1 /*
2 * Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4 *
5 * This code is free software; you can redistribute it and/or modify it
6 * under the terms of the GNU General Public License version 2 only, as
7 * published by the Free Software Foundation.
8 *
9 * This code is distributed in the hope that it will be useful, but WITHOUT
10 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
12 * version 2 for more details (a copy is included in the LICENSE file that
13 * accompanied this code).
14 *
15 * You should have received a copy of the GNU General Public License version
16 * 2 along with this work; if not, write to the Free Software Foundation,
17 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18 *
19 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20 * or visit www.oracle.com if you need additional information or have any
21 * questions.
22 */
23
24 /*
25 * @test
26 * @bug 8244205
27 * @summary checks that a different proxy returned for
28 * the same host:port is taken into account
29 * @modules java.base/sun.net.www.http
30 * java.net.http/jdk.internal.net.http.common
31 * java.net.http/jdk.internal.net.http.frame
32 * java.net.http/jdk.internal.net.http.hpack
33 * java.logging
34 * jdk.httpserver
35 * java.base/sun.net.www.http
36 * java.base/sun.net.www
37 * java.base/sun.net
38 * @library /lib/testlibrary http2/server
39 * @build HttpServerAdapters DigestEchoServer Http2TestServer ProxySelectorTest
40 * @build jdk.testlibrary.SimpleSSLContext
41 * @run testng/othervm
42 * -Djdk.http.auth.tunneling.disabledSchemes
43 * -Djdk.httpclient.HttpClient.log=headers,requests
44 * -Djdk.internal.httpclient.debug=true
45 * ProxySelectorTest
46 */
47
48 import com.sun.net.httpserver.HttpServer;
49 import com.sun.net.httpserver.HttpsConfigurator;
50 import com.sun.net.httpserver.HttpsServer;
51 import jdk.testlibrary.SimpleSSLContext;
52 import org.testng.ITestContext;
53 import org.testng.annotations.AfterClass;
54 import org.testng.annotations.AfterTest;
55 import org.testng.annotations.BeforeMethod;
56 import org.testng.annotations.BeforeTest;
57 import org.testng.annotations.DataProvider;
58 import org.testng.annotations.Test;
59
60 import javax.net.ssl.SSLContext;
61 import java.io.IOException;
62 import java.io.InputStream;
63 import java.net.InetAddress;
64 import java.net.InetSocketAddress;
65 import java.net.Proxy;
66 import java.net.ProxySelector;
67 import java.net.SocketAddress;
68 import java.net.URI;
69 import java.net.http.HttpClient;
70 import java.net.http.HttpRequest;
71 import java.net.http.HttpResponse;
72 import java.net.http.HttpResponse.BodyHandlers;
73 import java.util.List;
74 import java.util.Optional;
75 import java.util.concurrent.ConcurrentHashMap;
76 import java.util.concurrent.ConcurrentMap;
77 import java.util.concurrent.ExecutionException;
78 import java.util.concurrent.Executor;
79 import java.util.concurrent.Executors;
80 import java.util.concurrent.atomic.AtomicLong;
81
82 import static java.lang.System.err;
83 import static java.lang.System.out;
84 import static java.nio.charset.StandardCharsets.UTF_8;
85 import static org.testng.Assert.assertEquals;
86
87 public class ProxySelectorTest implements HttpServerAdapters {
88
89 SSLContext sslContext;
90 HttpTestServer httpTestServer; // HTTP/1.1
91 HttpTestServer proxyHttpTestServer; // HTTP/1.1
92 HttpTestServer authProxyHttpTestServer; // HTTP/1.1
93 HttpTestServer http2TestServer; // HTTP/2 ( h2c )
94 HttpTestServer httpsTestServer; // HTTPS/1.1
95 HttpTestServer https2TestServer; // HTTP/2 ( h2 )
96 DigestEchoServer.TunnelingProxy proxy;
97 DigestEchoServer.TunnelingProxy authproxy;
98 String httpURI;
99 String httpsURI;
100 String proxyHttpURI;
101 String authProxyHttpURI;
102 String http2URI;
103 String https2URI;
104 HttpClient client;
105
106 final ReferenceTracker TRACKER = ReferenceTracker.INSTANCE;
107 static final long SLEEP_AFTER_TEST = 0; // milliseconds
108 static final int ITERATIONS = 3;
109 static final Executor executor = new TestExecutor(Executors.newCachedThreadPool());
110 static final ConcurrentMap<String, Throwable> FAILURES = new ConcurrentHashMap<>();
111 static volatile boolean tasksFailed;
112 static final AtomicLong serverCount = new AtomicLong();
113 static final AtomicLong clientCount = new AtomicLong();
114 static final long start = System.nanoTime();
115 public static String now() {
116 long now = System.nanoTime() - start;
117 long secs = now / 1000_000_000;
118 long mill = (now % 1000_000_000) / 1000_000;
119 long nan = now % 1000_000;
120 return String.format("[%d s, %d ms, %d ns] ", secs, mill, nan);
121 }
122
123 static class TestExecutor implements Executor {
124 final AtomicLong tasks = new AtomicLong();
125 Executor executor;
126 TestExecutor(Executor executor) {
127 this.executor = executor;
128 }
129
130 @Override
131 public void execute(Runnable command) {
132 long id = tasks.incrementAndGet();
133 executor.execute(() -> {
134 try {
135 command.run();
136 } catch (Throwable t) {
137 tasksFailed = true;
138 out.printf(now() + "Task %s failed: %s%n", id, t);
139 err.printf(now() + "Task %s failed: %s%n", id, t);
140 FAILURES.putIfAbsent("Task " + id, t);
141 throw t;
142 }
143 });
144 }
145 }
146
147 protected boolean stopAfterFirstFailure() {
148 return Boolean.getBoolean("jdk.internal.httpclient.debug");
149 }
150
151 @BeforeMethod
152 void beforeMethod(ITestContext context) {
153 if (stopAfterFirstFailure() && context.getFailedTests().size() > 0) {
154 throw new RuntimeException("some tests failed");
155 }
156 }
157
158 @AfterClass
159 static final void printFailedTests() {
160 out.println("\n=========================");
161 try {
162 out.printf("%n%sCreated %d servers and %d clients%n",
163 now(), serverCount.get(), clientCount.get());
164 if (FAILURES.isEmpty()) return;
165 out.println("Failed tests: ");
166 FAILURES.entrySet().forEach((e) -> {
167 out.printf("\t%s: %s%n", e.getKey(), e.getValue());
168 e.getValue().printStackTrace(out);
169 e.getValue().printStackTrace();
170 });
171 if (tasksFailed) {
172 out.println("WARNING: Some tasks failed");
173 }
174 } finally {
175 out.println("\n=========================\n");
176 }
177 }
178
179 /*
180 * NOT_MODIFIED status code results from a conditional GET where
181 * the server does not (must not) return a response body because
182 * the condition specified in the request disallows it
183 */
184 static final int UNAUTHORIZED = 401;
185 static final int PROXY_UNAUTHORIZED = 407;
186 static final int HTTP_OK = 200;
187 static final String MESSAGE = "Unauthorized";
188 enum Schemes {
189 HTTP, HTTPS
190 }
191 @DataProvider(name = "all")
192 public Object[][] positive() {
193 return new Object[][] {
194 { Schemes.HTTP, HttpClient.Version.HTTP_1_1, httpURI, true},
195 { Schemes.HTTP, HttpClient.Version.HTTP_2, http2URI, true},
196 { Schemes.HTTPS, HttpClient.Version.HTTP_1_1, httpsURI, true},
197 { Schemes.HTTPS, HttpClient.Version.HTTP_2, https2URI, true},
198 { Schemes.HTTP, HttpClient.Version.HTTP_1_1, httpURI, false},
199 { Schemes.HTTP, HttpClient.Version.HTTP_2, http2URI, false},
200 { Schemes.HTTPS, HttpClient.Version.HTTP_1_1, httpsURI, false},
201 { Schemes.HTTPS, HttpClient.Version.HTTP_2, https2URI, false},
202 };
203 }
204
205 static final AtomicLong requestCounter = new AtomicLong();
206
207 static final AtomicLong sleepCount = new AtomicLong();
208
209 @Test(dataProvider = "all")
210 void test(Schemes scheme, HttpClient.Version version, String uri, boolean async)
211 throws Throwable
212 {
213 var name = String.format("test(%s, %s, %s)", scheme, version, async);
214 out.printf("%n---- starting %s ----%n", name);
215
216 for (int i=0; i<ITERATIONS; i++) {
217 if (ITERATIONS > 1) out.printf("---- ITERATION %d%n",i);
218 try {
219 doTest(scheme, version, uri, async);
220 long count = sleepCount.incrementAndGet();
221 System.err.println(now() + " Sleeping: " + count);
222 Thread.sleep(SLEEP_AFTER_TEST);
223 System.err.println(now() + " Waking up: " + count);
224 } catch (Throwable x) {
225 FAILURES.putIfAbsent(name, x);
226 throw x;
227 }
228 }
229 }
230
231 private <T> HttpResponse<T> send(HttpClient client,
232 URI uri,
233 HttpResponse.BodyHandler<T> handler,
234 boolean async) throws Throwable {
235 HttpRequest.Builder requestBuilder = HttpRequest
236 .newBuilder(uri)
237 .GET();
238
239 HttpRequest request = requestBuilder.build();
240 out.println("Sending request: " + request.uri());
241
242 HttpResponse<T> response = null;
243 if (async) {
244 response = client.send(request, handler);
245 } else {
246 try {
247 response = client.sendAsync(request, handler).get();
248 } catch (ExecutionException ex) {
249 throw ex.getCause();
250 }
251 }
252 return response;
253 }
254
255 private void doTest(Schemes scheme,
256 HttpClient.Version version,
257 String uriString,
258 boolean async) throws Throwable {
259
260 URI uri1 = URI.create(uriString + "/server/ProxySelectorTest");
261 URI uri2 = URI.create(uriString + "/proxy/noauth/ProxySelectorTest");
262 URI uri3 = URI.create(uriString + "/proxy/auth/ProxySelectorTest");
263
264 HttpResponse<String> response;
265
266 // First request should go with a direct connection.
267 // A plain server or https server should serve it, and we should get 200 OK
268 response = send(client, uri1, BodyHandlers.ofString(), async);
269 out.println("Got response from plain server: " + response);
270 assertEquals(response.statusCode(), HTTP_OK);
271 assertEquals(response.headers().firstValue("X-value"),
272 scheme == Schemes.HTTPS ? Optional.of("https-server") : Optional.of("plain-server"));
273
274 // Second request should go through a non authenticating proxy.
275 // For a clear connection - a proxy-server should serve it, and we should get 200 OK
276 // For an https connection - a tunnel should be established through the non
277 // authenticating proxy - and we should receive 200 OK from an https-server
278 response = send(client, uri2, BodyHandlers.ofString(), async);
279 out.println("Got response through noauth proxy: " + response);
280 assertEquals(response.statusCode(), HTTP_OK);
281 assertEquals(response.headers().firstValue("X-value"),
282 scheme == Schemes.HTTPS ? Optional.of("https-server") : Optional.of("proxy-server"));
283
284 // Third request should go through an authenticating proxy.
285 // For a clear connection - an auth-proxy-server should serve it, and we
286 // should get 407
287 // For an https connection - a tunnel should be established through an
288 // authenticating proxy - and we should receive 407 directly from the
289 // proxy - so the X-value header will be absent
290 response = send(client, uri3, BodyHandlers.ofString(), async);
291 out.println("Got response through auth proxy: " + response);
292 assertEquals(response.statusCode(), PROXY_UNAUTHORIZED);
293 assertEquals(response.headers().firstValue("X-value"),
294 scheme == Schemes.HTTPS ? Optional.empty() : Optional.of("auth-proxy-server"));
295
296 }
297
298 // -- Infrastructure
299
300 @BeforeTest
301 public void setup() throws Exception {
302 sslContext = new SimpleSSLContext().get();
303 if (sslContext == null)
304 throw new AssertionError("Unexpected null sslContext");
305
306 InetSocketAddress sa = new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);
307
308 httpTestServer = HttpTestServer.of(HttpServer.create(sa, 0));
309 httpTestServer.addHandler(new PlainServerHandler("plain-server"), "/http1/");
310 httpURI = "http://" + httpTestServer.serverAuthority() + "/http1";
311 proxyHttpTestServer = HttpTestServer.of(HttpServer.create(sa, 0));
312 proxyHttpTestServer.addHandler(new PlainServerHandler("proxy-server"), "/http1/proxy/");
313 proxyHttpTestServer.addHandler(new PlainServerHandler("proxy-server"), "/http2/proxy/");
314 proxyHttpURI = "http://" + httpTestServer.serverAuthority() + "/http1";
315 authProxyHttpTestServer = HttpTestServer.of(HttpServer.create(sa, 0));
316 authProxyHttpTestServer.addHandler(new UnauthorizedHandler("auth-proxy-server"), "/http1/proxy/");
317 authProxyHttpTestServer.addHandler(new UnauthorizedHandler("auth-proxy-server"), "/http2/proxy/");
318 proxyHttpURI = "http://" + httpTestServer.serverAuthority() + "/http1";
319
320 HttpsServer httpsServer = HttpsServer.create(sa, 0);
321 httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext));
322 httpsTestServer = HttpTestServer.of(httpsServer);
323 httpsTestServer.addHandler(new PlainServerHandler("https-server"),"/https1/");
324 httpsURI = "https://" + httpsTestServer.serverAuthority() + "/https1";
325
326 http2TestServer = HttpTestServer.of(new Http2TestServer("localhost", false, 0));
327 http2TestServer.addHandler(new PlainServerHandler("plain-server"), "/http2/");
328 http2URI = "http://" + http2TestServer.serverAuthority() + "/http2";
329 https2TestServer = HttpTestServer.of(new Http2TestServer("localhost", true, sslContext));
330 https2TestServer.addHandler(new PlainServerHandler("https-server"), "/https2/");
331 https2URI = "https://" + https2TestServer.serverAuthority() + "/https2";
332
333 proxy = DigestEchoServer.createHttpsProxyTunnel(DigestEchoServer.HttpAuthSchemeType.NONE);
334 authproxy = DigestEchoServer.createHttpsProxyTunnel(DigestEchoServer.HttpAuthSchemeType.BASIC);
335
336 client = TRACKER.track(HttpClient.newBuilder()
337 .proxy(new TestProxySelector())
338 .sslContext(sslContext)
339 .executor(executor)
340 .build());
341 clientCount.incrementAndGet();
342
343
344 httpTestServer.start();
345 serverCount.incrementAndGet();
346 proxyHttpTestServer.start();
347 serverCount.incrementAndGet();
348 authProxyHttpTestServer.start();
349 serverCount.incrementAndGet();
350 httpsTestServer.start();
351 serverCount.incrementAndGet();
352 http2TestServer.start();
353 serverCount.incrementAndGet();
354 https2TestServer.start();
355 serverCount.incrementAndGet();
356 }
357
358 @AfterTest
359 public void teardown() throws Exception {
360 client = null;
361 Thread.sleep(100);
362 AssertionError fail = TRACKER.check(500);
363
364 proxy.stop();
365 authproxy.stop();
366 httpTestServer.stop();
367 proxyHttpTestServer.stop();
368 authProxyHttpTestServer.stop();
369 httpsTestServer.stop();
370 http2TestServer.stop();
371 https2TestServer.stop();
372 }
373
374 class TestProxySelector extends ProxySelector {
375 @Override
376 public List<Proxy> select(URI uri) {
377 String path = uri.getPath();
378 out.println("Selecting proxy for: " + uri);
379 if (path.contains("/proxy/")) {
380 if (path.contains("/http1/") || path.contains("/http2/")) {
381 // Simple proxying
382 var p = path.contains("/auth/") ? authProxyHttpTestServer : proxyHttpTestServer;
383 return List.of(new Proxy(Proxy.Type.HTTP, p.getAddress()));
384 } else {
385 // Both HTTPS or HTTPS/2 require tunnelling
386 var p = path.contains("/auth/") ? authproxy : proxy;
387 return List.of(new Proxy(Proxy.Type.HTTP, p.getProxyAddress()));
388 }
389 }
390 System.out.print("NO_PROXY for " + uri);
391 return List.of(Proxy.NO_PROXY);
392 }
393 @Override
394 public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {
395 System.err.printf("Connect failed for: uri=\"%s\", sa=\"%s\", ioe=%s%n", uri, sa, ioe);
396 }
397 }
398
399 static class PlainServerHandler implements HttpTestHandler {
400
401 final String serverType;
402 PlainServerHandler(String serverType) {
403 this.serverType = serverType;
404 }
405
406 @Override
407 public void handle(HttpTestExchange t) throws IOException {
408 readAllRequestData(t); // shouldn't be any
409 String method = t.getRequestMethod();
410 String path = t.getRequestURI().getPath();
411 HttpTestRequestHeaders reqh = t.getRequestHeaders();
412 HttpTestResponseHeaders rsph = t.getResponseHeaders();
413
414 String xValue = serverType;
415 rsph.addHeader("X-value", serverType);
416
417 t.getResponseHeaders().addHeader("X-value", xValue);
418 byte[] body = "RESPONSE".getBytes(UTF_8);
419 t.sendResponseHeaders(HTTP_OK, body.length);
420 try (var out = t.getResponseBody()) {
421 out.write(body);
422 }
423 }
424 }
425
426 static class UnauthorizedHandler implements HttpTestHandler {
427
428 final String serverType;
429 UnauthorizedHandler(String serverType) {
430 this.serverType = serverType;
431 }
432
433 @Override
434 public void handle(HttpTestExchange t) throws IOException {
435 readAllRequestData(t); // shouldn't be any
436 String method = t.getRequestMethod();
437 String path = t.getRequestURI().getPath();
438 HttpTestRequestHeaders reqh = t.getRequestHeaders();
439 HttpTestResponseHeaders rsph = t.getResponseHeaders();
440
441 String xValue = serverType;
442 String srv = path.contains("/proxy/") ? "proxy" : "server";
443 String prefix = path.contains("/proxy/") ? "Proxy-" : "WWW-";
444 int code = path.contains("/proxy/") ? PROXY_UNAUTHORIZED : UNAUTHORIZED;
445 String resp = prefix + "Unauthorized";
446 rsph.addHeader(prefix + "Authenticate", "Basic realm=\"earth\", charset=\"UTF-8\"");
447
448 byte[] body = resp.getBytes(UTF_8);
449 t.getResponseHeaders().addHeader("X-value", xValue);
450 t.sendResponseHeaders(code, body.length);
451 try (var out = t.getResponseBody()) {
452 out.write(body);
453 }
454 }
455 }
456
457 static void readAllRequestData(HttpTestExchange t) throws IOException {
458 try (InputStream is = t.getRequestBody()) {
459 is.readAllBytes();
460 }
461 }
462 }