rev 55686 : 8227587: Add internal privileged System.loadLibrary Reviewed-by: rriggs, mchung
1 /* 2 * Copyright (c) 2003, 2019, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 * questions. 24 */ 25 26 package sun.net.spi; 27 28 import java.net.InetSocketAddress; 29 import java.net.Proxy; 30 import java.net.ProxySelector; 31 import java.net.SocketAddress; 32 import java.net.URI; 33 import java.util.Collections; 34 import java.util.List; 35 import java.io.IOException; 36 import java.security.AccessController; 37 import java.security.PrivilegedAction; 38 import java.util.StringJoiner; 39 import java.util.regex.Pattern; 40 import java.util.stream.Stream; 41 import sun.net.NetProperties; 42 import sun.net.SocksProxy; 43 import static java.util.regex.Pattern.quote; 44 import static java.util.stream.Collectors.collectingAndThen; 45 import static java.util.stream.Collectors.toList; 46 47 /** 48 * Supports proxy settings using system properties This proxy selector 49 * provides backward compatibility with the old http protocol handler 50 * as far as how proxy is set 51 * 52 * Most of the implementation copied from the old http protocol handler 53 * 54 * Supports http/https/ftp.proxyHost, http/https/ftp.proxyPort, 55 * proxyHost, proxyPort, and http/https/ftp.nonProxyHost, and socks. 56 */ 57 public class DefaultProxySelector extends ProxySelector { 58 59 /** 60 * This is where we define all the valid System Properties we have to 61 * support for each given protocol. 62 * The format of this 2 dimensional array is : 63 * - 1 row per protocol (http, ftp, ...) 64 * - 1st element of each row is the protocol name 65 * - subsequent elements are prefixes for Host & Port properties 66 * listed in order of priority. 67 * Example: 68 * {"ftp", "ftp.proxy", "ftpProxy", "proxy", "socksProxy"}, 69 * means for FTP we try in that oder: 70 * + ftp.proxyHost & ftp.proxyPort 71 * + ftpProxyHost & ftpProxyPort 72 * + proxyHost & proxyPort 73 * + socksProxyHost & socksProxyPort 74 * 75 * Note that the socksProxy should *always* be the last on the list 76 */ 77 static final String[][] props = { 78 /* 79 * protocol, Property prefix 1, Property prefix 2, ... 80 */ 81 {"http", "http.proxy", "proxy", "socksProxy"}, 82 {"https", "https.proxy", "proxy", "socksProxy"}, 83 {"ftp", "ftp.proxy", "ftpProxy", "proxy", "socksProxy"}, 84 {"socket", "socksProxy"} 85 }; 86 87 private static final String SOCKS_PROXY_VERSION = "socksProxyVersion"; 88 89 private static boolean hasSystemProxies = false; 90 91 private static final List<Proxy> NO_PROXY_LIST = List.of(Proxy.NO_PROXY); 92 93 static { 94 final String key = "java.net.useSystemProxies"; 95 Boolean b = AccessController.doPrivileged( 96 new PrivilegedAction<Boolean>() { 97 public Boolean run() { 98 return NetProperties.getBoolean(key); 99 }}); 100 if (b != null && b.booleanValue()) { 101 jdk.internal.loader.BootLoader.loadLibrary("net"); 102 hasSystemProxies = init(); 103 } 104 } 105 106 public static int socksProxyVersion() { 107 return AccessController.doPrivileged( 108 new PrivilegedAction<Integer>() { 109 @Override public Integer run() { 110 return NetProperties.getInteger(SOCKS_PROXY_VERSION, 5); 111 } 112 }); 113 } 114 115 /** 116 * How to deal with "non proxy hosts": 117 * since we do have to generate a pattern we don't want to do that if 118 * it's not necessary. Therefore we do cache the result, on a per-protocol 119 * basis, and change it only when the "source", i.e. the system property, 120 * did change. 121 */ 122 123 static class NonProxyInfo { 124 // Default value for nonProxyHosts, this provides backward compatibility 125 // by excluding localhost and its litteral notations. 126 static final String defStringVal = "localhost|127.*|[::1]|0.0.0.0|[::0]"; 127 128 String hostsSource; 129 Pattern pattern; 130 final String property; 131 final String defaultVal; 132 static NonProxyInfo ftpNonProxyInfo = new NonProxyInfo("ftp.nonProxyHosts", null, null, defStringVal); 133 static NonProxyInfo httpNonProxyInfo = new NonProxyInfo("http.nonProxyHosts", null, null, defStringVal); 134 static NonProxyInfo socksNonProxyInfo = new NonProxyInfo("socksNonProxyHosts", null, null, defStringVal); 135 136 NonProxyInfo(String p, String s, Pattern pattern, String d) { 137 property = p; 138 hostsSource = s; 139 this.pattern = pattern; 140 defaultVal = d; 141 } 142 } 143 144 145 /** 146 * select() method. Where all the hard work is done. 147 * Build a list of proxies depending on URI. 148 * Since we're only providing compatibility with the system properties 149 * from previous releases (see list above), that list will typically 150 * contain one single proxy, default being NO_PROXY. 151 * If we can get a system proxy it might contain more entries. 152 */ 153 public java.util.List<Proxy> select(URI uri) { 154 if (uri == null) { 155 throw new IllegalArgumentException("URI can't be null."); 156 } 157 String protocol = uri.getScheme(); 158 String host = uri.getHost(); 159 160 if (host == null) { 161 // This is a hack to ensure backward compatibility in two 162 // cases: 1. hostnames contain non-ascii characters, 163 // internationalized domain names. in which case, URI will 164 // return null, see BugID 4957669; 2. Some hostnames can 165 // contain '_' chars even though it's not supposed to be 166 // legal, in which case URI will return null for getHost, 167 // but not for getAuthority() See BugID 4913253 168 String auth = uri.getAuthority(); 169 if (auth != null) { 170 int i; 171 i = auth.indexOf('@'); 172 if (i >= 0) { 173 auth = auth.substring(i+1); 174 } 175 i = auth.lastIndexOf(':'); 176 if (i >= 0) { 177 auth = auth.substring(0,i); 178 } 179 host = auth; 180 } 181 } 182 183 if (protocol == null || host == null) { 184 throw new IllegalArgumentException("protocol = "+protocol+" host = "+host); 185 } 186 187 NonProxyInfo pinfo = null; 188 189 if ("http".equalsIgnoreCase(protocol)) { 190 pinfo = NonProxyInfo.httpNonProxyInfo; 191 } else if ("https".equalsIgnoreCase(protocol)) { 192 // HTTPS uses the same property as HTTP, for backward 193 // compatibility 194 pinfo = NonProxyInfo.httpNonProxyInfo; 195 } else if ("ftp".equalsIgnoreCase(protocol)) { 196 pinfo = NonProxyInfo.ftpNonProxyInfo; 197 } else if ("socket".equalsIgnoreCase(protocol)) { 198 pinfo = NonProxyInfo.socksNonProxyInfo; 199 } 200 201 /** 202 * Let's check the System properties for that protocol 203 */ 204 final String proto = protocol; 205 final NonProxyInfo nprop = pinfo; 206 final String urlhost = host.toLowerCase(); 207 208 /** 209 * This is one big doPrivileged call, but we're trying to optimize 210 * the code as much as possible. Since we're checking quite a few 211 * System properties it does help having only 1 call to doPrivileged. 212 * Be mindful what you do in here though! 213 */ 214 Proxy[] proxyArray = AccessController.doPrivileged( 215 new PrivilegedAction<Proxy[]>() { 216 public Proxy[] run() { 217 int i, j; 218 String phost = null; 219 int pport = 0; 220 String nphosts = null; 221 InetSocketAddress saddr = null; 222 223 // Then let's walk the list of protocols in our array 224 for (i=0; i<props.length; i++) { 225 if (props[i][0].equalsIgnoreCase(proto)) { 226 for (j = 1; j < props[i].length; j++) { 227 /* System.getProp() will give us an empty 228 * String, "" for a defined but "empty" 229 * property. 230 */ 231 phost = NetProperties.get(props[i][j]+"Host"); 232 if (phost != null && phost.length() != 0) 233 break; 234 } 235 if (phost == null || phost.isEmpty()) { 236 /** 237 * No system property defined for that 238 * protocol. Let's check System Proxy 239 * settings (Gnome, MacOsX & Windows) if 240 * we were instructed to. 241 */ 242 if (hasSystemProxies) { 243 String sproto; 244 if (proto.equalsIgnoreCase("socket")) 245 sproto = "socks"; 246 else 247 sproto = proto; 248 return getSystemProxies(sproto, urlhost); 249 } 250 return null; 251 } 252 // If a Proxy Host is defined for that protocol 253 // Let's get the NonProxyHosts property 254 if (nprop != null) { 255 nphosts = NetProperties.get(nprop.property); 256 synchronized (nprop) { 257 if (nphosts == null) { 258 if (nprop.defaultVal != null) { 259 nphosts = nprop.defaultVal; 260 } else { 261 nprop.hostsSource = null; 262 nprop.pattern = null; 263 } 264 } else if (!nphosts.isEmpty()) { 265 // add the required default patterns 266 // but only if property no set. If it 267 // is empty, leave empty. 268 nphosts += "|" + NonProxyInfo 269 .defStringVal; 270 } 271 if (nphosts != null) { 272 if (!nphosts.equals(nprop.hostsSource)) { 273 nprop.pattern = toPattern(nphosts); 274 nprop.hostsSource = nphosts; 275 } 276 } 277 if (shouldNotUseProxyFor(nprop.pattern, urlhost)) { 278 return null; 279 } 280 } 281 } 282 // We got a host, let's check for port 283 284 pport = NetProperties.getInteger(props[i][j]+"Port", 0).intValue(); 285 if (pport == 0 && j < (props[i].length - 1)) { 286 // Can't find a port with same prefix as Host 287 // AND it's not a SOCKS proxy 288 // Let's try the other prefixes for that proto 289 for (int k = 1; k < (props[i].length - 1); k++) { 290 if ((k != j) && (pport == 0)) 291 pport = NetProperties.getInteger(props[i][k]+"Port", 0).intValue(); 292 } 293 } 294 295 // Still couldn't find a port, let's use default 296 if (pport == 0) { 297 if (j == (props[i].length - 1)) // SOCKS 298 pport = defaultPort("socket"); 299 else 300 pport = defaultPort(proto); 301 } 302 // We did find a proxy definition. 303 // Let's create the address, but don't resolve it 304 // as this will be done at connection time 305 saddr = InetSocketAddress.createUnresolved(phost, pport); 306 // Socks is *always* the last on the list. 307 if (j == (props[i].length - 1)) { 308 return new Proxy[] {SocksProxy.create(saddr, socksProxyVersion())}; 309 } 310 return new Proxy[] {new Proxy(Proxy.Type.HTTP, saddr)}; 311 } 312 } 313 return null; 314 }}); 315 316 317 if (proxyArray != null) { 318 // Remove duplicate entries, while preserving order. 319 return Stream.of(proxyArray).distinct().collect( 320 collectingAndThen(toList(), Collections::unmodifiableList)); 321 } 322 323 // If no specific proxy was found, return a standard list containing 324 // only one NO_PROXY entry. 325 return NO_PROXY_LIST; 326 } 327 328 public void connectFailed(URI uri, SocketAddress sa, IOException ioe) { 329 if (uri == null || sa == null || ioe == null) { 330 throw new IllegalArgumentException("Arguments can't be null."); 331 } 332 // ignored 333 } 334 335 336 private int defaultPort(String protocol) { 337 if ("http".equalsIgnoreCase(protocol)) { 338 return 80; 339 } else if ("https".equalsIgnoreCase(protocol)) { 340 return 443; 341 } else if ("ftp".equalsIgnoreCase(protocol)) { 342 return 80; 343 } else if ("socket".equalsIgnoreCase(protocol)) { 344 return 1080; 345 } else { 346 return -1; 347 } 348 } 349 350 private static native boolean init(); 351 private synchronized native Proxy[] getSystemProxies(String protocol, String host); 352 353 /** 354 * @return {@code true} if given this pattern for non-proxy hosts and this 355 * urlhost the proxy should NOT be used to access this urlhost 356 */ 357 static boolean shouldNotUseProxyFor(Pattern pattern, String urlhost) { 358 if (pattern == null || urlhost.isEmpty()) 359 return false; 360 boolean matches = pattern.matcher(urlhost).matches(); 361 return matches; 362 } 363 364 /** 365 * @param mask non-null mask 366 * @return {@link java.util.regex.Pattern} corresponding to this mask 367 * or {@code null} in case mask should not match anything 368 */ 369 static Pattern toPattern(String mask) { 370 boolean disjunctionEmpty = true; 371 StringJoiner joiner = new StringJoiner("|"); 372 for (String disjunct : mask.split("\\|")) { 373 if (disjunct.isEmpty()) 374 continue; 375 disjunctionEmpty = false; 376 String regex = disjunctToRegex(disjunct.toLowerCase()); 377 joiner.add(regex); 378 } 379 return disjunctionEmpty ? null : Pattern.compile(joiner.toString()); 380 } 381 382 /** 383 * @param disjunct non-null mask disjunct 384 * @return java regex string corresponding to this mask 385 */ 386 static String disjunctToRegex(String disjunct) { 387 String regex; 388 if (disjunct.startsWith("*") && disjunct.endsWith("*")) { 389 regex = ".*" + quote(disjunct.substring(1, disjunct.length() - 1)) + ".*"; 390 } else if (disjunct.startsWith("*")) { 391 regex = ".*" + quote(disjunct.substring(1)); 392 } else if (disjunct.endsWith("*")) { 393 regex = quote(disjunct.substring(0, disjunct.length() - 1)) + ".*"; 394 } else { 395 regex = quote(disjunct); 396 } 397 return regex; 398 } 399 } --- EOF ---