8361060: Keep track of the origin server against which a jdk.internal.net.http.HttpConnection was constructed

Reviewed-by: dfuchs

Author: jaikiran

src/java.net.http/share/classes/jdk/internal/net/http/AbstractAsyncSSLConnection.java

@@ -41,7 +41,7 @@
 import jdk.internal.net.http.common.SSLTube;
 import jdk.internal.net.http.common.Log;
 import jdk.internal.net.http.common.Utils;
-import static jdk.internal.net.http.common.Utils.ServerName;
+import sun.net.util.IPAddressUtil;
 
 /**
  * Asynchronous version of SSLConnection.
@@ -63,6 +63,10 @@
  */
 abstract class AbstractAsyncSSLConnection extends HttpConnection
 {
+
+    private record ServerName(String name, boolean isLiteral) {
+    }
+
     protected final SSLEngine engine;
     protected final SSLParameters sslParameters;
     private final List<SNIServerName> sniServerNames;
@@ -71,17 +75,19 @@ abstract class AbstractAsyncSSLConnection extends HttpConnection
     private static final boolean disableHostnameVerification
             = Utils.isHostnameVerificationDisabled();
 
-    AbstractAsyncSSLConnection(InetSocketAddress addr,
+    AbstractAsyncSSLConnection(Origin originServer,
+                               InetSocketAddress addr,
                                HttpClientImpl client,
-                               ServerName serverName, int port,
                                String[] alpn,
                                String label) {
-        super(addr, client, label);
+        super(originServer, addr, client, label);
+        assert originServer != null : "origin server is null";
+        final ServerName serverName = getServerName(originServer);
         this.sniServerNames = formSNIServerNames(serverName, client);
         SSLContext context = client.theSSLContext();
         sslParameters = createSSLParameters(client, this.sniServerNames, alpn);
         Log.logParams(sslParameters);
-        engine = createEngine(context, serverName.name(), port, sslParameters);
+        engine = createEngine(context, serverName.name(), originServer.port(), sslParameters);
     }
 
     abstract SSLTube getConnectionFlow();
@@ -187,6 +193,23 @@ private static SSLEngine createEngine(SSLContext context, String peerHost, int p
         return engine;
     }
 
+    /**
+     * Analyse the given {@linkplain Origin origin server} and determine
+     * if the origin server's host is a literal or not, returning the server's
+     * address in String form.
+     */
+    private static ServerName getServerName(final Origin originServer) {
+        final String host = originServer.host();
+        byte[] literal = IPAddressUtil.textToNumericFormatV4(host);
+        if (literal == null) {
+            // not IPv4 literal. Check IPv6
+            literal = IPAddressUtil.textToNumericFormatV6(host);
+            return new ServerName(host, literal != null);
+        } else {
+            return new ServerName(host, true);
+        }
+    }
+
     @Override
     final boolean isSecure() {
         return true;

src/java.net.http/share/classes/jdk/internal/net/http/AsyncSSLConnection.java

@@ -42,12 +42,13 @@ class AsyncSSLConnection extends AbstractAsyncSSLConnection {
     final PlainHttpPublisher writePublisher;
     private volatile SSLTube flow;
 
-    AsyncSSLConnection(InetSocketAddress addr,
+    AsyncSSLConnection(Origin originServer,
+                       InetSocketAddress addr,
                        HttpClientImpl client,
                        String[] alpn,
                        String label) {
-        super(addr, client, Utils.getServerName(addr), addr.getPort(), alpn, label);
-        plainConnection = new PlainHttpConnection(addr, client, label);
+        super(originServer, addr, client, alpn, label);
+        plainConnection = new PlainHttpConnection(originServer, addr, client, label);
         writePublisher = new PlainHttpPublisher();
     }
 

src/java.net.http/share/classes/jdk/internal/net/http/AsyncSSLTunnelConnection.java

@@ -43,15 +43,17 @@ class AsyncSSLTunnelConnection extends AbstractAsyncSSLConnection {
     final PlainHttpPublisher writePublisher;
     volatile SSLTube flow;
 
-    AsyncSSLTunnelConnection(InetSocketAddress addr,
+    AsyncSSLTunnelConnection(Origin originServer,
+                             InetSocketAddress addr,
                              HttpClientImpl client,
                              String[] alpn,
                              InetSocketAddress proxy,
                              ProxyHeaders proxyHeaders,
                              String label)
     {
-        super(addr, client, Utils.getServerName(addr), addr.getPort(), alpn, label);
-        this.plainConnection = new PlainTunnelingConnection(addr, proxy, client, proxyHeaders, label);
+        super(originServer, addr, client, alpn, label);
+        this.plainConnection = new PlainTunnelingConnection(originServer, addr, proxy, client,
+                proxyHeaders, label);
         this.writePublisher = new PlainHttpPublisher();
     }
 

src/java.net.http/share/classes/jdk/internal/net/http/HttpConnection.java

@@ -100,7 +100,11 @@ abstract class HttpConnection implements Closeable {
      */
     private final String label;
 
-    HttpConnection(InetSocketAddress address, HttpClientImpl client, String label) {
+    private final Origin originServer;
+
+    HttpConnection(Origin originServer, InetSocketAddress address, HttpClientImpl client,
+                   String label) {
+        this.originServer = originServer;
         this.address = address;
         this.client = client;
         trailingOperations = new TrailingOperations();
@@ -244,6 +248,14 @@ final boolean checkOpen() {
         return false;
     }
 
+    /**
+     * {@return the {@link Origin} server against which this connection communicates.
+     * Returns {@code null} if the connection is a plain connection to a proxy}
+     */
+    final Origin getOriginServer() {
+        return this.originServer;
+    }
+
     interface HttpPublisher extends FlowTube.TubePublisher {
         void enqueue(List<ByteBuffer> buffers) throws IOException;
         void enqueueUnordered(List<ByteBuffer> buffers) throws IOException;
@@ -334,13 +346,20 @@ private static HttpConnection getSSLConnection(InetSocketAddress addr,
                                                    String[] alpn,
                                                    HttpRequestImpl request,
                                                    HttpClientImpl client) {
-        String label = nextLabel();
+        final String label = nextLabel();
+        final Origin originServer;
+        try {
+            originServer = Origin.from(request.uri());
+        } catch (IllegalArgumentException iae) {
+            // should never happen
+            throw new AssertionError("failed to determine origin server from request URI", iae);
+        }
         if (proxy != null)
-            return new AsyncSSLTunnelConnection(addr, client, alpn, proxy,
+            return new AsyncSSLTunnelConnection(originServer, addr, client, alpn, proxy,
                                                 proxyTunnelHeaders(request),
                                                 label);
         else
-            return new AsyncSSLConnection(addr, client, alpn, label);
+            return new AsyncSSLConnection(originServer, addr, client, alpn, label);
     }
 
     /**
@@ -414,14 +433,21 @@ private static HttpConnection getPlainConnection(InetSocketAddress addr,
                                                      InetSocketAddress proxy,
                                                      HttpRequestImpl request,
                                                      HttpClientImpl client) {
-        String label = nextLabel();
+        final String label = nextLabel();
+        final Origin originServer;
+        try {
+            originServer = Origin.from(request.uri());
+        } catch (IllegalArgumentException iae) {
+            // should never happen
+            throw new AssertionError("failed to determine origin server from request URI", iae);
+        }
         if (request.isWebSocket() && proxy != null)
-            return new PlainTunnelingConnection(addr, proxy, client,
+            return new PlainTunnelingConnection(originServer, addr, proxy, client,
                                                 proxyTunnelHeaders(request),
                                                 label);
 
         if (proxy == null)
-            return new PlainHttpConnection(addr, client, label);
+            return new PlainHttpConnection(originServer, addr, client, label);
         else
             return new PlainProxyConnection(proxy, client, label);
     }

src/java.net.http/share/classes/jdk/internal/net/http/Origin.java

@@ -0,0 +1,146 @@
+/*
+ * Copyright (c) 2025, Oracle and/or its affiliates. All rights reserved.
+ * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
+ *
+ * This code is free software; you can redistribute it and/or modify it
+ * under the terms of the GNU General Public License version 2 only, as
+ * published by the Free Software Foundation.  Oracle designates this
+ * particular file as subject to the "Classpath" exception as provided
+ * by Oracle in the LICENSE file that accompanied this code.
+ *
+ * This code is distributed in the hope that it will be useful, but WITHOUT
+ * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
+ * FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
+ * version 2 for more details (a copy is included in the LICENSE file that
+ * accompanied this code).
+ *
+ * You should have received a copy of the GNU General Public License version
+ * 2 along with this work; if not, write to the Free Software Foundation,
+ * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
+ *
+ * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
+ * or visit www.oracle.com if you need additional information or have any
+ * questions.
+ */
+
+package jdk.internal.net.http;
+
+import java.net.URI;
+import java.util.Locale;
+import java.util.Objects;
+
+import sun.net.util.IPAddressUtil;
+
+/**
+ * Represents an origin server to which a HTTP request is targeted.
+ *
+ * @param scheme The scheme of the origin (for example: https). Unlike the application layer
+ *               protocol (which can be a finer grained protocol like h2, h3 etc...),
+ *               this is actually a scheme. Only {@code http} and {@code https} literals are
+ *               supported. Cannot be null.
+ * @param host   The host of the origin, cannot be null. If the host is an IPv6 address,
+ *               then it must not be enclosed in square brackets ({@code '['} and {@code ']'}).
+ *               If the host is a DNS hostname, then it must be passed as a lower case String.
+ * @param port   The port of the origin. Must be greater than 0.
+ */
+public record Origin(String scheme, String host, int port) {
+    public Origin {
+        Objects.requireNonNull(scheme);
+        Objects.requireNonNull(host);
+        if (!isValidScheme(scheme)) {
+            throw new IllegalArgumentException("Unsupported scheme: " + scheme);
+        }
+        if (host.startsWith("[") && host.endsWith("]")) {
+            throw new IllegalArgumentException("Invalid host: " + host);
+        }
+        // expect DNS hostname to be passed as lower case
+        if (isDNSHostName(host) && !host.toLowerCase(Locale.ROOT).equals(host)) {
+            throw new IllegalArgumentException("non-lowercase hostname: " + host);
+        }
+        if (port <= 0) {
+            throw new IllegalArgumentException("Invalid port: " + port);
+        }
+    }
+
+    @Override
+    public String toString() {
+        return scheme + "://" + toAuthority(host, port);
+    }
+
+    /**
+     * {@return Creates and returns an Origin from an URI}
+     *
+     * @param uri The URI of the origin
+     * @throws IllegalArgumentException if a Origin cannot be constructed from
+     *                                  the given {@code uri}
+     */
+    public static Origin from(final URI uri) throws IllegalArgumentException {
+        Objects.requireNonNull(uri);
+        final String scheme = uri.getScheme();
+        if (scheme == null) {
+            throw new IllegalArgumentException("missing scheme in URI");
+        }
+        final String lcaseScheme = scheme.toLowerCase(Locale.ROOT);
+        if (!isValidScheme(lcaseScheme)) {
+            throw new IllegalArgumentException("Unsupported scheme: " + scheme);
+        }
+        final String host = uri.getHost();
+        if (host == null) {
+            throw new IllegalArgumentException("missing host in URI");
+        }
+        String effectiveHost;
+        if (host.startsWith("[") && host.endsWith("]")) {
+            // strip the square brackets from IPv6 host
+            effectiveHost = host.substring(1, host.length() - 1);
+        } else {
+            effectiveHost = host;
+        }
+        assert !effectiveHost.isEmpty() : "unexpected URI host: " + host;
+        // If the host is a DNS hostname, then convert the host to lower case.
+        // The DNS hostname is expected to be ASCII characters and is case-insensitive.
+        //
+        // Its usage in areas like SNI too match this expectation - RFC-6066, section 3:
+        // "HostName" contains the fully qualified DNS hostname of the server,
+        // as understood by the client.  The hostname is represented as a byte
+        // string using ASCII encoding without a trailing dot. ... DNS hostnames
+        // are case-insensitive.
+        if (isDNSHostName(effectiveHost)) {
+            effectiveHost = effectiveHost.toLowerCase(Locale.ROOT);
+        }
+        int port = uri.getPort();
+        if (port == -1) {
+            port = switch (lcaseScheme) {
+                case "http" -> 80;
+                case "https" -> 443;
+                // we have already verified that this is a valid scheme, so this
+                // should never happen
+                default -> throw new AssertionError("Unsupported scheme: " + scheme);
+            };
+        }
+        return new Origin(lcaseScheme, effectiveHost, port);
+    }
+
+    static String toAuthority(final String host, final int port) {
+        assert port > 0 : "invalid port: " + port;
+        // borrowed from code in java.net.URI
+        final boolean needBrackets = host.indexOf(':') >= 0
+                && !host.startsWith("[")
+                && !host.endsWith("]");
+        if (needBrackets) {
+            return "[" + host + "]:" + port;
+        }
+        return host + ":" + port;
+    }
+
+    private static boolean isValidScheme(final String scheme) {
+        // only "http" and "https" literals allowed
+        return "http".equals(scheme) || "https".equals(scheme);
+    }
+
+    private static boolean isDNSHostName(final String host) {
+        final boolean isLiteral = IPAddressUtil.isIPv4LiteralAddress(host)
+                || IPAddressUtil.isIPv6LiteralAddress(host);
+
+        return !isLiteral;
+    }
+}

src/java.net.http/share/classes/jdk/internal/net/http/PlainHttpConnection.java

@@ -310,8 +310,9 @@ final FlowTube getConnectionFlow() {
         return tube;
     }
 
-    PlainHttpConnection(InetSocketAddress addr, HttpClientImpl client, String label) {
-        super(addr, client, label);
+    PlainHttpConnection(Origin originServer, InetSocketAddress addr, HttpClientImpl client,
+                        String label) {
+        super(originServer, addr, client, label);
         try {
             this.chan = SocketChannel.open();
             chan.configureBlocking(false);

src/java.net.http/share/classes/jdk/internal/net/http/PlainProxyConnection.java

@@ -30,7 +30,9 @@
 class PlainProxyConnection extends PlainHttpConnection {
 
     PlainProxyConnection(InetSocketAddress proxy, HttpClientImpl client, String label) {
-        super(proxy, client, label);
+        // we don't track the origin server for a plain proxy connection, since it
+        // can be used to serve requests against several different origin servers.
+        super(null, proxy, client, label);
     }
 
     @Override

src/java.net.http/share/classes/jdk/internal/net/http/PlainTunnelingConnection.java

@@ -51,15 +51,16 @@ final class PlainTunnelingConnection extends HttpConnection {
     final InetSocketAddress proxyAddr;
     private volatile boolean connected;
 
-    protected PlainTunnelingConnection(InetSocketAddress addr,
+    protected PlainTunnelingConnection(Origin originServer,
+                                       InetSocketAddress addr,
                                        InetSocketAddress proxy,
                                        HttpClientImpl client,
                                        ProxyHeaders proxyHeaders,
                                        String label) {
-        super(addr, client, label);
+        super(originServer, addr, client, label);
         this.proxyAddr = proxy;
         this.proxyHeaders = proxyHeaders;
-        delegate = new PlainHttpConnection(proxy, client, label);
+        delegate = new PlainHttpConnection(originServer, proxy, client, label);
     }
 
     @Override