1 /*
  2  * Copyright (c) 2018, 2023, Oracle and/or its affiliates. All rights reserved.
  3  * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
  4  *
  5  * This code is free software; you can redistribute it and/or modify it
  6  * under the terms of the GNU General Public License version 2 only, as
  7  * published by the Free Software Foundation.
  8  *
  9  * This code is distributed in the hope that it will be useful, but WITHOUT
 10  * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
 11  * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
 12  * version 2 for more details (a copy is included in the LICENSE file that
 13  * accompanied this code).
 14  *
 15  * You should have received a copy of the GNU General Public License version
 16  * 2 along with this work; if not, write to the Free Software Foundation,
 17  * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
 18  *
 19  * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
 20  * or visit www.oracle.com if you need additional information or have any
 21  * questions.
 22  */
 23 
 24 import com.sun.net.httpserver.HttpExchange;
 25 import com.sun.net.httpserver.HttpHandler;
 26 import com.sun.net.httpserver.HttpServer;
 27 import com.sun.net.httpserver.HttpsServer;
 28 import java.io.IOException;
 29 import java.io.InputStream;
 30 import java.io.OutputStream;
 31 import java.io.UncheckedIOException;
 32 import java.lang.ref.ReferenceQueue;
 33 import java.lang.ref.WeakReference;
 34 import java.net.InetAddress;
 35 import java.net.InetSocketAddress;
 36 import java.net.URI;
 37 import java.net.http.HttpClient;
 38 import java.net.http.HttpHeaders;
 39 import java.net.http.HttpRequest;
 40 import java.net.http.HttpRequest.BodyPublishers;
 41 import java.net.http.HttpResponse;
 42 import java.net.http.HttpResponse.BodyHandler;
 43 import java.nio.file.Files;
 44 import java.nio.file.Path;
 45 import java.nio.file.Paths;
 46 import java.util.ArrayList;
 47 import java.util.Arrays;
 48 import java.util.List;
 49 import java.util.Locale;
 50 import java.util.Map;
 51 import javax.net.ssl.SSLContext;
 52 import jdk.test.lib.net.SimpleSSLContext;
 53 import jdk.test.lib.util.FileUtils;
 54 import jdk.httpclient.test.lib.common.HttpServerAdapters;
 55 import jdk.httpclient.test.lib.common.TestServerConfigurator;
 56 import jdk.httpclient.test.lib.http2.Http2TestServer;
 57 import jdk.httpclient.test.lib.http2.Http2TestExchange;
 58 import jdk.httpclient.test.lib.http2.Http2Handler;
 59 import org.testng.annotations.AfterTest;
 60 import org.testng.annotations.BeforeTest;
 61 import org.testng.annotations.DataProvider;
 62 import org.testng.annotations.Test;
 63 import static java.lang.System.out;
 64 import static java.net.http.HttpResponse.BodyHandlers.ofFileDownload;
 65 import static java.nio.charset.StandardCharsets.UTF_8;
 66 import static java.nio.file.StandardOpenOption.*;
 67 import static org.testng.Assert.assertEquals;
 68 import static org.testng.Assert.assertTrue;
 69 import static org.testng.Assert.fail;
 70 
 71 /*
 72  * @test
 73  * @summary Basic test for ofFileDownload
 74  * @bug 8196965 8302475
 75  * @library /test/lib /test/jdk/java/net/httpclient/lib
 76  * @build jdk.httpclient.test.lib.http2.Http2TestServer jdk.test.lib.net.SimpleSSLContext
 77  *        jdk.test.lib.Platform jdk.test.lib.util.FileUtils
 78  *        jdk.httpclient.test.lib.common.TestServerConfigurator
 79  * @run testng/othervm AsFileDownloadTest
 80  * @run testng/othervm/java.security.policy=AsFileDownloadTest.policy AsFileDownloadTest
 81  */
 82 public class AsFileDownloadTest {
 83 
 84     SSLContext sslContext;
 85     HttpServer httpTestServer;         // HTTP/1.1    [ 4 servers ]
 86     HttpsServer httpsTestServer;       // HTTPS/1.1
 87     Http2TestServer http2TestServer;   // HTTP/2 ( h2c )
 88     Http2TestServer https2TestServer;  // HTTP/2 ( h2  )
 89     String httpURI;
 90     String httpsURI;
 91     String http2URI;
 92     String https2URI;
 93     final ReferenceTracker TRACKER = ReferenceTracker.INSTANCE;
 94 
 95     Path tempDir;
 96 
 97     static final String[][] contentDispositionValues = new String[][] {
 98           // URI query     Content-Type header value         Expected filename
 99             { "001", "Attachment; filename=example001.html", "example001.html" },
100             { "002", "attachment; filename=example002.html", "example002.html" },
101             { "003", "ATTACHMENT; filename=example003.html", "example003.html" },
102             { "004", "attAChment; filename=example004.html", "example004.html" },
103             { "005", "attachmeNt; filename=example005.html", "example005.html" },
104 
105             { "006", "attachment; Filename=example006.html", "example006.html" },
106             { "007", "attachment; FILENAME=example007.html", "example007.html" },
107             { "008", "attachment; fileName=example008.html", "example008.html" },
108             { "009", "attachment; fIlEnAMe=example009.html", "example009.html" },
109 
110             { "010", "attachment; filename=Example010.html", "Example010.html" },
111             { "011", "attachment; filename=EXAMPLE011.html", "EXAMPLE011.html" },
112             { "012", "attachment; filename=eXample012.html", "eXample012.html" },
113             { "013", "attachment; filename=example013.HTML", "example013.HTML" },
114             { "014", "attachment; filename  =eXaMpLe014.HtMl", "eXaMpLe014.HtMl"},
115 
116             { "015", "attachment; filename=a",               "a"               },
117             { "016", "attachment; filename= b",              "b"               },
118             { "017", "attachment; filename=  c",             "c"               },
119             { "018", "attachment; filename=    d",           "d"               },
120             { "019", "attachment; filename=e  ; filename*=utf-8''eee.txt",  "e"},
121             { "020", "attachment; filename*=utf-8''fff.txt; filename=f",    "f"},
122             { "021", "attachment;  filename=g",              "g"               },
123             { "022", "attachment;   filename= h",            "h"               },
124 
125             { "023", "attachment; filename=\"space name\"",                       "space name" },
126             { "024", "attachment; filename=me.txt; filename*=utf-8''you.txt",     "me.txt"     },
127             { "025", "attachment; filename=\"m y.txt\"; filename*=utf-8''you.txt", "m y.txt"   },
128 
129             { "030", "attachment; filename=\"foo/file1.txt\"",        "file1.txt" },
130             { "031", "attachment; filename=\"foo/bar/file2.txt\"",    "file2.txt" },
131             { "032", "attachment; filename=\"baz\\\\file3.txt\"",       "file3.txt" },
132             { "033", "attachment; filename=\"baz\\\\bar\\\\file4.txt\"",  "file4.txt" },
133             { "034", "attachment; filename=\"x/y\\\\file5.txt\"",       "file5.txt" },
134             { "035", "attachment; filename=\"x/y\\\\file6.txt\"",       "file6.txt" },
135             { "036", "attachment; filename=\"x/y\\\\z/file7.txt\"",     "file7.txt" },
136             { "037", "attachment; filename=\"x/y\\\\z/\\\\x/file8.txt\"", "file8.txt" },
137             { "038", "attachment; filename=\"/root/file9.txt\"",      "file9.txt" },
138             { "039", "attachment; filename=\"../file10.txt\"",        "file10.txt" },
139             { "040", "attachment; filename=\"..\\\\file11.txt\"",       "file11.txt" },
140             { "041", "attachment; filename=\"foo/../../file12.txt\"", "file12.txt" },
141     };
142 
143     @DataProvider(name = "positive")
144     public Object[][] positive() {
145         List<Object[]> list = new ArrayList<>();
146 
147         Arrays.asList(contentDispositionValues).stream()
148                 .map(e -> new Object[] {httpURI +  "?" + e[0], e[1], e[2]})
149                 .forEach(list::add);
150         Arrays.asList(contentDispositionValues).stream()
151                 .map(e -> new Object[] {httpsURI +  "?" + e[0], e[1], e[2]})
152                 .forEach(list::add);
153         Arrays.asList(contentDispositionValues).stream()
154                 .map(e -> new Object[] {http2URI +  "?" + e[0], e[1], e[2]})
155                 .forEach(list::add);
156         Arrays.asList(contentDispositionValues).stream()
157                 .map(e -> new Object[] {https2URI +  "?" + e[0], e[1], e[2]})
158                 .forEach(list::add);
159 
160         return list.stream().toArray(Object[][]::new);
161     }
162 
163     @Test(dataProvider = "positive")
164     void test(String uriString, String contentDispositionValue, String expectedFilename)
165         throws Exception
166     {
167         out.printf("test(%s, %s, %s): starting", uriString, contentDispositionValue, expectedFilename);
168         HttpClient client = HttpClient.newBuilder().sslContext(sslContext).build();
169         TRACKER.track(client);
170         ReferenceQueue<HttpClient> queue = new ReferenceQueue<>();
171         WeakReference<HttpClient> ref = new WeakReference<>(client, queue);
172         try {
173             URI uri = URI.create(uriString);
174             HttpRequest request = HttpRequest.newBuilder(uri)
175                     .POST(BodyPublishers.ofString("May the luck of the Irish be with you!"))
176                     .build();
177 
178             BodyHandler bh = ofFileDownload(tempDir.resolve(uri.getPath().substring(1)),
179                     CREATE, TRUNCATE_EXISTING, WRITE);
180             HttpResponse<Path> response = client.send(request, bh);
181             Path body = response.body();
182             out.println("Got response: " + response);
183             out.println("Got body Path: " + body);
184             String fileContents = new String(Files.readAllBytes(response.body()), UTF_8);
185             out.println("Got body: " + fileContents);
186 
187             assertEquals(response.statusCode(), 200);
188             assertEquals(body.getFileName().toString(), expectedFilename);
189             assertTrue(response.headers().firstValue("Content-Disposition").isPresent());
190             assertEquals(response.headers().firstValue("Content-Disposition").get(),
191                     contentDispositionValue);
192             assertEquals(fileContents, "May the luck of the Irish be with you!");
193 
194             if (!body.toAbsolutePath().startsWith(tempDir.toAbsolutePath())) {
195                 System.out.println("Tempdir = " + tempDir.toAbsolutePath());
196                 System.out.println("body = " + body.toAbsolutePath());
197                 throw new AssertionError("body in wrong location");
198             }
199             // additional checks unrelated to file download
200             caseInsensitivityOfHeaders(request.headers());
201             caseInsensitivityOfHeaders(response.headers());
202         } finally {
203             client = null;
204             System.gc();
205             while (!ref.refersTo(null)) {
206                 System.gc();
207                 if (queue.remove(100) == ref) break;
208             }
209             AssertionError failed = TRACKER.checkShutdown(1000);
210             if (failed != null) throw failed;
211         }
212     }
213 
214     // --- Negative
215 
216     static final String[][] contentDispositionBADValues = new String[][] {
217             // URI query     Content-Type header value
218             { "100", ""                                    },  // empty
219             { "101", "filename=example.html"               },  // no attachment
220             { "102", "attachment; filename=space name"     },  // unquoted with space
221             { "103", "attachment; filename="               },  // empty filename param
222             { "104", "attachment; filename=\""             },  // single quote
223             { "105", "attachment; filename=\"\""           },  // empty quoted
224             { "106", "attachment; filename=."              },  // dot
225             { "107", "attachment; filename=.."             },  // dot dot
226             { "108", "attachment; filename=\".."           },  // badly quoted dot dot
227             { "109", "attachment; filename=\"..\""         },  // quoted dot dot
228             { "110", "attachment; filename=\"bad"          },  // badly quoted
229             { "111", "attachment; filename=\"bad;"         },  // badly quoted with ';'
230             { "112", "attachment; filename=\"bad ;"        },  // badly quoted with ' ;'
231             { "113", "attachment; filename*=utf-8''xx.txt "},  // no "filename" param
232 
233             { "120", "<<NOT_PRESENT>>"                     },  // header not present
234 
235     };
236 
237     @DataProvider(name = "negative")
238     public Object[][] negative() {
239         List<Object[]> list = new ArrayList<>();
240 
241         Arrays.asList(contentDispositionBADValues).stream()
242                 .map(e -> new Object[] {httpURI +  "?" + e[0], e[1]})
243                 .forEach(list::add);
244         Arrays.asList(contentDispositionBADValues).stream()
245                 .map(e -> new Object[] {httpsURI +  "?" + e[0], e[1]})
246                 .forEach(list::add);
247         Arrays.asList(contentDispositionBADValues).stream()
248                 .map(e -> new Object[] {http2URI +  "?" + e[0], e[1]})
249                 .forEach(list::add);
250         Arrays.asList(contentDispositionBADValues).stream()
251                 .map(e -> new Object[] {https2URI +  "?" + e[0], e[1]})
252                 .forEach(list::add);
253 
254         return list.stream().toArray(Object[][]::new);
255     }
256 
257     @Test(dataProvider = "negative")
258     void negativeTest(String uriString, String contentDispositionValue)
259             throws Exception
260     {
261         out.printf("negativeTest(%s, %s): starting", uriString, contentDispositionValue);
262         HttpClient client = HttpClient.newBuilder().sslContext(sslContext).build();
263         TRACKER.track(client);
264         ReferenceQueue<HttpClient> queue = new ReferenceQueue<>();
265         WeakReference<HttpClient> ref = new WeakReference<>(client, queue);
266 
267         try {
268             URI uri = URI.create(uriString);
269             HttpRequest request = HttpRequest.newBuilder(uri)
270                     .POST(BodyPublishers.ofString("Does not matter"))
271                     .build();
272 
273             BodyHandler bh = ofFileDownload(tempDir, CREATE, TRUNCATE_EXISTING, WRITE);
274             try {
275                 HttpResponse<Path> response = client.send(request, bh);
276                 fail("UNEXPECTED response: " + response + ", path:" + response.body());
277             } catch (UncheckedIOException | IOException ioe) {
278                 System.out.println("Caught expected: " + ioe);
279             }
280         } finally {
281             client = null;
282             System.gc();
283             while (!ref.refersTo(null)) {
284                 System.gc();
285                 if (queue.remove(100) == ref) break;
286             }
287             AssertionError failed = TRACKER.checkShutdown(1000);
288             if (failed != null) throw failed;
289         }
290     }
291 
292     // -- Infrastructure
293 
294     static String serverAuthority(HttpServer server) {
295         final String hostIP = InetAddress.getLoopbackAddress().getHostAddress();
296         // escape for ipv6
297         final String h = hostIP.contains(":") ? "[" + hostIP + "]" : hostIP;
298         return h + ":" + server.getAddress().getPort();
299     }
300 
301     @BeforeTest
302     public void setup() throws Exception {
303         tempDir = Paths.get("asFileDownloadTest.tmp.dir");
304         if (Files.exists(tempDir))
305             throw new AssertionError("Unexpected test work dir existence: " + tempDir.toString());
306 
307         Files.createDirectory(tempDir);
308         // Unique dirs per test run, based on the URI path
309         Files.createDirectories(tempDir.resolve("http1/afdt/"));
310         Files.createDirectories(tempDir.resolve("https1/afdt/"));
311         Files.createDirectories(tempDir.resolve("http2/afdt/"));
312         Files.createDirectories(tempDir.resolve("https2/afdt/"));
313 
314         // HTTP/1.1 server logging in case of security exceptions ( uncomment if needed )
315         //Logger logger = Logger.getLogger("com.sun.net.httpserver");
316         //ConsoleHandler ch = new ConsoleHandler();
317         //logger.setLevel(Level.ALL);
318         //ch.setLevel(Level.ALL);
319         //logger.addHandler(ch);
320 
321         sslContext = new SimpleSSLContext().get();
322         if (sslContext == null)
323             throw new AssertionError("Unexpected null sslContext");
324 
325         InetSocketAddress sa = new InetSocketAddress(InetAddress.getLoopbackAddress(), 0);
326         httpTestServer = HttpServer.create(sa, 0);
327         httpTestServer.createContext("/http1/afdt", new Http1FileDispoHandler());
328         httpURI = "http://" + serverAuthority(httpTestServer) + "/http1/afdt";
329 
330         httpsTestServer = HttpsServer.create(sa, 0);
331         httpsTestServer.setHttpsConfigurator(new TestServerConfigurator(sa.getAddress(), sslContext));
332         httpsTestServer.createContext("/https1/afdt", new Http1FileDispoHandler());
333         httpsURI = "https://" + serverAuthority(httpsTestServer) + "/https1/afdt";
334 
335         http2TestServer = new Http2TestServer("localhost", false, 0);
336         http2TestServer.addHandler(new Http2FileDispoHandler(), "/http2/afdt");
337         http2URI = "http://" + http2TestServer.serverAuthority() + "/http2/afdt";
338 
339         https2TestServer = new Http2TestServer("localhost", true, sslContext);
340         https2TestServer.addHandler(new Http2FileDispoHandler(), "/https2/afdt");
341         https2URI = "https://" + https2TestServer.serverAuthority() + "/https2/afdt";
342 
343         httpTestServer.start();
344         httpsTestServer.start();
345         http2TestServer.start();
346         https2TestServer.start();
347     }
348 
349     @AfterTest
350     public void teardown() throws Exception {
351         httpTestServer.stop(0);
352         httpsTestServer.stop(0);
353         http2TestServer.stop();
354         https2TestServer.stop();
355 
356         if (System.getSecurityManager() == null && Files.exists(tempDir)) {
357             // clean up before next run with security manager
358             FileUtils.deleteFileTreeWithRetry(tempDir);
359         }
360     }
361 
362     static String contentDispositionValueFromURI(URI uri) {
363         String queryIndex = uri.getQuery();
364         String[][] values;
365         if (queryIndex.startsWith("0"))  // positive tests start with '0'
366             values = contentDispositionValues;
367         else if (queryIndex.startsWith("1"))  // negative tests start with '1'
368             values = contentDispositionBADValues;
369         else
370             throw new AssertionError("SERVER: UNEXPECTED query:" + queryIndex);
371 
372         return Arrays.asList(values).stream()
373                 .filter(e -> e[0].equals(queryIndex))
374                 .map(e -> e[1])
375                 .findFirst()
376                 .orElseThrow();
377     }
378 
379     static class Http1FileDispoHandler implements HttpHandler {
380         @Override
381         public void handle(HttpExchange t) throws IOException {
382             try (InputStream is = t.getRequestBody();
383                  OutputStream os = t.getResponseBody()) {
384                 byte[] bytes = is.readAllBytes();
385 
386                 String value = contentDispositionValueFromURI(t.getRequestURI());
387                 if (!value.equals("<<NOT_PRESENT>>"))
388                     t.getResponseHeaders().set("Content-Disposition", value);
389 
390                 t.sendResponseHeaders(200, bytes.length);
391                 os.write(bytes);
392             }
393         }
394     }
395 
396     static class Http2FileDispoHandler implements Http2Handler {
397         @Override
398         public void handle(Http2TestExchange t) throws IOException {
399             try (InputStream is = t.getRequestBody();
400                  OutputStream os = t.getResponseBody()) {
401                 byte[] bytes = is.readAllBytes();
402 
403                 String value = contentDispositionValueFromURI(t.getRequestURI());
404                 if (!value.equals("<<NOT_PRESENT>>"))
405                     t.getResponseHeaders().addHeader("Content-Disposition", value);
406 
407                 t.sendResponseHeaders(200, bytes.length);
408                 os.write(bytes);
409             }
410         }
411     }
412 
413     // ---
414 
415     // Asserts case-insensitivity of headers (nothing to do with file
416     // download, just convenient as we have a couple of header instances. )
417     static void caseInsensitivityOfHeaders(HttpHeaders headers) {
418         try {
419             for (Map.Entry<String, List<String>> entry : headers.map().entrySet()) {
420                 String headerName = entry.getKey();
421                 List<String> headerValue = entry.getValue();
422 
423                 for (String name : List.of(headerName.toUpperCase(Locale.ROOT),
424                                            headerName.toLowerCase(Locale.ROOT))) {
425                     assertTrue(headers.firstValue(name).isPresent());
426                     assertEquals(headers.firstValue(name).get(), headerValue.get(0));
427                     assertEquals(headers.allValues(name).size(), headerValue.size());
428                     assertEquals(headers.allValues(name), headerValue);
429                     assertEquals(headers.map().get(name).size(), headerValue.size());
430                     assertEquals(headers.map().get(name), headerValue);
431                 }
432             }
433         } catch (Throwable t) {
434             System.out.println("failure in caseInsensitivityOfHeaders with:" + headers);
435             throw t;
436         }
437     }
438 }