLong != -1) {
675 requests.set ("Content-Length",
676 String.valueOf(fixedContentLengthLong));
677 } else if (fixedContentLength != -1) {
678 requests.set ("Content-Length",
679 String.valueOf(fixedContentLength));
680 }
681 }
682 } else if (poster != null) {
683 /* add Content-Length & POST/PUT data */
684 synchronized (poster) {
685 /* close it, so no more data can be added */
686 poster.close();
687 requests.set("Content-Length",
688 String.valueOf(poster.size()));
689 }
690 }
691
692 if (!chunked) {
693 if (requests.findValue("Transfer-Encoding") != null) {
694 requests.remove("Transfer-Encoding");
695 if (logger.isLoggable(PlatformLogger.Level.WARNING)) {
696 logger.warning(
697 "use streaming mode for chunked encoding");
698 }
699 }
700 }
701
702 // get applicable cookies based on the uri and request headers
703 // add them to the existing request headers
704 setCookieHeader();
705
706 setRequests=true;
707 }
708 if (logger.isLoggable(PlatformLogger.Level.FINE)) {
709 logger.fine(requests.toString());
710 }
711 http.writeRequests(requests, poster, streaming());
712 if (ps.checkError()) {
713 String proxyHost = http.getProxyHostUsed();
714 int proxyPort = http.getProxyPortUsed();
715 disconnectInternal();
716 if (failedOnce) {
717 throw new IOException("Error writing to server");
718 } else { // try once more
719 failedOnce=true;
720 if (proxyHost != null) {
721 setProxiedClient(url, proxyHost, proxyPort);
722 } else {
723 setNewClient (url);
724 }
725 ps = (PrintStream) http.getOutputStream();
726 connected=true;
727 responses = new MessageHeader();
728 setRequests=false;
729 writeRequests();
730 }
731 }
732 }
733
734 private boolean checkSetHost() {
735 SecurityManager s = System.getSecurityManager();
736 if (s != null) {
737 String name = s.getClass().getName();
738 if (name.equals("sun.plugin2.applet.AWTAppletSecurityManager") ||
739 name.equals("sun.plugin2.applet.FXAppletSecurityManager") ||
740 name.equals("com.sun.javaws.security.JavaWebStartSecurity") ||
741 name.equals("sun.plugin.security.ActivatorSecurityManager"))
742 {
743 int CHECK_SET_HOST = -2;
744 try {
745 s.checkConnect(url.toExternalForm(), CHECK_SET_HOST);
746 } catch (SecurityException ex) {
747 return false;
748 }
749 }
750 }
751 return true;
752 }
753
754 private void checkURLFile() {
755 SecurityManager s = System.getSecurityManager();
756 if (s != null) {
757 String name = s.getClass().getName();
758 if (name.equals("sun.plugin2.applet.AWTAppletSecurityManager") ||
759 name.equals("sun.plugin2.applet.FXAppletSecurityManager") ||
760 name.equals("com.sun.javaws.security.JavaWebStartSecurity") ||
761 name.equals("sun.plugin.security.ActivatorSecurityManager"))
762 {
763 int CHECK_SUBPATH = -3;
764 try {
765 s.checkConnect(url.toExternalForm(), CHECK_SUBPATH);
766 } catch (SecurityException ex) {
767 throw new SecurityException("denied access outside a permitted URL subpath", ex);
768 }
769 }
770 }
771 }
772
773 /**
774 * Create a new HttpClient object, bypassing the cache of
775 * HTTP client objects/connections.
776 *
777 * @param url the URL being accessed
778 */
779 protected void setNewClient (URL url)
780 throws IOException {
781 setNewClient(url, false);
782 }
783
784 /**
785 * Obtain a HttpsClient object. Use the cached copy if specified.
786 *
787 * @param url the URL being accessed
788 * @param useCache whether the cached connection should be used
789 * if present
790 */
791 protected void setNewClient (URL url, boolean useCache)
792 throws IOException {
793 http = HttpClient.New(url, null, -1, useCache, connectTimeout, this);
794 http.setReadTimeout(readTimeout);
795 }
796
797
798 /**
799 * Create a new HttpClient object, set up so that it uses
800 * per-instance proxying to the given HTTP proxy. This
801 * bypasses the cache of HTTP client objects/connections.
802 *
803 * @param url the URL being accessed
804 * @param proxyHost the proxy host to use
805 * @param proxyPort the proxy port to use
806 */
807 protected void setProxiedClient (URL url, String proxyHost, int proxyPort)
808 throws IOException {
809 setProxiedClient(url, proxyHost, proxyPort, false);
810 }
811
812 /**
813 * Obtain a HttpClient object, set up so that it uses per-instance
814 * proxying to the given HTTP proxy. Use the cached copy of HTTP
815 * client objects/connections if specified.
816 *
817 * @param url the URL being accessed
818 * @param proxyHost the proxy host to use
819 * @param proxyPort the proxy port to use
820 * @param useCache whether the cached connection should be used
821 * if present
822 */
823 protected void setProxiedClient (URL url,
824 String proxyHost, int proxyPort,
825 boolean useCache)
826 throws IOException {
827 proxiedConnect(url, proxyHost, proxyPort, useCache);
828 }
829
830 protected void proxiedConnect(URL url,
831 String proxyHost, int proxyPort,
832 boolean useCache)
833 throws IOException {
834 http = HttpClient.New (url, proxyHost, proxyPort, useCache,
835 connectTimeout, this);
836 http.setReadTimeout(readTimeout);
837 }
838
839 protected HttpURLConnection(URL u, Handler handler)
840 throws IOException {
841 // we set proxy == null to distinguish this case with the case
842 // when per connection proxy is set
843 this(u, null, handler);
844 }
845
846 private static String checkHost(String h) throws IOException {
847 if (h != null) {
848 if (h.indexOf('\n') > -1) {
849 throw new MalformedURLException("Illegal character in host");
850 }
851 }
852 return h;
853 }
854 public HttpURLConnection(URL u, String host, int port) throws IOException {
855 this(u, new Proxy(Proxy.Type.HTTP,
856 InetSocketAddress.createUnresolved(checkHost(host), port)));
857 }
858
859 /** this constructor is used by other protocol handlers such as ftp
860 that want to use http to fetch urls on their behalf.*/
861 public HttpURLConnection(URL u, Proxy p) throws IOException {
862 this(u, p, new Handler());
863 }
864
865 private static URL checkURL(URL u) throws IOException {
866 if (u != null) {
867 if (u.toExternalForm().indexOf('\n') > -1) {
868 throw new MalformedURLException("Illegal character in URL");
869 }
870 }
871 return u;
872 }
873 protected HttpURLConnection(URL u, Proxy p, Handler handler)
874 throws IOException {
875 super(checkURL(u));
876 requests = new MessageHeader();
877 responses = new MessageHeader();
878 userHeaders = new MessageHeader();
879 this.handler = handler;
880 instProxy = p;
881 if (instProxy instanceof sun.net.ApplicationProxy) {
882 /* Application set Proxies should not have access to cookies
883 * in a secure environment unless explicitly allowed. */
884 try {
885 cookieHandler = CookieHandler.getDefault();
886 } catch (SecurityException se) { /* swallow exception */ }
887 } else {
888 cookieHandler = java.security.AccessController.doPrivileged(
889 new java.security.PrivilegedAction<>() {
890 public CookieHandler run() {
891 return CookieHandler.getDefault();
892 }
893 });
894 }
895 cacheHandler = java.security.AccessController.doPrivileged(
896 new java.security.PrivilegedAction<>() {
897 public ResponseCache run() {
898 return ResponseCache.getDefault();
899 }
900 });
901 }
902
903 /**
904 * @deprecated. Use java.net.Authenticator.setDefault() instead.
905 */
906 @Deprecated
907 public static void setDefaultAuthenticator(HttpAuthenticator a) {
908 defaultAuth = a;
909 }
910
911 /**
912 * opens a stream allowing redirects only to the same host.
913 */
914 public static InputStream openConnectionCheckRedirects(URLConnection c)
915 throws IOException
916 {
917 boolean redir;
918 int redirects = 0;
919 InputStream in;
920 Authenticator a = null;
921
922 do {
923 if (c instanceof HttpURLConnection) {
924 ((HttpURLConnection) c).setInstanceFollowRedirects(false);
925 if (a == null) {
926 a = ((HttpURLConnection) c).authenticator;
927 }
928 }
929
930 // We want to open the input stream before
931 // getting headers, because getHeaderField()
932 // et al swallow IOExceptions.
933 in = c.getInputStream();
934 redir = false;
935
936 if (c instanceof HttpURLConnection) {
937 HttpURLConnection http = (HttpURLConnection) c;
938 int stat = http.getResponseCode();
939 if (stat >= 300 && stat <= 307 && stat != 306 &&
940 stat != HttpURLConnection.HTTP_NOT_MODIFIED) {
941 URL base = http.getURL();
942 String loc = http.getHeaderField("Location");
943 URL target = null;
944 if (loc != null) {
945 target = new URL(base, loc);
946 }
947 http.disconnect();
948 if (target == null
949 || !base.getProtocol().equals(target.getProtocol())
950 || base.getPort() != target.getPort()
951 || !hostsEqual(base, target)
952 || redirects >= 5)
953 {
954 throw new SecurityException("illegal URL redirect");
955 }
956 redir = true;
957 c = target.openConnection();
958 if (a != null && c instanceof HttpURLConnection) {
959 ((HttpURLConnection)c).setAuthenticator(a);
960 }
961 redirects++;
962 }
963 }
964 } while (redir);
965 return in;
966 }
967
968
969 //
970 // Same as java.net.URL.hostsEqual
971 //
972 private static boolean hostsEqual(URL u1, URL u2) {
973 final String h1 = u1.getHost();
974 final String h2 = u2.getHost();
975
976 if (h1 == null) {
977 return h2 == null;
978 } else if (h2 == null) {
979 return false;
980 } else if (h1.equalsIgnoreCase(h2)) {
981 return true;
982 }
983 // Have to resolve addresses before comparing, otherwise
984 // names like tachyon and tachyon.eng would compare different
985 final boolean result[] = {false};
986
987 java.security.AccessController.doPrivileged(
988 new java.security.PrivilegedAction<>() {
989 public Void run() {
990 try {
991 InetAddress a1 = InetAddress.getByName(h1);
992 InetAddress a2 = InetAddress.getByName(h2);
993 result[0] = a1.equals(a2);
994 } catch(UnknownHostException | SecurityException e) {
995 }
996 return null;
997 }
998 });
999
1000 return result[0];
1001 }
1002
1003 // overridden in HTTPS subclass
1004
1005 public void connect() throws IOException {
1006 synchronized (this) {
1007 connecting = true;
1008 }
1009 plainConnect();
1010 }
1011
1012 private boolean checkReuseConnection () {
1013 if (connected) {
1014 return true;
1015 }
1016 if (reuseClient != null) {
1017 http = reuseClient;
1018 http.setReadTimeout(getReadTimeout());
1019 http.reuse = false;
1020 reuseClient = null;
1021 connected = true;
1022 return true;
1023 }
1024 return false;
1025 }
1026
1027 private String getHostAndPort(URL url) {
1028 String host = url.getHost();
1029 final String hostarg = host;
1030 try {
1031 // lookup hostname and use IP address if available
1032 host = AccessController.doPrivileged(
1033 new PrivilegedExceptionAction<>() {
1034 public String run() throws IOException {
1035 InetAddress addr = InetAddress.getByName(hostarg);
1036 return addr.getHostAddress();
1037 }
1038 }
1039 );
1040 } catch (PrivilegedActionException e) {}
1041 int port = url.getPort();
1042 if (port == -1) {
1043 String scheme = url.getProtocol();
1044 if ("http".equals(scheme)) {
1045 return host + ":80";
1046 } else { // scheme must be https
1047 return host + ":443";
1048 }
1049 }
1050 return host + ":" + Integer.toString(port);
1051 }
1052
1053 protected void plainConnect() throws IOException {
1054 synchronized (this) {
1055 if (connected) {
1056 return;
1057 }
1058 }
1059 SocketPermission p = URLtoSocketPermission(this.url);
1060 if (p != null) {
1061 try {
1062 AccessController.doPrivilegedWithCombiner(
1063 new PrivilegedExceptionAction<>() {
1064 public Void run() throws IOException {
1065 plainConnect0();
1066 return null;
1067 }
1068 }, null, p
1069 );
1070 } catch (PrivilegedActionException e) {
1071 throw (IOException) e.getException();
1072 }
1073 } else {
1074 // run without additional permission
1075 plainConnect0();
1076 }
1077 }
1078
1079 /**
1080 * if the caller has a URLPermission for connecting to the
1081 * given URL, then return a SocketPermission which permits
1082 * access to that destination. Return null otherwise. The permission
1083 * is cached in a field (which can only be changed by redirects)
1084 */
1085 SocketPermission URLtoSocketPermission(URL url) throws IOException {
1086
1087 if (socketPermission != null) {
1088 return socketPermission;
1089 }
1090
1091 SecurityManager sm = System.getSecurityManager();
1092
1093 if (sm == null) {
1094 return null;
1095 }
1096
1097 // the permission, which we might grant
1098
1099 SocketPermission newPerm = new SocketPermission(
1100 getHostAndPort(url), "connect"
1101 );
1102
1103 String actions = getRequestMethod()+":" +
1104 getUserSetHeaders().getHeaderNamesInList();
1105
1106 String urlstring = url.getProtocol() + "://" + url.getAuthority()
1107 + url.getPath();
1108
1109 URLPermission p = new URLPermission(urlstring, actions);
1110 try {
1111 sm.checkPermission(p);
1112 socketPermission = newPerm;
1113 return socketPermission;
1114 } catch (SecurityException e) {
1115 // fall thru
1116 }
1117 return null;
1118 }
1119
1120 protected void plainConnect0() throws IOException {
1121 // try to see if request can be served from local cache
1122 if (cacheHandler != null && getUseCaches()) {
1123 try {
1124 URI uri = ParseUtil.toURI(url);
1125 if (uri != null) {
1126 cachedResponse = cacheHandler.get(uri, getRequestMethod(), getUserSetHeaders().getHeaders());
1127 if ("https".equalsIgnoreCase(uri.getScheme())
1128 && !(cachedResponse instanceof SecureCacheResponse)) {
1129 cachedResponse = null;
1130 }
1131 if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
1132 logger.finest("Cache Request for " + uri + " / " + getRequestMethod());
1133 logger.finest("From cache: " + (cachedResponse != null ? cachedResponse.toString() : "null"));
1134 }
1135 if (cachedResponse != null) {
1136 cachedHeaders = mapToMessageHeader(cachedResponse.getHeaders());
1137 cachedInputStream = cachedResponse.getBody();
1138 }
1139 }
1140 } catch (IOException ioex) {
1141 // ignore and commence normal connection
1142 }
1143 if (cachedHeaders != null && cachedInputStream != null) {
1144 connected = true;
1145 return;
1146 } else {
1147 cachedResponse = null;
1148 }
1149 }
1150 try {
1151 /* Try to open connections using the following scheme,
1152 * return on the first one that's successful:
1153 * 1) if (instProxy != null)
1154 * connect to instProxy; raise exception if failed
1155 * 2) else use system default ProxySelector
1156 * 3) else make a direct connection if ProxySelector is not present
1157 */
1158
1159 if (instProxy == null) { // no instance Proxy is set
1160 /**
1161 * Do we have to use a proxy?
1162 */
1163 ProxySelector sel =
1164 java.security.AccessController.doPrivileged(
1165 new java.security.PrivilegedAction<>() {
1166 public ProxySelector run() {
1167 return ProxySelector.getDefault();
1168 }
1169 });
1170 if (sel != null) {
1171 URI uri = sun.net.www.ParseUtil.toURI(url);
1172 if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
1173 logger.finest("ProxySelector Request for " + uri);
1174 }
1175 Iterator<Proxy> it = sel.select(uri).iterator();
1176 Proxy p;
1177 while (it.hasNext()) {
1178 p = it.next();
1179 try {
1180 if (!failedOnce) {
1181 http = getNewHttpClient(url, p, connectTimeout);
1182 http.setReadTimeout(readTimeout);
1183 } else {
1184 // make sure to construct new connection if first
1185 // attempt failed
1186 http = getNewHttpClient(url, p, connectTimeout, false);
1187 http.setReadTimeout(readTimeout);
1188 }
1189 if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
1190 if (p != null) {
1191 logger.finest("Proxy used: " + p.toString());
1192 }
1193 }
1194 break;
1195 } catch (IOException ioex) {
1196 if (p != Proxy.NO_PROXY) {
1197 sel.connectFailed(uri, p.address(), ioex);
1198 if (!it.hasNext()) {
1199 throw ioex;
1200 }
1201 } else {
1202 throw ioex;
1203 }
1204 continue;
1205 }
1206 }
1207 } else {
1208 // No proxy selector, create http client with no proxy
1209 if (!failedOnce) {
1210 http = getNewHttpClient(url, null, connectTimeout);
1211 http.setReadTimeout(readTimeout);
1212 } else {
1213 // make sure to construct new connection if first
1214 // attempt failed
1215 http = getNewHttpClient(url, null, connectTimeout, false);
1216 http.setReadTimeout(readTimeout);
1217 }
1218 }
1219 } else {
1220 if (!failedOnce) {
1221 http = getNewHttpClient(url, instProxy, connectTimeout);
1222 http.setReadTimeout(readTimeout);
1223 } else {
1224 // make sure to construct new connection if first
1225 // attempt failed
1226 http = getNewHttpClient(url, instProxy, connectTimeout, false);
1227 http.setReadTimeout(readTimeout);
1228 }
1229 }
1230
1231 ps = (PrintStream)http.getOutputStream();
1232 } catch (IOException e) {
1233 throw e;
1234 }
1235 // constructor to HTTP client calls openserver
1236 connected = true;
1237 }
1238
1239 // subclass HttpsClient will overwrite & return an instance of HttpsClient
1240 protected HttpClient getNewHttpClient(URL url, Proxy p, int connectTimeout)
1241 throws IOException {
1242 return HttpClient.New(url, p, connectTimeout, this);
1243 }
1244
1245 // subclass HttpsClient will overwrite & return an instance of HttpsClient
1246 protected HttpClient getNewHttpClient(URL url, Proxy p,
1247 int connectTimeout, boolean useCache)
1248 throws IOException {
1249 return HttpClient.New(url, p, connectTimeout, useCache, this);
1250 }
1251
1252 private void expect100Continue() throws IOException {
1253 // Expect: 100-Continue was set, so check the return code for
1254 // Acceptance
1255 int oldTimeout = http.getReadTimeout();
1256 boolean enforceTimeOut = false;
1257 boolean timedOut = false;
1258 if (oldTimeout <= 0) {
1259 // 5s read timeout in case the server doesn't understand
1260 // Expect: 100-Continue
1261 http.setReadTimeout(5000);
1262 enforceTimeOut = true;
1263 }
1264
1265 try {
1266 http.parseHTTP(responses, pi, this);
1267 } catch (SocketTimeoutException se) {
1268 if (!enforceTimeOut) {
1269 throw se;
1270 }
1271 timedOut = true;
1272 http.setIgnoreContinue(true);
1273 }
1274 if (!timedOut) {
1275 // Can't use getResponseCode() yet
1276 String resp = responses.getValue(0);
1277 // Parse the response which is of the form:
1278 // HTTP/1.1 417 Expectation Failed
1279 // HTTP/1.1 100 Continue
1280 if (resp != null && resp.startsWith("HTTP/")) {
1281 String[] sa = resp.split("\\s+");
1282 responseCode = -1;
1283 try {
1284 // Response code is 2nd token on the line
1285 if (sa.length > 1)
1286 responseCode = Integer.parseInt(sa[1]);
1287 } catch (NumberFormatException numberFormatException) {
1288 }
1289 }
1290 if (responseCode != 100) {
1291 throw new ProtocolException("Server rejected operation");
1292 }
1293 }
1294
1295 http.setReadTimeout(oldTimeout);
1296
1297 responseCode = -1;
1298 responses.reset();
1299 // Proceed
1300 }
1301
1302 /*
1303 * Allowable input/output sequences:
1304 * [interpreted as request entity]
1305 * - get output, [write output,] get input, [read input]
1306 * - get output, [write output]
1307 * [interpreted as GET]
1308 * - get input, [read input]
1309 * Disallowed:
1310 * - get input, [read input,] get output, [write output]
1311 */
1312
1313 @Override
1314 public synchronized OutputStream getOutputStream() throws IOException {
1315 connecting = true;
1316 SocketPermission p = URLtoSocketPermission(this.url);
1317
1318 if (p != null) {
1319 try {
1320 return AccessController.doPrivilegedWithCombiner(
1321 new PrivilegedExceptionAction<>() {
1322 public OutputStream run() throws IOException {
1323 return getOutputStream0();
1324 }
1325 }, null, p
1326 );
1327 } catch (PrivilegedActionException e) {
1328 throw (IOException) e.getException();
1329 }
1330 } else {
1331 return getOutputStream0();
1332 }
1333 }
1334
1335 private synchronized OutputStream getOutputStream0() throws IOException {
1336 try {
1337 if (!doOutput) {
1338 throw new ProtocolException("cannot write to a URLConnection"
1339 + " if doOutput=false - call setDoOutput(true)");
1340 }
1341
1342 if (method.equals("GET")) {
1343 method = "POST"; // Backward compatibility
1344 }
1345 if ("TRACE".equals(method) && "http".equals(url.getProtocol())) {
1346 throw new ProtocolException("HTTP method TRACE" +
1347 " doesn't support output");
1348 }
1349
1350 // if there's already an input stream open, throw an exception
1351 if (inputStream != null) {
1352 throw new ProtocolException("Cannot write output after reading input.");
1353 }
1354
1355 if (!checkReuseConnection())
1356 connect();
1357
1358 boolean expectContinue = false;
1359 String expects = requests.findValue("Expect");
1360 if ("100-Continue".equalsIgnoreCase(expects) && streaming()) {
1361 http.setIgnoreContinue(false);
1362 expectContinue = true;
1363 }
1364
1365 if (streaming() && strOutputStream == null) {
1366 writeRequests();
1367 }
1368
1369 if (expectContinue) {
1370 expect100Continue();
1371 }
1372 ps = (PrintStream)http.getOutputStream();
1373 if (streaming()) {
1374 if (strOutputStream == null) {
1375 if (chunkLength != -1) { /* chunked */
1376 strOutputStream = new StreamingOutputStream(
1377 new ChunkedOutputStream(ps, chunkLength), -1L);
1378 } else { /* must be fixed content length */
1379 long length = 0L;
1380 if (fixedContentLengthLong != -1) {
1381 length = fixedContentLengthLong;
1382 } else if (fixedContentLength != -1) {
1383 length = fixedContentLength;
1384 }
1385 strOutputStream = new StreamingOutputStream(ps, length);
1386 }
1387 }
1388 return strOutputStream;
1389 } else {
1390 if (poster == null) {
1391 poster = new PosterOutputStream();
1392 }
1393 return poster;
1394 }
1395 } catch (RuntimeException e) {
1396 disconnectInternal();
1397 throw e;
1398 } catch (ProtocolException e) {
1399 // Save the response code which may have been set while enforcing
1400 // the 100-continue. disconnectInternal() forces it to -1
1401 int i = responseCode;
1402 disconnectInternal();
1403 responseCode = i;
1404 throw e;
1405 } catch (IOException e) {
1406 disconnectInternal();
1407 throw e;
1408 }
1409 }
1410
1411 public boolean streaming () {
1412 return (fixedContentLength != -1) || (fixedContentLengthLong != -1) ||
1413 (chunkLength != -1);
1414 }
1415
1416 /*
1417 * get applicable cookies based on the uri and request headers
1418 * add them to the existing request headers
1419 */
1420 private void setCookieHeader() throws IOException {
1421 if (cookieHandler != null) {
1422 // we only want to capture the user defined Cookies once, as
1423 // they cannot be changed by user code after we are connected,
1424 // only internally.
1425 synchronized (this) {
1426 if (setUserCookies) {
1427 int k = requests.getKey("Cookie");
1428 if (k != -1)
1429 userCookies = requests.getValue(k);
1430 k = requests.getKey("Cookie2");
1431 if (k != -1)
1432 userCookies2 = requests.getValue(k);
1433 setUserCookies = false;
1434 }
1435 }
1436
1437 // remove old Cookie header before setting new one.
1438 requests.remove("Cookie");
1439 requests.remove("Cookie2");
1440
1441 URI uri = ParseUtil.toURI(url);
1442 if (uri != null) {
1443 if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
1444 logger.finest("CookieHandler request for " + uri);
1445 }
1446 Map<String, List<String>> cookies
1447 = cookieHandler.get(
1448 uri, requests.getHeaders(EXCLUDE_HEADERS));
1449 if (!cookies.isEmpty()) {
1450 if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
1451 logger.finest("Cookies retrieved: " + cookies.toString());
1452 }
1453 for (Map.Entry<String, List<String>> entry :
1454 cookies.entrySet()) {
1455 String key = entry.getKey();
1456 // ignore all entries that don't have "Cookie"
1457 // or "Cookie2" as keys
1458 if (!"Cookie".equalsIgnoreCase(key) &&
1459 !"Cookie2".equalsIgnoreCase(key)) {
1460 continue;
1461 }
1462 List<String> l = entry.getValue();
1463 if (l != null && !l.isEmpty()) {
1464 StringJoiner cookieValue = new StringJoiner("; ");
1465 for (String value : l) {
1466 cookieValue.add(value);
1467 }
1468 requests.add(key, cookieValue.toString());
1469 }
1470 }
1471 }
1472 }
1473 if (userCookies != null) {
1474 int k;
1475 if ((k = requests.getKey("Cookie")) != -1)
1476 requests.set("Cookie", requests.getValue(k) + ";" + userCookies);
1477 else
1478 requests.set("Cookie", userCookies);
1479 }
1480 if (userCookies2 != null) {
1481 int k;
1482 if ((k = requests.getKey("Cookie2")) != -1)
1483 requests.set("Cookie2", requests.getValue(k) + ";" + userCookies2);
1484 else
1485 requests.set("Cookie2", userCookies2);
1486 }
1487
1488 } // end of getting cookies
1489 }
1490
1491 @Override
1492 public synchronized InputStream getInputStream() throws IOException {
1493 connecting = true;
1494 SocketPermission p = URLtoSocketPermission(this.url);
1495
1496 if (p != null) {
1497 try {
1498 return AccessController.doPrivilegedWithCombiner(
1499 new PrivilegedExceptionAction<>() {
1500 public InputStream run() throws IOException {
1501 return getInputStream0();
1502 }
1503 }, null, p
1504 );
1505 } catch (PrivilegedActionException e) {
1506 throw (IOException) e.getException();
1507 }
1508 } else {
1509 return getInputStream0();
1510 }
1511 }
1512
1513 @SuppressWarnings("empty-statement")
1514 private synchronized InputStream getInputStream0() throws IOException {
1515
1516 if (!doInput) {
1517 throw new ProtocolException("Cannot read from URLConnection"
1518 + " if doInput=false (call setDoInput(true))");
1519 }
1520
1521 if (rememberedException != null) {
1522 if (rememberedException instanceof RuntimeException)
1523 throw new RuntimeException(rememberedException);
1524 else {
1525 throw getChainedException((IOException)rememberedException);
1526 }
1527 }
1528
1529 if (inputStream != null) {
1530 return inputStream;
1531 }
1532
1533 if (streaming() ) {
1534 if (strOutputStream == null) {
1535 getOutputStream();
1536 }
1537 /* make sure stream is closed */
1538 strOutputStream.close ();
1539 if (!strOutputStream.writtenOK()) {
1540 throw new IOException ("Incomplete output stream");
1541 }
1542 }
1543
1544 int redirects = 0;
1545 int respCode = 0;
1546 long cl = -1;
1547 AuthenticationInfo serverAuthentication = null;
1548 AuthenticationInfo proxyAuthentication = null;
1549 AuthenticationHeader srvHdr = null;
1550
1551 /**
1552 * Failed Negotiate
1553 *
1554 * In some cases, the Negotiate auth is supported for the
1555 * remote host but the negotiate process still fails (For
1556 * example, if the web page is located on a backend server
1557 * and delegation is needed but fails). The authentication
1558 * process will start again, and we need to detect this
1559 * kind of failure and do proper fallback (say, to NTLM).
1560 *
1561 * In order to achieve this, the inNegotiate flag is set
1562 * when the first negotiate challenge is met (and reset
1563 * if authentication is finished). If a fresh new negotiate
1564 * challenge (no parameter) is found while inNegotiate is
1565 * set, we know there's a failed auth attempt recently.
1566 * Here we'll ignore the header line so that fallback
1567 * can be practiced.
1568 *
1569 * inNegotiateProxy is for proxy authentication.
1570 */
1571 boolean inNegotiate = false;
1572 boolean inNegotiateProxy = false;
1573
1574 // If the user has set either of these headers then do not remove them
1575 isUserServerAuth = requests.getKey("Authorization") != -1;
1576 isUserProxyAuth = requests.getKey("Proxy-Authorization") != -1;
1577
1578 try {
1579 do {
1580 if (!checkReuseConnection())
1581 connect();
1582
1583 if (cachedInputStream != null) {
1584 return cachedInputStream;
1585 }
1586
1587 // Check if URL should be metered
1588 boolean meteredInput = ProgressMonitor.getDefault().shouldMeterInput(url, method);
1589
1590 if (meteredInput) {
1591 pi = new ProgressSource(url, method);
1592 pi.beginTracking();
1593 }
1594
1595 /* REMIND: This exists to fix the HttpsURLConnection subclass.
1596 * Hotjava needs to run on JDK1.1FCS. Do proper fix once a
1597 * proper solution for SSL can be found.
1598 */
1599 ps = (PrintStream)http.getOutputStream();
1600
1601 if (!streaming()) {
1602 writeRequests();
1603 }
1604 http.parseHTTP(responses, pi, this);
1605 if (logger.isLoggable(PlatformLogger.Level.FINE)) {
1606 logger.fine(responses.toString());
1607 }
1608
1609 boolean b1 = responses.filterNTLMResponses("WWW-Authenticate");
1610 boolean b2 = responses.filterNTLMResponses("Proxy-Authenticate");
1611 if (b1 || b2) {
1612 if (logger.isLoggable(PlatformLogger.Level.FINE)) {
1613 logger.fine(">>>> Headers are filtered");
1614 logger.fine(responses.toString());
1615 }
1616 }
1617
1618 inputStream = http.getInputStream();
1619
1620 respCode = getResponseCode();
1621 if (respCode == -1) {
1622 disconnectInternal();
1623 throw new IOException ("Invalid Http response");
1624 }
1625 if (respCode == HTTP_PROXY_AUTH) {
1626 if (streaming()) {
1627 disconnectInternal();
1628 throw new HttpRetryException (
1629 RETRY_MSG1, HTTP_PROXY_AUTH);
1630 }
1631
1632 // Read comments labeled "Failed Negotiate" for details.
1633 boolean dontUseNegotiate = false;
1634 Iterator<String> iter = responses.multiValueIterator("Proxy-Authenticate");
1635 while (iter.hasNext()) {
1636 String value = iter.next().trim();
1637 if (value.equalsIgnoreCase("Negotiate") ||
1638 value.equalsIgnoreCase("Kerberos")) {
1639 if (!inNegotiateProxy) {
1640 inNegotiateProxy = true;
1641 } else {
1642 dontUseNegotiate = true;
1643 doingNTLMp2ndStage = false;
1644 proxyAuthentication = null;
1645 }
1646 break;
1647 }
1648 }
1649
1650 // changes: add a 3rd parameter to the constructor of
1651 // AuthenticationHeader, so that NegotiateAuthentication.
1652 // isSupported can be tested.
1653 // The other 2 appearances of "new AuthenticationHeader" is
1654 // altered in similar ways.
1655
1656 AuthenticationHeader authhdr = new AuthenticationHeader (
1657 "Proxy-Authenticate",
1658 responses,
1659 new HttpCallerInfo(url,
1660 http.getProxyHostUsed(),
1661 http.getProxyPortUsed(),
1662 authenticator),
1663 dontUseNegotiate,
1664 disabledProxyingSchemes
1665 );
1666
1667 if (!doingNTLMp2ndStage) {
1668 proxyAuthentication =
1669 resetProxyAuthentication(proxyAuthentication, authhdr);
1670 if (proxyAuthentication != null) {
1671 redirects++;
1672 disconnectInternal();
1673 continue;
1674 }
1675 } else {
1676 /* in this case, only one header field will be present */
1677 String raw = responses.findValue ("Proxy-Authenticate");
1678 reset ();
1679 if (!proxyAuthentication.setHeaders(this,
1680 authhdr.headerParser(), raw)) {
1681 disconnectInternal();
1682 throw new IOException ("Authentication failure");
1683 }
1684 if (serverAuthentication != null && srvHdr != null &&
1685 !serverAuthentication.setHeaders(this,
1686 srvHdr.headerParser(), raw)) {
1687 disconnectInternal ();
1688 throw new IOException ("Authentication failure");
1689 }
1690 authObj = null;
1691 doingNTLMp2ndStage = false;
1692 continue;
1693 }
1694 } else {
1695 inNegotiateProxy = false;
1696 doingNTLMp2ndStage = false;
1697 if (!isUserProxyAuth)
1698 requests.remove("Proxy-Authorization");
1699 }
1700
1701 // cache proxy authentication info
1702 if (proxyAuthentication != null) {
1703 // cache auth info on success, domain header not relevant.
1704 proxyAuthentication.addToCache();
1705 }
1706
1707 if (respCode == HTTP_UNAUTHORIZED) {
1708 if (streaming()) {
1709 disconnectInternal();
1710 throw new HttpRetryException (
1711 RETRY_MSG2, HTTP_UNAUTHORIZED);
1712 }
1713
1714 // Read comments labeled "Failed Negotiate" for details.
1715 boolean dontUseNegotiate = false;
1716 Iterator<String> iter = responses.multiValueIterator("WWW-Authenticate");
1717 while (iter.hasNext()) {
1718 String value = iter.next().trim();
1719 if (value.equalsIgnoreCase("Negotiate") ||
1720 value.equalsIgnoreCase("Kerberos")) {
1721 if (!inNegotiate) {
1722 inNegotiate = true;
1723 } else {
1724 dontUseNegotiate = true;
1725 doingNTLM2ndStage = false;
1726 serverAuthentication = null;
1727 }
1728 break;
1729 }
1730 }
1731
1732 srvHdr = new AuthenticationHeader (
1733 "WWW-Authenticate", responses,
1734 new HttpCallerInfo(url, authenticator),
1735 dontUseNegotiate
1736 );
1737
1738 String raw = srvHdr.raw();
1739 if (!doingNTLM2ndStage) {
1740 if ((serverAuthentication != null)&&
1741 serverAuthentication.getAuthScheme() != NTLM) {
1742 if (serverAuthentication.isAuthorizationStale (raw)) {
1743 /* we can retry with the current credentials */
1744 disconnectWeb();
1745 redirects++;
1746 requests.set(serverAuthentication.getHeaderName(),
1747 serverAuthentication.getHeaderValue(url, method));
1748 currentServerCredentials = serverAuthentication;
1749 setCookieHeader();
1750 continue;
1751 } else {
1752 serverAuthentication.removeFromCache();
1753 }
1754 }
1755 serverAuthentication = getServerAuthentication(srvHdr);
1756 currentServerCredentials = serverAuthentication;
1757
1758 if (serverAuthentication != null) {
1759 disconnectWeb();
1760 redirects++; // don't let things loop ad nauseum
1761 setCookieHeader();
1762 continue;
1763 }
1764 } else {
1765 reset ();
1766 /* header not used for ntlm */
1767 if (!serverAuthentication.setHeaders(this, null, raw)) {
1768 disconnectWeb();
1769 throw new IOException ("Authentication failure");
1770 }
1771 doingNTLM2ndStage = false;
1772 authObj = null;
1773 setCookieHeader();
1774 continue;
1775 }
1776 }
1777 // cache server authentication info
1778 if (serverAuthentication != null) {
1779 // cache auth info on success
1780 if (!(serverAuthentication instanceof DigestAuthentication) ||
1781 (domain == null)) {
1782 if (serverAuthentication instanceof BasicAuthentication) {
1783 // check if the path is shorter than the existing entry
1784 String npath = AuthenticationInfo.reducePath (url.getPath());
1785 String opath = serverAuthentication.path;
1786 if (!opath.startsWith (npath) || npath.length() >= opath.length()) {
1787 /* npath is longer, there must be a common root */
1788 npath = BasicAuthentication.getRootPath (opath, npath);
1789 }
1790 // remove the entry and create a new one
1791 BasicAuthentication a =
1792 (BasicAuthentication) serverAuthentication.clone();
1793 serverAuthentication.removeFromCache();
1794 a.path = npath;
1795 serverAuthentication = a;
1796 }
1797 serverAuthentication.addToCache();
1798 } else {
1799 // what we cache is based on the domain list in the request
1800 DigestAuthentication srv = (DigestAuthentication)
1801 serverAuthentication;
1802 StringTokenizer tok = new StringTokenizer (domain," ");
1803 String realm = srv.realm;
1804 PasswordAuthentication pw = srv.pw;
1805 digestparams = srv.params;
1806 while (tok.hasMoreTokens()) {
1807 String path = tok.nextToken();
1808 try {
1809 /* path could be an abs_path or a complete URI */
1810 URL u = new URL (url, path);
1811 DigestAuthentication d = new DigestAuthentication (
1812 false, u, realm, "Digest", pw,
1813 digestparams, srv.authenticatorKey);
1814 d.addToCache ();
1815 } catch (Exception e) {}
1816 }
1817 }
1818 }
1819
1820 // some flags should be reset to its initialized form so that
1821 // even after a redirect the necessary checks can still be
1822 // preformed.
1823 inNegotiate = false;
1824 inNegotiateProxy = false;
1825
1826 //serverAuthentication = null;
1827 doingNTLMp2ndStage = false;
1828 doingNTLM2ndStage = false;
1829 if (!isUserServerAuth)
1830 requests.remove("Authorization");
1831 if (!isUserProxyAuth)
1832 requests.remove("Proxy-Authorization");
1833
1834 if (respCode == HTTP_OK) {
1835 checkResponseCredentials (false);
1836 } else {
1837 needToCheck = false;
1838 }
1839
1840 // a flag need to clean
1841 needToCheck = true;
1842
1843 if (followRedirect()) {
1844 /* if we should follow a redirect, then the followRedirects()
1845 * method will disconnect() and re-connect us to the new
1846 * location
1847 */
1848 redirects++;
1849
1850 // redirecting HTTP response may have set cookie, so
1851 // need to re-generate request header
1852 setCookieHeader();
1853
1854 continue;
1855 }
1856
1857 try {
1858 cl = Long.parseLong(responses.findValue("content-length"));
1859 } catch (Exception exc) { };
1860
1861 if (method.equals("HEAD") || cl == 0 ||
1862 respCode == HTTP_NOT_MODIFIED ||
1863 respCode == HTTP_NO_CONTENT) {
1864
1865 if (pi != null) {
1866 pi.finishTracking();
1867 pi = null;
1868 }
1869 http.finished();
1870 http = null;
1871 inputStream = new EmptyInputStream();
1872 connected = false;
1873 }
1874
1875 if (respCode == 200 || respCode == 203 || respCode == 206 ||
1876 respCode == 300 || respCode == 301 || respCode == 410) {
1877 if (cacheHandler != null && getUseCaches()) {
1878 // give cache a chance to save response in cache
1879 URI uri = ParseUtil.toURI(url);
1880 if (uri != null) {
1881 URLConnection uconn = this;
1882 if ("https".equalsIgnoreCase(uri.getScheme())) {
1883 try {
1884 // use reflection to get to the public
1885 // HttpsURLConnection instance saved in
1886 // DelegateHttpsURLConnection
1887 uconn = (URLConnection)this.getClass().getField("httpsURLConnection").get(this);
1888 } catch (IllegalAccessException |
1889 NoSuchFieldException e) {
1890 // ignored; use 'this'
1891 }
1892 }
1893 CacheRequest cacheRequest =
1894 cacheHandler.put(uri, uconn);
1895 if (cacheRequest != null && http != null) {
1896 http.setCacheRequest(cacheRequest);
1897 inputStream = new HttpInputStream(inputStream, cacheRequest);
1898 }
1899 }
1900 }
1901 }
1902
1903 if (!(inputStream instanceof HttpInputStream)) {
1904 inputStream = new HttpInputStream(inputStream);
1905 }
1906
1907 if (respCode >= 400) {
1908 if (respCode == 404 || respCode == 410) {
1909 throw new FileNotFoundException(url.toString());
1910 } else {
1911 throw new java.io.IOException("Server returned HTTP" +
1912 " response code: " + respCode + " for URL: " +
1913 url.toString());
1914 }
1915 }
1916 poster = null;
1917 strOutputStream = null;
1918 return inputStream;
1919 } while (redirects < maxRedirects);
1920
1921 throw new ProtocolException("Server redirected too many " +
1922 " times ("+ redirects + ")");
1923 } catch (RuntimeException e) {
1924 disconnectInternal();
1925 rememberedException = e;
1926 throw e;
1927 } catch (IOException e) {
1928 rememberedException = e;
1929
1930 // buffer the error stream if bytes < 4k
1931 // and it can be buffered within 1 second
1932 String te = responses.findValue("Transfer-Encoding");
1933 if (http != null && http.isKeepingAlive() && enableESBuffer &&
1934 (cl > 0 || (te != null && te.equalsIgnoreCase("chunked")))) {
1935 errorStream = ErrorStream.getErrorStream(inputStream, cl, http);
1936 }
1937 throw e;
1938 } finally {
1939 if (proxyAuthKey != null) {
1940 AuthenticationInfo.endAuthRequest(proxyAuthKey);
1941 }
1942 if (serverAuthKey != null) {
1943 AuthenticationInfo.endAuthRequest(serverAuthKey);
1944 }
1945 }
1946 }
1947
1948 /*
1949 * Creates a chained exception that has the same type as
1950 * original exception and with the same message. Right now,
1951 * there is no convenient APIs for doing so.
1952 */
1953 private IOException getChainedException(final IOException rememberedException) {
1954 try {
1955 final Object[] args = { rememberedException.getMessage() };
1956 IOException chainedException =
1957 java.security.AccessController.doPrivileged(
1958 new java.security.PrivilegedExceptionAction<>() {
1959 public IOException run() throws Exception {
1960 return (IOException)
1961 rememberedException.getClass()
1962 .getConstructor(new Class<?>[] { String.class })
1963 .newInstance(args);
1964 }
1965 });
1966 chainedException.initCause(rememberedException);
1967 return chainedException;
1968 } catch (Exception ignored) {
1969 return rememberedException;
1970 }
1971 }
1972
1973 @Override
1974 public InputStream getErrorStream() {
1975 if (connected && responseCode >= 400) {
1976 // Client Error 4xx and Server Error 5xx
1977 if (errorStream != null) {
1978 return errorStream;
1979 } else if (inputStream != null) {
1980 return inputStream;
1981 }
1982 }
1983 return null;
1984 }
1985
1986 /**
1987 * set or reset proxy authentication info in request headers
1988 * after receiving a 407 error. In the case of NTLM however,
1989 * receiving a 407 is normal and we just skip the stale check
1990 * because ntlm does not support this feature.
1991 */
1992 private AuthenticationInfo
1993 resetProxyAuthentication(AuthenticationInfo proxyAuthentication, AuthenticationHeader auth) throws IOException {
1994 if ((proxyAuthentication != null )&&
1995 proxyAuthentication.getAuthScheme() != NTLM) {
1996 String raw = auth.raw();
1997 if (proxyAuthentication.isAuthorizationStale (raw)) {
1998 /* we can retry with the current credentials */
1999 String value;
2000 if (proxyAuthentication instanceof DigestAuthentication) {
2001 DigestAuthentication digestProxy = (DigestAuthentication)
2002 proxyAuthentication;
2003 if (tunnelState() == TunnelState.SETUP) {
2004 value = digestProxy.getHeaderValue(connectRequestURI(url), HTTP_CONNECT);
2005 } else {
2006 value = digestProxy.getHeaderValue(getRequestURI(), method);
2007 }
2008 } else {
2009 value = proxyAuthentication.getHeaderValue(url, method);
2010 }
2011 requests.set(proxyAuthentication.getHeaderName(), value);
2012 currentProxyCredentials = proxyAuthentication;
2013 return proxyAuthentication;
2014 } else {
2015 proxyAuthentication.removeFromCache();
2016 }
2017 }
2018 proxyAuthentication = getHttpProxyAuthentication(auth);
2019 currentProxyCredentials = proxyAuthentication;
2020 return proxyAuthentication;
2021 }
2022
2023 /**
2024 * Returns the tunnel state.
2025 *
2026 * @return the state
2027 */
2028 TunnelState tunnelState() {
2029 return tunnelState;
2030 }
2031
2032 /**
2033 * Set the tunneling status.
2034 *
2035 * @param tunnelState the state
2036 */
2037 public void setTunnelState(TunnelState tunnelState) {
2038 this.tunnelState = tunnelState;
2039 }
2040
2041 /**
2042 * establish a tunnel through proxy server
2043 */
2044 public synchronized void doTunneling() throws IOException {
2045 int retryTunnel = 0;
2046 String statusLine = "";
2047 int respCode = 0;
2048 AuthenticationInfo proxyAuthentication = null;
2049 String proxyHost = null;
2050 int proxyPort = -1;
2051
2052 // save current requests so that they can be restored after tunnel is setup.
2053 MessageHeader savedRequests = requests;
2054 requests = new MessageHeader();
2055
2056 // Read comments labeled "Failed Negotiate" for details.
2057 boolean inNegotiateProxy = false;
2058
2059 try {
2060 /* Actively setting up a tunnel */
2061 setTunnelState(TunnelState.SETUP);
2062
2063 do {
2064 if (!checkReuseConnection()) {
2065 proxiedConnect(url, proxyHost, proxyPort, false);
2066 }
2067 // send the "CONNECT" request to establish a tunnel
2068 // through proxy server
2069 sendCONNECTRequest();
2070 responses.reset();
2071
2072 // There is no need to track progress in HTTP Tunneling,
2073 // so ProgressSource is null.
2074 http.parseHTTP(responses, null, this);
2075
2076 /* Log the response to the CONNECT */
2077 if (logger.isLoggable(PlatformLogger.Level.FINE)) {
2078 logger.fine(responses.toString());
2079 }
2080
2081 if (responses.filterNTLMResponses("Proxy-Authenticate")) {
2082 if (logger.isLoggable(PlatformLogger.Level.FINE)) {
2083 logger.fine(">>>> Headers are filtered");
2084 logger.fine(responses.toString());
2085 }
2086 }
2087
2088 statusLine = responses.getValue(0);
2089 StringTokenizer st = new StringTokenizer(statusLine);
2090 st.nextToken();
2091 respCode = Integer.parseInt(st.nextToken().trim());
2092 if (respCode == HTTP_PROXY_AUTH) {
2093 // Read comments labeled "Failed Negotiate" for details.
2094 boolean dontUseNegotiate = false;
2095 Iterator<String> iter = responses.multiValueIterator("Proxy-Authenticate");
2096 while (iter.hasNext()) {
2097 String value = iter.next().trim();
2098 if (value.equalsIgnoreCase("Negotiate") ||
2099 value.equalsIgnoreCase("Kerberos")) {
2100 if (!inNegotiateProxy) {
2101 inNegotiateProxy = true;
2102 } else {
2103 dontUseNegotiate = true;
2104 doingNTLMp2ndStage = false;
2105 proxyAuthentication = null;
2106 }
2107 break;
2108 }
2109 }
2110
2111 AuthenticationHeader authhdr = new AuthenticationHeader(
2112 "Proxy-Authenticate",
2113 responses,
2114 new HttpCallerInfo(url,
2115 http.getProxyHostUsed(),
2116 http.getProxyPortUsed(),
2117 authenticator),
2118 dontUseNegotiate,
2119 disabledTunnelingSchemes
2120 );
2121 if (!doingNTLMp2ndStage) {
2122 proxyAuthentication =
2123 resetProxyAuthentication(proxyAuthentication, authhdr);
2124 if (proxyAuthentication != null) {
2125 proxyHost = http.getProxyHostUsed();
2126 proxyPort = http.getProxyPortUsed();
2127 disconnectInternal();
2128 retryTunnel++;
2129 continue;
2130 }
2131 } else {
2132 String raw = responses.findValue ("Proxy-Authenticate");
2133 reset ();
2134 if (!proxyAuthentication.setHeaders(this,
2135 authhdr.headerParser(), raw)) {
2136 disconnectInternal();
2137 throw new IOException ("Authentication failure");
2138 }
2139 authObj = null;
2140 doingNTLMp2ndStage = false;
2141 continue;
2142 }
2143 }
2144 // cache proxy authentication info
2145 if (proxyAuthentication != null) {
2146 // cache auth info on success, domain header not relevant.
2147 proxyAuthentication.addToCache();
2148 }
2149
2150 if (respCode == HTTP_OK) {
2151 setTunnelState(TunnelState.TUNNELING);
2152 break;
2153 }
2154 // we don't know how to deal with other response code
2155 // so disconnect and report error
2156 disconnectInternal();
2157 setTunnelState(TunnelState.NONE);
2158 break;
2159 } while (retryTunnel < maxRedirects);
2160
2161 if (retryTunnel >= maxRedirects || (respCode != HTTP_OK)) {
2162 throw new IOException("Unable to tunnel through proxy."+
2163 " Proxy returns \"" +
2164 statusLine + "\"");
2165 }
2166 } finally {
2167 if (proxyAuthKey != null) {
2168 AuthenticationInfo.endAuthRequest(proxyAuthKey);
2169 }
2170 }
2171
2172 // restore original request headers
2173 requests = savedRequests;
2174
2175 // reset responses
2176 responses.reset();
2177 }
2178
2179 static String connectRequestURI(URL url) {
2180 String host = url.getHost();
2181 int port = url.getPort();
2182 port = port != -1 ? port : url.getDefaultPort();
2183
2184 return host + ":" + port;
2185 }
2186
2187 /**
2188 * send a CONNECT request for establishing a tunnel to proxy server
2189 */
2190 private void sendCONNECTRequest() throws IOException {
2191 int port = url.getPort();
2192
2193 requests.set(0, HTTP_CONNECT + " " + connectRequestURI(url)
2194 + " " + httpVersion, null);
2195 requests.setIfNotSet("User-Agent", userAgent);
2196
2197 String host = url.getHost();
2198 if (port != -1 && port != url.getDefaultPort()) {
2199 host += ":" + String.valueOf(port);
2200 }
2201 requests.setIfNotSet("Host", host);
2202
2203 // Not really necessary for a tunnel, but can't hurt
2204 requests.setIfNotSet("Accept", acceptString);
2205
2206 if (http.getHttpKeepAliveSet()) {
2207 requests.setIfNotSet("Proxy-Connection", "keep-alive");
2208 }
2209
2210 setPreemptiveProxyAuthentication(requests);
2211
2212 /* Log the CONNECT request */
2213 if (logger.isLoggable(PlatformLogger.Level.FINE)) {
2214 logger.fine(requests.toString());
2215 }
2216
2217 http.writeRequests(requests, null);
2218 }
2219
2220 /**
2221 * Sets pre-emptive proxy authentication in header
2222 */
2223 private void setPreemptiveProxyAuthentication(MessageHeader requests) throws IOException {
2224 AuthenticationInfo pauth
2225 = AuthenticationInfo.getProxyAuth(http.getProxyHostUsed(),
2226 http.getProxyPortUsed(),
2227 getAuthenticatorKey());
2228 if (pauth != null && pauth.supportsPreemptiveAuthorization()) {
2229 String value;
2230 if (pauth instanceof DigestAuthentication) {
2231 DigestAuthentication digestProxy = (DigestAuthentication) pauth;
2232 if (tunnelState() == TunnelState.SETUP) {
2233 value = digestProxy
2234 .getHeaderValue(connectRequestURI(url), HTTP_CONNECT);
2235 } else {
2236 value = digestProxy.getHeaderValue(getRequestURI(), method);
2237 }
2238 } else {
2239 value = pauth.getHeaderValue(url, method);
2240 }
2241
2242 // Sets "Proxy-authorization"
2243 requests.set(pauth.getHeaderName(), value);
2244 currentProxyCredentials = pauth;
2245 }
2246 }
2247
2248 /**
2249 * Gets the authentication for an HTTP proxy, and applies it to
2250 * the connection.
2251 */
2252 @SuppressWarnings("fallthrough")
2253 private AuthenticationInfo getHttpProxyAuthentication (AuthenticationHeader authhdr) {
2254 /* get authorization from authenticator */
2255 AuthenticationInfo ret = null;
2256 String raw = authhdr.raw();
2257 String host = http.getProxyHostUsed();
2258 int port = http.getProxyPortUsed();
2259 if (host != null && authhdr.isPresent()) {
2260 HeaderParser p = authhdr.headerParser();
2261 String realm = p.findValue("realm");
2262 String scheme = authhdr.scheme();
2263 AuthScheme authScheme = UNKNOWN;
2264 if ("basic".equalsIgnoreCase(scheme)) {
2265 authScheme = BASIC;
2266 } else if ("digest".equalsIgnoreCase(scheme)) {
2267 authScheme = DIGEST;
2268 } else if ("ntlm".equalsIgnoreCase(scheme)) {
2269 authScheme = NTLM;
2270 doingNTLMp2ndStage = true;
2271 } else if ("Kerberos".equalsIgnoreCase(scheme)) {
2272 authScheme = KERBEROS;
2273 doingNTLMp2ndStage = true;
2274 } else if ("Negotiate".equalsIgnoreCase(scheme)) {
2275 authScheme = NEGOTIATE;
2276 doingNTLMp2ndStage = true;
2277 }
2278
2279 if (realm == null)
2280 realm = "";
2281 proxyAuthKey = AuthenticationInfo.getProxyAuthKey(host, port, realm,
2282 authScheme, getAuthenticatorKey());
2283 ret = AuthenticationInfo.getProxyAuth(proxyAuthKey);
2284 if (ret == null) {
2285 switch (authScheme) {
2286 case BASIC:
2287 InetAddress addr = null;
2288 try {
2289 final String finalHost = host;
2290 addr = java.security.AccessController.doPrivileged(
2291 new java.security.PrivilegedExceptionAction<>() {
2292 public InetAddress run()
2293 throws java.net.UnknownHostException {
2294 return InetAddress.getByName(finalHost);
2295 }
2296 });
2297 } catch (java.security.PrivilegedActionException ignored) {
2298 // User will have an unknown host.
2299 }
2300 PasswordAuthentication a =
2301 privilegedRequestPasswordAuthentication(
2302 authenticator,
2303 host, addr, port, "http",
2304 realm, scheme, url, RequestorType.PROXY);
2305 if (a != null) {
2306 ret = new BasicAuthentication(true, host, port, realm, a,
2307 getAuthenticatorKey());
2308 }
2309 break;
2310 case DIGEST:
2311 a = privilegedRequestPasswordAuthentication(
2312 authenticator,
2313 host, null, port, url.getProtocol(),
2314 realm, scheme, url, RequestorType.PROXY);
2315 if (a != null) {
2316 DigestAuthentication.Parameters params =
2317 new DigestAuthentication.Parameters();
2318 ret = new DigestAuthentication(true, host, port, realm,
2319 scheme, a, params,
2320 getAuthenticatorKey());
2321 }
2322 break;
2323 case NTLM:
2324 if (NTLMAuthenticationProxy.supported) {
2325 /* tryTransparentNTLMProxy will always be true the first
2326 * time around, but verify that the platform supports it
2327 * otherwise don't try. */
2328 if (tryTransparentNTLMProxy) {
2329 tryTransparentNTLMProxy =
2330 NTLMAuthenticationProxy.supportsTransparentAuth;
2331 /* If the platform supports transparent authentication
2332 * then normally it's ok to do transparent auth to a proxy
2333 * because we generally trust proxies (chosen by the user)
2334 * But not in the case of 305 response where the server
2335 * chose it. */
2336 if (tryTransparentNTLMProxy && useProxyResponseCode) {
2337 tryTransparentNTLMProxy = false;
2338 }
2339
2340 }
2341 a = null;
2342 if (tryTransparentNTLMProxy) {
2343 logger.finest("Trying Transparent NTLM authentication");
2344 } else {
2345 a = privilegedRequestPasswordAuthentication(
2346 authenticator,
2347 host, null, port, url.getProtocol(),
2348 "", scheme, url, RequestorType.PROXY);
2349 }
2350 /* If we are not trying transparent authentication then
2351 * we need to have a PasswordAuthentication instance. For
2352 * transparent authentication (Windows only) the username
2353 * and password will be picked up from the current logged
2354 * on users credentials.
2355 */
2356 if (tryTransparentNTLMProxy ||
2357 (!tryTransparentNTLMProxy && a != null)) {
2358 ret = NTLMAuthenticationProxy.proxy.create(true, host,
2359 port, a, getAuthenticatorKey());
2360 }
2361
2362 /* set to false so that we do not try again */
2363 tryTransparentNTLMProxy = false;
2364 }
2365 break;
2366 case NEGOTIATE:
2367 ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Negotiate"));
2368 break;
2369 case KERBEROS:
2370 ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Kerberos"));
2371 break;
2372 case UNKNOWN:
2373 if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
2374 logger.finest("Unknown/Unsupported authentication scheme: " + scheme);
2375 }
2376 /*fall through*/
2377 default:
2378 throw new AssertionError("should not reach here");
2379 }
2380 }
2381 // For backwards compatibility, we also try defaultAuth
2382 // REMIND: Get rid of this for JDK2.0.
2383
2384 if (ret == null && defaultAuth != null
2385 && defaultAuth.schemeSupported(scheme)) {
2386 try {
2387 URL u = new URL("http", host, port, "/");
2388 String a = defaultAuth.authString(u, scheme, realm);
2389 if (a != null) {
2390 ret = new BasicAuthentication (true, host, port, realm, a,
2391 getAuthenticatorKey());
2392 // not in cache by default - cache on success
2393 }
2394 } catch (java.net.MalformedURLException ignored) {
2395 }
2396 }
2397 if (ret != null) {
2398 if (!ret.setHeaders(this, p, raw)) {
2399 ret = null;
2400 }
2401 }
2402 }
2403 if (logger.isLoggable(PlatformLogger.Level.FINER)) {
2404 logger.finer("Proxy Authentication for " + authhdr.toString() +" returned " + (ret != null ? ret.toString() : "null"));
2405 }
2406 return ret;
2407 }
2408
2409 /**
2410 * Gets the authentication for an HTTP server, and applies it to
2411 * the connection.
2412 * @param authHdr the AuthenticationHeader which tells what auth scheme is
2413 * preferred.
2414 */
2415 @SuppressWarnings("fallthrough")
2416 private AuthenticationInfo getServerAuthentication (AuthenticationHeader authhdr) {
2417 /* get authorization from authenticator */
2418 AuthenticationInfo ret = null;
2419 String raw = authhdr.raw();
2420 /* When we get an NTLM auth from cache, don't set any special headers */
2421 if (authhdr.isPresent()) {
2422 HeaderParser p = authhdr.headerParser();
2423 String realm = p.findValue("realm");
2424 String scheme = authhdr.scheme();
2425 AuthScheme authScheme = UNKNOWN;
2426 if ("basic".equalsIgnoreCase(scheme)) {
2427 authScheme = BASIC;
2428 } else if ("digest".equalsIgnoreCase(scheme)) {
2429 authScheme = DIGEST;
2430 } else if ("ntlm".equalsIgnoreCase(scheme)) {
2431 authScheme = NTLM;
2432 doingNTLM2ndStage = true;
2433 } else if ("Kerberos".equalsIgnoreCase(scheme)) {
2434 authScheme = KERBEROS;
2435 doingNTLM2ndStage = true;
2436 } else if ("Negotiate".equalsIgnoreCase(scheme)) {
2437 authScheme = NEGOTIATE;
2438 doingNTLM2ndStage = true;
2439 }
2440
2441 domain = p.findValue ("domain");
2442 if (realm == null)
2443 realm = "";
2444 serverAuthKey = AuthenticationInfo.getServerAuthKey(url, realm, authScheme,
2445 getAuthenticatorKey());
2446 ret = AuthenticationInfo.getServerAuth(serverAuthKey);
2447 InetAddress addr = null;
2448 if (ret == null) {
2449 try {
2450 addr = InetAddress.getByName(url.getHost());
2451 } catch (java.net.UnknownHostException ignored) {
2452 // User will have addr = null
2453 }
2454 }
2455 // replacing -1 with default port for a protocol
2456 int port = url.getPort();
2457 if (port == -1) {
2458 port = url.getDefaultPort();
2459 }
2460 if (ret == null) {
2461 switch(authScheme) {
2462 case KERBEROS:
2463 ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Kerberos"));
2464 break;
2465 case NEGOTIATE:
2466 ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Negotiate"));
2467 break;
2468 case BASIC:
2469 PasswordAuthentication a =
2470 privilegedRequestPasswordAuthentication(
2471 authenticator,
2472 url.getHost(), addr, port, url.getProtocol(),
2473 realm, scheme, url, RequestorType.SERVER);
2474 if (a != null) {
2475 ret = new BasicAuthentication(false, url, realm, a,
2476 getAuthenticatorKey());
2477 }
2478 break;
2479 case DIGEST:
2480 a = privilegedRequestPasswordAuthentication(
2481 authenticator,
2482 url.getHost(), addr, port, url.getProtocol(),
2483 realm, scheme, url, RequestorType.SERVER);
2484 if (a != null) {
2485 digestparams = new DigestAuthentication.Parameters();
2486 ret = new DigestAuthentication(false, url, realm, scheme,
2487 a, digestparams,
2488 getAuthenticatorKey());
2489 }
2490 break;
2491 case NTLM:
2492 if (NTLMAuthenticationProxy.supported) {
2493 URL url1;
2494 try {
2495 url1 = new URL (url, "/"); /* truncate the path */
2496 } catch (Exception e) {
2497 url1 = url;
2498 }
2499
2500 /* tryTransparentNTLMServer will always be true the first
2501 * time around, but verify that the platform supports it
2502 * otherwise don't try. */
2503 if (tryTransparentNTLMServer) {
2504 tryTransparentNTLMServer =
2505 NTLMAuthenticationProxy.supportsTransparentAuth;
2506 /* If the platform supports transparent authentication
2507 * then check if we are in a secure environment
2508 * whether, or not, we should try transparent authentication.*/
2509 if (tryTransparentNTLMServer) {
2510 tryTransparentNTLMServer =
2511 NTLMAuthenticationProxy.isTrustedSite(url);
2512 }
2513 }
2514 a = null;
2515 if (tryTransparentNTLMServer) {
2516 logger.finest("Trying Transparent NTLM authentication");
2517 } else {
2518 a = privilegedRequestPasswordAuthentication(
2519 authenticator,
2520 url.getHost(), addr, port, url.getProtocol(),
2521 "", scheme, url, RequestorType.SERVER);
2522 }
2523
2524 /* If we are not trying transparent authentication then
2525 * we need to have a PasswordAuthentication instance. For
2526 * transparent authentication (Windows only) the username
2527 * and password will be picked up from the current logged
2528 * on users credentials.
2529 */
2530 if (tryTransparentNTLMServer ||
2531 (!tryTransparentNTLMServer && a != null)) {
2532 ret = NTLMAuthenticationProxy.proxy.create(false,
2533 url1, a, getAuthenticatorKey());
2534 }
2535
2536 /* set to false so that we do not try again */
2537 tryTransparentNTLMServer = false;
2538 }
2539 break;
2540 case UNKNOWN:
2541 if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
2542 logger.finest("Unknown/Unsupported authentication scheme: " + scheme);
2543 }
2544 /*fall through*/
2545 default:
2546 throw new AssertionError("should not reach here");
2547 }
2548 }
2549
2550 // For backwards compatibility, we also try defaultAuth
2551 // REMIND: Get rid of this for JDK2.0.
2552
2553 if (ret == null && defaultAuth != null
2554 && defaultAuth.schemeSupported(scheme)) {
2555 String a = defaultAuth.authString(url, scheme, realm);
2556 if (a != null) {
2557 ret = new BasicAuthentication (false, url, realm, a,
2558 getAuthenticatorKey());
2559 // not in cache by default - cache on success
2560 }
2561 }
2562
2563 if (ret != null ) {
2564 if (!ret.setHeaders(this, p, raw)) {
2565 ret = null;
2566 }
2567 }
2568 }
2569 if (logger.isLoggable(PlatformLogger.Level.FINER)) {
2570 logger.finer("Server Authentication for " + authhdr.toString() +" returned " + (ret != null ? ret.toString() : "null"));
2571 }
2572 return ret;
2573 }
2574
2575 /* inclose will be true if called from close(), in which case we
2576 * force the call to check because this is the last chance to do so.
2577 * If not in close(), then the authentication info could arrive in a trailer
2578 * field, which we have not read yet.
2579 */
2580 private void checkResponseCredentials (boolean inClose) throws IOException {
2581 try {
2582 if (!needToCheck)
2583 return;
2584 if ((validateProxy && currentProxyCredentials != null) &&
2585 (currentProxyCredentials instanceof DigestAuthentication)) {
2586 String raw = responses.findValue ("Proxy-Authentication-Info");
2587 if (inClose || (raw != null)) {
2588 DigestAuthentication da = (DigestAuthentication)
2589 currentProxyCredentials;
2590 da.checkResponse (raw, method, getRequestURI());
2591 currentProxyCredentials = null;
2592 }
2593 }
2594 if ((validateServer && currentServerCredentials != null) &&
2595 (currentServerCredentials instanceof DigestAuthentication)) {
2596 String raw = responses.findValue ("Authentication-Info");
2597 if (inClose || (raw != null)) {
2598 DigestAuthentication da = (DigestAuthentication)
2599 currentServerCredentials;
2600 da.checkResponse (raw, method, url);
2601 currentServerCredentials = null;
2602 }
2603 }
2604 if ((currentServerCredentials==null) && (currentProxyCredentials == null)) {
2605 needToCheck = false;
2606 }
2607 } catch (IOException e) {
2608 disconnectInternal();
2609 connected = false;
2610 throw e;
2611 }
2612 }
2613
2614 /* The request URI used in the request line for this request.
2615 * Also, needed for digest authentication
2616 */
2617
2618 String requestURI = null;
2619
2620 String getRequestURI() throws IOException {
2621 if (requestURI == null) {
2622 requestURI = http.getURLFile();
2623 }
2624 return requestURI;
2625 }
2626
2627 /* Tells us whether to follow a redirect. If so, it
2628 * closes the connection (break any keep-alive) and
2629 * resets the url, re-connects, and resets the request
2630 * property.
2631 */
2632 private boolean followRedirect() throws IOException {
2633 if (!getInstanceFollowRedirects()) {
2634 return false;
2635 }
2636
2637 final int stat = getResponseCode();
2638 if (stat < 300 || stat > 307 || stat == 306
2639 || stat == HTTP_NOT_MODIFIED) {
2640 return false;
2641 }
2642 final String loc = getHeaderField("Location");
2643 if (loc == null) {
2644 /* this should be present - if not, we have no choice
2645 * but to go forward w/ the response we got
2646 */
2647 return false;
2648 }
2649
2650 URL locUrl;
2651 try {
2652 locUrl = new URL(loc);
2653 if (!url.getProtocol().equalsIgnoreCase(locUrl.getProtocol())) {
2654 return false;
2655 }
2656
2657 } catch (MalformedURLException mue) {
2658 // treat loc as a relative URI to conform to popular browsers
2659 locUrl = new URL(url, loc);
2660 }
2661
2662 final URL locUrl0 = locUrl;
2663 socketPermission = null; // force recalculation
2664 SocketPermission p = URLtoSocketPermission(locUrl);
2665
2666 if (p != null) {
2667 try {
2668 return AccessController.doPrivilegedWithCombiner(
2669 new PrivilegedExceptionAction<>() {
2670 public Boolean run() throws IOException {
2671 return followRedirect0(loc, stat, locUrl0);
2672 }
2673 }, null, p
2674 );
2675 } catch (PrivilegedActionException e) {
2676 throw (IOException) e.getException();
2677 }
2678 } else {
2679 // run without additional permission
2680 return followRedirect0(loc, stat, locUrl);
2681 }
2682 }
2683
2684 /* Tells us whether to follow a redirect. If so, it
2685 * closes the connection (break any keep-alive) and
2686 * resets the url, re-connects, and resets the request
2687 * property.
2688 */
2689 private boolean followRedirect0(String loc, int stat, URL locUrl)
2690 throws IOException
2691 {
2692 disconnectInternal();
2693 if (streaming()) {
2694 throw new HttpRetryException (RETRY_MSG3, stat, loc);
2695 }
2696 if (logger.isLoggable(PlatformLogger.Level.FINE)) {
2697 logger.fine("Redirected from " + url + " to " + locUrl);
2698 }
2699
2700 // clear out old response headers!!!!
2701 responses = new MessageHeader();
2702 if (stat == HTTP_USE_PROXY) {
2703 /* This means we must re-request the resource through the
2704 * proxy denoted in the "Location:" field of the response.
2705 * Judging by the spec, the string in the Location header
2706 * _should_ denote a URL - let's hope for "http://my.proxy.org"
2707 * Make a new HttpClient to the proxy, using HttpClient's
2708 * Instance-specific proxy fields, but note we're still fetching
2709 * the same URL.
2710 */
2711 String proxyHost = locUrl.getHost();
2712 int proxyPort = locUrl.getPort();
2713
2714 SecurityManager security = System.getSecurityManager();
2715 if (security != null) {
2716 security.checkConnect(proxyHost, proxyPort);
2717 }
2718
2719 setProxiedClient (url, proxyHost, proxyPort);
2720 requests.set(0, method + " " + getRequestURI()+" " +
2721 httpVersion, null);
2722 connected = true;
2723 // need to remember this in case NTLM proxy authentication gets
2724 // used. We can't use transparent authentication when user
2725 // doesn't know about proxy.
2726 useProxyResponseCode = true;
2727 } else {
2728 final URL prevURL = url;
2729
2730 // maintain previous headers, just change the name
2731 // of the file we're getting
2732 url = locUrl;
2733 requestURI = null; // force it to be recalculated
2734 if (method.equals("POST") && !Boolean.getBoolean("http.strictPostRedirect") && (stat!=307)) {
2735 /* The HTTP/1.1 spec says that a redirect from a POST
2736 * *should not* be immediately turned into a GET, and
2737 * that some HTTP/1.0 clients incorrectly did this.
2738 * Correct behavior redirects a POST to another POST.
2739 * Unfortunately, since most browsers have this incorrect
2740 * behavior, the web works this way now. Typical usage
2741 * seems to be:
2742 * POST a login code or passwd to a web page.
2743 * after validation, the server redirects to another
2744 * (welcome) page
2745 * The second request is (erroneously) expected to be GET
2746 *
2747 * We will do the incorrect thing (POST-->GET) by default.
2748 * We will provide the capability to do the "right" thing
2749 * (POST-->POST) by a system property, "http.strictPostRedirect=true"
2750 */
2751
2752 requests = new MessageHeader();
2753 setRequests = false;
2754 super.setRequestMethod("GET"); // avoid the connecting check
2755 poster = null;
2756 if (!checkReuseConnection())
2757 connect();
2758
2759 if (!sameDestination(prevURL, url)) {
2760 // Ensures pre-redirect user-set cookie will not be reset.
2761 // CookieHandler, if any, will be queried to determine
2762 // cookies for redirected URL, if any.
2763 userCookies = null;
2764 userCookies2 = null;
2765 }
2766 } else {
2767 if (!checkReuseConnection())
2768 connect();
2769 /* Even after a connect() call, http variable still can be
2770 * null, if a ResponseCache has been installed and it returns
2771 * a non-null CacheResponse instance. So check nullity before using it.
2772 *
2773 * And further, if http is null, there's no need to do anything
2774 * about request headers because successive http session will use
2775 * cachedInputStream/cachedHeaders anyway, which is returned by
2776 * CacheResponse.
2777 */
2778 if (http != null) {
2779 requests.set(0, method + " " + getRequestURI()+" " +
2780 httpVersion, null);
2781 int port = url.getPort();
2782 String host = stripIPv6ZoneId(url.getHost());
2783 if (port != -1 && port != url.getDefaultPort()) {
2784 host += ":" + String.valueOf(port);
2785 }
2786 requests.set("Host", host);
2787 }
2788
2789 if (!sameDestination(prevURL, url)) {
2790 // Redirecting to a different destination will drop any
2791 // security-sensitive headers, regardless of whether
2792 // they are user-set or not. CookieHandler, if any, will be
2793 // queried to determine cookies for redirected URL, if any.
2794 userCookies = null;
2795 userCookies2 = null;
2796 requests.remove("Cookie");
2797 requests.remove("Cookie2");
2798 requests.remove("Authorization");
2799
2800 // check for preemptive authorization
2801 AuthenticationInfo sauth =
2802 AuthenticationInfo.getServerAuth(url, getAuthenticatorKey());
2803 if (sauth != null && sauth.supportsPreemptiveAuthorization() ) {
2804 // Sets "Authorization"
2805 requests.setIfNotSet(sauth.getHeaderName(), sauth.getHeaderValue(url,method));
2806 currentServerCredentials = sauth;
2807 }
2808 }
2809 }
2810 }
2811 return true;
2812 }
2813
2814 /* Returns true iff the given URLs have the same host and effective port. */
2815 private static boolean sameDestination(URL firstURL, URL secondURL) {
2816 assert firstURL.getProtocol().equalsIgnoreCase(secondURL.getProtocol()):
2817 "protocols not equal: " + firstURL + " - " + secondURL;
2818
2819 if (!firstURL.getHost().equalsIgnoreCase(secondURL.getHost()))
2820 return false;
2821
2822 int firstPort = firstURL.getPort();
2823 if (firstPort == -1)
2824 firstPort = firstURL.getDefaultPort();
2825 int secondPort = secondURL.getPort();
2826 if (secondPort == -1)
2827 secondPort = secondURL.getDefaultPort();
2828 if (firstPort != secondPort)
2829 return false;
2830
2831 return true;
2832 }
2833
2834 /* dummy byte buffer for reading off socket prior to closing */
2835 byte[] cdata = new byte [128];
2836
2837 /**
2838 * Reset (without disconnecting the TCP conn) in order to do another transaction with this instance
2839 */
2840 private void reset() throws IOException {
2841 http.reuse = true;
2842 /* must save before calling close */
2843 reuseClient = http;
2844 InputStream is = http.getInputStream();
2845 if (!method.equals("HEAD")) {
2846 try {
2847 /* we want to read the rest of the response without using the
2848 * hurry mechanism, because that would close the connection
2849 * if everything is not available immediately
2850 */
2851 if ((is instanceof ChunkedInputStream) ||
2852 (is instanceof MeteredStream)) {
2853 /* reading until eof will not block */
2854 while (is.read (cdata) > 0) {}
2855 } else {
2856 /* raw stream, which will block on read, so only read
2857 * the expected number of bytes, probably 0
2858 */
2859 long cl = 0;
2860 int n = 0;
2861 String cls = responses.findValue ("Content-Length");
2862 if (cls != null) {
2863 try {
2864 cl = Long.parseLong (cls);
2865 } catch (NumberFormatException e) {
2866 cl = 0;
2867 }
2868 }
2869 for (long i=0; i<cl; ) {
2870 if ((n = is.read (cdata)) == -1) {
2871 break;
2872 } else {
2873 i+= n;
2874 }
2875 }
2876 }
2877 } catch (IOException e) {
2878 http.reuse = false;
2879 reuseClient = null;
2880 disconnectInternal();
2881 return;
2882 }
2883 try {
2884 if (is instanceof MeteredStream) {
2885 is.close();
2886 }
2887 } catch (IOException e) { }
2888 }
2889 responseCode = -1;
2890 responses = new MessageHeader();
2891 connected = false;
2892 }
2893
2894 /**
2895 * Disconnect from the web server at the first 401 error. Do not
2896 * disconnect when using a proxy, a good proxy should have already
2897 * closed the connection to the web server.
2898 */
2899 private void disconnectWeb() throws IOException {
2900 if (usingProxy() && http.isKeepingAlive()) {
2901 responseCode = -1;
2902 // clean up, particularly, skip the content part
2903 // of a 401 error response
2904 reset();
2905 } else {
2906 disconnectInternal();
2907 }
2908 }
2909
2910 /**
2911 * Disconnect from the server (for internal use)
2912 */
2913 private void disconnectInternal() {
2914 responseCode = -1;
2915 inputStream = null;
2916 if (pi != null) {
2917 pi.finishTracking();
2918 pi = null;
2919 }
2920 if (http != null) {
2921 http.closeServer();
2922 http = null;
2923 connected = false;
2924 }
2925 }
2926
2927 /**
2928 * Disconnect from the server (public API)
2929 */
2930 public void disconnect() {
2931
2932 responseCode = -1;
2933 if (pi != null) {
2934 pi.finishTracking();
2935 pi = null;
2936 }
2937
2938 if (http != null) {
2939 /*
2940 * If we have an input stream this means we received a response
2941 * from the server. That stream may have been read to EOF and
2942 * depending on the stream type may already be closed or
2943 * the http client may be returned to the keep-alive cache.
2944 * If the http client has been returned to the keep-alive cache
2945 * it may be closed (idle timeout) or may be allocated to
2946 * another request.
2947 *
2948 * In other to avoid timing issues we close the input stream
2949 * which will either close the underlying connection or return
2950 * the client to the cache. If there's a possibility that the
2951 * client has been returned to the cache (ie: stream is a keep
2952 * alive stream or a chunked input stream) then we remove an
2953 * idle connection to the server. Note that this approach
2954 * can be considered an approximation in that we may close a
2955 * different idle connection to that used by the request.
2956 * Additionally it's possible that we close two connections
2957 * - the first becuase it wasn't an EOF (and couldn't be
2958 * hurried) - the second, another idle connection to the
2959 * same server. The is okay because "disconnect" is an
2960 * indication that the application doesn't intend to access
2961 * this http server for a while.
2962 */
2963
2964 if (inputStream != null) {
2965 HttpClient hc = http;
2966
2967 // un-synchronized
2968 boolean ka = hc.isKeepingAlive();
2969
2970 try {
2971 inputStream.close();
2972 } catch (IOException ioe) { }
2973
2974 // if the connection is persistent it may have been closed
2975 // or returned to the keep-alive cache. If it's been returned
2976 // to the keep-alive cache then we would like to close it
2977 // but it may have been allocated
2978
2979 if (ka) {
2980 hc.closeIdleConnection();
2981 }
2982
2983
2984 } else {
2985 // We are deliberatly being disconnected so HttpClient
2986 // should not try to resend the request no matter what stage
2987 // of the connection we are in.
2988 http.setDoNotRetry(true);
2989
2990 http.closeServer();
2991 }
2992
2993 // poster = null;
2994 http = null;
2995 connected = false;
2996 }
2997 cachedInputStream = null;
2998 if (cachedHeaders != null) {
2999 cachedHeaders.reset();
3000 }
3001 }
3002
3003 public boolean usingProxy() {
3004 if (http != null) {
3005 return (http.getProxyHostUsed() != null);
3006 }
3007 return false;
3008 }
3009
3010 // constant strings represent set-cookie header names
3011 private static final String SET_COOKIE = "set-cookie";
3012 private static final String SET_COOKIE2 = "set-cookie2";
3013
3014 /**
3015 * Returns a filtered version of the given headers value.
3016 *
3017 * Note: The implementation currently only filters out HttpOnly cookies
3018 * from Set-Cookie and Set-Cookie2 headers.
3019 */
3020 private String filterHeaderField(String name, String value) {
3021 if (value == null)
3022 return null;
3023
3024 if (SET_COOKIE.equalsIgnoreCase(name) ||
3025 SET_COOKIE2.equalsIgnoreCase(name)) {
3026
3027 // Filtering only if there is a cookie handler. [Assumption: the
3028 // cookie handler will store/retrieve the HttpOnly cookies]
3029 if (cookieHandler == null || value.isEmpty())
3030 return value;
3031
3032 JavaNetHttpCookieAccess access =
3033 SharedSecrets.getJavaNetHttpCookieAccess();
3034 StringJoiner retValue = new StringJoiner(","); // RFC 2965, comma separated
3035 List<HttpCookie> cookies = access.parse(value);
3036 for (HttpCookie cookie : cookies) {
3037 // skip HttpOnly cookies
3038 if (!cookie.isHttpOnly())
3039 retValue.add(access.header(cookie));
3040 }
3041 return retValue.toString();
3042 }
3043
3044 return value;
3045 }
3046
3047 // Cache the filtered response headers so that they don't need
3048 // to be generated for every getHeaderFields() call.
3049 private Map<String, List<String>> filteredHeaders; // null
3050
3051 private Map<String, List<String>> getFilteredHeaderFields() {
3052 if (filteredHeaders != null)
3053 return filteredHeaders;
3054
3055 Map<String, List<String>> headers, tmpMap = new HashMap<>();
3056
3057 if (cachedHeaders != null)
3058 headers = cachedHeaders.getHeaders();
3059 else
3060 headers = responses.getHeaders();
3061
3062 for (Map.Entry<String, List<String>> e: headers.entrySet()) {
3063 String key = e.getKey();
3064 List<String> values = e.getValue(), filteredVals = new ArrayList<>();
3065 for (String value : values) {
3066 String fVal = filterHeaderField(key, value);
3067 if (fVal != null)
3068 filteredVals.add(fVal);
3069 }
3070 if (!filteredVals.isEmpty())
3071 tmpMap.put(key, Collections.unmodifiableList(filteredVals));
3072 }
3073
3074 return filteredHeaders = Collections.unmodifiableMap(tmpMap);
3075 }
3076
3077 /**
3078 * Gets a header field by name. Returns null if not known.
3079 * @param name the name of the header field
3080 */
3081 @Override
3082 public String getHeaderField(String name) {
3083 try {
3084 getInputStream();
3085 } catch (IOException e) {}
3086
3087 if (cachedHeaders != null) {
3088 return filterHeaderField(name, cachedHeaders.findValue(name));
3089 }
3090
3091 return filterHeaderField(name, responses.findValue(name));
3092 }
3093
3094 /**
3095 * Returns an unmodifiable Map of the header fields.
3096 * The Map keys are Strings that represent the
3097 * response-header field names. Each Map value is an
3098 * unmodifiable List of Strings that represents
3099 * the corresponding field values.
3100 *
3101 * @return a Map of header fields
3102 * @since 1.4
3103 */
3104 @Override
3105 public Map<String, List<String>> getHeaderFields() {
3106 try {
3107 getInputStream();
3108 } catch (IOException e) {}
3109
3110 return getFilteredHeaderFields();
3111 }
3112
3113 /**
3114 * Gets a header field by index. Returns null if not known.
3115 * @param n the index of the header field
3116 */
3117 @Override
3118 public String getHeaderField(int n) {
3119 try {
3120 getInputStream();
3121 } catch (IOException e) {}
3122
3123 if (cachedHeaders != null) {
3124 return filterHeaderField(cachedHeaders.getKey(n),
3125 cachedHeaders.getValue(n));
3126 }
3127 return filterHeaderField(responses.getKey(n), responses.getValue(n));
3128 }
3129
3130 /**
3131 * Gets a header field by index. Returns null if not known.
3132 * @param n the index of the header field
3133 */
3134 @Override
3135 public String getHeaderFieldKey(int n) {
3136 try {
3137 getInputStream();
3138 } catch (IOException e) {}
3139
3140 if (cachedHeaders != null) {
3141 return cachedHeaders.getKey(n);
3142 }
3143
3144 return responses.getKey(n);
3145 }
3146
3147 /**
3148 * Sets request property. If a property with the key already
3149 * exists, overwrite its value with the new value.
3150 * @param value the value to be set
3151 */
3152 @Override
3153 public synchronized void setRequestProperty(String key, String value) {
3154 if (connected || connecting)
3155 throw new IllegalStateException("Already connected");
3156 if (key == null)
3157 throw new NullPointerException ("key is null");
3158
3159 if (isExternalMessageHeaderAllowed(key, value)) {
3160 requests.set(key, value);
3161 if (!key.equalsIgnoreCase("Content-Type")) {
3162 userHeaders.set(key, value);
3163 }
3164 }
3165 }
3166
3167 MessageHeader getUserSetHeaders() {
3168 return userHeaders;
3169 }
3170
3171 /**
3172 * Adds a general request property specified by a
3173 * key-value pair. This method will not overwrite
3174 * existing values associated with the same key.
3175 *
3176 * @param key the keyword by which the request is known
3177 * (e.g., "<code>accept</code>").
3178 * @param value the value associated with it.
3179 * @see #getRequestProperties(java.lang.String)
3180 * @since 1.4
3181 */
3182 @Override
3183 public synchronized void addRequestProperty(String key, String value) {
3184 if (connected || connecting)
3185 throw new IllegalStateException("Already connected");
3186 if (key == null)
3187 throw new NullPointerException ("key is null");
3188
3189 if (isExternalMessageHeaderAllowed(key, value)) {
3190 requests.add(key, value);
3191 if (!key.equalsIgnoreCase("Content-Type")) {
3192 userHeaders.add(key, value);
3193 }
3194 }
3195 }
3196
3197 //
3198 // Set a property for authentication. This can safely disregard
3199 // the connected test.
3200 //
3201 public void setAuthenticationProperty(String key, String value) {
3202 checkMessageHeader(key, value);
3203 requests.set(key, value);
3204 }
3205
3206 @Override
3207 public synchronized String getRequestProperty (String key) {
3208 if (key == null) {
3209 return null;
3210 }
3211
3212 // don't return headers containing security sensitive information
3213 for (int i=0; i < EXCLUDE_HEADERS.length; i++) {
3214 if (key.equalsIgnoreCase(EXCLUDE_HEADERS[i])) {
3215 return null;
3216 }
3217 }
3218 if (!setUserCookies) {
3219 if (key.equalsIgnoreCase("Cookie")) {
3220 return userCookies;
3221 }
3222 if (key.equalsIgnoreCase("Cookie2")) {
3223 return userCookies2;
3224 }
3225 }
3226 return requests.findValue(key);
3227 }
3228
3229 /**
3230 * Returns an unmodifiable Map of general request
3231 * properties for this connection. The Map keys
3232 * are Strings that represent the request-header
3233 * field names. Each Map value is a unmodifiable List
3234 * of Strings that represents the corresponding
3235 * field values.
3236 *
3237 * @return a Map of the general request properties for this connection.
3238 * @throws IllegalStateException if already connected
3239 * @since 1.4
3240 */
3241 @Override
3242 public synchronized Map<String, List<String>> getRequestProperties() {
3243 if (connected)
3244 throw new IllegalStateException("Already connected");
3245
3246 // exclude headers containing security-sensitive info
3247 if (setUserCookies) {
3248 return requests.getHeaders(EXCLUDE_HEADERS);
3249 }
3250 /*
3251 * The cookies in the requests message headers may have
3252 * been modified. Use the saved user cookies instead.
3253 */
3254 Map<String, List<String>> userCookiesMap = null;
3255 if (userCookies != null || userCookies2 != null) {
3256 userCookiesMap = new HashMap<>();
3257 if (userCookies != null) {
3258 userCookiesMap.put("Cookie", Arrays.asList(userCookies));
3259 }
3260 if (userCookies2 != null) {
3261 userCookiesMap.put("Cookie2", Arrays.asList(userCookies2));
3262 }
3263 }
3264 return requests.filterAndAddHeaders(EXCLUDE_HEADERS2, userCookiesMap);
3265 }
3266
3267 @Override
3268 public void setConnectTimeout(int timeout) {
3269 if (timeout < 0)
3270 throw new IllegalArgumentException("timeouts can't be negative");
3271 connectTimeout = timeout;
3272 }
3273
3274
3275 /**
3276 * Returns setting for connect timeout.
3277 * <p>
3278 * 0 return implies that the option is disabled
3279 * (i.e., timeout of infinity).
3280 *
3281 * @return an <code>int</code> that indicates the connect timeout
3282 * value in milliseconds
3283 * @see java.net.URLConnection#setConnectTimeout(int)
3284 * @see java.net.URLConnection#connect()
3285 * @since 1.5
3286 */
3287 @Override
3288 public int getConnectTimeout() {
3289 return (connectTimeout < 0 ? 0 : connectTimeout);
3290 }
3291
3292 /**
3293 * Sets the read timeout to a specified timeout, in
3294 * milliseconds. A non-zero value specifies the timeout when
3295 * reading from Input stream when a connection is established to a
3296 * resource. If the timeout expires before there is data available
3297 * for read, a java.net.SocketTimeoutException is raised. A
3298 * timeout of zero is interpreted as an infinite timeout.
3299 *
3300 * <p> Some non-standard implementation of this method ignores the
3301 * specified timeout. To see the read timeout set, please call
3302 * getReadTimeout().
3303 *
3304 * @param timeout an <code>int</code> that specifies the timeout
3305 * value to be used in milliseconds
3306 * @throws IllegalArgumentException if the timeout parameter is negative
3307 *
3308 * @see java.net.URLConnectiongetReadTimeout()
3309 * @see java.io.InputStream#read()
3310 * @since 1.5
3311 */
3312 @Override
3313 public void setReadTimeout(int timeout) {
3314 if (timeout < 0)
3315 throw new IllegalArgumentException("timeouts can't be negative");
3316 readTimeout = timeout;
3317 }
3318
3319 /**
3320 * Returns setting for read timeout. 0 return implies that the
3321 * option is disabled (i.e., timeout of infinity).
3322 *
3323 * @return an <code>int</code> that indicates the read timeout
3324 * value in milliseconds
3325 *
3326 * @see java.net.URLConnection#setReadTimeout(int)
3327 * @see java.io.InputStream#read()
3328 * @since 1.5
3329 */
3330 @Override
3331 public int getReadTimeout() {
3332 return readTimeout < 0 ? 0 : readTimeout;
3333 }
3334
3335 public CookieHandler getCookieHandler() {
3336 return cookieHandler;
3337 }
3338
3339 String getMethod() {
3340 return method;
3341 }
3342
3343 private MessageHeader mapToMessageHeader(Map<String, List<String>> map) {
3344 MessageHeader headers = new MessageHeader();
3345 if (map == null || map.isEmpty()) {
3346 return headers;
3347 }
3348 for (Map.Entry<String, List<String>> entry : map.entrySet()) {
3349 String key = entry.getKey();
3350 List<String> values = entry.getValue();
3351 for (String value : values) {
3352 if (key == null) {
3353 headers.prepend(key, value);
3354 } else {
3355 headers.add(key, value);
3356 }
3357 }
3358 }
3359 return headers;
3360 }
3361
3362 /**
3363 * Returns the given host, without the IPv6 Zone Id, if present.
3364 * (e.g. [fe80::a00:27ff:aaaa:aaaa%eth0] -> [fe80::a00:27ff:aaaa:aaaa])
3365 *
3366 * @param host host address (not null, not empty)
3367 * @return host address without Zone Id
3368 */
3369 static String stripIPv6ZoneId(String host) {
3370 if (host.charAt(0) != '[') { // not an IPv6-literal
3371 return host;
3372 }
3373 int i = host.lastIndexOf('%');
3374 if (i == -1) { // doesn't contain zone_id
3375 return host;
3376 }
3377 return host.substring(0, i) + "]";
3378 }
3379
3380 /* The purpose of this wrapper is just to capture the close() call
3381 * so we can check authentication information that may have
3382 * arrived in a Trailer field
3383 */
3384 class HttpInputStream extends FilterInputStream {
3385 private CacheRequest cacheRequest;
3386 private OutputStream outputStream;
3387 private boolean marked = false;
3388 private int inCache = 0;
3389 private int markCount = 0;
3390 private boolean closed; // false
3391
3392 public HttpInputStream (InputStream is) {
3393 super (is);
3394 this.cacheRequest = null;
3395 this.outputStream = null;
3396 }
3397
3398 public HttpInputStream (InputStream is, CacheRequest cacheRequest) {
3399 super (is);
3400 this.cacheRequest = cacheRequest;
3401 try {
3402 this.outputStream = cacheRequest.getBody();
3403 } catch (IOException ioex) {
3404 this.cacheRequest.abort();
3405 this.cacheRequest = null;
3406 this.outputStream = null;
3407 }
3408 }
3409
3410 /**
3411 * Marks the current position in this input stream. A subsequent
3412 * call to the <code>reset</code> method repositions this stream at
3413 * the last marked position so that subsequent reads re-read the same
3414 * bytes.
3415 * <p>
3416 * The <code>readlimit</code> argument tells this input stream to
3417 * allow that many bytes to be read before the mark position gets
3418 * invalidated.
3419 * <p>
3420 * This method simply performs <code>in.mark(readlimit)</code>.
3421 *
3422 * @param readlimit the maximum limit of bytes that can be read before
3423 * the mark position becomes invalid.
3424 * @see java.io.FilterInputStream#in
3425 * @see java.io.FilterInputStream#reset()
3426 */
3427 @Override
3428 public synchronized void mark(int readlimit) {
3429 super.mark(readlimit);
3430 if (cacheRequest != null) {
3431 marked = true;
3432 markCount = 0;
3433 }
3434 }
3435
3436 /**
3437 * Repositions this stream to the position at the time the
3438 * <code>mark</code> method was last called on this input stream.
3439 * <p>
3440 * This method
3441 * simply performs <code>in.reset()</code>.
3442 * <p>
3443 * Stream marks are intended to be used in
3444 * situations where you need to read ahead a little to see what's in
3445 * the stream. Often this is most easily done by invoking some
3446 * general parser. If the stream is of the type handled by the
3447 * parse, it just chugs along happily. If the stream is not of
3448 * that type, the parser should toss an exception when it fails.
3449 * If this happens within readlimit bytes, it allows the outer
3450 * code to reset the stream and try another parser.
3451 *
3452 * @exception IOException if the stream has not been marked or if the
3453 * mark has been invalidated.
3454 * @see java.io.FilterInputStream#in
3455 * @see java.io.FilterInputStream#mark(int)
3456 */
3457 @Override
3458 public synchronized void reset() throws IOException {
3459 super.reset();
3460 if (cacheRequest != null) {
3461 marked = false;
3462 inCache += markCount;
3463 }
3464 }
3465
3466 private void ensureOpen() throws IOException {
3467 if (closed)
3468 throw new IOException("stream is closed");
3469 }
3470
3471 @Override
3472 public int read() throws IOException {
3473 ensureOpen();
3474 try {
3475 byte[] b = new byte[1];
3476 int ret = read(b);
3477 return (ret == -1? ret : (b[0] & 0x00FF));
3478 } catch (IOException ioex) {
3479 if (cacheRequest != null) {
3480 cacheRequest.abort();
3481 }
3482 throw ioex;
3483 }
3484 }
3485
3486 @Override
3487 public int read(byte[] b) throws IOException {
3488 return read(b, 0, b.length);
3489 }
3490
3491 @Override
3492 public int read(byte[] b, int off, int len) throws IOException {
3493 ensureOpen();
3494 try {
3495 int newLen = super.read(b, off, len);
3496 int nWrite;
3497 // write to cache
3498 if (inCache > 0) {
3499 if (inCache >= newLen) {
3500 inCache -= newLen;
3501 nWrite = 0;
3502 } else {
3503 nWrite = newLen - inCache;
3504 inCache = 0;
3505 }
3506 } else {
3507 nWrite = newLen;
3508 }
3509 if (nWrite > 0 && outputStream != null)
3510 outputStream.write(b, off + (newLen-nWrite), nWrite);
3511 if (marked) {
3512 markCount += newLen;
3513 }
3514 return newLen;
3515 } catch (IOException ioex) {
3516 if (cacheRequest != null) {
3517 cacheRequest.abort();
3518 }
3519 throw ioex;
3520 }
3521 }
3522
3523 /* skip() calls read() in order to ensure that entire response gets
3524 * cached. same implementation as InputStream.skip */
3525
3526 private byte[] skipBuffer;
3527 private static final int SKIP_BUFFER_SIZE = 8096;
3528
3529 @Override
3530 public long skip (long n) throws IOException {
3531 ensureOpen();
3532 long remaining = n;
3533 int nr;
3534 if (skipBuffer == null)
3535 skipBuffer = new byte[SKIP_BUFFER_SIZE];
3536
3537 byte[] localSkipBuffer = skipBuffer;
3538
3539 if (n <= 0) {
3540 return 0;
3541 }
3542
3543 while (remaining > 0) {
3544 nr = read(localSkipBuffer, 0,
3545 (int) Math.min(SKIP_BUFFER_SIZE, remaining));
3546 if (nr < 0) {
3547 break;
3548 }
3549 remaining -= nr;
3550 }
3551
3552 return n - remaining;
3553 }
3554
3555 @Override
3556 public void close () throws IOException {
3557 if (closed)
3558 return;
3559
3560 try {
3561 if (outputStream != null) {
3562 if (read() != -1) {
3563 cacheRequest.abort();
3564 } else {
3565 outputStream.close();
3566 }
3567 }
3568 super.close ();
3569 } catch (IOException ioex) {
3570 if (cacheRequest != null) {
3571 cacheRequest.abort();
3572 }
3573 throw ioex;
3574 } finally {
3575 closed = true;
3576 HttpURLConnection.this.http = null;
3577 checkResponseCredentials (true);
3578 }
3579 }
3580 }
3581
3582 class StreamingOutputStream extends FilterOutputStream {
3583
3584 long expected;
3585 long written;
3586 boolean closed;
3587 boolean error;
3588 IOException errorExcp;
3589
3590 /**
3591 * expectedLength == -1 if the stream is chunked
3592 * expectedLength > 0 if the stream is fixed content-length
3593 * In the 2nd case, we make sure the expected number of
3594 * of bytes are actually written
3595 */
3596 StreamingOutputStream (OutputStream os, long expectedLength) {
3597 super (os);
3598 expected = expectedLength;
3599 written = 0L;
3600 closed = false;
3601 error = false;
3602 }
3603
3604 @Override
3605 public void write (int b) throws IOException {
3606 checkError();
3607 written ++;
3608 if (expected != -1L && written > expected) {
3609 throw new IOException ("too many bytes written");
3610 }
3611 out.write (b);
3612 }
3613
3614 @Override
3615 public void write (byte[] b) throws IOException {
3616 write (b, 0, b.length);
3617 }
3618
3619 @Override
3620 public void write (byte[] b, int off, int len) throws IOException {
3621 checkError();
3622 written += len;
3623 if (expected != -1L && written > expected) {
3624 out.close ();
3625 throw new IOException ("too many bytes written");
3626 }
3627 out.write (b, off, len);
3628 }
3629
3630 void checkError () throws IOException {
3631 if (closed) {
3632 throw new IOException ("Stream is closed");
3633 }
3634 if (error) {
3635 throw errorExcp;
3636 }
3637 if (((PrintStream)out).checkError()) {
3638 throw new IOException("Error writing request body to server");
3639 }
3640 }
3641
3642 /* this is called to check that all the bytes
3643 * that were supposed to be written were written
3644 * and that the stream is now closed().
3645 */
3646 boolean writtenOK () {
3647 return closed && ! error;
3648 }
3649
3650 @Override
3651 public void close () throws IOException {
3652 if (closed) {
3653 return;
3654 }
3655 closed = true;
3656 if (expected != -1L) {
3657 /* not chunked */
3658 if (written != expected) {
3659 error = true;
3660 errorExcp = new IOException ("insufficient data written");
3661 out.close ();
3662 throw errorExcp;
3663 }
3664 super.flush(); /* can't close the socket */
3665 } else {
3666 /* chunked */
3667 super.close (); /* force final chunk to be written */
3668 /* trailing \r\n */
3669 OutputStream o = http.getOutputStream();
3670 o.write ('\r');
3671 o.write ('\n');
3672 o.flush();
3673 }
3674 }
3675 }
3676
3677
3678 static class ErrorStream extends InputStream {
3679 ByteBuffer buffer;
3680 InputStream is;
3681
3682 private ErrorStream(ByteBuffer buf) {
3683 buffer = buf;
3684 is = null;
3685 }
3686
3687 private ErrorStream(ByteBuffer buf, InputStream is) {
3688 buffer = buf;
3689 this.is = is;
3690 }
3691
3692 // when this method is called, it's either the case that cl > 0, or
3693 // if chunk-encoded, cl = -1; in other words, cl can't be 0
3694 public static InputStream getErrorStream(InputStream is, long cl, HttpClient http) {
3695
3696 // cl can't be 0; this following is here for extra precaution
3697 if (cl == 0) {
3698 return null;
3699 }
3700
3701 try {
3702 // set SO_TIMEOUT to 1/5th of the total timeout
3703 // remember the old timeout value so that we can restore it
3704 int oldTimeout = http.getReadTimeout();
3705 http.setReadTimeout(timeout4ESBuffer/5);
3706
3707 long expected = 0;
3708 boolean isChunked = false;
3709 // the chunked case
3710 if (cl < 0) {
3711 expected = bufSize4ES;
3712 isChunked = true;
3713 } else {
3714 expected = cl;
3715 }
3716 if (expected <= bufSize4ES) {
3717 int exp = (int) expected;
3718 byte[] buffer = new byte[exp];
3719 int count = 0, time = 0, len = 0;
3720 do {
3721 try {
3722 len = is.read(buffer, count,
3723 buffer.length - count);
3724 if (len < 0) {
3725 if (isChunked) {
3726 // chunked ended
3727 // if chunked ended prematurely,
3728 // an IOException would be thrown
3729 break;
3730 }
3731 // the server sends less than cl bytes of data
3732 throw new IOException("the server closes"+
3733 " before sending "+cl+
3734 " bytes of data");
3735 }
3736 count += len;
3737 } catch (SocketTimeoutException ex) {
3738 time += timeout4ESBuffer/5;
3739 }
3740 } while (count < exp && time < timeout4ESBuffer);
3741
3742 // reset SO_TIMEOUT to old value
3743 http.setReadTimeout(oldTimeout);
3744
3745 // if count < cl at this point, we will not try to reuse
3746 // the connection
3747 if (count == 0) {
3748 // since we haven't read anything,
3749 // we will return the underlying
3750 // inputstream back to the application
3751 return null;
3752 } else if ((count == expected && !(isChunked)) || (isChunked && len <0)) {
3753 // put the connection into keep-alive cache
3754 // the inputstream will try to do the right thing
3755 is.close();
3756 return new ErrorStream(ByteBuffer.wrap(buffer, 0, count));
3757 } else {
3758 // we read part of the response body
3759 return new ErrorStream(
3760 ByteBuffer.wrap(buffer, 0, count), is);
3761 }
3762 }
3763 return null;
3764 } catch (IOException ioex) {
3765 // ioex.printStackTrace();
3766 return null;
3767 }
3768 }
3769
3770 @Override
3771 public int available() throws IOException {
3772 if (is == null) {
3773 return buffer.remaining();
3774 } else {
3775 return buffer.remaining()+is.available();
3776 }
3777 }
3778
3779 public int read() throws IOException {
3780 byte[] b = new byte[1];
3781 int ret = read(b);
3782 return (ret == -1? ret : (b[0] & 0x00FF));
3783 }
3784
3785 @Override
3786 public int read(byte[] b) throws IOException {
3787 return read(b, 0, b.length);
3788 }
3789
3790 @Override
3791 public int read(byte[] b, int off, int len) throws IOException {
3792 int rem = buffer.remaining();
3793 if (rem > 0) {
3794 int ret = rem < len? rem : len;
3795 buffer.get(b, off, ret);
3796 return ret;
3797 } else {
3798 if (is == null) {
3799 return -1;
3800 } else {
3801 return is.read(b, off, len);
3802 }
3803 }
3804 }
3805
3806 @Override
3807 public void close() throws IOException {
3808 buffer = null;
3809 if (is != null) {
3810 is.close();
3811 }
3812 }
3813 }
3814 }
3815
3816 /** An input stream that just returns EOF. This is for
3817 * HTTP URLConnections that are KeepAlive && use the
3818 * HEAD method - i.e., stream not dead, but nothing to be read.
3819 */
3820
3821 class EmptyInputStream extends InputStream {
3822
3823 @Override
3824 public int available() {
3825 return 0;
3826 }
3827
3828 public int read() {
3829 return -1;
3830 }
3831 }