View Javadoc
1   /*
2    * Licensed to the Apache Software Foundation (ASF) under one
3    * or more contributor license agreements.  See the NOTICE file
4    * distributed with this work for additional information
5    * regarding copyright ownership.  The ASF licenses this file
6    * to you under the Apache License, Version 2.0 (the
7    * "License"); you may not use this file except in compliance
8    * with the License.  You may obtain a copy of the License at
9    *
10   *   http://www.apache.org/licenses/LICENSE-2.0
11   *
12   * Unless required by applicable law or agreed to in writing,
13   * software distributed under the License is distributed on an
14   * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
15   * KIND, either express or implied.  See the License for the
16   * specific language governing permissions and limitations
17   * under the License.
18   */
19  package org.eclipse.aether.transport.jetty;
20  
21  import javax.net.ssl.SSLContext;
22  import javax.net.ssl.X509TrustManager;
23  
24  import java.io.IOException;
25  import java.io.InputStream;
26  import java.net.URI;
27  import java.net.URISyntaxException;
28  import java.nio.file.Files;
29  import java.nio.file.Path;
30  import java.nio.file.StandardCopyOption;
31  import java.security.cert.X509Certificate;
32  import java.util.HashMap;
33  import java.util.Map;
34  import java.util.concurrent.ExecutionException;
35  import java.util.concurrent.TimeUnit;
36  import java.util.concurrent.atomic.AtomicBoolean;
37  import java.util.concurrent.atomic.AtomicReference;
38  import java.util.function.Function;
39  import java.util.regex.Matcher;
40  
41  import org.eclipse.aether.ConfigurationProperties;
42  import org.eclipse.aether.RepositorySystemSession;
43  import org.eclipse.aether.repository.AuthenticationContext;
44  import org.eclipse.aether.repository.RemoteRepository;
45  import org.eclipse.aether.spi.connector.transport.AbstractTransporter;
46  import org.eclipse.aether.spi.connector.transport.GetTask;
47  import org.eclipse.aether.spi.connector.transport.PeekTask;
48  import org.eclipse.aether.spi.connector.transport.PutTask;
49  import org.eclipse.aether.spi.connector.transport.TransportTask;
50  import org.eclipse.aether.spi.connector.transport.http.ChecksumExtractor;
51  import org.eclipse.aether.spi.connector.transport.http.HttpTransporter;
52  import org.eclipse.aether.spi.connector.transport.http.HttpTransporterException;
53  import org.eclipse.aether.spi.io.PathProcessor;
54  import org.eclipse.aether.transfer.NoTransporterException;
55  import org.eclipse.aether.transfer.TransferCancelledException;
56  import org.eclipse.aether.util.ConfigUtils;
57  import org.eclipse.aether.util.connector.transport.http.HttpTransporterUtils;
58  import org.eclipse.jetty.client.Authentication;
59  import org.eclipse.jetty.client.BasicAuthentication;
60  import org.eclipse.jetty.client.HttpClient;
61  import org.eclipse.jetty.client.HttpProxy;
62  import org.eclipse.jetty.client.InputStreamResponseListener;
63  import org.eclipse.jetty.client.Request;
64  import org.eclipse.jetty.client.Response;
65  import org.eclipse.jetty.client.transport.HttpClientConnectionFactory;
66  import org.eclipse.jetty.client.transport.HttpClientTransportDynamic;
67  import org.eclipse.jetty.http.HttpHeader;
68  import org.eclipse.jetty.http2.client.HTTP2Client;
69  import org.eclipse.jetty.http2.client.transport.ClientConnectionFactoryOverHTTP2;
70  import org.eclipse.jetty.io.ClientConnector;
71  import org.eclipse.jetty.util.ssl.SslContextFactory;
72  
73  import static org.eclipse.aether.spi.connector.transport.http.HttpConstants.ACCEPT_ENCODING;
74  import static org.eclipse.aether.spi.connector.transport.http.HttpConstants.CONTENT_LENGTH;
75  import static org.eclipse.aether.spi.connector.transport.http.HttpConstants.CONTENT_RANGE;
76  import static org.eclipse.aether.spi.connector.transport.http.HttpConstants.CONTENT_RANGE_PATTERN;
77  import static org.eclipse.aether.spi.connector.transport.http.HttpConstants.IF_UNMODIFIED_SINCE;
78  import static org.eclipse.aether.spi.connector.transport.http.HttpConstants.LAST_MODIFIED;
79  import static org.eclipse.aether.spi.connector.transport.http.HttpConstants.MULTIPLE_CHOICES;
80  import static org.eclipse.aether.spi.connector.transport.http.HttpConstants.PRECONDITION_FAILED;
81  import static org.eclipse.aether.spi.connector.transport.http.HttpConstants.RANGE;
82  import static org.eclipse.aether.spi.connector.transport.http.HttpConstants.USER_AGENT;
83  
84  /**
85   * A transporter for HTTP/HTTPS.
86   *
87   * @since 2.0.0
88   */
89  final class JettyTransporter extends AbstractTransporter implements HttpTransporter {
90      private static final long MODIFICATION_THRESHOLD = 60L * 1000L;
91  
92      private final RepositorySystemSession session;
93  
94      private final RemoteRepository repository;
95  
96      private final ChecksumExtractor checksumExtractor;
97  
98      private final PathProcessor pathProcessor;
99  
100     private final URI baseUri;
101 
102     private final HttpClient client;
103 
104     private final int connectTimeout;
105 
106     private final int requestTimeout;
107 
108     private final Map<String, String> headers;
109 
110     private final boolean preemptiveAuth;
111 
112     private final boolean preemptivePutAuth;
113 
114     private final boolean insecure;
115 
116     private final AtomicReference<BasicAuthentication.BasicResult> basicServerAuthenticationResult;
117 
118     private final AtomicReference<BasicAuthentication.BasicResult> basicProxyAuthenticationResult;
119 
120     JettyTransporter(
121             RepositorySystemSession session,
122             RemoteRepository repository,
123             ChecksumExtractor checksumExtractor,
124             PathProcessor pathProcessor)
125             throws NoTransporterException {
126         this.session = session;
127         this.repository = repository;
128         this.checksumExtractor = checksumExtractor;
129         this.pathProcessor = pathProcessor;
130         try {
131             URI uri = new URI(repository.getUrl()).parseServerAuthority();
132             if (uri.isOpaque()) {
133                 throw new URISyntaxException(repository.getUrl(), "URL must not be opaque");
134             }
135             if (uri.getRawFragment() != null || uri.getRawQuery() != null) {
136                 throw new URISyntaxException(repository.getUrl(), "URL must not have fragment or query");
137             }
138             String path = uri.getPath();
139             if (path == null) {
140                 path = "/";
141             }
142             if (!path.startsWith("/")) {
143                 path = "/" + path;
144             }
145             if (!path.endsWith("/")) {
146                 path = path + "/";
147             }
148             this.baseUri = URI.create(uri.getScheme() + "://" + uri.getRawAuthority() + path);
149         } catch (URISyntaxException e) {
150             throw new NoTransporterException(repository, e.getMessage(), e);
151         }
152 
153         HashMap<String, String> headers = new HashMap<>();
154         String userAgent = HttpTransporterUtils.getUserAgent(session, repository);
155         if (userAgent != null) {
156             headers.put(USER_AGENT, userAgent);
157         }
158         Map<String, String> configuredHeaders = HttpTransporterUtils.getHttpHeaders(session, repository);
159         if (configuredHeaders != null) {
160             headers.putAll(configuredHeaders);
161         }
162 
163         this.headers = headers;
164 
165         this.connectTimeout = HttpTransporterUtils.getHttpRequestTimeout(session, repository);
166         this.requestTimeout = HttpTransporterUtils.getHttpRequestTimeout(session, repository);
167         this.preemptiveAuth = HttpTransporterUtils.isHttpPreemptiveAuth(session, repository);
168         this.preemptivePutAuth = HttpTransporterUtils.isHttpPreemptivePutAuth(session, repository);
169         final String httpsSecurityMode = HttpTransporterUtils.getHttpsSecurityMode(session, repository);
170         this.insecure = ConfigurationProperties.HTTPS_SECURITY_MODE_INSECURE.equals(httpsSecurityMode);
171 
172         this.basicServerAuthenticationResult = new AtomicReference<>(null);
173         this.basicProxyAuthenticationResult = new AtomicReference<>(null);
174         this.client = createClient();
175     }
176 
177     private void mayApplyPreemptiveAuth(Request request) {
178         if (basicServerAuthenticationResult.get() != null) {
179             basicServerAuthenticationResult.get().apply(request);
180         }
181         if (basicProxyAuthenticationResult.get() != null) {
182             basicProxyAuthenticationResult.get().apply(request);
183         }
184     }
185 
186     private URI resolve(TransportTask task) {
187         return baseUri.resolve(task.getLocation());
188     }
189 
190     @Override
191     protected void implPeek(PeekTask task) throws Exception {
192         Request request = client.newRequest(resolve(task)).method("HEAD");
193         request.headers(m -> headers.forEach(m::add));
194         if (preemptiveAuth) {
195             mayApplyPreemptiveAuth(request);
196         }
197         Response response = request.send();
198         if (response.getStatus() >= MULTIPLE_CHOICES) {
199             throw new HttpTransporterException(response.getStatus());
200         }
201     }
202 
203     @Override
204     protected void implGet(GetTask task) throws Exception {
205         boolean resume = task.getResumeOffset() > 0L && task.getDataPath() != null;
206         Response response;
207         InputStreamResponseListener listener;
208 
209         while (true) {
210             Request request = client.newRequest(resolve(task)).method("GET");
211             request.headers(m -> headers.forEach(m::add));
212             if (preemptiveAuth) {
213                 mayApplyPreemptiveAuth(request);
214             }
215 
216             if (resume) {
217                 long resumeOffset = task.getResumeOffset();
218                 long lastModified =
219                         Files.getLastModifiedTime(task.getDataPath()).toMillis();
220                 request.headers(h -> {
221                     h.add(RANGE, "bytes=" + resumeOffset + '-');
222                     h.addDateField(IF_UNMODIFIED_SINCE, lastModified - MODIFICATION_THRESHOLD);
223                     h.remove(HttpHeader.ACCEPT_ENCODING);
224                     h.add(ACCEPT_ENCODING, "identity");
225                 });
226             }
227 
228             listener = new InputStreamResponseListener();
229             request.send(listener);
230             try {
231                 response = listener.get(requestTimeout, TimeUnit.MILLISECONDS);
232             } catch (ExecutionException e) {
233                 Throwable t = e.getCause();
234                 if (t instanceof Exception) {
235                     throw (Exception) t;
236                 } else {
237                     throw new RuntimeException(t);
238                 }
239             }
240             if (response.getStatus() >= MULTIPLE_CHOICES) {
241                 if (resume && response.getStatus() == PRECONDITION_FAILED) {
242                     resume = false;
243                     continue;
244                 }
245                 JettyRFC9457Reporter.INSTANCE.generateException(listener, (statusCode, reasonPhrase) -> {
246                     throw new HttpTransporterException(statusCode);
247                 });
248             }
249             break;
250         }
251 
252         long offset = 0L, length = response.getHeaders().getLongField(CONTENT_LENGTH);
253         if (resume) {
254             String range = response.getHeaders().get(CONTENT_RANGE);
255             if (range != null) {
256                 Matcher m = CONTENT_RANGE_PATTERN.matcher(range);
257                 if (!m.matches()) {
258                     throw new IOException("Invalid Content-Range header for partial download: " + range);
259                 }
260                 offset = Long.parseLong(m.group(1));
261                 length = Long.parseLong(m.group(2)) + 1L;
262                 if (offset < 0L || offset >= length || (offset > 0L && offset != task.getResumeOffset())) {
263                     throw new IOException("Invalid Content-Range header for partial download from offset "
264                             + task.getResumeOffset() + ": " + range);
265                 }
266             }
267         }
268 
269         final boolean downloadResumed = offset > 0L;
270         final Path dataFile = task.getDataPath();
271         if (dataFile == null) {
272             try (InputStream is = listener.getInputStream()) {
273                 utilGet(task, is, true, length, downloadResumed);
274             }
275         } else {
276             try (PathProcessor.CollocatedTempFile tempFile = pathProcessor.newTempFile(dataFile)) {
277                 task.setDataPath(tempFile.getPath(), downloadResumed);
278                 if (downloadResumed && Files.isRegularFile(dataFile)) {
279                     try (InputStream inputStream = Files.newInputStream(dataFile)) {
280                         Files.copy(inputStream, tempFile.getPath(), StandardCopyOption.REPLACE_EXISTING);
281                     }
282                 }
283                 try (InputStream is = listener.getInputStream()) {
284                     utilGet(task, is, true, length, downloadResumed);
285                 }
286                 tempFile.move();
287             } finally {
288                 task.setDataPath(dataFile);
289             }
290         }
291         if (task.getDataPath() != null && response.getHeaders().getDateField(LAST_MODIFIED) != -1) {
292             long lastModified =
293                     response.getHeaders().getDateField(LAST_MODIFIED); // note: Wagon also does first not last
294             if (lastModified != -1) {
295                 pathProcessor.setLastModified(task.getDataPath(), lastModified);
296             }
297         }
298         Map<String, String> checksums = checksumExtractor.extractChecksums(headerGetter(response));
299         if (checksums != null && !checksums.isEmpty()) {
300             checksums.forEach(task::setChecksum);
301         }
302     }
303 
304     private static Function<String, String> headerGetter(Response response) {
305         return s -> response.getHeaders().get(s);
306     }
307 
308     @Override
309     protected void implPut(PutTask task) throws Exception {
310         Request request = client.newRequest(resolve(task)).method("PUT");
311         request.headers(m -> headers.forEach(m::add));
312         if (preemptiveAuth || preemptivePutAuth) {
313             mayApplyPreemptiveAuth(request);
314         }
315         request.body(PutTaskRequestContent.from(task));
316         AtomicBoolean started = new AtomicBoolean(false);
317         Response response;
318         try {
319             response = request.onRequestCommit(r -> {
320                         if (task.getDataLength() == 0) {
321                             if (started.compareAndSet(false, true)) {
322                                 try {
323                                     task.getListener().transportStarted(0, task.getDataLength());
324                                 } catch (TransferCancelledException e) {
325                                     r.abort(e);
326                                 }
327                             }
328                         }
329                     })
330                     .onRequestContent((r, b) -> {
331                         if (started.compareAndSet(false, true)) {
332                             try {
333                                 task.getListener().transportStarted(0, task.getDataLength());
334                             } catch (TransferCancelledException e) {
335                                 r.abort(e);
336                                 return;
337                             }
338                         }
339                         try {
340                             task.getListener().transportProgressed(b);
341                         } catch (TransferCancelledException e) {
342                             r.abort(e);
343                         }
344                     })
345                     .send();
346         } catch (ExecutionException e) {
347             Throwable t = e.getCause();
348             if (t instanceof IOException ioex) {
349                 if (ioex.getCause() instanceof TransferCancelledException) {
350                     throw (TransferCancelledException) ioex.getCause();
351                 } else {
352                     throw ioex;
353                 }
354             } else if (t instanceof Exception) {
355                 throw (Exception) t;
356             } else {
357                 throw new RuntimeException(t);
358             }
359         }
360         if (response.getStatus() >= MULTIPLE_CHOICES) {
361             throw new HttpTransporterException(response.getStatus());
362         }
363     }
364 
365     @Override
366     protected void implClose() {
367         try {
368             this.client.stop();
369         } catch (Exception e) {
370             throw new RuntimeException(e);
371         }
372     }
373 
374     @SuppressWarnings("checkstyle:methodlength")
375     private HttpClient createClient() throws RuntimeException {
376         BasicAuthentication.BasicResult serverAuth = null;
377         BasicAuthentication.BasicResult proxyAuth = null;
378         SSLContext sslContext = null;
379         BasicAuthentication basicAuthentication = null;
380         try (AuthenticationContext repoAuthContext = AuthenticationContext.forRepository(session, repository)) {
381             if (repoAuthContext != null) {
382                 sslContext = repoAuthContext.get(AuthenticationContext.SSL_CONTEXT, SSLContext.class);
383 
384                 String username = repoAuthContext.get(AuthenticationContext.USERNAME);
385                 String password = repoAuthContext.get(AuthenticationContext.PASSWORD);
386 
387                 URI uri = URI.create(repository.getUrl());
388                 basicAuthentication = new BasicAuthentication(uri, Authentication.ANY_REALM, username, password);
389                 if (preemptiveAuth || preemptivePutAuth) {
390                     serverAuth = new BasicAuthentication.BasicResult(uri, HttpHeader.AUTHORIZATION, username, password);
391                 }
392             }
393         }
394 
395         if (sslContext == null) {
396             try {
397                 if (insecure) {
398                     sslContext = SSLContext.getInstance("TLS");
399                     X509TrustManager tm = new X509TrustManager() {
400                         @Override
401                         public void checkClientTrusted(X509Certificate[] chain, String authType) {}
402 
403                         @Override
404                         public void checkServerTrusted(X509Certificate[] chain, String authType) {}
405 
406                         @Override
407                         public X509Certificate[] getAcceptedIssuers() {
408                             return new X509Certificate[0];
409                         }
410                     };
411                     sslContext.init(null, new X509TrustManager[] {tm}, null);
412                 } else {
413                     sslContext = SSLContext.getDefault();
414                 }
415             } catch (Exception e) {
416                 if (e instanceof RuntimeException) {
417                     throw (RuntimeException) e;
418                 } else {
419                     throw new IllegalStateException("SSL Context setup failure", e);
420                 }
421             }
422         }
423 
424         SslContextFactory.Client sslContextFactory = new SslContextFactory.Client();
425         sslContextFactory.setSslContext(sslContext);
426         if (insecure) {
427             sslContextFactory.setEndpointIdentificationAlgorithm(null);
428             sslContextFactory.setHostnameVerifier((name, context) -> true);
429         }
430 
431         ClientConnector clientConnector = new ClientConnector();
432         clientConnector.setSslContextFactory(sslContextFactory);
433 
434         HTTP2Client http2Client = new HTTP2Client(clientConnector);
435         ClientConnectionFactoryOverHTTP2.HTTP2 http2 = new ClientConnectionFactoryOverHTTP2.HTTP2(http2Client);
436 
437         HttpClientTransportDynamic transport;
438         if ("https".equalsIgnoreCase(repository.getProtocol())) {
439             transport = new HttpClientTransportDynamic(
440                     clientConnector, http2, HttpClientConnectionFactory.HTTP11); // HTTPS, prefer H2
441         } else {
442             transport = new HttpClientTransportDynamic(
443                     clientConnector, HttpClientConnectionFactory.HTTP11, http2); // plaintext HTTP, H2 cannot be used
444         }
445 
446         HttpClient httpClient = new HttpClient(transport);
447         httpClient.setConnectTimeout(connectTimeout);
448         httpClient.setIdleTimeout(requestTimeout);
449         httpClient.setFollowRedirects(ConfigUtils.getBoolean(
450                 session,
451                 JettyTransporterConfigurationKeys.DEFAULT_FOLLOW_REDIRECTS,
452                 JettyTransporterConfigurationKeys.CONFIG_PROP_FOLLOW_REDIRECTS));
453         httpClient.setMaxRedirects(ConfigUtils.getInteger(
454                 session,
455                 JettyTransporterConfigurationKeys.DEFAULT_MAX_REDIRECTS,
456                 JettyTransporterConfigurationKeys.CONFIG_PROP_MAX_REDIRECTS));
457 
458         httpClient.setUserAgentField(null); // we manage it
459 
460         if (basicAuthentication != null) {
461             httpClient.getAuthenticationStore().addAuthentication(basicAuthentication);
462         }
463 
464         if (repository.getProxy() != null) {
465             HttpProxy proxy = new HttpProxy(
466                     repository.getProxy().getHost(), repository.getProxy().getPort());
467 
468             httpClient.getProxyConfiguration().addProxy(proxy);
469             try (AuthenticationContext proxyAuthContext = AuthenticationContext.forProxy(session, repository)) {
470                 if (proxyAuthContext != null) {
471                     String username = proxyAuthContext.get(AuthenticationContext.USERNAME);
472                     String password = proxyAuthContext.get(AuthenticationContext.PASSWORD);
473 
474                     BasicAuthentication proxyAuthentication =
475                             new BasicAuthentication(proxy.getURI(), Authentication.ANY_REALM, username, password);
476 
477                     httpClient.getAuthenticationStore().addAuthentication(proxyAuthentication);
478                     if (preemptiveAuth || preemptivePutAuth) {
479                         proxyAuth = new BasicAuthentication.BasicResult(
480                                 proxy.getURI(), HttpHeader.PROXY_AUTHORIZATION, username, password);
481                     }
482                 }
483             }
484         }
485         if (serverAuth != null) {
486             this.basicServerAuthenticationResult.set(serverAuth);
487         }
488         if (proxyAuth != null) {
489             this.basicProxyAuthenticationResult.set(proxyAuth);
490         }
491 
492         try {
493             httpClient.start();
494             return httpClient;
495         } catch (Exception e) {
496             if (e instanceof RuntimeException) {
497                 throw (RuntimeException) e;
498             } else {
499                 throw new IllegalStateException("Jetty client start failure", e);
500             }
501         }
502     }
503 }