/*

 * Copyright 1995-2007 Sun Microsystems, Inc.  All Rights Reserved.

 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

 *

 * This code is free software; you can redistribute it and/or modify it

 * under the terms of the GNU General Public License version 2 only, as

 * published by the Free Software Foundation.  Sun designates this

 * particular file as subject to the "Classpath" exception as provided

 * by Sun in the LICENSE file that accompanied this code.

 *

 * This code is distributed in the hope that it will be useful, but WITHOUT

 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

 * version 2 for more details (a copy is included in the LICENSE file that

 * accompanied this code).

 *

 * You should have received a copy of the GNU General Public License version

 * 2 along with this work; if not, write to the Free Software Foundation,

 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

 *

 * Please contact Sun Microsystems, Inc., 4150 Network Circle, Santa Clara,

 * CA 95054 USA or visit www.sun.com if you need additional information or

 * have any questions.

 */

package sun.net.www.protocol.http;

import java.net.URL;

import java.net.URLConnection;

import java.net.ProtocolException;

import java.net.HttpRetryException;

import java.net.PasswordAuthentication;

import java.net.Authenticator;

import java.net.InetAddress;

import java.net.UnknownHostException;

import java.net.SocketTimeoutException;

import java.net.Proxy;

import java.net.ProxySelector;

import java.net.URI;

import java.net.InetSocketAddress;

import java.net.CookieHandler;

import java.net.ResponseCache;

import java.net.CacheResponse;

import java.net.SecureCacheResponse;

import java.net.CacheRequest;

import java.net.Authenticator.RequestorType;

import java.io.*;

import java.util.Date;

import java.util.Map;

import java.util.List;

import java.util.Locale;

import java.util.StringTokenizer;

import java.util.Iterator;

import java.util.Set;

import java.util.logging.Level;

import java.util.logging.Logger;

import sun.net.*;

import sun.net.www.*;

import sun.net.www.http.HttpClient;

import sun.net.www.http.PosterOutputStream;

import sun.net.www.http.ChunkedInputStream;

import sun.net.www.http.ChunkedOutputStream;

import java.text.SimpleDateFormat;

import java.util.TimeZone;

import java.net.MalformedURLException;

import java.nio.ByteBuffer;

import java.lang.reflect.*;

/**

 * A class to represent an HTTP connection to a remote object.

 */

public class HttpURLConnection extends java.net.HttpURLConnection {

    private static Logger logger = Logger.getLogger("sun.net.www.protocol.http.HttpURLConnection");

    static final String version;

    public static final String userAgent;

    /* max # of allowed re-directs */

    static final int defaultmaxRedirects = 20;

    static final int maxRedirects;

    /* Not all servers support the (Proxy)-Authentication-Info headers.

     * By default, we don't require them to be sent

     */

    static final boolean validateProxy;

    static final boolean validateServer;

    private StreamingOutputStream strOutputStream;

    private final static String RETRY_MSG1 =

        "cannot retry due to proxy authentication, in streaming mode";

    private final static String RETRY_MSG2 =

        "cannot retry due to server authentication, in streaming mode";

    private final static String RETRY_MSG3 =

        "cannot retry due to redirection, in streaming mode";

    /*

     * System properties related to error stream handling:

     *

     * sun.net.http.errorstream.enableBuffering = <boolean>

     *

     * With the above system property set to true (default is false),

     * when the response code is >=400, the HTTP handler will try to

     * buffer the response body (up to a certain amount and within a

     * time limit). Thus freeing up the underlying socket connection

     * for reuse. The rationale behind this is that usually when the

     * server responds with a >=400 error (client error or server

     * error, such as 404 file not found), the server will send a

     * small response body to explain who to contact and what to do to

     * recover. With this property set to true, even if the

     * application doesn't call getErrorStream(), read the response

     * body, and then call close(), the underlying socket connection

     * can still be kept-alive and reused. The following two system

     * properties provide further control to the error stream

     * buffering behaviour.

     *

     * sun.net.http.errorstream.timeout = <int>

     *     the timeout (in millisec) waiting the error stream

     *     to be buffered; default is 300 ms

     *

     * sun.net.http.errorstream.bufferSize = <int>

     *     the size (in bytes) to use for the buffering the error stream;

     *     default is 4k

     */

    /* Should we enable buffering of error streams? */

    private static boolean enableESBuffer = false;

    /* timeout waiting for read for buffered error stream;

     */

    private static int timeout4ESBuffer = 0;

    /* buffer size for buffered error stream;

    */

    private static int bufSize4ES = 0;

    static {

        maxRedirects = java.security.AccessController.doPrivileged(

            new sun.security.action.GetIntegerAction(

                "http.maxRedirects", defaultmaxRedirects)).intValue();

        version = java.security.AccessController.doPrivileged(

                    new sun.security.action.GetPropertyAction("java.version"));

        String agent = java.security.AccessController.doPrivileged(

                    new sun.security.action.GetPropertyAction("http.agent"));

        if (agent == null) {

            agent = "Java/"+version;

        } else {

            agent = agent + " Java/"+version;

        }

        userAgent = agent;

        validateProxy = java.security.AccessController.doPrivileged(

                new sun.security.action.GetBooleanAction(

                    "http.auth.digest.validateProxy")).booleanValue();

        validateServer = java.security.AccessController.doPrivileged(

                new sun.security.action.GetBooleanAction(

                    "http.auth.digest.validateServer")).booleanValue();

        enableESBuffer = java.security.AccessController.doPrivileged(

                new sun.security.action.GetBooleanAction(

                    "sun.net.http.errorstream.enableBuffering")).booleanValue();

        timeout4ESBuffer = java.security.AccessController.doPrivileged(

                new sun.security.action.GetIntegerAction(

                    "sun.net.http.errorstream.timeout", 300)).intValue();

        if (timeout4ESBuffer <= 0) {

            timeout4ESBuffer = 300; // use the default

        }

        bufSize4ES = java.security.AccessController.doPrivileged(

                new sun.security.action.GetIntegerAction(

                    "sun.net.http.errorstream.bufferSize", 4096)).intValue();

        if (bufSize4ES <= 0) {

            bufSize4ES = 4096; // use the default

        }

    }

    static final String httpVersion = "HTTP/1.1";

    static final String acceptString =

        "text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2";

    // the following http request headers should NOT have their values

    // returned for security reasons.

    private static final String[] EXCLUDE_HEADERS = {

            "Proxy-Authorization",

            "Authorization"

    };

    protected HttpClient http;

    protected Handler handler;

    protected Proxy instProxy;

    private CookieHandler cookieHandler;

    private ResponseCache cacheHandler;

    // the cached response, and cached response headers and body

    protected CacheResponse cachedResponse;

    private MessageHeader cachedHeaders;

    private InputStream cachedInputStream;

    /* output stream to server */

    protected PrintStream ps = null;

    /* buffered error stream */

    private InputStream errorStream = null;

    /* User set Cookies */

    private boolean setUserCookies = true;

    private String userCookies = null;

    /* We only have a single static authenticator for now.

     * REMIND:  backwards compatibility with JDK 1.1.  Should be

     * eliminated for JDK 2.0.

     */

    private static HttpAuthenticator defaultAuth;

    /* all the headers we send

     * NOTE: do *NOT* dump out the content of 'requests' in the

     * output or stacktrace since it may contain security-sensitive

     * headers such as those defined in EXCLUDE_HEADERS.

     */

    private MessageHeader requests;

    /* The following two fields are only used with Digest Authentication */

    String domain;      /* The list of authentication domains */

    DigestAuthentication.Parameters digestparams;

    /* Current credentials in use */

    AuthenticationInfo  currentProxyCredentials = null;

    AuthenticationInfo  currentServerCredentials = null;

    boolean             needToCheck = true;

    private boolean doingNTLM2ndStage = false; /* doing the 2nd stage of an NTLM server authentication */

    private boolean doingNTLMp2ndStage = false; /* doing the 2nd stage of an NTLM proxy authentication */

    /* try auth without calling Authenticator */

    private boolean tryTransparentNTLMServer = NTLMAuthentication.supportsTransparentAuth();

    private boolean tryTransparentNTLMProxy = NTLMAuthentication.supportsTransparentAuth();

    Object authObj;

    /* Set if the user is manually setting the Authorization or Proxy-Authorization headers */

    boolean isUserServerAuth;

    boolean isUserProxyAuth;

    /* Progress source */

    protected ProgressSource pi;

    /* all the response headers we get back */

    private MessageHeader responses;

    /* the stream _from_ the server */

    private InputStream inputStream = null;

    /* post stream _to_ the server, if any */

    private PosterOutputStream poster = null;

    /* Indicates if the std. request headers have been set in requests. */

    private boolean setRequests=false;

    /* Indicates whether a request has already failed or not */

    private boolean failedOnce=false;

    /* Remembered Exception, we will throw it again if somebody

       calls getInputStream after disconnect */

    private Exception rememberedException = null;

    /* If we decide we want to reuse a client, we put it here */

    private HttpClient reuseClient = null;

    /* Redefine timeouts from java.net.URLConnection as we nee -1 to mean

     * not set. This is to ensure backward compatibility.

     */

    private int connectTimeout = -1;

    private int readTimeout = -1;

    /*

     * privileged request password authentication

     *

     */

    private static PasswordAuthentication

    privilegedRequestPasswordAuthentication(

                            final String host,

                            final InetAddress addr,

                            final int port,

                            final String protocol,

                            final String prompt,

                            final String scheme,

                            final URL url,

                            final RequestorType authType) {

        return java.security.AccessController.doPrivileged(

            new java.security.PrivilegedAction<PasswordAuthentication>() {

                public PasswordAuthentication run() {

                    return Authenticator.requestPasswordAuthentication(

                        host, addr, port, protocol,

                        prompt, scheme, url, authType);

                }

            });

    }

    /*

     * checks the validity of http message header and throws

     * IllegalArgumentException if invalid.

     */

    private void checkMessageHeader(String key, String value) {

        char LF = '\n';

        int index = key.indexOf(LF);

        if (index != -1) {

            throw new IllegalArgumentException(

                "Illegal character(s) in message header field: " + key);

        }

        else {

            if (value == null) {

                return;

            }

            index = value.indexOf(LF);

            while (index != -1) {

                index++;

                if (index < value.length()) {

                    char c = value.charAt(index);

                    if ((c==' ') || (c=='\t')) {

                        // ok, check the next occurrence

                        index = value.indexOf(LF, index);

                        continue;

                    }

                }

                throw new IllegalArgumentException(

                    "Illegal character(s) in message header value: " + value);

            }

        }

    }

    /* adds the standard key/val pairs to reqests if necessary & write to

     * given PrintStream

     */

    private void writeRequests() throws IOException {

        /* print all message headers in the MessageHeader

         * onto the wire - all the ones we've set and any

         * others that have been set

         */

        // send any pre-emptive authentication

            setPreemptiveProxyAuthentication(requests);

        }

        if (!setRequests) {

            /* We're very particular about the order in which we

             * set the request headers here.  The order should not

             * matter, but some careless CGI programs have been

             * written to expect a very particular order of the

             * standard headers.  To name names, the order in which

             * Navigator3.0 sends them.  In particular, we make *sure*

             * to send Content-type: <> and Content-length:<> second

             * to last and last, respectively, in the case of a POST

             * request.

             */

            if (!failedOnce)

                requests.prepend(method + " " + http.getURLFile()+" "  +

                                 httpVersion, null);

            if (!getUseCaches()) {

                requests.setIfNotSet ("Cache-Control", "no-cache");

                requests.setIfNotSet ("Pragma", "no-cache");

            }

            requests.setIfNotSet("User-Agent", userAgent);

            int port = url.getPort();

            String host = url.getHost();

            if (port != -1 && port != url.getDefaultPort()) {

                host += ":" + String.valueOf(port);

            }

            requests.setIfNotSet("Host", host);

            requests.setIfNotSet("Accept", acceptString);

            /*

             * For HTTP/1.1 the default behavior is to keep connections alive.

             * However, we may be talking to a 1.0 server so we should set

             * keep-alive just in case, except if we have encountered an error

             * or if keep alive is disabled via a system property

             */

            // Try keep-alive only on first attempt

            if (!failedOnce && http.getHttpKeepAliveSet()) {

                if (http.usingProxy) {

                    requests.setIfNotSet("Proxy-Connection", "keep-alive");

                } else {

                    requests.setIfNotSet("Connection", "keep-alive");

                }

            } else {

                /*

                 * RFC 2616 HTTP/1.1 section 14.10 says:

                 * HTTP/1.1 applications that do not support persistent

                 * connections MUST include the "close" connection option

                 * in every message

                 */

                requests.setIfNotSet("Connection", "close");

            }

            // Set modified since if necessary

            long modTime = getIfModifiedSince();

            if (modTime != 0 ) {

                Date date = new Date(modTime);

                //use the preferred date format according to RFC 2068(HTTP1.1),

                // RFC 822 and RFC 1123

                SimpleDateFormat fo =

                  new SimpleDateFormat ("EEE, dd MMM yyyy HH:mm:ss 'GMT'", Locale.US);

                fo.setTimeZone(TimeZone.getTimeZone("GMT"));

                requests.setIfNotSet("If-Modified-Since", fo.format(date));

            }

            // check for preemptive authorization

            AuthenticationInfo sauth = AuthenticationInfo.getServerAuth(url);

            if (sauth != null && sauth.supportsPreemptiveAuthorization() ) {

                // Sets "Authorization"

                requests.setIfNotSet(sauth.getHeaderName(), sauth.getHeaderValue(url,method));

                currentServerCredentials = sauth;

            }

            if (!method.equals("PUT") && (poster != null || streaming())) {

                requests.setIfNotSet ("Content-type",

                        "application/x-www-form-urlencoded");

            }

            if (streaming()) {

                if (chunkLength != -1) {

                    requests.set ("Transfer-Encoding", "chunked");

                } else {

                    requests.set ("Content-Length", String.valueOf(fixedContentLength));

                }

            } else if (poster != null) {

                /* add Content-Length & POST/PUT data */

                synchronized (poster) {

                    /* close it, so no more data can be added */

                    poster.close();

                    requests.set("Content-Length",

                                 String.valueOf(poster.size()));

                }

            }

            // get applicable cookies based on the uri and request headers

            // add them to the existing request headers

            setCookieHeader();

            setRequests=true;

        }

        if(logger.isLoggable(Level.FINEST)) {

            logger.fine(requests.toString());

        }

        http.writeRequests(requests, poster);

        if (ps.checkError()) {

            String proxyHost = http.getProxyHostUsed();

            int proxyPort = http.getProxyPortUsed();

            disconnectInternal();

            if (failedOnce) {

                throw new IOException("Error writing to server");

            } else { // try once more

                failedOnce=true;

                if (proxyHost != null) {

                    setProxiedClient(url, proxyHost, proxyPort);

                } else {

                    setNewClient (url);

                }

                ps = (PrintStream) http.getOutputStream();

                connected=true;

                responses = new MessageHeader();

                setRequests=false;

                writeRequests();

            }

        }

    }

    /**

     * Create a new HttpClient object, bypassing the cache of

     * HTTP client objects/connections.

     *

     * @param url       the URL being accessed

     */

    protected void setNewClient (URL url)

    throws IOException {

        setNewClient(url, false);

    }

    /**

     * Obtain a HttpsClient object. Use the cached copy if specified.

     *

     * @param url       the URL being accessed

     * @param useCache  whether the cached connection should be used

     *        if present

     */

    protected void setNewClient (URL url, boolean useCache)

        throws IOException {

        http = HttpClient.New(url, null, -1, useCache, connectTimeout);

        http.setReadTimeout(readTimeout);

    }

    /**

     * Create a new HttpClient object, set up so that it uses

     * per-instance proxying to the given HTTP proxy.  This

     * bypasses the cache of HTTP client objects/connections.

     *

     * @param url       the URL being accessed

     * @param proxyHost the proxy host to use

     * @param proxyPort the proxy port to use

     */

    protected void setProxiedClient (URL url, String proxyHost, int proxyPort)

    throws IOException {

        setProxiedClient(url, proxyHost, proxyPort, false);

    }

    /**

     * Obtain a HttpClient object, set up so that it uses per-instance

     * proxying to the given HTTP proxy. Use the cached copy of HTTP

     * client objects/connections if specified.