rev 55686 : 8227587: Add internal privileged System.loadLibrary Reviewed-by: rriggs, mchung
1 /* 2 * Copyright (c) 2003, 2018, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.net.spi; 27 28 import java.net.InetSocketAddress; 29 import java.net.Proxy; 30 import java.net.ProxySelector; 31 import java.net.SocketAddress; 32 import java.net.URI; 33 import java.util.Collections; 34 import java.util.List; 35 import java.io.IOException; 36 import java.security.AccessController; 37 import java.security.PrivilegedAction; 38 import java.util.StringJoiner; 39 import java.util.regex.Pattern; 40 import java.util.stream.Stream; 41 import sun.net.NetProperties; 42 import sun.net.SocksProxy; 43 import static java.util.regex.Pattern.quote; 44 import static java.util.stream.Collectors.collectingAndThen; 45 import static java.util.stream.Collectors.toList; 46 47 /** 48 * Supports proxy settings using system properties This proxy selector 49 * provides backward compatibility with the old http protocol handler 50 * as far as how proxy is set 51 * 52 * Most of the implementation copied from the old http protocol handler 53 * 54 * Supports http/https/ftp.proxyHost, http/https/ftp.proxyPort, 55 * proxyHost, proxyPort, and http/https/ftp.nonProxyHost, and socks. 56 */ 57 public class DefaultProxySelector extends ProxySelector { 58 59 /** 60 * This is where we define all the valid System Properties we have to 61 * support for each given protocol. 62 * The format of this 2 dimensional array is : 63 * - 1 row per protocol (http, ftp, ...) 64 * - 1st element of each row is the protocol name 65 * - subsequent elements are prefixes for Host & Port properties 66 * listed in order of priority. 67 * Example: 68 * {"ftp", "ftp.proxy", "ftpProxy", "proxy", "socksProxy"}, 69 * means for FTP we try in that oder: 70 * + ftp.proxyHost & ftp.proxyPort 71 * + ftpProxyHost & ftpProxyPort 72 * + proxyHost & proxyPort 73 * + socksProxyHost & socksProxyPort 74 * 75 * Note that the socksProxy should *always* be the last on the list 76 */ 77 static final String[][] props = { 78 /* 79 * protocol, Property prefix 1, Property prefix 2, ... 80 */ 81 {"http", "http.proxy", "proxy", "socksProxy"}, 82 {"https", "https.proxy", "proxy", "socksProxy"}, 83 {"ftp", "ftp.proxy", "ftpProxy", "proxy", "socksProxy"}, 84 {"socket", "socksProxy"} 85 }; 86 87 private static final String SOCKS_PROXY_VERSION = "socksProxyVersion"; 88 89 private static boolean hasSystemProxies = false; 90 91 private static final List<Proxy> NO_PROXY_LIST = List.of(Proxy.NO_PROXY); 92 93 static { 94 final String key = "java.net.useSystemProxies"; 95 Boolean b = AccessController.doPrivileged( 96 new PrivilegedAction<Boolean>() { 97 public Boolean run() { 98 return NetProperties.getBoolean(key); 99 }}); 100 if (b != null && b.booleanValue()) { 101 java.security.AccessController.doPrivileged( 102 new java.security.PrivilegedAction<Void>() { 103 public Void run() { 104 System.loadLibrary("net"); 105 return null; 106 } 107 }); 108 hasSystemProxies = init(); 109 } 110 } 111 112 public static int socksProxyVersion() { 113 return AccessController.doPrivileged( 114 new PrivilegedAction<Integer>() { 115 @Override public Integer run() { 116 return NetProperties.getInteger(SOCKS_PROXY_VERSION, 5); 117 } 118 }); 119 } 120 121 /** 122 * How to deal with "non proxy hosts": 123 * since we do have to generate a pattern we don't want to do that if 124 * it's not necessary. Therefore we do cache the result, on a per-protocol 125 * basis, and change it only when the "source", i.e. the system property, 126 * did change. 127 */ 128 129 static class NonProxyInfo { 130 // Default value for nonProxyHosts, this provides backward compatibility 131 // by excluding localhost and its litteral notations. 132 static final String defStringVal = "localhost|127.*|[::1]|0.0.0.0|[::0]"; 133 134 String hostsSource; 135 Pattern pattern; 136 final String property; 137 final String defaultVal; 138 static NonProxyInfo ftpNonProxyInfo = new NonProxyInfo("ftp.nonProxyHosts", null, null, defStringVal); 139 static NonProxyInfo httpNonProxyInfo = new NonProxyInfo("http.nonProxyHosts", null, null, defStringVal); 140 static NonProxyInfo socksNonProxyInfo = new NonProxyInfo("socksNonProxyHosts", null, null, defStringVal); 141 142 NonProxyInfo(String p, String s, Pattern pattern, String d) { 143 property = p; 144 hostsSource = s; 145 this.pattern = pattern; 146 defaultVal = d; 147 } 148 } 149 150 151 /** 152 * select() method. Where all the hard work is done. 153 * Build a list of proxies depending on URI. 154 * Since we're only providing compatibility with the system properties 155 * from previous releases (see list above), that list will typically 156 * contain one single proxy, default being NO_PROXY. 157 * If we can get a system proxy it might contain more entries. 158 */ 159 public java.util.List<Proxy> select(URI uri) { 160 if (uri == null) { 161 throw new IllegalArgumentException("URI can't be null."); 162 } 163 String protocol = uri.getScheme(); 164 String host = uri.getHost(); 165 166 if (host == null) { 167 // This is a hack to ensure backward compatibility in two 168 // cases: 1. hostnames contain non-ascii characters, 169 // internationalized domain names. in which case, URI will 170 // return null, see BugID 4957669; 2. Some hostnames can 171 // contain '_' chars even though it's not supposed to be 172 // legal, in which case URI will return null for getHost, 173 // but not for getAuthority() See BugID 4913253 174 String auth = uri.getAuthority(); 175 if (auth != null) { 176 int i; 177 i = auth.indexOf('@'); 178 if (i >= 0) { 179 auth = auth.substring(i+1); 180 } 181 i = auth.lastIndexOf(':'); 182 if (i >= 0) { 183 auth = auth.substring(0,i); 184 } 185 host = auth; 186 } 187 } 188 189 if (protocol == null || host == null) { 190 throw new IllegalArgumentException("protocol = "+protocol+" host = "+host); 191 } 192 193 NonProxyInfo pinfo = null; 194 195 if ("http".equalsIgnoreCase(protocol)) { 196 pinfo = NonProxyInfo.httpNonProxyInfo; 197 } else if ("https".equalsIgnoreCase(protocol)) { 198 // HTTPS uses the same property as HTTP, for backward 199 // compatibility 200 pinfo = NonProxyInfo.httpNonProxyInfo; 201 } else if ("ftp".equalsIgnoreCase(protocol)) { 202 pinfo = NonProxyInfo.ftpNonProxyInfo; 203 } else if ("socket".equalsIgnoreCase(protocol)) { 204 pinfo = NonProxyInfo.socksNonProxyInfo; 205 } 206 207 /** 208 * Let's check the System properties for that protocol 209 */ 210 final String proto = protocol; 211 final NonProxyInfo nprop = pinfo; 212 final String urlhost = host.toLowerCase(); 213 214 /** 215 * This is one big doPrivileged call, but we're trying to optimize 216 * the code as much as possible. Since we're checking quite a few 217 * System properties it does help having only 1 call to doPrivileged. 218 * Be mindful what you do in here though! 219 */ 220 Proxy[] proxyArray = AccessController.doPrivileged( 221 new PrivilegedAction<Proxy[]>() { 222 public Proxy[] run() { 223 int i, j; 224 String phost = null; 225 int pport = 0; 226 String nphosts = null; 227 InetSocketAddress saddr = null; 228 229 // Then let's walk the list of protocols in our array 230 for (i=0; i<props.length; i++) { 231 if (props[i][0].equalsIgnoreCase(proto)) { 232 for (j = 1; j < props[i].length; j++) { 233 /* System.getProp() will give us an empty 234 * String, "" for a defined but "empty" 235 * property. 236 */ 237 phost = NetProperties.get(props[i][j]+"Host"); 238 if (phost != null && phost.length() != 0) 239 break; 240 } 241 if (phost == null || phost.isEmpty()) { 242 /** 243 * No system property defined for that 244 * protocol. Let's check System Proxy 245 * settings (Gnome, MacOsX & Windows) if 246 * we were instructed to. 247 */ 248 if (hasSystemProxies) { 249 String sproto; 250 if (proto.equalsIgnoreCase("socket")) 251 sproto = "socks"; 252 else 253 sproto = proto; 254 return getSystemProxies(sproto, urlhost); 255 } 256 return null; 257 } 258 // If a Proxy Host is defined for that protocol 259 // Let's get the NonProxyHosts property 260 if (nprop != null) { 261 nphosts = NetProperties.get(nprop.property); 262 synchronized (nprop) { 263 if (nphosts == null) { 264 if (nprop.defaultVal != null) { 265 nphosts = nprop.defaultVal; 266 } else { 267 nprop.hostsSource = null; 268 nprop.pattern = null; 269 } 270 } else if (!nphosts.isEmpty()) { 271 // add the required default patterns 272 // but only if property no set. If it 273 // is empty, leave empty. 274 nphosts += "|" + NonProxyInfo 275 .defStringVal; 276 } 277 if (nphosts != null) { 278 if (!nphosts.equals(nprop.hostsSource)) { 279 nprop.pattern = toPattern(nphosts); 280 nprop.hostsSource = nphosts; 281 } 282 } 283 if (shouldNotUseProxyFor(nprop.pattern, urlhost)) { 284 return null; 285 } 286 } 287 } 288 // We got a host, let's check for port 289 290 pport = NetProperties.getInteger(props[i][j]+"Port", 0).intValue(); 291 if (pport == 0 && j < (props[i].length - 1)) { 292 // Can't find a port with same prefix as Host 293 // AND it's not a SOCKS proxy 294 // Let's try the other prefixes for that proto 295 for (int k = 1; k < (props[i].length - 1); k++) { 296 if ((k != j) && (pport == 0)) 297 pport = NetProperties.getInteger(props[i][k]+"Port", 0).intValue(); 298 } 299 } 300 301 // Still couldn't find a port, let's use default 302 if (pport == 0) { 303 if (j == (props[i].length - 1)) // SOCKS 304 pport = defaultPort("socket"); 305 else 306 pport = defaultPort(proto); 307 } 308 // We did find a proxy definition. 309 // Let's create the address, but don't resolve it 310 // as this will be done at connection time 311 saddr = InetSocketAddress.createUnresolved(phost, pport); 312 // Socks is *always* the last on the list. 313 if (j == (props[i].length - 1)) { 314 return new Proxy[] {SocksProxy.create(saddr, socksProxyVersion())}; 315 } 316 return new Proxy[] {new Proxy(Proxy.Type.HTTP, saddr)}; 317 } 318 } 319 return null; 320 }}); 321 322 323 if (proxyArray != null) { 324 // Remove duplicate entries, while preserving order. 325 return Stream.of(proxyArray).distinct().collect( 326 collectingAndThen(toList(), Collections::unmodifiableList)); 327 } 328 329 // If no specific proxy was found, return a standard list containing 330 // only one NO_PROXY entry. 331 return NO_PROXY_LIST; 332 } 333 334 public void connectFailed(URI uri, SocketAddress sa, IOException ioe) { 335 if (uri == null || sa == null || ioe == null) { 336 throw new IllegalArgumentException("Arguments can't be null."); 337 } 338 // ignored 339 } 340 341 342 private int defaultPort(String protocol) { 343 if ("http".equalsIgnoreCase(protocol)) { 344 return 80; 345 } else if ("https".equalsIgnoreCase(protocol)) { 346 return 443; 347 } else if ("ftp".equalsIgnoreCase(protocol)) { 348 return 80; 349 } else if ("socket".equalsIgnoreCase(protocol)) { 350 return 1080; 351 } else { 352 return -1; 353 } 354 } 355 356 private static native boolean init(); 357 private synchronized native Proxy[] getSystemProxies(String protocol, String host); 358 359 /** 360 * @return {@code true} if given this pattern for non-proxy hosts and this 361 * urlhost the proxy should NOT be used to access this urlhost 362 */ 363 static boolean shouldNotUseProxyFor(Pattern pattern, String urlhost) { 364 if (pattern == null || urlhost.isEmpty()) 365 return false; 366 boolean matches = pattern.matcher(urlhost).matches(); 367 return matches; 368 } 369 370 /** 371 * @param mask non-null mask 372 * @return {@link java.util.regex.Pattern} corresponding to this mask 373 * or {@code null} in case mask should not match anything 374 */ 375 static Pattern toPattern(String mask) { 376 boolean disjunctionEmpty = true; 377 StringJoiner joiner = new StringJoiner("|"); 378 for (String disjunct : mask.split("\\|")) { 379 if (disjunct.isEmpty()) 380 continue; 381 disjunctionEmpty = false; 382 String regex = disjunctToRegex(disjunct.toLowerCase()); 383 joiner.add(regex); 384 } 385 return disjunctionEmpty ? null : Pattern.compile(joiner.toString()); 386 } 387 388 /** 389 * @param disjunct non-null mask disjunct 390 * @return java regex string corresponding to this mask 391 */ 392 static String disjunctToRegex(String disjunct) { 393 String regex; 394 if (disjunct.startsWith("*") && disjunct.endsWith("*")) { 395 regex = ".*" + quote(disjunct.substring(1, disjunct.length() - 1)) + ".*"; 396 } else if (disjunct.startsWith("*")) { 397 regex = ".*" + quote(disjunct.substring(1)); 398 } else if (disjunct.endsWith("*")) { 399 regex = quote(disjunct.substring(0, disjunct.length() - 1)) + ".*"; 400 } else { 401 regex = quote(disjunct); 402 } 403 return regex; 404 } 405 } --- EOF ---