23 * questions. |
23 * questions. |
24 */ |
24 */ |
25 |
25 |
26 package sun.net.www.protocol.http; |
26 package sun.net.www.protocol.http; |
27 |
27 |
|
28 import java.util.Arrays; |
28 import java.net.URL; |
29 import java.net.URL; |
29 import java.net.URLConnection; |
30 import java.net.URLConnection; |
30 import java.net.ProtocolException; |
31 import java.net.ProtocolException; |
31 import java.net.HttpRetryException; |
32 import java.net.HttpRetryException; |
32 import java.net.PasswordAuthentication; |
33 import java.net.PasswordAuthentication; |
227 "sun.net.http.errorstream.bufferSize", 4096)).intValue(); |
228 "sun.net.http.errorstream.bufferSize", 4096)).intValue(); |
228 if (bufSize4ES <= 0) { |
229 if (bufSize4ES <= 0) { |
229 bufSize4ES = 4096; // use the default |
230 bufSize4ES = 4096; // use the default |
230 } |
231 } |
231 |
232 |
232 allowRestrictedHeaders = ((Boolean)java.security.AccessController.doPrivileged( |
233 allowRestrictedHeaders = java.security.AccessController.doPrivileged( |
233 new sun.security.action.GetBooleanAction( |
234 new sun.security.action.GetBooleanAction( |
234 "sun.net.http.allowRestrictedHeaders"))).booleanValue(); |
235 "sun.net.http.allowRestrictedHeaders")).booleanValue(); |
235 if (!allowRestrictedHeaders) { |
236 if (!allowRestrictedHeaders) { |
236 restrictedHeaderSet = new HashSet<String>(restrictedHeaders.length); |
237 restrictedHeaderSet = new HashSet<String>(restrictedHeaders.length); |
237 for (int i=0; i < restrictedHeaders.length; i++) { |
238 for (int i=0; i < restrictedHeaders.length; i++) { |
238 restrictedHeaderSet.add(restrictedHeaders[i].toLowerCase()); |
239 restrictedHeaderSet.add(restrictedHeaders[i].toLowerCase()); |
239 } |
240 } |
287 |
288 |
288 /* We only have a single static authenticator for now. |
289 /* We only have a single static authenticator for now. |
289 * REMIND: backwards compatibility with JDK 1.1. Should be |
290 * REMIND: backwards compatibility with JDK 1.1. Should be |
290 * eliminated for JDK 2.0. |
291 * eliminated for JDK 2.0. |
291 */ |
292 */ |
|
293 @Deprecated |
292 private static HttpAuthenticator defaultAuth; |
294 private static HttpAuthenticator defaultAuth; |
293 |
295 |
294 /* all the headers we send |
296 /* all the headers we send |
295 * NOTE: do *NOT* dump out the content of 'requests' in the |
297 * NOTE: do *NOT* dump out the content of 'requests' in the |
296 * output or stacktrace since it may contain security-sensitive |
298 * output or stacktrace since it may contain security-sensitive |
1334 RETRY_MSG1, HTTP_PROXY_AUTH); |
1336 RETRY_MSG1, HTTP_PROXY_AUTH); |
1335 } |
1337 } |
1336 |
1338 |
1337 // Read comments labeled "Failed Negotiate" for details. |
1339 // Read comments labeled "Failed Negotiate" for details. |
1338 boolean dontUseNegotiate = false; |
1340 boolean dontUseNegotiate = false; |
1339 Iterator iter = responses.multiValueIterator("Proxy-Authenticate"); |
1341 Iterator<String> iter = responses.multiValueIterator("Proxy-Authenticate"); |
1340 while (iter.hasNext()) { |
1342 while (iter.hasNext()) { |
1341 String value = ((String)iter.next()).trim(); |
1343 String value = iter.next().trim(); |
1342 if (value.equalsIgnoreCase("Negotiate") || |
1344 if (value.equalsIgnoreCase("Negotiate") || |
1343 value.equalsIgnoreCase("Kerberos")) { |
1345 value.equalsIgnoreCase("Kerberos")) { |
1344 if (!inNegotiateProxy) { |
1346 if (!inNegotiateProxy) { |
1345 inNegotiateProxy = true; |
1347 inNegotiateProxy = true; |
1346 } else { |
1348 } else { |
1412 RETRY_MSG2, HTTP_UNAUTHORIZED); |
1414 RETRY_MSG2, HTTP_UNAUTHORIZED); |
1413 } |
1415 } |
1414 |
1416 |
1415 // Read comments labeled "Failed Negotiate" for details. |
1417 // Read comments labeled "Failed Negotiate" for details. |
1416 boolean dontUseNegotiate = false; |
1418 boolean dontUseNegotiate = false; |
1417 Iterator iter = responses.multiValueIterator("WWW-Authenticate"); |
1419 Iterator<String> iter = responses.multiValueIterator("WWW-Authenticate"); |
1418 while (iter.hasNext()) { |
1420 while (iter.hasNext()) { |
1419 String value = ((String)iter.next()).trim(); |
1421 String value = iter.next().trim(); |
1420 if (value.equalsIgnoreCase("Negotiate") || |
1422 if (value.equalsIgnoreCase("Negotiate") || |
1421 value.equalsIgnoreCase("Kerberos")) { |
1423 value.equalsIgnoreCase("Kerberos")) { |
1422 if (!inNegotiate) { |
1424 if (!inNegotiate) { |
1423 inNegotiate = true; |
1425 inNegotiate = true; |
1424 } else { |
1426 } else { |
1583 try { |
1585 try { |
1584 // use reflection to get to the public |
1586 // use reflection to get to the public |
1585 // HttpsURLConnection instance saved in |
1587 // HttpsURLConnection instance saved in |
1586 // DelegateHttpsURLConnection |
1588 // DelegateHttpsURLConnection |
1587 uconn = (URLConnection)this.getClass().getField("httpsURLConnection").get(this); |
1589 uconn = (URLConnection)this.getClass().getField("httpsURLConnection").get(this); |
1588 } catch (IllegalAccessException iae) { |
1590 } catch (IllegalAccessException | |
1589 // ignored; use 'this' |
1591 NoSuchFieldException e) { |
1590 } catch (NoSuchFieldException nsfe) { |
|
1591 // ignored; use 'this' |
1592 // ignored; use 'this' |
1592 } |
1593 } |
1593 } |
1594 } |
1594 CacheRequest cacheRequest = |
1595 CacheRequest cacheRequest = |
1595 cacheHandler.put(uri, uconn); |
1596 cacheHandler.put(uri, uconn); |
1784 st.nextToken(); |
1785 st.nextToken(); |
1785 respCode = Integer.parseInt(st.nextToken().trim()); |
1786 respCode = Integer.parseInt(st.nextToken().trim()); |
1786 if (respCode == HTTP_PROXY_AUTH) { |
1787 if (respCode == HTTP_PROXY_AUTH) { |
1787 // Read comments labeled "Failed Negotiate" for details. |
1788 // Read comments labeled "Failed Negotiate" for details. |
1788 boolean dontUseNegotiate = false; |
1789 boolean dontUseNegotiate = false; |
1789 Iterator iter = responses.multiValueIterator("Proxy-Authenticate"); |
1790 Iterator<String> iter = responses.multiValueIterator("Proxy-Authenticate"); |
1790 while (iter.hasNext()) { |
1791 while (iter.hasNext()) { |
1791 String value = ((String)iter.next()).trim(); |
1792 String value = iter.next().trim(); |
1792 if (value.equalsIgnoreCase("Negotiate") || |
1793 if (value.equalsIgnoreCase("Negotiate") || |
1793 value.equalsIgnoreCase("Kerberos")) { |
1794 value.equalsIgnoreCase("Kerberos")) { |
1794 if (!inNegotiateProxy) { |
1795 if (!inNegotiateProxy) { |
1795 inNegotiateProxy = true; |
1796 inNegotiateProxy = true; |
1796 } else { |
1797 } else { |
1936 |
1937 |
1937 /** |
1938 /** |
1938 * Gets the authentication for an HTTP proxy, and applies it to |
1939 * Gets the authentication for an HTTP proxy, and applies it to |
1939 * the connection. |
1940 * the connection. |
1940 */ |
1941 */ |
|
1942 @SuppressWarnings("fallthrough") |
1941 private AuthenticationInfo getHttpProxyAuthentication (AuthenticationHeader authhdr) { |
1943 private AuthenticationInfo getHttpProxyAuthentication (AuthenticationHeader authhdr) { |
1942 /* get authorization from authenticator */ |
1944 /* get authorization from authenticator */ |
1943 AuthenticationInfo ret = null; |
1945 AuthenticationInfo ret = null; |
1944 String raw = authhdr.raw(); |
1946 String raw = authhdr.raw(); |
1945 String host = http.getProxyHostUsed(); |
1947 String host = http.getProxyHostUsed(); |
2002 ret = new DigestAuthentication(true, host, port, realm, |
2004 ret = new DigestAuthentication(true, host, port, realm, |
2003 scheme, a, params); |
2005 scheme, a, params); |
2004 } |
2006 } |
2005 break; |
2007 break; |
2006 case NTLM: |
2008 case NTLM: |
2007 if (NTLMAuthenticationProxy.proxy.supported) { |
2009 if (NTLMAuthenticationProxy.supported) { |
2008 /* tryTransparentNTLMProxy will always be true the first |
2010 /* tryTransparentNTLMProxy will always be true the first |
2009 * time around, but verify that the platform supports it |
2011 * time around, but verify that the platform supports it |
2010 * otherwise don't try. */ |
2012 * otherwise don't try. */ |
2011 if (tryTransparentNTLMProxy) { |
2013 if (tryTransparentNTLMProxy) { |
2012 tryTransparentNTLMProxy = |
2014 tryTransparentNTLMProxy = |
2013 NTLMAuthenticationProxy.proxy.supportsTransparentAuth; |
2015 NTLMAuthenticationProxy.supportsTransparentAuth; |
2014 } |
2016 } |
2015 a = null; |
2017 a = null; |
2016 if (tryTransparentNTLMProxy) { |
2018 if (tryTransparentNTLMProxy) { |
2017 logger.finest("Trying Transparent NTLM authentication"); |
2019 logger.finest("Trying Transparent NTLM authentication"); |
2018 } else { |
2020 } else { |
2041 case KERBEROS: |
2043 case KERBEROS: |
2042 ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Kerberos")); |
2044 ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Kerberos")); |
2043 break; |
2045 break; |
2044 case UNKNOWN: |
2046 case UNKNOWN: |
2045 logger.finest("Unknown/Unsupported authentication scheme: " + scheme); |
2047 logger.finest("Unknown/Unsupported authentication scheme: " + scheme); |
|
2048 /*fall through*/ |
2046 default: |
2049 default: |
2047 throw new AssertionError("should not reach here"); |
2050 throw new AssertionError("should not reach here"); |
2048 } |
2051 } |
2049 } |
2052 } |
2050 // For backwards compatibility, we also try defaultAuth |
2053 // For backwards compatibility, we also try defaultAuth |
2078 * Gets the authentication for an HTTP server, and applies it to |
2081 * Gets the authentication for an HTTP server, and applies it to |
2079 * the connection. |
2082 * the connection. |
2080 * @param authHdr the AuthenticationHeader which tells what auth scheme is |
2083 * @param authHdr the AuthenticationHeader which tells what auth scheme is |
2081 * prefered. |
2084 * prefered. |
2082 */ |
2085 */ |
|
2086 @SuppressWarnings("fallthrough") |
2083 private AuthenticationInfo getServerAuthentication (AuthenticationHeader authhdr) { |
2087 private AuthenticationInfo getServerAuthentication (AuthenticationHeader authhdr) { |
2084 /* get authorization from authenticator */ |
2088 /* get authorization from authenticator */ |
2085 AuthenticationInfo ret = null; |
2089 AuthenticationInfo ret = null; |
2086 String raw = authhdr.raw(); |
2090 String raw = authhdr.raw(); |
2087 /* When we get an NTLM auth from cache, don't set any special headers */ |
2091 /* When we get an NTLM auth from cache, don't set any special headers */ |
2148 digestparams = new DigestAuthentication.Parameters(); |
2152 digestparams = new DigestAuthentication.Parameters(); |
2149 ret = new DigestAuthentication(false, url, realm, scheme, a, digestparams); |
2153 ret = new DigestAuthentication(false, url, realm, scheme, a, digestparams); |
2150 } |
2154 } |
2151 break; |
2155 break; |
2152 case NTLM: |
2156 case NTLM: |
2153 if (NTLMAuthenticationProxy.proxy.supported) { |
2157 if (NTLMAuthenticationProxy.supported) { |
2154 URL url1; |
2158 URL url1; |
2155 try { |
2159 try { |
2156 url1 = new URL (url, "/"); /* truncate the path */ |
2160 url1 = new URL (url, "/"); /* truncate the path */ |
2157 } catch (Exception e) { |
2161 } catch (Exception e) { |
2158 url1 = url; |
2162 url1 = url; |
2161 /* tryTransparentNTLMServer will always be true the first |
2165 /* tryTransparentNTLMServer will always be true the first |
2162 * time around, but verify that the platform supports it |
2166 * time around, but verify that the platform supports it |
2163 * otherwise don't try. */ |
2167 * otherwise don't try. */ |
2164 if (tryTransparentNTLMServer) { |
2168 if (tryTransparentNTLMServer) { |
2165 tryTransparentNTLMServer = |
2169 tryTransparentNTLMServer = |
2166 NTLMAuthenticationProxy.proxy.supportsTransparentAuth; |
2170 NTLMAuthenticationProxy.supportsTransparentAuth; |
2167 /* If the platform supports transparent authentication |
2171 /* If the platform supports transparent authentication |
2168 * then check if we are in a secure environment |
2172 * then check if we are in a secure environment |
2169 * whether, or not, we should try transparent authentication.*/ |
2173 * whether, or not, we should try transparent authentication.*/ |
2170 if (tryTransparentNTLMServer) { |
2174 if (tryTransparentNTLMServer) { |
2171 tryTransparentNTLMServer = |
2175 tryTransparentNTLMServer = |
2172 NTLMAuthenticationProxy.proxy.isTrustedSite(url); |
2176 NTLMAuthenticationProxy.isTrustedSite(url); |
2173 } |
2177 } |
2174 } |
2178 } |
2175 a = null; |
2179 a = null; |
2176 if (tryTransparentNTLMServer) { |
2180 if (tryTransparentNTLMServer) { |
2177 logger.finest("Trying Transparent NTLM authentication"); |
2181 logger.finest("Trying Transparent NTLM authentication"); |
2743 } |
2748 } |
2744 /* |
2749 /* |
2745 * The cookies in the requests message headers may have |
2750 * The cookies in the requests message headers may have |
2746 * been modified. Use the saved user cookies instead. |
2751 * been modified. Use the saved user cookies instead. |
2747 */ |
2752 */ |
2748 Map userCookiesMap = null; |
2753 Map<String, List<String>> userCookiesMap = null; |
2749 if (userCookies != null || userCookies2 != null) { |
2754 if (userCookies != null || userCookies2 != null) { |
2750 userCookiesMap = new HashMap(); |
2755 userCookiesMap = new HashMap<>(); |
2751 if (userCookies != null) { |
2756 if (userCookies != null) { |
2752 userCookiesMap.put("Cookie", userCookies); |
2757 userCookiesMap.put("Cookie", Arrays.asList(userCookies)); |
2753 } |
2758 } |
2754 if (userCookies2 != null) { |
2759 if (userCookies2 != null) { |
2755 userCookiesMap.put("Cookie2", userCookies2); |
2760 userCookiesMap.put("Cookie2", Arrays.asList(userCookies2)); |
2756 } |
2761 } |
2757 } |
2762 } |
2758 return requests.filterAndAddHeaders(EXCLUDE_HEADERS2, userCookiesMap); |
2763 return requests.filterAndAddHeaders(EXCLUDE_HEADERS2, userCookiesMap); |
2759 } |
2764 } |
2760 |
2765 |