/* * Copyright (c) 2014, Oracle and/or its affiliates. All rights reserved. * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. * * This code is free software; you can redistribute it and/or modify it * under the terms of the GNU General Public License version 2 only, as * published by the Free Software Foundation. * * This code is distributed in the hope that it will be useful, but WITHOUT * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License * version 2 for more details (a copy is included in the LICENSE file that * accompanied this code). * * You should have received a copy of the GNU General Public License version * 2 along with this work; if not, write to the Free Software Foundation, * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. * * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA * or visit www.oracle.com if you need additional information or have any * questions. */ import java.io.*; import java.net.*; import java.security.*; import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.concurrent.atomic.AtomicBoolean; import java.util.regex.Matcher; import java.util.regex.Pattern; import javax.net.ServerSocketFactory; import javax.net.SocketFactory; import javax.net.ssl.*; /** * @test * @bug 8025710 * @summary Proxied https connection reuse by HttpClient can send CONNECT to the server */ public class B8025710 { private final static AtomicBoolean connectInServer = new AtomicBoolean(); private static final String keystorefile = System.getProperty("test.src", "./") + "/../../../../../javax/net/ssl/etc/keystore"; private static final String passphrase = "passphrase"; public static void main(String[] args) throws Exception { new B8025710().runTest(); if (connectInServer.get()) throw new RuntimeException("TEST FAILED: server got proxy header"); else System.out.println("TEST PASSED"); } private void runTest() throws Exception { ProxyServer proxyServer = new ProxyServer(); HttpServer httpServer = new HttpServer(); httpServer.start(); proxyServer.start(); URL url = new URL("https", InetAddress.getLocalHost().getHostName(), httpServer.getPort(), "/"); Proxy proxy = new Proxy(Proxy.Type.HTTP, proxyServer.getAddress()); HttpsURLConnection.setDefaultSSLSocketFactory(createTestSSLSocketFactory()); // Make two connections. The bug occurs when the second request is made for (int i = 0; i < 2; i++) { System.out.println("Client: Requesting " + url.toExternalForm() + " via " + proxy.toString() + " (attempt " + (i + 1) + " of 2)"); HttpsURLConnection connection = (HttpsURLConnection) url.openConnection(proxy); connection.setRequestMethod("POST"); connection.setDoInput(true); connection.setDoOutput(true); connection.setRequestProperty("User-Agent", "Test/1.0"); connection.getOutputStream().write("Hello, world!".getBytes("UTF-8")); if (connection.getResponseCode() != 200) { System.err.println("Client: Unexpected response code " + connection.getResponseCode()); break; } String response = readLine(connection.getInputStream()); if (!"Hi!".equals(response)) { System.err.println("Client: Unexpected response body: " + response); } } httpServer.close(); proxyServer.close(); httpServer.join(); proxyServer.join(); } class ProxyServer extends Thread implements Closeable { private final ServerSocket proxySocket; private final Pattern connectLinePattern = Pattern.compile("^CONNECT ([^: ]+):([0-9]+) HTTP/[0-9.]+$"); private final String PROXY_RESPONSE = "HTTP/1.0 200 Connection Established\r\n" + "Proxy-Agent: TestProxy/1.0\r\n" + "\r\n"; ProxyServer() throws Exception { super("ProxyServer Thread"); // Create the http proxy server socket proxySocket = ServerSocketFactory.getDefault().createServerSocket(); proxySocket.bind(new InetSocketAddress(InetAddress.getLocalHost(), 0)); } public SocketAddress getAddress() { return proxySocket.getLocalSocketAddress(); } @Override public void close() throws IOException { proxySocket.close(); } @Override public void run() { ArrayList threads = new ArrayList<>(); int connectionCount = 0; try { while (connectionCount++ < 2) { final Socket clientSocket = proxySocket.accept(); final int proxyConnectionCount = connectionCount; System.out.println("Proxy: NEW CONNECTION " + proxyConnectionCount); Thread t = new Thread("ProxySocket" + proxyConnectionCount) { @Override public void run() { try { String firstLine = readHeader(clientSocket.getInputStream()); Matcher connectLineMatcher = connectLinePattern.matcher(firstLine); if (!connectLineMatcher.matches()) { System.out.println("Proxy: Unexpected" + " request to the proxy: " + firstLine); return; } String host = connectLineMatcher.group(1); String portStr = connectLineMatcher.group(2); int port = Integer.parseInt(portStr); Socket serverSocket = SocketFactory.getDefault() .createSocket(host, port); clientSocket.getOutputStream() .write(PROXY_RESPONSE.getBytes("UTF-8")); ProxyTunnel copyToClient = new ProxyTunnel(serverSocket, clientSocket); ProxyTunnel copyToServer = new ProxyTunnel(clientSocket, serverSocket); copyToClient.start(); copyToServer.start(); copyToClient.join(); // here copyToClient.close() would not provoke the // bug ( since it would trigger the retry logic in // HttpURLConnction.writeRequests ), so close only // the output to get the connection in this state. clientSocket.shutdownOutput(); try { Thread.sleep(3000); } catch (InterruptedException ignored) { } // now close all connections to finish the test copyToServer.close(); copyToClient.close(); } catch (IOException | NumberFormatException | InterruptedException e) { e.printStackTrace(); } } }; threads.add(t); t.start(); } for (Thread t: threads) t.join(); } catch (IOException | InterruptedException e) { e.printStackTrace(); } } } /** * This inner class provides unidirectional data flow through the sockets * by continuously copying bytes from the input socket onto the output * socket, until both sockets are open and EOF has not been received. */ class ProxyTunnel extends Thread { private final Socket sockIn; private final Socket sockOut; private final InputStream input; private final OutputStream output; public ProxyTunnel(Socket sockIn, Socket sockOut) throws IOException { super("ProxyTunnel"); this.sockIn = sockIn; this.sockOut = sockOut; input = sockIn.getInputStream(); output = sockOut.getOutputStream(); } public void run() { byte[] buf = new byte[8192]; int bytesRead; try { while ((bytesRead = input.read(buf)) >= 0) { output.write(buf, 0, bytesRead); output.flush(); } } catch (IOException ignored) { close(); } } public void close() { try { if (!sockIn.isClosed()) sockIn.close(); if (!sockOut.isClosed()) sockOut.close(); } catch (IOException ignored) { } } } /** * the server thread */ class HttpServer extends Thread implements Closeable { private final ServerSocket serverSocket; private final SSLSocketFactory sslSocketFactory; private final String serverResponse = "HTTP/1.1 200 OK\r\n" + "Content-Type: text/plain\r\n" + "Content-Length: 3\r\n" + "\r\n" + "Hi!"; private int connectionCount = 0; HttpServer() throws Exception { super("HttpServer Thread"); KeyStore ks = KeyStore.getInstance("JKS"); ks.load(new FileInputStream(keystorefile), passphrase.toCharArray()); KeyManagerFactory factory = KeyManagerFactory.getInstance("SunX509"); factory.init(ks, passphrase.toCharArray()); SSLContext ctx = SSLContext.getInstance("TLS"); ctx.init(factory.getKeyManagers(), null, null); sslSocketFactory = ctx.getSocketFactory(); // Create the server that the test wants to connect to via the proxy serverSocket = ServerSocketFactory.getDefault().createServerSocket(); serverSocket.bind(new InetSocketAddress(InetAddress.getLocalHost(), 0)); } public int getPort() { return serverSocket.getLocalPort(); } @Override public void close() throws IOException { serverSocket.close(); } @Override public void run() { try { while (connectionCount++ < 2) { Socket socket = serverSocket.accept(); System.out.println("Server: NEW CONNECTION " + connectionCount); SSLSocket sslSocket = (SSLSocket) sslSocketFactory .createSocket(socket,null, getPort(), false); sslSocket.setUseClientMode(false); sslSocket.startHandshake(); String firstLine = readHeader(sslSocket.getInputStream()); if (firstLine != null && firstLine.contains("CONNECT")) { System.out.println("Server: BUG! HTTP CONNECT" + " encountered: " + firstLine); connectInServer.set(true); } // write the success response, the request body is not read. // close only output and keep input open. OutputStream out = sslSocket.getOutputStream(); out.write(serverResponse.getBytes("UTF-8")); socket.shutdownOutput(); } } catch (IOException e) { e.printStackTrace(); } } } /** * read the header and return only the first line. * * @param inputStream the stream to read from * @return the first line of the stream * @throws IOException if reading failed */ private static String readHeader(InputStream inputStream) throws IOException { String line; String firstLine = null; while ((line = readLine(inputStream)) != null && line.length() > 0) { if (firstLine == null) { firstLine = line; } } return firstLine; } /** * read a line from stream. * * @param inputStream the stream to read from * @return the line * @throws IOException if reading failed */ private static String readLine(InputStream inputStream) throws IOException { final StringBuilder line = new StringBuilder(); int ch; while ((ch = inputStream.read()) != -1) { if (ch == '\r') { continue; } if (ch == '\n') { break; } line.append((char) ch); } return line.toString(); } private SSLSocketFactory createTestSSLSocketFactory() { HttpsURLConnection.setDefaultHostnameVerifier(new HostnameVerifier() { @Override public boolean verify(String hostname, SSLSession sslSession) { // ignore the cert's CN; it's not important to this test return true; } }); // Set up the socket factory to use a trust manager that trusts all // certs, since trust validation isn't important to this test final TrustManager[] trustAllCertChains = new TrustManager[] { new X509TrustManager() { @Override public X509Certificate[] getAcceptedIssuers() { return null; } @Override public void checkClientTrusted(X509Certificate[] certs, String authType) { } @Override public void checkServerTrusted(X509Certificate[] certs, String authType) { } } }; final SSLContext sc; try { sc = SSLContext.getInstance("TLS"); } catch (NoSuchAlgorithmException e) { throw new RuntimeException(e); } try { sc.init(null, trustAllCertChains, new java.security.SecureRandom()); } catch (KeyManagementException e) { throw new RuntimeException(e); } return sc.getSocketFactory(); } }