Merge pull request #118 from longbai/avoid_dns_hijacking

dns hijacking

Author: longbai

library/src/androidTest/java/com/qiniu/android/FormUploadTest.java

@@ -133,7 +133,7 @@ public void complete(String k, ResponseInfo rinfo, JSONObject response) {
             e.printStackTrace();
         }
         Assert.assertEquals(expectKey, key);
-        Assert.assertEquals(401, info.statusCode);
+        Assert.assertEquals(ResponseInfo.InvalidToken, info.statusCode);
         Assert.assertNotNull(info.reqId);
         Assert.assertNull(resp);
     }

library/src/androidTest/java/com/qiniu/android/HttpTest.java

@@ -41,7 +41,7 @@ public void complete(ResponseInfo rinfo, JSONObject response) {
                 info = rinfo;
                 signal.countDown();
             }
-        }, null);
+        }, null, false);
 
         try {
             signal.await(60, TimeUnit.SECONDS); // wait for callback
@@ -61,7 +61,7 @@ public void complete(ResponseInfo rinfo, JSONObject response) {
                 info = rinfo;
                 signal.countDown();
             }
-        }, null);
+        }, null, false);
 
         try {
             signal.await(60, TimeUnit.SECONDS); // wait for callback
@@ -82,7 +82,7 @@ public void complete(ResponseInfo rinfo, JSONObject response) {
                         info = rinfo;
                         signal.countDown();
                     }
-                }, null);
+                }, null, false);
             }
         });
 
@@ -106,7 +106,7 @@ public void complete(ResponseInfo rinfo, JSONObject response) {
                         info = rinfo;
                         signal.countDown();
                     }
-                }, null);
+                }, null, false);
             }
         });
 
@@ -129,7 +129,7 @@ public void complete(ResponseInfo rinfo, JSONObject response) {
                 info = rinfo;
                 signal.countDown();
             }
-        }, null);
+        }, null, false);
 
         try {
             signal.await(60, TimeUnit.SECONDS); // wait for callback
@@ -150,7 +150,7 @@ public void complete(ResponseInfo rinfo, JSONObject response) {
                 info = rinfo;
                 signal.countDown();
             }
-        }, null);
+        }, null, false);
 
         try {
             signal.await(60, TimeUnit.SECONDS); // wait for callback
@@ -171,7 +171,7 @@ public void complete(ResponseInfo rinfo, JSONObject response) {
                 info = rinfo;
                 signal.countDown();
             }
-        }, null);
+        }, null, false);
 
         try {
             signal.await(60, TimeUnit.SECONDS); // wait for callback

library/src/androidTest/java/com/qiniu/android/PortTest.java

@@ -5,8 +5,6 @@
 import android.test.suitebuilder.annotation.SmallTest;
 import android.util.Log;
 
-import com.qiniu.android.http.CompletionHandler;
-import com.qiniu.android.http.HttpManager;
 import com.qiniu.android.http.ResponseInfo;
 import com.qiniu.android.storage.Configuration;
 import com.qiniu.android.storage.UpCompletionHandler;
@@ -15,8 +13,6 @@
 
 import junit.framework.Assert;
 
-import org.apache.http.Header;
-import org.apache.http.message.BasicHeader;
 import org.json.JSONObject;
 
 import java.io.File;
@@ -96,7 +92,7 @@ public void complete(String k, ResponseInfo rinfo, JSONObject response) {
         check(expectKey);
     }
 
-    private void check( final String expectKey){
+    private void check(final String expectKey) {
         try {
             signal.await(120, TimeUnit.SECONDS); // wait for callback
         } catch (InterruptedException e) {

library/src/androidTest/java/com/qiniu/android/TestFileRecorder.java

@@ -80,7 +80,7 @@ public void complete(String k, ResponseInfo rinfo, JSONObject response) {
         });
 
         try {
-            signal.await(500, TimeUnit.SECONDS); // wait for callback
+            signal.await(600, TimeUnit.SECONDS); // wait for callback
         } catch (InterruptedException e) {
             e.printStackTrace();
         }

library/src/androidTest/java/com/qiniu/android/TokenTest.java

@@ -0,0 +1,17 @@
+package com.qiniu.android;
+
+import android.test.AndroidTestCase;
+
+import com.qiniu.android.storage.UpToken;
+
+import junit.framework.Assert;
+
+/**
+ * Created by bailong on 15/6/1.
+ */
+public class TokenTest extends AndroidTestCase {
+    public void testRight() {
+        UpToken t = UpToken.parse(TestConfig.token);
+        Assert.assertNotNull(t);
+    }
+}

library/src/main/java/com/qiniu/android/http/HttpManager.java

@@ -3,6 +3,7 @@
 import com.loopj.android.http.AsyncHttpClient;
 import com.loopj.android.http.AsyncHttpResponseHandler;
 import com.qiniu.android.common.Constants;
+import com.qiniu.android.utils.Dns;
 
 import org.apache.http.Header;
 import org.apache.http.HttpEntity;
@@ -15,6 +16,8 @@
 import java.net.URISyntaxException;
 import java.util.Map;
 import java.util.Random;
+import java.util.concurrent.ExecutorService;
+import java.util.concurrent.ThreadPoolExecutor;
 
 import static java.lang.String.format;
 
@@ -41,9 +44,10 @@ public HttpManager(Proxy proxy, IReport reporter, String backUpIp,
         this.backUpIp = backUpIp;
         client = new AsyncHttpClient();
         client.setConnectTimeout(connectTimeout*1000);
-        client.setResponseTimeout(responseTimeout*1000);
+        client.setResponseTimeout(responseTimeout * 1000);
         client.setUserAgent(userAgent);
-        client.setEnableRedirects(false);
+        client.setEnableRedirects(true);
+        client.setRedirectHandler(new UpRedirectHandler());
         AsyncHttpClient.blockRetryExceptionClass(CancellationHandler.CancellationException.class);
         if (proxy != null) {
             client.setProxy(proxy.hostAddress, proxy.port, proxy.user, proxy.password);
@@ -97,18 +101,18 @@ private static String getUserAgent() {
      * @param completionHandler 发送数据完成后续动作处理对象
      */
     public void postData(String url, byte[] data, int offset, int size, Header[] headers,
-                         ProgressHandler progressHandler, final CompletionHandler completionHandler, CancellationHandler c) {
+                         ProgressHandler progressHandler, final CompletionHandler completionHandler, CancellationHandler c, boolean forceIp) {
         ByteArrayEntity entity = new ByteArrayEntity(data, offset, size, progressHandler, c);
-        postEntity(url, entity, headers, progressHandler, completionHandler);
+        postEntity(url, entity, headers, progressHandler, completionHandler, forceIp);
     }
 
     public void postData(String url, byte[] data, Header[] headers, ProgressHandler progressHandler,
-                         CompletionHandler completionHandler, CancellationHandler c) {
-        postData(url, data, 0, data.length, headers, progressHandler, completionHandler, c);
+                         CompletionHandler completionHandler, CancellationHandler c, boolean forceIp) {
+        postData(url, data, 0, data.length, headers, progressHandler, completionHandler, c, forceIp);
     }
 
     private void postEntity(String url, final HttpEntity entity, Header[] headers,
-                         ProgressHandler progressHandler, CompletionHandler completionHandler) {
+                         ProgressHandler progressHandler, CompletionHandler completionHandler, final boolean forceIp) {
         final CompletionHandler wrapper = wrap(completionHandler);
         final Header[] h = reporter.appendStatHeaders(headers);
 
@@ -117,32 +121,35 @@ private void postEntity(String url, final HttpEntity entity, Header[] headers,
         }
 
         final AsyncHttpResponseHandler originHandler = new ResponseHandler(url, wrapper, progressHandler);
-        if(backUpIp == null){
+        if(backUpIp == null || converter != null){
             client.post(null, url, h, entity, null, originHandler);
             return;
         }
         final String url2 = url;
-        client.post(null, url, h, entity, null, new ResponseHandler(url, new CompletionHandler() {
+
+        ExecutorService t = client.getThreadPool();
+        t.execute(new Runnable() {
             @Override
-            public void complete(ResponseInfo info, JSONObject response) {
-                if (info.statusCode != ResponseInfo.UnknownHost){
-                    wrapper.complete(info, response);
-                    return;
+            public void run() {
+                URI uri = URI.create(url2);
+                String ip = Dns.getAddress(uri.getHost());
+                if (ip == null || ip.equals("") || forceIp) {
+                    ip = backUpIp;
                 }
+
                 Header[] h2 = new Header[h.length + 1];
                 System.arraycopy(h, 0, h2, 0, h.length);
 
-                URI uri = URI.create(url2);
                 String newUrl = null;
                 try {
-                    newUrl = new URI(uri.getScheme(), null, backUpIp, uri.getPort(), uri.getPath(), uri.getQuery(), null).toString();
+                    newUrl = new URI(uri.getScheme(), null, ip, uri.getPort(), uri.getPath(), uri.getQuery(), null).toString();
                 } catch (URISyntaxException e) {
                     throw new AssertionError(e);
                 }
                 h2[h.length] = new BasicHeader("Host", uri.getHost());
                 client.post(null, newUrl, h2, entity, null, originHandler);
             }
-        }, progressHandler));
+        });
     }
 
     /**
@@ -154,7 +161,7 @@ public void complete(ResponseInfo info, JSONObject response) {
      * @param completionHandler 发送数据完成后续动作处理对象
      */
     public void multipartPost(String url, PostArgs args, ProgressHandler progressHandler,
-                              final CompletionHandler completionHandler, CancellationHandler c) {
+                              final CompletionHandler completionHandler, CancellationHandler c, boolean forceIp) {
         MultipartBuilder mbuilder = new MultipartBuilder();
         for (Map.Entry<String, String> entry : args.params.entrySet()) {
             mbuilder.addPart(entry.getKey(), entry.getValue());
@@ -178,7 +185,7 @@ public void multipartPost(String url, PostArgs args, ProgressHandler progressHan
 
         ByteArrayEntity entity = mbuilder.build(progressHandler, c);
         Header[] h = reporter.appendStatHeaders(new Header[0]);
-        postEntity(url, entity, h, progressHandler, completionHandler);
+        postEntity(url, entity, h, progressHandler, completionHandler, forceIp);
     }
 
     private CompletionHandler wrap(final CompletionHandler completionHandler) {
@@ -194,40 +201,4 @@ public void complete(ResponseInfo info, JSONObject response) {
             }
         };
     }
-
-    /**
-     * fixed key escape for async http client
-     * Appends a quoted-string to a StringBuilder.
-     * <p/>
-     * <p>RFC 2388 is rather vague about how one should escape special characters
-     * in form-data parameters, and as it turns out Firefox and Chrome actually
-     * do rather different things, and both say in their comments that they're
-     * not really sure what the right approach is. We go with Chrome's behavior
-     * (which also experimentally seems to match what IE does), but if you
-     * actually want to have a good chance of things working, please avoid
-     * double-quotes, newlines, percent signs, and the like in your field names.
-     */
-    private static String escapeMultipartString(String key) {
-        StringBuilder target = new StringBuilder();
-
-        for (int i = 0, len = key.length(); i < len; i++) {
-            char ch = key.charAt(i);
-            switch (ch) {
-                case '\n':
-                    target.append("%0A");
-                    break;
-                case '\r':
-                    target.append("%0D");
-                    break;
-                case '"':
-                    target.append("%22");
-                    break;
-                default:
-                    target.append(ch);
-                    break;
-            }
-        }
-        return target.toString();
-    }
-
 }

library/src/main/java/com/qiniu/android/http/Proxy.java

@@ -3,7 +3,7 @@
 /**
  * http 代理
  */
-public class Proxy {
+public final class Proxy {
 
     public final String hostAddress;
     public final int port;

library/src/main/java/com/qiniu/android/http/ResponseInfo.java

@@ -7,6 +7,7 @@
  * 定义HTTP请求的日志信息和常规方法
  */
 public final class ResponseInfo {
+    public static final int InvalidToken = -5;
     public static final int InvalidArgument = -4;
     public static final int InvalidFile = -3;
     public static final int Cancelled = -2;
@@ -78,6 +79,10 @@ public static ResponseInfo invalidArgument(String message) {
                 message);
     }
 
+    public static ResponseInfo invalidToken(String message) {
+        return new ResponseInfo(InvalidToken, "", "", "", "", "", -1, 0,
+                message);
+    }
 
     public static ResponseInfo fileError(Exception e) {
         return new ResponseInfo(InvalidFile, "", "", "", "", "", -1,
@@ -112,6 +117,9 @@ public boolean needRetry() {
                 || (statusCode == 200 && error != null));
     }
 
+    public boolean isQiniu() {
+        return statusCode < 500 && statusCode >= 200 && reqId == null;
+    }
 
     public String toString() {
         return String.format(Locale.ENGLISH, "{ResponseInfo:%s,status:%d, reqId:%s, xlog:%s, xvia:%s,  host:%s, ip:%s, port:%d, duration:%f s, error:%s}",

library/src/main/java/com/qiniu/android/http/StatReport.java

@@ -6,7 +6,7 @@
 /**
  * Report the client status to Server.
  */
-public class StatReport implements IReport{
+public final class StatReport implements IReport{
     private ResponseInfo previousErrorInfo = null;
     private ResponseInfo previousSpeedInfo = null;