1 /* 2 * Copyright (c) 2015, 2020, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package jdk.internal.net.http.websocket; 27 28 import java.net.http.HttpClient; 29 import java.net.http.HttpClient.Version; 30 import java.net.http.HttpHeaders; 31 import java.net.http.HttpRequest; 32 import java.net.http.HttpResponse; 33 import java.net.http.HttpResponse.BodyHandlers; 34 import java.net.http.WebSocketHandshakeException; 35 36 import jdk.internal.net.http.HttpRequestBuilderImpl; 37 import jdk.internal.net.http.HttpRequestImpl; 38 import jdk.internal.net.http.common.MinimalFuture; 39 import jdk.internal.net.http.common.Pair; 40 import jdk.internal.net.http.common.Utils; 41 42 import java.io.IOException; 43 import java.net.InetSocketAddress; 44 import java.net.Proxy; 45 import java.net.ProxySelector; 46 import java.net.URI; 47 import java.net.URISyntaxException; 48 import java.net.URLPermission; 49 import java.nio.charset.StandardCharsets; 50 import java.security.AccessController; 51 import java.security.MessageDigest; 52 import java.security.NoSuchAlgorithmException; 53 import java.security.PrivilegedAction; 54 import java.security.SecureRandom; 55 import java.time.Duration; 56 import java.util.Base64; 57 import java.util.Collection; 58 import java.util.Collections; 59 import java.util.LinkedHashSet; 60 import java.util.List; 61 import java.util.Optional; 62 import java.util.Set; 63 import java.util.TreeSet; 64 import java.util.concurrent.CompletableFuture; 65 import java.util.stream.Collectors; 66 import java.util.stream.Stream; 67 68 import static java.lang.String.format; 69 import static jdk.internal.net.http.common.Utils.isValidName; 70 import static jdk.internal.net.http.common.Utils.permissionForProxy; 71 import static jdk.internal.net.http.common.Utils.stringOf; 72 73 public class OpeningHandshake { 74 75 private static final String HEADER_CONNECTION = "Connection"; 76 private static final String HEADER_UPGRADE = "Upgrade"; 77 private static final String HEADER_ACCEPT = "Sec-WebSocket-Accept"; 78 private static final String HEADER_EXTENSIONS = "Sec-WebSocket-Extensions"; 79 private static final String HEADER_KEY = "Sec-WebSocket-Key"; 80 private static final String HEADER_PROTOCOL = "Sec-WebSocket-Protocol"; 81 private static final String HEADER_VERSION = "Sec-WebSocket-Version"; 82 private static final String VERSION = "13"; // WebSocket's lucky number 83 84 private static final Set<String> ILLEGAL_HEADERS; 85 86 static { 87 ILLEGAL_HEADERS = new TreeSet<>(String.CASE_INSENSITIVE_ORDER); 88 ILLEGAL_HEADERS.addAll(List.of(HEADER_ACCEPT, 89 HEADER_EXTENSIONS, 90 HEADER_KEY, 91 HEADER_PROTOCOL, 92 HEADER_VERSION)); 93 } 94 95 private static final SecureRandom random = new SecureRandom(); 96 97 private final MessageDigest sha1; 98 private final HttpClient client; 99 100 { 101 try { 102 sha1 = MessageDigest.getInstance("SHA-1"); 103 } catch (NoSuchAlgorithmException e) { 104 // Shouldn't happen: SHA-1 must be available in every Java platform 105 // implementation 106 throw new InternalError("Minimum requirements", e); 107 } 108 } 109 110 private final HttpRequestImpl request; 111 private final Collection<String> subprotocols; 112 private final String nonce; 113 114 public OpeningHandshake(BuilderImpl b) { 115 checkURI(b.getUri()); 116 Proxy proxy = proxyFor(b.getProxySelector(), b.getUri()); 117 checkPermissions(b, proxy); 118 this.client = b.getClient(); 119 URI httpURI = createRequestURI(b.getUri()); 120 HttpRequestBuilderImpl requestBuilder = new HttpRequestBuilderImpl(httpURI); 121 Duration connectTimeout = b.getConnectTimeout(); 122 if (connectTimeout != null) { 123 requestBuilder.timeout(connectTimeout); 124 } 125 for (Pair<String, String> p : b.getHeaders()) { 126 if (ILLEGAL_HEADERS.contains(p.first)) { 127 throw illegal("Illegal header: " + p.first); 128 } 129 requestBuilder.header(p.first, p.second); 130 } 131 this.subprotocols = createRequestSubprotocols(b.getSubprotocols()); 132 if (!this.subprotocols.isEmpty()) { 133 String p = String.join(", ", this.subprotocols); 134 requestBuilder.header(HEADER_PROTOCOL, p); 135 } 136 requestBuilder.header(HEADER_VERSION, VERSION); 137 this.nonce = createNonce(); 138 requestBuilder.header(HEADER_KEY, this.nonce); 139 // Setting request version to HTTP/1.1 forcibly, since it's not possible 140 // to upgrade from HTTP/2 to WebSocket (as of August 2016): 141 // 142 // https://tools.ietf.org/html/draft-hirano-httpbis-websocket-over-http2-00 143 requestBuilder.version(Version.HTTP_1_1).GET(); 144 request = requestBuilder.buildForWebSocket(); 145 request.isWebSocket(true); 146 Utils.setWebSocketUpgradeHeaders(request); 147 request.setProxy(proxy); 148 } 149 150 private static Collection<String> createRequestSubprotocols( 151 Collection<String> subprotocols) 152 { 153 LinkedHashSet<String> sp = new LinkedHashSet<>(subprotocols.size(), 1); 154 for (String s : subprotocols) { 155 if (s.trim().isEmpty() || !isValidName(s)) { 156 throw illegal("Bad subprotocol syntax: " + s); 157 } 158 if (!sp.add(s)) { 159 throw illegal("Duplicating subprotocol: " + s); 160 } 161 } 162 return Collections.unmodifiableCollection(sp); 163 } 164 165 /* 166 * Checks the given URI for being a WebSocket URI and translates it into a 167 * target HTTP URI for the Opening Handshake. 168 * 169 * https://tools.ietf.org/html/rfc6455#section-3 170 */ 171 static URI createRequestURI(URI uri) { 172 String s = uri.getScheme(); 173 assert "ws".equalsIgnoreCase(s) || "wss".equalsIgnoreCase(s); 174 String scheme = "ws".equalsIgnoreCase(s) ? "http" : "https"; 175 try { 176 return new URI(scheme, 177 uri.getUserInfo(), 178 uri.getHost(), 179 uri.getPort(), 180 uri.getPath(), 181 uri.getQuery(), 182 null); // No fragment 183 } catch (URISyntaxException e) { 184 // Shouldn't happen: URI invariant 185 throw new InternalError(e); 186 } 187 } 188 189 public CompletableFuture<Result> send() { 190 PrivilegedAction<CompletableFuture<Result>> pa = () -> 191 client.sendAsync(this.request, BodyHandlers.discarding()) 192 .thenCompose(this::resultFrom); 193 return AccessController.doPrivileged(pa); 194 } 195 196 /* 197 * The result of the opening handshake. 198 */ 199 static final class Result { 200 201 final String subprotocol; 202 final TransportFactory transport; 203 204 private Result(String subprotocol, TransportFactory transport) { 205 this.subprotocol = subprotocol; 206 this.transport = transport; 207 } 208 } 209 210 private CompletableFuture<Result> resultFrom(HttpResponse<?> response) { 211 // Do we need a special treatment for SSLHandshakeException? 212 // Namely, invoking 213 // 214 // Listener.onClose(StatusCodes.TLS_HANDSHAKE_FAILURE, "") 215 // 216 // See https://tools.ietf.org/html/rfc6455#section-7.4.1 217 Result result = null; 218 Throwable exception = null; 219 try { 220 result = handleResponse(response); 221 } catch (IOException e) { 222 exception = e; 223 } catch (Exception e) { 224 exception = new WebSocketHandshakeException(response).initCause(e); 225 } catch (Error e) { 226 // We should attempt to close the connection and relay 227 // the error through the completable future even in this 228 // case. 229 exception = e; 230 } 231 if (exception == null) { 232 return MinimalFuture.completedFuture(result); 233 } 234 try { 235 // calling this method will close the rawChannel, if created, 236 // or the connection, if not. 237 ((RawChannel.Provider) response).closeRawChannel(); 238 } catch (IOException e) { 239 exception.addSuppressed(e); 240 } 241 return MinimalFuture.failedFuture(exception); 242 } 243 244 private Result handleResponse(HttpResponse<?> response) throws IOException { 245 // By this point all redirects, authentications, etc. (if any) MUST have 246 // been done by the HttpClient used by the WebSocket; so only 101 is 247 // expected 248 int c = response.statusCode(); 249 if (c != 101) { 250 throw checkFailed("Unexpected HTTP response status code " + c); 251 } 252 HttpHeaders headers = response.headers(); 253 String upgrade = requireSingle(headers, HEADER_UPGRADE); 254 if (!upgrade.equalsIgnoreCase("websocket")) { 255 throw checkFailed("Bad response field: " + HEADER_UPGRADE); 256 } 257 String connection = requireSingle(headers, HEADER_CONNECTION); 258 if (!connection.equalsIgnoreCase("Upgrade")) { 259 throw checkFailed("Bad response field: " + HEADER_CONNECTION); 260 } 261 Optional<String> version = requireAtMostOne(headers, HEADER_VERSION); 262 if (version.isPresent() && !version.get().equals(VERSION)) { 263 throw checkFailed("Bad response field: " + HEADER_VERSION); 264 } 265 requireAbsent(headers, HEADER_EXTENSIONS); 266 String x = this.nonce + "258EAFA5-E914-47DA-95CA-C5AB0DC85B11"; 267 this.sha1.update(x.getBytes(StandardCharsets.ISO_8859_1)); 268 String expected = Base64.getEncoder().encodeToString(this.sha1.digest()); 269 String actual = requireSingle(headers, HEADER_ACCEPT); 270 if (!actual.trim().equals(expected)) { 271 throw checkFailed("Bad " + HEADER_ACCEPT); 272 } 273 String subprotocol = checkAndReturnSubprotocol(headers); 274 RawChannel channel = ((RawChannel.Provider) response).rawChannel(); 275 return new Result(subprotocol, new TransportFactoryImpl(channel)); 276 } 277 278 private String checkAndReturnSubprotocol(HttpHeaders responseHeaders) 279 throws CheckFailedException 280 { 281 Optional<String> opt = responseHeaders.firstValue(HEADER_PROTOCOL); 282 if (!opt.isPresent()) { 283 // If there is no such header in the response, then the server 284 // doesn't want to use any subprotocol 285 return ""; 286 } 287 String s = requireSingle(responseHeaders, HEADER_PROTOCOL); 288 // An empty string as a subprotocol's name is not allowed by the spec 289 // and the check below will detect such responses too 290 if (this.subprotocols.contains(s)) { 291 return s; 292 } else { 293 throw checkFailed("Unexpected subprotocol: " + s); 294 } 295 } 296 297 private static void requireAbsent(HttpHeaders responseHeaders, 298 String headerName) 299 { 300 List<String> values = responseHeaders.allValues(headerName); 301 if (!values.isEmpty()) { 302 throw checkFailed(format("Response field '%s' present: %s", 303 headerName, 304 stringOf(values))); 305 } 306 } 307 308 private static Optional<String> requireAtMostOne(HttpHeaders responseHeaders, 309 String headerName) 310 { 311 List<String> values = responseHeaders.allValues(headerName); 312 if (values.size() > 1) { 313 throw checkFailed(format("Response field '%s' multivalued: %s", 314 headerName, 315 stringOf(values))); 316 } 317 return values.stream().findFirst(); 318 } 319 320 private static String requireSingle(HttpHeaders responseHeaders, 321 String headerName) 322 { 323 List<String> values = responseHeaders.allValues(headerName); 324 if (values.isEmpty()) { 325 throw checkFailed("Response field missing: " + headerName); 326 } else if (values.size() > 1) { 327 throw checkFailed(format("Response field '%s' multivalued: %s", 328 headerName, 329 stringOf(values))); 330 } 331 return values.get(0); 332 } 333 334 private static String createNonce() { 335 byte[] bytes = new byte[16]; 336 OpeningHandshake.random.nextBytes(bytes); 337 return Base64.getEncoder().encodeToString(bytes); 338 } 339 340 private static CheckFailedException checkFailed(String message) { 341 throw new CheckFailedException(message); 342 } 343 344 private static URI checkURI(URI uri) { 345 String scheme = uri.getScheme(); 346 if (!("ws".equalsIgnoreCase(scheme) || "wss".equalsIgnoreCase(scheme))) 347 throw illegal("invalid URI scheme: " + scheme); 348 if (uri.getHost() == null) 349 throw illegal("URI must contain a host: " + uri); 350 if (uri.getFragment() != null) 351 throw illegal("URI must not contain a fragment: " + uri); 352 return uri; 353 } 354 355 private static IllegalArgumentException illegal(String message) { 356 return new IllegalArgumentException(message); 357 } 358 359 /** 360 * Returns the proxy for the given URI when sent through the given client, 361 * or {@code null} if none is required or applicable. 362 */ 363 private static Proxy proxyFor(Optional<ProxySelector> selector, URI uri) { 364 if (!selector.isPresent()) { 365 return null; 366 } 367 URI requestURI = createRequestURI(uri); // Based on the HTTP scheme 368 List<Proxy> pl = selector.get().select(requestURI); 369 if (pl.isEmpty()) { 370 return null; 371 } 372 Proxy proxy = pl.get(0); 373 if (proxy.type() != Proxy.Type.HTTP) { 374 return null; 375 } 376 return proxy; 377 } 378 379 /** 380 * Performs the necessary security permissions checks to connect ( possibly 381 * through a proxy ) to the builders WebSocket URI. 382 * 383 * @throws SecurityException if the security manager denies access 384 */ 385 static void checkPermissions(BuilderImpl b, Proxy proxy) { 386 SecurityManager sm = System.getSecurityManager(); 387 if (sm == null) { 388 return; 389 } 390 Stream<String> headers = b.getHeaders().stream().map(p -> p.first).distinct(); 391 URLPermission perm1 = Utils.permissionForServer(b.getUri(), "", headers); 392 sm.checkPermission(perm1); 393 if (proxy == null) { 394 return; 395 } 396 URLPermission perm2 = permissionForProxy((InetSocketAddress) proxy.address()); 397 if (perm2 != null) { 398 sm.checkPermission(perm2); 399 } 400 } 401 }