Google Git
Sign in
android / platform / libcore / 71f2c75111e87091616f0f3b86bea6c4d345dad1 / . / test / jdk / java / net / httpclient / ForbiddenHeadTest.java
blob: 7f35a0abe703ecd60b0673e3e2da04c5b8e087ce [file] [log] [blame]
/*
* Copyright (c) 2020, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/*
* @test
* @summary checks that receiving 403 for a HEAD request after
* 401/407 doesn't cause any unexpected behavior.
* @modules java.base/sun.net.www.http
* java.net.http/jdk.internal.net.http.common
* java.net.http/jdk.internal.net.http.frame
* java.net.http/jdk.internal.net.http.hpack
* java.logging
* jdk.httpserver
* java.base/sun.net.www.http
* java.base/sun.net.www
* java.base/sun.net
* @library /lib/testlibrary http2/server
* @build HttpServerAdapters DigestEchoServer Http2TestServer ForbiddenHeadTest
* @build jdk.testlibrary.SimpleSSLContext
* @run testng/othervm
* -Djdk.http.auth.tunneling.disabledSchemes
* -Djdk.httpclient.HttpClient.log=headers,requests
* -Djdk.internal.httpclient.debug=true
* ForbiddenHeadTest
*/
import com.sun.net.httpserver.HttpServer;
import com.sun.net.httpserver.HttpsConfigurator;
import com.sun.net.httpserver.HttpsServer;
import jdk.testlibrary.SimpleSSLContext;
import org.testng.ITestContext;
import org.testng.annotations.AfterClass;
import org.testng.annotations.AfterTest;
import org.testng.annotations.BeforeMethod;
import org.testng.annotations.BeforeTest;
import org.testng.annotations.DataProvider;
import org.testng.annotations.Test;
import javax.net.ssl.SSLContext;
import java.io.IOException;
import java.io.InputStream;
import java.net.Authenticator;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.net.PasswordAuthentication;
import java.net.Proxy;
import java.net.ProxySelector;
import java.net.SocketAddress;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.net.http.HttpResponse.BodyHandlers;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.concurrent.ConcurrentHashMap;
import java.util.concurrent.ConcurrentMap;
import java.util.concurrent.ExecutionException;
import java.util.concurrent.Executor;
import java.util.concurrent.Executors;
import java.util.concurrent.atomic.AtomicLong;
import static java.lang.System.err;
import static java.lang.System.out;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.testng.Assert.assertEquals;
import static org.testng.Assert.assertNotNull;
public class ForbiddenHeadTest implements HttpServerAdapters {
SSLContext sslContext;
HttpTestServer httpTestServer; // HTTP/1.1
HttpTestServer httpsTestServer; // HTTPS/1.1
HttpTestServer http2TestServer; // HTTP/2 ( h2c )
HttpTestServer https2TestServer; // HTTP/2 ( h2 )
DigestEchoServer.TunnelingProxy proxy;
DigestEchoServer.TunnelingProxy authproxy;
String httpURI;
String httpsURI;
String http2URI;
String https2URI;
HttpClient authClient;
HttpClient noAuthClient;
final ReferenceTracker TRACKER = ReferenceTracker.INSTANCE;
static final long SLEEP_AFTER_TEST = 0; // milliseconds
static final int ITERATIONS = 3;
static final Executor executor = new TestExecutor(Executors.newCachedThreadPool());
static final ConcurrentMap<String, Throwable> FAILURES = new ConcurrentHashMap<>();
static volatile boolean tasksFailed;
static final AtomicLong serverCount = new AtomicLong();
static final AtomicLong clientCount = new AtomicLong();
static final long start = System.nanoTime();
public static String now() {
long now = System.nanoTime() - start;
long secs = now / 1000_000_000;
long mill = (now % 1000_000_000) / 1000_000;
long nan = now % 1000_000;
return String.format("[%d s, %d ms, %d ns] ", secs, mill, nan);
}
static class TestExecutor implements Executor {
final AtomicLong tasks = new AtomicLong();
Executor executor;
TestExecutor(Executor executor) {
this.executor = executor;
}
@Override
public void execute(Runnable command) {
long id = tasks.incrementAndGet();
executor.execute(() -> {
try {
command.run();
} catch (Throwable t) {
tasksFailed = true;
out.printf(now() + "Task %s failed: %s%n", id, t);
err.printf(now() + "Task %s failed: %s%n", id, t);
FAILURES.putIfAbsent("Task " + id, t);
throw t;
}
});
}
}
protected boolean stopAfterFirstFailure() {
return Boolean.getBoolean("jdk.internal.httpclient.debug");
}
@BeforeMethod
void beforeMethod(ITestContext context) {
if (stopAfterFirstFailure() && context.getFailedTests().size() > 0) {
throw new RuntimeException("some tests failed");
}
}
@AfterClass
static final void printFailedTests() {
out.println("\n=========================");
try {
out.printf("%n%sCreated %d servers and %d clients%n",
now(), serverCount.get(), clientCount.get());
if (FAILURES.isEmpty()) return;
out.println("Failed tests: ");
FAILURES.entrySet().forEach((e) -> {
out.printf("\t%s: %s%n", e.getKey(), e.getValue());
e.getValue().printStackTrace(out);
e.getValue().printStackTrace();
});
if (tasksFailed) {
out.println("WARNING: Some tasks failed");
}
} finally {
out.println("\n=========================\n");
}
}
static final int UNAUTHORIZED = 401;
static final int PROXY_UNAUTHORIZED = 407;
static final int FORBIDDEN = 403;
static final int HTTP_OK = 200;
static final String MESSAGE = "Unauthorized";
@DataProvider(name = "all")
public Object[][] allcases() {
List<Object[]> result = new ArrayList<>();
for (var client : List.of(authClient, noAuthClient)) {
for (boolean async : List.of(true, false)) {
for (int code : List.of(UNAUTHORIZED, PROXY_UNAUTHORIZED)) {
var srv = code == PROXY_UNAUTHORIZED ? "/proxy" : "/server";
for (var auth : List.of("/auth", "/noauth")) {
var pcode = code;
if (auth.equals("/noauth")) {
if (client == authClient) continue;
pcode = FORBIDDEN;
}
for (var uri : List.of(httpURI, httpsURI, http2URI, https2URI)) {
result.add(new Object[]{uri + srv + auth, pcode, async, client});
}
}
}
}
}
return result.toArray(new Object[0][0]);
}
static final AtomicLong requestCounter = new AtomicLong();
static final Authenticator authenticator = new Authenticator() {
@Override
protected PasswordAuthentication getPasswordAuthentication() {
return new PasswordAuthentication("arthur",new char[] {'d', 'e', 'n', 't'});
}
};
static final AtomicLong sleepCount = new AtomicLong();
@Test(dataProvider = "all")
void test(String uriString, int code, boolean async, HttpClient client) throws Throwable {
var name = String.format("test(%s, %d, %s, %s)", uriString, code, async ? "async" : "sync",
client.authenticator().isPresent() ? "authClient" : "noAuthClient");
out.printf("%n---- starting %s ----%n", name);
assert client.authenticator().isPresent() ? client == authClient : client == noAuthClient;
uriString = uriString + "/ForbiddenTest";
for (int i=0; i<ITERATIONS; i++) {
if (ITERATIONS > 1) out.printf("---- ITERATION %d%n",i);
try {
doTest(uriString, code, async, client);
long count = sleepCount.incrementAndGet();
System.err.println(now() + " Sleeping: " + count);
Thread.sleep(SLEEP_AFTER_TEST);
System.err.println(now() + " Waking up: " + count);
} catch (Throwable x) {
FAILURES.putIfAbsent(name, x);
throw x;
}
}
}
static String authHeaderName(int code) {
switch (code) {
case UNAUTHORIZED: return "WWW-Authenticate";
case PROXY_UNAUTHORIZED: return "Proxy-Authenticate";
default: return null;
}
}
private void doTest(String uriString, int code, boolean async, HttpClient client) throws Throwable {
URI uri = URI.create(uriString);
HttpRequest.Builder requestBuilder = HttpRequest
.newBuilder(uri)
.method("HEAD", HttpRequest.BodyPublishers.noBody());
HttpRequest request = requestBuilder.build();
out.println("Initial request: " + request.uri());
String header = authHeaderName(code);
// the request is expected to return 403 Forbidden if the client is authenticated,
// or the server doesn't require authentication, 401 or 407 otherwise.
boolean forbidden = client.authenticator().isPresent() || code == FORBIDDEN;
HttpResponse<String> response = null;
if (async) {
response = client.send(request, BodyHandlers.ofString());
} else {
try {
response = client.sendAsync(request, BodyHandlers.ofString()).get();
} catch (ExecutionException ex) {
throw ex.getCause();
}
}
String prefix = uriString.contains("/proxy/") ? "Proxy-" : "WWW-";
String expectedValue;
if (forbidden) {
// The message body is generated by the server, after authentication was
// successful.
expectedValue = prefix + "FORBIDDEN";
} else if (uriString.contains("/proxy/") && uri.getScheme().equalsIgnoreCase("https")) {
// In that case the tunnelling proxy itself is expected to return 407,
// and the message will have no body (since the CONNECT request fails).
assert code == PROXY_UNAUTHORIZED;
expectedValue = null;
} else {
// the message body is generated by our fake server pretending to be
// a proxy.
expectedValue = prefix + MESSAGE;
}
out.println(" Got response: " + response);
assertEquals(response.statusCode(), forbidden? FORBIDDEN : code);
assertEquals(response.body(), expectedValue == null ? null : "");
assertEquals(response.headers().firstValue("X-value"), Optional.ofNullable(expectedValue));
// when the CONNECT request fails, its body is discarded - but
// the response header may still contain its content length.
// don't check content length in that case.
if (expectedValue != null) {
String clen = String.valueOf(expectedValue.getBytes(UTF_8).length);
assertEquals(response.headers().firstValue("Content-Length"), Optional.of(clen));
}
}
// -- Infrastructure
@BeforeTest
public void setup() throws Exception {
sslContext = new SimpleSSLContext().get();
if (sslContext == null)
throw new AssertionError("Unexpected null sslContext");
InetSocketAddress sa = new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);
httpTestServer = HttpTestServer.of(HttpServer.create(sa, 0));
httpTestServer.addHandler(new UnauthorizedHandler(), "/http1/");
httpTestServer.addHandler(new UnauthorizedHandler(), "/http2/proxy/");
httpURI = "http://" + httpTestServer.serverAuthority() + "/http1";
HttpsServer httpsServer = HttpsServer.create(sa, 0);
httpsServer.setHttpsConfigurator(new HttpsConfigurator(sslContext));
httpsTestServer = HttpTestServer.of(httpsServer);
httpsTestServer.addHandler(new UnauthorizedHandler(),"/https1/");
httpsURI = "https://" + httpsTestServer.serverAuthority() + "/https1";
http2TestServer = HttpTestServer.of(new Http2TestServer("localhost", false, 0));
http2TestServer.addHandler(new UnauthorizedHandler(), "/http2/");
http2URI = "http://" + http2TestServer.serverAuthority() + "/http2";
https2TestServer = HttpTestServer.of(new Http2TestServer("localhost", true, sslContext));
https2TestServer.addHandler(new UnauthorizedHandler(), "/https2/");
https2URI = "https://" + https2TestServer.serverAuthority() + "/https2";
proxy = DigestEchoServer.createHttpsProxyTunnel(DigestEchoServer.HttpAuthSchemeType.NONE);
authproxy = DigestEchoServer.createHttpsProxyTunnel(DigestEchoServer.HttpAuthSchemeType.BASIC);
authClient = TRACKER.track(HttpClient.newBuilder()
.proxy(TestProxySelector.of(proxy, authproxy, httpTestServer))
.sslContext(sslContext)
.executor(executor)
.authenticator(authenticator)
.build());
clientCount.incrementAndGet();
noAuthClient = TRACKER.track(HttpClient.newBuilder()
.proxy(TestProxySelector.of(proxy, authproxy, httpTestServer))
.sslContext(sslContext)
.executor(executor)
.build());
clientCount.incrementAndGet();
httpTestServer.start();
serverCount.incrementAndGet();
httpsTestServer.start();
serverCount.incrementAndGet();
http2TestServer.start();
serverCount.incrementAndGet();
https2TestServer.start();
serverCount.incrementAndGet();
}
@AfterTest
public void teardown() throws Exception {
authClient = noAuthClient = null;
Thread.sleep(100);
AssertionError fail = TRACKER.check(500);
proxy.stop();
authproxy.stop();
httpTestServer.stop();
httpsTestServer.stop();
http2TestServer.stop();
https2TestServer.stop();
}
static class TestProxySelector extends ProxySelector {
final DigestEchoServer.TunnelingProxy proxy;
final DigestEchoServer.TunnelingProxy authproxy;
final HttpTestServer plain;
private TestProxySelector(DigestEchoServer.TunnelingProxy proxy,
DigestEchoServer.TunnelingProxy authproxy,
HttpTestServer plain) {
this.proxy = proxy;
this.authproxy = authproxy;
this.plain = plain;
}
@Override
public List<Proxy> select(URI uri) {
String path = uri.getPath();
out.println("Selecting proxy for: " + uri);
if (path.contains("/proxy/")) {
if (path.contains("/http1/")) {
// Simple proxying - in our test the server pretends
// to be the proxy.
System.out.print("PROXY is server for " + uri);
return List.of(new Proxy(Proxy.Type.HTTP,
new InetSocketAddress(uri.getHost(), uri.getPort())));
} else if (path.contains("/http2/")) {
// HTTP/2 is downgraded to HTTP/1.1 if there is a proxy
System.out.print("PROXY is plain server for " + uri);
return List.of(new Proxy(Proxy.Type.HTTP, plain.getAddress()));
} else {
// Both HTTPS or HTTPS/2 require tunnelling
var p = path.contains("/auth/") ? authproxy : proxy;
if (p == authproxy) {
out.println("PROXY is authenticating tunneling proxy for " + uri);
} else {
out.println("PROXY is plain tunneling proxy for " + uri);
}
return List.of(new Proxy(Proxy.Type.HTTP, p.getProxyAddress()));
}
}
System.out.print("NO_PROXY for " + uri);
return List.of(Proxy.NO_PROXY);
}
@Override
public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {
System.err.printf("Connect failed for: uri=\"%s\", sa=\"%s\", ioe=%s%n", uri, sa, ioe);
}
public static TestProxySelector of(DigestEchoServer.TunnelingProxy proxy,
DigestEchoServer.TunnelingProxy authproxy,
HttpTestServer plain) {
return new TestProxySelector(proxy, authproxy, plain);
}
}
static class UnauthorizedHandler implements HttpTestHandler {
@Override
public void handle(HttpTestExchange t) throws IOException {
readAllRequestData(t); // shouldn't be any
String method = t.getRequestMethod();
String path = t.getRequestURI().getPath();
HttpTestRequestHeaders reqh = t.getRequestHeaders();
HttpTestResponseHeaders rsph = t.getResponseHeaders();
String xValue;
boolean noAuthRequired = path.contains("/noauth/");
boolean authenticated = path.contains("/server/") && reqh.containsKey("Authorization")
|| path.contains("/proxy/") && reqh.containsKey("Proxy-Authorization")
|| path.contains("/proxy/") && (path.contains("/https1/") || path.contains("/https2/"));
String srv = path.contains("/proxy/") ? "proxy" : "server";
String prefix = path.contains("/proxy/") ? "Proxy-" : "WWW-";
int authcode = path.contains("/proxy/") ? PROXY_UNAUTHORIZED : UNAUTHORIZED;
int code = (authenticated || noAuthRequired) ? FORBIDDEN : authcode;
if (authenticated || noAuthRequired) {
xValue = prefix + "FORBIDDEN";
} else {
xValue = prefix + MESSAGE;
rsph.addHeader(prefix + "Authenticate", "Basic realm=\"earth\", charset=\"UTF-8\"");
}
t.getResponseHeaders().addHeader("X-value", xValue);
t.getResponseHeaders().addHeader("Content-Length", String.valueOf(xValue.getBytes(UTF_8).length));
t.sendResponseHeaders(code, 0);
}
}
static void readAllRequestData(HttpTestExchange t) throws IOException {
try (InputStream is = t.getRequestBody()) {
is.readAllBytes();
}
}
}