stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8344190: Cleanup code in sun.net.www.protocol.http and sun.net.www.protocol.https after JEP 486 integration

Browse Source 
Reviewed-by: dfuchs
This commit is contained in:
Jaikiran Pai 2024-11-20 12:29:32 +00:00
parent 7bb4474d81
commit 6f4dfa6626
9 changed files with 129 additions and 669 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -32,7 +32,6 @@ import java.util.HashMap;
import java.util.Set; import java.util.Set;
import sun.net.www.*; import sun.net.www.*;
import sun.security.action.GetPropertyAction;
/** /**
* This class is used to parse the information in WWW-Authenticate: and Proxy-Authenticate: * This class is used to parse the information in WWW-Authenticate: and Proxy-Authenticate:
@ -98,7 +97,7 @@ public class AuthenticationHeader {
} }
static { static {
String pref = GetPropertyAction.privilegedGetProperty("http.auth.preference"); String pref = System.getProperty("http.auth.preference");
// http.auth.preference can be set to SPNEGO or Kerberos. // http.auth.preference can be set to SPNEGO or Kerberos.
// In fact they means "Negotiate with SPNEGO" and "Negotiate with // In fact they means "Negotiate with SPNEGO" and "Negotiate with

9
src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1995, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1995, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -25,8 +25,6 @@
package sun.net.www.protocol.http; package sun.net.www.protocol.http;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.net.PasswordAuthentication; import java.net.PasswordAuthentication;
import java.net.URL; import java.net.URL;
import java.util.HashMap; import java.util.HashMap;
@ -67,10 +65,7 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone
* repeatedly, via the Authenticator. Default is false, which means that this * repeatedly, via the Authenticator. Default is false, which means that this
* behavior is switched off. * behavior is switched off.
*/ */
@SuppressWarnings("removal") static final boolean serializeAuth = Boolean.getBoolean("http.auth.serializeRequests");
static final boolean serializeAuth = java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction(
"http.auth.serializeRequests")).booleanValue();
/* AuthCacheValue: */ /* AuthCacheValue: */

10
src/java.base/share/classes/sun/net/www/protocol/http/BasicAuthentication.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -32,11 +32,8 @@ import java.net.PasswordAuthentication;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.nio.CharBuffer; import java.nio.CharBuffer;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Arrays; import java.util.Arrays;
import java.util.Base64; import java.util.Base64;
import java.util.Objects;
import sun.net.www.HeaderParser; import sun.net.www.HeaderParser;
import sun.nio.cs.ISO_8859_1; import sun.nio.cs.ISO_8859_1;
import sun.nio.cs.UTF_8; import sun.nio.cs.UTF_8;
@ -49,10 +46,7 @@ import sun.nio.cs.UTF_8;
*/ */
class BasicAuthentication extends AuthenticationInfo { final class BasicAuthentication extends AuthenticationInfo {
@java.io.Serial
private static final long serialVersionUID = 100L;
/** The authentication string for this host, port, and realm. This is /** The authentication string for this host, port, and realm. This is
a simple BASE64 encoding of "login:password". */ a simple BASE64 encoding of "login:password". */

28
src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -35,17 +35,13 @@ import java.nio.charset.CharacterCodingException;
import java.nio.charset.Charset; import java.nio.charset.Charset;
import java.nio.charset.CharsetEncoder; import java.nio.charset.CharsetEncoder;
import java.nio.charset.StandardCharsets; import java.nio.charset.StandardCharsets;
import java.security.AccessController;
import java.security.MessageDigest; import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.Security; import java.security.Security;
import java.text.Normalizer; import java.text.Normalizer;
import java.util.Arrays; import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet; import java.util.HashSet;
import java.util.Locale; import java.util.Locale;
import java.util.Objects;
import java.util.Random; import java.util.Random;
import java.util.Set; import java.util.Set;
import java.util.function.BiConsumer; import java.util.function.BiConsumer;
@ -65,10 +61,7 @@ import static sun.net.www.protocol.http.HttpURLConnection.HTTP_CONNECT;
* @author Bill Foote * @author Bill Foote
*/ */
class DigestAuthentication extends AuthenticationInfo { final class DigestAuthentication extends AuthenticationInfo {
@java.io.Serial
private static final long serialVersionUID = 100L;
private String authMethod; private String authMethod;
@ -110,26 +103,15 @@ class DigestAuthentication extends AuthenticationInfo {
HttpURLConnection.getHttpLogger(); HttpURLConnection.getHttpLogger();
static { static {
@SuppressWarnings("removal") Boolean b = NetProperties.getBoolean(compatPropName);
Boolean b = AccessController.doPrivileged(
(PrivilegedAction<Boolean>) () -> NetProperties.getBoolean(compatPropName)
);
delimCompatFlag = (b == null) ? false : b.booleanValue(); delimCompatFlag = (b == null) ? false : b.booleanValue();
@SuppressWarnings("removal") String secprops = Security.getProperty(secPropName);
String secprops = AccessController.doPrivileged(
(PrivilegedAction<String>) () -> Security.getProperty(secPropName)
);
Set<String> algs = new HashSet<>(); Set<String> algs = new HashSet<>();
// add the default insecure algorithms to set // add the default insecure algorithms to set
processPropValue(secprops, algs, (set, elem) -> set.add(elem)); processPropValue(secprops, algs, (set, elem) -> set.add(elem));
@SuppressWarnings("removal") String netprops = NetProperties.get(enabledAlgPropName);
String netprops = AccessController.doPrivileged(
(PrivilegedAction<String>) () -> NetProperties.get(enabledAlgPropName)
);
// remove any algorithms from disabled set that were opted-in by user // remove any algorithms from disabled set that were opted-in by user
processPropValue(netprops, algs, (set, elem) -> set.remove(elem)); processPropValue(netprops, algs, (set, elem) -> set.remove(elem));
disabledDigests = Set.copyOf(algs); disabledDigests = Set.copyOf(algs);

558
src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
View File

@ -25,7 +25,6 @@
package sun.net.www.protocol.http; package sun.net.www.protocol.http;
import java.security.PrivilegedAction;
import java.util.Arrays; import java.util.Arrays;
import java.net.URL; import java.net.URL;
import java.net.URLConnection; import java.net.URLConnection;
@ -37,7 +36,6 @@ import java.net.HttpCookie;
import java.net.InetAddress; import java.net.InetAddress;
import java.net.UnknownHostException; import java.net.UnknownHostException;
import java.net.SocketTimeoutException; import java.net.SocketTimeoutException;
import java.net.SocketPermission;
import java.net.Proxy; import java.net.Proxy;
import java.net.ProxySelector; import java.net.ProxySelector;
import java.net.URI; import java.net.URI;
@ -47,11 +45,7 @@ import java.net.ResponseCache;
import java.net.CacheResponse; import java.net.CacheResponse;
import java.net.SecureCacheResponse; import java.net.SecureCacheResponse;
import java.net.CacheRequest; import java.net.CacheRequest;
import java.net.URLPermission;
import java.net.Authenticator.RequestorType; import java.net.Authenticator.RequestorType;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.security.PrivilegedActionException;
import java.io.*; import java.io.*;
import java.util.ArrayList; import java.util.ArrayList;
import java.util.Collections; import java.util.Collections;
@ -81,7 +75,6 @@ import java.util.TimeZone;
import java.net.MalformedURLException; import java.net.MalformedURLException;
import java.nio.ByteBuffer; import java.nio.ByteBuffer;
import java.util.Objects; import java.util.Objects;
import java.util.Properties;
import java.util.concurrent.locks.ReentrantLock; import java.util.concurrent.locks.ReentrantLock;
import static sun.net.www.protocol.http.AuthScheme.BASIC; import static sun.net.www.protocol.http.AuthScheme.BASIC;
@ -90,8 +83,6 @@ import static sun.net.www.protocol.http.AuthScheme.NTLM;
import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE; import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
import static sun.net.www.protocol.http.AuthScheme.KERBEROS; import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
import static sun.net.www.protocol.http.AuthScheme.UNKNOWN; import static sun.net.www.protocol.http.AuthScheme.UNKNOWN;
import sun.security.action.GetIntegerAction;
import sun.security.action.GetPropertyAction;
/** /**
* A class to represent an HTTP connection to a remote object. * A class to represent an HTTP connection to a remote object.
@ -178,8 +169,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
* Restrict setting of request headers through the public api * Restrict setting of request headers through the public api
* consistent with JavaScript XMLHttpRequest2 with a few * consistent with JavaScript XMLHttpRequest2 with a few
* exceptions. Disallowed headers are silently ignored for * exceptions. Disallowed headers are silently ignored for
* backwards compatibility reasons rather than throwing a * backwards compatibility reasons. For example, some applets set the
* SecurityException. For example, some applets set the
* Host header since old JREs did not implement HTTP 1.1. * Host header since old JREs did not implement HTTP 1.1.
* Additionally, any header starting with Sec- is * Additionally, any header starting with Sec- is
* disallowed. * disallowed.
@ -222,12 +212,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
"Via" "Via"
}; };
@SuppressWarnings("removal")
private static String getNetProperty(String name) {
PrivilegedAction<String> pa = () -> NetProperties.get(name);
return AccessController.doPrivileged(pa);
}
private static Set<String> schemesListToSet(String list) { private static Set<String> schemesListToSet(String list) {
if (list == null || list.isEmpty()) if (list == null || list.isEmpty())
return Collections.emptySet(); return Collections.emptySet();
@ -240,11 +224,9 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
} }
static { static {
Properties props = GetPropertyAction.privilegedGetProperties(); maxRedirects = Integer.getInteger("http.maxRedirects", defaultmaxRedirects);
maxRedirects = GetIntegerAction.privilegedGetProperty( version = System.getProperty("java.version");
"http.maxRedirects", defaultmaxRedirects); String agent = System.getProperty("http.agent");
version = props.getProperty("java.version");
String agent = props.getProperty("http.agent");
if (agent == null) { if (agent == null) {
agent = "Java/"+version; agent = "Java/"+version;
} else { } else {
@ -254,34 +236,30 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
// A set of net properties to control the use of authentication schemes // A set of net properties to control the use of authentication schemes
// when proxying/tunneling. // when proxying/tunneling.
String p = getNetProperty("jdk.http.auth.tunneling.disabledSchemes"); String p = NetProperties.get("jdk.http.auth.tunneling.disabledSchemes");
disabledTunnelingSchemes = schemesListToSet(p); disabledTunnelingSchemes = schemesListToSet(p);
p = getNetProperty("jdk.http.auth.proxying.disabledSchemes"); p = NetProperties.get("jdk.http.auth.proxying.disabledSchemes");
disabledProxyingSchemes = schemesListToSet(p); disabledProxyingSchemes = schemesListToSet(p);
validateProxy = Boolean.parseBoolean( validateProxy = Boolean.getBoolean("http.auth.digest.validateProxy");
props.getProperty("http.auth.digest.validateProxy")); validateServer = Boolean.getBoolean("http.auth.digest.validateServer");
validateServer = Boolean.parseBoolean(
props.getProperty("http.auth.digest.validateServer"));
enableESBuffer = Boolean.parseBoolean( enableESBuffer = Boolean.getBoolean("sun.net.http.errorstream.enableBuffering");
props.getProperty("sun.net.http.errorstream.enableBuffering")); int esBufferTimeout = Integer.getInteger(
int esBufferTimeout = GetIntegerAction.privilegedGetProperty(
"sun.net.http.errorstream.timeout", 300); "sun.net.http.errorstream.timeout", 300);
if (esBufferTimeout <= 0) { if (esBufferTimeout <= 0) {
esBufferTimeout = 300; // use the default esBufferTimeout = 300; // use the default
} }
timeout4ESBuffer = esBufferTimeout; timeout4ESBuffer = esBufferTimeout;
int esBufSize = GetIntegerAction.privilegedGetProperty( int esBufSize = Integer.getInteger(
"sun.net.http.errorstream.bufferSize", 4096); "sun.net.http.errorstream.bufferSize", 4096);
if (esBufSize <= 0) { if (esBufSize <= 0) {
esBufSize = 4096; // use the default esBufSize = 4096; // use the default
} }
bufSize4ES = esBufSize; bufSize4ES = esBufSize;
allowRestrictedHeaders = Boolean.parseBoolean( allowRestrictedHeaders = Boolean.getBoolean("sun.net.http.allowRestrictedHeaders");
props.getProperty("sun.net.http.allowRestrictedHeaders"));
if (!allowRestrictedHeaders) { if (!allowRestrictedHeaders) {
restrictedHeaderSet = HashSet.newHashSet(restrictedHeaders.length); restrictedHeaderSet = HashSet.newHashSet(restrictedHeaders.length);
for (int i=0; i < restrictedHeaders.length; i++) { for (int i=0; i < restrictedHeaders.length; i++) {
@ -292,7 +270,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
} }
int defMaxHeaderSize = 384 * 1024; int defMaxHeaderSize = 384 * 1024;
String maxHeaderSizeStr = getNetProperty("jdk.http.maxHeaderSize"); String maxHeaderSizeStr = NetProperties.get("jdk.http.maxHeaderSize");
int maxHeaderSizeVal = defMaxHeaderSize; int maxHeaderSizeVal = defMaxHeaderSize;
if (maxHeaderSizeStr != null) { if (maxHeaderSizeStr != null) {
try { try {
@ -439,9 +417,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
private int connectTimeout = NetworkClient.DEFAULT_CONNECT_TIMEOUT; private int connectTimeout = NetworkClient.DEFAULT_CONNECT_TIMEOUT;
private int readTimeout = NetworkClient.DEFAULT_READ_TIMEOUT; private int readTimeout = NetworkClient.DEFAULT_READ_TIMEOUT;
/* A permission converted from a URLPermission */
private SocketPermission socketPermission;
/* Logging support */ /* Logging support */
private static final PlatformLogger logger = private static final PlatformLogger logger =
PlatformLogger.getLogger("sun.net.www.protocol.http.HttpURLConnection"); PlatformLogger.getLogger("sun.net.www.protocol.http.HttpURLConnection");
@ -462,36 +437,30 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
} }
/* /*
* privileged request password authentication * Calls Authenticator.requestPasswordAuthentication
* *
*/ */
@SuppressWarnings("removal") private static PasswordAuthentication requestPassword(
private static PasswordAuthentication final Authenticator authenticator,
privilegedRequestPasswordAuthentication( final String host,
final Authenticator authenticator, final InetAddress addr,
final String host, final int port,
final InetAddress addr, final String protocol,
final int port, final String prompt,
final String protocol, final String scheme,
final String prompt, final URL url,
final String scheme, final RequestorType authType) {
final URL url,
final RequestorType authType) { if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
return java.security.AccessController.doPrivileged( logger.finest("Requesting Authentication: host =" + host + " url = " + url);
new java.security.PrivilegedAction<>() { }
public PasswordAuthentication run() { PasswordAuthentication pass = Authenticator.requestPasswordAuthentication(
if (logger.isLoggable(PlatformLogger.Level.FINEST)) { authenticator, host, addr, port, protocol,
logger.finest("Requesting Authentication: host =" + host + " url = " + url); prompt, scheme, url, authType);
} if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
PasswordAuthentication pass = Authenticator.requestPasswordAuthentication( logger.finest("Authentication returned: " + (pass != null ? pass.toString() : "null"));
authenticator, host, addr, port, protocol, }
prompt, scheme, url, authType); return pass;
if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
logger.finest("Authentication returned: " + (pass != null ? pass.toString() : "null"));
}
return pass;
}
});
} }
private boolean isRestrictedHeader(String key, String value) { private boolean isRestrictedHeader(String key, String value) {
@ -640,7 +609,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
if (requestLineIndex != 0) { if (requestLineIndex != 0) {
// we expect the request line to be at index 0. we set it here // we expect the request line to be at index 0. we set it here
// if we don't find the request line at that index. // if we don't find the request line at that index.
checkURLFile();
requests.prepend(requestLine, null); requests.prepend(requestLine, null);
} }
if (!getUseCaches()) { if (!getUseCaches()) {
@ -654,9 +622,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
host += ":" + String.valueOf(port); host += ":" + String.valueOf(port);
} }
String reqHost = requests.findValue("Host"); String reqHost = requests.findValue("Host");
if (reqHost == null || if (reqHost == null || !reqHost.equalsIgnoreCase(host)) {
(!reqHost.equalsIgnoreCase(host) && !checkSetHost()))
{
requests.set("Host", host); requests.set("Host", host);
} }
requests.setIfNotSet("Accept", acceptString); requests.setIfNotSet("Accept", acceptString);
@ -776,47 +742,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
} }
} }
private boolean checkSetHost() {
@SuppressWarnings("removal")
SecurityManager s = System.getSecurityManager();
if (s != null) {
String name = s.getClass().getName();
if (name.equals("sun.plugin2.applet.AWTAppletSecurityManager") ||
name.equals("sun.plugin2.applet.FXAppletSecurityManager") ||
name.equals("com.sun.javaws.security.JavaWebStartSecurity") ||
name.equals("sun.plugin.security.ActivatorSecurityManager"))
{
int CHECK_SET_HOST = -2;
try {
s.checkConnect(url.toExternalForm(), CHECK_SET_HOST);
} catch (SecurityException ex) {
return false;
}
}
}
return true;
}
private void checkURLFile() {
@SuppressWarnings("removal")
SecurityManager s = System.getSecurityManager();
if (s != null) {
String name = s.getClass().getName();
if (name.equals("sun.plugin2.applet.AWTAppletSecurityManager") ||
name.equals("sun.plugin2.applet.FXAppletSecurityManager") ||
name.equals("com.sun.javaws.security.JavaWebStartSecurity") ||
name.equals("sun.plugin.security.ActivatorSecurityManager"))
{
int CHECK_SUBPATH = -3;
try {
s.checkConnect(url.toExternalForm(), CHECK_SUBPATH);
} catch (SecurityException ex) {
throw new SecurityException("denied access outside a permitted URL subpath", ex);
}
}
}
}
/** /**
* Create a new HttpClient object, bypassing the cache of * Create a new HttpClient object, bypassing the cache of
* HTTP client objects/connections. * HTTP client objects/connections.
@ -922,7 +847,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
return u; return u;
} }
@SuppressWarnings("removal")
protected HttpURLConnection(URL u, Proxy p, Handler handler) protected HttpURLConnection(URL u, Proxy p, Handler handler)
throws IOException { throws IOException {
super(checkURL(u)); super(checkURL(u));
@ -931,119 +855,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
userHeaders = new MessageHeader(); userHeaders = new MessageHeader();
this.handler = handler; this.handler = handler;
instProxy = p; instProxy = p;
if (instProxy instanceof sun.net.ApplicationProxy) { cookieHandler = CookieHandler.getDefault();
/* Application set Proxies should not have access to cookies cacheHandler = ResponseCache.getDefault();
* in a secure environment unless explicitly allowed. */
try {
cookieHandler = CookieHandler.getDefault();
} catch (SecurityException se) { /* swallow exception */ }
} else {
cookieHandler = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public CookieHandler run() {
return CookieHandler.getDefault();
}
});
}
cacheHandler = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public ResponseCache run() {
return ResponseCache.getDefault();
}
});
}
/**
* opens a stream allowing redirects only to the same host.
*/
public static InputStream openConnectionCheckRedirects(URLConnection c)
throws IOException
{
boolean redir;
int redirects = 0;
InputStream in;
Authenticator a = null;
do {
if (c instanceof HttpURLConnection) {
((HttpURLConnection) c).setInstanceFollowRedirects(false);
if (a == null) {
a = ((HttpURLConnection) c).authenticator;
}
}
// We want to open the input stream before
// getting headers, because getHeaderField()
// et al swallow IOExceptions.
in = c.getInputStream();
redir = false;
if (c instanceof HttpURLConnection) {
HttpURLConnection http = (HttpURLConnection) c;
int stat = http.getResponseCode();
if (stat >= 300 && stat <= 307 && stat != 306 &&
stat != HttpURLConnection.HTTP_NOT_MODIFIED) {
URL base = http.getURL();
String loc = http.getHeaderField("Location");
URL target = null;
if (loc != null) {
target = newURL(base, loc);
}
http.disconnect();
if (target == null
|| !base.getProtocol().equals(target.getProtocol())
|| base.getPort() != target.getPort()
|| !hostsEqual(base, target)
|| redirects >= 5)
{
throw new SecurityException("illegal URL redirect");
}
redir = true;
c = target.openConnection();
if (a != null && c instanceof HttpURLConnection) {
((HttpURLConnection)c).setAuthenticator(a);
}
redirects++;
}
}
} while (redir);
return in;
}
//
// Same as java.net.URL.hostsEqual
//
@SuppressWarnings("removal")
private static boolean hostsEqual(URL u1, URL u2) {
final String h1 = u1.getHost();
final String h2 = u2.getHost();
if (h1 == null) {
return h2 == null;
} else if (h2 == null) {
return false;
} else if (h1.equalsIgnoreCase(h2)) {
return true;
}
// Have to resolve addresses before comparing, otherwise
// names like tachyon and tachyon.eng would compare different
final boolean result[] = {false};
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public Void run() {
try {
InetAddress a1 = InetAddress.getByName(h1);
InetAddress a2 = InetAddress.getByName(h2);
result[0] = a1.equals(a2);
} catch(UnknownHostException | SecurityException e) {
}
return null;
}
});
return result[0];
} }
// overridden in HTTPS subclass // overridden in HTTPS subclass
@ -1073,34 +886,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
return false; return false;
} }
@SuppressWarnings("removal")
private String getHostAndPort(URL url) {
String host = url.getHost();
final String hostarg = host;
try {
// lookup hostname and use IP address if available
host = AccessController.doPrivileged(
new PrivilegedExceptionAction<>() {
public String run() throws IOException {
InetAddress addr = InetAddress.getByName(hostarg);
return addr.getHostAddress();
}
}
);
} catch (PrivilegedActionException e) {}
int port = url.getPort();
if (port == -1) {
String scheme = url.getProtocol();
if ("http".equals(scheme)) {
return host + ":80";
} else { // scheme must be https
return host + ":443";
}
}
return host + ":" + Integer.toString(port);
}
@SuppressWarnings("removal")
protected void plainConnect() throws IOException { protected void plainConnect() throws IOException {
lock(); lock();
try { try {
@ -1110,66 +895,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
} finally { } finally {
unlock(); unlock();
} }
SocketPermission p = URLtoSocketPermission(this.url); plainConnect0();
if (p != null) {
try {
AccessController.doPrivilegedWithCombiner(
new PrivilegedExceptionAction<>() {
public Void run() throws IOException {
plainConnect0();
return null;
}
}, null, p
);
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
}
} else {
// run without additional permission
plainConnect0();
}
}
/**
* if the caller has a URLPermission for connecting to the
* given URL, then return a SocketPermission which permits
* access to that destination. Return null otherwise. The permission
* is cached in a field (which can only be changed by redirects)
*/
SocketPermission URLtoSocketPermission(URL url) throws IOException {
if (socketPermission != null) {
return socketPermission;
}
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
return null;
}
// the permission, which we might grant
SocketPermission newPerm = new SocketPermission(
getHostAndPort(url), "connect"
);
String actions = getRequestMethod()+":" +
getUserSetHeaders().getHeaderNamesInList();
String urlstring = url.getProtocol() + "://" + url.getAuthority()
+ url.getPath();
URLPermission p = new URLPermission(urlstring, actions);
try {
sm.checkPermission(p);
socketPermission = newPerm;
return socketPermission;
} catch (SecurityException e) {
// fall thru
}
return null;
} }
protected void plainConnect0() throws IOException { protected void plainConnect0() throws IOException {
@ -1215,14 +941,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
/** /**
* Do we have to use a proxy? * Do we have to use a proxy?
*/ */
@SuppressWarnings("removal") final ProxySelector sel = ProxySelector.getDefault();
ProxySelector sel =
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public ProxySelector run() {
return ProxySelector.getDefault();
}
});
if (sel != null) { if (sel != null) {
URI uri = sun.net.www.ParseUtil.toURI(url); URI uri = sun.net.www.ParseUtil.toURI(url);
if (logger.isLoggable(PlatformLogger.Level.FINEST)) { if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
@ -1399,29 +1118,12 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
* - get input, [read input,] get output, [write output] * - get input, [read input,] get output, [write output]
*/ */
@SuppressWarnings("removal")
@Override @Override
public OutputStream getOutputStream() throws IOException { public OutputStream getOutputStream() throws IOException {
lock(); lock();
try { try {
connecting = true; connecting = true;
SocketPermission p = URLtoSocketPermission(this.url); return getOutputStream0();
if (p != null) {
try {
return AccessController.doPrivilegedWithCombiner(
new PrivilegedExceptionAction<>() {
public OutputStream run() throws IOException {
return getOutputStream0();
}
}, null, p
);
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
}
} else {
return getOutputStream0();
}
} finally { } finally {
unlock(); unlock();
} }
@ -1591,29 +1293,12 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
} // end of getting cookies } // end of getting cookies
} }
@SuppressWarnings("removal")
@Override @Override
public InputStream getInputStream() throws IOException { public InputStream getInputStream() throws IOException {
lock(); lock();
try { try {
connecting = true; connecting = true;
SocketPermission p = URLtoSocketPermission(this.url); return getInputStream0();
if (p != null) {
try {
return AccessController.doPrivilegedWithCombiner(
new PrivilegedExceptionAction<>() {
public InputStream run() throws IOException {
return getInputStream0();
}
}, null, p
);
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
}
} else {
return getInputStream0();
}
} finally { } finally {
unlock(); unlock();
} }
@ -2060,17 +1745,9 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
private IOException getChainedException(final IOException rememberedException) { private IOException getChainedException(final IOException rememberedException) {
try { try {
final Object[] args = { rememberedException.getMessage() }; final Object[] args = { rememberedException.getMessage() };
@SuppressWarnings("removal") IOException chainedException = rememberedException.getClass()
IOException chainedException = .getConstructor(new Class<?>[] { String.class })
java.security.AccessController.doPrivileged( .newInstance(args);
new java.security.PrivilegedExceptionAction<>() {
public IOException run() throws Exception {
return (IOException)
rememberedException.getClass()
.getConstructor(new Class<?>[] { String.class })
.newInstance(args);
}
});
chainedException.initCause(rememberedException); chainedException.initCause(rememberedException);
return chainedException; return chainedException;
} catch (Exception ignored) { } catch (Exception ignored) {
@ -2392,7 +2069,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
* Gets the authentication for an HTTP proxy, and applies it to * Gets the authentication for an HTTP proxy, and applies it to
* the connection. * the connection.
*/ */
@SuppressWarnings({"removal","fallthrough"}) @SuppressWarnings("fallthrough")
private AuthenticationInfo getHttpProxyAuthentication(AuthenticationHeader authhdr) private AuthenticationInfo getHttpProxyAuthentication(AuthenticationHeader authhdr)
throws IOException { throws IOException {
@ -2430,44 +2107,40 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
proxyAuthKey = AuthenticationInfo.getProxyAuthKey(host, port, realm, authScheme); proxyAuthKey = AuthenticationInfo.getProxyAuthKey(host, port, realm, authScheme);
ret = AuthenticationInfo.getProxyAuth(proxyAuthKey, authCache); ret = AuthenticationInfo.getProxyAuth(proxyAuthKey, authCache);
if (ret == null) { if (ret == null) {
switch (authScheme) { ret = switch (authScheme) {
case BASIC: case BASIC -> {
InetAddress addr = null; InetAddress addr = null;
try { try {
final String finalHost = host; addr = InetAddress.getByName(host);
addr = java.security.AccessController.doPrivileged( } catch (UnknownHostException uhe) {
new java.security.PrivilegedExceptionAction<>() { // Ignore the exception. The Authenticator instance will
public InetAddress run() // be passed a null InetAddress when requesting a password from the
throws java.net.UnknownHostException { // Authenticator.
return InetAddress.getByName(finalHost); }
} final PasswordAuthentication a = requestPassword(authenticator,
}); host, addr, port, "http",
} catch (java.security.PrivilegedActionException ignored) { realm, scheme, url, RequestorType.PROXY);
// User will have an unknown host. if (a != null) {
yield new BasicAuthentication(true, host, port, realm, a, isUTF8);
}
yield null;
} }
PasswordAuthentication a = case DIGEST -> {
privilegedRequestPasswordAuthentication( final PasswordAuthentication a = requestPassword(authenticator,
authenticator, host, null, port, url.getProtocol(),
host, addr, port, "http", realm, scheme, url, RequestorType.PROXY);
realm, scheme, url, RequestorType.PROXY); if (a != null) {
if (a != null) { DigestAuthentication.Parameters params =
ret = new BasicAuthentication(true, host, port, realm, a, isUTF8); new DigestAuthentication.Parameters();
yield new DigestAuthentication(true, host, port, realm,
scheme, a, params);
}
yield null;
} }
break; case NTLM -> {
case DIGEST: if (!NTLMAuthenticationProxy.supported) {
a = privilegedRequestPasswordAuthentication( yield null;
authenticator, }
host, null, port, url.getProtocol(),
realm, scheme, url, RequestorType.PROXY);
if (a != null) {
DigestAuthentication.Parameters params =
new DigestAuthentication.Parameters();
ret = new DigestAuthentication(true, host, port, realm,
scheme, a, params);
}
break;
case NTLM:
if (NTLMAuthenticationProxy.supported) {
/* tryTransparentNTLMProxy will always be true the first /* tryTransparentNTLMProxy will always be true the first
* time around, but verify that the platform supports it * time around, but verify that the platform supports it
* otherwise don't try. */ * otherwise don't try. */
@ -2484,14 +2157,14 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
} }
} }
a = null; PasswordAuthentication a = null;
if (tryTransparentNTLMProxy) { if (tryTransparentNTLMProxy) {
logger.finest("Trying Transparent NTLM authentication"); logger.finest("Trying Transparent NTLM authentication");
} else { } else {
a = privilegedRequestPasswordAuthentication( a = requestPassword(
authenticator, authenticator,
host, null, port, url.getProtocol(), host, null, port, url.getProtocol(),
"", scheme, url, RequestorType.PROXY); "", scheme, url, RequestorType.PROXY);
validateNTLMCredentials(a); validateNTLMCredentials(a);
} }
/* If we are not trying transparent authentication then /* If we are not trying transparent authentication then
@ -2500,29 +2173,27 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
* and password will be picked up from the current logged * and password will be picked up from the current logged
* on users credentials. * on users credentials.
*/ */
AuthenticationInfo authInfo = null;
if (tryTransparentNTLMProxy || if (tryTransparentNTLMProxy ||
(!tryTransparentNTLMProxy && a != null)) { (!tryTransparentNTLMProxy && a != null)) {
ret = NTLMAuthenticationProxy.proxy.create(true, host, port, a); authInfo = NTLMAuthenticationProxy.proxy.create(true, host, port, a);
} }
/* set to false so that we do not try again */ /* set to false so that we do not try again */
tryTransparentNTLMProxy = false; tryTransparentNTLMProxy = false;
yield authInfo;
} }
break; case NEGOTIATE ->
case NEGOTIATE: new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Negotiate"));
ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Negotiate")); case KERBEROS ->
break; new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Kerberos"));
case KERBEROS: case UNKNOWN -> {
ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Kerberos")); if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
break; logger.finest("Unknown/Unsupported authentication scheme: " + scheme);
case UNKNOWN: }
if (logger.isLoggable(PlatformLogger.Level.FINEST)) { yield null;
logger.finest("Unknown/Unsupported authentication scheme: " + scheme);
} }
/*fall through*/ };
default:
throw new AssertionError("should not reach here");
}
} }
if (ret != null) { if (ret != null) {
if (!ret.setHeaders(this, p, raw)) { if (!ret.setHeaders(this, p, raw)) {
@ -2604,7 +2275,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
break; break;
case BASIC: case BASIC:
PasswordAuthentication a = PasswordAuthentication a =
privilegedRequestPasswordAuthentication( requestPassword(
authenticator, authenticator,
url.getHost(), addr, port, url.getProtocol(), url.getHost(), addr, port, url.getProtocol(),
realm, scheme, url, RequestorType.SERVER); realm, scheme, url, RequestorType.SERVER);
@ -2613,7 +2284,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
} }
break; break;
case DIGEST: case DIGEST:
a = privilegedRequestPasswordAuthentication( a = requestPassword(
authenticator, authenticator,
url.getHost(), addr, port, url.getProtocol(), url.getHost(), addr, port, url.getProtocol(),
realm, scheme, url, RequestorType.SERVER); realm, scheme, url, RequestorType.SERVER);
@ -2650,7 +2321,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
if (tryTransparentNTLMServer) { if (tryTransparentNTLMServer) {
logger.finest("Trying Transparent NTLM authentication"); logger.finest("Trying Transparent NTLM authentication");
} else { } else {
a = privilegedRequestPasswordAuthentication( a = requestPassword(
authenticator, authenticator,
url.getHost(), addr, port, url.getProtocol(), url.getHost(), addr, port, url.getProtocol(),
"", scheme, url, RequestorType.SERVER); "", scheme, url, RequestorType.SERVER);
@ -2753,7 +2424,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
* resets the url, re-connects, and resets the request * resets the url, re-connects, and resets the request
* property. * property.
*/ */
@SuppressWarnings("removal")
private boolean followRedirect() throws IOException { private boolean followRedirect() throws IOException {
if (!getInstanceFollowRedirects()) { if (!getInstanceFollowRedirects()) {
return false; return false;
@ -2783,27 +2453,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
// treat loc as a relative URI to conform to popular browsers // treat loc as a relative URI to conform to popular browsers
locUrl = newURL(url, loc); locUrl = newURL(url, loc);
} }
return followRedirect0(loc, stat, locUrl);
final URL locUrl0 = locUrl;
socketPermission = null; // force recalculation
SocketPermission p = URLtoSocketPermission(locUrl);
if (p != null) {
try {
return AccessController.doPrivilegedWithCombiner(
new PrivilegedExceptionAction<>() {
public Boolean run() throws IOException {
return followRedirect0(loc, stat, locUrl0);
}
}, null, p
);
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
}
} else {
// run without additional permission
return followRedirect0(loc, stat, locUrl);
}
} }
/* Tells us whether to follow a redirect. If so, it /* Tells us whether to follow a redirect. If so, it
@ -2838,12 +2488,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
String proxyHost = locUrl.getHost(); String proxyHost = locUrl.getHost();
int proxyPort = locUrl.getPort(); int proxyPort = locUrl.getPort();
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkConnect(proxyHost, proxyPort);
}
setProxiedClient (url, proxyHost, proxyPort); setProxiedClient (url, proxyHost, proxyPort);
requests.set(0, method + " " + getRequestURI()+" " + requests.set(0, method + " " + getRequestURI()+" " +
httpVersion, null); httpVersion, null);

14
src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java
View File

@ -36,7 +36,6 @@ import java.util.concurrent.locks.ReentrantLock;
import sun.net.www.HeaderParser; import sun.net.www.HeaderParser;
import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE; import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
import static sun.net.www.protocol.http.AuthScheme.KERBEROS; import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
import sun.security.action.GetPropertyAction;
/** /**
* NegotiateAuthentication: * NegotiateAuthentication:
@ -45,10 +44,7 @@ import sun.security.action.GetPropertyAction;
* @since 1.6 * @since 1.6
*/ */
class NegotiateAuthentication extends AuthenticationInfo { final class NegotiateAuthentication extends AuthenticationInfo {
@java.io.Serial
private static final long serialVersionUID = 100L;
private final HttpCallerInfo hci; private final HttpCallerInfo hci;
@ -61,14 +57,6 @@ class NegotiateAuthentication extends AuthenticationInfo {
static ThreadLocal <HashMap <String, Negotiator>> cache = null; static ThreadLocal <HashMap <String, Negotiator>> cache = null;
private static final ReentrantLock negotiateLock = new ReentrantLock(); private static final ReentrantLock negotiateLock = new ReentrantLock();
/* Whether cache is enabled for Negotiate/Kerberos */
private static final boolean cacheSPNEGO;
static {
String spnegoCacheProp =
GetPropertyAction.privilegedGetProperty("jdk.spnego.cache", "true");
cacheSPNEGO = Boolean.parseBoolean(spnegoCacheProp);
}
// The HTTP Negotiate Helper // The HTTP Negotiate Helper
private Negotiator negotiator = null; private Negotiator negotiator = null;

122
src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2001, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -30,7 +30,6 @@ import java.io.IOException;
import java.io.UnsupportedEncodingException; import java.io.UnsupportedEncodingException;
import java.io.PrintStream; import java.io.PrintStream;
import java.io.BufferedOutputStream; import java.io.BufferedOutputStream;
import java.net.InetAddress;
import java.net.Socket; import java.net.Socket;
import java.net.SocketException; import java.net.SocketException;
import java.net.URL; import java.net.URL;
@ -48,7 +47,6 @@ import javax.net.ssl.*;
import sun.net.www.http.HttpClient; import sun.net.www.http.HttpClient;
import sun.net.www.protocol.http.AuthCacheImpl; import sun.net.www.protocol.http.AuthCacheImpl;
import sun.net.www.protocol.http.HttpURLConnection; import sun.net.www.protocol.http.HttpURLConnection;
import sun.security.action.*;
import sun.security.util.HostnameChecker; import sun.security.util.HostnameChecker;
import sun.security.ssl.SSLSocketImpl; import sun.security.ssl.SSLSocketImpl;
@ -138,10 +136,8 @@ final class HttpsClient extends HttpClient
// //
// If ciphers are assigned, sort them into an array. // If ciphers are assigned, sort them into an array.
// //
String ciphers []; String[] ciphers;
String cipherString = String cipherString = System.getProperty("https.cipherSuites");
GetPropertyAction.privilegedGetProperty("https.cipherSuites");
if (cipherString == null || cipherString.isEmpty()) { if (cipherString == null || cipherString.isEmpty()) {
ciphers = null; ciphers = null;
} else { } else {
@ -162,10 +158,8 @@ final class HttpsClient extends HttpClient
// //
// If protocols are assigned, sort them into an array. // If protocols are assigned, sort them into an array.
// //
String protocols []; String[] protocols;
String protocolString = String protocolString = System.getProperty("https.protocols");
GetPropertyAction.privilegedGetProperty("https.protocols");
if (protocolString == null || protocolString.isEmpty()) { if (protocolString == null || protocolString.isEmpty()) {
protocols = null; protocols = null;
} else { } else {
@ -183,65 +177,12 @@ final class HttpsClient extends HttpClient
return protocols; return protocols;
} }
private String getUserAgent() {
String userAgent =
GetPropertyAction.privilegedGetProperty("https.agent");
if (userAgent == null || userAgent.isEmpty()) {
userAgent = "JSSE";
}
return userAgent;
}
// CONSTRUCTOR, FACTORY // CONSTRUCTOR, FACTORY
/** /**
* Create an HTTPS client URL. Traffic will be tunneled through any * Create an HTTPS client URL. Traffic will be tunneled through
* intermediate nodes rather than proxied, so that confidentiality
* of data exchanged can be preserved. However, note that all the
* anonymous SSL flavors are subject to "person-in-the-middle"
* attacks against confidentiality. If you enable use of those
* flavors, you may be giving up the protection you get through
* SSL tunneling.
*
* Use New to get new HttpsClient. This constructor is meant to be
* used only by New method. New properly checks for URL spoofing.
*
* @param url https URL with which a connection must be established
*/
private HttpsClient(SSLSocketFactory sf, URL url)
throws IOException
{
// HttpClient-level proxying is always disabled,
// because we override doConnect to do tunneling instead.
this(sf, url, (String)null, -1);
}
/**
* Create an HTTPS client URL. Traffic will be tunneled through
* the specified proxy server.
*/
HttpsClient(SSLSocketFactory sf, URL url, String proxyHost, int proxyPort)
throws IOException {
this(sf, url, proxyHost, proxyPort, -1);
}
/**
* Create an HTTPS client URL. Traffic will be tunneled through
* the specified proxy server, with a connect timeout * the specified proxy server, with a connect timeout
*/ */
HttpsClient(SSLSocketFactory sf, URL url, String proxyHost, int proxyPort,
int connectTimeout)
throws IOException {
this(sf, url,
(proxyHost == null? null:
HttpClient.newHttpProxy(proxyHost, proxyPort, "https")),
connectTimeout);
}
/**
* Same as previous constructor except using a Proxy
*/
HttpsClient(SSLSocketFactory sf, URL url, Proxy proxy, HttpsClient(SSLSocketFactory sf, URL url, Proxy proxy,
int connectTimeout) int connectTimeout)
throws IOException { throws IOException {
@ -268,37 +209,6 @@ final class HttpsClient extends HttpClient
// This code largely ripped off from HttpClient.New, and // This code largely ripped off from HttpClient.New, and
// it uses the same keepalive cache. // it uses the same keepalive cache.
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv,
HttpURLConnection httpuc)
throws IOException {
return HttpsClient.New(sf, url, hv, true, httpuc);
}
/** See HttpClient for the model for this method. */
static HttpClient New(SSLSocketFactory sf, URL url,
HostnameVerifier hv, boolean useCache,
HttpURLConnection httpuc) throws IOException {
return HttpsClient.New(sf, url, hv, (String)null, -1, useCache, httpuc);
}
/**
* Get a HTTPS client to the URL. Traffic will be tunneled through
* the specified proxy server.
*/
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv,
String proxyHost, int proxyPort,
HttpURLConnection httpuc) throws IOException {
return HttpsClient.New(sf, url, hv, proxyHost, proxyPort, true, httpuc);
}
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv,
String proxyHost, int proxyPort, boolean useCache,
HttpURLConnection httpuc)
throws IOException {
return HttpsClient.New(sf, url, hv, proxyHost, proxyPort, useCache, -1,
httpuc);
}
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv, static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv,
String proxyHost, int proxyPort, boolean useCache, String proxyHost, int proxyPort, boolean useCache,
int connectTimeout, HttpURLConnection httpuc) int connectTimeout, HttpURLConnection httpuc)
@ -379,15 +289,6 @@ final class HttpsClient extends HttpClient
ret.authcache = httpuc.getAuthCache(); ret.authcache = httpuc.getAuthCache();
} }
} else { } else {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
if (ret.proxy == Proxy.NO_PROXY || ret.proxy == null) {
security.checkConnect(InetAddress.getByName(url.getHost()).getHostAddress(), url.getPort());
} else {
security.checkConnect(url.getHost(), url.getPort());
}
}
ret.url = url; ret.url = url;
} }
ret.setHostnameVerifier(hv); ret.setHostnameVerifier(hv);
@ -395,22 +296,17 @@ final class HttpsClient extends HttpClient
return ret; return ret;
} }
// METHODS private void setHostnameVerifier(HostnameVerifier hv) {
void setHostnameVerifier(HostnameVerifier hv) {
this.hv = hv; this.hv = hv;
} }
void setSSLSocketFactory(SSLSocketFactory sf) { private void setSSLSocketFactory(SSLSocketFactory sf) {
sslSocketFactory = sf; sslSocketFactory = sf;
} }
SSLSocketFactory getSSLSocketFactory() {
return sslSocketFactory;
}
/** /**
* The following method, createSocket, is defined in NetworkClient * The following method, createSocket, is defined in NetworkClient
* and overridden here so that the socket facroty is used to create * and overridden here so that the socket factory is used to create
* new sockets. * new sockets.
*/ */
@Override @Override

4
src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
View File

@ -35,7 +35,6 @@ import java.net.URL;
import java.security.GeneralSecurityException; import java.security.GeneralSecurityException;
import java.util.Base64; import java.util.Base64;
import java.util.Locale; import java.util.Locale;
import java.util.Objects;
import java.util.Properties; import java.util.Properties;
import sun.net.www.HeaderParser; import sun.net.www.HeaderParser;
@ -70,8 +69,7 @@ import sun.security.action.GetPropertyAction;
* through a proxy, rather between client and proxy, or between client and server (with no proxy) * through a proxy, rather between client and proxy, or between client and server (with no proxy)
*/ */
public class NTLMAuthentication extends AuthenticationInfo { public final class NTLMAuthentication extends AuthenticationInfo {
private static final long serialVersionUID = 170L;
private static final NTLMAuthenticationCallback NTLMAuthCallback = private static final NTLMAuthenticationCallback NTLMAuthCallback =
NTLMAuthenticationCallback.getNTLMAuthenticationCallback(); NTLMAuthenticationCallback.getNTLMAuthenticationCallback();

48
src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved. * Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
* *
* This code is free software; you can redistribute it and/or modify it * This code is free software; you can redistribute it and/or modify it
@ -31,14 +31,11 @@ import java.net.PasswordAuthentication;
import java.net.UnknownHostException; import java.net.UnknownHostException;
import java.net.URL; import java.net.URL;
import java.util.Locale; import java.util.Locale;
import java.util.Objects;
import java.util.Properties;
import sun.net.NetProperties; import sun.net.NetProperties;
import sun.net.www.HeaderParser; import sun.net.www.HeaderParser;
import sun.net.www.protocol.http.AuthenticationInfo; import sun.net.www.protocol.http.AuthenticationInfo;
import sun.net.www.protocol.http.AuthScheme; import sun.net.www.protocol.http.AuthScheme;
import sun.net.www.protocol.http.HttpURLConnection; import sun.net.www.protocol.http.HttpURLConnection;
import sun.security.action.GetPropertyAction;
/** /**
* NTLMAuthentication: * NTLMAuthentication:
@ -46,14 +43,11 @@ import sun.security.action.GetPropertyAction;
* @author Michael McMahon * @author Michael McMahon
*/ */
public class NTLMAuthentication extends AuthenticationInfo { public final class NTLMAuthentication extends AuthenticationInfo {
private static final long serialVersionUID = 100L;
private static final NTLMAuthenticationCallback NTLMAuthCallback = private static final NTLMAuthenticationCallback NTLMAuthCallback =
NTLMAuthenticationCallback.getNTLMAuthenticationCallback(); NTLMAuthenticationCallback.getNTLMAuthenticationCallback();
private String hostname;
/* Domain to use if not specified by user */ /* Domain to use if not specified by user */
private static final String defaultDomain; private static final String defaultDomain;
/* Whether cache is enabled for NTLM */ /* Whether cache is enabled for NTLM */
@ -68,18 +62,10 @@ public class NTLMAuthentication extends AuthenticationInfo {
private static final TransparentAuth authMode; private static final TransparentAuth authMode;
static { static {
Properties props = GetPropertyAction.privilegedGetProperties(); defaultDomain = System.getProperty("http.auth.ntlm.domain", "domain");
defaultDomain = props.getProperty("http.auth.ntlm.domain", "domain"); String ntlmCacheProp = System.getProperty("jdk.ntlm.cache", "true");
String ntlmCacheProp = props.getProperty("jdk.ntlm.cache", "true");
ntlmCache = Boolean.parseBoolean(ntlmCacheProp); ntlmCache = Boolean.parseBoolean(ntlmCacheProp);
@SuppressWarnings("removal") String modeProp = NetProperties.get("jdk.http.ntlm.transparentAuth");
String modeProp = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
public String run() {
return NetProperties.get("jdk.http.ntlm.transparentAuth");
}
});
if ("trustedHosts".equalsIgnoreCase(modeProp)) if ("trustedHosts".equalsIgnoreCase(modeProp))
authMode = TransparentAuth.TRUSTED_HOSTS; authMode = TransparentAuth.TRUSTED_HOSTS;
else if ("allHosts".equalsIgnoreCase(modeProp)) else if ("allHosts".equalsIgnoreCase(modeProp))
@ -88,27 +74,6 @@ public class NTLMAuthentication extends AuthenticationInfo {
authMode = TransparentAuth.DISABLED; authMode = TransparentAuth.DISABLED;
} }
@SuppressWarnings("removal")
private void init0() {
hostname = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
public String run() {
String localhost;
try {
localhost = InetAddress.getLocalHost().getHostName().toUpperCase(Locale.ROOT);
} catch (UnknownHostException e) {
localhost = "localhost";
}
return localhost;
}
});
int x = hostname.indexOf ('.');
if (x != -1) {
hostname = hostname.substring (0, x);
}
}
String username; String username;
String ntdomain; String ntdomain;
String password; String password;
@ -147,7 +112,6 @@ public class NTLMAuthentication extends AuthenticationInfo {
ntdomain = null; ntdomain = null;
password = null; password = null;
} }
init0();
} }
/** /**