Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
PojavLauncherTeam
GitHub Repository: PojavLauncherTeam/mobile
 Path: blob/master/test/jdk/sun/net/www/protocol/http/HttpOnly.java
41159 views
1
/*

2
 * Copyright (c) 2012, 2019, Oracle and/or its affiliates. All rights reserved.

3
 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.

4
 *

5
 * This code is free software; you can redistribute it and/or modify it

6
 * under the terms of the GNU General Public License version 2 only, as

7
 * published by the Free Software Foundation.

8
 *

9
 * This code is distributed in the hope that it will be useful, but WITHOUT

10
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or

11
 * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License

12
 * version 2 for more details (a copy is included in the LICENSE file that

13
 * accompanied this code).

14
 *

15
 * You should have received a copy of the GNU General Public License version

16
 * 2 along with this work; if not, write to the Free Software Foundation,

17
 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.

18
 *

19
 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA

20
 * or visit www.oracle.com if you need additional information or have any

21
 * questions.

22
 */

23
/**

24
 * @test

25
 * @bug 7095980 8007315

26
 * @modules jdk.httpserver

27
 * @library /test/lib

28
 * @summary Ensure HttpURLConnection (and supporting APIs) don't expose

29
 *          HttpOnly cookies

30
 * @run main HttpOnly

31
 * @run main/othervm -Djava.net.preferIPv6Addresses=true HttpOnly

32
 */

33


34
import java.io.IOException;

35
import java.net.CookieHandler;

36
import java.net.CookieManager;

37
import java.net.CookiePolicy;

38
import java.net.InetAddress;

39
import java.net.InetSocketAddress;

40
import java.net.Proxy;

41
import java.net.URI;

42
import java.net.HttpURLConnection;

43
import java.util.ArrayList;

44
import java.util.HashMap;

45
import java.util.List;

46
import java.util.Map;

47
import java.util.Set;

48
import com.sun.net.httpserver.Headers;

49
import com.sun.net.httpserver.HttpExchange;

50
import com.sun.net.httpserver.HttpHandler;

51
import com.sun.net.httpserver.HttpServer;

52


53
import jdk.test.lib.net.URIBuilder;

54


55
/*

56
 * 1) start the HTTP server

57
 * 2) populate cookie store with HttpOnly cookies

58
 * 3) make HTTP request that should contain HttpOnly cookies

59
 * 4) check HttpOnly cookies received by server

60
 * 5) server reply with Set-Cookie containing HttpOnly cookie

61
 * 6) check HttpOnly cookies are not accessible from Http client

62
 * 7) check that non-null (empty string) values are returned for

63
      scenario where all values are stripped from original key values

64
 */

65


66
public class HttpOnly {

67


68
    static final String URI_PATH = "/xxyyzz/";

69
    static final int SESSION_ID = 12345;

70


71
     void test(String[] args) throws Exception {

72
        HttpServer server = startHttpServer();

73
        CookieHandler previousHandler = CookieHandler.getDefault();

74
        try {

75
            InetSocketAddress address = server.getAddress();

76
            URI uri = URIBuilder.newBuilder()

77
                                .scheme("http")

78
                                .host(address.getAddress())

79
                                .port(address.getPort())

80
                                .path(URI_PATH)

81
                                .build();

82
            populateCookieStore(uri);

83
            doClient(uri);

84
        } finally {

85
            CookieHandler.setDefault(previousHandler);

86
            server.stop(0);

87
        }

88
    }

89


90
    void populateCookieStore(URI uri)

91
            throws IOException {

92


93
        CookieManager cm = new CookieManager(null, CookiePolicy.ACCEPT_ALL);

94
        CookieHandler.setDefault(cm);

95
        Map<String,List<String>> header = new HashMap<>();

96
        List<String> values = new ArrayList<>();

97
        values.add("JSESSIONID=" + SESSION_ID + "; version=1; Path="

98
                   + URI_PATH +"; HttpOnly");

99
        values.add("CUSTOMER=WILE_E_COYOTE; version=1; Path=" + URI_PATH);

100
        header.put("Set-Cookie", values);

101
        cm.put(uri, header);

102
    }

103


104
    void doClient(URI uri) throws Exception {

105
        HttpURLConnection uc = (HttpURLConnection) uri.toURL().openConnection(Proxy.NO_PROXY);

106
        int resp = uc.getResponseCode();

107
        check(resp == 200,

108
              "Unexpected response code. Expected 200, got " + resp);

109


110
        // TEST 1: check getRequestProperty doesn't return the HttpOnly cookie

111
        // In fact, that it doesn't return any automatically set cookies.

112
        String cookie = uc.getRequestProperty("Cookie");

113
        check(cookie == null,

114
              "Cookie header returned from getRequestProperty, value " + cookie);

115


116
        // TEST 2: check getRequestProperties doesn't return the HttpOnly cookie.

117
        // In fact, that it doesn't return any automatically set cookies.

118
        Map<String,List<String>> reqHeaders = uc.getRequestProperties();

119
        Set<Map.Entry<String,List<String>>> entries = reqHeaders.entrySet();

120
        for (Map.Entry<String,List<String>> entry : entries) {

121
            String header = entry.getKey();

122
            check(!"Cookie".equalsIgnoreCase(header),

123
                  "Cookie header returned from getRequestProperties, value " +

124
                         entry.getValue());

125
        }

126


127
        // TEST 3: check getHeaderField doesn't return Set-Cookie with HttpOnly

128
        String setCookie = uc.getHeaderField("Set-Cookie");

129
        if (setCookie != null) {

130
            debug("Set-Cookie:" + setCookie);

131
            check(!setCookie.toLowerCase().contains("httponly"),

132
                  "getHeaderField returned Set-Cookie header with HttpOnly, " +

133
                  "value = " + setCookie);

134
        }

135


136
        // TEST 3.5: check getHeaderField doesn't return Set-Cookie2 with HttpOnly

137
        String setCookie2 = uc.getHeaderField("Set-Cookie2");

138
        if (setCookie2 != null) {

139
            debug("Set-Cookie2:" + setCookie2);

140
            check(!setCookie2.toLowerCase().contains("httponly"),

141
                  "getHeaderField returned Set-Cookie2 header with HttpOnly, " +

142
                  "value = " + setCookie2);

143
        }

144


145
        // TEST 4: check getHeaderFields doesn't return Set-Cookie

146
        //         or Set-Cookie2 headers with HttpOnly

147
        Map<String,List<String>> respHeaders = uc.getHeaderFields();

148
        Set<Map.Entry<String,List<String>>> respEntries = respHeaders.entrySet();

149
        for (Map.Entry<String,List<String>> entry : respEntries) {

150
            String header = entry.getKey();

151
            if ("Set-Cookie".equalsIgnoreCase(header)) {

152
                List<String> setCookieValues = entry.getValue();

153
                debug("Set-Cookie:" + setCookieValues);

154
                for (String value : setCookieValues)

155
                    check(!value.toLowerCase().contains("httponly"),

156
                          "getHeaderFields returned Set-Cookie header with HttpOnly, "

157
                          + "value = " + value);

158
            }

159
            if ("Set-Cookie2".equalsIgnoreCase(header)) {

160
                List<String> setCookieValues = entry.getValue();

161
                debug("Set-Cookie2:" + setCookieValues);

162
                for (String value : setCookieValues)

163
                    check(!value.toLowerCase().contains("httponly"),

164
                          "getHeaderFields returned Set-Cookie2 header with HttpOnly, "

165
                          + "value = " + value);

166
            }

167
        }

168


169
        // Now add some user set cookies into the mix.

170
        uc = (HttpURLConnection) uri.toURL().openConnection(Proxy.NO_PROXY);

171
        uc.addRequestProperty("Cookie", "CUSTOMER_ID=CHEGAR;");

172
        resp = uc.getResponseCode();

173
        check(resp == 200,

174
              "Unexpected response code. Expected 200, got " + resp);

175


176
        // TEST 5: check getRequestProperty doesn't return the HttpOnly cookie

177
        cookie = uc.getRequestProperty("Cookie");

178
        check(!cookie.toLowerCase().contains("httponly"),

179
              "HttpOnly cookie returned from getRequestProperty, value " + cookie);

180


181
        // TEST 6: check getRequestProperties doesn't return the HttpOnly cookie.

182
        reqHeaders = uc.getRequestProperties();

183
        entries = reqHeaders.entrySet();

184
        for (Map.Entry<String,List<String>> entry : entries) {

185
            String header = entry.getKey();

186
            if ("Cookie".equalsIgnoreCase(header)) {

187
                for (String val : entry.getValue())

188
                    check(!val.toLowerCase().contains("httponly"),

189
                          "HttpOnly cookie returned from getRequestProperties," +

190
                          " value " + val);

191
            }

192
        }

193


194
        // TEST 7 : check that header keys containing empty key values don't return null

195
        int i = 1;

196
        String key = "";

197
        String value = "";

198


199
        while (true) {

200
            key = uc.getHeaderFieldKey(i);

201
            value = uc.getHeaderField(i++);

202
            if (key == null && value == null)

203
                break;

204


205
            if (key != null)

206
                check(value != null,

207
                    "Encountered a null value for key value : " + key);

208
        }

209


210
        // TEST 7.5 similar test but use getHeaderFields

211
        respHeaders = uc.getHeaderFields();

212
        respEntries = respHeaders.entrySet();

213
        for (Map.Entry<String,List<String>> entry : respEntries) {

214
            String header = entry.getKey();

215
            if (header != null) {

216
                List<String> listValues = entry.getValue();

217
                for (String value1 : listValues)

218
                    check(value1 != null,

219
                        "getHeaderFields returned null values for header:, "

220
                        + header);

221
            }

222
        }

223
    }

224


225
    // HTTP Server

226
    HttpServer startHttpServer() throws IOException {

227
        InetAddress localhost = InetAddress.getLocalHost();

228
        HttpServer httpServer = HttpServer.create(new InetSocketAddress(localhost, 0), 0);

229
        httpServer.createContext(URI_PATH, new SimpleHandler());

230
        httpServer.start();

231
        return httpServer;

232
    }

233


234
    class SimpleHandler implements HttpHandler {

235
        @Override

236
        public void handle(HttpExchange t) throws IOException {

237
            Headers reqHeaders = t.getRequestHeaders();

238


239
            // some small sanity check

240
            List<String> cookies = reqHeaders.get("Cookie");

241
            for (String cookie : cookies) {

242
                if (!cookie.contains("JSESSIONID")

243
                    || !cookie.contains("WILE_E_COYOTE"))

244
                    t.sendResponseHeaders(400, -1);

245
            }

246


247
            // return some cookies so we can check getHeaderField(s)

248
            Headers respHeaders = t.getResponseHeaders();

249
            List<String> values = new ArrayList<>();

250
            values.add("ID=JOEBLOGGS; version=1; Path=" + URI_PATH);

251
            values.add("NEW_JSESSIONID=" + (SESSION_ID+1) + "; version=1; Path="

252
                       + URI_PATH +"; HttpOnly");

253
            values.add("NEW_CUSTOMER=WILE_E_COYOTE2; version=1; Path=" + URI_PATH);

254
            respHeaders.put("Set-Cookie", values);

255
            values = new ArrayList<>();

256
            values.add("COOKIE2_CUSTOMER=WILE_E_COYOTE2; version=1; Path="

257
                       + URI_PATH);

258
            respHeaders.put("Set-Cookie2", values);

259
            values.add("COOKIE2_JSESSIONID=" + (SESSION_ID+100)

260
                       + "; version=1; Path=" + URI_PATH +"; HttpOnly");

261
            respHeaders.put("Set-Cookie2", values);

262


263
            t.sendResponseHeaders(200, -1);

264
            t.close();

265
        }

266
    }

267


268
    volatile int passed = 0, failed = 0;

269
    boolean debug = false;

270
    void pass() {passed++;}

271
    void fail() {failed++;}

272
    void fail(String msg) {System.err.println(msg); fail();}

273
    void unexpected(Throwable t) {failed++; t.printStackTrace();}

274
    void debug(String message) { if (debug) System.out.println(message); }

275
    void check(boolean cond, String failMessage) {if (cond) pass(); else fail(failMessage);}

276
    public static void main(String[] args) throws Throwable {

277
        Class<?> k = new Object(){}.getClass().getEnclosingClass();

278
        try {k.getMethod("instanceMain",String[].class)

279
                .invoke( k.newInstance(), (Object) args);}

280
        catch (Throwable e) {throw e.getCause();}}

281
    public void instanceMain(String[] args) throws Throwable {

282
        try {test(args);} catch (Throwable t) {unexpected(t);}

283
        System.out.printf("%nPassed = %d, failed = %d%n%n", passed, failed);

284
        if (failed > 0) throw new AssertionError("Some tests failed");}

285
}

286


287