48 import java.net.CacheRequest; 49 import java.net.URLPermission; 50 import java.net.Authenticator.RequestorType; 51 import java.security.AccessController; 52 import java.security.PrivilegedExceptionAction; 53 import java.security.PrivilegedActionException; 54 import java.io.*; 55 import java.net.*; 56 import java.util.ArrayList; 57 import java.util.Collections; 58 import java.util.Date; 59 import java.util.Map; 60 import java.util.List; 61 import java.util.Locale; 62 import java.util.StringTokenizer; 63 import java.util.Iterator; 64 import java.util.HashSet; 65 import java.util.HashMap; 66 import java.util.Set; 67 import java.util.StringJoiner; 68 import sun.net.*; 69 import sun.net.www.*; 70 import sun.net.www.http.HttpClient; 71 import sun.net.www.http.PosterOutputStream; 72 import sun.net.www.http.ChunkedInputStream; 73 import sun.net.www.http.ChunkedOutputStream; 74 import sun.util.logging.PlatformLogger; 75 import java.text.SimpleDateFormat; 76 import java.util.TimeZone; 77 import java.net.MalformedURLException; 78 import java.nio.ByteBuffer; 79 import static sun.net.www.protocol.http.AuthScheme.BASIC; 80 import static sun.net.www.protocol.http.AuthScheme.DIGEST; 81 import static sun.net.www.protocol.http.AuthScheme.NTLM; 82 import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE; 83 import static sun.net.www.protocol.http.AuthScheme.KERBEROS; 84 import static sun.net.www.protocol.http.AuthScheme.UNKNOWN; 85 86 /** 87 * A class to represent an HTTP connection to a remote object. 2861 private final static String SET_COOKIE2 = "set-cookie2"; 2862 2863 /** 2864 * Returns a filtered version of the given headers value. 2865 * 2866 * Note: The implementation currently only filters out HttpOnly cookies 2867 * from Set-Cookie and Set-Cookie2 headers. 2868 */ 2869 private String filterHeaderField(String name, String value) { 2870 if (value == null) 2871 return null; 2872 2873 if (SET_COOKIE.equalsIgnoreCase(name) || 2874 SET_COOKIE2.equalsIgnoreCase(name)) { 2875 2876 // Filtering only if there is a cookie handler. [Assumption: the 2877 // cookie handler will store/retrieve the HttpOnly cookies] 2878 if (cookieHandler == null || value.length() == 0) 2879 return value; 2880 2881 sun.misc.JavaNetHttpCookieAccess access = 2882 sun.misc.SharedSecrets.getJavaNetHttpCookieAccess(); 2883 StringJoiner retValue = new StringJoiner(","); // RFC 2965, comma separated 2884 List<HttpCookie> cookies = access.parse(value); 2885 for (HttpCookie cookie : cookies) { 2886 // skip HttpOnly cookies 2887 if (!cookie.isHttpOnly()) 2888 retValue.add(access.header(cookie)); 2889 } 2890 return retValue.toString(); 2891 } 2892 2893 return value; 2894 } 2895 2896 // Cache the filtered response headers so that they don't need 2897 // to be generated for every getHeaderFields() call. 2898 private Map<String, List<String>> filteredHeaders; // null 2899 2900 private Map<String, List<String>> getFilteredHeaderFields() { 2901 if (filteredHeaders != null) 2902 return filteredHeaders; | 48 import java.net.CacheRequest; 49 import java.net.URLPermission; 50 import java.net.Authenticator.RequestorType; 51 import java.security.AccessController; 52 import java.security.PrivilegedExceptionAction; 53 import java.security.PrivilegedActionException; 54 import java.io.*; 55 import java.net.*; 56 import java.util.ArrayList; 57 import java.util.Collections; 58 import java.util.Date; 59 import java.util.Map; 60 import java.util.List; 61 import java.util.Locale; 62 import java.util.StringTokenizer; 63 import java.util.Iterator; 64 import java.util.HashSet; 65 import java.util.HashMap; 66 import java.util.Set; 67 import java.util.StringJoiner; 68 import jdk.internal.misc.JavaNetHttpCookieAccess; 69 import jdk.internal.misc.SharedSecrets; 70 import sun.net.*; 71 import sun.net.www.*; 72 import sun.net.www.http.HttpClient; 73 import sun.net.www.http.PosterOutputStream; 74 import sun.net.www.http.ChunkedInputStream; 75 import sun.net.www.http.ChunkedOutputStream; 76 import sun.util.logging.PlatformLogger; 77 import java.text.SimpleDateFormat; 78 import java.util.TimeZone; 79 import java.net.MalformedURLException; 80 import java.nio.ByteBuffer; 81 import static sun.net.www.protocol.http.AuthScheme.BASIC; 82 import static sun.net.www.protocol.http.AuthScheme.DIGEST; 83 import static sun.net.www.protocol.http.AuthScheme.NTLM; 84 import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE; 85 import static sun.net.www.protocol.http.AuthScheme.KERBEROS; 86 import static sun.net.www.protocol.http.AuthScheme.UNKNOWN; 87 88 /** 89 * A class to represent an HTTP connection to a remote object. 2863 private final static String SET_COOKIE2 = "set-cookie2"; 2864 2865 /** 2866 * Returns a filtered version of the given headers value. 2867 * 2868 * Note: The implementation currently only filters out HttpOnly cookies 2869 * from Set-Cookie and Set-Cookie2 headers. 2870 */ 2871 private String filterHeaderField(String name, String value) { 2872 if (value == null) 2873 return null; 2874 2875 if (SET_COOKIE.equalsIgnoreCase(name) || 2876 SET_COOKIE2.equalsIgnoreCase(name)) { 2877 2878 // Filtering only if there is a cookie handler. [Assumption: the 2879 // cookie handler will store/retrieve the HttpOnly cookies] 2880 if (cookieHandler == null || value.length() == 0) 2881 return value; 2882 2883 JavaNetHttpCookieAccess access = 2884 SharedSecrets.getJavaNetHttpCookieAccess(); 2885 StringJoiner retValue = new StringJoiner(","); // RFC 2965, comma separated 2886 List<HttpCookie> cookies = access.parse(value); 2887 for (HttpCookie cookie : cookies) { 2888 // skip HttpOnly cookies 2889 if (!cookie.isHttpOnly()) 2890 retValue.add(access.header(cookie)); 2891 } 2892 return retValue.toString(); 2893 } 2894 2895 return value; 2896 } 2897 2898 // Cache the filtered response headers so that they don't need 2899 // to be generated for every getHeaderFields() call. 2900 private Map<String, List<String>> filteredHeaders; // null 2901 2902 private Map<String, List<String>> getFilteredHeaderFields() { 2903 if (filteredHeaders != null) 2904 return filteredHeaders; |