From c77eb16a790375c6fa4b712683f2767b3225761d Mon Sep 17 00:00:00 2001 From: Chris Hegarty Date: Mon, 16 Jan 2012 18:05:29 +0000 Subject: [PATCH] 7129083: CookieManager does not store cookies if url is read before setting cookie manager Reviewed-by: michaelm --- .../classes/sun/net/www/http/HttpClient.java | 11 +- .../www/protocol/http/HttpURLConnection.java | 4 + .../net/www/protocol/https/HttpsClient.java | 8 - .../http/HttpClient/CookieHttpClientTest.java | 112 +++++++ .../CookieHttpsClientTest.java | 283 ++++++++++++++++++ 5 files changed, 400 insertions(+), 18 deletions(-) create mode 100644 jdk/test/sun/net/www/http/HttpClient/CookieHttpClientTest.java create mode 100644 jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CookieHttpsClientTest.java diff --git a/jdk/src/share/classes/sun/net/www/http/HttpClient.java b/jdk/src/share/classes/sun/net/www/http/HttpClient.java index fa8184f5927..140cc9191f2 100644 --- a/jdk/src/share/classes/sun/net/www/http/HttpClient.java +++ b/jdk/src/share/classes/sun/net/www/http/HttpClient.java @@ -47,8 +47,6 @@ public class HttpClient extends NetworkClient { private boolean inCache; - protected CookieHandler cookieHandler; - // Http requests we send MessageHeader requests; @@ -201,14 +199,6 @@ public class HttpClient extends NetworkClient { } setConnectTimeout(to); - // get the cookieHandler if there is any - cookieHandler = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { - public CookieHandler run() { - return CookieHandler.getDefault(); - } - }); - capture = HttpCapture.getCapture(url); openServer(); } @@ -656,6 +646,7 @@ public class HttpClient extends NetworkClient { // we've finished parsing http headers // check if there are any applicable cookies to set (in cache) + CookieHandler cookieHandler = httpuc.getCookieHandler(); if (cookieHandler != null) { URI uri = ParseUtil.toURI(url); // NOTE: That cast from Map shouldn't be necessary but diff --git a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java index 8e894c7188e..719ddc46a74 100644 --- a/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java +++ b/jdk/src/share/classes/sun/net/www/protocol/http/HttpURLConnection.java @@ -2903,6 +2903,10 @@ public class HttpURLConnection extends java.net.HttpURLConnection { return readTimeout < 0 ? 0 : readTimeout; } + public CookieHandler getCookieHandler() { + return cookieHandler; + } + String getMethod() { return method; } diff --git a/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java b/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java index c83860b14c6..fe570d4b9db 100644 --- a/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java +++ b/jdk/src/share/classes/sun/net/www/protocol/https/HttpsClient.java @@ -36,7 +36,6 @@ import java.net.URL; import java.net.UnknownHostException; import java.net.InetSocketAddress; import java.net.Proxy; -import java.net.CookieHandler; import java.security.Principal; import java.security.cert.*; import java.util.StringTokenizer; @@ -268,13 +267,6 @@ final class HttpsClient extends HttpClient port = getDefaultPort(); } setConnectTimeout(connectTimeout); - // get the cookieHandler if there is any - cookieHandler = java.security.AccessController.doPrivileged( - new java.security.PrivilegedAction() { - public CookieHandler run() { - return CookieHandler.getDefault(); - } - }); openServer(); } diff --git a/jdk/test/sun/net/www/http/HttpClient/CookieHttpClientTest.java b/jdk/test/sun/net/www/http/HttpClient/CookieHttpClientTest.java new file mode 100644 index 00000000000..e2c14229302 --- /dev/null +++ b/jdk/test/sun/net/www/http/HttpClient/CookieHttpClientTest.java @@ -0,0 +1,112 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7129083 + * @summary Cookiemanager does not store cookies if url is read + * before setting cookiemanager + */ + +import java.net.CookieHandler; +import java.net.CookieManager; +import java.net.CookiePolicy; +import java.net.ServerSocket; +import java.net.Socket; +import java.net.URL; +import java.io.InputStream; +import java.io.IOException; + +public class CookieHttpClientTest implements Runnable { + final ServerSocket ss; + static final int TIMEOUT = 10 * 1000; + + static final String replyString = "HTTP/1.1 200 OK\r\n" + + "Set-Cookie: name=test\r\n" + + "Content-Length: 10\r\n\r\n" + + "1234567890"; + + // HTTP server, reply with Set-Cookie + @Override + public void run() { + Socket s = null; + try { + s = ss.accept(); + s.setSoTimeout(TIMEOUT); + readOneRequest(s.getInputStream()); + s.getOutputStream().write(replyString.getBytes()); + + readOneRequest(s.getInputStream()); + s.getOutputStream().write(replyString.getBytes()); + } catch (Exception e) { + e.printStackTrace(); + } finally { + try { if (s != null) { s.close(); } ss.close(); } + catch (IOException unused) { /* gulp!burp! */ } + } + } + + static final byte[] requestEnd = new byte[] {'\r', '\n', '\r', '\n' }; + + // Read until the end of a HTTP request + static void readOneRequest(InputStream is) throws IOException { + int requestEndCount = 0, r; + while ((r = is.read()) != -1) { + if (r == requestEnd[requestEndCount]) { + requestEndCount++; + if (requestEndCount == 4) { + break; + } + } else { + requestEndCount = 0; + } + } + } + + CookieHttpClientTest() throws Exception { + /* start the server */ + ss = new ServerSocket(0); + (new Thread(this)).start(); + + URL url = new URL("http://localhost:" + ss.getLocalPort() +"/"); + + // Run without a CookieHandler first + InputStream in = url.openConnection().getInputStream(); + while (in.read() != -1); // read response body so connection can be reused + + // Set a CookeHandler and retest using the HttpClient from the KAC + CookieManager manager = new CookieManager(null, CookiePolicy.ACCEPT_ALL); + CookieHandler.setDefault(manager); + + in = url.openConnection().getInputStream(); + while (in.read() != -1); + + if (manager.getCookieStore().getCookies().isEmpty()) { + throw new RuntimeException("Failed: No cookies in the cookie Handler."); + } + } + + public static void main(String args[]) throws Exception { + new CookieHttpClientTest(); + } +} diff --git a/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CookieHttpsClientTest.java b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CookieHttpsClientTest.java new file mode 100644 index 00000000000..6996ca06359 --- /dev/null +++ b/jdk/test/sun/security/ssl/sun/net/www/protocol/https/HttpsURLConnection/CookieHttpsClientTest.java @@ -0,0 +1,283 @@ +/* + * Copyright (c) 2012, Oracle and/or its affiliates. All rights reserved. + * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. + * + * This code is free software; you can redistribute it and/or modify it + * under the terms of the GNU General Public License version 2 only, as + * published by the Free Software Foundation. + * + * This code is distributed in the hope that it will be useful, but WITHOUT + * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or + * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License + * version 2 for more details (a copy is included in the LICENSE file that + * accompanied this code). + * + * You should have received a copy of the GNU General Public License version + * 2 along with this work; if not, write to the Free Software Foundation, + * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. + * + * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA + * or visit www.oracle.com if you need additional information or have any + * questions. + */ + +/* + * @test + * @bug 7129083 + * @summary Cookiemanager does not store cookies if url is read + * before setting cookiemanager + */ + +import java.net.CookieHandler; +import java.net.CookieManager; +import java.net.CookiePolicy; +import java.net.URL; +import java.io.InputStream; +import java.io.IOException; +import javax.net.ssl.HostnameVerifier; +import javax.net.ssl.HttpsURLConnection; +import javax.net.ssl.SSLServerSocket; +import javax.net.ssl.SSLServerSocketFactory; +import javax.net.ssl.SSLSession; +import javax.net.ssl.SSLSocket; + +public class CookieHttpsClientTest { + static final int TIMEOUT = 10 * 1000; + + static final String replyString = "HTTP/1.1 200 OK\r\n" + + "Set-Cookie: name=test\r\n" + + "Content-Length: 10\r\n\r\n" + + "1234567890"; + + /* + * ============================================================= + * Set the various variables needed for the tests, then + * specify what tests to run on each side. + */ + + /* + * Should we run the client or server in a separate thread? + * Both sides can throw exceptions, but do you have a preference + * as to which side should be the main thread. + */ + static boolean separateServerThread = true; + + /* + * Where do we find the keystores? + */ + static String pathToStores = "../../../../../../etc"; + static String keyStoreFile = "keystore"; + static String trustStoreFile = "truststore"; + static String passwd = "passphrase"; + + /* + * Is the server ready to serve? + */ + volatile static boolean serverReady = false; + + /* + * Turn on SSL debugging? + */ + static boolean debug = false; + + /* + * Define the server side of the test. + * + * If the server prematurely exits, serverReady will be set to true + * to avoid infinite hangs. + */ + void doServerSide() throws Exception { + SSLServerSocketFactory sslssf = + (SSLServerSocketFactory) SSLServerSocketFactory.getDefault(); + SSLServerSocket sslServerSocket = + (SSLServerSocket) sslssf.createServerSocket(serverPort); + serverPort = sslServerSocket.getLocalPort(); + + /* + * Signal Client, we're ready for his connect. + */ + serverReady = true; + SSLSocket sslSocket = null; + try { + sslSocket = (SSLSocket) sslServerSocket.accept(); + sslSocket.setSoTimeout(TIMEOUT); + readOneRequest(sslSocket.getInputStream()); + sslSocket.getOutputStream().write(replyString.getBytes()); + + readOneRequest(sslSocket.getInputStream()); + sslSocket.getOutputStream().write(replyString.getBytes()); + } catch (Exception e) { + e.printStackTrace(); + } finally { + try { + if (sslSocket != null) { sslSocket.close(); } + sslServerSocket.close(); + } catch (IOException unused) { /* gulp!burp! */ } + } + } + + /* + * Define the client side of the test. + * + * If the server prematurely exits, serverReady will be set to true + * to avoid infinite hangs. + */ + void doClientSide() throws Exception { + // Wait for server to get started. + while (!serverReady) { + Thread.sleep(50); + } + + HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { + public boolean verify(String hostname, SSLSession session) { + return true; + }}); + + URL url = new URL("https://localhost:" + serverPort +"/"); + + // Run without a CookieHandler first + InputStream in = url.openConnection().getInputStream(); + while (in.read() != -1); // read response body so connection can be reused + + // Set a CookeHandler and retest using the HttpClient from the KAC + CookieManager manager = new CookieManager(null, CookiePolicy.ACCEPT_ALL); + CookieHandler.setDefault(manager); + + in = url.openConnection().getInputStream(); + while (in.read() != -1); + + if (manager.getCookieStore().getCookies().isEmpty()) { + throw new RuntimeException("Failed: No cookies in the cookie Handler."); + } + } + + static final byte[] requestEnd = new byte[] {'\r', '\n', '\r', '\n' }; + + // Read until the end of a HTTP request + static void readOneRequest(InputStream is) throws IOException { + int requestEndCount = 0, r; + while ((r = is.read()) != -1) { + if (r == requestEnd[requestEndCount]) { + requestEndCount++; + if (requestEndCount == 4) { + break; + } + } else { + requestEndCount = 0; + } + } + } + + /* + * ============================================================= + * The remainder is just support stuff + */ + + // use any free port by default + volatile int serverPort = 0; + + volatile Exception serverException = null; + volatile Exception clientException = null; + + public static void main(String args[]) throws Exception { + String keyFilename = + System.getProperty("test.src", "./") + "/" + pathToStores + + "/" + keyStoreFile; + String trustFilename = + System.getProperty("test.src", "./") + "/" + pathToStores + + "/" + trustStoreFile; + + System.setProperty("javax.net.ssl.keyStore", keyFilename); + System.setProperty("javax.net.ssl.keyStorePassword", passwd); + System.setProperty("javax.net.ssl.trustStore", trustFilename); + System.setProperty("javax.net.ssl.trustStorePassword", passwd); + + if (debug) + System.setProperty("javax.net.debug", "all"); + + new CookieHttpsClientTest(); + } + + Thread clientThread = null; + Thread serverThread = null; + /* + * Primary constructor, used to drive remainder of the test. + * + * Fork off the other side, then do your work. + */ + CookieHttpsClientTest() throws Exception { + if (separateServerThread) { + startServer(true); + startClient(false); + } else { + startClient(true); + startServer(false); + } + + /* + * Wait for other side to close down. + */ + if (separateServerThread) { + serverThread.join(); + } else { + clientThread.join(); + } + + /* + * When we get here, the test is pretty much over. + * + * If the main thread excepted, that propagates back + * immediately. If the other thread threw an exception, we + * should report back. + */ + if (serverException != null) + throw serverException; + if (clientException != null) + throw clientException; + } + + void startServer(boolean newThread) throws Exception { + if (newThread) { + serverThread = new Thread() { + public void run() { + try { + doServerSide(); + } catch (Exception e) { + /* + * Our server thread just died. + * + * Release the client, if not active already... + */ + System.err.println("Server died..."); + serverReady = true; + serverException = e; + } + } + }; + serverThread.start(); + } else { + doServerSide(); + } + } + + void startClient(boolean newThread) throws Exception { + if (newThread) { + clientThread = new Thread() { + public void run() { + try { + doClientSide(); + } catch (Exception e) { + /* + * Our client thread just died. + */ + System.err.println("Client died..."); + clientException = e; + } + } + }; + clientThread.start(); + } else { + doClientSide(); + } + } +}