--- a/src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java Mon Feb 12 17:32:52 2018 +0000
+++ b/src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java Mon Feb 12 18:45:17 2018 +0000
@@ -337,7 +337,7 @@
}
// Use a WeakHashMap to make it possible for the HttpClient to
- // be garbaged collected when no longer referenced.
+ // be garbage collected when no longer referenced.
static final WeakHashMap<HttpClientImpl,Cache> caches = new WeakHashMap<>();
static synchronized Cache getCache(MultiExchange<?> exchange) {
--- a/src/java.net.http/share/classes/jdk/internal/net/http/Exchange.java Mon Feb 12 17:32:52 2018 +0000
+++ b/src/java.net.http/share/classes/jdk/internal/net/http/Exchange.java Mon Feb 12 18:45:17 2018 +0000
@@ -377,8 +377,8 @@
after407Check = this::sendRequestBody;
}
// The ProxyAuthorizationRequired can be triggered either by
- // establishExchange (case of HTTP/2 SSL tunelling through HTTP/1.1 proxy
- // or by sendHeaderAsync (case of HTTP/1.1 SSL tunelling through HTTP/1.1 proxy
+ // establishExchange (case of HTTP/2 SSL tunneling through HTTP/1.1 proxy
+ // or by sendHeaderAsync (case of HTTP/1.1 SSL tunneling through HTTP/1.1 proxy
// Therefore we handle it with a call to this checkFor407(...) after these
// two places.
Function<ExchangeImpl<T>, CompletableFuture<Response>> afterExch407Check =
--- a/src/java.net.http/share/classes/jdk/internal/net/http/Http2Connection.java Mon Feb 12 17:32:52 2018 +0000
+++ b/src/java.net.http/share/classes/jdk/internal/net/http/Http2Connection.java Mon Feb 12 18:45:17 2018 +0000
@@ -27,6 +27,7 @@
import java.io.EOFException;
import java.io.IOException;
+import java.io.UncheckedIOException;
import java.lang.System.Logger.Level;
import java.net.InetSocketAddress;
import java.net.URI;
@@ -36,6 +37,7 @@
import java.util.LinkedList;
import java.util.List;
import java.util.Map;
+import java.util.Set;
import java.util.concurrent.CompletableFuture;
import java.util.ArrayList;
import java.util.Objects;
@@ -575,7 +577,7 @@
* identifiers; those initiated by the server MUST use even-numbered
* stream identifiers.
*/
- private static final boolean isSeverInitiatedStream(int streamid) {
+ private static final boolean isServerInitiatedStream(int streamid) {
return (streamid & 0x1) == 0;
}
@@ -620,12 +622,17 @@
if (frame instanceof HeaderFrame) {
// always decode the headers as they may affect
// connection-level HPACK decoding state
- HeaderDecoder decoder = new HeaderDecoder();
- decodeHeaders((HeaderFrame) frame, decoder);
+ DecodingCallback decoder = new ValidatingHeadersConsumer();
+ try {
+ decodeHeaders((HeaderFrame) frame, decoder);
+ } catch (UncheckedIOException e) {
+ protocolError(ResetFrame.PROTOCOL_ERROR, e.getMessage());
+ return;
+ }
}
if (!(frame instanceof ResetFrame)) {
- if (isSeverInitiatedStream(streamid)) {
+ if (isServerInitiatedStream(streamid)) {
if (streamid < nextPushStream) {
// trailing data on a cancelled push promise stream,
// reset will already have been sent, ignore
@@ -642,10 +649,20 @@
}
if (frame instanceof PushPromiseFrame) {
PushPromiseFrame pp = (PushPromiseFrame)frame;
- handlePushPromise(stream, pp);
+ try {
+ handlePushPromise(stream, pp);
+ } catch (UncheckedIOException e) {
+ protocolError(ResetFrame.PROTOCOL_ERROR, e.getMessage());
+ return;
+ }
} else if (frame instanceof HeaderFrame) {
// decode headers (or continuation)
- decodeHeaders((HeaderFrame) frame, stream.rspHeadersConsumer());
+ try {
+ decodeHeaders((HeaderFrame) frame, stream.rspHeadersConsumer());
+ } catch (UncheckedIOException e) {
+ protocolError(ResetFrame.PROTOCOL_ERROR, e.getMessage());
+ return;
+ }
stream.incoming(frame);
} else {
stream.incoming(frame);
@@ -1139,7 +1156,8 @@
+ connection.getConnectionFlow() + ")";
}
- static class HeaderDecoder implements DecodingCallback {
+ static class HeaderDecoder extends ValidatingHeadersConsumer {
+
HttpHeadersImpl headers;
HeaderDecoder() {
@@ -1148,7 +1166,10 @@
@Override
public void onDecoded(CharSequence name, CharSequence value) {
- headers.addHeader(name.toString(), value.toString());
+ String n = name.toString();
+ String v = value.toString();
+ super.onDecoded(n, v);
+ headers.addHeader(n, v);
}
HttpHeadersImpl headers() {
@@ -1156,6 +1177,39 @@
}
}
+ /*
+ * Checks RFC 7540 rules (relaxed) compliance regarding pseudo-headers.
+ */
+ static class ValidatingHeadersConsumer implements DecodingCallback {
+
+ private static final Set<String> PSEUDO_HEADERS =
+ Set.of(":authority", ":method", ":path", ":scheme", ":status");
+
+ @Override
+ public void onDecoded(CharSequence name, CharSequence value)
+ throws UncheckedIOException
+ {
+ String n = name.toString();
+ if (n.startsWith(":")) {
+ if (!PSEUDO_HEADERS.contains(n)) {
+ throw newException("Unexpected pseudo-header '%s'", n);
+ }
+ } else if (!Utils.isValidName(n)) {
+ throw newException("Bad header name '%s'", n);
+ }
+ String v = value.toString();
+ if (!Utils.isValidValue(v)) {
+ throw newException("Bad header value '%s'", v);
+ }
+ }
+
+ private UncheckedIOException newException(String message, String header)
+ {
+ return new UncheckedIOException(
+ new IOException(String.format(message, header)));
+ }
+ }
+
static final class ConnectionWindowUpdateSender extends WindowUpdateSender {
final int initialWindowSize;
--- a/src/java.net.http/share/classes/jdk/internal/net/http/Stream.java Mon Feb 12 17:32:52 2018 +0000
+++ b/src/java.net.http/share/classes/jdk/internal/net/http/Stream.java Mon Feb 12 18:45:17 2018 +0000
@@ -26,6 +26,7 @@
package jdk.internal.net.http;
import java.io.IOException;
+import java.io.UncheckedIOException;
import java.lang.System.Logger.Level;
import java.net.URI;
import java.nio.ByteBuffer;
@@ -304,13 +305,7 @@
this.request = e.request();
this.requestPublisher = request.requestPublisher; // may be null
responseHeaders = new HttpHeadersImpl();
- rspHeadersConsumer = (name, value) -> {
- responseHeaders.addHeader(name.toString(), value.toString());
- if (Log.headers() && Log.trace()) {
- Log.logTrace("RECEIVED HEADER (streamid={0}): {1}: {2}",
- streamid, name, value);
- }
- };
+ rspHeadersConsumer = new HeadersConsumer();
this.requestPseudoHeaders = new HttpHeadersImpl();
// NEW
this.windowUpdater = new StreamWindowUpdateSender(connection);
@@ -1177,4 +1172,21 @@
final String dbgString() {
return connection.dbgString() + "/Stream("+streamid+")";
}
+
+ private class HeadersConsumer extends Http2Connection.ValidatingHeadersConsumer {
+
+ @Override
+ public void onDecoded(CharSequence name, CharSequence value)
+ throws UncheckedIOException
+ {
+ String n = name.toString();
+ String v = value.toString();
+ super.onDecoded(n, v);
+ responseHeaders.addHeader(n, v);
+ if (Log.headers() && Log.trace()) {
+ Log.logTrace("RECEIVED HEADER (streamid={0}): {1}: {2}",
+ streamid, n, v);
+ }
+ }
+ }
}
--- a/test/jdk/java/net/httpclient/DigestEchoServer.java Mon Feb 12 17:32:52 2018 +0000
+++ b/test/jdk/java/net/httpclient/DigestEchoServer.java Mon Feb 12 18:45:17 2018 +0000
@@ -1028,11 +1028,20 @@
@Override
protected void requestAuthentication(HttpTestExchange he)
- throws IOException {
+ throws IOException {
+ String separator;
+ Version v = he.getExchangeVersion();
+ if (v == Version.HTTP_1_1) {
+ separator = "\r\n ";
+ } else if (v == Version.HTTP_2) {
+ separator = " ";
+ } else {
+ throw new InternalError(String.valueOf(v));
+ }
he.getResponseHeaders().addHeader(getAuthenticate(),
"Digest realm=\"" + auth.getRealm() + "\","
- + "\r\n qop=\"auth\","
- + "\r\n nonce=\"" + ns +"\"");
+ + separator + "qop=\"auth\","
+ + separator + "nonce=\"" + ns +"\"");
System.out.println(type + ": Requesting Digest Authentication "
+ he.getResponseHeaders()
.firstValue(getAuthenticate())
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/java/net/httpclient/http2/BadHeadersTest.java Mon Feb 12 18:45:17 2018 +0000
@@ -0,0 +1,269 @@
+/*
+ * Copyright (c) 2018, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/*
+ * @test
+ * @modules java.base/sun.net.www.http
+ * java.net.http/jdk.internal.net.http.common
+ * java.net.http/jdk.internal.net.http.frame
+ * java.net.http/jdk.internal.net.http.hpack
+ * @library /lib/testlibrary server
+ * @build Http2TestServer
+ * @build jdk.testlibrary.SimpleSSLContext
+ * @run testng/othervm BadHeadersTest
+ */
+
+import jdk.internal.net.http.common.HttpHeadersImpl;
+import jdk.internal.net.http.common.Pair;
+import jdk.internal.net.http.frame.ContinuationFrame;
+import jdk.internal.net.http.frame.HeaderFrame;
+import jdk.internal.net.http.frame.HeadersFrame;
+import jdk.internal.net.http.frame.Http2Frame;
+import jdk.testlibrary.SimpleSSLContext;
+import org.testng.annotations.AfterTest;
+import org.testng.annotations.BeforeTest;
+import org.testng.annotations.DataProvider;
+import org.testng.annotations.Test;
+
+import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
+import java.io.IOException;
+import java.io.InputStream;
+import java.io.OutputStream;
+import java.net.URI;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.nio.ByteBuffer;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.concurrent.CompletionException;
+import java.util.concurrent.atomic.AtomicInteger;
+import java.util.function.BiFunction;
+
+import static java.net.http.HttpRequest.BodyPublisher.fromString;
+import static java.net.http.HttpResponse.BodyHandler.asString;
+import static jdk.internal.net.http.common.Pair.pair;
+import static org.testng.Assert.assertThrows;
+
+// Code copied from ContinuationFrameTest
+public class BadHeadersTest {
+
+ private static final List<Pair<String, String>> BAD_HEADERS = List.of(
+ pair(":hello", "GET"), // Unknown pseudo-header
+ pair("hell o", "value"), // Space in the name
+ pair("hello", "line1\r\n line2\r\n"), // Multiline value
+ pair("hello", "DE" + ((char) 0x7F) + "L") // Bad byte in value
+ );
+
+ SSLContext sslContext;
+ Http2TestServer http2TestServer; // HTTP/2 ( h2c )
+ Http2TestServer https2TestServer; // HTTP/2 ( h2 )
+ String http2URI;
+ String https2URI;
+
+ /**
+ * A function that returns a list of 1) a HEADERS frame ( with an empty
+ * payload ), and 2) a CONTINUATION frame with the actual headers.
+ */
+ static BiFunction<Integer,List<ByteBuffer>,List<Http2Frame>> oneContinuation =
+ (Integer streamid, List<ByteBuffer> encodedHeaders) -> {
+ List<ByteBuffer> empty = List.of(ByteBuffer.wrap(new byte[0]));
+ HeadersFrame hf = new HeadersFrame(streamid, 0, empty);
+ ContinuationFrame cf = new ContinuationFrame(streamid,
+ HeaderFrame.END_HEADERS,
+ encodedHeaders);
+ return List.of(hf, cf);
+ };
+
+ /**
+ * A function that returns a list of a HEADERS frame followed by a number of
+ * CONTINUATION frames. Each frame contains just a single byte of payload.
+ */
+ static BiFunction<Integer,List<ByteBuffer>,List<Http2Frame>> byteAtATime =
+ (Integer streamid, List<ByteBuffer> encodedHeaders) -> {
+ assert encodedHeaders.get(0).hasRemaining();
+ List<Http2Frame> frames = new ArrayList<>();
+ ByteBuffer hb = ByteBuffer.wrap(new byte[] {encodedHeaders.get(0).get()});
+ HeadersFrame hf = new HeadersFrame(streamid, 0, hb);
+ frames.add(hf);
+ for (ByteBuffer bb : encodedHeaders) {
+ while (bb.hasRemaining()) {
+ List<ByteBuffer> data = List.of(ByteBuffer.wrap(new byte[] {bb.get()}));
+ ContinuationFrame cf = new ContinuationFrame(streamid, 0, data);
+ frames.add(cf);
+ }
+ }
+ frames.get(frames.size() - 1).setFlag(HeaderFrame.END_HEADERS);
+ return frames;
+ };
+
+ @DataProvider(name = "variants")
+ public Object[][] variants() {
+ return new Object[][] {
+ { http2URI, false, oneContinuation },
+ { https2URI, false, oneContinuation },
+ { http2URI, true, oneContinuation },
+ { https2URI, true, oneContinuation },
+
+ { http2URI, false, byteAtATime },
+ { https2URI, false, byteAtATime },
+ { http2URI, true, byteAtATime },
+ { https2URI, true, byteAtATime },
+ };
+ }
+
+
+ @Test(dataProvider = "variants")
+ void test(String uri,
+ boolean sameClient,
+ BiFunction<Integer,List<ByteBuffer>,List<Http2Frame>> headerFramesSupplier)
+ throws Exception
+ {
+ CFTHttp2TestExchange.setHeaderFrameSupplier(headerFramesSupplier);
+
+ HttpClient client = null;
+ for (int i=0; i< BAD_HEADERS.size(); i++) {
+ if (!sameClient || client == null)
+ client = HttpClient.newBuilder().sslContext(sslContext).build();
+
+ HttpRequest request = HttpRequest.newBuilder(URI.create(uri))
+ .POST(fromString("Hello there!"))
+ .build();
+ final HttpClient cc = client;
+ if (i % 2 == 0) {
+ assertThrows(IOException.class, () -> cc.send(request, asString()));
+ } else {
+ Throwable t = null;
+ try {
+ cc.sendAsync(request, asString()).join();
+ } catch (Throwable t0) {
+ t = t0;
+ }
+ if (t == null) {
+ throw new AssertionError("An exception was expected");
+ }
+ if (t instanceof CompletionException) {
+ Throwable c = t.getCause();
+ if (!(c instanceof IOException)) {
+ throw new AssertionError("Unexpected exception", c);
+ }
+ } else if (!(t instanceof IOException)) {
+ throw new AssertionError("Unexpected exception", t);
+ }
+ }
+ }
+ }
+
+ @BeforeTest
+ public void setup() throws Exception {
+ sslContext = new SimpleSSLContext().get();
+ if (sslContext == null)
+ throw new AssertionError("Unexpected null sslContext");
+
+ http2TestServer = new Http2TestServer("127.0.0.1", false, 0);
+ http2TestServer.addHandler(new Http2EchoHandler(), "/http2/echo");
+ int port = http2TestServer.getAddress().getPort();
+ http2URI = "http://127.0.0.1:" + port + "/http2/echo";
+
+ https2TestServer = new Http2TestServer("127.0.0.1", true, 0);
+ https2TestServer.addHandler(new Http2EchoHandler(), "/https2/echo");
+ port = https2TestServer.getAddress().getPort();
+ https2URI = "https://127.0.0.1:" + port + "/https2/echo";
+
+ // Override the default exchange supplier with a custom one to enable
+ // particular test scenarios
+ http2TestServer.setExchangeSupplier(CFTHttp2TestExchange::new);
+ https2TestServer.setExchangeSupplier(CFTHttp2TestExchange::new);
+
+ http2TestServer.start();
+ https2TestServer.start();
+ }
+
+ @AfterTest
+ public void teardown() throws Exception {
+ http2TestServer.stop();
+ https2TestServer.stop();
+ }
+
+ static class Http2EchoHandler implements Http2Handler {
+
+ private final AtomicInteger requestNo = new AtomicInteger();
+
+ @Override
+ public void handle(Http2TestExchange t) throws IOException {
+ try (InputStream is = t.getRequestBody();
+ OutputStream os = t.getResponseBody()) {
+ byte[] bytes = is.readAllBytes();
+ int i = requestNo.incrementAndGet();
+ Pair<String, String> p = BAD_HEADERS.get(i % BAD_HEADERS.size());
+ t.getResponseHeaders().addHeader(p.first, p.second);
+ t.sendResponseHeaders(200, bytes.length);
+ os.write(bytes);
+ }
+ }
+ }
+
+ // A custom Http2TestExchangeImpl that overrides sendResponseHeaders to
+ // allow headers to be sent with a number of CONTINUATION frames.
+ static class CFTHttp2TestExchange extends Http2TestExchangeImpl {
+ static volatile BiFunction<Integer,List<ByteBuffer>,List<Http2Frame>> headerFrameSupplier;
+
+ static void setHeaderFrameSupplier(BiFunction<Integer,List<ByteBuffer>,List<Http2Frame>> hfs) {
+ headerFrameSupplier = hfs;
+ }
+
+ CFTHttp2TestExchange(int streamid, String method, HttpHeadersImpl reqheaders,
+ HttpHeadersImpl rspheaders, URI uri, InputStream is,
+ SSLSession sslSession, BodyOutputStream os,
+ Http2TestServerConnection conn, boolean pushAllowed) {
+ super(streamid, method, reqheaders, rspheaders, uri, is, sslSession,
+ os, conn, pushAllowed);
+
+ }
+
+ @Override
+ public void sendResponseHeaders(int rCode, long responseLength) throws IOException {
+ this.responseLength = responseLength;
+ if (responseLength > 0 || responseLength < 0) {
+ long clen = responseLength > 0 ? responseLength : 0;
+ rspheaders.setHeader("Content-length", Long.toString(clen));
+ }
+ rspheaders.setHeader(":status", Integer.toString(rCode));
+
+ List<ByteBuffer> encodeHeaders = conn.encodeHeaders(rspheaders);
+ List<Http2Frame> headerFrames = headerFrameSupplier.apply(streamid, encodeHeaders);
+ assert headerFrames.size() > 0; // there must always be at least 1
+
+ if (responseLength < 0) {
+ headerFrames.get(headerFrames.size() -1).setFlag(HeadersFrame.END_STREAM);
+ os.closeInternal();
+ }
+
+ for (Http2Frame f : headerFrames)
+ conn.outputQ.put(f);
+
+ os.goodToGo();
+ System.err.println("Sent response headers " + rCode);
+ }
+ }
+}
--- a/test/jdk/java/net/httpclient/http2/ContinuationFrameTest.java Mon Feb 12 17:32:52 2018 +0000
+++ b/test/jdk/java/net/httpclient/http2/ContinuationFrameTest.java Mon Feb 12 18:45:17 2018 +0000
@@ -1,5 +1,5 @@
/*
- * Copyright (c) 2017, Oracle and/or its affiliates. All rights reserved.
+ * Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -194,9 +194,9 @@
try (InputStream is = t.getRequestBody();
OutputStream os = t.getResponseBody()) {
byte[] bytes = is.readAllBytes();
- t.getResponseHeaders().addHeader("just some", "noise");
- t.getResponseHeaders().addHeader("to add ", "payload in ");
- t.getResponseHeaders().addHeader("the header", "frames");
+ t.getResponseHeaders().addHeader("justSome", "Noise");
+ t.getResponseHeaders().addHeader("toAdd", "payload in");
+ t.getResponseHeaders().addHeader("theHeader", "Frames");
t.sendResponseHeaders(200, bytes.length);
os.write(bytes);
}
--- a/test/jdk/java/net/httpclient/http2/ServerPushWithDiffTypes.java Mon Feb 12 17:32:52 2018 +0000
+++ b/test/jdk/java/net/httpclient/http2/ServerPushWithDiffTypes.java Mon Feb 12 18:45:17 2018 +0000
@@ -60,7 +60,7 @@
"/x/y/z/5", "the fifth push promise body",
"/x/y/z/6", "the sixth push promise body",
"/x/y/z/7", "the seventh push promise body",
- "/x/y/z/8", "the eight push promise body",
+ "/x/y/z/8", "the eighth push promise body",
"/x/y/z/9", "the ninth push promise body"
);
@@ -249,7 +249,7 @@
InputStream is = new ByteArrayInputStream(promise.getValue().getBytes(UTF_8));
HttpHeadersImpl headers = new HttpHeadersImpl();
// TODO: add some check on headers, maybe
- headers.addHeader("X-Promise-"+promise.getKey(), promise.getKey());
+ headers.addHeader("X-Promise", promise.getKey());
exchange.serverPush(uri, headers, is);
}
System.err.println("Server: All pushes sent");