mirrors/JetBrainsRuntime
1
0
Fork 0
mirror of https://github.com/JetBrains/JetBrainsRuntime.git synced 2025-12-06 09:29:38 +01:00
Code Issues Packages Projects Releases Wiki Activity

8326949: Authorization header is removed when a proxy Authenticator is set on HttpClient

Browse Source 
Reviewed-by: dfuchs, jpai, djelinski
This commit is contained in:
Michael McMahon
2024-10-22 14:09:10 +00:00
committed by Maxim Kartashev
parent 6b2a8b03f7
commit c971b2d6fc
9 changed files with 598 additions and 212 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
src/java.net.http/share/classes/java/net/http/HttpClient.java
View File

@@ -382,6 +382,14 @@ public abstract class HttpClient implements AutoCloseable {
/**
* Sets an authenticator to use for HTTP authentication.
*
* @implNote
* In the JDK built-in implementation of the {@code HttpClient},
* if a {@link HttpRequest} has an {@code Authorization} or {@code
* Proxy-Authorization} header set then its value is used and
* the {@link Authenticator} is not invoked for the corresponding
* authentication. In this case, any authentication errors are returned
* to the user and requests are not automatically retried.
*
* @param authenticator the Authenticator
* @return this builder
*/

8
src/java.net.http/share/classes/jdk/internal/net/http/AuthenticationFilter.java
View File

@@ -245,6 +245,14 @@ class AuthenticationFilter implements HeaderFilter {
HttpHeaders hdrs = r.headers();
HttpRequestImpl req = r.request();
if (req.getUserSetAuthFlag(SERVER) && status == UNAUTHORIZED) {
// return the response. We don't handle it.
return null;
} else if (req.getUserSetAuthFlag(PROXY) && status == PROXY_UNAUTHORIZED) {
// same
return null;
}
if (status != PROXY_UNAUTHORIZED) {
if (exchange.proxyauth != null && !exchange.proxyauth.fromcache) {
AuthInfo au = exchange.proxyauth;

9
src/java.net.http/share/classes/jdk/internal/net/http/Http1Request.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2022, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -45,6 +45,8 @@ import jdk.internal.net.http.common.Logger;
import jdk.internal.net.http.common.Utils;
import static java.lang.String.format;
import static java.net.Authenticator.RequestorType.PROXY;
import static java.net.Authenticator.RequestorType.SERVER;
import static java.nio.charset.StandardCharsets.US_ASCII;
/**
@@ -91,7 +93,6 @@ class Http1Request {
}
}
public void collectHeaders0(StringBuilder sb) {
BiPredicate<String,String> filter =
connection.headerFilter(request);
@@ -104,7 +105,9 @@ class Http1Request {
// Filter overridable headers from userHeaders
userHeaders = HttpHeaders.of(userHeaders.map(),
connection.contextRestricted(request, client));
connection.contextRestricted(request));
Utils.setUserAuthFlags(request, userHeaders);
final HttpHeaders uh = userHeaders;

6
src/java.net.http/share/classes/jdk/internal/net/http/HttpConnection.java
View File

@@ -352,13 +352,13 @@ abstract class HttpConnection implements Closeable {
}
}
BiPredicate<String,String> contextRestricted(HttpRequestImpl request, HttpClient client) {
BiPredicate<String,String> contextRestricted(HttpRequestImpl request) {
if (!isTunnel() && request.isConnect()) {
// establishing a proxy tunnel
assert request.proxy() == null;
return Utils.PROXY_TUNNEL_RESTRICTED(client);
return Utils.PROXY_TUNNEL_RESTRICTED();
} else {
return Utils.CONTEXT_RESTRICTED(client);
return Utils.ACCEPT_ALL;
}
}

31
src/java.net.http/share/classes/jdk/internal/net/http/HttpRequestImpl.java
View File

@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2023, Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
@@ -26,6 +26,7 @@
package jdk.internal.net.http;
import java.io.IOException;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.Proxy;
import java.net.ProxySelector;
@@ -46,6 +47,8 @@ import jdk.internal.net.http.common.HttpHeadersBuilder;
import jdk.internal.net.http.common.Utils;
import jdk.internal.net.http.websocket.WebSocketRequest;
import static java.net.Authenticator.RequestorType.PROXY;
import static java.net.Authenticator.RequestorType.SERVER;
import static jdk.internal.net.http.common.Utils.ALLOWED_HEADERS;
import static jdk.internal.net.http.common.Utils.ProxyHeaders;
@@ -65,6 +68,8 @@ public class HttpRequestImpl extends HttpRequest implements WebSocketRequest {
private volatile AccessControlContext acc;
private final Duration timeout; // may be null
private final Optional<HttpClient.Version> version;
private volatile boolean userSetAuthorization;
private volatile boolean userSetProxyAuthorization;
private static String userAgent() {
PrivilegedAction<String> pa = () -> System.getProperty("java.version");
@@ -332,6 +337,30 @@ public class HttpRequestImpl extends HttpRequest implements WebSocketRequest {
return isWebSocket;
}
/**
* These flags are set if the user set an Authorization or Proxy-Authorization header
* overriding headers produced by an Authenticator that was also set
*
* The values are checked in the AuthenticationFilter which tells the library
* to return whatever response received to the user instead of causing request
* to be resent, in case of error.
*/
public void setUserSetAuthFlag(Authenticator.RequestorType type, boolean value) {
if (type == SERVER) {
userSetAuthorization = value;
} else {
userSetProxyAuthorization = value;
}
}
public boolean getUserSetAuthFlag(Authenticator.RequestorType type) {
if (type == SERVER) {
return userSetAuthorization;
} else {
return userSetProxyAuthorization;
}
}
@Override
public Optional<BodyPublisher> bodyPublisher() {
return requestPublisher == null ? Optional.empty()

3
src/java.net.http/share/classes/jdk/internal/net/http/Stream.java
View File

@@ -790,7 +790,8 @@ class Stream<T> extends ExchangeImpl<T> {
HttpHeaders sysh = filterHeaders(h.build());
HttpHeaders userh = filterHeaders(request.getUserHeaders());
// Filter context restricted from userHeaders
userh = HttpHeaders.of(userh.map(), Utils.CONTEXT_RESTRICTED(client()));
userh = HttpHeaders.of(userh.map(), Utils.ACCEPT_ALL);
Utils.setUserAuthFlags(request, userh);
// Don't override Cookie values that have been set by the CookieHandler.
final HttpHeaders uh = userh;

33
src/java.net.http/share/classes/jdk/internal/net/http/common/Utils.java
View File

@@ -79,6 +79,8 @@ import sun.net.www.HeaderParser;
import static java.lang.String.format;
import static java.nio.charset.StandardCharsets.US_ASCII;
import static java.util.stream.Collectors.joining;
import static java.net.Authenticator.RequestorType.PROXY;
import static java.net.Authenticator.RequestorType.SERVER;
/**
* Miscellaneous utilities
@@ -207,24 +209,10 @@ public final class Utils {
return true;
};
// Headers that are not generally restricted, and can therefore be set by users,
// but can in some contexts be overridden by the implementation.
// Currently, only contains "Authorization" which will
// be overridden, when an Authenticator is set on the HttpClient.
// Needs to be BiPred<String,String> to fit with general form of predicates
// used by caller.
public static final BiPredicate<String, String> CONTEXT_RESTRICTED(HttpClient client) {
return (k, v) -> client.authenticator().isEmpty() ||
(!k.equalsIgnoreCase("Authorization")
&& !k.equalsIgnoreCase("Proxy-Authorization"));
}
public record ProxyHeaders(HttpHeaders userHeaders, HttpHeaders systemHeaders) {}
private static final BiPredicate<String, String> HOST_RESTRICTED = (k,v) -> !"host".equalsIgnoreCase(k);
public static final BiPredicate<String, String> PROXY_TUNNEL_RESTRICTED(HttpClient client) {
return CONTEXT_RESTRICTED(client).and(HOST_RESTRICTED);
public static final BiPredicate<String, String> PROXY_TUNNEL_RESTRICTED() {
return (k,v) -> !"host".equalsIgnoreCase(k);
}
private static final Predicate<String> IS_HOST = "host"::equalsIgnoreCase;
@@ -307,6 +295,19 @@ public final class Utils {
public static final BiPredicate<String, String> NO_PROXY_HEADERS_FILTER =
(n,v) -> Utils.NO_PROXY_HEADER.test(n);
/**
* Check the user headers to see if the Authorization or ProxyAuthorization
* were set. We need to set special flags in the request if so. Otherwise
* we can't distinguish user set from Authenticator set headers
*/
public static void setUserAuthFlags(HttpRequestImpl request, HttpHeaders userHeaders) {
if (userHeaders.firstValue("Authorization").isPresent()) {
request.setUserSetAuthFlag(SERVER, true);
}
if (userHeaders.firstValue("Proxy-Authorization").isPresent()) {
request.setUserSetAuthFlag(PROXY, true);
}
}
public static boolean proxyHasDisabledSchemes(boolean tunnel) {
return tunnel ? ! PROXY_AUTH_TUNNEL_DISABLED_SCHEMES.isEmpty()

188
test/jdk/java/net/httpclient/AuthFilter.java
View File

@@ -1,188 +0,0 @@
/*
* Copyright (c) 2021, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
import com.sun.net.httpserver.Headers;
import com.sun.net.httpserver.HttpExchange;
import com.sun.net.httpserver.HttpHandler;
import com.sun.net.httpserver.HttpServer;
import java.io.*;
import java.net.Authenticator;
import java.net.InetSocketAddress;
import java.net.ProxySelector;
import java.net.URI;
import java.net.http.HttpClient;
import java.net.http.HttpRequest;
import java.net.http.HttpResponse;
import java.nio.channels.*;
import java.nio.charset.StandardCharsets;
import jdk.test.lib.net.IPSupport;
/**
* @test
* @bug 8263442
* @summary Potential bug in jdk.internal.net.http.common.Utils.CONTEXT_RESTRICTED
* @library /test/lib
* @run main/othervm AuthFilter
*/
public class AuthFilter {
static class Auth extends Authenticator {
}
static HttpServer createServer() throws IOException {
HttpServer server = HttpServer.create(new InetSocketAddress(0), 5);
HttpHandler handler = (HttpExchange e) -> {
InputStream is = e.getRequestBody();
is.readAllBytes();
is.close();
Headers reqh = e.getRequestHeaders();
if (reqh.containsKey("authorization")) {
e.sendResponseHeaders(500, -1);
} else {
e.sendResponseHeaders(200, -1);
}
};
server.createContext("/", handler);
return server;
}
public static void main(String[] args) throws Exception {
test(false);
test(true);
}
/**
* Fake proxy. Just looks for Proxy-Authorization header
* and returns error if seen. Returns 200 OK if not.
* Does not actually forward the request
*/
static class ProxyServer extends Thread {
final ServerSocketChannel server;
final int port;
volatile SocketChannel c;
ProxyServer() throws IOException {
server = ServerSocketChannel.open();
server.bind(new InetSocketAddress(0));
if (server.getLocalAddress() instanceof InetSocketAddress isa) {
port = isa.getPort();
} else {
port = -1;
}
}
int getPort() {
return port;
}
static String ok = "HTTP/1.1 200 OK\r\nContent-Length: 0\r\n\r\n";
static String notok1 = "HTTP/1.1 500 Internal Server Error\r\nContent-Length: 0\r\n\r\n";
static String notok2 = "HTTP/1.1 501 Not Implemented\r\nContent-Length: 0\r\n\r\n";
static void reply(String msg, Writer writer) throws IOException {
writer.write(msg);
writer.flush();
}
public void run() {
try {
c = server.accept();
var cs = StandardCharsets.US_ASCII;
LineNumberReader reader = new LineNumberReader(Channels.newReader(c, cs));
Writer writer = Channels.newWriter(c, cs);
String line;
while ((line=reader.readLine()) != null) {
if (line.indexOf("Proxy-Authorization") != -1) {
reply(notok1, writer);
return;
}
if (line.equals("")) {
// end of headers
reply(ok, writer);
return;
}
}
reply(notok2, writer);
} catch (IOException e) {
}
try {
server.close();
c.close();
} catch (IOException ee) {}
}
}
private static InetSocketAddress getLoopback(int port) throws IOException {
if (IPSupport.hasIPv4()) {
return new InetSocketAddress("127.0.0.1", port);
} else {
return new InetSocketAddress("::1", port);
}
}
public static void test(boolean useProxy) throws Exception {
HttpServer server = createServer();
int port = server.getAddress().getPort();
ProxyServer proxy;
InetSocketAddress proxyAddr;
String authHdr;
if (useProxy) {
proxy = new ProxyServer();
proxyAddr = getLoopback(proxy.getPort());
proxy.start();
authHdr = "Proxy-Authorization";
} else {
authHdr = "Authorization";
proxyAddr = null;
}
server.start();
// proxyAddr == null => proxying disabled
HttpClient client = HttpClient
.newBuilder()
.authenticator(new Auth())
.proxy(ProxySelector.of(proxyAddr))
.build();
URI uri = new URI("http://127.0.0.1:" + Integer.toString(port));
HttpRequest request = HttpRequest.newBuilder(uri)
.header(authHdr, "nonsense")
.GET()
.build();
HttpResponse<String> response = client.send(request, HttpResponse.BodyHandlers.ofString());
int r = response.statusCode();
System.out.println(r);
server.stop(0);
if (r != 200)
throw new RuntimeException("Test failed : " + r);
}
}

524
test/jdk/java/net/httpclient/UserAuthWithAuthenticator.java Normal file
View File

@@ -0,0 +1,524 @@
/*
* Copyright (c) 2024, Oracle and/or its affiliates. All rights reserved.
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER.
*
* This code is free software; you can redistribute it and/or modify it
* under the terms of the GNU General Public License version 2 only, as
* published by the Free Software Foundation.
*
* This code is distributed in the hope that it will be useful, but WITHOUT
* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
* FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License
* version 2 for more details (a copy is included in the LICENSE file that
* accompanied this code).
*
* You should have received a copy of the GNU General Public License version
* 2 along with this work; if not, write to the Free Software Foundation,
* Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA.
*
* Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA
* or visit www.oracle.com if you need additional information or have any
* questions.
*/
/**
* @test
* @bug 8326949
* @summary Authorization header is removed when a proxy Authenticator is set
* @library /test/lib /test/jdk/java/net/httpclient /test/jdk/java/net/httpclient/lib
* @build jdk.test.lib.net.SimpleSSLContext jdk.httpclient.test.lib.common.HttpServerAdapters
* jdk.httpclient.test.lib.http2.Http2TestServer
* jdk.test.lib.net.IPSupport
*
* @modules java.net.http/jdk.internal.net.http.common
* java.net.http/jdk.internal.net.http.frame
* java.net.http/jdk.internal.net.http.hpack
* java.logging
* java.base/sun.net.www.http
* java.base/sun.net.www
* java.base/sun.net
*
* @run main/othervm UserAuthWithAuthenticator
*/
import java.io.*;
import java.net.*;
import java.net.http.HttpClient;
import java.net.http.HttpClient.Version;
import java.net.http.HttpRequest;
import java.net.http.HttpRequest.BodyPublishers;
import java.net.http.HttpResponse;
import java.net.http.HttpResponse.BodyHandlers;
import javax.net.ssl.*;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors;
import java.util.regex.*;
import java.util.*;
import jdk.test.lib.net.SimpleSSLContext;
import jdk.test.lib.net.URIBuilder;
import jdk.test.lib.net.IPSupport;
import jdk.httpclient.test.lib.common.HttpServerAdapters;
import jdk.httpclient.test.lib.common.HttpServerAdapters.HttpTestHandler;
import jdk.httpclient.test.lib.common.HttpServerAdapters.HttpTestExchange;
import jdk.httpclient.test.lib.common.HttpServerAdapters.HttpTestServer;
import jdk.httpclient.test.lib.http2.Http2TestServer;
import com.sun.net.httpserver.BasicAuthenticator;
import jdk.test.lib.net.URIBuilder;
import static java.nio.charset.StandardCharsets.US_ASCII;
public class UserAuthWithAuthenticator {
private static final String AUTH_PREFIX = "Basic ";
static class AuthTestHandler implements HttpTestHandler {
volatile String authValue;
final String response = "Hello world";
@Override
public void handle(HttpTestExchange t) throws IOException {
try (InputStream is = t.getRequestBody();
OutputStream os = t.getResponseBody()) {
byte[] bytes = is.readAllBytes();
authValue = t.getRequestHeaders()
.firstValue("Authorization")
.orElse(AUTH_PREFIX)
.substring(AUTH_PREFIX.length());
t.sendResponseHeaders(200, response.length());
os.write(response.getBytes(US_ASCII));
t.close();
}
}
String authValue() {return authValue;}
}
// if useHeader is true, we expect the Authenticator was not called
// and the user set header used. If false, Authenticator must
// be called and the user set header not used.
// If rightPassword is true we expect the authentication to succeed and 200 OK
// If false, then an error should be returned.
static void h2Test(final boolean useHeader, boolean rightPassword) throws Exception {
SSLContext ctx;
HttpTestServer h2s = null;
HttpClient client = null;
ExecutorService ex=null;
try {
ctx = new SimpleSSLContext().get();
ex = Executors.newCachedThreadPool();
InetAddress addr = InetAddress.getLoopbackAddress();
h2s = HttpTestServer.of(new Http2TestServer(addr, "::1", true, 0, ex,
10, null, ctx, false));
AuthTestHandler h = new AuthTestHandler();
var context = h2s.addHandler(h, "/test1");
context.setAuthenticator(new BasicAuthenticator("realm") {
public boolean checkCredentials(String username, String password) {
if (useHeader) {
return username.equals("user") && password.equals("pwd");
} else {
return username.equals("serverUser") && password.equals("serverPwd");
}
}
});
h2s.start();
int port = h2s.getAddress().getPort();
ServerAuth sa = new ServerAuth();
var plainCreds = rightPassword? "user:pwd" : "user:wrongPwd";
var encoded = java.util.Base64.getEncoder().encodeToString(plainCreds.getBytes(US_ASCII));
URI uri = URIBuilder.newBuilder()
.scheme("https")
.host(addr.getHostAddress())
.port(port)
.path("/test1/foo.txt")
.build();
HttpClient.Builder builder = HttpClient.newBuilder()
.sslContext(ctx)
.executor(ex);
builder.authenticator(sa);
client = builder.build();
HttpRequest req = HttpRequest.newBuilder(uri)
.version(HttpClient.Version.HTTP_2)
.header(useHeader ? "Authorization" : "X-Ignore", AUTH_PREFIX + encoded)
.GET()
.build();
HttpResponse<String> resp = client.send(req, HttpResponse.BodyHandlers.ofString());
if (!useHeader) {
assertTrue(resp.statusCode() == 200, "Expected 200 response");
assertTrue(!h.authValue().equals(encoded), "Expected user set header to not be set");
assertTrue(h.authValue().equals(sa.authValue()), "Expected auth value from Authenticator");
assertTrue(sa.wasCalled(), "Expected authenticator to be called");
System.out.println("h2Test: using authenticator OK");
} else if (rightPassword) {
assertTrue(resp.statusCode() == 200, "Expected 200 response");
assertTrue(h.authValue().equals(encoded), "Expected user set header to be set");
assertTrue(!sa.wasCalled(), "Expected authenticator not to be called");
System.out.println("h2Test: using user set header OK");
} else {
assertTrue(resp.statusCode() == 401, "Expected 401 response");
assertTrue(!sa.wasCalled(), "Expected authenticator not to be called");
System.out.println("h2Test: using user set header with wrong password OK");
}
} finally {
if (h2s != null)
h2s.stop();
if (client != null)
client.close();
if (ex != null)
ex.shutdown();
}
}
static final String data = "0123456789";
static final String data1 = "ABCDEFGHIJKL";
static final String[] proxyResponses = {
"HTTP/1.1 407 Proxy Authentication Required\r\n"+
"Content-Length: 0\r\n" +
"Proxy-Authenticate: Basic realm=\"Access to the proxy\"\r\n\r\n"
,
"HTTP/1.1 200 OK\r\n"+
"Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
"Server: Apache/1.3.14 (Unix)\r\n" +
"Content-Length: " + data.length() + "\r\n\r\n" + data
};
static final String[] proxyWithErrorResponses = {
"HTTP/1.1 407 Proxy Authentication Required\r\n"+
"Content-Length: 0\r\n" +
"Proxy-Authenticate: Basic realm=\"Access to the proxy\"\r\n\r\n"
,
"HTTP/1.1 407 Proxy Authentication Required\r\n"+
"Content-Length: 0\r\n" +
"Proxy-Authenticate: Basic realm=\"Access to the proxy\"\r\n\r\n"
};
static final String[] serverResponses = {
"HTTP/1.1 200 OK\r\n"+
"Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
"Server: Apache/1.3.14 (Unix)\r\n" +
"Content-Length: " + data1.length() + "\r\n\r\n" + data1
};
static final String[] authenticatorResponses = {
"HTTP/1.1 401 Authentication Required\r\n"+
"Content-Length: 0\r\n" +
"WWW-Authenticate: Basic realm=\"Access to the server\"\r\n\r\n"
,
"HTTP/1.1 200 OK\r\n"+
"Date: Mon, 15 Jan 2001 12:18:21 GMT\r\n" +
"Server: Apache/1.3.14 (Unix)\r\n" +
"Content-Length: " + data1.length() + "\r\n\r\n" + data1
};
public static void main(String[] args) throws Exception {
testServerOnly();
testServerWithProxy();
testServerWithProxyError();
testServerOnlyAuthenticator();
h2Test(true, true);
h2Test(false, true);
h2Test(true, false);
}
static void testServerWithProxy() throws IOException, InterruptedException {
Mocker proxyMock = new Mocker(proxyResponses);
proxyMock.start();
ProxyAuth p = new ProxyAuth();
try (var client = HttpClient.newBuilder()
.version(java.net.http.HttpClient.Version.HTTP_1_1)
.proxy(new ProxySel(proxyMock.getPort()))
.authenticator(p)
.build()) {
var plainCreds = "user:pwd";
var encoded = java.util.Base64.getEncoder().encodeToString(plainCreds.getBytes(US_ASCII));
var request = HttpRequest.newBuilder().uri(URI.create("http://127.0.0.1/some_url"))
.setHeader("User-Agent", "myUserAgent")
.setHeader("Authorization", AUTH_PREFIX + encoded)
.build();
var response = client.send(request, HttpResponse.BodyHandlers.ofString());
assertEquals(200, response.statusCode());
assertTrue(p.wasCalled(), "Proxy authenticator was not called");
assertEquals(data, response.body());
var proxyStr = proxyMock.getRequest(1);
assertContains(proxyStr, "/some_url");
assertPattern(".*^Proxy-Authorization:.*Basic " + encoded + ".*", proxyStr);
assertPattern(".*^User-Agent:.*myUserAgent.*", proxyStr);
assertPattern(".*^Authorization:.*Basic.*", proxyStr);
System.out.println("testServerWithProxy: OK");
} finally {
proxyMock.stopMocker();
}
}
static void testServerWithProxyError() throws IOException, InterruptedException {
Mocker proxyMock = new Mocker(proxyWithErrorResponses);
proxyMock.start();
ProxyAuth p = new ProxyAuth();
try (var client = HttpClient.newBuilder()
.version(java.net.http.HttpClient.Version.HTTP_1_1)
.proxy(new ProxySel(proxyMock.getPort()))
.authenticator(p)
.build()) {
var badCreds = "user:wrong";
var encoded1 = java.util.Base64.getEncoder().encodeToString(badCreds.getBytes(US_ASCII));
var request = HttpRequest.newBuilder().uri(URI.create("http://127.0.0.1/some_url"))
.setHeader("User-Agent", "myUserAgent")
.setHeader("Proxy-Authorization", AUTH_PREFIX + encoded1)
.build();
var response = client.send(request, HttpResponse.BodyHandlers.ofString());
var proxyStr = proxyMock.getRequest(0);
assertEquals(407, response.statusCode());
assertPattern(".*^Proxy-Authorization:.*Basic " + encoded1 + ".*", proxyStr);
assertTrue(!p.wasCalled(), "Proxy Auth should not have been called");
System.out.println("testServerWithProxyError: OK");
} finally {
proxyMock.stopMocker();
}
}
static void testServerOnly() throws IOException, InterruptedException {
Mocker serverMock = new Mocker(serverResponses);
serverMock.start();
try (var client = HttpClient.newBuilder()
.version(java.net.http.HttpClient.Version.HTTP_1_1)
.build()) {
var plainCreds = "user:pwd";
var encoded = java.util.Base64.getEncoder().encodeToString(plainCreds.getBytes(US_ASCII));
var request = HttpRequest.newBuilder().uri(URI.create(serverMock.baseURL() + "/some_serv_url"))
.setHeader("User-Agent", "myUserAgent")
.setHeader("Authorization", AUTH_PREFIX + encoded)
.build();
var response = client.send(request, HttpResponse.BodyHandlers.ofString());
assertEquals(200, response.statusCode());
assertEquals(data1, response.body());
var serverStr = serverMock.getRequest(0);
assertContains(serverStr, "/some_serv_url");
assertPattern(".*^User-Agent:.*myUserAgent.*", serverStr);
assertPattern(".*^Authorization:.*Basic " + encoded + ".*", serverStr);
System.out.println("testServerOnly: OK");
} finally {
serverMock.stopMocker();
}
}
// This is effectively a regression test for existing behavior
static void testServerOnlyAuthenticator() throws IOException, InterruptedException {
Mocker serverMock = new Mocker(authenticatorResponses);
serverMock.start();
try (var client = HttpClient.newBuilder()
.version(java.net.http.HttpClient.Version.HTTP_1_1)
.authenticator(new ServerAuth())
.build()) {
// credentials set in the server authenticator
var plainCreds = "serverUser:serverPwd";
var encoded = java.util.Base64.getEncoder().encodeToString(plainCreds.getBytes(US_ASCII));
var request = HttpRequest.newBuilder().uri(URI.create(serverMock.baseURL() + "/some_serv_url"))
.setHeader("User-Agent", "myUserAgent")
.build();
var response = client.send(request, HttpResponse.BodyHandlers.ofString());
assertEquals(200, response.statusCode());
assertEquals(data1, response.body());
var serverStr = serverMock.getRequest(1);
assertContains(serverStr, "/some_serv_url");
assertPattern(".*^User-Agent:.*myUserAgent.*", serverStr);
assertPattern(".*^Authorization:.*Basic " + encoded + ".*", serverStr);
System.out.println("testServerOnlyAuthenticator: OK");
} finally {
serverMock.stopMocker();
}
}
static void close(Closeable... clarray) {
for (Closeable c : clarray) {
try {
c.close();
} catch (Exception e) {}
}
}
static class Mocker extends Thread {
final ServerSocket ss;
final String[] responses;
volatile List<String> requests;
volatile InputStream in;
volatile OutputStream out;
volatile Socket s = null;
public Mocker(String[] responses) throws IOException {
this.ss = new ServerSocket(0, 0, InetAddress.getLoopbackAddress());
this.responses = responses;
this.requests = new LinkedList<>();
}
public void stopMocker() {
close(ss, s, in, out);
}
public int getPort() {
return ss.getLocalPort();
}
public String baseURL() {
try {
return URIBuilder.newBuilder()
.scheme("http")
.loopback()
.port(getPort())
.build()
.toString();
} catch (URISyntaxException e) {
throw new RuntimeException(e);
}
}
private String readRequest() throws IOException {
String req = "";
while (!req.endsWith("\r\n\r\n")) {
int x = in.read();
if (x == -1) {
s.close();
s = ss.accept();
in = s.getInputStream();
out = s.getOutputStream();
}
req += (char)x;
}
return req;
}
public String getRequest(int i) {
return requests.get(i);
}
public void run() {
try {
int index=0;
s = ss.accept();
in = s.getInputStream();
out = s.getOutputStream();
while (index < responses.length) {
requests.add(readRequest());
out.write(responses[index++].getBytes(US_ASCII));
}
} catch (Exception e) {
e.printStackTrace();
}
}
}
static class ProxySel extends ProxySelector {
final int port;
ProxySel(int port) {
this.port = port;
}
@Override
public List<Proxy> select(URI uri) {
return List.of(new Proxy(Proxy.Type.HTTP, new InetSocketAddress(
InetAddress.getLoopbackAddress(), port)));
}
@Override
public void connectFailed(URI uri, SocketAddress sa, IOException ioe) {}
}
static class ProxyAuth extends Authenticator {
private volatile boolean called = false;
@Override
protected PasswordAuthentication getPasswordAuthentication() {
called = true;
return new PasswordAuthentication("proxyUser", "proxyPwd".toCharArray());
}
boolean wasCalled() {
return called;
}
}
static class ServerAuth extends Authenticator {
private volatile boolean called = false;
private static String USER = "serverUser";
private static String PASS = "serverPwd";
@Override
protected PasswordAuthentication getPasswordAuthentication() {
called = true;
if (getRequestorType() != RequestorType.SERVER) {
// We only want to handle server authentication here
return null;
}
return new PasswordAuthentication(USER, PASS.toCharArray());
}
String authValue() {
var plainCreds = USER + ":" + PASS;
return java.util.Base64.getEncoder().encodeToString(plainCreds.getBytes(US_ASCII));
}
boolean wasCalled() {
return called;
}
}
static void assertTrue(boolean assertion, String failMsg) {
if (!assertion) {
throw new RuntimeException(failMsg);
}
}
static void assertEquals(int a, int b) {
if (a != b) {
String msg = String.format("Error: expected %d Got %d", a, b);
throw new RuntimeException(msg);
}
}
static void assertEquals(String s1, String s2) {
if (!s1.equals(s2)) {
String msg = String.format("Error: expected %s Got %s", s1, s2);
throw new RuntimeException(msg);
}
}
static void assertContains(String container, String containee) {
if (!container.contains(containee)) {
String msg = String.format("Error: expected %s Got %s", container, containee);
throw new RuntimeException(msg);
}
}
static void assertPattern(String pattern, String candidate) {
Pattern pat = Pattern.compile(pattern, Pattern.DOTALL | Pattern.MULTILINE);
Matcher matcher = pat.matcher(candidate);
if (!matcher.matches()) {
String msg = String.format("Error: expected %s Got %s", pattern, candidate);
throw new RuntimeException(msg);
}
}
}