8199849: Add support for UTF-8 encoded credentials in HTTP Basic Authentication
Reviewed-by: chegar, dfuchs
--- a/src/java.base/share/classes/sun/net/www/protocol/http/BasicAuthentication.java Thu Aug 22 13:47:14 2019 +0200
+++ b/src/java.base/share/classes/sun/net/www/protocol/http/BasicAuthentication.java Thu Aug 22 14:36:10 2019 +0100
@@ -29,11 +29,17 @@
import java.net.URI;
import java.net.URISyntaxException;
import java.net.PasswordAuthentication;
+import java.nio.ByteBuffer;
+import java.nio.CharBuffer;
+import java.nio.charset.Charset;
import java.io.IOException;
import java.io.OutputStream;
+import java.util.Arrays;
import java.util.Base64;
import java.util.Objects;
import sun.net.www.HeaderParser;
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static java.nio.charset.StandardCharsets.ISO_8859_1;
/**
* BasicAuthentication: Encapsulate an http server authentication using
@@ -49,37 +55,18 @@
/** The authentication string for this host, port, and realm. This is
a simple BASE64 encoding of "login:password". */
- String auth;
+ final String auth;
/**
* Create a BasicAuthentication
*/
public BasicAuthentication(boolean isProxy, String host, int port,
String realm, PasswordAuthentication pw,
- String authenticatorKey) {
+ boolean isUTF8, String authenticatorKey) {
super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION,
AuthScheme.BASIC, host, port, realm,
Objects.requireNonNull(authenticatorKey));
- String plain = pw.getUserName() + ":";
- byte[] nameBytes = null;
- try {
- nameBytes = plain.getBytes("ISO-8859-1");
- } catch (java.io.UnsupportedEncodingException uee) {
- assert false;
- }
-
- // get password bytes
- char[] passwd = pw.getPassword();
- byte[] passwdBytes = new byte[passwd.length];
- for (int i=0; i<passwd.length; i++)
- passwdBytes[i] = (byte)passwd[i];
-
- // concatenate user name and password bytes and encode them
- byte[] concat = new byte[nameBytes.length + passwdBytes.length];
- System.arraycopy(nameBytes, 0, concat, 0, nameBytes.length);
- System.arraycopy(passwdBytes, 0, concat, nameBytes.length,
- passwdBytes.length);
- this.auth = "Basic " + Base64.getEncoder().encodeToString(concat);
+ this.auth = authValueFrom(pw, isUTF8);
this.pw = pw;
}
@@ -99,32 +86,28 @@
* Create a BasicAuthentication
*/
public BasicAuthentication(boolean isProxy, URL url, String realm,
- PasswordAuthentication pw,
+ PasswordAuthentication pw, boolean isUTF8,
String authenticatorKey) {
super(isProxy ? PROXY_AUTHENTICATION : SERVER_AUTHENTICATION,
AuthScheme.BASIC, url, realm,
Objects.requireNonNull(authenticatorKey));
- String plain = pw.getUserName() + ":";
- byte[] nameBytes = null;
- try {
- nameBytes = plain.getBytes("ISO-8859-1");
- } catch (java.io.UnsupportedEncodingException uee) {
- assert false;
- }
+ this.auth = authValueFrom(pw, isUTF8);
+ this.pw = pw;
+ }
- // get password bytes
- char[] passwd = pw.getPassword();
- byte[] passwdBytes = new byte[passwd.length];
- for (int i=0; i<passwd.length; i++)
- passwdBytes[i] = (byte)passwd[i];
-
- // concatenate user name and password bytes and encode them
- byte[] concat = new byte[nameBytes.length + passwdBytes.length];
- System.arraycopy(nameBytes, 0, concat, 0, nameBytes.length);
- System.arraycopy(passwdBytes, 0, concat, nameBytes.length,
- passwdBytes.length);
- this.auth = "Basic " + Base64.getEncoder().encodeToString(concat);
- this.pw = pw;
+ private static String authValueFrom(PasswordAuthentication pw, boolean isUTF8) {
+ String plain = pw.getUserName() + ":";
+ char[] password = pw.getPassword();
+ CharBuffer cbuf = CharBuffer.allocate(plain.length() + password.length);
+ cbuf.put(plain).put(password).flip();
+ Charset charset = isUTF8 ? UTF_8 : ISO_8859_1;
+ ByteBuffer buf = charset.encode(cbuf);
+ ByteBuffer enc = Base64.getEncoder().encode(buf);
+ String ret = "Basic " + new String(enc.array(), enc.position(), enc.remaining(), ISO_8859_1);
+ Arrays.fill(buf.array(), (byte) 0);
+ Arrays.fill(enc.array(), (byte) 0);
+ Arrays.fill(cbuf.array(), (char) 0);
+ return ret;
}
/**
--- a/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Thu Aug 22 13:47:14 2019 +0200
+++ b/src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java Thu Aug 22 14:36:10 2019 +0100
@@ -2265,6 +2265,8 @@
if (host != null && authhdr.isPresent()) {
HeaderParser p = authhdr.headerParser();
String realm = p.findValue("realm");
+ String charset = p.findValue("charset");
+ boolean isUTF8 = (charset != null && charset.equalsIgnoreCase("UTF-8"));
String scheme = authhdr.scheme();
AuthScheme authScheme = UNKNOWN;
if ("basic".equalsIgnoreCase(scheme)) {
@@ -2310,7 +2312,7 @@
realm, scheme, url, RequestorType.PROXY);
if (a != null) {
ret = new BasicAuthentication(true, host, port, realm, a,
- getAuthenticatorKey());
+ isUTF8, getAuthenticatorKey());
}
break;
case DIGEST:
@@ -2428,6 +2430,8 @@
HeaderParser p = authhdr.headerParser();
String realm = p.findValue("realm");
String scheme = authhdr.scheme();
+ String charset = p.findValue("charset");
+ boolean isUTF8 = (charset != null && charset.equalsIgnoreCase("UTF-8"));
AuthScheme authScheme = UNKNOWN;
if ("basic".equalsIgnoreCase(scheme)) {
authScheme = BASIC;
@@ -2479,7 +2483,7 @@
realm, scheme, url, RequestorType.SERVER);
if (a != null) {
ret = new BasicAuthentication(false, url, realm, a,
- getAuthenticatorKey());
+ isUTF8, getAuthenticatorKey());
}
break;
case DIGEST:
--- a/src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java Thu Aug 22 13:47:14 2019 +0200
+++ b/src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java Thu Aug 22 14:36:10 2019 +0100
@@ -32,6 +32,7 @@
import java.net.InetSocketAddress;
import java.net.URISyntaxException;
import java.net.URL;
+import java.nio.charset.Charset;
import java.util.Base64;
import java.util.LinkedList;
import java.util.List;
@@ -43,6 +44,7 @@
import static java.net.Authenticator.RequestorType.PROXY;
import static java.net.Authenticator.RequestorType.SERVER;
import static java.nio.charset.StandardCharsets.ISO_8859_1;
+import static java.nio.charset.StandardCharsets.UTF_8;
/**
* Implementation of Http Basic authentication.
@@ -155,8 +157,8 @@
if (proxyURI != null) {
CacheEntry ca = cache.get(proxyURI, true);
if (ca != null) {
- exchange.proxyauth = new AuthInfo(true, ca.scheme, null, ca);
- addBasicCredentials(r, true, ca.value);
+ exchange.proxyauth = new AuthInfo(true, ca.scheme, null, ca, ca.isUTF8);
+ addBasicCredentials(r, true, ca.value, ca.isUTF8);
}
}
}
@@ -165,8 +167,8 @@
if (exchange.serverauth == null) {
CacheEntry ca = cache.get(r.uri(), false);
if (ca != null) {
- exchange.serverauth = new AuthInfo(true, ca.scheme, null, ca);
- addBasicCredentials(r, false, ca.value);
+ exchange.serverauth = new AuthInfo(true, ca.scheme, null, ca, ca.isUTF8);
+ addBasicCredentials(r, false, ca.value, ca.isUTF8);
}
}
}
@@ -174,11 +176,13 @@
// TODO: refactor into per auth scheme class
private static void addBasicCredentials(HttpRequestImpl r,
boolean proxy,
- PasswordAuthentication pw) {
+ PasswordAuthentication pw,
+ boolean isUTF8) {
String hdrname = proxy ? "Proxy-Authorization" : "Authorization";
StringBuilder sb = new StringBuilder(128);
sb.append(pw.getUserName()).append(':').append(pw.getPassword());
- String s = encoder.encodeToString(sb.toString().getBytes(ISO_8859_1));
+ var charset = isUTF8 ? UTF_8 : ISO_8859_1;
+ String s = encoder.encodeToString(sb.toString().getBytes(charset));
String value = "Basic " + s;
if (proxy) {
if (r.isConnect()) {
@@ -203,35 +207,36 @@
int retries;
PasswordAuthentication credentials; // used in request
CacheEntry cacheEntry; // if used
+ final boolean isUTF8; //
AuthInfo(boolean fromcache,
String scheme,
- PasswordAuthentication credentials) {
+ PasswordAuthentication credentials, boolean isUTF8) {
this.fromcache = fromcache;
this.scheme = scheme;
this.credentials = credentials;
this.retries = 1;
+ this.isUTF8 = isUTF8;
}
AuthInfo(boolean fromcache,
String scheme,
PasswordAuthentication credentials,
- CacheEntry ca) {
- this(fromcache, scheme, credentials);
+ CacheEntry ca, boolean isUTF8) {
+ this(fromcache, scheme, credentials, isUTF8);
assert credentials == null || (ca != null && ca.value == null);
cacheEntry = ca;
}
- AuthInfo retryWithCredentials(PasswordAuthentication pw) {
+ AuthInfo retryWithCredentials(PasswordAuthentication pw, boolean isUTF8) {
// If the info was already in the cache we need to create a new
// instance with fromCache==false so that it's put back in the
// cache if authentication succeeds
- AuthInfo res = fromcache ? new AuthInfo(false, scheme, pw) : this;
+ AuthInfo res = fromcache ? new AuthInfo(false, scheme, pw, isUTF8) : this;
res.credentials = Objects.requireNonNull(pw);
res.retries = retries;
return res;
}
-
}
@Override
@@ -245,13 +250,13 @@
// check if any authentication succeeded for first time
if (exchange.serverauth != null && !exchange.serverauth.fromcache) {
AuthInfo au = exchange.serverauth;
- cache.store(au.scheme, req.uri(), false, au.credentials);
+ cache.store(au.scheme, req.uri(), false, au.credentials, au.isUTF8);
}
if (exchange.proxyauth != null && !exchange.proxyauth.fromcache) {
AuthInfo au = exchange.proxyauth;
URI proxyURI = getProxyURI(req);
if (proxyURI != null) {
- cache.store(au.scheme, proxyURI, true, au.credentials);
+ cache.store(au.scheme, proxyURI, true, au.credentials, au.isUTF8);
}
}
return null;
@@ -264,11 +269,14 @@
throw new IOException(authname + " header missing for response code " + status);
}
String authval = null;
+ boolean isUTF8 = false;
for (String aval : authvals) {
HeaderParser parser = new HeaderParser(aval);
String scheme = parser.findKey(0);
if (scheme.equalsIgnoreCase("Basic")) {
authval = aval;
+ var charset = parser.findValue("charset");
+ isUTF8 = (charset != null && charset.equalsIgnoreCase("UTF-8"));
break;
}
}
@@ -302,14 +310,14 @@
throw new IOException("No credentials provided");
}
// No authentication in request. Get credentials from user
- au = new AuthInfo(false, "Basic", pw);
+ au = new AuthInfo(false, "Basic", pw, isUTF8);
if (proxy) {
exchange.proxyauth = au;
} else {
exchange.serverauth = au;
}
req = HttpRequestImpl.newInstanceForAuthentication(req);
- addBasicCredentials(req, proxy, pw);
+ addBasicCredentials(req, proxy, pw, isUTF8);
return req;
} else if (au.retries > retry_limit) {
throw new IOException("too many authentication attempts. Limit: " +
@@ -328,14 +336,14 @@
if (pw == null) {
throw new IOException("No credentials provided");
}
- au = au.retryWithCredentials(pw);
+ au = au.retryWithCredentials(pw, isUTF8);
if (proxy) {
exchange.proxyauth = au;
} else {
exchange.serverauth = au;
}
req = HttpRequestImpl.newInstanceForAuthentication(req);
- addBasicCredentials(req, proxy, au.credentials);
+ addBasicCredentials(req, proxy, au.credentials, isUTF8);
au.retries++;
return req;
}
@@ -387,9 +395,9 @@
synchronized void store(String authscheme,
URI domain,
boolean proxy,
- PasswordAuthentication value) {
+ PasswordAuthentication value, boolean isUTF8) {
remove(authscheme, domain, proxy);
- entries.add(new CacheEntry(authscheme, domain, proxy, value));
+ entries.add(new CacheEntry(authscheme, domain, proxy, value, isUTF8));
}
}
@@ -417,15 +425,17 @@
final String scheme;
final boolean proxy;
final PasswordAuthentication value;
+ final boolean isUTF8;
CacheEntry(String authscheme,
URI uri,
boolean proxy,
- PasswordAuthentication value) {
+ PasswordAuthentication value, boolean isUTF8) {
this.scheme = authscheme;
this.root = normalize(uri, true).toString(); // remove extraneous components
this.proxy = proxy;
this.value = value;
+ this.isUTF8 = isUTF8;
}
public PasswordAuthentication value() {
--- a/src/jdk.httpserver/share/classes/com/sun/net/httpserver/BasicAuthenticator.java Thu Aug 22 13:47:14 2019 +0200
+++ b/src/jdk.httpserver/share/classes/com/sun/net/httpserver/BasicAuthenticator.java Thu Aug 22 14:36:10 2019 +0100
@@ -25,7 +25,11 @@
package com.sun.net.httpserver;
+import java.nio.charset.Charset;
import java.util.Base64;
+import java.util.Objects;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
/**
* BasicAuthenticator provides an implementation of HTTP Basic
@@ -35,15 +39,44 @@
*/
public abstract class BasicAuthenticator extends Authenticator {
- protected String realm;
+ protected final String realm;
+ protected final Charset charset;
+ private final boolean isUTF8;
+
+ /**
+ * Creates a BasicAuthenticator for the given HTTP realm.
+ * The Basic authentication credentials (username and password) are decoded
+ * using the platform's {@link Charset#defaultCharset() default character set}.
+ *
+ * @param realm The HTTP Basic authentication realm
+ * @throws NullPointerException if realm is {@code null}
+ * @throws IllegalArgumentException if realm is an empty string
+ */
+ public BasicAuthenticator (String realm) {
+ this(realm, Charset.defaultCharset());
+ }
/**
- * Creates a BasicAuthenticator for the given HTTP realm
+ * Creates a BasicAuthenticator for the given HTTP realm and using the
+ * given {@link Charset} to decode the Basic authentication credentials
+ * (username and password).
+ *
+ * @apiNote {@code UTF-8} is the recommended charset because its usage is
+ * communicated to the client, and therefore more likely to be used also
+ * by the client.
+ *
* @param realm The HTTP Basic authentication realm
- * @throws NullPointerException if the realm is an empty string
+ * @param charset The Charset to decode incoming credentials from the client
+ * @throws NullPointerException if realm or charset are {@code null}
+ * @throws IllegalArgumentException if realm is an empty string
*/
- public BasicAuthenticator (String realm) {
+ public BasicAuthenticator (String realm, Charset charset) {
+ Objects.requireNonNull(charset);
+ if (realm.isEmpty()) // implicit NPE check
+ throw new IllegalArgumentException("realm must not be empty");
this.realm = realm;
+ this.charset = charset;
+ this.isUTF8 = charset.equals(UTF_8);
}
/**
@@ -63,7 +96,9 @@
String auth = rmap.getFirst ("Authorization");
if (auth == null) {
Headers map = t.getResponseHeaders();
- map.set ("WWW-Authenticate", "Basic realm=" + "\""+realm+"\"");
+ var authString = "Basic realm=" + "\"" + realm + "\"" +
+ (isUTF8 ? " charset=\"UTF-8\"" : "");
+ map.set ("WWW-Authenticate", authString);
return new Authenticator.Retry (401);
}
int sp = auth.indexOf (' ');
@@ -71,7 +106,7 @@
return new Authenticator.Failure (401);
}
byte[] b = Base64.getDecoder().decode(auth.substring(sp+1));
- String userpass = new String (b);
+ String userpass = new String (b, charset);
int colon = userpass.indexOf (':');
String uname = userpass.substring (0, colon);
String pass = userpass.substring (colon+1);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/com/sun/net/httpserver/bugs/8199849/BasicAuthenticatorCharset.java Thu Aug 22 14:36:10 2019 +0100
@@ -0,0 +1,191 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8199849
+ * @library /test/lib
+ * @run main/othervm/timeout=6000 BasicAuthenticatorCharset
+ * @summary Check for correct use of character sets with BasicAuthenticator() authentication
+ */
+
+import com.sun.net.httpserver.*;
+import jdk.test.lib.net.URIBuilder;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.*;
+
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.Executors;
+import java.nio.charset.Charset;
+
+import static java.nio.charset.StandardCharsets.UTF_8;
+import static java.nio.charset.StandardCharsets.ISO_8859_1;
+
+/**
+ * Test authentication
+ */
+
+public class BasicAuthenticatorCharset {
+
+ public static volatile int failCount = 0;
+
+ static final String TEST_USER = "test";
+ static final String UNICODE_PW = "Selam D\u00fcnya. Ho\u015f\u00e7akal D\u00fcnya";
+
+ static Handler testHandler;
+ static HttpServer testHttpServer;
+ static java.net.Authenticator clientAuth;
+ static HttpClient client;
+
+ static class Handler implements HttpHandler {
+ public void handle(HttpExchange t) throws IOException {
+ InputStream is = t.getRequestBody();
+ while (is.read() != -1) ;
+ is.close();
+ t.sendResponseHeaders(200, -1);
+ t.close();
+ }
+ }
+
+ static class ClientAuthenticator extends java.net.Authenticator {
+ public PasswordAuthentication getPasswordAuthentication() {
+ return new PasswordAuthentication(TEST_USER, UNICODE_PW.toCharArray());
+ }
+ }
+
+ static void setAuthenticationPW(String path, String realm, String testPW, Charset charset) {
+ HttpContext ctx = testHttpServer.createContext(path, testHandler);
+ BasicAuthenticator auth;
+ if (charset != null) {
+ auth = new BasicAuthenticator(realm, charset) {
+ public boolean checkCredentials(String username, String pw) {
+ return username.equals(TEST_USER) && pw.equals(testPW);
+ }
+ };
+ } else {
+ auth = new BasicAuthenticator(realm) {
+ public boolean checkCredentials(String username, String pw) {
+ return username.equals(TEST_USER) && pw.equals(testPW);
+ }
+ };
+ }
+ ctx.setAuthenticator(auth);
+ }
+
+ static void connectAndAuth(String path, int expectedStatus) throws Exception {
+ // path is prepended with /old or /new for old and new http client
+ URL oldurl = URIBuilder.newBuilder()
+ .scheme("http")
+ .loopback()
+ .port(testHttpServer.getAddress().getPort())
+ .path("/old" + path)
+ .toURL();
+
+ URI newuri = URIBuilder.newBuilder()
+ .scheme("http")
+ .loopback()
+ .port(testHttpServer.getAddress().getPort())
+ .path("/new" + path)
+ .build();
+
+ // check old client
+
+ HttpURLConnection testConnection = (HttpURLConnection) oldurl.openConnection(Proxy.NO_PROXY);
+
+ // Check for successful authentication
+ int status = testConnection.getResponseCode();
+ if (status != 401) {
+ InputStream is = testConnection.getInputStream();
+ while (is.read() != -1) ;
+ is.close();
+ }
+ if (status != expectedStatus) {
+ System.err.println("Error (old): " + path);
+ failCount++;
+ }
+
+ HttpRequest request = HttpRequest.newBuilder()
+ .uri(newuri)
+ .GET()
+ .build();
+
+ status = -1;
+ try {
+ HttpResponse<Void> response = client.send(request, HttpResponse.BodyHandlers.discarding());
+ status = response.statusCode();
+ } catch (IOException e) {
+ System.out.println("NEW: " + e);
+ status = 401; // limitation in new API.
+ }
+ if (status != expectedStatus) {
+ System.err.println("Error (new): " + path);
+ failCount++;
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+ clientAuth = new ClientAuthenticator();
+ client = HttpClient.newBuilder()
+ .authenticator(clientAuth)
+ .build();
+
+ String defaultCharset = System.getProperty("file.encoding");
+ boolean isUTF8 = defaultCharset.equalsIgnoreCase("UTF-8");
+ testHandler = new Handler();
+ InetSocketAddress addr = new InetSocketAddress(0);
+ testHttpServer = HttpServer.create(addr, 0);
+
+ // Set the passing credentials OLD client
+ setAuthenticationPW("/old/test1/", "passingCharset@test.realm", UNICODE_PW, UTF_8);
+ setAuthenticationPW("/old/test2/", "failingCharset@test.realm", UNICODE_PW, ISO_8859_1);
+ setAuthenticationPW("/old/test3/", "defaultCharset@test.realm", UNICODE_PW, null);
+
+ // Set the passing credentials NEW client
+ setAuthenticationPW("/new/test1/", "passingCharset@test.realm", UNICODE_PW, UTF_8);
+ setAuthenticationPW("/new/test2/", "failingCharset@test.realm", UNICODE_PW, ISO_8859_1);
+ setAuthenticationPW("/new/test3/", "defaultCharset@test.realm", UNICODE_PW, null);
+
+ ExecutorService executor = Executors.newCachedThreadPool();
+ testHttpServer.setExecutor(executor);
+ testHttpServer.start();
+ java.net.Authenticator.setDefault(clientAuth);
+
+ connectAndAuth("/test1/passingCharset.html", 200);
+ connectAndAuth("/test2/failingCharset.html", 401);
+ if (isUTF8) {
+ connectAndAuth("/test3/defaultCharset.html", 200);
+ }
+
+ testHttpServer.stop(2);
+ executor.shutdown();
+
+ // should fail once with UNICODE_PW and unsupporting character set
+ if (failCount > 0)
+ throw new RuntimeException("Fail count : " + failCount);
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/com/sun/net/httpserver/bugs/8199849/ParamTest.java Thu Aug 22 14:36:10 2019 +0100
@@ -0,0 +1,229 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+import java.io.*;
+import java.net.*;
+import java.net.http.HttpClient;
+import java.net.http.HttpRequest;
+import java.net.http.HttpResponse;
+import java.util.*;
+import java.nio.charset.StandardCharsets;
+import jdk.test.lib.net.URIBuilder;
+
+/**
+ * @test
+ * @bug 8199849
+ * @summary
+ * @library /test/lib
+ * @run main/othervm ParamTest
+ * @run main/othervm -Djava.net.preferIPv6Addresses=true ParamTest
+ */
+
+public class ParamTest {
+
+ static final String[] variants = {
+ " charset=utf-8",
+ " charset=UtF-8",
+ " charset=\"utF-8\"",
+ " charset=\"UtF-8\""
+ };
+
+ static final int LOOPS = variants.length;
+
+ volatile static boolean error = false;
+
+ static class BasicServer extends Thread {
+
+ final ServerSocket server;
+
+ Socket s;
+ InputStream is;
+ OutputStream os;
+
+ static final String realm = "wallyworld";
+
+ String reply1 = "HTTP/1.1 401 Unauthorized\r\n"+
+ "WWW-Authenticate: Basic realm=\""+realm+"\"\r\n";
+
+ String reply2 = "HTTP/1.1 200 OK\r\n"+
+ "Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
+ "Server: Apache/1.3.14 (Unix)\r\n" +
+ "Connection: close\r\n" +
+ "Content-Type: text/html; charset=iso-8859-1\r\n" +
+ "Content-Length: 10\r\n\r\n";
+
+ BasicServer(ServerSocket s) {
+ server = s;
+ }
+
+ String readHeaders(Socket sock) throws IOException {
+ InputStream is = sock.getInputStream();
+ String s = "";
+ byte[] buf = new byte[1024];
+ while (!s.endsWith("\r\n\r\n")) {
+ int c = is.read(buf);
+ if (c == -1)
+ return s;
+ String f = new String(buf, 0, c, StandardCharsets.ISO_8859_1);
+ s = s + f;
+ }
+ return s;
+ }
+
+ void check(String s, int iteration) {
+ if (s.indexOf(encodedAuthString) == -1) {
+ System.err.printf("On iteration %d, wrong auth string received %s\n", iteration, s);
+ error = true;
+ } else {
+ System.err.println("check: correct auth string received");
+ }
+ }
+
+ public void run() {
+ try {
+ for (int j = 0; j < 2; j++)
+ for (int i = 0; i < LOOPS; i++) {
+ System.out.println("Server 1: accept");
+ s = server.accept();
+ readHeaders(s);
+ System.out.println("accepted");
+ os = s.getOutputStream();
+ String str = reply1 + variants[i] + "\r\n\r\n";
+ os.write(str.getBytes());
+
+ System.out.println("Server 2: accept");
+ Socket s1 = server.accept();
+ String request = readHeaders(s1);
+ check(request, i);
+ System.out.println("accepted");
+ os = s1.getOutputStream();
+ os.write((reply2 + "HelloWorld").getBytes());
+ os.flush();
+ s.close();
+ s1.close();
+ finished();
+ }
+ } catch (Exception e) {
+ System.out.println(e);
+ error = true;
+ }
+ }
+
+ public synchronized void finished() {
+ notifyAll();
+ }
+
+ }
+
+ static final String password = "Selam D\u00fcnya.";
+
+ // "user : <password above>" encoded in UTF-8 and converted to Base 64
+
+ static final String encodedAuthString = "dXNlcjpTZWxhbSBEw7xueWEu";
+
+ static class MyAuthenticator extends Authenticator {
+ MyAuthenticator() {
+ super();
+ }
+
+ public PasswordAuthentication getPasswordAuthentication()
+ {
+ System.out.println("Auth called");
+ return (new PasswordAuthentication ("user", password.toCharArray()));
+ }
+ }
+
+
+ static void read(InputStream is) throws IOException {
+ int c;
+ System.out.println("reading");
+ while ((c=is.read()) != -1) {
+ System.out.write(c);
+ }
+ System.out.println("");
+ System.out.println("finished reading");
+ }
+
+ public static void main(String args[]) throws Exception {
+ MyAuthenticator auth = new MyAuthenticator();
+ Authenticator.setDefault(auth);
+ InetAddress loopback = InetAddress.getLoopbackAddress();
+ ServerSocket ss = new ServerSocket();
+ ss.bind(new InetSocketAddress(loopback, 0));
+ int port = ss.getLocalPort();
+ BasicServer server = new BasicServer(ss);
+ synchronized (server) {
+ server.start();
+ System.out.println("client 1");
+ String base = URIBuilder.newBuilder()
+ .scheme("http")
+ .loopback()
+ .port(port)
+ .path("/")
+ .build()
+ .toString();
+ URL url = new URL(base + "d1/d2/d3/foo.html");
+
+ for (int i = 0; i < LOOPS; i++) {
+ URLConnection urlc = url.openConnection(Proxy.NO_PROXY);
+ InputStream is = urlc.getInputStream();
+ read(is);
+ System.out.println("Client: waiting for notify");
+ server.wait();
+ System.out.println("Client: continue");
+ // check if authenticator was called once (ok) or twice (not)
+ if (error) {
+ System.err.println("Error old client iteration " + i);
+ }
+ }
+
+ URI uri = url.toURI();
+ HttpClient client = HttpClient.newBuilder()
+ .authenticator(auth)
+ .build();
+
+ HttpRequest request = HttpRequest
+ .newBuilder(uri)
+ .GET()
+ .build();
+
+ for (int i = 0; i < LOOPS; i++) {
+ HttpResponse<Void> response = client.send(request, HttpResponse.BodyHandlers.discarding());
+ int status = response.statusCode();
+ if (status != 200) {
+ System.err.printf("Error new client (%d) iteration ",
+ status, i);
+ error = true;
+ } else
+ System.err.println("New client ok iteration " + i);
+ System.out.println("New Client: waiting for notify");
+ server.wait();
+ System.out.println("New Client: continue");
+ }
+
+ if (error) {
+ throw new RuntimeException("Test failed");
+ }
+ }
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/test/jdk/com/sun/net/httpserver/bugs/8199849/TestHttpUnicode.java Thu Aug 22 14:36:10 2019 +0100
@@ -0,0 +1,100 @@
+/*
+ * Copyright (c) 2019, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+/**
+ * @test
+ * @bug 8199849
+ * @library /test/lib
+ * @summary Checks that unicode bytes are being handled correctly
+ * @run main/othervm -Dfile.encoding=UTF_8 TestHttpUnicode
+ */
+
+import com.sun.net.httpserver.*;
+import jdk.test.lib.net.URIBuilder;
+
+import java.io.IOException;
+import java.io.InputStream;
+import java.net.*;
+
+public class TestHttpUnicode {
+
+ private static final String TEST_USER = "Selam D\u00fcnya. Ho\u015f\u00e7akal D\u00fcnya";
+ private static final String TEST_PW = "Selam D\u00fcnya. Ho\u015f\u00e7akal D\u00fcnya";
+
+ static class ClientAuthenticator extends java.net.Authenticator {
+ public PasswordAuthentication getPasswordAuthentication() {
+ return new PasswordAuthentication(TEST_USER, TEST_PW.toCharArray());
+ }
+ }
+
+ static class Handler implements HttpHandler {
+ public void handle(HttpExchange t) throws IOException {
+ InputStream is = t.getRequestBody();
+ while (is.read() != -1) ;
+ is.close();
+
+ HttpPrincipal p = t.getPrincipal();
+ if (p.getUsername().equals(TEST_USER)) {
+ t.sendResponseHeaders(200, -1);
+ }
+ t.close();
+ }
+ }
+
+ public static void main(String[] args) throws Exception {
+ HttpServer testHttpServer = null;
+ try {
+ InetSocketAddress loopbackAddress = new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);
+ testHttpServer = HttpServer.create(loopbackAddress, 0);
+ HttpContext context = testHttpServer.createContext("/test", new Handler());
+ System.setProperty("http.maxRedirects", "3");
+
+ BasicAuthenticator serverAuthenticator = new BasicAuthenticator("authCharacterSet@test.realm") {
+ public boolean checkCredentials(String username, String pw) {
+ return username.equals(TEST_USER) && pw.equals(TEST_PW);
+ }
+ };
+ context.setAuthenticator(serverAuthenticator);
+ java.net.Authenticator.setDefault(new ClientAuthenticator());
+
+ testHttpServer.start();
+ URL url = URIBuilder.newBuilder()
+ .scheme("http")
+ .loopback()
+ .port(testHttpServer.getAddress().getPort())
+ .path("/test/authCharacterSet.html")
+ .toURL();
+ HttpURLConnection testConnection = (HttpURLConnection) url.openConnection(Proxy.NO_PROXY);
+
+ // Authenication CHECK
+ if (testConnection.getResponseCode() == 401) {
+ throw new RuntimeException("Test Authentication failed with HTTP Status 401.");
+ }
+
+ InputStream is = testConnection.getInputStream();
+ while (is.read() != -1) ;
+ } finally {
+ testHttpServer.stop(2);
+ }
+ }
+}