1
/*
2
 * Copyright (c) 2002, 2013, Oracle and/or its affiliates. All rights reserved.
3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
4
 *
5
 * This code is free software; you can redistribute it and/or modify it
6
 * under the terms of the GNU General Public License version 2 only, as
7
 * published by the Free Software Foundation.
8
 *
9
 * This code is distributed in the hope that it will be useful, but WITHOUT
10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
12
 * version 2 for more details (a copy is included in the LICENSE file that
13
 * accompanied this code).
14
 *
15
 * You should have received a copy of the GNU General Public License version
16
 * 2 along with this work; if not, write to the Free Software Foundation,
17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
18
 *
19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
20
 * or visit www.oracle.com if you need additional information or have any
21
 * questions.
22
 */
23

24
/**
25
 * @test
26
 * @bug 4769350 8017779
27
 * @run main/othervm B4769350 server
28
 * @run main/othervm B4769350 proxy
29
 * @summary proxy authentication username and password caching only works in serial case
30
 * Run in othervm since the test sets system properties that are read by the
31
 * networking stack and cached when the HTTP handler is invoked, and previous
32
 * tests may already have invoked the HTTP handler.
33
 */
34

35
import com.sun.net.httpserver.HttpExchange;
36
import com.sun.net.httpserver.HttpHandler;
37
import com.sun.net.httpserver.HttpServer;
38
import java.io.*;
39
import java.net.*;
40
import java.util.concurrent.BrokenBarrierException;
41
import java.util.concurrent.CountDownLatch;
42
import java.util.concurrent.CyclicBarrier;
43
import java.util.concurrent.Executor;
44
import java.util.concurrent.ExecutorService;
45
import java.util.concurrent.Executors;
46

47
public class B4769350 {
48

49
    static int count = 0;
50
    static boolean error = false;
51

52
    static void read (InputStream is) throws IOException {
53
        while (is.read() != -1) {
54
            //System.out.write (c);
55
        }
56
    }
57

58
     static class Client extends Thread {
59
        String authority, path;
60
        boolean allowerror;
61

62
        Client (String authority, String path, boolean allowerror) {
63
            super("Thread-" + path);
64
            this.authority = authority;
65
            this.path = path;
66
            this.allowerror = allowerror;
67
        }
68

69
        @Override
70
        public void run () {
71
            try {
72
                URI u = new URI ("http", authority, path, null, null);
73
                URL url = u.toURL();
74
                URLConnection urlc = url.openConnection();
75
                try (InputStream is = urlc.getInputStream()) {
76
                    read (is);
77
                }
78
            } catch (URISyntaxException  e) {
79
                System.out.println (e);
80
                error = true;
81
            } catch (IOException e) {
82
                if (!allowerror) {
83
                    System.out.println (Thread.currentThread().getName()
84
                            + " " + e);
85
                    e.printStackTrace();
86
                    error = true;
87
                }
88
            }
89
        }
90
    }
91

92
    class Server implements AutoCloseable {
93
        HttpServer server;
94
        Executor executor;
95

96
        public String getAddress() {
97
            return server.getAddress().getHostName();
98
        }
99

100
        public void startServer() {
101
            InetSocketAddress addr = new InetSocketAddress(0);
102

103
            try {
104
                server = HttpServer.create(addr, 0);
105
            } catch (IOException ioe) {
106
                throw new RuntimeException("Server could not be created");
107
            }
108
            executor = Executors.newFixedThreadPool(10);
109
            server.setExecutor(executor);
110
            server.createContext("/test/realm1/t1a",
111
                    new AuthenticationHandlerT1a() );
112
            server.createContext("/test/realm2/t1b",
113
                    new AuthenticationHandlerT1b());
114
            server.createContext("/test/realm1/t1c",
115
                    new AuthenticationHandlerT1c());
116
            server.createContext("/test/realm2/t1d",
117
                    new AuthenticationHandlerT1d());
118
            server.createContext("/test/realm3/t2a",
119
                    new AuthenticationHandlerT2a());
120
            server.createContext("/test/realm3/t2b",
121
                    new AuthenticationHandlerT2b());
122
            server.createContext("/test/realm4/t3a",
123
                    new AuthenticationHandlerT3a());
124
            server.createContext("/test/realm4/t3b",
125
                    new AuthenticationHandlerT3bc());
126
            server.createContext("/test/realm4/t3c",
127
                    new AuthenticationHandlerT3bc());
128
            t1Cond1 = new CyclicBarrier(3);
129
            server.start();
130
        }
131

132
        public int getPort() {
133
            return server.getAddress().getPort();
134
        }
135

136
        @Override
137
        public void close() {
138
            if (executor != null)
139
                ((ExecutorService)executor).shutdownNow();
140
            if (server != null)
141
                server.stop(0);
142
        }
143

144
        /* T1 tests the client by sending 4 requests to 2 different realms
145
         * in parallel. The client should recognise two pairs of dependent requests
146
         * and execute the first of each pair in parallel. When they both succeed
147
         * the second requests should be executed without calling the authenticator.
148
         * The test succeeds if the authenticator was only called twice.
149
         */
150
        class AuthenticationHandlerT1a implements HttpHandler
151
        {
152
            volatile int count = -1;
153

154
            @Override
155
            public void handle(HttpExchange exchange) throws IOException {
156
                count++;
157
                try {
158
                    switch(count) {
159
                        case 0:
160
                            AuthenticationHandler.errorReply(exchange,
161
                                    "Basic realm=\"realm1\"");
162
                            break;
163
                        case 1:
164
                            t1Cond1.await();
165
                            AuthenticationHandler.okReply(exchange);
166
                            break;
167
                        default:
168
                            System.out.println ("Unexpected request");
169
                    }
170
                } catch (InterruptedException |
171
                                 BrokenBarrierException e)
172
                        {
173
                            throw new RuntimeException(e);
174
                        }
175
            }
176
        }
177

178
        class AuthenticationHandlerT1b implements HttpHandler
179
        {
180
            volatile int count = -1;
181

182
            @Override
183
            public void handle(HttpExchange exchange) throws IOException {
184
                count++;
185
                try {
186
                    switch(count) {
187
                        case 0:
188
                            AuthenticationHandler.errorReply(exchange,
189
                                    "Basic realm=\"realm2\"");
190
                            break;
191
                        case 1:
192
                            t1Cond1.await();
193
                            AuthenticationHandler.okReply(exchange);
194
                            break;
195
                        default:
196
                            System.out.println ("Unexpected request");
197
                    }
198
                } catch (InterruptedException | BrokenBarrierException e) {
199
                    throw new RuntimeException(e);
200
                }
201
            }
202
        }
203

204
        class AuthenticationHandlerT1c implements HttpHandler
205
        {
206
            volatile int count = -1;
207

208
            @Override
209
            public void handle(HttpExchange exchange) throws IOException {
210
                count++;
211
                switch(count) {
212
                    case 0:
213
                        AuthenticationHandler.errorReply(exchange,
214
                                "Basic realm=\"realm1\"");
215
                        break;
216
                    case 1:
217
                        AuthenticationHandler.okReply(exchange);
218
                        break;
219
                    default:
220
                        System.out.println ("Unexpected request");
221
                }
222
            }
223
        }
224

225
        class AuthenticationHandlerT1d implements HttpHandler
226
        {
227
            volatile int count = -1;
228

229
            @Override
230
            public void handle(HttpExchange exchange) throws IOException {
231
                count++;
232
                switch(count) {
233
                    case 0:
234
                        AuthenticationHandler.errorReply(exchange,
235
                                "Basic realm=\"realm2\"");
236
                        break;
237
                    case 1:
238
                        AuthenticationHandler.okReply(exchange);
239
                        break;
240
                    default:
241
                        System.out.println ("Unexpected request");
242
                }
243
            }
244
        }
245

246
        /* T2 tests to check that if initial authentication fails, the second will
247
         * succeed, and the authenticator is called twice
248
         */
249

250
        class AuthenticationHandlerT2a implements HttpHandler
251
        {
252
            volatile int count = -1;
253

254
            @Override
255
            public void handle(HttpExchange exchange) throws IOException {
256
                count++;
257
                if (count == 1) {
258
                    t2condlatch.countDown();
259
                }
260
                AuthenticationHandler.errorReply(exchange,
261
                        "Basic realm=\"realm3\"");
262

263
            }
264
        }
265

266
         class AuthenticationHandlerT2b implements HttpHandler
267
        {
268
            volatile int count = -1;
269

270
            @Override
271
            public void handle(HttpExchange exchange) throws IOException {
272
                count++;
273
                switch(count) {
274
                    case 0:
275
                        AuthenticationHandler.errorReply(exchange,
276
                                "Basic realm=\"realm3\"");
277
                        break;
278
                    case 1:
279
                        AuthenticationHandler.okReply(exchange);
280
                        break;
281
                    default:
282
                        System.out.println ("Unexpected request");
283
                }
284
            }
285
        }
286

287
        /* T3 tests proxy and server authentication. three threads request same
288
         * resource at same time. Authenticator should be called once for server
289
         * and once for proxy
290
         */
291

292
        class AuthenticationHandlerT3a implements HttpHandler
293
        {
294
            volatile int count = -1;
295

296
            @Override
297
            public void handle(HttpExchange exchange) throws IOException {
298
                count++;
299
                switch(count) {
300
                    case 0:
301
                        AuthenticationHandler.proxyReply(exchange,
302
                                "Basic realm=\"proxy\"");
303
                        break;
304
                    case 1:
305
                        t3cond1.countDown();
306
                        AuthenticationHandler.errorReply(exchange,
307
                                "Basic realm=\"realm4\"");
308
                        break;
309
                    case 2:
310
                        AuthenticationHandler.okReply(exchange);
311
                        break;
312
                    default:
313
                        System.out.println ("Unexpected request");
314
                }
315
            }
316
        }
317

318
        class AuthenticationHandlerT3bc implements HttpHandler
319
        {
320
            volatile int count = -1;
321

322
            @Override
323
            public void handle(HttpExchange exchange) throws IOException {
324
                count++;
325
                switch(count) {
326
                    case 0:
327
                        AuthenticationHandler.proxyReply(exchange,
328
                                "Basic realm=\"proxy\"");
329
                        break;
330
                    case 1:
331
                        AuthenticationHandler.okReply(exchange);
332
                        break;
333
                    default:
334
                        System.out.println ("Unexpected request");
335
                }
336
            }
337
        }
338
    }
339

340
    static class AuthenticationHandler {
341
        static void errorReply(HttpExchange exchange, String reply)
342
                throws IOException
343
        {
344
            exchange.getResponseHeaders().add("Connection", "close");
345
            exchange.getResponseHeaders().add("WWW-Authenticate", reply);
346
            exchange.sendResponseHeaders(401, 0);
347
            exchange.close();
348
        }
349

350
        static void proxyReply (HttpExchange exchange, String reply)
351
                throws IOException
352
        {
353
            exchange.getResponseHeaders().add("Proxy-Authenticate", reply);
354
            exchange.sendResponseHeaders(407, 0);
355
        }
356

357
        static void okReply (HttpExchange exchange) throws IOException {
358
            exchange.getResponseHeaders().add("Connection", "close");
359
            String response = "Hello .";
360
            exchange.sendResponseHeaders(200, response.getBytes().length);
361
            try (OutputStream os = exchange.getResponseBody()) {
362
                os.write(response.getBytes());
363
            }
364
            exchange.close();
365
        }
366
    }
367

368
    static Server server;
369
    static MyAuthenticator auth = new MyAuthenticator ();
370

371
    static int redirects = 4;
372

373
    static Client c1,c2,c3,c4,c5,c6,c7,c8,c9;
374

375
    static CountDownLatch t2condlatch;
376
    static CountDownLatch t3cond1;
377
    static CyclicBarrier t1Cond1;
378

379
    static void doServerTests (String authority, Server server) throws Exception
380
    {
381
        System.out.println ("Doing Server tests");
382
        System.out.println ("T1");
383
        c1 = new Client (authority, "/test/realm1/t1a", false);
384
        c2 = new Client (authority, "/test/realm2/t1b", false);
385
        c3 = new Client (authority, "/test/realm1/t1c", false);
386
        c4 = new Client (authority, "/test/realm2/t1d", false);
387
        c1.start(); c2.start();
388
        t1Cond1.await();
389
        c3.start(); c4.start();
390
        c1.join(); c2.join(); c3.join(); c4.join();
391

392
        int f = auth.getCount();
393
        if (f != 2) {
394
            except ("Authenticator was called "+f+" times. Should be 2",
395
                    server);
396
        }
397
        if (error) {
398
            except ("error occurred", server);
399
        }
400

401
        auth.resetCount();
402
        System.out.println ("T2");
403

404
        c5 = new Client (authority, "/test/realm3/t2a", true);
405
        c6 = new Client (authority, "/test/realm3/t2b", false);
406
        t2condlatch = new CountDownLatch(1);
407
        c5.start ();
408
        t2condlatch.await();
409
        c6.start ();
410
        c5.join(); c6.join();
411

412
        f = auth.getCount();
413
        if (f != redirects+1) {
414
            except ("Authenticator was called "+f+" times. Should be: "
415
                    + redirects+1, server);
416
        }
417
        if (error) {
418
            except ("error occurred", server);
419
        }
420
    }
421

422
    static void doProxyTests (String authority, Server server) throws Exception
423
    {
424
        System.out.println ("Doing Proxy tests");
425
        c7 = new Client (authority, "/test/realm4/t3a", false);
426
        c8 = new Client (authority, "/test/realm4/t3b", false);
427
        c9 = new Client (authority, "/test/realm4/t3c", false);
428
        t3cond1 = new CountDownLatch(1);
429
        c7.start ();
430
        t3cond1.await();
431
        c8.start ();
432
        c9.start ();
433
        c7.join(); c8.join(); c9.join();
434

435
        int f = auth.getCount();
436
        if (f != 2) {
437
            except ("Authenticator was called "+f+" times. Should be: " + 2,
438
                    server);
439
        }
440
        if (error) {
441
            except ("error occurred", server);
442
        }
443
    }
444

445
    public static void main (String[] args) throws Exception {
446
        new B4769350().runTest(args[0].equals ("proxy"));
447
    }
448

449
    public void runTest(boolean proxy) throws Exception {
450
        System.setProperty ("http.maxRedirects", Integer.toString (redirects));
451
        System.setProperty ("http.auth.serializeRequests", "true");
452
        Authenticator.setDefault (auth);
453
        try (Server server = new Server()) {
454
            server.startServer();
455
            System.out.println ("Server: listening on port: "
456
                    + server.getPort());
457
            if (proxy) {
458
                System.setProperty ("http.proxyHost", "localhost");
459
                System.setProperty ("http.proxyPort",
460
                        Integer.toString(server.getPort()));
461
                doProxyTests ("www.foo.com", server);
462
            } else {
463
                doServerTests ("localhost:"+server.getPort(), server);
464
            }
465
        }
466

467
    }
468

469
    public static void except (String s, Server server) {
470
        server.close();
471
        throw new RuntimeException (s);
472
    }
473

474
    static class MyAuthenticator extends Authenticator {
475
        MyAuthenticator () {
476
            super ();
477
        }
478

479
        volatile int count = 0;
480

481
        @Override
482
        public PasswordAuthentication getPasswordAuthentication () {
483
            PasswordAuthentication pw;
484
            pw = new PasswordAuthentication ("user", "pass1".toCharArray());
485
            count ++;
486
            return pw;
487
        }
488

489
        public void resetCount () {
490
            count = 0;
491
        }
492

493
        public int getCount () {
494
            return count;
495
        }
496
    }
497
}
498

499

500