X-Git-Url: http://git.megacz.com/?a=blobdiff_plain;f=src%2Forg%2Fxwt%2FHTTP.java;h=9190f8f14945d2ef80fa72a1632e32d714cc45f7;hb=7e9239a7088d4cd772a31a76e1a53e1c681638bc;hp=075a6418a521a85d58b463d15313ceba0b188682;hpb=36c7cba0672b0b0ac61f484a918a34969100ca92;p=org.ibex.core.git diff --git a/src/org/xwt/HTTP.java b/src/org/xwt/HTTP.java index 075a641..9190f8f 100644 --- a/src/org/xwt/HTTP.java +++ b/src/org/xwt/HTTP.java @@ -1,462 +1,1291 @@ -// Copyright 2002 Adam Megacz, see the COPYING file for licensing [GPL] +// Copyright 2004 Adam Megacz, see the COPYING file for licensing [GPL] package org.xwt; import java.net.*; import java.io.*; import java.util.*; +import org.xwt.js.*; import org.xwt.util.*; -import org.mozilla.javascript.*; +import org.bouncycastle.util.encoders.Base64; +import org.bouncycastle.crypto.digests.*; /** - * A crude HTTP[S] connection implementation with support for proxies, since not all Java libraries - * (particularly GCJ's) support proxies. - * - * FEATURE: implement pipelining + * This object encapsulates a *single* HTTP connection. Multiple requests may be pipelined over a connection (thread-safe), + * although any IOException encountered in a request will invalidate all later requests. */ public class HTTP { - /** the URL to connect to */ - URL url = null; - /** the host to connect to */ - String host = null; + // Public Methods //////////////////////////////////////////////////////////////////////////////////////// - /** the port to connect on */ - int port = -1; + public HTTP(String url) { this(url, false); } + public HTTP(String url, boolean skipResolveCheck) { originalUrl = url; this.skipResolveCheck = skipResolveCheck; } - /** true if SSL (HTTPS) should be used */ - boolean ssl = false; + /** Performs an HTTP GET request */ + public InputStream GET() throws IOException { return makeRequest(null, null); } - /** the path (URI) to retrieve on the server */ - String path = null; + /** Performs an HTTP POST request; content is additional headers, blank line, and body */ + public InputStream POST(String contentType, String content) throws IOException { return makeRequest(contentType, content); } - /** the socket; created lazily */ - Socket sock = null; + public static class HTTPException extends IOException { public HTTPException(String s) { super(s); } } - /** the socket's inputstream */ - InputStream in = null; - /** the socket's outputstream */ - OutputStream out = null; + // Statics /////////////////////////////////////////////////////////////////////////////////////////////// - /** the content-type of the data being received */ - String contentType = null; + static Hash resolvedHosts = new Hash(); ///< cache for resolveAndCheckIfFirewalled() + private static Hash authCache = new Hash(); ///< cache of userInfo strings, keyed on originalUrl - /** the content-length of the data being recieved */ - int contentLength = 0; - /** true iff a proxy should be used */ - boolean proxy = false; + // Instance Data /////////////////////////////////////////////////////////////////////////////////////////////// - /** additional headers to be transmitted */ - String headers = ""; + final String originalUrl; ///< the URL as passed to the original constructor; this is never changed + URL url = null; ///< the URL to connect to; this is munged when the url is parsed */ + String host = null; ///< the host to connect to + int port = -1; ///< the port to connect on + boolean ssl = false; ///< true if SSL (HTTPS) should be used + String path = null; ///< the path (URI) to retrieve on the server + Socket sock = null; ///< the socket + InputStream in = null; ///< the socket's inputstream + String userInfo = null; ///< the username and password portions of the URL + boolean firstRequest = true; ///< true iff this is the first request to be made on this socket + boolean skipResolveCheck = false; ///< allowed to skip the resolve check when downloading PAC script + boolean proxied = false; ///< true iff we're using a proxy - public HTTP(String url) throws MalformedURLException, IOException { - if (url.startsWith("https:")) { - url = "http" + url.substring(5); - ssl = true; + /** this is null if the current request is the first request on + * this HTTP connection; otherwise it is a Semaphore which will be + * released once the request ahead of us has recieved its response + */ + Semaphore okToRecieve = null; + + /** + * This method isn't synchronized; however, only one thread can be in the inner synchronized block at a time, and the rest of + * the method is protected by in-order one-at-a-time semaphore lock-steps + */ + private InputStream makeRequest(String contentType, String content) throws IOException { + + // Step 1: send the request and establish a semaphore to stop any requests that pipeline after us + Semaphore blockOn = null; + Semaphore releaseMe = null; + synchronized(this) { + try { + connect(); + sendRequest(contentType, content); + } catch (IOException e) { + reset(); + throw e; + } + blockOn = okToRecieve; + releaseMe = okToRecieve = new Semaphore(); } - if (!url.startsWith("http:")) throw new IOException("HTTP only supports http/https urls"); - this.url = new URL(url); - host = this.url.getHost(); - port = this.url.getPort(); - path = this.url.getFile(); - if (port == -1) port = ssl ? 443 : 80; + + // Step 2: wait for requests ahead of us to complete, then read the reply off the stream + boolean doRelease = true; try { - InetAddress addr = InetAddress.getByName(host); - byte[] quadbyte = addr.getAddress(); - if (quadbyte[0] == 10 || (quadbyte[0] == 192 && quadbyte[1] == 168) || - (quadbyte[0] == 172 && (quadbyte[1] & 0xF0) == 16) && !addr.equals(Main.originAddr)) - throw new IOException("security violation: " + host + " [" + addr.getHostAddress() + "] is in a firewalled netblock"); - } catch (UnknownHostException uhe) { - if (Platform.detectProxy() == null) throw new IOException("could not resolve hostname \"" + host + "\" and no proxy configured"); - else if (Log.on) Log.log("could not resolve host " + host + "; assuming that the proxy can resolve it for us"); + if (blockOn != null) blockOn.block(); + + // previous call wrecked the socket connection, but we already sent our request, so we can't just retry -- + // this could cause the server to receive the request twice, which could be bad (think of the case where the + // server call causes Amazon.com to ship you an item with one-click purchasing). + if (sock == null) + throw new HTTPException("a previous pipelined call messed up the socket"); + + Hashtable h = in == null ? null : parseHeaders(in); + if (h == null) { + if (firstRequest) throw new HTTPException("server closed the socket with no response"); + // sometimes the server chooses to close the stream between requests + reset(); + releaseMe.release(); + return makeRequest(contentType, content); + } + + String reply = h.get("STATUSLINE").toString(); + + if (reply.startsWith("407") || reply.startsWith("401")) { + + if (reply.startsWith("407")) doProxyAuth(h, content == null ? "GET" : "POST"); + else doWebAuth(h, content == null ? "GET" : "POST"); + + if (h.get("HTTP").equals("1.0") && h.get("content-length") == null) { + if (Log.on) Log.info(this, "proxy returned an HTTP/1.0 reply with no content-length..."); + reset(); + } else { + int cl = h.get("content-length") == null ? -1 : Integer.parseInt(h.get("content-length").toString()); + new HTTPInputStream(in, cl, releaseMe).close(); + } + releaseMe.release(); + return makeRequest(contentType, content); + + } else if (reply.startsWith("2")) { + if (h.get("HTTP").equals("1.0") && h.get("content-length") == null) + throw new HTTPException("XWT does not support HTTP/1.0 servers which fail to return the Content-Length header"); + int cl = h.get("content-length") == null ? -1 : Integer.parseInt(h.get("content-length").toString()); + InputStream ret = new HTTPInputStream(in, cl, releaseMe); + if ("gzip".equals(h.get("content-encoding"))) ret = new java.util.zip.GZIPInputStream(ret); + doRelease = false; + return ret; + + } else { + throw new HTTPException("HTTP Error: " + reply); + + } + + } catch (IOException e) { reset(); throw e; + } finally { if (doRelease) releaseMe.release(); } } - public String getContentType() throws IOException { - getInputStream(); - return contentType; + + // Safeguarded DNS Resolver /////////////////////////////////////////////////////////////////////////// + + /** + * resolves the hostname and returns it as a string in the form "x.y.z.w" + * @throws HTTPException if the host falls within a firewalled netblock + */ + private void resolveAndCheckIfFirewalled(String host) throws HTTPException { + + // cached + if (resolvedHosts.get(host) != null) return; + + // if all scripts are trustworthy (local FS), continue + if (Main.originAddr == null) return; + + // resolve using DNS + try { + InetAddress addr = InetAddress.getByName(host); + byte[] quadbyte = addr.getAddress(); + if ((quadbyte[0] == 10 || + (quadbyte[0] == 192 && quadbyte[1] == 168) || + (quadbyte[0] == 172 && (quadbyte[1] & 0xF0) == 16)) && !addr.equals(Main.originAddr)) + throw new HTTPException("security violation: " + host + " [" + addr.getHostAddress() + + "] is in a firewalled netblock"); + return; + } catch (UnknownHostException uhe) { } + + if (Platform.detectProxy() == null) + throw new HTTPException("could not resolve hostname \"" + host + "\" and no proxy configured"); } - public int getContentLength() throws IOException { - getInputStream(); - return contentLength; + + // Methods to attempt socket creation ///////////////////////////////////////////////////////////////// + + private Socket getSocket(String host, int port, boolean ssl, boolean negotiate) throws IOException { + Socket ret = ssl ? new SSL(host, port, negotiate) : new Socket(java.net.InetAddress.getByName(host), port); + ret.setTcpNoDelay(true); + return ret; } - public void addHeader(String header, String value) throws IOException { - if (in != null) throw new IOException("attempt to add header after connection has been made"); - headers += header + ": " + value + "\r\n"; + /** Attempts a direct connection */ + private Socket attemptDirect() { + try { + if (Log.verbose) Log.info(this, "attempting to create unproxied socket to " + + host + ":" + port + (ssl ? " [ssl]" : "")); + return getSocket(host, port, ssl, true); + } catch (IOException e) { + if (Log.on) Log.info(this, "exception in attemptDirect(): " + e); + return null; + } } - private void getSock() throws IOException { - ProxyInfo pi = Platform.detectProxy(); + /** Attempts to use an HTTP proxy, employing the CONNECT method if HTTPS is requested */ + private Socket attemptHttpProxy(String proxyHost, int proxyPort) { + try { + if (Log.verbose) Log.info(this, "attempting to create HTTP proxied socket using proxy " + proxyHost + ":" + proxyPort); + Socket sock = getSocket(proxyHost, proxyPort, ssl, false); - // unproxied - if (pi == null || (pi.proxyAutoConfigFunction == null && pi.socksProxyHost == null && pi.httpProxyHost == null)) { - if (Log.on) Log.log(this, "creating unproxied socket to " + host + ":" + port + (ssl ? " [ssl]" : "")); - sock = Platform.getSocket(host, port, ssl); - return; + if (!ssl) { + if (!path.startsWith("http://")) path = "http://" + host + ":" + port + path; + return sock; + } + + PrintWriter pw = new PrintWriter(new OutputStreamWriter(sock.getOutputStream())); + BufferedReader br = new BufferedReader(new InputStreamReader(sock.getInputStream())); + pw.print("CONNECT " + host + ":" + port + " HTTP/1.1\r\n\r\n"); + pw.flush(); + String s = br.readLine(); + if (s.charAt(9) != '2') throw new HTTPException("proxy refused CONNECT method: \"" + s + "\""); + while (br.readLine().length() > 0) { }; + ((SSL)sock).negotiate(); + return sock; + + } catch (IOException e) { + if (Log.on) Log.info(this, "exception in attemptHttpProxy(): " + e); + return null; } + } - // no PAC; simple config - if (pi.proxyAutoConfigFunction == null) { - String proxyHost = ssl && pi.httpsProxyHost != null ? pi.httpsProxyHost : pi.httpProxyHost; - int proxyPort = ssl && pi.httpsProxyHost != null ? pi.httpsProxyPort : pi.httpProxyPort; - if (Log.on) Log.log(this, "no proxyAutoConfigFunction; using proxy " + proxyHost + ":" + proxyPort); - sock = Platform.getSocket(proxyHost, proxyPort, ssl); - proxy = true; - return; + /** + * Implements SOCKSv4 with v4a DNS extension + * @see http://www.socks.nec.com/protocol/socks4.protocol + * @see http://www.socks.nec.com/protocol/socks4a.protocol + */ + private Socket attemptSocksProxy(String proxyHost, int proxyPort) { + + // even if host is already a "x.y.z.w" string, we use this to parse it into bytes + InetAddress addr = null; + try { addr = InetAddress.getByName(host); } catch (Exception e) { } + + if (Log.verbose) Log.info(this, "attempting to create SOCKSv4" + (addr == null ? "" : "a") + + " proxied socket using proxy " + proxyHost + ":" + proxyPort); + + try { + Socket sock = getSocket(proxyHost, proxyPort, ssl, false); + + DataOutputStream dos = new DataOutputStream(sock.getOutputStream()); + dos.writeByte(0x04); // SOCKSv4(a) + dos.writeByte(0x01); // CONNECT + dos.writeShort(port & 0xffff); // port + if (addr == null) dos.writeInt(0x00000001); // bogus IP + else dos.write(addr.getAddress()); // actual IP + dos.writeByte(0x00); // no userid + if (addr == null) { + PrintWriter pw = new PrintWriter(new OutputStreamWriter(dos)); + pw.print(host); + pw.flush(); + dos.writeByte(0x00); // hostname null terminator + } + dos.flush(); + + DataInputStream dis = new DataInputStream(sock.getInputStream()); + dis.readByte(); // reply version + byte success = dis.readByte(); // success/fail + dis.skip(6); // ip/port + + if ((int)(success & 0xff) == 90) { + if (ssl) ((SSL)sock).negotiate(); + return sock; + } + if (Log.on) Log.info(this, "SOCKS server denied access, code " + (success & 0xff)); + return null; + + } catch (IOException e) { + if (Log.on) Log.info(this, "exception in attemptSocksProxy(): " + e); + return null; } - - // PAC + } + + /** executes the PAC script and dispatches a call to one of the other attempt methods based on the result */ + private Socket attemptPAC(org.xwt.js.JS pacFunc) { + if (Log.verbose) Log.info(this, "evaluating PAC script"); String pac = null; try { - Context cx = Context.enter(); - Object obj = pi.proxyAutoConfigFunction.call(cx, ProxyInfo.base, null, new Object[] { url.toString(), host }); - if (Log.on) Log.log(this, "PAC script returned \"" + obj + "\""); + org.xwt.js.JSArray args = new org.xwt.js.JSArray(); + Object obj = pacFunc.call(url.toString(), url.getHost(), null, null, 2); + if (Log.verbose) Log.info(this, " PAC script returned \"" + obj + "\""); pac = obj.toString(); } catch (Throwable e) { - if (Log.on) Log.log(this, "PAC script threw an exception:"); - if (Log.on) Log.log(this, e); - throw new IOException("PAC script threw exception " + e); + if (Log.on) Log.info(this, "PAC script threw exception " + e); + return null; } StringTokenizer st = new StringTokenizer(pac, ";", false); while (st.hasMoreTokens()) { String token = st.nextToken().trim(); - if (Log.on) Log.log(this, " trying \"" + token + "\"..."); + if (Log.verbose) Log.info(this, " trying \"" + token + "\"..."); try { - if (token.startsWith("DIRECT")) { - proxy = false; - sock = Platform.getSocket(host, port, ssl); - return; - } else if (token.startsWith("PROXY")) { - proxy = true; - sock = Platform.getSocket(token.substring(token.indexOf(' ') + 1, token.indexOf(':')), - Integer.parseInt(token.substring(token.indexOf(':') + 1)), ssl); - return; - } else if (token.startsWith("SOCKS")) { - // FIXME - } + Socket ret = null; + if (token.startsWith("DIRECT")) + ret = attemptDirect(); + else if (token.startsWith("PROXY")) + ret = attemptHttpProxy(token.substring(token.indexOf(' ') + 1, token.indexOf(':')), + Integer.parseInt(token.substring(token.indexOf(':') + 1))); + else if (token.startsWith("SOCKS")) + ret = attemptSocksProxy(token.substring(token.indexOf(' ') + 1, token.indexOf(':')), + Integer.parseInt(token.substring(token.indexOf(':') + 1))); + if (ret != null) return ret; } catch (Throwable e) { - if (Log.on) Log.log(this, "attempt at \"" + proxy + "\" failed due to " + e + "; trying next one"); + if (Log.on) Log.info(this, "attempt at \"" + token + "\" failed due to " + e + "; trying next token"); } } - throw new IOException("all proxy options exhausted"); + if (Log.on) Log.info(this, "all PAC results exhausted"); + return null; + } + + + // Everything Else //////////////////////////////////////////////////////////////////////////// + + private synchronized void connect() throws IOException { + if (originalUrl.equals("stdio:")) { in = new BufferedInputStream(System.in); return; } + if (sock != null) { + if (in == null) in = new BufferedInputStream(sock.getInputStream()); + return; + } + // grab the userinfo; gcj doesn't have java.net.URL.getUserInfo() + String url = originalUrl; + userInfo = url.substring(url.indexOf("://") + 3); + userInfo = userInfo.indexOf('/') == -1 ? userInfo : userInfo.substring(0, userInfo.indexOf('/')); + if (userInfo.indexOf('@') != -1) { + userInfo = userInfo.substring(0, userInfo.indexOf('@')); + url = url.substring(0, url.indexOf("://") + 3) + url.substring(url.indexOf('@') + 1); + } else { + userInfo = null; + } + + if (url.startsWith("https:")) { + this.url = new URL("http" + url.substring(5)); + ssl = true; + } else if (!url.startsWith("http:")) { + throw new MalformedURLException("HTTP only supports http/https urls"); + } else { + this.url = new URL(url); + } + if (!skipResolveCheck) resolveAndCheckIfFirewalled(this.url.getHost()); + port = this.url.getPort(); + path = this.url.getFile(); + if (port == -1) port = ssl ? 443 : 80; + host = this.url.getHost(); + if (Log.verbose) Log.info(this, "creating HTTP object for connection to " + host + ":" + port); + + Proxy pi = Platform.detectProxy(); + OUTER: do { + if (pi != null) { + for(int i=0; i length) len = length; + int ret = b == null ? (int)super.skip(len) : super.read(b, off, len); + if (ret >= 0) { + length -= ret; + good = true; + } + return ret; + } finally { + if (!good) reset(); + } + } + + public void close() throws IOException { + if (contentLength == -1) { + while(!chunkedDone) { + if (length != 0) skip(length); + readChunk(); + } + skip(2); + } else { + if (length != 0) skip(length); + } + if (releaseMe != null) releaseMe.release(); + } + } + + void reset() { + firstRequest = true; + in = null; + sock = null; + } + + + // Misc Helpers /////////////////////////////////////////////////////////////////////////////////// + + /** reads a set of HTTP headers off of the input stream, returning null if the stream is already at its end */ + private Hashtable parseHeaders(InputStream in) throws IOException { + Hashtable ret = new Hashtable(); - // we can't use a BufferedReader directly on the input stream, - // since it will buffer beyond the end of the headers + // we can't use a BufferedReader directly on the input stream, since it will buffer past the end of the headers byte[] buf = new byte[4096]; int buflen = 0; while(true) { int read = in.read(); - if (read == -1) throw new IOException("stream closed while reading headers"); + if (read == -1 && buflen == 0) return null; + if (read == -1) throw new HTTPException("stream closed while reading headers"); buf[buflen++] = (byte)read; - if (buflen >= 4 && buf[buflen - 4] == '\r' && buf[buflen - 3] == '\n' && buf[buflen - 2] == '\r' && buf[buflen - 1] == '\n') break; + if (buflen >= 4 && buf[buflen - 4] == '\r' && buf[buflen - 3] == '\n' && + buf[buflen - 2] == '\r' && buf[buflen - 1] == '\n') + break; if (buflen == buf.length) { byte[] newbuf = new byte[buf.length * 2]; System.arraycopy(buf, 0, newbuf, 0, buflen); buf = newbuf; } } - - BufferedReader headerReader = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(buf, 0, buflen))); - String s = headerReader.readLine(); - if (!s.startsWith("HTTP/")) throw new IOException("Expected reply to start with \"HTTP/\""); - String reply = s.substring(s.indexOf(' ') + 1); - if (!reply.startsWith("2")) throw new IOException("HTTP Error: " + reply); - while((s = headerReader.readLine()) != null) { - if (s.length() > 15 && s.substring(0, 15).equalsIgnoreCase("content-length: ")) - contentLength = Integer.parseInt(s.substring(15)); - } - - return in; - } - - public static class ProxyInfo { - public ProxyInfo() { } + BufferedReader br = new BufferedReader(new InputStreamReader(new ByteArrayInputStream(buf, 0, buflen))); + String s = br.readLine(); + if (!s.startsWith("HTTP/")) throw new HTTPException("Expected reply to start with \"HTTP/\", got: " + s); + ret.put("STATUSLINE", s.substring(s.indexOf(' ') + 1)); + ret.put("HTTP", s.substring(5, s.indexOf(' '))); - /** the HTTP Proxy host to use */ - public String httpProxyHost = null; - - /** the HTTP Proxy port to use */ - public int httpProxyPort = -1; + while((s = br.readLine()) != null && s.length() > 0) { + String front = s.substring(0, s.indexOf(':')).toLowerCase(); + String back = s.substring(s.indexOf(':') + 1).trim(); + // ugly hack: we never replace a Digest-auth with a Basic-auth (proxy + www) + if (front.endsWith("-authenticate") && ret.get(front) != null && !back.equals("Digest")) continue; + ret.put(front, back); + } + return ret; + } - /** if a seperate proxy should be used for HTTPS, this is the hostname; otherwise, httpProxyHost is used */ - public String httpsProxyHost = null; + private Hashtable parseAuthenticationChallenge(String s) { + Hashtable ret = new Hashtable(); - /** if a seperate proxy should be used for HTTPS, this is the port */ - public int httpsProxyPort = -1; + s = s.trim(); + ret.put("AUTHTYPE", s.substring(0, s.indexOf(' '))); + s = s.substring(s.indexOf(' ')).trim(); - /** the SOCKS Proxy Host to use */ - public String socksProxyHost = null; + while (s.length() > 0) { + String val = null; + String key = s.substring(0, s.indexOf('=')); + s = s.substring(s.indexOf('=') + 1); + if (s.charAt(0) == '\"') { + s = s.substring(1); + val = s.substring(0, s.indexOf('\"')); + s = s.substring(s.indexOf('\"') + 1); + } else { + val = s.indexOf(',') == -1 ? s : s.substring(0, s.indexOf(',')); + s = s.indexOf(',') == -1 ? "" : s.substring(s.indexOf(',') + 1); + } + if (s.length() > 0 && s.charAt(0) == ',') s = s.substring(1); + s = s.trim(); + ret.put(key, val); + } + return ret; + } - /** the SOCKS Proxy Port to use */ - public int socksProxyPort = -1; + private String H(String s) throws IOException { + byte[] b = s.getBytes("US-ASCII"); + MD5Digest md5 = new MD5Digest(); + md5.update(b, 0, b.length); + byte[] out = new byte[md5.getDigestSize()]; + md5.doFinal(out, 0); + String ret = ""; + for(int i=0; i> 4); + ret += "0123456789abcdef".charAt(out[i] & 0x0f); + } + return ret; + } - /** hosts to be excluded from proxy use; wildcards permitted */ - public String[] excluded = null; - /** the PAC script */ - public Function proxyAutoConfigFunction = null; + // Proxy /////////////////////////////////////////////////////////// - public static ProxyInfo detectProxyViaManual() { - try { - try { InetAddress.getByName("xwt-proxy-httpHost"); - } catch (UnkownHostException unhe) { InetAddress.getByName("xwt-proxy-socksHost"); } - - if (Log.on) Log.log(Platform.class, "using xwt-proxy-* configuration"); - ProxyInfo ret = new ProxyInfo(); - try { - ret.httpProxyHost = InetAddress.getByName("xwt-proxy-httpHost").getHostAddress(); - byte[] quadbyte = InetAddress.getByName("xwt-proxy-httpPort").getAddress(); - ret.httpProxyPort = ((quadbyte[1] & 0xff) * 10000) + ((quadbyte[2] & 0xff) * 100) + (quadbyte[3] & 0xff); - } catch (UnknownHostException e) { } - try { - ret.httpsProxyHost = InetAddress.getByName("xwt-proxy-httpsHost").getHostAddress(); - byte[] quadbyte = InetAddress.getByName("xwt-proxy-httpsPort").getAddress(); - ret.httpsProxyPort = ((quadbyte[1] & 0xff) * 10000) + ((quadbyte[2] & 0xff) * 100) + (quadbyte[3] & 0xff); - } catch (UnknownHostException e) { } - try { - ret.socksProxyHost = InetAddress.getByName("xwt-proxy-socksHost").getHostAddress(); - byte[] quadbyte = InetAddress.getByName("xwt-proxy-socksPort").getAddress(); - ret.socksProxyPort = ((quadbyte[1] & 0xff) * 10000) + ((quadbyte[2] & 0xff) * 100) + (quadbyte[3] & 0xff); - } catch (UnknownHostException e) { } - return ret; - } catch (UnknownHostException e) { - if (Log.on) Log.log(Platform.class, "xwt-proxy-* detection failed due to:"); - return null; + /** encapsulates most of the proxy logic; some is shared in HTTP.java */ + public static class Proxy { + + public Proxy() { } + + public String httpProxyHost = null; ///< the HTTP Proxy host to use + public int httpProxyPort = -1; ///< the HTTP Proxy port to use + public String httpsProxyHost = null; ///< seperate proxy for HTTPS + public int httpsProxyPort = -1; + public String socksProxyHost = null; ///< the SOCKS Proxy Host to use + public int socksProxyPort = -1; ///< the SOCKS Proxy Port to use + public String[] excluded = null; ///< hosts to be excluded from proxy use; wildcards permitted + public JSFunction proxyAutoConfigJSFunction = null; ///< the PAC script + + public static Proxy detectProxyViaManual() { + Proxy ret = new Proxy(); + + ret.httpProxyHost = Platform.getEnv("http_proxy"); + if (ret.httpProxyHost != null) { + if (ret.httpProxyHost.startsWith("http://")) ret.httpProxyHost = ret.httpProxyHost.substring(7); + if (ret.httpProxyHost.endsWith("/")) + ret.httpProxyHost = ret.httpProxyHost.substring(0, ret.httpProxyHost.length() - 1); + if (ret.httpProxyHost.indexOf(':') != -1) { + ret.httpProxyPort = Integer.parseInt(ret.httpProxyHost.substring(ret.httpProxyHost.indexOf(':') + 1)); + ret.httpProxyHost = ret.httpProxyHost.substring(0, ret.httpProxyHost.indexOf(':')); + } else { + ret.httpProxyPort = 80; + } } - } - - // FIXME: search up from default domain - public static ProxyInfo detectProxyViaWPAD() { - try { - InetAddress wpad = InetAddress.getByName("wpad"); - if (Log.on) Log.log(Platform.class, "using Web Proxy Auto Detection to detect proxy settings"); - ProxyInfo ret = new ProxyInfo(); - ret.proxyAutoConfigFunction = getProxyAutoConfigFunction("http://wpad/wpad.dat"); - if (ret.proxyAutoConfigFunction != null) return ret; - } catch (UnknownHostException e) { - if (Log.on) Log.log(HTTP.class, "couldn't find WPAD server: " + e); + + ret.httpsProxyHost = Platform.getEnv("https_proxy"); + if (ret.httpsProxyHost != null) { + if (ret.httpsProxyHost.startsWith("https://")) ret.httpsProxyHost = ret.httpsProxyHost.substring(7); + if (ret.httpsProxyHost.endsWith("/")) + ret.httpsProxyHost = ret.httpsProxyHost.substring(0, ret.httpsProxyHost.length() - 1); + if (ret.httpsProxyHost.indexOf(':') != -1) { + ret.httpsProxyPort = Integer.parseInt(ret.httpsProxyHost.substring(ret.httpsProxyHost.indexOf(':') + 1)); + ret.httpsProxyHost = ret.httpsProxyHost.substring(0, ret.httpsProxyHost.indexOf(':')); + } else { + ret.httpsProxyPort = 80; + } } - return null; + + ret.socksProxyHost = Platform.getEnv("socks_proxy"); + if (ret.socksProxyHost != null) { + if (ret.socksProxyHost.startsWith("socks://")) ret.socksProxyHost = ret.socksProxyHost.substring(7); + if (ret.socksProxyHost.endsWith("/")) + ret.socksProxyHost = ret.socksProxyHost.substring(0, ret.socksProxyHost.length() - 1); + if (ret.socksProxyHost.indexOf(':') != -1) { + ret.socksProxyPort = Integer.parseInt(ret.socksProxyHost.substring(ret.socksProxyHost.indexOf(':') + 1)); + ret.socksProxyHost = ret.socksProxyHost.substring(0, ret.socksProxyHost.indexOf(':')); + } else { + ret.socksProxyPort = 80; + } + } + + String noproxy = Platform.getEnv("no_proxy"); + if (noproxy != null) { + StringTokenizer st = new StringTokenizer(noproxy, ","); + ret.excluded = new String[st.countTokens()]; + for(int i=0; st.hasMoreTokens(); i++) ret.excluded[i] = st.nextToken(); + } + + if (ret.httpProxyHost == null && ret.socksProxyHost == null) return null; + return ret; } - - public static Scriptable proxyAutoConfigRootScope = new ProxyAutoConfigRootScope(); - - public static Function getProxyAutoConfigFunction(String url) { + + public static JSScope proxyAutoConfigRootJSScope = new ProxyAutoConfigRootJSScope(); + public static JSFunction getProxyAutoConfigJSFunction(String url) { try { - Context cx = Context.enter(); - cx.setOptimizationLevel(-1); - BufferedReader br = new BufferedReader(new InputStreamReader(new HTTP(url).getInputStream())); + BufferedReader br = new BufferedReader(new InputStreamReader(new HTTP(url, true).GET())); String s = null; String script = ""; while((s = br.readLine()) != null) script += s + "\n"; - if (Log.on) Log.log(HTTP.ProxyInfo.class, "successfully retrieved WPAD PAC:"); - if (Log.on) Log.log(HTTP.ProxyInfo.class, script); - Script scr = cx.compileReader(proxyAutoConfigRootScope, new StringReader(script), "PAC script at " + url, 0, null); - scr.exec(cx, proxyAutoConfigRootScope); - return (Function)proxyAutoConfigRootScope.get("FindProxyForURL", null); + if (Log.on) Log.info(Proxy.class, "successfully retrieved WPAD PAC:"); + if (Log.on) Log.info(Proxy.class, script); + + // MS CARP hack + Vector carpHosts = new Vector(); + for(int i=0; i= d1 && day <= d2) || (d1 > d2 && (day >= d1 || day <= d2))) ? T : F; + + case "dateRange": throw new JSExn("XWT does not support dateRange() in PAC scripts"); + case "timeRange": throw new JSExn("XWT does not support timeRange() in PAC scripts"); + //#end + return super.callMethod(method, a0, a1, a2, rest, nargs); + } private static boolean match(String[] arr, String s, int index) { - if (index == arr.length) return true; + if (index >= arr.length) return true; for(int i=0; i epoch. + time *= 10000; // tenths of a microsecond. + // convert to little-endian byte array. + byte[] timestamp = new byte[8]; + for (int i = 0; i < 8; i++) { + timestamp[i] = (byte) time; + time >>>= 8; + } + byte[] blob = new byte[blobSignature.length + reserved.length + + timestamp.length + clientChallenge.length + + unknown1.length + targetInformation.length + + unknown2.length]; + int offset = 0; + System.arraycopy(blobSignature, 0, blob, offset, blobSignature.length); + offset += blobSignature.length; + System.arraycopy(reserved, 0, blob, offset, reserved.length); + offset += reserved.length; + System.arraycopy(timestamp, 0, blob, offset, timestamp.length); + offset += timestamp.length; + System.arraycopy(clientChallenge, 0, blob, offset, + clientChallenge.length); + offset += clientChallenge.length; + System.arraycopy(unknown1, 0, blob, offset, unknown1.length); + offset += unknown1.length; + System.arraycopy(targetInformation, 0, blob, offset, + targetInformation.length); + offset += targetInformation.length; + System.arraycopy(unknown2, 0, blob, offset, unknown2.length); + return blob; + } + + /** + * Calculates the HMAC-MD5 hash of the given data using the specified + * hashing key. + * + * @param data The data for which the hash will be calculated. + * @param key The hashing key. + * + * @return The HMAC-MD5 hash of the given data. + */ + private static byte[] hmacMD5(byte[] data, byte[] key) throws Exception { + byte[] ipad = new byte[64]; + byte[] opad = new byte[64]; + for (int i = 0; i < 64; i++) { + ipad[i] = (byte) 0x36; + opad[i] = (byte) 0x5c; + } + for (int i = key.length - 1; i >= 0; i--) { + ipad[i] ^= key[i]; + opad[i] ^= key[i]; + } + byte[] content = new byte[data.length + 64]; + System.arraycopy(ipad, 0, content, 0, 64); + System.arraycopy(data, 0, content, 64, data.length); + MD5Digest md5 = new MD5Digest(); + md5.update(content, 0, content.length); + data = new byte[md5.getDigestSize()]; + md5.doFinal(data, 0); + content = new byte[data.length + 64]; + System.arraycopy(opad, 0, content, 0, 64); + System.arraycopy(data, 0, content, 64, data.length); + md5 = new MD5Digest(); + md5.update(content, 0, content.length); + byte[] ret = new byte[md5.getDigestSize()]; + md5.doFinal(ret, 0); + return ret; + } + + /** + * Creates a DES encryption key from the given key material. + * + * @param bytes A byte array containing the DES key material. + * @param offset The offset in the given byte array at which + * the 7-byte key material starts. + * + * @return A DES encryption key created from the key material + * starting at the specified offset in the given byte array. + */ + /* + private static Key createDESKey(byte[] bytes, int offset) { + byte[] keyBytes = new byte[7]; + System.arraycopy(bytes, offset, keyBytes, 0, 7); + byte[] material = new byte[8]; + material[0] = keyBytes[0]; + material[1] = (byte) (keyBytes[0] << 7 | (keyBytes[1] & 0xff) >>> 1); + material[2] = (byte) (keyBytes[1] << 6 | (keyBytes[2] & 0xff) >>> 2); + material[3] = (byte) (keyBytes[2] << 5 | (keyBytes[3] & 0xff) >>> 3); + material[4] = (byte) (keyBytes[3] << 4 | (keyBytes[4] & 0xff) >>> 4); + material[5] = (byte) (keyBytes[4] << 3 | (keyBytes[5] & 0xff) >>> 5); + material[6] = (byte) (keyBytes[5] << 2 | (keyBytes[6] & 0xff) >>> 6); + material[7] = (byte) (keyBytes[6] << 1); + oddParity(material); + return new SecretKeySpec(material, "DES"); + } + */ - private static final JSFunction timeRange = new JSFunction() { - public Object call(Context cx, Scriptable thisObj, Scriptable ctorObj, Object[] args) throws JavaScriptException { - throw new JavaScriptException("XWT does not support timeRange() in PAC scripts"); + /** + * Applies odd parity to the given byte array. + * + * @param bytes The data whose parity bits are to be adjusted for + * odd parity. + */ + private static void oddParity(byte[] bytes) { + for (int i = 0; i < bytes.length; i++) { + byte b = bytes[i]; + boolean needsParity = (((b >>> 7) ^ (b >>> 6) ^ (b >>> 5) ^ + (b >>> 4) ^ (b >>> 3) ^ (b >>> 2) ^ + (b >>> 1)) & 0x01) == 0; + if (needsParity) { + bytes[i] |= (byte) 0x01; + } else { + bytes[i] &= (byte) 0xfe; } - }; + } + } } - } - }