/*
* Copyright (c) 2015, 2016, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation. Oracle designates this
* particular file as subject to the "Classpath" exception as provided
* by Oracle in the LICENSE file that accompanied this code.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
package jdk.incubator.http.internal.websocket;
import jdk.incubator.http.internal.common.MinimalFuture;
import java.io.IOException;
import java.net.URI;
import java.net.URISyntaxException;
import jdk.incubator.http.HttpClient;
import jdk.incubator.http.HttpClient.Version;
import jdk.incubator.http.HttpHeaders;
import jdk.incubator.http.HttpRequest;
import jdk.incubator.http.HttpResponse;
import jdk.incubator.http.HttpResponse.BodyHandler;
import jdk.incubator.http.WebSocketHandshakeException;
import java.nio.charset.StandardCharsets;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import java.security.SecureRandom;
import java.time.Duration;
import java.util.Base64;
import java.util.Collection;
import java.util.Collections;
import java.util.LinkedHashSet;
import java.util.List;
import java.util.Optional;
import java.util.Set;
import java.util.TreeSet;
import java.util.concurrent.CompletableFuture;
import java.util.stream.Collectors;
import static java.lang.String.format;
import static jdk.incubator.http.internal.common.Utils.isValidName;
import static jdk.incubator.http.internal.common.Utils.stringOf;
final class OpeningHandshake {
private static final String HEADER_CONNECTION = "Connection";
private static final String HEADER_UPGRADE = "Upgrade";
private static final String HEADER_ACCEPT = "Sec-WebSocket-Accept";
private static final String HEADER_EXTENSIONS = "Sec-WebSocket-Extensions";
private static final String HEADER_KEY = "Sec-WebSocket-Key";
private static final String HEADER_PROTOCOL = "Sec-WebSocket-Protocol";
private static final String HEADER_VERSION = "Sec-WebSocket-Version";
private static final String VALUE_VERSION = "13"; // WebSocket's lucky number
private static final Set<String> FORBIDDEN_HEADERS;
static {
FORBIDDEN_HEADERS = new TreeSet<>(String.CASE_INSENSITIVE_ORDER);
FORBIDDEN_HEADERS.addAll(List.of(HEADER_ACCEPT,
HEADER_EXTENSIONS,
HEADER_KEY,
HEADER_PROTOCOL,
HEADER_VERSION));
}
private static final SecureRandom srandom = new SecureRandom();
private final MessageDigest sha1;
private final HttpClient client;
{
try {
sha1 = MessageDigest.getInstance("SHA-1");
} catch (NoSuchAlgorithmException e) {
// Shouldn't happen: SHA-1 must be available in every Java platform
// implementation
throw new InternalError("Minimum requirements", e);
}
}
private final HttpRequest request;
private final Collection<String> subprotocols;
private final String nonce;
OpeningHandshake(BuilderImpl b) {
this.client = b.getClient();
URI httpURI = createRequestURI(b.getUri());
HttpRequest.Builder requestBuilder = HttpRequest.newBuilder(httpURI);
Duration connectTimeout = b.getConnectTimeout();
if (connectTimeout != null) {
requestBuilder.timeout(connectTimeout);
}
this.subprotocols = createRequestSubprotocols(b.getSubprotocols());
if (!this.subprotocols.isEmpty()) {
String p = this.subprotocols.stream().collect(Collectors.joining(", "));
requestBuilder.header(HEADER_PROTOCOL, p);
}
requestBuilder.header(HEADER_VERSION, VALUE_VERSION);
this.nonce = createNonce();
requestBuilder.header(HEADER_KEY, this.nonce);
// Setting request version to HTTP/1.1 forcibly, since it's not possible
// to upgrade from HTTP/2 to WebSocket (as of August 2016):
//
// https://tools.ietf.org/html/draft-hirano-httpbis-websocket-over-http2-00
this.request = requestBuilder.version(Version.HTTP_1_1).GET().build();
WebSocketRequest r = (WebSocketRequest) this.request;
r.isWebSocket(true);
r.setSystemHeader(HEADER_UPGRADE, "websocket");
r.setSystemHeader(HEADER_CONNECTION, "Upgrade");
}
private static Collection<String> createRequestSubprotocols(
Collection<String> subprotocols)
{
LinkedHashSet<String> sp = new LinkedHashSet<>(subprotocols.size(), 1);
for (String s : subprotocols) {
if (s.trim().isEmpty() || !isValidName(s)) {
throw illegal("Bad subprotocol syntax: " + s);
}
if (FORBIDDEN_HEADERS.contains(s)) {
throw illegal("Forbidden header: " + s);
}
boolean unique = sp.add(s);
if (!unique) {
throw illegal("Duplicating subprotocol: " + s);
}
}
return Collections.unmodifiableCollection(sp);
}
/*
* Checks the given URI for being a WebSocket URI and translates it into a
* target HTTP URI for the Opening Handshake.
*
* https://tools.ietf.org/html/rfc6455#section-3
*/
private static URI createRequestURI(URI uri) {
// TODO: check permission for WebSocket URI and translate it into
// http/https permission
String s = uri.getScheme(); // The scheme might be null (i.e. undefined)
if (!("ws".equalsIgnoreCase(s) || "wss".equalsIgnoreCase(s))
|| uri.getFragment() != null)
{
throw illegal("Bad URI: " + uri);
}
String scheme = "ws".equalsIgnoreCase(s) ? "http" : "https";
try {
return new URI(scheme,
uri.getUserInfo(),
uri.getHost(),
uri.getPort(),
uri.getPath(),
uri.getQuery(),
null); // No fragment
} catch (URISyntaxException e) {
// Shouldn't happen: URI invariant
throw new InternalError(e);
}
}
CompletableFuture<Result> send() {
return client.sendAsync(this.request, BodyHandler.<Void>discard(null))
.thenCompose(this::resultFrom);
}
/*
* The result of the opening handshake.
*/
static final class Result {
final String subprotocol;
final RawChannel channel;
private Result(String subprotocol, RawChannel channel) {
this.subprotocol = subprotocol;
this.channel = channel;
}
}
private CompletableFuture<Result> resultFrom(HttpResponse<?> response) {
// Do we need a special treatment for SSLHandshakeException?
// Namely, invoking
//
// Listener.onClose(StatusCodes.TLS_HANDSHAKE_FAILURE, "")
//
// See https://tools.ietf.org/html/rfc6455#section-7.4.1
Result result = null;
Exception exception = null;
try {
result = handleResponse(response);
} catch (IOException e) {
exception = e;
} catch (Exception e) {
exception = new WebSocketHandshakeException(response).initCause(e);
}
if (exception == null) {
return MinimalFuture.completedFuture(result);
}
try {
((RawChannel.Provider) response).rawChannel().close();
} catch (IOException e) {
exception.addSuppressed(e);
}
return MinimalFuture.failedFuture(exception);
}
private Result handleResponse(HttpResponse<?> response) throws IOException {
// By this point all redirects, authentications, etc. (if any) MUST have
// been done by the HttpClient used by the WebSocket; so only 101 is
// expected
int c = response.statusCode();
if (c != 101) {
throw checkFailed("Unexpected HTTP response status code " + c);
}
HttpHeaders headers = response.headers();
String upgrade = requireSingle(headers, HEADER_UPGRADE);
if (!upgrade.equalsIgnoreCase("websocket")) {
throw checkFailed("Bad response field: " + HEADER_UPGRADE);
}
String connection = requireSingle(headers, HEADER_CONNECTION);
if (!connection.equalsIgnoreCase("Upgrade")) {
throw checkFailed("Bad response field: " + HEADER_CONNECTION);
}
requireAbsent(headers, HEADER_VERSION);
requireAbsent(headers, HEADER_EXTENSIONS);
String x = this.nonce + "258EAFA5-E914-47DA-95CA-C5AB0DC85B11";
this.sha1.update(x.getBytes(StandardCharsets.ISO_8859_1));
String expected = Base64.getEncoder().encodeToString(this.sha1.digest());
String actual = requireSingle(headers, HEADER_ACCEPT);
if (!actual.trim().equals(expected)) {
throw checkFailed("Bad " + HEADER_ACCEPT);
}
String subprotocol = checkAndReturnSubprotocol(headers);
RawChannel channel = ((RawChannel.Provider) response).rawChannel();
return new Result(subprotocol, channel);
}
private String checkAndReturnSubprotocol(HttpHeaders responseHeaders)
throws CheckFailedException
{
Optional<String> opt = responseHeaders.firstValue(HEADER_PROTOCOL);
if (!opt.isPresent()) {
// If there is no such header in the response, then the server
// doesn't want to use any subprotocol
return "";
}
String s = requireSingle(responseHeaders, HEADER_PROTOCOL);
// An empty string as a subprotocol's name is not allowed by the spec
// and the check below will detect such responses too
if (this.subprotocols.contains(s)) {
return s;
} else {
throw checkFailed("Unexpected subprotocol: " + s);
}
}
private static void requireAbsent(HttpHeaders responseHeaders,
String headerName)
{
List<String> values = responseHeaders.allValues(headerName);
if (!values.isEmpty()) {
throw checkFailed(format("Response field '%s' present: %s",
headerName,
stringOf(values)));
}
}
private static String requireSingle(HttpHeaders responseHeaders,
String headerName)
throws CheckFailedException
{
List<String> values = responseHeaders.allValues(headerName);
if (values.isEmpty()) {
throw checkFailed("Response field missing: " + headerName);
} else if (values.size() > 1) {
throw checkFailed(format("Response field '%s' multivalued: %s",
headerName,
stringOf(values)));
}
return values.get(0);
}
private static String createNonce() {
byte[] bytes = new byte[16];
OpeningHandshake.srandom.nextBytes(bytes);
return Base64.getEncoder().encodeToString(bytes);
}
private static IllegalArgumentException illegal(String message) {
return new IllegalArgumentException(message);
}
private static CheckFailedException checkFailed(String message) {
throw new CheckFailedException(message);
}
}