java/org/apache/catalina/ssi/SSIServletExternalResolver.java - tomcat - Git at Google

 /*
  * Licensed to the Apache Software Foundation (ASF) under one or more
  * contributor license agreements.  See the NOTICE file distributed with
  * this work for additional information regarding copyright ownership.
  * The ASF licenses this file to You under the Apache License, Version 2.0
  * (the "License"); you may not use this file except in compliance with
  * the License.  You may obtain a copy of the License at
  *
  *      http://www.apache.org/licenses/LICENSE-2.0
  *
  * Unless required by applicable law or agreed to in writing, software
  * distributed under the License is distributed on an "AS IS" BASIS,
  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  * See the License for the specific language governing permissions and
  * limitations under the License.
  */
 package org.apache.catalina.ssi;


 import java.io.IOException;
 import java.net.URL;
 import java.net.URLConnection;
 import java.nio.charset.Charset;
 import java.nio.charset.StandardCharsets;
 import java.util.Collection;
 import java.util.Date;
 import java.util.Enumeration;
 import java.util.Locale;
 import java.util.Objects;

 import jakarta.servlet.RequestDispatcher;
 import jakarta.servlet.ServletContext;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;

 import org.apache.catalina.connector.Connector;
 import org.apache.catalina.connector.Request;
 import org.apache.tomcat.util.buf.B2CConverter;
 import org.apache.tomcat.util.buf.UDecoder;
 import org.apache.tomcat.util.http.Method;
 import org.apache.tomcat.util.http.RequestUtil;
 import org.apache.tomcat.util.res.StringManager;

 /**
  * An implementation of SSIExternalResolver that is used with servlets.
  */
 public class SSIServletExternalResolver implements SSIExternalResolver {
     private static final StringManager sm = StringManager.getManager(SSIServletExternalResolver.class);
     protected final String[] VARIABLE_NAMES = { "AUTH_TYPE", "CONTENT_LENGTH", "CONTENT_TYPE", "DOCUMENT_NAME",
             "DOCUMENT_URI", "GATEWAY_INTERFACE", "HTTP_ACCEPT", "HTTP_ACCEPT_ENCODING", "HTTP_ACCEPT_LANGUAGE",
             "HTTP_CONNECTION", "HTTP_HOST", "HTTP_REFERER", "HTTP_USER_AGENT", "PATH_INFO", "PATH_TRANSLATED",
             "QUERY_STRING", "QUERY_STRING_UNESCAPED", "REMOTE_ADDR", "REMOTE_HOST", "REMOTE_PORT", "REMOTE_USER",
             "REQUEST_METHOD", "REQUEST_URI", "SCRIPT_FILENAME", "SCRIPT_NAME", "SERVER_ADDR", "SERVER_NAME",
             "SERVER_PORT", "SERVER_PROTOCOL", "SERVER_SOFTWARE", "UNIQUE_ID" };
     protected final ServletContext context;
     protected final HttpServletRequest req;
     protected final HttpServletResponse res;
     protected final boolean isVirtualWebappRelative;
     protected final int debug;
     protected final String inputEncoding;

     public SSIServletExternalResolver(ServletContext context, HttpServletRequest req, HttpServletResponse res,
             boolean isVirtualWebappRelative, int debug, String inputEncoding) {
         this.context = context;
         this.req = req;
         this.res = res;
         this.isVirtualWebappRelative = isVirtualWebappRelative;
         this.debug = debug;
         this.inputEncoding = inputEncoding;
     }


     @Override
     public void log(String message, Throwable throwable) {
         /*
          * We can't assume that Servlet.log(message, null) is the same as Servlet.log( message ), since API doesn't seem
          * to say so.
          */
         if (throwable != null) {
             context.log(message, throwable);
         } else {
             context.log(message);
         }
     }


     @Override
     public void addVariableNames(Collection<String> variableNames) {
         for (String variableName : VARIABLE_NAMES) {
             String variableValue = getVariableValue(variableName);
             if (variableValue != null) {
                 variableNames.add(variableName);
             }
         }
         Enumeration<String> e = req.getAttributeNames();
         while (e.hasMoreElements()) {
             String name = e.nextElement();
             if (!isNameReserved(name)) {
                 variableNames.add(name);
             }
         }
     }


     protected Object getReqAttributeIgnoreCase(String targetName) {
         Object object = null;
         if (!isNameReserved(targetName)) {
             object = req.getAttribute(targetName);
             if (object == null) {
                 Enumeration<String> e = req.getAttributeNames();
                 while (e.hasMoreElements()) {
                     String name = e.nextElement();
                     if (targetName.equalsIgnoreCase(name) && !isNameReserved(name)) {
                         object = req.getAttribute(name);
                         if (object != null) {
                             break;
                         }
                     }
                 }
             }
         }
         return object;
     }


     protected boolean isNameReserved(String name) {
         return name.startsWith("java.") || name.startsWith("javax.") || name.startsWith("sun.");
     }


     @Override
     public void setVariableValue(String name, String value) {
         if (!isNameReserved(name)) {
             req.setAttribute(name, value);
         }
     }


     @Override
     public String getVariableValue(String name) {
         String retVal;
         Object object = getReqAttributeIgnoreCase(name);
         if (object != null) {
             retVal = object.toString();
         } else {
             retVal = getCGIVariable(name);
         }
         return retVal;
     }


     protected String getCGIVariable(String name) {
         String retVal = null;
         String[] nameParts = name.toUpperCase(Locale.ENGLISH).split("_");
         int requiredParts = 2;
         if (nameParts.length == 1) {
             if (nameParts[0].equals("PATH")) {
                 requiredParts = 1;
             }
         } else if (nameParts[0].equals("AUTH")) {
             if (nameParts[1].equals("TYPE")) {
                 retVal = req.getAuthType();
             }
         } else if (nameParts[0].equals("CONTENT")) {
             if (nameParts[1].equals("LENGTH")) {
                 long contentLength = req.getContentLengthLong();
                 if (contentLength >= 0) {
                     retVal = Long.toString(contentLength);
                 }
             } else if (nameParts[1].equals("TYPE")) {
                 retVal = req.getContentType();
             }
         } else if (nameParts[0].equals("DOCUMENT")) {
             if (nameParts[1].equals("NAME")) {
                 String requestURI = req.getRequestURI();
                 retVal = requestURI.substring(requestURI.lastIndexOf('/') + 1);
             } else if (nameParts[1].equals("URI")) {
                 retVal = req.getRequestURI();
             }
         } else if (name.equalsIgnoreCase("GATEWAY_INTERFACE")) {
             retVal = "CGI/1.1";
         } else if (nameParts[0].equals("HTTP")) {
             switch (nameParts[1]) {
                 case "ACCEPT" -> {
                     String accept = null;
                     if (nameParts.length == 2) {
                         accept = "Accept";
                     } else if (nameParts[2].equals("ENCODING")) {
                         requiredParts = 3;
                         accept = "Accept-Encoding";
                     } else if (nameParts[2].equals("LANGUAGE")) {
                         requiredParts = 3;
                         accept = "Accept-Language";
                     }
                     if (accept != null) {
                         Enumeration<String> acceptHeaders = req.getHeaders(accept);
                         if (acceptHeaders != null) {
                             if (acceptHeaders.hasMoreElements()) {
                                 StringBuilder rv = new StringBuilder(acceptHeaders.nextElement());
                                 while (acceptHeaders.hasMoreElements()) {
                                     rv.append(", ");
                                     rv.append(acceptHeaders.nextElement());
                                 }
                                 retVal = rv.toString();
                             }
                         }
                     }
                 }
                 case "CONNECTION" -> retVal = req.getHeader("Connection");
                 case "HOST" -> retVal = req.getHeader("Host");
                 case "REFERER" -> retVal = req.getHeader("Referer");
                 case "USER" -> {
                     if (nameParts.length == 3) {
                         if (nameParts[2].equals("AGENT")) {
                             requiredParts = 3;
                             retVal = req.getHeader("User-Agent");
                         }
                     }
                 }
             }

         } else if (nameParts[0].equals("PATH")) {
             if (nameParts[1].equals("INFO")) {
                 retVal = req.getPathInfo();
             } else if (nameParts[1].equals("TRANSLATED")) {
                 retVal = req.getPathTranslated();
             }
         } else if (nameParts[0].equals("QUERY")) {
             if (nameParts[1].equals("STRING")) {
                 String queryString = req.getQueryString();
                 if (nameParts.length == 2) {
                     // apache displays this as an empty string rather than (none)
                     retVal = nullToEmptyString(queryString);
                 } else if (nameParts[2].equals("UNESCAPED")) {
                     requiredParts = 3;
                     if (queryString != null) {
                         Charset uriCharset = null;
                         Charset requestCharset = null;
                         boolean useBodyEncodingForURI = false;

                         // Get encoding settings from request / connector if possible
                         if (req instanceof Request) {
                             requestCharset = ((Request) req).getCoyoteRequest().getCharsetHolder().getCharset();
                             Connector connector = ((Request) req).getConnector();
                             uriCharset = connector.getURICharset();
                             useBodyEncodingForURI = connector.getUseBodyEncodingForURI();
                         }

                         Charset queryStringCharset;

                         // If valid, apply settings from request / connector
                         // Use default as a last resort
                         if (useBodyEncodingForURI && requestCharset != null) {
                             queryStringCharset = requestCharset;
                         } else {
                             queryStringCharset = Objects.requireNonNullElse(uriCharset, StandardCharsets.UTF_8);
                         }

                         retVal = UDecoder.URLDecode(queryString, queryStringCharset);
                     }
                 }
             }
         } else if (nameParts[0].equals("REMOTE")) {
             switch (nameParts[1]) {
                 case "ADDR" -> retVal = req.getRemoteAddr();
                 case "HOST" -> retVal = req.getRemoteHost();
                 case "IDENT" -> {
                     // Not implemented
                 }
                 case "PORT" -> retVal = Integer.toString(req.getRemotePort());
                 case "USER" -> retVal = req.getRemoteUser();
             }
         } else if (nameParts[0].equals("REQUEST")) {
             if (nameParts[1].equals("METHOD")) {
                 retVal = req.getMethod();
             } else if (nameParts[1].equals("URI")) {
                 // If this is an error page, get the original URI
                 retVal = (String) req.getAttribute(RequestDispatcher.FORWARD_REQUEST_URI);
                 if (retVal == null) {
                     retVal = req.getRequestURI();
                 }
             }
         } else if (nameParts[0].equals("SCRIPT")) {
             String scriptName = req.getServletPath();
             if (nameParts[1].equals("FILENAME")) {
                 retVal = context.getRealPath(scriptName);
             } else if (nameParts[1].equals("NAME")) {
                 retVal = scriptName;
             }
         } else if (nameParts[0].equals("SERVER")) {
             if (nameParts[1].equals("ADDR")) {
                 retVal = req.getLocalAddr();
             }
             if (nameParts[1].equals("NAME")) {
                 retVal = req.getServerName();
             } else if (nameParts[1].equals("PORT")) {
                 retVal = Integer.toString(req.getServerPort());
             } else if (nameParts[1].equals("PROTOCOL")) {
                 retVal = req.getProtocol();
             } else if (nameParts[1].equals("SOFTWARE")) {
                 retVal = context.getServerInfo() + ' ' + System.getProperty("java.vm.name") + '/' +
                         System.getProperty("java.vm.version") + ' ' + System.getProperty("os.name");
             }
         } else if (name.equalsIgnoreCase("UNIQUE_ID")) {
             retVal = req.getRequestedSessionId();
         }
         if (requiredParts != nameParts.length) {
             return null;
         }
         return retVal;
     }

     @Override
     public Date getCurrentDate() {
         return new Date();
     }


     protected String nullToEmptyString(String string) {
         String retVal = string;
         if (retVal == null) {
             retVal = "";
         }
         return retVal;
     }


     protected String getPathWithoutFileName(String servletPath) {
         String retVal = null;
         int lastSlash = servletPath.lastIndexOf('/');
         if (lastSlash >= 0) {
             // cut off file name
             retVal = servletPath.substring(0, lastSlash + 1);
         }
         return retVal;
     }


     protected String getPathWithoutContext(final String contextPath, final String servletPath) {
         if (servletPath.startsWith(contextPath)) {
             return servletPath.substring(contextPath.length());
         }
         return servletPath;
     }


     protected String getAbsolutePath(String path) throws IOException {
         String pathWithoutContext = SSIServletRequestUtil.getRelativePath(req);
         String prefix = getPathWithoutFileName(pathWithoutContext);
         if (prefix == null) {
             throw new IOException(sm.getString("ssiServletExternalResolver.removeFilenameError", pathWithoutContext));
         }
         String fullPath = prefix + path;
         String retVal = RequestUtil.normalize(fullPath);
         if (retVal == null) {
             throw new IOException(sm.getString("ssiServletExternalResolver.normalizationError", fullPath));
         }
         return retVal;
     }


     protected ServletContextAndPath getServletContextAndPathFromNonVirtualPath(String nonVirtualPath)
             throws IOException {
         if (nonVirtualPath.startsWith("/") || nonVirtualPath.startsWith("\\")) {
             throw new IOException(sm.getString("ssiServletExternalResolver.absoluteNonVirtualPath", nonVirtualPath));
         }
         if (nonVirtualPath.contains("../")) {
             throw new IOException(
                     sm.getString("ssiServletExternalResolver.pathTraversalNonVirtualPath", nonVirtualPath));
         }
         return new ServletContextAndPath(context, getAbsolutePath(nonVirtualPath));
     }


     protected ServletContextAndPath getServletContextAndPathFromVirtualPath(String virtualPath) throws IOException {

         if (!virtualPath.startsWith("/") && !virtualPath.startsWith("\\")) {
             return new ServletContextAndPath(context, getAbsolutePath(virtualPath));
         }

         String normalized = RequestUtil.normalize(virtualPath);
         if (isVirtualWebappRelative) {
             return new ServletContextAndPath(context, normalized);
         }

         ServletContext normContext = context.getContext(normalized);
         if (normContext == null) {
             throw new IOException(sm.getString("ssiServletExternalResolver.noContext", normalized));
         }
         // If it's the root context, then there is no context element to remove.
         // ie: '/file1.shtml' vs '/appName1/file1.shtml'
         if (!isRootContext(normContext)) {
             String noContext = getPathWithoutContext(normContext.getContextPath(), normalized);
             return new ServletContextAndPath(normContext, noContext);
         }

         return new ServletContextAndPath(normContext, normalized);
     }


     // Assumes servletContext is not-null
     // Assumes that identity comparison will be true for the same context
     // Assuming the above, getContext("/") will be non-null as long as the root context is accessible.
     // If it isn't, then servletContext can't be the root context anyway, hence they will not match.
     protected boolean isRootContext(ServletContext servletContext) {
         return servletContext == servletContext.getContext("/");
     }


     protected ServletContextAndPath getServletContextAndPath(String originalPath, boolean virtual) throws IOException {
         if (debug > 0) {
             log("SSIServletExternalResolver.getServletContextAndPath( " + originalPath + ", " + virtual + ")", null);
         }
         if (virtual) {
             return getServletContextAndPathFromVirtualPath(originalPath);
         } else {
             return getServletContextAndPathFromNonVirtualPath(originalPath);
         }
     }


     protected URLConnection getURLConnection(String originalPath, boolean virtual) throws IOException {
         ServletContextAndPath csAndP = getServletContextAndPath(originalPath, virtual);
         ServletContext context = csAndP.servletContext();
         String path = csAndP.path();
         URL url = context.getResource(path);
         if (url == null) {
             throw new IOException(sm.getString("ssiServletExternalResolver.noResource", path));
         }
         return url.openConnection();
     }


     @Override
     public long getFileLastModified(String path, boolean virtual) throws IOException {
         long lastModified = 0;
         try {
             URLConnection urlConnection = getURLConnection(path, virtual);
             lastModified = urlConnection.getLastModified();
         } catch (IOException ignore) {
             // Ignore this. It will always fail for non-file based includes
         }
         return lastModified;
     }


     @Override
     public long getFileSize(String path, boolean virtual) throws IOException {
         long fileSize = -1;
         try {
             URLConnection urlConnection = getURLConnection(path, virtual);
             fileSize = urlConnection.getContentLengthLong();
         } catch (IOException ignore) {
             // Ignore this. It will always fail for non-file based includes
         }
         return fileSize;
     }


     /*
      * We are making lots of unnecessary copies of the included data here. If someone ever complains that this is slow,
      * we should connect the included stream to the print writer that SSICommand uses.
      */
     @Override
     public String getFileText(String originalPath, boolean virtual) throws IOException {
         try {
             ServletContextAndPath csAndP = getServletContextAndPath(originalPath, virtual);
             ServletContext context = csAndP.servletContext();
             String path = csAndP.path();
             RequestDispatcher rd = context.getRequestDispatcher(path);
             if (rd == null) {
                 throw new IOException(sm.getString("ssiServletExternalResolver.requestDispatcherError", path));
             }
             ByteArrayServletOutputStream basos = new ByteArrayServletOutputStream();
             ResponseIncludeWrapper responseIncludeWrapper = new ResponseIncludeWrapper(res, basos);
             rd.include(req, responseIncludeWrapper);
             // We can't assume the included servlet flushed its output
             responseIncludeWrapper.flushOutputStreamOrWriter();
             byte[] bytes = basos.toByteArray();

             // Assume platform default encoding unless otherwise specified
             String retVal;
             if (inputEncoding == null) {
                 retVal = new String(bytes);
             } else {
                 retVal = new String(bytes, B2CConverter.getCharset(inputEncoding));
             }

             /*
              * Make an assumption that an empty response is a failure. This is a problem if a truly empty file were
              * included, but not sure how else to tell.
              */
             if (retVal.isEmpty() && !Method.HEAD.equals(req.getMethod())) {
                 throw new IOException(sm.getString("ssiServletExternalResolver.noFile", path));
             }
             return retVal;
         } catch (ServletException e) {
             throw new IOException(sm.getString("ssiServletExternalResolver.noIncludeFile", originalPath), e);
         }
     }

     protected record ServletContextAndPath(ServletContext servletContext, String path) {
         public ServletContext getServletContext() {
             return servletContext;
         }

         public String getPath() {
             return path;
         }
     }
 }
	/*
	* Licensed to the Apache Software Foundation (ASF) under one or more
	* contributor license agreements. See the NOTICE file distributed with
	* this work for additional information regarding copyright ownership.
	* The ASF licenses this file to You under the Apache License, Version 2.0
	* (the "License"); you may not use this file except in compliance with
	* the License. You may obtain a copy of the License at
	*
	* http://www.apache.org/licenses/LICENSE-2.0
	*
	* Unless required by applicable law or agreed to in writing, software
	* distributed under the License is distributed on an "AS IS" BASIS,
	* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
	* See the License for the specific language governing permissions and
	* limitations under the License.
	*/
	package org.apache.catalina.ssi;


	import java.io.IOException;
	import java.net.URL;
	import java.net.URLConnection;
	import java.nio.charset.Charset;
	import java.nio.charset.StandardCharsets;
	import java.util.Collection;
	import java.util.Date;
	import java.util.Enumeration;
	import java.util.Locale;
	import java.util.Objects;

	import jakarta.servlet.RequestDispatcher;
	import jakarta.servlet.ServletContext;
	import jakarta.servlet.ServletException;
	import jakarta.servlet.http.HttpServletRequest;
	import jakarta.servlet.http.HttpServletResponse;

	import org.apache.catalina.connector.Connector;
	import org.apache.catalina.connector.Request;
	import org.apache.tomcat.util.buf.B2CConverter;
	import org.apache.tomcat.util.buf.UDecoder;
	import org.apache.tomcat.util.http.Method;
	import org.apache.tomcat.util.http.RequestUtil;
	import org.apache.tomcat.util.res.StringManager;

	/**
	* An implementation of SSIExternalResolver that is used with servlets.
	*/
	public class SSIServletExternalResolver implements SSIExternalResolver {
	private static final StringManager sm = StringManager.getManager(SSIServletExternalResolver.class);
	protected final String[] VARIABLE_NAMES = { "AUTH_TYPE", "CONTENT_LENGTH", "CONTENT_TYPE", "DOCUMENT_NAME",
	"DOCUMENT_URI", "GATEWAY_INTERFACE", "HTTP_ACCEPT", "HTTP_ACCEPT_ENCODING", "HTTP_ACCEPT_LANGUAGE",
	"HTTP_CONNECTION", "HTTP_HOST", "HTTP_REFERER", "HTTP_USER_AGENT", "PATH_INFO", "PATH_TRANSLATED",
	"QUERY_STRING", "QUERY_STRING_UNESCAPED", "REMOTE_ADDR", "REMOTE_HOST", "REMOTE_PORT", "REMOTE_USER",
	"REQUEST_METHOD", "REQUEST_URI", "SCRIPT_FILENAME", "SCRIPT_NAME", "SERVER_ADDR", "SERVER_NAME",
	"SERVER_PORT", "SERVER_PROTOCOL", "SERVER_SOFTWARE", "UNIQUE_ID" };
	protected final ServletContext context;
	protected final HttpServletRequest req;
	protected final HttpServletResponse res;
	protected final boolean isVirtualWebappRelative;
	protected final int debug;
	protected final String inputEncoding;

	public SSIServletExternalResolver(ServletContext context, HttpServletRequest req, HttpServletResponse res,
	boolean isVirtualWebappRelative, int debug, String inputEncoding) {
	this.context = context;
	this.req = req;
	this.res = res;
	this.isVirtualWebappRelative = isVirtualWebappRelative;
	this.debug = debug;
	this.inputEncoding = inputEncoding;
	}


	@Override
	public void log(String message, Throwable throwable) {
	/*
	* We can't assume that Servlet.log(message, null) is the same as Servlet.log( message ), since API doesn't seem
	* to say so.
	*/
	if (throwable != null) {
	context.log(message, throwable);
	} else {
	context.log(message);
	}
	}


	@Override
	public void addVariableNames(Collection<String> variableNames) {
	for (String variableName : VARIABLE_NAMES) {
	String variableValue = getVariableValue(variableName);
	if (variableValue != null) {
	variableNames.add(variableName);
	}
	}
	Enumeration<String> e = req.getAttributeNames();
	while (e.hasMoreElements()) {
	String name = e.nextElement();
	if (!isNameReserved(name)) {
	variableNames.add(name);
	}
	}
	}


	protected Object getReqAttributeIgnoreCase(String targetName) {
	Object object = null;
	if (!isNameReserved(targetName)) {
	object = req.getAttribute(targetName);
	if (object == null) {
	Enumeration<String> e = req.getAttributeNames();
	while (e.hasMoreElements()) {
	String name = e.nextElement();
	if (targetName.equalsIgnoreCase(name) && !isNameReserved(name)) {
	object = req.getAttribute(name);
	if (object != null) {
	break;
	}
	}
	}
	}
	}
	return object;
	}


	protected boolean isNameReserved(String name) {
	return name.startsWith("java.") \|\| name.startsWith("javax.") \|\| name.startsWith("sun.");
	}


	@Override
	public void setVariableValue(String name, String value) {
	if (!isNameReserved(name)) {
	req.setAttribute(name, value);
	}
	}


	@Override
	public String getVariableValue(String name) {
	String retVal;
	Object object = getReqAttributeIgnoreCase(name);
	if (object != null) {
	retVal = object.toString();
	} else {
	retVal = getCGIVariable(name);
	}
	return retVal;
	}


	protected String getCGIVariable(String name) {
	String retVal = null;
	String[] nameParts = name.toUpperCase(Locale.ENGLISH).split("_");
	int requiredParts = 2;
	if (nameParts.length == 1) {
	if (nameParts[0].equals("PATH")) {
	requiredParts = 1;
	}
	} else if (nameParts[0].equals("AUTH")) {
	if (nameParts[1].equals("TYPE")) {
	retVal = req.getAuthType();
	}
	} else if (nameParts[0].equals("CONTENT")) {
	if (nameParts[1].equals("LENGTH")) {
	long contentLength = req.getContentLengthLong();
	if (contentLength >= 0) {
	retVal = Long.toString(contentLength);
	}
	} else if (nameParts[1].equals("TYPE")) {
	retVal = req.getContentType();
	}
	} else if (nameParts[0].equals("DOCUMENT")) {
	if (nameParts[1].equals("NAME")) {
	String requestURI = req.getRequestURI();
	retVal = requestURI.substring(requestURI.lastIndexOf('/') + 1);
	} else if (nameParts[1].equals("URI")) {
	retVal = req.getRequestURI();
	}
	} else if (name.equalsIgnoreCase("GATEWAY_INTERFACE")) {
	retVal = "CGI/1.1";
	} else if (nameParts[0].equals("HTTP")) {
	switch (nameParts[1]) {
	case "ACCEPT" -> {
	String accept = null;
	if (nameParts.length == 2) {
	accept = "Accept";
	} else if (nameParts[2].equals("ENCODING")) {
	requiredParts = 3;
	accept = "Accept-Encoding";
	} else if (nameParts[2].equals("LANGUAGE")) {
	requiredParts = 3;
	accept = "Accept-Language";
	}
	if (accept != null) {
	Enumeration<String> acceptHeaders = req.getHeaders(accept);
	if (acceptHeaders != null) {
	if (acceptHeaders.hasMoreElements()) {
	StringBuilder rv = new StringBuilder(acceptHeaders.nextElement());
	while (acceptHeaders.hasMoreElements()) {
	rv.append(", ");
	rv.append(acceptHeaders.nextElement());
	}
	retVal = rv.toString();
	}
	}
	}
	}
	case "CONNECTION" -> retVal = req.getHeader("Connection");
	case "HOST" -> retVal = req.getHeader("Host");
	case "REFERER" -> retVal = req.getHeader("Referer");
	case "USER" -> {
	if (nameParts.length == 3) {
	if (nameParts[2].equals("AGENT")) {
	requiredParts = 3;
	retVal = req.getHeader("User-Agent");
	}
	}
	}
	}

	} else if (nameParts[0].equals("PATH")) {
	if (nameParts[1].equals("INFO")) {
	retVal = req.getPathInfo();
	} else if (nameParts[1].equals("TRANSLATED")) {
	retVal = req.getPathTranslated();
	}
	} else if (nameParts[0].equals("QUERY")) {
	if (nameParts[1].equals("STRING")) {
	String queryString = req.getQueryString();
	if (nameParts.length == 2) {
	// apache displays this as an empty string rather than (none)
	retVal = nullToEmptyString(queryString);
	} else if (nameParts[2].equals("UNESCAPED")) {
	requiredParts = 3;
	if (queryString != null) {
	Charset uriCharset = null;
	Charset requestCharset = null;
	boolean useBodyEncodingForURI = false;

	// Get encoding settings from request / connector if possible
	if (req instanceof Request) {
	requestCharset = ((Request) req).getCoyoteRequest().getCharsetHolder().getCharset();
	Connector connector = ((Request) req).getConnector();
	uriCharset = connector.getURICharset();
	useBodyEncodingForURI = connector.getUseBodyEncodingForURI();
	}

	Charset queryStringCharset;

	// If valid, apply settings from request / connector
	// Use default as a last resort
	if (useBodyEncodingForURI && requestCharset != null) {
	queryStringCharset = requestCharset;
	} else {
	queryStringCharset = Objects.requireNonNullElse(uriCharset, StandardCharsets.UTF_8);
	}

	retVal = UDecoder.URLDecode(queryString, queryStringCharset);
	}
	}
	}
	} else if (nameParts[0].equals("REMOTE")) {
	switch (nameParts[1]) {
	case "ADDR" -> retVal = req.getRemoteAddr();
	case "HOST" -> retVal = req.getRemoteHost();
	case "IDENT" -> {
	// Not implemented
	}
	case "PORT" -> retVal = Integer.toString(req.getRemotePort());
	case "USER" -> retVal = req.getRemoteUser();
	}
	} else if (nameParts[0].equals("REQUEST")) {
	if (nameParts[1].equals("METHOD")) {
	retVal = req.getMethod();
	} else if (nameParts[1].equals("URI")) {
	// If this is an error page, get the original URI
	retVal = (String) req.getAttribute(RequestDispatcher.FORWARD_REQUEST_URI);
	if (retVal == null) {
	retVal = req.getRequestURI();
	}
	}
	} else if (nameParts[0].equals("SCRIPT")) {
	String scriptName = req.getServletPath();
	if (nameParts[1].equals("FILENAME")) {
	retVal = context.getRealPath(scriptName);
	} else if (nameParts[1].equals("NAME")) {
	retVal = scriptName;
	}
	} else if (nameParts[0].equals("SERVER")) {
	if (nameParts[1].equals("ADDR")) {
	retVal = req.getLocalAddr();
	}
	if (nameParts[1].equals("NAME")) {
	retVal = req.getServerName();
	} else if (nameParts[1].equals("PORT")) {
	retVal = Integer.toString(req.getServerPort());
	} else if (nameParts[1].equals("PROTOCOL")) {
	retVal = req.getProtocol();
	} else if (nameParts[1].equals("SOFTWARE")) {
	retVal = context.getServerInfo() + ' ' + System.getProperty("java.vm.name") + '/' +
	System.getProperty("java.vm.version") + ' ' + System.getProperty("os.name");
	}
	} else if (name.equalsIgnoreCase("UNIQUE_ID")) {
	retVal = req.getRequestedSessionId();
	}
	if (requiredParts != nameParts.length) {
	return null;
	}
	return retVal;
	}

	@Override
	public Date getCurrentDate() {
	return new Date();
	}


	protected String nullToEmptyString(String string) {
	String retVal = string;
	if (retVal == null) {
	retVal = "";
	}
	return retVal;
	}


	protected String getPathWithoutFileName(String servletPath) {
	String retVal = null;
	int lastSlash = servletPath.lastIndexOf('/');
	if (lastSlash >= 0) {
	// cut off file name
	retVal = servletPath.substring(0, lastSlash + 1);
	}
	return retVal;
	}


	protected String getPathWithoutContext(final String contextPath, final String servletPath) {
	if (servletPath.startsWith(contextPath)) {
	return servletPath.substring(contextPath.length());
	}
	return servletPath;
	}


	protected String getAbsolutePath(String path) throws IOException {
	String pathWithoutContext = SSIServletRequestUtil.getRelativePath(req);
	String prefix = getPathWithoutFileName(pathWithoutContext);
	if (prefix == null) {
	throw new IOException(sm.getString("ssiServletExternalResolver.removeFilenameError", pathWithoutContext));
	}
	String fullPath = prefix + path;
	String retVal = RequestUtil.normalize(fullPath);
	if (retVal == null) {
	throw new IOException(sm.getString("ssiServletExternalResolver.normalizationError", fullPath));
	}
	return retVal;
	}


	protected ServletContextAndPath getServletContextAndPathFromNonVirtualPath(String nonVirtualPath)
	throws IOException {
	if (nonVirtualPath.startsWith("/") \|\| nonVirtualPath.startsWith("\\")) {
	throw new IOException(sm.getString("ssiServletExternalResolver.absoluteNonVirtualPath", nonVirtualPath));
	}
	if (nonVirtualPath.contains("../")) {
	throw new IOException(
	sm.getString("ssiServletExternalResolver.pathTraversalNonVirtualPath", nonVirtualPath));
	}
	return new ServletContextAndPath(context, getAbsolutePath(nonVirtualPath));
	}


	protected ServletContextAndPath getServletContextAndPathFromVirtualPath(String virtualPath) throws IOException {

	if (!virtualPath.startsWith("/") && !virtualPath.startsWith("\\")) {
	return new ServletContextAndPath(context, getAbsolutePath(virtualPath));
	}

	String normalized = RequestUtil.normalize(virtualPath);
	if (isVirtualWebappRelative) {
	return new ServletContextAndPath(context, normalized);
	}

	ServletContext normContext = context.getContext(normalized);
	if (normContext == null) {
	throw new IOException(sm.getString("ssiServletExternalResolver.noContext", normalized));
	}
	// If it's the root context, then there is no context element to remove.
	// ie: '/file1.shtml' vs '/appName1/file1.shtml'
	if (!isRootContext(normContext)) {
	String noContext = getPathWithoutContext(normContext.getContextPath(), normalized);
	return new ServletContextAndPath(normContext, noContext);
	}

	return new ServletContextAndPath(normContext, normalized);
	}


	// Assumes servletContext is not-null
	// Assumes that identity comparison will be true for the same context
	// Assuming the above, getContext("/") will be non-null as long as the root context is accessible.
	// If it isn't, then servletContext can't be the root context anyway, hence they will not match.
	protected boolean isRootContext(ServletContext servletContext) {
	return servletContext == servletContext.getContext("/");
	}


	protected ServletContextAndPath getServletContextAndPath(String originalPath, boolean virtual) throws IOException {
	if (debug > 0) {
	log("SSIServletExternalResolver.getServletContextAndPath( " + originalPath + ", " + virtual + ")", null);
	}
	if (virtual) {
	return getServletContextAndPathFromVirtualPath(originalPath);
	} else {
	return getServletContextAndPathFromNonVirtualPath(originalPath);
	}
	}


	protected URLConnection getURLConnection(String originalPath, boolean virtual) throws IOException {
	ServletContextAndPath csAndP = getServletContextAndPath(originalPath, virtual);
	ServletContext context = csAndP.servletContext();
	String path = csAndP.path();
	URL url = context.getResource(path);
	if (url == null) {
	throw new IOException(sm.getString("ssiServletExternalResolver.noResource", path));
	}
	return url.openConnection();
	}


	@Override
	public long getFileLastModified(String path, boolean virtual) throws IOException {
	long lastModified = 0;
	try {
	URLConnection urlConnection = getURLConnection(path, virtual);
	lastModified = urlConnection.getLastModified();
	} catch (IOException ignore) {
	// Ignore this. It will always fail for non-file based includes
	}
	return lastModified;
	}


	@Override
	public long getFileSize(String path, boolean virtual) throws IOException {
	long fileSize = -1;
	try {
	URLConnection urlConnection = getURLConnection(path, virtual);
	fileSize = urlConnection.getContentLengthLong();
	} catch (IOException ignore) {
	// Ignore this. It will always fail for non-file based includes
	}
	return fileSize;
	}


	/*
	* We are making lots of unnecessary copies of the included data here. If someone ever complains that this is slow,
	* we should connect the included stream to the print writer that SSICommand uses.
	*/
	@Override
	public String getFileText(String originalPath, boolean virtual) throws IOException {
	try {
	ServletContextAndPath csAndP = getServletContextAndPath(originalPath, virtual);
	ServletContext context = csAndP.servletContext();
	String path = csAndP.path();
	RequestDispatcher rd = context.getRequestDispatcher(path);
	if (rd == null) {
	throw new IOException(sm.getString("ssiServletExternalResolver.requestDispatcherError", path));
	}
	ByteArrayServletOutputStream basos = new ByteArrayServletOutputStream();
	ResponseIncludeWrapper responseIncludeWrapper = new ResponseIncludeWrapper(res, basos);
	rd.include(req, responseIncludeWrapper);
	// We can't assume the included servlet flushed its output
	responseIncludeWrapper.flushOutputStreamOrWriter();
	byte[] bytes = basos.toByteArray();

	// Assume platform default encoding unless otherwise specified
	String retVal;
	if (inputEncoding == null) {
	retVal = new String(bytes);
	} else {
	retVal = new String(bytes, B2CConverter.getCharset(inputEncoding));
	}

	/*
	* Make an assumption that an empty response is a failure. This is a problem if a truly empty file were
	* included, but not sure how else to tell.
	*/
	if (retVal.isEmpty() && !Method.HEAD.equals(req.getMethod())) {
	throw new IOException(sm.getString("ssiServletExternalResolver.noFile", path));
	}
	return retVal;
	} catch (ServletException e) {
	throw new IOException(sm.getString("ssiServletExternalResolver.noIncludeFile", originalPath), e);
	}
	}

	protected record ServletContextAndPath(ServletContext servletContext, String path) {
	public ServletContext getServletContext() {
	return servletContext;
	}

	public String getPath() {
	return path;
	}
	}
	}