7041044: InetAddress.getByName(String,InetAddress) added in error
authormichaelm
Mon, 02 May 2011 20:11:18 +0100
changeset 9550 c3a275ce56d3
parent 9545 f5b408c1db04
child 9551 1ca07a2f000f
7041044: InetAddress.getByName(String,InetAddress) added in error Reviewed-by: alanb
jdk/src/share/classes/java/net/InetAddress.java
jdk/src/share/classes/java/net/Socket.java
jdk/src/share/classes/java/net/SocketPermission.java
jdk/src/share/classes/sun/net/www/URLConnection.java
jdk/src/share/classes/sun/net/www/http/HttpClient.java
--- a/jdk/src/share/classes/java/net/InetAddress.java	Mon May 02 11:47:55 2011 +0100
+++ b/jdk/src/share/classes/java/net/InetAddress.java	Mon May 02 20:11:18 2011 +0100
@@ -1013,12 +1013,6 @@
         return InetAddress.getAllByName(host)[0];
     }
 
-    // called from deployment cache manager
-    public static InetAddress getByName(String host, InetAddress reqAddr)
-        throws UnknownHostException {
-        return InetAddress.getAllByName(host, reqAddr)[0];
-    }
-
     /**
      * Given the name of a host, returns an array of its IP addresses,
      * based on the configured name service on the system.
@@ -1060,11 +1054,6 @@
      */
     public static InetAddress[] getAllByName(String host)
         throws UnknownHostException {
-        return getAllByName(host, null);
-    }
-
-    private static InetAddress[] getAllByName(String host, InetAddress reqAddr)
-        throws UnknownHostException {
 
         if (host == null || host.length() == 0) {
             InetAddress[] ret = new InetAddress[1];
@@ -1124,7 +1113,7 @@
                 // We were expecting an IPv6 Litteral, but got something else
                 throw new UnknownHostException("["+host+"]");
             }
-        return getAllByName0(host, reqAddr, true);
+        return getAllByName0(host);
     }
 
     /**
@@ -1185,12 +1174,6 @@
      */
     static InetAddress[] getAllByName0 (String host, boolean check)
         throws UnknownHostException  {
-        return getAllByName0 (host, null, check);
-    }
-
-    private static InetAddress[] getAllByName0 (String host, InetAddress reqAddr, boolean check)
-        throws UnknownHostException  {
-
         /* If it gets here it is presumed to be a hostname */
         /* Cache.get can return: null, unknownAddress, or InetAddress[] */
 
@@ -1208,7 +1191,7 @@
 
         /* If no entry in cache, then do the host lookup */
         if (addresses == null) {
-            addresses = getAddressesFromNameService(host, reqAddr);
+            addresses = getAddressesFromNameService(host);
         }
 
         if (addresses == unknown_array)
@@ -1217,7 +1200,7 @@
         return addresses.clone();
     }
 
-    private static InetAddress[] getAddressesFromNameService(String host, InetAddress reqAddr)
+    private static InetAddress[] getAddressesFromNameService(String host)
         throws UnknownHostException
     {
         InetAddress[] addresses = null;
@@ -1273,32 +1256,10 @@
                     }
                 }
 
-                // More to do?
-                if (reqAddr != null && addresses.length > 1 && !addresses[0].equals(reqAddr)) {
-                    // Find it?
-                    int i = 1;
-                    for (; i < addresses.length; i++) {
-                        if (addresses[i].equals(reqAddr)) {
-                            break;
-                        }
-                    }
-                    // Rotate
-                    if (i < addresses.length) {
-                        InetAddress tmp, tmp2 = reqAddr;
-                        for (int j = 0; j < i; j++) {
-                            tmp = addresses[j];
-                            addresses[j] = tmp2;
-                            tmp2 = tmp;
-                        }
-                        addresses[i] = tmp2;
-                    }
-                }
-                // Cache the address.
+                // Cache the addresses.
                 cacheAddresses(host, addresses, success);
-
                 if (!success && ex != null)
                     throw ex;
-
             } finally {
                 // Delete host from the lookupTable and notify
                 // all threads waiting on the lookupTable monitor.
@@ -1432,7 +1393,7 @@
                     InetAddress[] localAddrs;
                     try {
                         localAddrs =
-                            InetAddress.getAddressesFromNameService(local, null);
+                            InetAddress.getAddressesFromNameService(local);
                     } catch (UnknownHostException uhe) {
                         // Rethrow with a more informative error message.
                         UnknownHostException uhe2 =
--- a/jdk/src/share/classes/java/net/Socket.java	Mon May 02 11:47:55 2011 +0100
+++ b/jdk/src/share/classes/java/net/Socket.java	Mon May 02 20:11:18 2011 +0100
@@ -127,12 +127,11 @@
             }
             if (security != null) {
                 if (epoint.isUnresolved())
-                    epoint = new InetSocketAddress(epoint.getHostName(), epoint.getPort());
-                if (epoint.isUnresolved())
-                    security.checkConnect(epoint.getHostName(), epoint.getPort());
+                    security.checkConnect(epoint.getHostName(),
+                                          epoint.getPort());
                 else
                     security.checkConnect(epoint.getAddress().getHostAddress(),
-                                  epoint.getPort());
+                                          epoint.getPort());
             }
             impl = new SocksSocketImpl(p);
             impl.setSocket(this);
--- a/jdk/src/share/classes/java/net/SocketPermission.java	Mon May 02 11:47:55 2011 +0100
+++ b/jdk/src/share/classes/java/net/SocketPermission.java	Mon May 02 20:11:18 2011 +0100
@@ -41,7 +41,6 @@
 import java.io.IOException;
 import sun.net.util.IPAddressUtil;
 import sun.security.util.SecurityConstants;
-import sun.security.util.Debug;
 
 
 /**
@@ -212,32 +211,13 @@
     // port range on host
     private transient int[] portrange;
 
-    private transient boolean defaultDeny = false;
-
-    // true if this SocketPermission represents a hostname
-    // that failed our reverse mapping heuristic test
-    private transient boolean untrusted;
-    private transient boolean trusted;
-
-    // true if the sun.net.trustNameService system property is set
-    private static boolean trustNameService;
-
-    private static Debug debug = null;
-    private static boolean debugInit = false;
+    // true if the trustProxy system property is set
+    private static boolean trustProxy;
 
     static {
         Boolean tmp = java.security.AccessController.doPrivileged(
-                new sun.security.action.GetBooleanAction("sun.net.trustNameService"));
-        trustNameService = tmp.booleanValue();
-    }
-
-    private static synchronized Debug getDebug()
-    {
-        if (!debugInit) {
-            debug = Debug.getInstance("access");
-            debugInit = true;
-        }
-        return debug;
+                new sun.security.action.GetBooleanAction("trustProxy"));
+        trustProxy = tmp.booleanValue();
     }
 
     /**
@@ -283,10 +263,6 @@
         init(getName(), mask);
     }
 
-    private void setDeny() {
-        defaultDeny = true;
-    }
-
     private static String getHost(String host)
     {
         if (host.equals("")) {
@@ -584,38 +560,6 @@
         return mask;
     }
 
-    private boolean isUntrusted()
-        throws UnknownHostException
-    {
-        if (trusted) return false;
-        if (invalid || untrusted) return true;
-        try {
-            if (!trustNameService && (defaultDeny ||
-                sun.net.www.URLConnection.isProxiedHost(hostname))) {
-                if (this.cname == null) {
-                    this.getCanonName();
-                }
-                if (!match(cname, hostname) &&
-                    (defaultDeny || !cname.equals(addresses[0].getHostAddress()))) {
-                    // Last chance
-                    if (!authorized(hostname, addresses[0].getAddress())) {
-                        untrusted = true;
-                        Debug debug = getDebug();
-                        if (debug != null && Debug.isOn("failure")) {
-                            debug.println("socket access restriction: proxied host " + "(" + addresses[0] + ")" + " does not match " + cname + " from reverse lookup");
-                        }
-                        return true;
-                    }
-                }
-                trusted = true;
-            }
-        } catch (UnknownHostException uhe) {
-            invalid = true;
-            throw uhe;
-        }
-        return false;
-    }
-
     /**
      * attempt to get the fully qualified domain name
      *
@@ -623,7 +567,7 @@
     void getCanonName()
         throws UnknownHostException
     {
-        if (cname != null || invalid || untrusted) return;
+        if (cname != null || invalid) return;
 
         // attempt to get the canonical name
 
@@ -649,141 +593,6 @@
         }
     }
 
-    private String cdomain, hdomain;
-
-    private boolean match(String cname, String hname) {
-        String a = cname.toLowerCase();
-        String b = hname.toLowerCase();
-        if (a.startsWith(b)  &&
-            ((a.length() == b.length()) || (a.charAt(b.length()) == '.')))
-            return true;
-        if (cdomain == null) {
-            cdomain = guessRegisteredDomain(a);
-        }
-        if (hdomain == null) {
-            hdomain = guessRegisteredDomain(b);
-        }
-
-        return cdomain.length() != 0 && hdomain.length() != 0
-                        && cdomain.equals(hdomain);
-    }
-
-
-    /* Apart from special cases, this checks for 2 letter TLD
-     * (usually ccTLD) and then for a specific set of common labels
-     * indicating likely 2nd level public suffixes. If both conditions
-     * true then return right most three labels. Otherwise, return
-     * 2 rightmost labels.
-     *
-     * www.sun.com. -> sun.com
-     * www.sun.co.uk -> sun.co.uk
-     * www.sun.com.au -> sun.com.au
-     */
-
-    private String guessRegisteredDomain(String cname) {
-        int dot;
-        dot = cname.lastIndexOf('.');
-        if (dot == -1)
-            return cname;
-        if (dot == 0)
-            return "";
-        if (dot == cname.length() - 1) {
-            cname = cname.substring(0, cname.length() -1);
-            dot = cname.lastIndexOf('.');
-        }
-        if (dot < 1)
-            return "";
-        int second = cname.lastIndexOf('.', dot - 1);
-        if (second == -1)
-            return cname;
-        if (((cname.length() - dot) <= 3) && ((dot - second) <= 4) && second > 0) {
-            if (dot - second == 4) {
-                String s = cname.substring(second + 1, dot);
-                if (!(s.equals("com") || s.equals("org") || s.equals("edu"))) {
-                    return cname.substring(second + 1);
-                }
-            }
-            int third = cname.lastIndexOf('.', second - 1);
-            if (third == -1)
-                return cname.substring(second + 1);
-            else
-                return cname.substring(third + 1);
-        }
-        return cname.substring(second + 1);
-    }
-
-
-    private boolean authorized(String cname, byte[] addr) {
-        if (addr.length == 4)
-            return authorizedIPv4(cname, addr);
-        else if (addr.length == 16)
-            return authorizedIPv6(cname, addr);
-        else
-            return false;
-    }
-
-    private boolean authorizedIPv4(String cname, byte[] addr) {
-            String authHost = "";
-            InetAddress auth;
-
-        try {
-            authHost = "auth." +
-                        (addr[3] & 0xff) + "." + (addr[2] & 0xff) + "." +
-                        (addr[1] & 0xff) + "." + (addr[0] & 0xff) +
-                        ".in-addr.arpa";
-            // Following check seems unnecessary
-            // auth = InetAddress.getAllByName0(authHost, false)[0];
-            authHost = hostname + '.' + authHost;
-            auth = InetAddress.getAllByName0(authHost, false)[0];
-            if (auth.equals(InetAddress.getByAddress(addr))) {
-                return true;
-            }
-            Debug debug = getDebug();
-            if (debug != null && Debug.isOn("failure")) {
-                debug.println("socket access restriction: IP address of " + auth + " != " + InetAddress.getByAddress(addr));
-            }
-        } catch (UnknownHostException uhe) {
-            Debug debug = getDebug();
-            if (debug != null && Debug.isOn("failure")) {
-                debug.println("socket access restriction: forward lookup failed for " + authHost);
-            }
-        }
-        return false;
-    }
-
-    private boolean authorizedIPv6(String cname, byte[] addr) {
-            String authHost = "";
-            InetAddress auth;
-
-        try {
-            StringBuffer sb = new StringBuffer(39);
-
-            for (int i = 15; i >= 0; i--) {
-                sb.append(Integer.toHexString(((addr[i]) & 0x0f)));
-                sb.append('.');
-                sb.append(Integer.toHexString(((addr[i] >> 4) & 0x0f)));
-                sb.append('.');
-            }
-            authHost = "auth." + sb.toString() + "IP6.ARPA";
-            //auth = InetAddress.getAllByName0(authHost, false)[0];
-            authHost = hostname + '.' + authHost;
-            auth = InetAddress.getAllByName0(authHost, false)[0];
-            if (auth.equals(InetAddress.getByAddress(addr)))
-                return true;
-            Debug debug = getDebug();
-            if (debug != null && Debug.isOn("failure")) {
-                debug.println("socket access restriction: IP address of " + auth + " != " + InetAddress.getByAddress(addr));
-            }
-        } catch (UnknownHostException uhe) {
-            Debug debug = getDebug();
-            if (debug != null && Debug.isOn("failure")) {
-                debug.println("socket access restriction: forward lookup failed for " + authHost);
-            }
-        }
-        return false;
-    }
-
-
     /**
      * get IP addresses. Sets invalid to true if we can't get them.
      *
@@ -911,7 +720,12 @@
 
         // return if either one of these NetPerm objects are invalid...
         if (this.invalid || that.invalid) {
-            return compareHostnames(that);
+            return (trustProxy ? inProxyWeTrust(that) : false);
+        }
+
+
+        if (this.getName().equalsIgnoreCase(that.getName())) {
+            return true;
         }
 
         try {
@@ -964,29 +778,28 @@
                 that.getIP();
             }
 
-            if (!(that.init_with_ip && this.isUntrusted())) {
-                for (j = 0; j < this.addresses.length; j++) {
-                    for (i=0; i < that.addresses.length; i++) {
-                        if (this.addresses[j].equals(that.addresses[i]))
-                            return true;
-                    }
+            for (j = 0; j < this.addresses.length; j++) {
+                for (i=0; i < that.addresses.length; i++) {
+                    if (this.addresses[j].equals(that.addresses[i]))
+                        return true;
                 }
-
-                // XXX: if all else fails, compare hostnames?
-                // Do we really want this?
-                if (this.cname == null) {
-                    this.getCanonName();
-                }
-
-                if (that.cname == null) {
-                    that.getCanonName();
-                }
-
-                return (this.cname.equalsIgnoreCase(that.cname));
             }
 
+            // XXX: if all else fails, compare hostnames?
+            // Do we really want this?
+            if (this.cname == null) {
+                this.getCanonName();
+            }
+
+            if (that.cname == null) {
+                that.getCanonName();
+            }
+
+            return (this.cname.equalsIgnoreCase(that.cname));
+
         } catch (UnknownHostException uhe) {
-            return compareHostnames(that);
+            if (trustProxy)
+                return inProxyWeTrust(that);
         }
 
         // make sure the first thing that is done here is to return
@@ -995,23 +808,19 @@
         return false;
     }
 
-    private boolean compareHostnames(SocketPermission that) {
-        // we see if the original names/IPs passed in were equal.
+    private boolean inProxyWeTrust(SocketPermission that) {
+        // if we trust the proxy, we see if the original names/IPs passed
+        // in were equal.
 
         String thisHost = hostname;
         String thatHost = that.hostname;
 
-        if (thisHost == null) {
+        if (thisHost == null)
             return false;
-        } else if (this.wildcard) {
-            final int cnameLength = this.cname.length();
-            return thatHost.regionMatches(true,
-                (thatHost.length() - cnameLength), this.cname, 0, cnameLength);
-        } else {
+        else
             return thisHost.equalsIgnoreCase(thatHost);
-        }
+
     }
-
     /**
      * Checks two SocketPermission objects for equality.
      * <P>
--- a/jdk/src/share/classes/sun/net/www/URLConnection.java	Mon May 02 11:47:55 2011 +0100
+++ b/jdk/src/share/classes/sun/net/www/URLConnection.java	Mon May 02 20:11:18 2011 +0100
@@ -238,14 +238,4 @@
     public void close() {
         url = null;
     }
-
-    private static HashMap<String,Void> proxiedHosts = new HashMap<>();
-
-    public synchronized static void setProxiedHost(String host) {
-        proxiedHosts.put(host.toLowerCase(), null);
-    }
-
-    public synchronized static boolean isProxiedHost(String host) {
-        return proxiedHosts.containsKey(host.toLowerCase());
-    }
 }
--- a/jdk/src/share/classes/sun/net/www/http/HttpClient.java	Mon May 02 11:47:55 2011 +0100
+++ b/jdk/src/share/classes/sun/net/www/http/HttpClient.java	Mon May 02 20:11:18 2011 +0100
@@ -301,11 +301,7 @@
         } else {
             SecurityManager security = System.getSecurityManager();
             if (security != null) {
-                if (ret.proxy == Proxy.NO_PROXY || ret.proxy == null) {
-                    security.checkConnect(InetAddress.getByName(url.getHost()).getHostAddress(), url.getPort());
-                } else {
-                    security.checkConnect(url.getHost(), url.getPort());
-                }
+                security.checkConnect(url.getHost(), url.getPort());
             }
             ret.url = url;
         }
@@ -461,11 +457,11 @@
     protected synchronized void openServer() throws IOException {
 
         SecurityManager security = System.getSecurityManager();
+        if (security != null) {
+            security.checkConnect(host, port);
+        }
 
         if (keepingAlive) { // already opened
-            if (security != null) {
-                security.checkConnect(host, port);
-            }
             return;
         }
 
@@ -473,19 +469,11 @@
             url.getProtocol().equals("https") ) {
 
             if ((proxy != null) && (proxy.type() == Proxy.Type.HTTP)) {
-                sun.net.www.URLConnection.setProxiedHost(host);
-                if (security != null) {
-                    security.checkConnect(host,port);
-                }
                 privilegedOpenServer((InetSocketAddress) proxy.address());
                 usingProxy = true;
                 return;
             } else {
                 // make direct connection
-                if (security != null) {
-                    // redundant?
-                    security.checkConnect(host, port);
-                }
                 openServer(host, port);
                 usingProxy = false;
                 return;
@@ -496,19 +484,11 @@
              * ftp url.
              */
             if ((proxy != null) && (proxy.type() == Proxy.Type.HTTP)) {
-                sun.net.www.URLConnection.setProxiedHost(host);
-                if (security != null) {
-                    security.checkConnect(host,port);
-                }
                 privilegedOpenServer((InetSocketAddress) proxy.address());
                 usingProxy = true;
                 return;
             } else {
                 // make direct connection
-                if (security != null) {
-                    // redundant?
-                    security.checkConnect(host, port);
-                }
                 super.openServer(host, port);
                 usingProxy = false;
                 return;