Fixes #827 - HTTPClient fails connecting to HTTPS host through an HTTP proxy w/authentication.
Using https scheme in CONNECT request if the proxy is secure. A Proxy must not match its own address. Resolved correctly request URI in case of CONNECT requests.
This commit is contained in:
parent
b45af1a3c9
commit
7041e5102d
|
@ -117,7 +117,7 @@ public abstract class AuthenticationProtocolHandler implements ProtocolHandler
|
|||
|
||||
Authentication authentication = null;
|
||||
Authentication.HeaderInfo headerInfo = null;
|
||||
URI authURI = getAuthenticationURI(request);
|
||||
URI authURI = resolveURI(request, getAuthenticationURI(request));
|
||||
if (authURI != null)
|
||||
{
|
||||
for (Authentication.HeaderInfo element : headerInfos)
|
||||
|
@ -155,11 +155,7 @@ public abstract class AuthenticationProtocolHandler implements ProtocolHandler
|
|||
String path = null;
|
||||
if (requestURI == null)
|
||||
{
|
||||
String uri = request.getScheme() + "://" + request.getHost();
|
||||
int port = request.getPort();
|
||||
if (port > 0)
|
||||
uri += ":" + port;
|
||||
requestURI = URI.create(uri);
|
||||
requestURI = resolveURI(request, null);
|
||||
path = request.getPath();
|
||||
}
|
||||
Request newRequest = client.copyRequest(request, requestURI);
|
||||
|
@ -187,6 +183,17 @@ public abstract class AuthenticationProtocolHandler implements ProtocolHandler
|
|||
}
|
||||
}
|
||||
|
||||
private URI resolveURI(HttpRequest request, URI uri)
|
||||
{
|
||||
if (uri != null)
|
||||
return uri;
|
||||
String target = request.getScheme() + "://" + request.getHost();
|
||||
int port = request.getPort();
|
||||
if (port > 0)
|
||||
target += ":" + port;
|
||||
return URI.create(target);
|
||||
}
|
||||
|
||||
private void copyIfAbsent(HttpRequest oldRequest, Request newRequest, HttpHeader header)
|
||||
{
|
||||
HttpField field = oldRequest.getHeaders().getField(header);
|
||||
|
|
|
@ -163,6 +163,9 @@ public class HttpProxy extends ProxyConfiguration.Proxy
|
|||
.header(HttpHeader.HOST, target)
|
||||
.idleTimeout(2 * connectTimeout, TimeUnit.MILLISECONDS)
|
||||
.timeout(connectTimeout, TimeUnit.MILLISECONDS);
|
||||
ProxyConfiguration.Proxy proxy = destination.getProxy();
|
||||
if (proxy != null && proxy.isSecure())
|
||||
connect.scheme(HttpScheme.HTTPS.asString());
|
||||
|
||||
final HttpConversation conversation = ((HttpRequest)connect).getConversation();
|
||||
conversation.setAttribute(EndPoint.class.getName(), endPoint);
|
||||
|
|
|
@ -122,6 +122,9 @@ public class ProxyConfiguration
|
|||
*/
|
||||
public boolean matches(Origin origin)
|
||||
{
|
||||
if (getAddress().equals(origin.getAddress()))
|
||||
return false;
|
||||
|
||||
boolean result = included.isEmpty();
|
||||
Origin.Address address = origin.getAddress();
|
||||
for (String included : this.included)
|
||||
|
|
|
@ -504,6 +504,29 @@ public class ForwardProxyTLSServerTest
|
|||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testProxyAuthenticationWithIncludedAddressWithResponseContent() throws Exception
|
||||
{
|
||||
final String realm = "test-realm";
|
||||
testProxyAuthentication(realm, new ConnectHandler()
|
||||
{
|
||||
@Override
|
||||
public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException
|
||||
{
|
||||
String proxyAuth = request.getHeader(HttpHeader.PROXY_AUTHORIZATION.asString());
|
||||
if (proxyAuth == null)
|
||||
{
|
||||
baseRequest.setHandled(true);
|
||||
response.setStatus(HttpStatus.PROXY_AUTHENTICATION_REQUIRED_407);
|
||||
response.setHeader(HttpHeader.PROXY_AUTHENTICATE.asString(), "Basic realm=\"" + realm + "\"");
|
||||
response.getOutputStream().write(new byte[1024]);
|
||||
return;
|
||||
}
|
||||
super.handle(target, baseRequest, request, response);
|
||||
}
|
||||
}, true);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testProxyAuthenticationClosesConnection() throws Exception
|
||||
{
|
||||
|
@ -529,12 +552,20 @@ public class ForwardProxyTLSServerTest
|
|||
}
|
||||
|
||||
private void testProxyAuthentication(String realm, ConnectHandler connectHandler) throws Exception
|
||||
{
|
||||
testProxyAuthentication(realm, connectHandler, false);
|
||||
}
|
||||
|
||||
private void testProxyAuthentication(String realm, ConnectHandler connectHandler, boolean includeAddress) throws Exception
|
||||
{
|
||||
startTLSServer(new ServerHandler());
|
||||
startProxy(connectHandler);
|
||||
|
||||
HttpClient httpClient = new HttpClient(newSslContextFactory());
|
||||
httpClient.getProxyConfiguration().getProxies().add(newHttpProxy());
|
||||
HttpProxy httpProxy = newHttpProxy();
|
||||
if (includeAddress)
|
||||
httpProxy.getIncludedAddresses().add("localhost:" + serverConnector.getLocalPort());
|
||||
httpClient.getProxyConfiguration().getProxies().add(httpProxy);
|
||||
URI uri = URI.create((proxySslContextFactory == null ? "http" : "https") + "://localhost:" + proxyConnector.getLocalPort());
|
||||
httpClient.getAuthenticationStore().addAuthentication(new BasicAuthentication(uri, realm, "proxyUser", "proxyPassword"));
|
||||
httpClient.start();
|
||||
|
|
Loading…
Reference in New Issue