1 /* 2 * Copyright (c) 1995, 2006, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.awt.image; 27 28 import java.io.InputStream; 29 import java.io.IOException; 30 import java.net.HttpURLConnection; 31 import java.net.MalformedURLException; 32 import java.net.SocketPermission; 33 import java.net.URL; 34 import java.net.URLConnection; 35 import java.net.URLPermission; 36 37 import sun.net.util.URLUtil; 38 39 public class URLImageSource extends InputStreamImageSource { 40 URL url; 41 URLConnection conn; 42 String actualHost; 43 int actualPort; 44 45 public URLImageSource(URL u) { 46 SecurityManager sm = System.getSecurityManager(); 47 if (sm != null) { 48 try { 49 java.security.Permission perm = 50 URLUtil.getConnectPermission(u); 51 if (perm != null) { 52 try { 53 sm.checkPermission(perm); 54 } catch (SecurityException se) { 55 // fallback to checkRead/checkConnect for pre 1.2 56 // security managers 57 if ((perm instanceof java.io.FilePermission) && 58 perm.getActions().indexOf("read") != -1) { 59 sm.checkRead(perm.getName()); 60 } else if ((perm instanceof 61 java.net.SocketPermission) && 62 perm.getActions().indexOf("connect") != -1) { 63 sm.checkConnect(u.getHost(), u.getPort()); 64 } else if (perm instanceof URLPermission) { 65 sm.checkPermission( 66 new SocketPermission(u.getHost(), "connect")); 67 } else { 68 throw se; 69 } 70 } 71 } 72 } catch (java.io.IOException ioe) { 73 sm.checkConnect(u.getHost(), u.getPort()); 74 } 75 } 76 this.url = u; 77 78 } 79 80 public URLImageSource(String href) throws MalformedURLException { 81 this(new URL(null, href)); 82 } 83 84 public URLImageSource(URL u, URLConnection uc) { 85 this(u); 86 conn = uc; 87 } 88 89 public URLImageSource(URLConnection uc) { 90 this(uc.getURL(), uc); 91 } 92 93 final boolean checkSecurity(Object context, boolean quiet) { 94 // If actualHost is not null, then the host/port parameters that 95 // the image was actually fetched from were different than the 96 // host/port parameters the original URL specified for at least 97 // one of the download attempts. The original URL security was 98 // checked when the applet got a handle to the image, so we only 99 // need to check for the real host/port. 100 if (actualHost != null) { 101 try { 102 SecurityManager security = System.getSecurityManager(); 103 if (security != null) { 104 security.checkConnect(actualHost, actualPort, context); 105 } 106 } catch (SecurityException e) { 107 if (!quiet) { 108 throw e; 109 } 110 return false; 111 } 112 } 113 return true; 114 } 115 116 private synchronized URLConnection getConnection() throws IOException { 117 URLConnection c; 118 if (conn != null) { 119 c = conn; 120 conn = null; 121 } else { 122 c = url.openConnection(); 123 } 124 return c; 125 } 126 127 protected ImageDecoder getDecoder() { 128 InputStream is = null; 129 String type = null; 130 URLConnection c = null; 131 try { 132 c = getConnection(); 133 is = c.getInputStream(); 134 type = c.getContentType(); 135 URL u = c.getURL(); 136 if (u != url && (!u.getHost().equals(url.getHost()) || 137 u.getPort() != url.getPort())) 138 { 139 // The image is allowed to come from either the host/port 140 // listed in the original URL, or it can come from one other 141 // host/port that the URL is redirected to. More than that 142 // and we give up and just throw a SecurityException. 143 if (actualHost != null && (!actualHost.equals(u.getHost()) || 144 actualPort != u.getPort())) 145 { 146 throw new SecurityException("image moved!"); 147 } 148 actualHost = u.getHost(); 149 actualPort = u.getPort(); 150 } 151 } catch (IOException e) { 152 if (is != null) { 153 try { 154 is.close(); 155 } catch (IOException e2) { 156 } 157 } else if (c instanceof HttpURLConnection) { 158 ((HttpURLConnection)c).disconnect(); 159 } 160 return null; 161 } 162 163 ImageDecoder id = decoderForType(is, type); 164 if (id == null) { 165 id = getDecoder(is); 166 } 167 168 if (id == null) { 169 // probably, no appropriate decoder 170 if (is != null) { 171 try { 172 is.close(); 173 } catch (IOException e) { 174 } 175 } else if (c instanceof HttpURLConnection) { 176 ((HttpURLConnection)c).disconnect(); 177 } 178 } 179 return id; 180 } 181 }