/* * Copyright (c) 2020, 2024, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ /* * @test * @bug 8244205 * @summary checks that a different proxy returned for * the same host:port is taken into account * @library /test/lib /test/jdk/java/net/httpclient/lib * @build DigestEchoServer ProxySelectorTest jdk.httpclient.test.lib.http2.Http2TestServer * jdk.test.lib.net.SimpleSSLContext * @run testng/othervm * -Djdk.http.auth.tunneling.disabledSchemes * -Djdk.httpclient.HttpClient.log=headers,requests * -Djdk.internal.httpclient.debug=true * ProxySelectorTest */ import com.sun.net.httpserver.HttpServer; import com.sun.net.httpserver.HttpsConfigurator; import com.sun.net.httpserver.HttpsServer; import jdk.test.lib.net.SimpleSSLContext; import org.testng.ITestContext; import org.testng.ITestResult; import org.testng.SkipException; import org.testng.annotations.AfterClass; import org.testng.annotations.AfterTest; import org.testng.annotations.BeforeMethod; import org.testng.annotations.BeforeTest; import org.testng.annotations.DataProvider; import org.testng.annotations.Test; import javax.net.ssl.SSLContext; import java.io.IOException; import java.io.InputStream; import java.net.InetAddress; import java.net.InetSocketAddress; import java.net.Proxy; import java.net.ProxySelector; import java.net.SocketAddress; import java.net.URI; import java.net.http.HttpClient; import java.net.http.HttpRequest; import java.net.http.HttpResponse; import java.net.http.HttpResponse.BodyHandlers; import java.util.Arrays; import java.util.List; import java.util.Optional; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.ConcurrentMap; import java.util.concurrent.ExecutionException; import java.util.concurrent.Executor; import java.util.concurrent.Executors; import java.util.concurrent.atomic.AtomicLong; import java.util.concurrent.atomic.AtomicReference; import java.util.stream.Collectors; import jdk.httpclient.test.lib.common.HttpServerAdapters; import jdk.httpclient.test.lib.http2.Http2TestServer; import static java.lang.System.err; import static java.lang.System.out; import static java.net.http.HttpClient.Version.HTTP_1_1; import static java.net.http.HttpClient.Version.HTTP_2; import static java.nio.charset.StandardCharsets.UTF_8; import static org.testng.Assert.assertEquals; public class ProxySelectorTest implements HttpServerAdapters { SSLContext sslContext; HttpTestServer httpTestServer; // HTTP/1.1 HttpTestServer proxyHttpTestServer; // HTTP/1.1 HttpTestServer authProxyHttpTestServer; // HTTP/1.1 HttpTestServer http2TestServer; // HTTP/2 ( h2c ) HttpTestServer httpsTestServer; // HTTPS/1.1 HttpTestServer https2TestServer; // HTTP/2 ( h2 ) DigestEchoServer.TunnelingProxy proxy; DigestEchoServer.TunnelingProxy authproxy; String httpURI; String httpsURI; String proxyHttpURI; String authProxyHttpURI; String http2URI; String https2URI; HttpClient client; final ReferenceTracker TRACKER = ReferenceTracker.INSTANCE; static final long SLEEP_AFTER_TEST = 0; // milliseconds static final int ITERATIONS = 3; static final Executor executor = new TestExecutor(Executors.newCachedThreadPool()); static final ConcurrentMap FAILURES = new ConcurrentHashMap<>(); static volatile boolean tasksFailed; static final AtomicLong serverCount = new AtomicLong(); static final AtomicLong clientCount = new AtomicLong(); static final long start = System.nanoTime(); public static String now() { long now = System.nanoTime() - start; long secs = now / 1000_000_000; long mill = (now % 1000_000_000) / 1000_000; long nan = now % 1000_000; return String.format("[%d s, %d ms, %d ns] ", secs, mill, nan); } static class TestExecutor implements Executor { final AtomicLong tasks = new AtomicLong(); Executor executor; TestExecutor(Executor executor) { this.executor = executor; } @Override public void execute(Runnable command) { long id = tasks.incrementAndGet(); executor.execute(() -> { try { command.run(); } catch (Throwable t) { tasksFailed = true; out.printf(now() + "Task %s failed: %s%n", id, t); err.printf(now() + "Task %s failed: %s%n", id, t); FAILURES.putIfAbsent("Task " + id, t); throw t; } }); } } protected boolean stopAfterFirstFailure() { return Boolean.getBoolean("jdk.internal.httpclient.debug"); } final AtomicReference skiptests = new AtomicReference<>(); void checkSkip() { var skip = skiptests.get(); if (skip != null) throw skip; } static String name(ITestResult result) { var params = result.getParameters(); return result.getName() + (params == null ? "()" : Arrays.toString(result.getParameters())); } @BeforeMethod void beforeMethod(ITestContext context) { if (stopAfterFirstFailure() && context.getFailedTests().size() > 0) { if (skiptests.get() == null) { SkipException skip = new SkipException("some tests failed"); skip.setStackTrace(new StackTraceElement[0]); skiptests.compareAndSet(null, skip); } } } @AfterClass static final void printFailedTests() { out.println("\n========================="); try { // Exceptions should already have been added to FAILURES // var failed = context.getFailedTests().getAllResults().stream() // .collect(Collectors.toMap(r -> name(r), ITestResult::getThrowable)); // FAILURES.putAll(failed); out.printf("%n%sCreated %d servers and %d clients%n", now(), serverCount.get(), clientCount.get()); if (FAILURES.isEmpty()) return; out.println("Failed tests: "); FAILURES.entrySet().forEach((e) -> { out.printf("\t%s: %s%n", e.getKey(), e.getValue()); e.getValue().printStackTrace(out); e.getValue().printStackTrace(); }); if (tasksFailed) { out.println("WARNING: Some tasks failed"); } } finally { out.println("\n=========================\n"); } } /* * NOT_MODIFIED status code results from a conditional GET where * the server does not (must not) return a response body because * the condition specified in the request disallows it */ static final int UNAUTHORIZED = 401; static final int PROXY_UNAUTHORIZED = 407; static final int HTTP_OK = 200; static final String MESSAGE = "Unauthorized"; enum Schemes { HTTP, HTTPS } @DataProvider(name = "all") public Object[][] positive() { return new Object[][] { { Schemes.HTTP, HTTP_1_1, httpURI, true}, { Schemes.HTTP, HttpClient.Version.HTTP_2, http2URI, true}, { Schemes.HTTPS, HTTP_1_1, httpsURI, true}, { Schemes.HTTPS, HttpClient.Version.HTTP_2, https2URI, true}, { Schemes.HTTP, HTTP_1_1, httpURI, false}, { Schemes.HTTP, HttpClient.Version.HTTP_2, http2URI, false}, { Schemes.HTTPS, HTTP_1_1, httpsURI, false}, { Schemes.HTTPS, HttpClient.Version.HTTP_2, https2URI, false}, }; } static final AtomicLong requestCounter = new AtomicLong(); static final AtomicLong sleepCount = new AtomicLong(); @Test(dataProvider = "all") void test(Schemes scheme, HttpClient.Version version, String uri, boolean async) throws Throwable { checkSkip(); var name = String.format("test(%s, %s, %s)", scheme, version, async); out.printf("%n---- starting %s ----%n", name); for (int i=0; i 1) out.printf("---- ITERATION %d%n",i); try { doTest(scheme, version, uri, async); long count = sleepCount.incrementAndGet(); System.err.println(now() + " Sleeping: " + count); Thread.sleep(SLEEP_AFTER_TEST); System.err.println(now() + " Waking up: " + count); } catch (Throwable x) { FAILURES.putIfAbsent(name, x); throw x; } } } private HttpResponse send(HttpClient client, URI uri, HttpResponse.BodyHandler handler, boolean async) throws Throwable { HttpRequest.Builder requestBuilder = HttpRequest .newBuilder(uri) .GET(); HttpRequest request = requestBuilder.build(); out.println("Sending request: " + request.uri()); HttpResponse response = null; if (async) { response = client.send(request, handler); } else { try { response = client.sendAsync(request, handler).get(); } catch (ExecutionException ex) { throw ex.getCause(); } } return response; } private void doTest(Schemes scheme, HttpClient.Version version, String uriString, boolean async) throws Throwable { URI uri1 = URI.create(uriString + "/server/ProxySelectorTest"); URI uri2 = URI.create(uriString + "/proxy/noauth/ProxySelectorTest"); URI uri3 = URI.create(uriString + "/proxy/auth/ProxySelectorTest"); HttpResponse response; // First request should go with a direct connection. // A plain server or https server should serve it, and we should get 200 OK response = send(client, uri1, BodyHandlers.ofString(), async); out.println("Got response from plain server: " + response); assertEquals(response.statusCode(), HTTP_OK); assertEquals(response.headers().firstValue("X-value"), scheme == Schemes.HTTPS ? Optional.of("https-server") : Optional.of("plain-server")); // Second request should go through a non authenticating proxy. // For a clear connection - a proxy-server should serve it, and we should get 200 OK // For an https connection - a tunnel should be established through the non // authenticating proxy - and we should receive 200 OK from an https-server response = send(client, uri2, BodyHandlers.ofString(), async); out.println("Got response through noauth proxy: " + response); assertEquals(response.statusCode(), HTTP_OK); assertEquals(response.headers().firstValue("X-value"), scheme == Schemes.HTTPS ? Optional.of("https-server") : Optional.of("proxy-server")); // Third request should go through an authenticating proxy. // For a clear connection - an auth-proxy-server should serve it, and we // should get 407 // For an https connection - a tunnel should be established through an // authenticating proxy - and we should receive 407 directly from the // proxy - so the X-value header will be absent response = send(client, uri3, BodyHandlers.ofString(), async); out.println("Got response through auth proxy: " + response); assertEquals(response.statusCode(), PROXY_UNAUTHORIZED); assertEquals(response.headers().firstValue("X-value"), scheme == Schemes.HTTPS ? Optional.empty() : Optional.of("auth-proxy-server")); } // -- Infrastructure @BeforeTest public void setup() throws Exception { sslContext = new SimpleSSLContext().get(); if (sslContext == null) throw new AssertionError("Unexpected null sslContext"); httpTestServer = HttpTestServer.create(HTTP_1_1); httpTestServer.addHandler(new PlainServerHandler("plain-server"), "/http1/"); httpURI = "http://" + httpTestServer.serverAuthority() + "/http1"; proxyHttpTestServer = HttpTestServer.create(HTTP_1_1); proxyHttpTestServer.addHandler(new PlainServerHandler("proxy-server"), "/http1/proxy/"); proxyHttpTestServer.addHandler(new PlainServerHandler("proxy-server"), "/http2/proxy/"); proxyHttpURI = "http://" + httpTestServer.serverAuthority() + "/http1"; authProxyHttpTestServer = HttpTestServer.create(HTTP_1_1); authProxyHttpTestServer.addHandler(new UnauthorizedHandler("auth-proxy-server"), "/http1/proxy/"); authProxyHttpTestServer.addHandler(new UnauthorizedHandler("auth-proxy-server"), "/http2/proxy/"); proxyHttpURI = "http://" + httpTestServer.serverAuthority() + "/http1"; httpsTestServer = HttpTestServer.create(HTTP_1_1, sslContext); httpsTestServer.addHandler(new PlainServerHandler("https-server"),"/https1/"); httpsURI = "https://" + httpsTestServer.serverAuthority() + "/https1"; http2TestServer = HttpTestServer.create(HTTP_2); http2TestServer.addHandler(new PlainServerHandler("plain-server"), "/http2/"); http2URI = "http://" + http2TestServer.serverAuthority() + "/http2"; https2TestServer = HttpTestServer.create(HTTP_2, sslContext); https2TestServer.addHandler(new PlainServerHandler("https-server"), "/https2/"); https2URI = "https://" + https2TestServer.serverAuthority() + "/https2"; proxy = DigestEchoServer.createHttpsProxyTunnel(DigestEchoServer.HttpAuthSchemeType.NONE); authproxy = DigestEchoServer.createHttpsProxyTunnel(DigestEchoServer.HttpAuthSchemeType.BASIC); client = TRACKER.track(HttpClient.newBuilder() .proxy(new TestProxySelector()) .sslContext(sslContext) .executor(executor) .build()); clientCount.incrementAndGet(); httpTestServer.start(); serverCount.incrementAndGet(); proxyHttpTestServer.start(); serverCount.incrementAndGet(); authProxyHttpTestServer.start(); serverCount.incrementAndGet(); httpsTestServer.start(); serverCount.incrementAndGet(); http2TestServer.start(); serverCount.incrementAndGet(); https2TestServer.start(); serverCount.incrementAndGet(); } @AfterTest public void teardown() throws Exception { client = null; Thread.sleep(100); AssertionError fail = TRACKER.check(500); try { proxy.stop(); authproxy.stop(); httpTestServer.stop(); proxyHttpTestServer.stop(); authProxyHttpTestServer.stop(); httpsTestServer.stop(); http2TestServer.stop(); https2TestServer.stop(); } finally { if (fail != null) throw fail; } } class TestProxySelector extends ProxySelector { @Override public List select(URI uri) { String path = uri.getPath(); out.println("Selecting proxy for: " + uri); if (path.contains("/proxy/")) { if (path.contains("/http1/") || path.contains("/http2/")) { // Simple proxying var p = path.contains("/auth/") ? authProxyHttpTestServer : proxyHttpTestServer; return List.of(new Proxy(Proxy.Type.HTTP, p.getAddress())); } else { // Both HTTPS or HTTPS/2 require tunnelling var p = path.contains("/auth/") ? authproxy : proxy; return List.of(new Proxy(Proxy.Type.HTTP, p.getProxyAddress())); } } System.out.print("NO_PROXY for " + uri); return List.of(Proxy.NO_PROXY); } @Override public void connectFailed(URI uri, SocketAddress sa, IOException ioe) { System.err.printf("Connect failed for: uri=\"%s\", sa=\"%s\", ioe=%s%n", uri, sa, ioe); } } static class PlainServerHandler implements HttpTestHandler { final String serverType; PlainServerHandler(String serverType) { this.serverType = serverType; } @Override public void handle(HttpTestExchange t) throws IOException { readAllRequestData(t); // shouldn't be any String method = t.getRequestMethod(); String path = t.getRequestURI().getPath(); HttpTestRequestHeaders reqh = t.getRequestHeaders(); HttpTestResponseHeaders rsph = t.getResponseHeaders(); String xValue = serverType; rsph.addHeader("X-value", serverType); t.getResponseHeaders().addHeader("X-value", xValue); byte[] body = "RESPONSE".getBytes(UTF_8); t.sendResponseHeaders(HTTP_OK, body.length); try (var out = t.getResponseBody()) { out.write(body); } } } static class UnauthorizedHandler implements HttpTestHandler { final String serverType; UnauthorizedHandler(String serverType) { this.serverType = serverType; } @Override public void handle(HttpTestExchange t) throws IOException { readAllRequestData(t); // shouldn't be any String method = t.getRequestMethod(); String path = t.getRequestURI().getPath(); HttpTestRequestHeaders reqh = t.getRequestHeaders(); HttpTestResponseHeaders rsph = t.getResponseHeaders(); String xValue = serverType; String srv = path.contains("/proxy/") ? "proxy" : "server"; String prefix = path.contains("/proxy/") ? "Proxy-" : "WWW-"; int code = path.contains("/proxy/") ? PROXY_UNAUTHORIZED : UNAUTHORIZED; String resp = prefix + "Unauthorized"; rsph.addHeader(prefix + "Authenticate", "Basic realm=\"earth\", charset=\"UTF-8\""); byte[] body = resp.getBytes(UTF_8); t.getResponseHeaders().addHeader("X-value", xValue); t.sendResponseHeaders(code, body.length); try (var out = t.getResponseBody()) { out.write(body); } } } static void readAllRequestData(HttpTestExchange t) throws IOException { try (InputStream is = t.getRequestBody()) { is.readAllBytes(); } } }