48 import java.net.CacheRequest;
49 import java.net.URLPermission;
50 import java.net.Authenticator.RequestorType;
51 import java.security.AccessController;
52 import java.security.PrivilegedExceptionAction;
53 import java.security.PrivilegedActionException;
54 import java.io.*;
55 import java.net.*;
56 import java.util.ArrayList;
57 import java.util.Collections;
58 import java.util.Date;
59 import java.util.Map;
60 import java.util.List;
61 import java.util.Locale;
62 import java.util.StringTokenizer;
63 import java.util.Iterator;
64 import java.util.HashSet;
65 import java.util.HashMap;
66 import java.util.Set;
67 import java.util.StringJoiner;
68 import sun.net.*;
69 import sun.net.www.*;
70 import sun.net.www.http.HttpClient;
71 import sun.net.www.http.PosterOutputStream;
72 import sun.net.www.http.ChunkedInputStream;
73 import sun.net.www.http.ChunkedOutputStream;
74 import sun.util.logging.PlatformLogger;
75 import java.text.SimpleDateFormat;
76 import java.util.TimeZone;
77 import java.net.MalformedURLException;
78 import java.nio.ByteBuffer;
79 import static sun.net.www.protocol.http.AuthScheme.BASIC;
80 import static sun.net.www.protocol.http.AuthScheme.DIGEST;
81 import static sun.net.www.protocol.http.AuthScheme.NTLM;
82 import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
83 import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
84 import static sun.net.www.protocol.http.AuthScheme.UNKNOWN;
85
86 /**
87 * A class to represent an HTTP connection to a remote object.
2861 private final static String SET_COOKIE2 = "set-cookie2";
2862
2863 /**
2864 * Returns a filtered version of the given headers value.
2865 *
2866 * Note: The implementation currently only filters out HttpOnly cookies
2867 * from Set-Cookie and Set-Cookie2 headers.
2868 */
2869 private String filterHeaderField(String name, String value) {
2870 if (value == null)
2871 return null;
2872
2873 if (SET_COOKIE.equalsIgnoreCase(name) ||
2874 SET_COOKIE2.equalsIgnoreCase(name)) {
2875
2876 // Filtering only if there is a cookie handler. [Assumption: the
2877 // cookie handler will store/retrieve the HttpOnly cookies]
2878 if (cookieHandler == null || value.length() == 0)
2879 return value;
2880
2881 sun.misc.JavaNetHttpCookieAccess access =
2882 sun.misc.SharedSecrets.getJavaNetHttpCookieAccess();
2883 StringJoiner retValue = new StringJoiner(","); // RFC 2965, comma separated
2884 List<HttpCookie> cookies = access.parse(value);
2885 for (HttpCookie cookie : cookies) {
2886 // skip HttpOnly cookies
2887 if (!cookie.isHttpOnly())
2888 retValue.add(access.header(cookie));
2889 }
2890 return retValue.toString();
2891 }
2892
2893 return value;
2894 }
2895
2896 // Cache the filtered response headers so that they don't need
2897 // to be generated for every getHeaderFields() call.
2898 private Map<String, List<String>> filteredHeaders; // null
2899
2900 private Map<String, List<String>> getFilteredHeaderFields() {
2901 if (filteredHeaders != null)
2902 return filteredHeaders;
|
48 import java.net.CacheRequest;
49 import java.net.URLPermission;
50 import java.net.Authenticator.RequestorType;
51 import java.security.AccessController;
52 import java.security.PrivilegedExceptionAction;
53 import java.security.PrivilegedActionException;
54 import java.io.*;
55 import java.net.*;
56 import java.util.ArrayList;
57 import java.util.Collections;
58 import java.util.Date;
59 import java.util.Map;
60 import java.util.List;
61 import java.util.Locale;
62 import java.util.StringTokenizer;
63 import java.util.Iterator;
64 import java.util.HashSet;
65 import java.util.HashMap;
66 import java.util.Set;
67 import java.util.StringJoiner;
68 import jdk.internal.misc.JavaNetHttpCookieAccess;
69 import jdk.internal.misc.SharedSecrets;
70 import sun.net.*;
71 import sun.net.www.*;
72 import sun.net.www.http.HttpClient;
73 import sun.net.www.http.PosterOutputStream;
74 import sun.net.www.http.ChunkedInputStream;
75 import sun.net.www.http.ChunkedOutputStream;
76 import sun.util.logging.PlatformLogger;
77 import java.text.SimpleDateFormat;
78 import java.util.TimeZone;
79 import java.net.MalformedURLException;
80 import java.nio.ByteBuffer;
81 import static sun.net.www.protocol.http.AuthScheme.BASIC;
82 import static sun.net.www.protocol.http.AuthScheme.DIGEST;
83 import static sun.net.www.protocol.http.AuthScheme.NTLM;
84 import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
85 import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
86 import static sun.net.www.protocol.http.AuthScheme.UNKNOWN;
87
88 /**
89 * A class to represent an HTTP connection to a remote object.
2863 private final static String SET_COOKIE2 = "set-cookie2";
2864
2865 /**
2866 * Returns a filtered version of the given headers value.
2867 *
2868 * Note: The implementation currently only filters out HttpOnly cookies
2869 * from Set-Cookie and Set-Cookie2 headers.
2870 */
2871 private String filterHeaderField(String name, String value) {
2872 if (value == null)
2873 return null;
2874
2875 if (SET_COOKIE.equalsIgnoreCase(name) ||
2876 SET_COOKIE2.equalsIgnoreCase(name)) {
2877
2878 // Filtering only if there is a cookie handler. [Assumption: the
2879 // cookie handler will store/retrieve the HttpOnly cookies]
2880 if (cookieHandler == null || value.length() == 0)
2881 return value;
2882
2883 JavaNetHttpCookieAccess access =
2884 SharedSecrets.getJavaNetHttpCookieAccess();
2885 StringJoiner retValue = new StringJoiner(","); // RFC 2965, comma separated
2886 List<HttpCookie> cookies = access.parse(value);
2887 for (HttpCookie cookie : cookies) {
2888 // skip HttpOnly cookies
2889 if (!cookie.isHttpOnly())
2890 retValue.add(access.header(cookie));
2891 }
2892 return retValue.toString();
2893 }
2894
2895 return value;
2896 }
2897
2898 // Cache the filtered response headers so that they don't need
2899 // to be generated for every getHeaderFields() call.
2900 private Map<String, List<String>> filteredHeaders; // null
2901
2902 private Map<String, List<String>> getFilteredHeaderFields() {
2903 if (filteredHeaders != null)
2904 return filteredHeaders;
|