4fe2edae59
Move SimpleSSLContext.java and testkeys to test/lib/jdk/test/lib/net Reviewed-by: chegar
419 lines
17 KiB
Java
419 lines
17 KiB
Java
/*
|
|
* Copyright (c) 2017, 2018, Oracle and/or its affiliates. All rights reserved.
|
|
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
|
|
*
|
|
* This code is free software; you can redistribute it and/or modify it
|
|
* under the terms of the GNU General Public License version 2 only, as
|
|
* published by the Free Software Foundation.
|
|
*
|
|
* This code is distributed in the hope that it will be useful, but WITHOUT
|
|
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
|
|
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
|
|
* version 2 for more details (a copy is included in the LICENSE file that
|
|
* accompanied this code).
|
|
*
|
|
* You should have received a copy of the GNU General Public License version
|
|
* 2 along with this work; if not, write to the Free Software Foundation,
|
|
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
|
|
*
|
|
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
|
|
* or visit www.oracle.com if you need additional information or have any
|
|
* questions.
|
|
*/
|
|
|
|
import com.sun.net.httpserver.HttpContext;
|
|
import com.sun.net.httpserver.HttpExchange;
|
|
import com.sun.net.httpserver.HttpHandler;
|
|
import com.sun.net.httpserver.HttpServer;
|
|
import com.sun.net.httpserver.HttpsConfigurator;
|
|
import com.sun.net.httpserver.HttpsParameters;
|
|
import com.sun.net.httpserver.HttpsServer;
|
|
import java.io.IOException;
|
|
import java.io.InputStream;
|
|
import java.io.OutputStream;
|
|
import java.io.OutputStreamWriter;
|
|
import java.io.PrintWriter;
|
|
import java.io.Writer;
|
|
import java.net.HttpURLConnection;
|
|
import java.net.InetAddress;
|
|
import java.net.InetSocketAddress;
|
|
import java.net.Proxy;
|
|
import java.net.ProxySelector;
|
|
import java.net.ServerSocket;
|
|
import java.net.Socket;
|
|
import java.net.SocketAddress;
|
|
import java.net.URI;
|
|
import java.net.URISyntaxException;
|
|
import java.nio.charset.StandardCharsets;
|
|
import java.security.NoSuchAlgorithmException;
|
|
import java.util.List;
|
|
import java.util.concurrent.CompletableFuture;
|
|
import java.util.concurrent.CopyOnWriteArrayList;
|
|
import javax.net.ssl.HostnameVerifier;
|
|
import javax.net.ssl.HttpsURLConnection;
|
|
import javax.net.ssl.SSLContext;
|
|
import javax.net.ssl.SSLSession;
|
|
import java.net.http.HttpClient;
|
|
import java.net.http.HttpRequest;
|
|
import java.net.http.HttpResponse;
|
|
import jdk.test.lib.net.SimpleSSLContext;
|
|
|
|
/**
|
|
* @test
|
|
* @bug 8185852 8181422
|
|
* @summary Verifies that passing a proxy with an unresolved address does
|
|
* not cause java.nio.channels.UnresolvedAddressException.
|
|
* Verifies that downgrading from HTTP/2 to HTTP/1.1 works through
|
|
* an SSL Tunnel connection when the client is HTTP/2 and the server
|
|
* and proxy are HTTP/1.1
|
|
* @modules java.net.http
|
|
* @library /test/lib
|
|
* @build jdk.test.lib.net.SimpleSSLContext ProxyTest
|
|
* @run main/othervm ProxyTest
|
|
* @author danielfuchs
|
|
*/
|
|
public class ProxyTest {
|
|
|
|
static {
|
|
try {
|
|
HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() {
|
|
public boolean verify(String hostname, SSLSession session) {
|
|
return true;
|
|
}
|
|
});
|
|
SSLContext.setDefault(new SimpleSSLContext().get());
|
|
} catch (IOException ex) {
|
|
throw new ExceptionInInitializerError(ex);
|
|
}
|
|
}
|
|
|
|
static final String RESPONSE = "<html><body><p>Hello World!</body></html>";
|
|
static final String PATH = "/foo/";
|
|
|
|
static HttpServer createHttpsServer() throws IOException, NoSuchAlgorithmException {
|
|
HttpsServer server = com.sun.net.httpserver.HttpsServer.create();
|
|
HttpContext context = server.createContext(PATH);
|
|
context.setHandler(new HttpHandler() {
|
|
@Override
|
|
public void handle(HttpExchange he) throws IOException {
|
|
he.getResponseHeaders().add("encoding", "UTF-8");
|
|
he.sendResponseHeaders(200, RESPONSE.length());
|
|
he.getResponseBody().write(RESPONSE.getBytes(StandardCharsets.UTF_8));
|
|
he.close();
|
|
}
|
|
});
|
|
|
|
server.setHttpsConfigurator(new Configurator(SSLContext.getDefault()));
|
|
InetSocketAddress addr = new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);
|
|
server.bind(addr, 0);
|
|
return server;
|
|
}
|
|
|
|
public static void main(String[] args)
|
|
throws IOException,
|
|
URISyntaxException,
|
|
NoSuchAlgorithmException,
|
|
InterruptedException
|
|
{
|
|
HttpServer server = createHttpsServer();
|
|
server.start();
|
|
try {
|
|
test(server, HttpClient.Version.HTTP_1_1);
|
|
test(server, HttpClient.Version.HTTP_2);
|
|
} finally {
|
|
server.stop(0);
|
|
System.out.println("Server stopped");
|
|
}
|
|
}
|
|
|
|
/**
|
|
* A Proxy Selector that wraps a ProxySelector.of(), and counts the number
|
|
* of times its select method has been invoked. This can be used to ensure
|
|
* that the Proxy Selector is invoked only once per HttpClient.sendXXX
|
|
* invocation.
|
|
*/
|
|
static class CountingProxySelector extends ProxySelector {
|
|
private final ProxySelector proxySelector;
|
|
private volatile int count; // 0
|
|
private CountingProxySelector(InetSocketAddress proxyAddress) {
|
|
proxySelector = ProxySelector.of(proxyAddress);
|
|
}
|
|
|
|
public static CountingProxySelector of(InetSocketAddress proxyAddress) {
|
|
return new CountingProxySelector(proxyAddress);
|
|
}
|
|
|
|
int count() { return count; }
|
|
|
|
@Override
|
|
public List<Proxy> select(URI uri) {
|
|
count++;
|
|
return proxySelector.select(uri);
|
|
}
|
|
|
|
@Override
|
|
public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {
|
|
proxySelector.connectFailed(uri, sa, ioe);
|
|
}
|
|
}
|
|
|
|
public static void test(HttpServer server, HttpClient.Version version)
|
|
throws IOException,
|
|
URISyntaxException,
|
|
NoSuchAlgorithmException,
|
|
InterruptedException
|
|
{
|
|
System.out.println("Server is: " + server.getAddress().toString());
|
|
System.out.println("Verifying communication with server");
|
|
URI uri = new URI("https://localhost:"
|
|
+ server.getAddress().getPort() + PATH + "x");
|
|
try (InputStream is = uri.toURL().openConnection().getInputStream()) {
|
|
String resp = new String(is.readAllBytes(), StandardCharsets.UTF_8);
|
|
System.out.println(resp);
|
|
if (!RESPONSE.equals(resp)) {
|
|
throw new AssertionError("Unexpected response from server");
|
|
}
|
|
}
|
|
System.out.println("Communication with server OK");
|
|
|
|
TunnelingProxy proxy = new TunnelingProxy(server);
|
|
proxy.start();
|
|
try {
|
|
System.out.println("Proxy started");
|
|
Proxy p = new Proxy(Proxy.Type.HTTP,
|
|
InetSocketAddress.createUnresolved("localhost",
|
|
proxy.getAddress().getPort()));
|
|
System.out.println("Verifying communication with proxy");
|
|
HttpURLConnection conn = (HttpURLConnection)uri.toURL().openConnection(p);
|
|
try (InputStream is = conn.getInputStream()) {
|
|
String resp = new String(is.readAllBytes(), StandardCharsets.UTF_8);
|
|
System.out.println(resp);
|
|
if (!RESPONSE.equals(resp)) {
|
|
throw new AssertionError("Unexpected response from proxy");
|
|
}
|
|
}
|
|
System.out.println("Communication with proxy OK");
|
|
System.out.println("\nReal test begins here.");
|
|
System.out.println("Setting up request with HttpClient for version: "
|
|
+ version.name());
|
|
CountingProxySelector ps = CountingProxySelector.of(
|
|
InetSocketAddress.createUnresolved("localhost",
|
|
proxy.getAddress().getPort()));
|
|
HttpClient client = HttpClient.newBuilder()
|
|
.version(version)
|
|
.proxy(ps)
|
|
.build();
|
|
HttpRequest request = HttpRequest.newBuilder()
|
|
.uri(uri)
|
|
.GET()
|
|
.build();
|
|
|
|
System.out.println("Sending request with HttpClient");
|
|
HttpResponse<String> response
|
|
= client.send(request, HttpResponse.BodyHandlers.ofString());
|
|
System.out.println("Got response");
|
|
String resp = response.body();
|
|
System.out.println("Received: " + resp);
|
|
if (!RESPONSE.equals(resp)) {
|
|
throw new AssertionError("Unexpected response");
|
|
}
|
|
if (ps.count() > 1) {
|
|
throw new AssertionError("CountingProxySelector. Expected 1, got " + ps.count());
|
|
}
|
|
} finally {
|
|
System.out.println("Stopping proxy");
|
|
proxy.stop();
|
|
System.out.println("Proxy stopped");
|
|
}
|
|
}
|
|
|
|
static class TunnelingProxy {
|
|
final Thread accept;
|
|
final ServerSocket ss;
|
|
final boolean DEBUG = false;
|
|
final HttpServer serverImpl;
|
|
final CopyOnWriteArrayList<CompletableFuture<Void>> connectionCFs
|
|
= new CopyOnWriteArrayList<>();
|
|
private volatile boolean stopped;
|
|
TunnelingProxy(HttpServer serverImpl) throws IOException {
|
|
this.serverImpl = serverImpl;
|
|
ss = new ServerSocket();
|
|
accept = new Thread(this::accept);
|
|
accept.setDaemon(true);
|
|
}
|
|
|
|
void start() throws IOException {
|
|
ss.bind(new InetSocketAddress(InetAddress.getLoopbackAddress(), 0));
|
|
accept.start();
|
|
}
|
|
|
|
// Pipe the input stream to the output stream.
|
|
private synchronized Thread pipe(InputStream is, OutputStream os,
|
|
char tag, CompletableFuture<Void> end) {
|
|
return new Thread("TunnelPipe("+tag+")") {
|
|
@Override
|
|
public void run() {
|
|
try {
|
|
try {
|
|
int c;
|
|
while ((c = is.read()) != -1) {
|
|
os.write(c);
|
|
os.flush();
|
|
// if DEBUG prints a + or a - for each transferred
|
|
// character.
|
|
if (DEBUG) System.out.print(tag);
|
|
}
|
|
is.close();
|
|
} finally {
|
|
os.close();
|
|
}
|
|
} catch (IOException ex) {
|
|
if (DEBUG) ex.printStackTrace(System.out);
|
|
} finally {
|
|
end.complete(null);
|
|
}
|
|
}
|
|
};
|
|
}
|
|
|
|
public InetSocketAddress getAddress() {
|
|
return new InetSocketAddress(InetAddress.getLoopbackAddress(),
|
|
ss.getLocalPort());
|
|
}
|
|
|
|
// This is a bit shaky. It doesn't handle continuation
|
|
// lines, but our client shouldn't send any.
|
|
// Read a line from the input stream, swallowing the final
|
|
// \r\n sequence. Stops at the first \n, doesn't complain
|
|
// if it wasn't preceded by '\r'.
|
|
//
|
|
String readLine(InputStream r) throws IOException {
|
|
StringBuilder b = new StringBuilder();
|
|
int c;
|
|
while ((c = r.read()) != -1) {
|
|
if (c == '\n') break;
|
|
b.appendCodePoint(c);
|
|
}
|
|
if (b.codePointAt(b.length() -1) == '\r') {
|
|
b.delete(b.length() -1, b.length());
|
|
}
|
|
return b.toString();
|
|
}
|
|
|
|
public void accept() {
|
|
Socket clientConnection = null;
|
|
try {
|
|
while (!stopped) {
|
|
System.out.println("Tunnel: Waiting for client");
|
|
Socket toClose;
|
|
try {
|
|
toClose = clientConnection = ss.accept();
|
|
} catch (IOException io) {
|
|
if (DEBUG) io.printStackTrace(System.out);
|
|
break;
|
|
}
|
|
System.out.println("Tunnel: Client accepted");
|
|
Socket targetConnection = null;
|
|
InputStream ccis = clientConnection.getInputStream();
|
|
OutputStream ccos = clientConnection.getOutputStream();
|
|
Writer w = new OutputStreamWriter(ccos, "UTF-8");
|
|
PrintWriter pw = new PrintWriter(w);
|
|
System.out.println("Tunnel: Reading request line");
|
|
String requestLine = readLine(ccis);
|
|
System.out.println("Tunnel: Request status line: " + requestLine);
|
|
if (requestLine.startsWith("CONNECT ")) {
|
|
// We should probably check that the next word following
|
|
// CONNECT is the host:port of our HTTPS serverImpl.
|
|
// Some improvement for a followup!
|
|
|
|
// Read all headers until we find the empty line that
|
|
// signals the end of all headers.
|
|
while(!requestLine.equals("")) {
|
|
System.out.println("Tunnel: Reading header: "
|
|
+ (requestLine = readLine(ccis)));
|
|
}
|
|
|
|
// Open target connection
|
|
targetConnection = new Socket(
|
|
InetAddress.getLoopbackAddress(),
|
|
serverImpl.getAddress().getPort());
|
|
|
|
// Then send the 200 OK response to the client
|
|
System.out.println("Tunnel: Sending "
|
|
+ "HTTP/1.1 200 OK\r\n\r\n");
|
|
pw.print("HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n");
|
|
pw.flush();
|
|
} else {
|
|
// This should not happen. If it does then just print an
|
|
// error - both on out and err, and close the accepted
|
|
// socket
|
|
System.out.println("WARNING: Tunnel: Unexpected status line: "
|
|
+ requestLine + " received by "
|
|
+ ss.getLocalSocketAddress()
|
|
+ " from "
|
|
+ toClose.getRemoteSocketAddress()
|
|
+ " - closing accepted socket");
|
|
// Print on err
|
|
System.err.println("WARNING: Tunnel: Unexpected status line: "
|
|
+ requestLine + " received by "
|
|
+ ss.getLocalSocketAddress()
|
|
+ " from "
|
|
+ toClose.getRemoteSocketAddress());
|
|
// close accepted socket.
|
|
toClose.close();
|
|
System.err.println("Tunnel: accepted socket closed.");
|
|
continue;
|
|
}
|
|
|
|
// Pipe the input stream of the client connection to the
|
|
// output stream of the target connection and conversely.
|
|
// Now the client and target will just talk to each other.
|
|
System.out.println("Tunnel: Starting tunnel pipes");
|
|
CompletableFuture<Void> end, end1, end2;
|
|
Thread t1 = pipe(ccis, targetConnection.getOutputStream(), '+',
|
|
end1 = new CompletableFuture<>());
|
|
Thread t2 = pipe(targetConnection.getInputStream(), ccos, '-',
|
|
end2 = new CompletableFuture<>());
|
|
end = CompletableFuture.allOf(end1, end2);
|
|
end.whenComplete(
|
|
(r,t) -> {
|
|
try { toClose.close(); } catch (IOException x) { }
|
|
finally {connectionCFs.remove(end);}
|
|
});
|
|
connectionCFs.add(end);
|
|
t1.start();
|
|
t2.start();
|
|
}
|
|
} catch (Throwable ex) {
|
|
try {
|
|
ss.close();
|
|
} catch (IOException ex1) {
|
|
ex.addSuppressed(ex1);
|
|
}
|
|
ex.printStackTrace(System.err);
|
|
} finally {
|
|
System.out.println("Tunnel: exiting (stopped=" + stopped + ")");
|
|
connectionCFs.forEach(cf -> cf.complete(null));
|
|
}
|
|
}
|
|
|
|
public void stop() throws IOException {
|
|
stopped = true;
|
|
ss.close();
|
|
}
|
|
|
|
}
|
|
|
|
static class Configurator extends HttpsConfigurator {
|
|
public Configurator(SSLContext ctx) {
|
|
super(ctx);
|
|
}
|
|
|
|
@Override
|
|
public void configure (HttpsParameters params) {
|
|
params.setSSLParameters (getSSLContext().getSupportedSSLParameters());
|
|
}
|
|
}
|
|
|
|
}
|