stan/jdk-24
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

8344190: Cleanup code in sun.net.www.protocol.http and sun.net.www.protocol.https after JEP 486 integration

Browse Source 
Reviewed-by: dfuchs
This commit is contained in:
Jaikiran Pai 2024-11-20 12:29:32 +00:00
parent 7bb4474d81
commit 6f4dfa6626
9 changed files with 129 additions and 669 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationHeader.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,7 +32,6 @@ import java.util.HashMap;
import java.util.Set;
import sun.net.www.*;
import sun.security.action.GetPropertyAction;
/**
* This class is used to parse the information in WWW-Authenticate: and Proxy-Authenticate:
@ -98,7 +97,7 @@ public class AuthenticationHeader {
}
static {
String pref = GetPropertyAction.privilegedGetProperty("http.auth.preference");
String pref = System.getProperty("http.auth.preference");
// http.auth.preference can be set to SPNEGO or Kerberos.
// In fact they means "Negotiate with SPNEGO" and "Negotiate with

9
src/java.base/share/classes/sun/net/www/protocol/http/AuthenticationInfo.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1995, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1995, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -25,8 +25,6 @@
package sun.net.www.protocol.http;
import java.io.IOException;
import java.io.ObjectInputStream;
import java.net.PasswordAuthentication;
import java.net.URL;
import java.util.HashMap;
@ -67,10 +65,7 @@ public abstract class AuthenticationInfo extends AuthCacheValue implements Clone
* repeatedly, via the Authenticator. Default is false, which means that this
* behavior is switched off.
*/
@SuppressWarnings("removal")
static final boolean serializeAuth = java.security.AccessController.doPrivileged(
new sun.security.action.GetBooleanAction(
"http.auth.serializeRequests")).booleanValue();
static final boolean serializeAuth = Boolean.getBoolean("http.auth.serializeRequests");
/* AuthCacheValue: */

10
src/java.base/share/classes/sun/net/www/protocol/http/BasicAuthentication.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -32,11 +32,8 @@ import java.net.PasswordAuthentication;
import java.nio.ByteBuffer;
import java.nio.CharBuffer;
import java.nio.charset.Charset;
import java.io.IOException;
import java.io.OutputStream;
import java.util.Arrays;
import java.util.Base64;
import java.util.Objects;
import sun.net.www.HeaderParser;
import sun.nio.cs.ISO_8859_1;
import sun.nio.cs.UTF_8;
@ -49,10 +46,7 @@ import sun.nio.cs.UTF_8;
*/
class BasicAuthentication extends AuthenticationInfo {
@java.io.Serial
private static final long serialVersionUID = 100L;
final class BasicAuthentication extends AuthenticationInfo {
/** The authentication string for this host, port, and realm. This is
a simple BASE64 encoding of "login:password". */

28
src/java.base/share/classes/sun/net/www/protocol/http/DigestAuthentication.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 1997, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 1997, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -35,17 +35,13 @@ import java.nio.charset.CharacterCodingException;
import java.nio.charset.Charset;
import java.nio.charset.CharsetEncoder;
import java.nio.charset.StandardCharsets;
import java.security.AccessController;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.PrivilegedAction;
import java.security.Security;
import java.text.Normalizer;
import java.util.Arrays;
import java.util.Collections;
import java.util.HashSet;
import java.util.Locale;
import java.util.Objects;
import java.util.Random;
import java.util.Set;
import java.util.function.BiConsumer;
@ -65,10 +61,7 @@ import static sun.net.www.protocol.http.HttpURLConnection.HTTP_CONNECT;
* @author Bill Foote
*/
class DigestAuthentication extends AuthenticationInfo {
@java.io.Serial
private static final long serialVersionUID = 100L;
final class DigestAuthentication extends AuthenticationInfo {
private String authMethod;
@ -110,26 +103,15 @@ class DigestAuthentication extends AuthenticationInfo {
HttpURLConnection.getHttpLogger();
static {
@SuppressWarnings("removal")
Boolean b = AccessController.doPrivileged(
(PrivilegedAction<Boolean>) () -> NetProperties.getBoolean(compatPropName)
);
Boolean b = NetProperties.getBoolean(compatPropName);
delimCompatFlag = (b == null) ? false : b.booleanValue();
@SuppressWarnings("removal")
String secprops = AccessController.doPrivileged(
(PrivilegedAction<String>) () -> Security.getProperty(secPropName)
);
String secprops = Security.getProperty(secPropName);
Set<String> algs = new HashSet<>();
// add the default insecure algorithms to set
processPropValue(secprops, algs, (set, elem) -> set.add(elem));
@SuppressWarnings("removal")
String netprops = AccessController.doPrivileged(
(PrivilegedAction<String>) () -> NetProperties.get(enabledAlgPropName)
);
String netprops = NetProperties.get(enabledAlgPropName);
// remove any algorithms from disabled set that were opted-in by user
processPropValue(netprops, algs, (set, elem) -> set.remove(elem));
disabledDigests = Set.copyOf(algs);

558
src/java.base/share/classes/sun/net/www/protocol/http/HttpURLConnection.java
View File

@ -25,7 +25,6 @@
package sun.net.www.protocol.http;
import java.security.PrivilegedAction;
import java.util.Arrays;
import java.net.URL;
import java.net.URLConnection;
@ -37,7 +36,6 @@ import java.net.HttpCookie;
import java.net.InetAddress;
import java.net.UnknownHostException;
import java.net.SocketTimeoutException;
import java.net.SocketPermission;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.URI;
@ -47,11 +45,7 @@ import java.net.ResponseCache;
import java.net.CacheResponse;
import java.net.SecureCacheResponse;
import java.net.CacheRequest;
import java.net.URLPermission;
import java.net.Authenticator.RequestorType;
import java.security.AccessController;
import java.security.PrivilegedExceptionAction;
import java.security.PrivilegedActionException;
import java.io.*;
import java.util.ArrayList;
import java.util.Collections;
@ -81,7 +75,6 @@ import java.util.TimeZone;
import java.net.MalformedURLException;
import java.nio.ByteBuffer;
import java.util.Objects;
import java.util.Properties;
import java.util.concurrent.locks.ReentrantLock;
import static sun.net.www.protocol.http.AuthScheme.BASIC;
@ -90,8 +83,6 @@ import static sun.net.www.protocol.http.AuthScheme.NTLM;
import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
import static sun.net.www.protocol.http.AuthScheme.UNKNOWN;
import sun.security.action.GetIntegerAction;
import sun.security.action.GetPropertyAction;
/**
* A class to represent an HTTP connection to a remote object.
@ -178,8 +169,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
* Restrict setting of request headers through the public api
* consistent with JavaScript XMLHttpRequest2 with a few
* exceptions. Disallowed headers are silently ignored for
* backwards compatibility reasons rather than throwing a
* SecurityException. For example, some applets set the
* backwards compatibility reasons. For example, some applets set the
* Host header since old JREs did not implement HTTP 1.1.
* Additionally, any header starting with Sec- is
* disallowed.
@ -222,12 +212,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
"Via"
};
@SuppressWarnings("removal")
private static String getNetProperty(String name) {
PrivilegedAction<String> pa = () -> NetProperties.get(name);
return AccessController.doPrivileged(pa);
}
private static Set<String> schemesListToSet(String list) {
if (list == null || list.isEmpty())
return Collections.emptySet();
@ -240,11 +224,9 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
}
static {
Properties props = GetPropertyAction.privilegedGetProperties();
maxRedirects = GetIntegerAction.privilegedGetProperty(
"http.maxRedirects", defaultmaxRedirects);
version = props.getProperty("java.version");
String agent = props.getProperty("http.agent");
maxRedirects = Integer.getInteger("http.maxRedirects", defaultmaxRedirects);
version = System.getProperty("java.version");
String agent = System.getProperty("http.agent");
if (agent == null) {
agent = "Java/"+version;
} else {
@ -254,34 +236,30 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
// A set of net properties to control the use of authentication schemes
// when proxying/tunneling.
String p = getNetProperty("jdk.http.auth.tunneling.disabledSchemes");
String p = NetProperties.get("jdk.http.auth.tunneling.disabledSchemes");
disabledTunnelingSchemes = schemesListToSet(p);
p = getNetProperty("jdk.http.auth.proxying.disabledSchemes");
p = NetProperties.get("jdk.http.auth.proxying.disabledSchemes");
disabledProxyingSchemes = schemesListToSet(p);
validateProxy = Boolean.parseBoolean(
props.getProperty("http.auth.digest.validateProxy"));
validateServer = Boolean.parseBoolean(
props.getProperty("http.auth.digest.validateServer"));
validateProxy = Boolean.getBoolean("http.auth.digest.validateProxy");
validateServer = Boolean.getBoolean("http.auth.digest.validateServer");
enableESBuffer = Boolean.parseBoolean(
props.getProperty("sun.net.http.errorstream.enableBuffering"));
int esBufferTimeout = GetIntegerAction.privilegedGetProperty(
enableESBuffer = Boolean.getBoolean("sun.net.http.errorstream.enableBuffering");
int esBufferTimeout = Integer.getInteger(
"sun.net.http.errorstream.timeout", 300);
if (esBufferTimeout <= 0) {
esBufferTimeout = 300; // use the default
}
timeout4ESBuffer = esBufferTimeout;
int esBufSize = GetIntegerAction.privilegedGetProperty(
int esBufSize = Integer.getInteger(
"sun.net.http.errorstream.bufferSize", 4096);
if (esBufSize <= 0) {
esBufSize = 4096; // use the default
}
bufSize4ES = esBufSize;
allowRestrictedHeaders = Boolean.parseBoolean(
props.getProperty("sun.net.http.allowRestrictedHeaders"));
allowRestrictedHeaders = Boolean.getBoolean("sun.net.http.allowRestrictedHeaders");
if (!allowRestrictedHeaders) {
restrictedHeaderSet = HashSet.newHashSet(restrictedHeaders.length);
for (int i=0; i < restrictedHeaders.length; i++) {
@ -292,7 +270,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
}
int defMaxHeaderSize = 384 * 1024;
String maxHeaderSizeStr = getNetProperty("jdk.http.maxHeaderSize");
String maxHeaderSizeStr = NetProperties.get("jdk.http.maxHeaderSize");
int maxHeaderSizeVal = defMaxHeaderSize;
if (maxHeaderSizeStr != null) {
try {
@ -439,9 +417,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
private int connectTimeout = NetworkClient.DEFAULT_CONNECT_TIMEOUT;
private int readTimeout = NetworkClient.DEFAULT_READ_TIMEOUT;
/* A permission converted from a URLPermission */
private SocketPermission socketPermission;
/* Logging support */
private static final PlatformLogger logger =
PlatformLogger.getLogger("sun.net.www.protocol.http.HttpURLConnection");
@ -462,36 +437,30 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
}
/*
* privileged request password authentication
* Calls Authenticator.requestPasswordAuthentication
*
*/
@SuppressWarnings("removal")
private static PasswordAuthentication
privilegedRequestPasswordAuthentication(
final Authenticator authenticator,
final String host,
final InetAddress addr,
final int port,
final String protocol,
final String prompt,
final String scheme,
final URL url,
final RequestorType authType) {
return java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public PasswordAuthentication run() {
if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
logger.finest("Requesting Authentication: host =" + host + " url = " + url);
}
PasswordAuthentication pass = Authenticator.requestPasswordAuthentication(
authenticator, host, addr, port, protocol,
prompt, scheme, url, authType);
if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
logger.finest("Authentication returned: " + (pass != null ? pass.toString() : "null"));
}
return pass;
}
});
private static PasswordAuthentication requestPassword(
final Authenticator authenticator,
final String host,
final InetAddress addr,
final int port,
final String protocol,
final String prompt,
final String scheme,
final URL url,
final RequestorType authType) {
if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
logger.finest("Requesting Authentication: host =" + host + " url = " + url);
}
PasswordAuthentication pass = Authenticator.requestPasswordAuthentication(
authenticator, host, addr, port, protocol,
prompt, scheme, url, authType);
if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
logger.finest("Authentication returned: " + (pass != null ? pass.toString() : "null"));
}
return pass;
}
private boolean isRestrictedHeader(String key, String value) {
@ -640,7 +609,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
if (requestLineIndex != 0) {
// we expect the request line to be at index 0. we set it here
// if we don't find the request line at that index.
checkURLFile();
requests.prepend(requestLine, null);
}
if (!getUseCaches()) {
@ -654,9 +622,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
host += ":" + String.valueOf(port);
}
String reqHost = requests.findValue("Host");
if (reqHost == null ||
(!reqHost.equalsIgnoreCase(host) && !checkSetHost()))
{
if (reqHost == null || !reqHost.equalsIgnoreCase(host)) {
requests.set("Host", host);
}
requests.setIfNotSet("Accept", acceptString);
@ -776,47 +742,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
}
}
private boolean checkSetHost() {
@SuppressWarnings("removal")
SecurityManager s = System.getSecurityManager();
if (s != null) {
String name = s.getClass().getName();
if (name.equals("sun.plugin2.applet.AWTAppletSecurityManager") ||
name.equals("sun.plugin2.applet.FXAppletSecurityManager") ||
name.equals("com.sun.javaws.security.JavaWebStartSecurity") ||
name.equals("sun.plugin.security.ActivatorSecurityManager"))
{
int CHECK_SET_HOST = -2;
try {
s.checkConnect(url.toExternalForm(), CHECK_SET_HOST);
} catch (SecurityException ex) {
return false;
}
}
}
return true;
}
private void checkURLFile() {
@SuppressWarnings("removal")
SecurityManager s = System.getSecurityManager();
if (s != null) {
String name = s.getClass().getName();
if (name.equals("sun.plugin2.applet.AWTAppletSecurityManager") ||
name.equals("sun.plugin2.applet.FXAppletSecurityManager") ||
name.equals("com.sun.javaws.security.JavaWebStartSecurity") ||
name.equals("sun.plugin.security.ActivatorSecurityManager"))
{
int CHECK_SUBPATH = -3;
try {
s.checkConnect(url.toExternalForm(), CHECK_SUBPATH);
} catch (SecurityException ex) {
throw new SecurityException("denied access outside a permitted URL subpath", ex);
}
}
}
}
/**
* Create a new HttpClient object, bypassing the cache of
* HTTP client objects/connections.
@ -922,7 +847,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
return u;
}
@SuppressWarnings("removal")
protected HttpURLConnection(URL u, Proxy p, Handler handler)
throws IOException {
super(checkURL(u));
@ -931,119 +855,8 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
userHeaders = new MessageHeader();
this.handler = handler;
instProxy = p;
if (instProxy instanceof sun.net.ApplicationProxy) {
/* Application set Proxies should not have access to cookies
* in a secure environment unless explicitly allowed. */
try {
cookieHandler = CookieHandler.getDefault();
} catch (SecurityException se) { /* swallow exception */ }
} else {
cookieHandler = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public CookieHandler run() {
return CookieHandler.getDefault();
}
});
}
cacheHandler = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public ResponseCache run() {
return ResponseCache.getDefault();
}
});
}
/**
* opens a stream allowing redirects only to the same host.
*/
public static InputStream openConnectionCheckRedirects(URLConnection c)
throws IOException
{
boolean redir;
int redirects = 0;
InputStream in;
Authenticator a = null;
do {
if (c instanceof HttpURLConnection) {
((HttpURLConnection) c).setInstanceFollowRedirects(false);
if (a == null) {
a = ((HttpURLConnection) c).authenticator;
}
}
// We want to open the input stream before
// getting headers, because getHeaderField()
// et al swallow IOExceptions.
in = c.getInputStream();
redir = false;
if (c instanceof HttpURLConnection) {
HttpURLConnection http = (HttpURLConnection) c;
int stat = http.getResponseCode();
if (stat >= 300 && stat <= 307 && stat != 306 &&
stat != HttpURLConnection.HTTP_NOT_MODIFIED) {
URL base = http.getURL();
String loc = http.getHeaderField("Location");
URL target = null;
if (loc != null) {
target = newURL(base, loc);
}
http.disconnect();
if (target == null
|| !base.getProtocol().equals(target.getProtocol())
|| base.getPort() != target.getPort()
|| !hostsEqual(base, target)
|| redirects >= 5)
{
throw new SecurityException("illegal URL redirect");
}
redir = true;
c = target.openConnection();
if (a != null && c instanceof HttpURLConnection) {
((HttpURLConnection)c).setAuthenticator(a);
}
redirects++;
}
}
} while (redir);
return in;
}
//
// Same as java.net.URL.hostsEqual
//
@SuppressWarnings("removal")
private static boolean hostsEqual(URL u1, URL u2) {
final String h1 = u1.getHost();
final String h2 = u2.getHost();
if (h1 == null) {
return h2 == null;
} else if (h2 == null) {
return false;
} else if (h1.equalsIgnoreCase(h2)) {
return true;
}
// Have to resolve addresses before comparing, otherwise
// names like tachyon and tachyon.eng would compare different
final boolean result[] = {false};
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public Void run() {
try {
InetAddress a1 = InetAddress.getByName(h1);
InetAddress a2 = InetAddress.getByName(h2);
result[0] = a1.equals(a2);
} catch(UnknownHostException | SecurityException e) {
}
return null;
}
});
return result[0];
cookieHandler = CookieHandler.getDefault();
cacheHandler = ResponseCache.getDefault();
}
// overridden in HTTPS subclass
@ -1073,34 +886,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
return false;
}
@SuppressWarnings("removal")
private String getHostAndPort(URL url) {
String host = url.getHost();
final String hostarg = host;
try {
// lookup hostname and use IP address if available
host = AccessController.doPrivileged(
new PrivilegedExceptionAction<>() {
public String run() throws IOException {
InetAddress addr = InetAddress.getByName(hostarg);
return addr.getHostAddress();
}
}
);
} catch (PrivilegedActionException e) {}
int port = url.getPort();
if (port == -1) {
String scheme = url.getProtocol();
if ("http".equals(scheme)) {
return host + ":80";
} else { // scheme must be https
return host + ":443";
}
}
return host + ":" + Integer.toString(port);
}
@SuppressWarnings("removal")
protected void plainConnect() throws IOException {
lock();
try {
@ -1110,66 +895,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
} finally {
unlock();
}
SocketPermission p = URLtoSocketPermission(this.url);
if (p != null) {
try {
AccessController.doPrivilegedWithCombiner(
new PrivilegedExceptionAction<>() {
public Void run() throws IOException {
plainConnect0();
return null;
}
}, null, p
);
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
}
} else {
// run without additional permission
plainConnect0();
}
}
/**
* if the caller has a URLPermission for connecting to the
* given URL, then return a SocketPermission which permits
* access to that destination. Return null otherwise. The permission
* is cached in a field (which can only be changed by redirects)
*/
SocketPermission URLtoSocketPermission(URL url) throws IOException {
if (socketPermission != null) {
return socketPermission;
}
@SuppressWarnings("removal")
SecurityManager sm = System.getSecurityManager();
if (sm == null) {
return null;
}
// the permission, which we might grant
SocketPermission newPerm = new SocketPermission(
getHostAndPort(url), "connect"
);
String actions = getRequestMethod()+":" +
getUserSetHeaders().getHeaderNamesInList();
String urlstring = url.getProtocol() + "://" + url.getAuthority()
+ url.getPath();
URLPermission p = new URLPermission(urlstring, actions);
try {
sm.checkPermission(p);
socketPermission = newPerm;
return socketPermission;
} catch (SecurityException e) {
// fall thru
}
return null;
plainConnect0();
}
protected void plainConnect0() throws IOException {
@ -1215,14 +941,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
/**
* Do we have to use a proxy?
*/
@SuppressWarnings("removal")
ProxySelector sel =
java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<>() {
public ProxySelector run() {
return ProxySelector.getDefault();
}
});
final ProxySelector sel = ProxySelector.getDefault();
if (sel != null) {
URI uri = sun.net.www.ParseUtil.toURI(url);
if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
@ -1399,29 +1118,12 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
* - get input, [read input,] get output, [write output]
*/
@SuppressWarnings("removal")
@Override
public OutputStream getOutputStream() throws IOException {
lock();
try {
connecting = true;
SocketPermission p = URLtoSocketPermission(this.url);
if (p != null) {
try {
return AccessController.doPrivilegedWithCombiner(
new PrivilegedExceptionAction<>() {
public OutputStream run() throws IOException {
return getOutputStream0();
}
}, null, p
);
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
}
} else {
return getOutputStream0();
}
return getOutputStream0();
} finally {
unlock();
}
@ -1591,29 +1293,12 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
} // end of getting cookies
}
@SuppressWarnings("removal")
@Override
public InputStream getInputStream() throws IOException {
lock();
try {
connecting = true;
SocketPermission p = URLtoSocketPermission(this.url);
if (p != null) {
try {
return AccessController.doPrivilegedWithCombiner(
new PrivilegedExceptionAction<>() {
public InputStream run() throws IOException {
return getInputStream0();
}
}, null, p
);
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
}
} else {
return getInputStream0();
}
return getInputStream0();
} finally {
unlock();
}
@ -2060,17 +1745,9 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
private IOException getChainedException(final IOException rememberedException) {
try {
final Object[] args = { rememberedException.getMessage() };
@SuppressWarnings("removal")
IOException chainedException =
java.security.AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction<>() {
public IOException run() throws Exception {
return (IOException)
rememberedException.getClass()
.getConstructor(new Class<?>[] { String.class })
.newInstance(args);
}
});
IOException chainedException = rememberedException.getClass()
.getConstructor(new Class<?>[] { String.class })
.newInstance(args);
chainedException.initCause(rememberedException);
return chainedException;
} catch (Exception ignored) {
@ -2392,7 +2069,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
* Gets the authentication for an HTTP proxy, and applies it to
* the connection.
*/
@SuppressWarnings({"removal","fallthrough"})
@SuppressWarnings("fallthrough")
private AuthenticationInfo getHttpProxyAuthentication(AuthenticationHeader authhdr)
throws IOException {
@ -2430,44 +2107,40 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
proxyAuthKey = AuthenticationInfo.getProxyAuthKey(host, port, realm, authScheme);
ret = AuthenticationInfo.getProxyAuth(proxyAuthKey, authCache);
if (ret == null) {
switch (authScheme) {
case BASIC:
InetAddress addr = null;
try {
final String finalHost = host;
addr = java.security.AccessController.doPrivileged(
new java.security.PrivilegedExceptionAction<>() {
public InetAddress run()
throws java.net.UnknownHostException {
return InetAddress.getByName(finalHost);
}
});
} catch (java.security.PrivilegedActionException ignored) {
// User will have an unknown host.
ret = switch (authScheme) {
case BASIC -> {
InetAddress addr = null;
try {
addr = InetAddress.getByName(host);
} catch (UnknownHostException uhe) {
// Ignore the exception. The Authenticator instance will
// be passed a null InetAddress when requesting a password from the
// Authenticator.
}
final PasswordAuthentication a = requestPassword(authenticator,
host, addr, port, "http",
realm, scheme, url, RequestorType.PROXY);
if (a != null) {
yield new BasicAuthentication(true, host, port, realm, a, isUTF8);
}
yield null;
}
PasswordAuthentication a =
privilegedRequestPasswordAuthentication(
authenticator,
host, addr, port, "http",
realm, scheme, url, RequestorType.PROXY);
if (a != null) {
ret = new BasicAuthentication(true, host, port, realm, a, isUTF8);
case DIGEST -> {
final PasswordAuthentication a = requestPassword(authenticator,
host, null, port, url.getProtocol(),
realm, scheme, url, RequestorType.PROXY);
if (a != null) {
DigestAuthentication.Parameters params =
new DigestAuthentication.Parameters();
yield new DigestAuthentication(true, host, port, realm,
scheme, a, params);
}
yield null;
}
break;
case DIGEST:
a = privilegedRequestPasswordAuthentication(
authenticator,
host, null, port, url.getProtocol(),
realm, scheme, url, RequestorType.PROXY);
if (a != null) {
DigestAuthentication.Parameters params =
new DigestAuthentication.Parameters();
ret = new DigestAuthentication(true, host, port, realm,
scheme, a, params);
}
break;
case NTLM:
if (NTLMAuthenticationProxy.supported) {
case NTLM -> {
if (!NTLMAuthenticationProxy.supported) {
yield null;
}
/* tryTransparentNTLMProxy will always be true the first
* time around, but verify that the platform supports it
* otherwise don't try. */
@ -2484,14 +2157,14 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
}
}
a = null;
PasswordAuthentication a = null;
if (tryTransparentNTLMProxy) {
logger.finest("Trying Transparent NTLM authentication");
} else {
a = privilegedRequestPasswordAuthentication(
authenticator,
host, null, port, url.getProtocol(),
"", scheme, url, RequestorType.PROXY);
a = requestPassword(
authenticator,
host, null, port, url.getProtocol(),
"", scheme, url, RequestorType.PROXY);
validateNTLMCredentials(a);
}
/* If we are not trying transparent authentication then
@ -2500,29 +2173,27 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
* and password will be picked up from the current logged
* on users credentials.
*/
AuthenticationInfo authInfo = null;
if (tryTransparentNTLMProxy ||
(!tryTransparentNTLMProxy && a != null)) {
ret = NTLMAuthenticationProxy.proxy.create(true, host, port, a);
(!tryTransparentNTLMProxy && a != null)) {
authInfo = NTLMAuthenticationProxy.proxy.create(true, host, port, a);
}
/* set to false so that we do not try again */
tryTransparentNTLMProxy = false;
yield authInfo;
}
break;
case NEGOTIATE:
ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Negotiate"));
break;
case KERBEROS:
ret = new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Kerberos"));
break;
case UNKNOWN:
if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
logger.finest("Unknown/Unsupported authentication scheme: " + scheme);
case NEGOTIATE ->
new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Negotiate"));
case KERBEROS ->
new NegotiateAuthentication(new HttpCallerInfo(authhdr.getHttpCallerInfo(), "Kerberos"));
case UNKNOWN -> {
if (logger.isLoggable(PlatformLogger.Level.FINEST)) {
logger.finest("Unknown/Unsupported authentication scheme: " + scheme);
}
yield null;
}
/*fall through*/
default:
throw new AssertionError("should not reach here");
}
};
}
if (ret != null) {
if (!ret.setHeaders(this, p, raw)) {
@ -2604,7 +2275,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
break;
case BASIC:
PasswordAuthentication a =
privilegedRequestPasswordAuthentication(
requestPassword(
authenticator,
url.getHost(), addr, port, url.getProtocol(),
realm, scheme, url, RequestorType.SERVER);
@ -2613,7 +2284,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
}
break;
case DIGEST:
a = privilegedRequestPasswordAuthentication(
a = requestPassword(
authenticator,
url.getHost(), addr, port, url.getProtocol(),
realm, scheme, url, RequestorType.SERVER);
@ -2650,7 +2321,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
if (tryTransparentNTLMServer) {
logger.finest("Trying Transparent NTLM authentication");
} else {
a = privilegedRequestPasswordAuthentication(
a = requestPassword(
authenticator,
url.getHost(), addr, port, url.getProtocol(),
"", scheme, url, RequestorType.SERVER);
@ -2753,7 +2424,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
* resets the url, re-connects, and resets the request
* property.
*/
@SuppressWarnings("removal")
private boolean followRedirect() throws IOException {
if (!getInstanceFollowRedirects()) {
return false;
@ -2783,27 +2453,7 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
// treat loc as a relative URI to conform to popular browsers
locUrl = newURL(url, loc);
}
final URL locUrl0 = locUrl;
socketPermission = null; // force recalculation
SocketPermission p = URLtoSocketPermission(locUrl);
if (p != null) {
try {
return AccessController.doPrivilegedWithCombiner(
new PrivilegedExceptionAction<>() {
public Boolean run() throws IOException {
return followRedirect0(loc, stat, locUrl0);
}
}, null, p
);
} catch (PrivilegedActionException e) {
throw (IOException) e.getException();
}
} else {
// run without additional permission
return followRedirect0(loc, stat, locUrl);
}
return followRedirect0(loc, stat, locUrl);
}
/* Tells us whether to follow a redirect. If so, it
@ -2838,12 +2488,6 @@ public class HttpURLConnection extends java.net.HttpURLConnection {
String proxyHost = locUrl.getHost();
int proxyPort = locUrl.getPort();
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
security.checkConnect(proxyHost, proxyPort);
}
setProxiedClient (url, proxyHost, proxyPort);
requests.set(0, method + " " + getRequestURI()+" " +
httpVersion, null);

14
src/java.base/share/classes/sun/net/www/protocol/http/NegotiateAuthentication.java
View File

@ -36,7 +36,6 @@ import java.util.concurrent.locks.ReentrantLock;
import sun.net.www.HeaderParser;
import static sun.net.www.protocol.http.AuthScheme.NEGOTIATE;
import static sun.net.www.protocol.http.AuthScheme.KERBEROS;
import sun.security.action.GetPropertyAction;
/**
* NegotiateAuthentication:
@ -45,10 +44,7 @@ import sun.security.action.GetPropertyAction;
* @since 1.6
*/
class NegotiateAuthentication extends AuthenticationInfo {
@java.io.Serial
private static final long serialVersionUID = 100L;
final class NegotiateAuthentication extends AuthenticationInfo {
private final HttpCallerInfo hci;
@ -61,14 +57,6 @@ class NegotiateAuthentication extends AuthenticationInfo {
static ThreadLocal <HashMap <String, Negotiator>> cache = null;
private static final ReentrantLock negotiateLock = new ReentrantLock();
/* Whether cache is enabled for Negotiate/Kerberos */
private static final boolean cacheSPNEGO;
static {
String spnegoCacheProp =
GetPropertyAction.privilegedGetProperty("jdk.spnego.cache", "true");
cacheSPNEGO = Boolean.parseBoolean(spnegoCacheProp);
}
// The HTTP Negotiate Helper
private Negotiator negotiator = null;

122
src/java.base/share/classes/sun/net/www/protocol/https/HttpsClient.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2001, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2001, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -30,7 +30,6 @@ import java.io.IOException;
import java.io.UnsupportedEncodingException;
import java.io.PrintStream;
import java.io.BufferedOutputStream;
import java.net.InetAddress;
import java.net.Socket;
import java.net.SocketException;
import java.net.URL;
@ -48,7 +47,6 @@ import javax.net.ssl.*;
import sun.net.www.http.HttpClient;
import sun.net.www.protocol.http.AuthCacheImpl;
import sun.net.www.protocol.http.HttpURLConnection;
import sun.security.action.*;
import sun.security.util.HostnameChecker;
import sun.security.ssl.SSLSocketImpl;
@ -138,10 +136,8 @@ final class HttpsClient extends HttpClient
//
// If ciphers are assigned, sort them into an array.
//
String ciphers [];
String cipherString =
GetPropertyAction.privilegedGetProperty("https.cipherSuites");
String[] ciphers;
String cipherString = System.getProperty("https.cipherSuites");
if (cipherString == null || cipherString.isEmpty()) {
ciphers = null;
} else {
@ -162,10 +158,8 @@ final class HttpsClient extends HttpClient
//
// If protocols are assigned, sort them into an array.
//
String protocols [];
String protocolString =
GetPropertyAction.privilegedGetProperty("https.protocols");
String[] protocols;
String protocolString = System.getProperty("https.protocols");
if (protocolString == null || protocolString.isEmpty()) {
protocols = null;
} else {
@ -183,65 +177,12 @@ final class HttpsClient extends HttpClient
return protocols;
}
private String getUserAgent() {
String userAgent =
GetPropertyAction.privilegedGetProperty("https.agent");
if (userAgent == null || userAgent.isEmpty()) {
userAgent = "JSSE";
}
return userAgent;
}
// CONSTRUCTOR, FACTORY
/**
* Create an HTTPS client URL. Traffic will be tunneled through any
* intermediate nodes rather than proxied, so that confidentiality
* of data exchanged can be preserved. However, note that all the
* anonymous SSL flavors are subject to "person-in-the-middle"
* attacks against confidentiality. If you enable use of those
* flavors, you may be giving up the protection you get through
* SSL tunneling.
*
* Use New to get new HttpsClient. This constructor is meant to be
* used only by New method. New properly checks for URL spoofing.
*
* @param url https URL with which a connection must be established
*/
private HttpsClient(SSLSocketFactory sf, URL url)
throws IOException
{
// HttpClient-level proxying is always disabled,
// because we override doConnect to do tunneling instead.
this(sf, url, (String)null, -1);
}
/**
* Create an HTTPS client URL. Traffic will be tunneled through
* the specified proxy server.
*/
HttpsClient(SSLSocketFactory sf, URL url, String proxyHost, int proxyPort)
throws IOException {
this(sf, url, proxyHost, proxyPort, -1);
}
/**
* Create an HTTPS client URL. Traffic will be tunneled through
* Create an HTTPS client URL. Traffic will be tunneled through
* the specified proxy server, with a connect timeout
*/
HttpsClient(SSLSocketFactory sf, URL url, String proxyHost, int proxyPort,
int connectTimeout)
throws IOException {
this(sf, url,
(proxyHost == null? null:
HttpClient.newHttpProxy(proxyHost, proxyPort, "https")),
connectTimeout);
}
/**
* Same as previous constructor except using a Proxy
*/
HttpsClient(SSLSocketFactory sf, URL url, Proxy proxy,
int connectTimeout)
throws IOException {
@ -268,37 +209,6 @@ final class HttpsClient extends HttpClient
// This code largely ripped off from HttpClient.New, and
// it uses the same keepalive cache.
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv,
HttpURLConnection httpuc)
throws IOException {
return HttpsClient.New(sf, url, hv, true, httpuc);
}
/** See HttpClient for the model for this method. */
static HttpClient New(SSLSocketFactory sf, URL url,
HostnameVerifier hv, boolean useCache,
HttpURLConnection httpuc) throws IOException {
return HttpsClient.New(sf, url, hv, (String)null, -1, useCache, httpuc);
}
/**
* Get a HTTPS client to the URL. Traffic will be tunneled through
* the specified proxy server.
*/
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv,
String proxyHost, int proxyPort,
HttpURLConnection httpuc) throws IOException {
return HttpsClient.New(sf, url, hv, proxyHost, proxyPort, true, httpuc);
}
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv,
String proxyHost, int proxyPort, boolean useCache,
HttpURLConnection httpuc)
throws IOException {
return HttpsClient.New(sf, url, hv, proxyHost, proxyPort, useCache, -1,
httpuc);
}
static HttpClient New(SSLSocketFactory sf, URL url, HostnameVerifier hv,
String proxyHost, int proxyPort, boolean useCache,
int connectTimeout, HttpURLConnection httpuc)
@ -379,15 +289,6 @@ final class HttpsClient extends HttpClient
ret.authcache = httpuc.getAuthCache();
}
} else {
@SuppressWarnings("removal")
SecurityManager security = System.getSecurityManager();
if (security != null) {
if (ret.proxy == Proxy.NO_PROXY || ret.proxy == null) {
security.checkConnect(InetAddress.getByName(url.getHost()).getHostAddress(), url.getPort());
} else {
security.checkConnect(url.getHost(), url.getPort());
}
}
ret.url = url;
}
ret.setHostnameVerifier(hv);
@ -395,22 +296,17 @@ final class HttpsClient extends HttpClient
return ret;
}
// METHODS
void setHostnameVerifier(HostnameVerifier hv) {
private void setHostnameVerifier(HostnameVerifier hv) {
this.hv = hv;
}
void setSSLSocketFactory(SSLSocketFactory sf) {
private void setSSLSocketFactory(SSLSocketFactory sf) {
sslSocketFactory = sf;
}
SSLSocketFactory getSSLSocketFactory() {
return sslSocketFactory;
}
/**
* The following method, createSocket, is defined in NetworkClient
* and overridden here so that the socket facroty is used to create
* and overridden here so that the socket factory is used to create
* new sockets.
*/
@Override

4
src/java.base/unix/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
View File

@ -35,7 +35,6 @@ import java.net.URL;
import java.security.GeneralSecurityException;
import java.util.Base64;
import java.util.Locale;
import java.util.Objects;
import java.util.Properties;
import sun.net.www.HeaderParser;
@ -70,8 +69,7 @@ import sun.security.action.GetPropertyAction;
* through a proxy, rather between client and proxy, or between client and server (with no proxy)
*/
public class NTLMAuthentication extends AuthenticationInfo {
private static final long serialVersionUID = 170L;
public final class NTLMAuthentication extends AuthenticationInfo {
private static final NTLMAuthenticationCallback NTLMAuthCallback =
NTLMAuthenticationCallback.getNTLMAuthenticationCallback();

48
src/java.base/windows/classes/sun/net/www/protocol/http/ntlm/NTLMAuthentication.java
View File

@ -1,5 +1,5 @@
/*
* Copyright (c) 2002, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2002, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@ -31,14 +31,11 @@ import java.net.PasswordAuthentication;
import java.net.UnknownHostException;
import java.net.URL;
import java.util.Locale;
import java.util.Objects;
import java.util.Properties;
import sun.net.NetProperties;
import sun.net.www.HeaderParser;
import sun.net.www.protocol.http.AuthenticationInfo;
import sun.net.www.protocol.http.AuthScheme;
import sun.net.www.protocol.http.HttpURLConnection;
import sun.security.action.GetPropertyAction;
/**
* NTLMAuthentication:
@ -46,14 +43,11 @@ import sun.security.action.GetPropertyAction;
* @author Michael McMahon
*/
public class NTLMAuthentication extends AuthenticationInfo {
private static final long serialVersionUID = 100L;
public final class NTLMAuthentication extends AuthenticationInfo {
private static final NTLMAuthenticationCallback NTLMAuthCallback =
NTLMAuthenticationCallback.getNTLMAuthenticationCallback();
NTLMAuthenticationCallback.getNTLMAuthenticationCallback();
private String hostname;
/* Domain to use if not specified by user */
private static final String defaultDomain;
/* Whether cache is enabled for NTLM */
@ -68,18 +62,10 @@ public class NTLMAuthentication extends AuthenticationInfo {
private static final TransparentAuth authMode;
static {
Properties props = GetPropertyAction.privilegedGetProperties();
defaultDomain = props.getProperty("http.auth.ntlm.domain", "domain");
String ntlmCacheProp = props.getProperty("jdk.ntlm.cache", "true");
defaultDomain = System.getProperty("http.auth.ntlm.domain", "domain");
String ntlmCacheProp = System.getProperty("jdk.ntlm.cache", "true");
ntlmCache = Boolean.parseBoolean(ntlmCacheProp);
@SuppressWarnings("removal")
String modeProp = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
public String run() {
return NetProperties.get("jdk.http.ntlm.transparentAuth");
}
});
String modeProp = NetProperties.get("jdk.http.ntlm.transparentAuth");
if ("trustedHosts".equalsIgnoreCase(modeProp))
authMode = TransparentAuth.TRUSTED_HOSTS;
else if ("allHosts".equalsIgnoreCase(modeProp))
@ -88,27 +74,6 @@ public class NTLMAuthentication extends AuthenticationInfo {
authMode = TransparentAuth.DISABLED;
}
@SuppressWarnings("removal")
private void init0() {
hostname = java.security.AccessController.doPrivileged(
new java.security.PrivilegedAction<String>() {
public String run() {
String localhost;
try {
localhost = InetAddress.getLocalHost().getHostName().toUpperCase(Locale.ROOT);
} catch (UnknownHostException e) {
localhost = "localhost";
}
return localhost;
}
});
int x = hostname.indexOf ('.');
if (x != -1) {
hostname = hostname.substring (0, x);
}
}
String username;
String ntdomain;
String password;
@ -147,7 +112,6 @@ public class NTLMAuthentication extends AuthenticationInfo {
ntdomain = null;
password = null;
}
init0();
}
/**