src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/HttpClientImpl.java
branchhttp-client-branch
changeset 55764 34d7cc00f87a
parent 55763 634d8e14c172
child 55781 16e7156053f5
--- a/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/HttpClientImpl.java	Sun Nov 05 17:32:13 2017 +0000
+++ b/src/jdk.incubator.httpclient/share/classes/jdk/incubator/http/HttpClientImpl.java	Sun Nov 05 21:19:55 2017 +0000
@@ -33,6 +33,7 @@
 import java.net.Authenticator;
 import java.net.CookieManager;
 import java.net.NetPermission;
+import java.net.Proxy;
 import java.net.ProxySelector;
 import java.net.URI;
 import java.nio.channels.CancelledKeyException;
@@ -407,23 +408,32 @@
 
     @Override
     public <T> CompletableFuture<HttpResponse<T>>
-    sendAsync(HttpRequest req, BodyHandler<T> responseHandler)
+    sendAsync(HttpRequest userRequest, BodyHandler<T> responseHandler)
     {
         AccessControlContext acc = null;
         if (System.getSecurityManager() != null)
             acc = AccessController.getContext();
 
+        // Clone the, possibly untrusted, HttpRequest
+        HttpRequestImpl requestImpl = new HttpRequestImpl(userRequest, proxySelector, acc);
+        if (requestImpl.method().equals("CONNECT"))
+            throw new IllegalArgumentException("Unsupported method CONNECT");
+
         long start = DEBUGELAPSED ? System.nanoTime() : 0;
         reference();
         try {
-            debug.log(Level.DEBUG, "ClientImpl (async) send %s", req);
+            debug.log(Level.DEBUG, "ClientImpl (async) send %s", userRequest);
 
-            MultiExchange<Void,T> mex = new MultiExchange<>(req, this, responseHandler, acc);
+            MultiExchange<Void,T> mex = new MultiExchange<>(userRequest,
+                                                            requestImpl,
+                                                            this,
+                                                            responseHandler,
+                                                            acc);
             CompletableFuture<HttpResponse<T>> res =
                     mex.responseAsync().whenComplete((b,t) -> unreference());
             if (DEBUGELAPSED) {
                 res = res.whenComplete(
-                        (b,t) -> debugCompleted("ClientImpl (async)", start, req));
+                        (b,t) -> debugCompleted("ClientImpl (async)", start, userRequest));
             }
             // makes sure that any dependent actions happen in the executor
             if (acc != null) {
@@ -434,29 +444,38 @@
             return res;
         } catch(Throwable t) {
             unreference();
-            debugCompleted("ClientImpl (async)", start, req);
+            debugCompleted("ClientImpl (async)", start, userRequest);
             throw t;
         }
     }
 
     @Override
     public <U, T> CompletableFuture<U>
-    sendAsync(HttpRequest req, MultiSubscriber<U, T> responseHandler) {
+    sendAsync(HttpRequest userRequest, MultiSubscriber<U, T> responseHandler) {
         AccessControlContext acc = null;
         if (System.getSecurityManager() != null)
             acc = AccessController.getContext();
 
+        // Clone the, possibly untrusted, HttpRequest
+        HttpRequestImpl requestImpl = new HttpRequestImpl(userRequest, proxySelector, acc);
+        if (requestImpl.method().equals("CONNECT"))
+            throw new IllegalArgumentException("Unsupported method CONNECT");
+
         long start = DEBUGELAPSED ? System.nanoTime() : 0;
         reference();
         try {
-            debug.log(Level.DEBUG, "ClientImpl (async) send multi %s", req);
+            debug.log(Level.DEBUG, "ClientImpl (async) send multi %s", userRequest);
 
-            MultiExchange<U,T> mex = new MultiExchange<>(req, this, responseHandler, acc);
+            MultiExchange<U,T> mex = new MultiExchange<>(userRequest,
+                                                         requestImpl,
+                                                         this,
+                                                         responseHandler,
+                                                         acc);
             CompletableFuture<U> res = mex.multiResponseAsync()
                       .whenComplete((b,t) -> unreference());
             if (DEBUGELAPSED) {
                 res = res.whenComplete(
-                        (b,t) -> debugCompleted("ClientImpl (async)", start, req));
+                        (b,t) -> debugCompleted("ClientImpl (async)", start, userRequest));
             }
             // makes sure that any dependent actions happen in the executor
             if (acc != null) {
@@ -467,7 +486,7 @@
             return res;
         } catch(Throwable t) {
             unreference();
-            debugCompleted("ClientImpl (async)", start, req);
+            debugCompleted("ClientImpl (async)", start, userRequest);
             throw t;
         }
     }