/* * Copyright 2012 The Netty Project * * The Netty Project licenses this file to you under the Apache License, * version 2.0 (the "License"); you may not use this file except in compliance * with the License. You may obtain a copy of the License at: * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the * License for the specific language governing permissions and limitations * under the License. */ package io.netty.handler.codec.http; import io.netty.buffer.ByteBuf; import io.netty.buffer.ByteBufProcessor; import io.netty.buffer.Unpooled; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelPipeline; import io.netty.handler.codec.AsciiString; import io.netty.handler.codec.DecoderResult; import io.netty.handler.codec.ReplayingDecoder; import io.netty.handler.codec.TooLongFrameException; import io.netty.util.internal.AppendableCharSequence; import java.util.List; import static io.netty.buffer.ByteBufUtil.*; /** * Decodes {@link ByteBuf}s into {@link HttpMessage}s and * {@link HttpContent}s. * *

Parameters that prevents excessive memory consumption

* * * * * * * * * * * * * * * * *
NameMeaning
{@code maxInitialLineLength}The maximum length of the initial line * (e.g. {@code "GET / HTTP/1.0"} or {@code "HTTP/1.0 200 OK"}) * If the length of the initial line exceeds this value, a * {@link TooLongFrameException} will be raised.
{@code maxHeaderSize}The maximum length of all headers. If the sum of the length of each * header exceeds this value, a {@link TooLongFrameException} will be raised.
{@code maxChunkSize}The maximum length of the content or each chunk. If the content length * (or the length of each chunk) exceeds this value, the content or chunk * will be split into multiple {@link HttpContent}s whose length is * {@code maxChunkSize} at maximum.
* *

Chunked Content

* * If the content of an HTTP message is greater than {@code maxChunkSize} or * the transfer encoding of the HTTP message is 'chunked', this decoder * generates one {@link HttpMessage} instance and its following * {@link HttpContent}s per single HTTP message to avoid excessive memory * consumption. For example, the following HTTP message: * 
 * GET / HTTP/1.1
 * Transfer-Encoding: chunked
 *
 * 1a
 * abcdefghijklmnopqrstuvwxyz
 * 10
 * 1234567890abcdef
 * 0
 * Content-MD5: ...
 * [blank line]
 *
* triggers {@link HttpRequestDecoder} to generate 3 objects: *
    *
  1. An {@link HttpRequest},
    2. *
  2. The first {@link HttpContent} whose content is {@code 'abcdefghijklmnopqrstuvwxyz'},
    3. *
  3. The second {@link LastHttpContent} whose content is {@code '1234567890abcdef'}, which marks * the end of the content.
    4. *
* * If you prefer not to handle {@link HttpContent}s by yourself for your * convenience, insert {@link HttpObjectAggregator} after this decoder in the * {@link ChannelPipeline}. However, please note that your server might not * be as memory efficient as without the aggregator. * *

Extensibility

* * Please note that this decoder is designed to be extended to implement * a protocol derived from HTTP, such as * RTSP and * ICAP. * To implement the decoder of such a derived protocol, extend this class and * implement all abstract methods properly. */ public abstract class HttpObjectDecoder extends ReplayingDecoder { private final int maxInitialLineLength; private final int maxHeaderSize; private final int maxChunkSize; private final boolean chunkedSupported; protected final boolean validateHeaders; private final AppendableCharSequence seq = new AppendableCharSequence(128); private final HeaderParser headerParser = new HeaderParser(seq); private final LineParser lineParser = new LineParser(seq); private HttpMessage message; private long chunkSize; private int headerSize; private long contentLength = Long.MIN_VALUE; private volatile boolean resetRequested; /** * The internal state of {@link HttpObjectDecoder}. * Internal use only. */ enum State { SKIP_CONTROL_CHARS, READ_INITIAL, READ_HEADER, READ_VARIABLE_LENGTH_CONTENT, READ_FIXED_LENGTH_CONTENT, READ_CHUNK_SIZE, READ_CHUNKED_CONTENT, READ_CHUNK_DELIMITER, READ_CHUNK_FOOTER, BAD_MESSAGE, UPGRADED } /** * Creates a new instance with the default * {@code maxInitialLineLength (4096}}, {@code maxHeaderSize (8192)}, and * {@code maxChunkSize (8192)}. */ protected HttpObjectDecoder() { this(4096, 8192, 8192, true); } /** * Creates a new instance with the specified parameters. */ protected HttpObjectDecoder( int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean chunkedSupported) { this(maxInitialLineLength, maxHeaderSize, maxChunkSize, chunkedSupported, true); } /** * Creates a new instance with the specified parameters. */ protected HttpObjectDecoder( int maxInitialLineLength, int maxHeaderSize, int maxChunkSize, boolean chunkedSupported, boolean validateHeaders) { super(State.SKIP_CONTROL_CHARS); if (maxInitialLineLength <= 0) { throw new IllegalArgumentException( "maxInitialLineLength must be a positive integer: " + maxInitialLineLength); } if (maxHeaderSize <= 0) { throw new IllegalArgumentException( "maxHeaderSize must be a positive integer: " + maxHeaderSize); } if (maxChunkSize <= 0) { throw new IllegalArgumentException( "maxChunkSize must be a positive integer: " + maxChunkSize); } this.maxInitialLineLength = maxInitialLineLength; this.maxHeaderSize = maxHeaderSize; this.maxChunkSize = maxChunkSize; this.chunkedSupported = chunkedSupported; this.validateHeaders = validateHeaders; } @Override protected void decode(ChannelHandlerContext ctx, ByteBuf buffer, List out) throws Exception { if (resetRequested) { resetNow(); } switch (state()) { case SKIP_CONTROL_CHARS: { try { skipControlCharacters(buffer); checkpoint(State.READ_INITIAL); } finally { checkpoint(); } } case READ_INITIAL: try { String[] initialLine = splitInitialLine(lineParser.parse(buffer)); if (initialLine.length < 3) { // Invalid initial line - ignore. checkpoint(State.SKIP_CONTROL_CHARS); return; } message = createMessage(initialLine); checkpoint(State.READ_HEADER); } catch (Exception e) { out.add(invalidMessage(e)); return; } case READ_HEADER: try { State nextState = readHeaders(buffer); checkpoint(nextState); if (nextState == State.READ_CHUNK_SIZE) { if (!chunkedSupported) { throw new IllegalArgumentException("Chunked messages not supported"); } // Chunked encoding - generate HttpMessage first. HttpChunks will follow. out.add(message); return; } if (nextState == State.SKIP_CONTROL_CHARS) { // No content is expected. out.add(message); out.add(LastHttpContent.EMPTY_LAST_CONTENT); resetNow(); return; } long contentLength = contentLength(); if (contentLength == 0 || contentLength == -1 && isDecodingRequest()) { out.add(message); out.add(LastHttpContent.EMPTY_LAST_CONTENT); resetNow(); return; } assert nextState == State.READ_FIXED_LENGTH_CONTENT || nextState == State.READ_VARIABLE_LENGTH_CONTENT; out.add(message); if (nextState == State.READ_FIXED_LENGTH_CONTENT) { // chunkSize will be decreased as the READ_FIXED_LENGTH_CONTENT state reads data chunk by chunk. chunkSize = contentLength; } // We return here, this forces decode to be called again where we will decode the content return; } catch (Exception e) { out.add(invalidMessage(e)); return; } case READ_VARIABLE_LENGTH_CONTENT: { // Keep reading data as a chunk until the end of connection is reached. int toRead = Math.min(actualReadableBytes(), maxChunkSize); if (toRead > 0) { ByteBuf content = readBytes(ctx.alloc(), buffer, toRead); if (buffer.isReadable()) { out.add(new DefaultHttpContent(content)); } else { // End of connection. out.add(new DefaultLastHttpContent(content, validateHeaders)); resetNow(); } } else if (!buffer.isReadable()) { // End of connection. out.add(LastHttpContent.EMPTY_LAST_CONTENT); resetNow(); } return; } case READ_FIXED_LENGTH_CONTENT: { int readLimit = actualReadableBytes(); // Check if the buffer is readable first as we use the readable byte count // to create the HttpChunk. This is needed as otherwise we may end up with // create a HttpChunk instance that contains an empty buffer and so is // handled like it is the last HttpChunk. // // See https://github.com/netty/netty/issues/433 if (readLimit == 0) { return; } int toRead = Math.min(readLimit, maxChunkSize); if (toRead > chunkSize) { toRead = (int) chunkSize; } ByteBuf content = readBytes(ctx.alloc(), buffer, toRead); chunkSize -= toRead; if (chunkSize == 0) { // Read all content. out.add(new DefaultLastHttpContent(content, validateHeaders)); resetNow(); } else { out.add(new DefaultHttpContent(content)); } return; } /** * everything else after this point takes care of reading chunked content. basically, read chunk size, * read chunk, read and ignore the CRLF and repeat until 0 */ case READ_CHUNK_SIZE: try { AppendableCharSequence line = lineParser.parse(buffer); int chunkSize = getChunkSize(line.toString()); this.chunkSize = chunkSize; if (chunkSize == 0) { checkpoint(State.READ_CHUNK_FOOTER); return; } else { checkpoint(State.READ_CHUNKED_CONTENT); } } catch (Exception e) { out.add(invalidChunk(e)); return; } case READ_CHUNKED_CONTENT: { assert chunkSize <= Integer.MAX_VALUE; int toRead = Math.min((int) chunkSize, maxChunkSize); HttpContent chunk = new DefaultHttpContent(readBytes(ctx.alloc(), buffer, toRead)); chunkSize -= toRead; out.add(chunk); if (chunkSize == 0) { // Read all content. checkpoint(State.READ_CHUNK_DELIMITER); } else { return; } } case READ_CHUNK_DELIMITER: { for (;;) { byte next = buffer.readByte(); if (next == HttpConstants.CR) { if (buffer.readByte() == HttpConstants.LF) { checkpoint(State.READ_CHUNK_SIZE); return; } } else if (next == HttpConstants.LF) { checkpoint(State.READ_CHUNK_SIZE); return; } else { checkpoint(); } } } case READ_CHUNK_FOOTER: try { LastHttpContent trailer = readTrailingHeaders(buffer); out.add(trailer); resetNow(); return; } catch (Exception e) { out.add(invalidChunk(e)); return; } case BAD_MESSAGE: { // Keep discarding until disconnection. buffer.skipBytes(actualReadableBytes()); break; } case UPGRADED: { int readableBytes = actualReadableBytes(); if (readableBytes > 0) { // Keep on consuming as otherwise we may trigger an DecoderException, // other handler will replace this codec with the upgraded protocol codec to // take the traffic over at some point then. // See https://github.com/netty/netty/issues/2173 out.add(buffer.readBytes(actualReadableBytes())); } break; } } } @Override protected void decodeLast(ChannelHandlerContext ctx, ByteBuf in, List out) throws Exception { decode(ctx, in, out); // Handle the last unfinished message. if (message != null) { // Check if the closure of the connection signifies the end of the content. boolean prematureClosure; if (isDecodingRequest()) { // The last request did not wait for a response. prematureClosure = true; } else { // Compare the length of the received content and the 'Content-Length' header. // If the 'Content-Length' header is absent, the length of the content is determined by the end of the // connection, so it is perfectly fine. prematureClosure = contentLength() > 0; } resetNow(); if (!prematureClosure) { out.add(LastHttpContent.EMPTY_LAST_CONTENT); } } } protected boolean isContentAlwaysEmpty(HttpMessage msg) { if (msg instanceof HttpResponse) { HttpResponse res = (HttpResponse) msg; int code = res.getStatus().code(); // Correctly handle return codes of 1xx. // // See: // - http://www.w3.org/Protocols/rfc2616/rfc2616-sec4.html Section 4.4 // - https://github.com/netty/netty/issues/222 if (code >= 100 && code < 200) { // One exception: Hixie 76 websocket handshake response return !(code == 101 && !res.headers().contains(HttpHeaders.Names.SEC_WEBSOCKET_ACCEPT)); } switch (code) { case 204: case 205: case 304: return true; } } return false; } /** * Resets the state of the decoder so that it is ready to decode a new message. * This method is useful for handling a rejected request with {@code Expect: 100-continue} header. */ public void reset() { resetRequested = true; } private void resetNow() { HttpMessage message = this.message; this.message = null; contentLength = Long.MIN_VALUE; if (!isDecodingRequest()) { HttpResponse res = (HttpResponse) message; if (res != null && res.getStatus().code() == 101) { checkpoint(State.UPGRADED); return; } } checkpoint(State.SKIP_CONTROL_CHARS); } private HttpMessage invalidMessage(Exception cause) { checkpoint(State.BAD_MESSAGE); if (message != null) { message.setDecoderResult(DecoderResult.failure(cause)); } else { message = createInvalidMessage(); message.setDecoderResult(DecoderResult.failure(cause)); } HttpMessage ret = message; message = null; return ret; } private HttpContent invalidChunk(Exception cause) { checkpoint(State.BAD_MESSAGE); HttpContent chunk = new DefaultLastHttpContent(Unpooled.EMPTY_BUFFER); chunk.setDecoderResult(DecoderResult.failure(cause)); message = null; return chunk; } private static void skipControlCharacters(ByteBuf buffer) { for (;;) { char c = (char) buffer.readUnsignedByte(); if (!Character.isISOControl(c) && !Character.isWhitespace(c)) { buffer.readerIndex(buffer.readerIndex() - 1); break; } } } private State readHeaders(ByteBuf buffer) { headerSize = 0; final HttpMessage message = this.message; final HttpHeaders headers = message.headers(); AppendableCharSequence line = headerParser.parse(buffer); String name = null; String value = null; if (line.length() > 0) { headers.clear(); do { char firstChar = line.charAt(0); if (name != null && (firstChar == ' ' || firstChar == '\t')) { value = value + ' ' + line.toString().trim(); } else { if (name != null) { headers.add(name, value); } String[] header = splitHeader(line); name = header[0]; value = header[1]; } line = headerParser.parse(buffer); } while (line.length() > 0); // Add the last header. if (name != null) { headers.add(name, value); } } State nextState; if (isContentAlwaysEmpty(message)) { HttpHeaders.removeTransferEncodingChunked(message); nextState = State.SKIP_CONTROL_CHARS; } else if (HttpHeaders.isTransferEncodingChunked(message)) { nextState = State.READ_CHUNK_SIZE; } else if (contentLength() >= 0) { nextState = State.READ_FIXED_LENGTH_CONTENT; } else { nextState = State.READ_VARIABLE_LENGTH_CONTENT; } return nextState; } private long contentLength() { if (contentLength == Long.MIN_VALUE) { contentLength = HttpHeaders.getContentLength(message, -1); } return contentLength; } private LastHttpContent readTrailingHeaders(ByteBuf buffer) { headerSize = 0; AppendableCharSequence line = headerParser.parse(buffer); String lastHeader = null; if (line.length() > 0) { LastHttpContent trailer = new DefaultLastHttpContent(Unpooled.EMPTY_BUFFER, validateHeaders); do { char firstChar = line.charAt(0); if (lastHeader != null && (firstChar == ' ' || firstChar == '\t')) { List current = trailer.trailingHeaders().getAll(lastHeader); if (!current.isEmpty()) { int lastPos = current.size() - 1; String newString = current.get(lastPos) + line.toString().trim(); current.set(lastPos, newString); } else { // Content-Length, Transfer-Encoding, or Trailer } } else { String[] header = splitHeader(line); String name = header[0]; if (!AsciiString.equalsIgnoreCase(name, HttpHeaders.Names.CONTENT_LENGTH) && !AsciiString.equalsIgnoreCase(name, HttpHeaders.Names.TRANSFER_ENCODING) && !AsciiString.equalsIgnoreCase(name, HttpHeaders.Names.TRAILER)) { trailer.trailingHeaders().add(name, header[1]); } lastHeader = name; } line = headerParser.parse(buffer); } while (line.length() > 0); return trailer; } return LastHttpContent.EMPTY_LAST_CONTENT; } protected abstract boolean isDecodingRequest(); protected abstract HttpMessage createMessage(String[] initialLine) throws Exception; protected abstract HttpMessage createInvalidMessage(); private static int getChunkSize(String hex) { hex = hex.trim(); for (int i = 0; i < hex.length(); i ++) { char c = hex.charAt(i); if (c == ';' || Character.isWhitespace(c) || Character.isISOControl(c)) { hex = hex.substring(0, i); break; } } return Integer.parseInt(hex, 16); } private static String[] splitInitialLine(AppendableCharSequence sb) { int aStart; int aEnd; int bStart; int bEnd; int cStart; int cEnd; aStart = findNonWhitespace(sb, 0); aEnd = findWhitespace(sb, aStart); bStart = findNonWhitespace(sb, aEnd); bEnd = findWhitespace(sb, bStart); cStart = findNonWhitespace(sb, bEnd); cEnd = findEndOfString(sb); return new String[] { sb.substring(aStart, aEnd), sb.substring(bStart, bEnd), cStart < cEnd? sb.substring(cStart, cEnd) : "" }; } private static String[] splitHeader(AppendableCharSequence sb) { final int length = sb.length(); int nameStart; int nameEnd; int colonEnd; int valueStart; int valueEnd; nameStart = findNonWhitespace(sb, 0); for (nameEnd = nameStart; nameEnd < length; nameEnd ++) { char ch = sb.charAt(nameEnd); if (ch == ':' || Character.isWhitespace(ch)) { break; } } for (colonEnd = nameEnd; colonEnd < length; colonEnd ++) { if (sb.charAt(colonEnd) == ':') { colonEnd ++; break; } } valueStart = findNonWhitespace(sb, colonEnd); if (valueStart == length) { return new String[] { sb.substring(nameStart, nameEnd), "" }; } valueEnd = findEndOfString(sb); return new String[] { sb.substring(nameStart, nameEnd), sb.substring(valueStart, valueEnd) }; } private static int findNonWhitespace(CharSequence sb, int offset) { int result; for (result = offset; result < sb.length(); result ++) { if (!Character.isWhitespace(sb.charAt(result))) { break; } } return result; } private static int findWhitespace(CharSequence sb, int offset) { int result; for (result = offset; result < sb.length(); result ++) { if (Character.isWhitespace(sb.charAt(result))) { break; } } return result; } private static int findEndOfString(CharSequence sb) { int result; for (result = sb.length(); result > 0; result --) { if (!Character.isWhitespace(sb.charAt(result - 1))) { break; } } return result; } private final class HeaderParser implements ByteBufProcessor { private final AppendableCharSequence seq; HeaderParser(AppendableCharSequence seq) { this.seq = seq; } public AppendableCharSequence parse(ByteBuf buffer) { seq.reset(); headerSize = 0; int i = buffer.forEachByte(this); buffer.readerIndex(i + 1); return seq; } @Override public boolean process(byte value) throws Exception { char nextByte = (char) value; headerSize++; if (nextByte == HttpConstants.CR) { return true; } if (nextByte == HttpConstants.LF) { return false; } // Abort decoding if the header part is too large. if (headerSize >= maxHeaderSize) { // TODO: Respond with Bad Request and discard the traffic // or close the connection. // No need to notify the upstream handlers - just log. // If decoding a response, just throw an exception. throw new TooLongFrameException( "HTTP header is larger than " + maxHeaderSize + " bytes."); } seq.append(nextByte); return true; } } private final class LineParser implements ByteBufProcessor { private final AppendableCharSequence seq; private int size; LineParser(AppendableCharSequence seq) { this.seq = seq; } public AppendableCharSequence parse(ByteBuf buffer) { seq.reset(); size = 0; int i = buffer.forEachByte(this); buffer.readerIndex(i + 1); return seq; } @Override public boolean process(byte value) throws Exception { char nextByte = (char) value; if (nextByte == HttpConstants.CR) { return true; } else if (nextByte == HttpConstants.LF) { return false; } else { if (size >= maxInitialLineLength) { // TODO: Respond with Bad Request and discard the traffic // or close the connection. // No need to notify the upstream handlers - just log. // If decoding a response, just throw an exception. throw new TooLongFrameException( "An HTTP line is larger than " + maxInitialLineLength + " bytes."); } size ++; seq.append(nextByte); return true; } } } }