1 /*
2 * Copyright (c) 1995, 2006, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation. Oracle designates this
8 * particular file as subject to the "Classpath" exception as provided
9 * by Oracle in the LICENSE file that accompanied this code.
10 *
11 * This code is distributed in the hope that it will be useful, but WITHOUT
12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
14 * version 2 for more details (a copy is included in the LICENSE file that
15 * accompanied this code).
16 *
17 * You should have received a copy of the GNU General Public License version
18 * 2 along with this work; if not, write to the Free Software Foundation,
19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
20 *
21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
22 * or visit www.oracle.com if you need additional information or have any
23 * questions.
24 */
25
26 package sun.awt.image;
27
28 import java.io.InputStream;
29 import java.io.IOException;
30 import java.net.HttpURLConnection;
31 import java.net.MalformedURLException;
32 import java.net.SocketPermission;
33 import java.net.URL;
34 import java.net.URLConnection;
35 import java.net.URLPermission;
36
37 import sun.net.util.URLUtil;
38
39 public class URLImageSource extends InputStreamImageSource {
40 URL url;
41 URLConnection conn;
42 String actualHost;
43 int actualPort;
44
45 public URLImageSource(URL u) {
46 SecurityManager sm = System.getSecurityManager();
47 if (sm != null) {
48 try {
49 java.security.Permission perm =
50 URLUtil.getConnectPermission(u);
51 if (perm != null) {
52 try {
53 sm.checkPermission(perm);
54 } catch (SecurityException se) {
55 // fallback to checkRead/checkConnect for pre 1.2
56 // security managers
57 if ((perm instanceof java.io.FilePermission) &&
58 perm.getActions().indexOf("read") != -1) {
59 sm.checkRead(perm.getName());
60 } else if ((perm instanceof
61 java.net.SocketPermission) &&
62 perm.getActions().indexOf("connect") != -1) {
63 sm.checkConnect(u.getHost(), u.getPort());
64 } else if (perm instanceof URLPermission) {
65 sm.checkPermission(
66 new SocketPermission(u.getHost(), "connect"));
67 } else {
68 throw se;
69 }
70 }
71 }
72 } catch (java.io.IOException ioe) {
73 sm.checkConnect(u.getHost(), u.getPort());
74 }
75 }
76 this.url = u;
77
78 }
79
80 public URLImageSource(String href) throws MalformedURLException {
81 this(new URL(null, href));
82 }
83
84 public URLImageSource(URL u, URLConnection uc) {
85 this(u);
86 conn = uc;
87 }
88
89 public URLImageSource(URLConnection uc) {
90 this(uc.getURL(), uc);
91 }
92
93 final boolean checkSecurity(Object context, boolean quiet) {
94 // If actualHost is not null, then the host/port parameters that
95 // the image was actually fetched from were different than the
96 // host/port parameters the original URL specified for at least
97 // one of the download attempts. The original URL security was
98 // checked when the applet got a handle to the image, so we only
99 // need to check for the real host/port.
100 if (actualHost != null) {
101 try {
102 SecurityManager security = System.getSecurityManager();
103 if (security != null) {
104 security.checkConnect(actualHost, actualPort, context);
105 }
106 } catch (SecurityException e) {
107 if (!quiet) {
108 throw e;
109 }
110 return false;
111 }
112 }
113 return true;
114 }
115
116 private synchronized URLConnection getConnection() throws IOException {
117 URLConnection c;
118 if (conn != null) {
119 c = conn;
120 conn = null;
121 } else {
122 c = url.openConnection();
123 }
124 return c;
125 }
126
127 protected ImageDecoder getDecoder() {
128 InputStream is = null;
129 String type = null;
130 URLConnection c = null;
131 try {
132 c = getConnection();
133 is = c.getInputStream();
134 type = c.getContentType();
135 URL u = c.getURL();
136 if (u != url && (!u.getHost().equals(url.getHost()) ||
137 u.getPort() != url.getPort()))
138 {
139 // The image is allowed to come from either the host/port
140 // listed in the original URL, or it can come from one other
141 // host/port that the URL is redirected to. More than that
142 // and we give up and just throw a SecurityException.
143 if (actualHost != null && (!actualHost.equals(u.getHost()) ||
144 actualPort != u.getPort()))
145 {
146 throw new SecurityException("image moved!");
147 }
148 actualHost = u.getHost();
149 actualPort = u.getPort();
150 }
151 } catch (IOException e) {
152 if (is != null) {
153 try {
154 is.close();
155 } catch (IOException e2) {
156 }
157 } else if (c instanceof HttpURLConnection) {
158 ((HttpURLConnection)c).disconnect();
159 }
160 return null;
161 }
162
163 ImageDecoder id = decoderForType(is, type);
164 if (id == null) {
165 id = getDecoder(is);
166 }
167
168 if (id == null) {
169 // probably, no appropriate decoder
170 if (is != null) {
171 try {
172 is.close();
173 } catch (IOException e) {
174 }
175 } else if (c instanceof HttpURLConnection) {
176 ((HttpURLConnection)c).disconnect();
177 }
178 }
179 return id;
180 }
181 }