1 /* 2 * Copyright (c) 2016, Oracle and/or its affiliates. All rights reserved. 3 * DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS FILE HEADER. 4 * 5 * This code is free software; you can redistribute it and/or modify it 6 * under the terms of the GNU General Public License version 2 only, as 7 * published by the Free Software Foundation. Oracle designates this 8 * particular file as subject to the "Classpath" exception as provided 9 * by Oracle in the LICENSE file that accompanied this code. 10 * 11 * This code is distributed in the hope that it will be useful, but WITHOUT 12 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or 13 * FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License 14 * version 2 for more details (a copy is included in the LICENSE file that 15 * accompanied this code). 16 * 17 * You should have received a copy of the GNU General Public License version 18 * 2 along with this work; if not, write to the Free Software Foundation, 19 * Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA. 20 * 21 * Please contact Oracle, 500 Oracle Parkway, Redwood Shores, CA 94065 USA 22 * or visit www.oracle.com if you need additional information or have any 23 */ 24 25 /* 26 * @test 27 * @bug 8163561 28 * @modules java.base/sun.net.www 29 * java.httpclient 30 * @summary Verify that Proxy-Authenticate header is correctly handled 31 * 32 * @run main/othervm ProxyAuthTest 33 */ 34 35 import java.io.BufferedWriter; 36 import java.io.IOException; 37 import java.io.InputStream; 38 import java.io.OutputStream; 39 import java.io.OutputStreamWriter; 40 import java.io.PrintWriter; 41 import java.net.Authenticator; 42 import java.net.InetSocketAddress; 43 import java.net.PasswordAuthentication; 44 import java.net.ProxySelector; 45 import java.net.ServerSocket; 46 import java.net.Socket; 47 import java.net.URI; 48 import java.net.http.HttpClient; 49 import java.net.http.HttpResponse; 50 import java.util.Base64; 51 52 import sun.net.www.MessageHeader; 53 54 public class ProxyAuthTest { 55 private static final String AUTH_USER = "user"; 56 private static final String AUTH_PASSWORD = "password"; 57 58 public static void main(String[] args) throws Exception { 59 try (ServerSocket ss = new ServerSocket(0)) { 60 int port = ss.getLocalPort(); 61 MyProxy proxy = new MyProxy(ss); 62 (new Thread(proxy)).start(); 63 System.out.println("Proxy listening port " + port); 64 65 Auth auth = new Auth(); 66 InetSocketAddress paddr = new InetSocketAddress("localhost", port); 67 68 URI uri = new URI("http://www.google.ie/"); 69 HttpClient client = HttpClient.create() 70 .proxy(ProxySelector.of(paddr)) 71 .authenticator(auth) 72 .build(); 73 HttpResponse resp = client.request(uri) 74 .GET() 75 .responseAsync() 76 .get(); 77 if (resp.statusCode() != 404) { 78 throw new RuntimeException("Unexpected status code: " + resp.statusCode()); 79 } 80 81 if (auth.isCalled) { 82 System.out.println("Authenticator is called"); 83 } else { 84 throw new RuntimeException("Authenticator is not called"); 85 } 86 87 if (!proxy.matched) { 88 throw new RuntimeException("Proxy authentication failed"); 89 } 90 } 91 } 92 93 static class Auth extends Authenticator { 94 private volatile boolean isCalled; 95 96 @Override 97 protected PasswordAuthentication getPasswordAuthentication() { 98 System.out.println("scheme: " + this.getRequestingScheme()); 99 isCalled = true; 100 return new PasswordAuthentication(AUTH_USER, 101 AUTH_PASSWORD.toCharArray()); 102 } 103 } 104 105 static class MyProxy implements Runnable { 106 final ServerSocket ss; 107 private volatile boolean matched; 108 109 MyProxy(ServerSocket ss) { 110 this.ss = ss; 111 } 112 113 public void run() { 114 for (int i = 0; i < 2; i++) { 115 try (Socket s = ss.accept(); 116 InputStream in = s.getInputStream(); 117 OutputStream os = s.getOutputStream(); 118 BufferedWriter writer = new BufferedWriter( 119 new OutputStreamWriter(os)); 120 PrintWriter out = new PrintWriter(writer);) { 121 MessageHeader headers = new MessageHeader(in); 122 System.out.println("Proxy: received " + headers); 123 124 String authInfo = headers 125 .findValue("Proxy-Authorization"); 126 if (authInfo != null) { 127 authenticate(authInfo); 128 out.print("HTTP/1.1 404 Not found\r\n"); 129 out.print("\r\n"); 130 System.out.println("Proxy: 404"); 131 out.flush(); 132 } else { 133 out.print("HTTP/1.1 407 Proxy Authorization Required\r\n"); 134 out.print( 135 "Proxy-Authenticate: Basic realm=\"a fake realm\"\r\n"); 136 out.print("\r\n"); 137 System.out.println("Proxy: Authorization required"); 138 out.flush(); 139 } 140 } catch (IOException x) { 141 System.err.println("Unexpected IOException from proxy."); 142 x.printStackTrace(); 143 break; 144 } 145 } 146 } 147 148 private void authenticate(String authInfo) throws IOException { 149 try { 150 authInfo.trim(); 151 int ind = authInfo.indexOf(' '); 152 String recvdUserPlusPass = authInfo.substring(ind + 1).trim(); 153 // extract encoded username:passwd 154 String value = new String( 155 Base64.getMimeDecoder().decode(recvdUserPlusPass)); 156 String userPlusPassword = AUTH_USER + ":" + AUTH_PASSWORD; 157 if (userPlusPassword.equals(value)) { 158 matched = true; 159 System.out.println("Proxy: client authentication successful"); 160 } else { 161 System.err.println( 162 "Proxy: client authentication failed, expected [" 163 + userPlusPassword + "], actual [" + value 164 + "]"); 165 } 166 } catch (Exception e) { 167 throw new IOException( 168 "Proxy received invalid Proxy-Authorization value: " 169 + authInfo); 170 } 171 } 172 } 173 174 } 175