Fixes #827 - HTTPClient fails connecting to HTTPS host through an HTTP proxy w/authentication.

Using https scheme in CONNECT request if the proxy is secure.
A Proxy must not match its own address.
Resolved correctly request URI in case of CONNECT requests.
This commit is contained in:
Simone Bordet 2016-08-11 19:25:31 +02:00
parent b45af1a3c9
commit 7041e5102d
4 changed files with 51 additions and 7 deletions

View File

@ -117,7 +117,7 @@ public abstract class AuthenticationProtocolHandler implements ProtocolHandler
Authentication authentication = null;
Authentication.HeaderInfo headerInfo = null;
URI authURI = getAuthenticationURI(request);
URI authURI = resolveURI(request, getAuthenticationURI(request));
if (authURI != null)
{
for (Authentication.HeaderInfo element : headerInfos)
@ -155,11 +155,7 @@ public abstract class AuthenticationProtocolHandler implements ProtocolHandler
String path = null;
if (requestURI == null)
{
String uri = request.getScheme() + "://" + request.getHost();
int port = request.getPort();
if (port > 0)
uri += ":" + port;
requestURI = URI.create(uri);
requestURI = resolveURI(request, null);
path = request.getPath();
}
Request newRequest = client.copyRequest(request, requestURI);
@ -187,6 +183,17 @@ public abstract class AuthenticationProtocolHandler implements ProtocolHandler
}
}
private URI resolveURI(HttpRequest request, URI uri)
{
if (uri != null)
return uri;
String target = request.getScheme() + "://" + request.getHost();
int port = request.getPort();
if (port > 0)
target += ":" + port;
return URI.create(target);
}
private void copyIfAbsent(HttpRequest oldRequest, Request newRequest, HttpHeader header)
{
HttpField field = oldRequest.getHeaders().getField(header);

View File

@ -163,6 +163,9 @@ public class HttpProxy extends ProxyConfiguration.Proxy
.header(HttpHeader.HOST, target)
.idleTimeout(2 * connectTimeout, TimeUnit.MILLISECONDS)
.timeout(connectTimeout, TimeUnit.MILLISECONDS);
ProxyConfiguration.Proxy proxy = destination.getProxy();
if (proxy != null && proxy.isSecure())
connect.scheme(HttpScheme.HTTPS.asString());
final HttpConversation conversation = ((HttpRequest)connect).getConversation();
conversation.setAttribute(EndPoint.class.getName(), endPoint);

View File

@ -122,6 +122,9 @@ public class ProxyConfiguration
*/
public boolean matches(Origin origin)
{
if (getAddress().equals(origin.getAddress()))
return false;
boolean result = included.isEmpty();
Origin.Address address = origin.getAddress();
for (String included : this.included)

View File

@ -504,6 +504,29 @@ public class ForwardProxyTLSServerTest
});
}
@Test
public void testProxyAuthenticationWithIncludedAddressWithResponseContent() throws Exception
{
final String realm = "test-realm";
testProxyAuthentication(realm, new ConnectHandler()
{
@Override
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
{
String proxyAuth = request.getHeader(HttpHeader.PROXY_AUTHORIZATION.asString());
if (proxyAuth == null)
{
baseRequest.setHandled(true);
response.setStatus(HttpStatus.PROXY_AUTHENTICATION_REQUIRED_407);
response.setHeader(HttpHeader.PROXY_AUTHENTICATE.asString(), "Basic realm=\"" + realm + "\"");
response.getOutputStream().write(new byte[1024]);
return;
}
super.handle(target, baseRequest, request, response);
}
}, true);
}
@Test
public void testProxyAuthenticationClosesConnection() throws Exception
{
@ -529,12 +552,20 @@ public class ForwardProxyTLSServerTest
}
private void testProxyAuthentication(String realm, ConnectHandler connectHandler) throws Exception
{
testProxyAuthentication(realm, connectHandler, false);
}
private void testProxyAuthentication(String realm, ConnectHandler connectHandler, boolean includeAddress) throws Exception
{
startTLSServer(new ServerHandler());
startProxy(connectHandler);
HttpClient httpClient = new HttpClient(newSslContextFactory());
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
HttpProxy httpProxy = newHttpProxy();
if (includeAddress)
httpProxy.getIncludedAddresses().add("localhost:" + serverConnector.getLocalPort());
httpClient.getProxyConfiguration().getProxies().add(httpProxy);
URI uri = URI.create((proxySslContextFactory == null ? "http" : "https") + "://localhost:" + proxyConnector.getLocalPort());
httpClient.getAuthenticationStore().addAuthentication(new BasicAuthentication(uri, realm, "proxyUser", "proxyPassword"));
httpClient.start();