Apache
/
httpcomponents-client
mirror of https://github.com/apache/httpcomponents-client.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Made handling of refused tunnel exception consistent between the classic and async protocol handler implementations; Proxy response body no longer gets buffered in memory in order to avoid excessive resource allocation in case of a proxy misbehavior

This commit is contained in:
Oleg Kalnichevski 2024-04-25 10:51:56 +02:00
parent 5eb15a1be4
commit a0a38afbee
4 changed files with 9 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/AsyncConnectExec.java
View File

@ -122,6 +122,7 @@ public final class AsyncConnectExec implements AsyncExecChainHandler {
volatile boolean challenged;
volatile boolean tunnelRefused;
volatile HttpResponse tunnelResponse;
}
@ -294,7 +295,7 @@ public final class AsyncConnectExec implements AsyncExecChainHandler {
if (LOG.isDebugEnabled()) {
LOG.debug("{} tunnel refused", exchangeId);
}
asyncExecCallback.failed(new TunnelRefusedException("Tunnel refused", null));
asyncExecCallback.failed(new TunnelRefusedException("CONNECT refused by proxy: " + new StatusLine(state.tunnelResponse), null));
} else {
if (LOG.isDebugEnabled()) {
LOG.debug("{} tunnel to target created", exchangeId);
@ -455,7 +456,8 @@ public final class AsyncConnectExec implements AsyncExecChainHandler {
state.challenged = false;
if (status >= HttpStatus.SC_REDIRECTION) {
state.tunnelRefused = true;
entityConsumerRef.set(asyncExecCallback.handleResponse(response, entityDetails));
state.tunnelResponse = response;
entityConsumerRef.set(null);
} else if (status == HttpStatus.SC_OK) {
asyncExecCallback.completed();
} else {

7
httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ConnectExec.java
View File

@ -282,12 +282,9 @@ public final class ConnectExec implements ExecChainHandler {
final int status = response.getCode();
if (status != HttpStatus.SC_OK) {
// Buffer response content
final HttpEntity entity = response.getEntity();
final String responseMessage = entity != null ? EntityUtils.toString(entity) : null;
EntityUtils.consume(response.getEntity());
execRuntime.disconnectEndpoint();
throw new TunnelRefusedException("CONNECT refused by proxy: " + new StatusLine(response), responseMessage);
throw new TunnelRefusedException("CONNECT refused by proxy: " + new StatusLine(response), null);
}
// How to decide on security of the tunnelled connection?

7
httpclient5/src/main/java/org/apache/hc/client5/http/impl/classic/ProxyClient.java
View File

@ -200,12 +200,9 @@ public class ProxyClient {
final int status = response.getCode();
if (status > 299) {
// Buffer response content
final HttpEntity entity = response.getEntity();
final String responseMessage = entity != null ? EntityUtils.toString(entity) : null;
EntityUtils.consume(response.getEntity());
conn.close();
throw new TunnelRefusedException("CONNECT refused by proxy: " + new StatusLine(response), responseMessage);
throw new TunnelRefusedException("CONNECT refused by proxy: " + new StatusLine(response), null);
}
return conn.getSocket();
}

4
httpclient5/src/test/java/org/apache/hc/client5/http/impl/classic/TestConnectExec.java
View File

@ -218,9 +218,7 @@ public class TestConnectExec {
Mockito.any())).thenReturn(response);
final ExecChain.Scope scope = new ExecChain.Scope("test", route, request, execRuntime, context);
final TunnelRefusedException exception = Assertions.assertThrows(TunnelRefusedException.class, () ->
exec.execute(request, scope, execChain));
Assertions.assertEquals("Ka-boom", exception.getResponseMessage());
Assertions.assertThrows(TunnelRefusedException.class, () -> exec.execute(request, scope, execChain));
Mockito.verify(execRuntime, Mockito.atLeastOnce()).disconnectEndpoint();
Mockito.verify(execRuntime).discardEndpoint();
}