1 /* |
1 /* |
2 * Copyright (c) 2001, 2018, Oracle and/or its affiliates. All rights reserved. |
2 * Copyright (c) 2001, 2019, Oracle and/or its affiliates. All rights reserved. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. |
4 * |
4 * |
5 * This code is free software; you can redistribute it and/or modify it |
5 * This code is free software; you can redistribute it and/or modify it |
6 * under the terms of the GNU General Public License version 2 only, as |
6 * under the terms of the GNU General Public License version 2 only, as |
7 * published by the Free Software Foundation. Oracle designates this |
7 * published by the Free Software Foundation. Oracle designates this |
40 import java.security.Principal; |
40 import java.security.Principal; |
41 import java.security.cert.*; |
41 import java.security.cert.*; |
42 import java.util.Objects; |
42 import java.util.Objects; |
43 import java.util.StringTokenizer; |
43 import java.util.StringTokenizer; |
44 import java.util.Vector; |
44 import java.util.Vector; |
45 |
45 import java.util.concurrent.locks.Lock; |
46 import javax.security.auth.x500.X500Principal; |
|
47 |
|
48 import javax.net.ssl.*; |
46 import javax.net.ssl.*; |
49 import sun.net.www.http.HttpClient; |
47 import sun.net.www.http.HttpClient; |
50 import sun.net.www.protocol.http.AuthenticatorKeys; |
48 import sun.net.www.protocol.http.AuthenticatorKeys; |
51 import sun.net.www.protocol.http.HttpURLConnection; |
49 import sun.net.www.protocol.http.HttpURLConnection; |
52 import sun.security.action.*; |
50 import sun.security.action.*; |
53 |
|
54 import sun.security.util.HostnameChecker; |
51 import sun.security.util.HostnameChecker; |
55 import sun.security.ssl.SSLSocketImpl; |
52 import sun.security.ssl.SSLSocketImpl; |
56 |
|
57 import sun.util.logging.PlatformLogger; |
53 import sun.util.logging.PlatformLogger; |
58 import static sun.net.www.protocol.http.HttpURLConnection.TunnelState.*; |
54 import static sun.net.www.protocol.http.HttpURLConnection.TunnelState.*; |
59 |
55 |
60 |
56 |
61 /** |
57 /** |
206 * SSL tunneling. |
202 * SSL tunneling. |
207 * |
203 * |
208 * Use New to get new HttpsClient. This constructor is meant to be |
204 * Use New to get new HttpsClient. This constructor is meant to be |
209 * used only by New method. New properly checks for URL spoofing. |
205 * used only by New method. New properly checks for URL spoofing. |
210 * |
206 * |
211 * @param URL https URL with which a connection must be established |
207 * @param url https URL with which a connection must be established |
212 */ |
208 */ |
213 private HttpsClient(SSLSocketFactory sf, URL url) |
209 private HttpsClient(SSLSocketFactory sf, URL url) |
214 throws IOException |
210 throws IOException |
215 { |
211 { |
216 // HttpClient-level proxying is always disabled, |
212 // HttpClient-level proxying is always disabled, |
339 String ak = httpuc == null ? AuthenticatorKeys.DEFAULT |
335 String ak = httpuc == null ? AuthenticatorKeys.DEFAULT |
340 : httpuc.getAuthenticatorKey(); |
336 : httpuc.getAuthenticatorKey(); |
341 boolean compatible = ((ret.proxy != null && ret.proxy.equals(p)) || |
337 boolean compatible = ((ret.proxy != null && ret.proxy.equals(p)) || |
342 (ret.proxy == null && p == Proxy.NO_PROXY)) |
338 (ret.proxy == null && p == Proxy.NO_PROXY)) |
343 && Objects.equals(ret.getAuthenticatorKey(), ak); |
339 && Objects.equals(ret.getAuthenticatorKey(), ak); |
|
340 Lock lock = ret.clientLock; |
344 if (compatible) { |
341 if (compatible) { |
345 synchronized (ret) { |
342 lock.lock(); |
|
343 try { |
346 ret.cachedHttpClient = true; |
344 ret.cachedHttpClient = true; |
347 assert ret.inCache; |
345 assert ret.inCache; |
348 ret.inCache = false; |
346 ret.inCache = false; |
349 if (httpuc != null && ret.needsTunneling()) |
347 if (httpuc != null && ret.needsTunneling()) |
350 httpuc.setTunnelState(TUNNELING); |
348 httpuc.setTunnelState(TUNNELING); |
351 if (logger.isLoggable(PlatformLogger.Level.FINEST)) { |
349 if (logger.isLoggable(PlatformLogger.Level.FINEST)) { |
352 logger.finest("KeepAlive stream retrieved from the cache, " + ret); |
350 logger.finest("KeepAlive stream retrieved from the cache, " + ret); |
353 } |
351 } |
|
352 } finally { |
|
353 lock.unlock(); |
354 } |
354 } |
355 } else { |
355 } else { |
356 // We cannot return this connection to the cache as it's |
356 // We cannot return this connection to the cache as it's |
357 // KeepAliveTimeout will get reset. We simply close the connection. |
357 // KeepAliveTimeout will get reset. We simply close the connection. |
358 // This should be fine as it is very rare that a connection |
358 // This should be fine as it is very rare that a connection |
359 // to the same host will not use the same proxy. |
359 // to the same host will not use the same proxy. |
360 synchronized(ret) { |
360 lock.lock(); |
|
361 try { |
361 if (logger.isLoggable(PlatformLogger.Level.FINEST)) { |
362 if (logger.isLoggable(PlatformLogger.Level.FINEST)) { |
362 logger.finest("Not returning this connection to cache: " + ret); |
363 logger.finest("Not returning this connection to cache: " + ret); |
363 } |
364 } |
364 ret.inCache = false; |
365 ret.inCache = false; |
365 ret.closeServer(); |
366 ret.closeServer(); |
|
367 } finally { |
|
368 lock.unlock(); |
366 } |
369 } |
367 ret = null; |
370 ret = null; |
368 } |
371 } |
369 } |
372 } |
370 } |
373 } |