@SuppressWarnings("unchecked")
@Override
public NextAction handleEvent(final FilterChainContext ctx, final FilterChainEvent event)
throws IOException {
final Object type = event.type();
if (type == ContinueEvent.class) {
final ContinueEvent continueEvent = (ContinueEvent) event;
((ExpectHandler) continueEvent.getContext().getBodyHandler()).finish(ctx);
} else if (type == TunnelRequestEvent.class) {
// Disable SSL for the time being...
ctx.notifyDownstream(new SSLSwitchingEvent(false, ctx.getConnection()));
ctx.suspend();
TunnelRequestEvent tunnelRequestEvent = (TunnelRequestEvent) event;
final ProxyServer proxyServer = tunnelRequestEvent.getProxyServer();
final URI requestUri = tunnelRequestEvent.getUri();
RequestBuilder builder = new RequestBuilder();
builder.setMethod(Method.CONNECT.getMethodString());
builder.setUrl("http://" + getAuthority(requestUri));
Request request = builder.build();
AsyncHandler handler =
new AsyncCompletionHandler() {
@Override
public Object onCompleted(Response response) throws Exception {
if (response.getStatusCode() != 200) {
PROXY_AUTH_FAILURE.set(ctx.getConnection(), Boolean.TRUE);
}
ctx.notifyDownstream(new SSLSwitchingEvent(true, ctx.getConnection()));
ctx.notifyDownstream(event);
return response;
}
};
final GrizzlyResponseFuture future =
new GrizzlyResponseFuture(grizzlyAsyncHttpProvider, request, handler, proxyServer);
future.setDelegate(SafeFutureImpl.create());
grizzlyAsyncHttpProvider.execute(
ctx.getConnection(), request, handler, future, HttpTxContext.get(ctx));
return ctx.getSuspendAction();
}
return ctx.getStopAction();
}
Request buildRequest() {
RequestBuilder builder = new RequestBuilder(method);
builder.setUrl(url);
builder.setQueryParams(new FluentStringsMap(queryParameters));
builder.setHeaders(headers);
if (body == null) {
// do nothing
} else if (body instanceof String) {
String stringBody = ((String) body);
FluentCaseInsensitiveStringsMap headers = new FluentCaseInsensitiveStringsMap(this.headers);
// Detect and maybe add charset
String contentType = headers.getFirstValue(HttpHeaders.Names.CONTENT_TYPE);
if (contentType == null) {
contentType = "text/plain";
}
Charset charset = HttpUtils.parseCharset(contentType);
if (charset == null) {
charset = StandardCharsets.UTF_8;
List<String> contentTypeList = new ArrayList<String>();
contentTypeList.add(contentType + "; charset=utf-8");
headers.replace(HttpHeaders.Names.CONTENT_TYPE, contentTypeList);
}
byte[] bodyBytes;
bodyBytes = stringBody.getBytes(charset);
// If using a POST with OAuth signing, the builder looks at
// getFormParams() rather than getBody() and constructs the signature
// based on the form params.
if (contentType.equals(HttpHeaders.Values.APPLICATION_X_WWW_FORM_URLENCODED)) {
Map<String, List<String>> stringListMap =
FormUrlEncodedParser.parseAsJava(stringBody, "utf-8");
for (String key : stringListMap.keySet()) {
List<String> values = stringListMap.get(key);
for (String value : values) {
builder.addFormParam(key, value);
}
}
} else {
builder.setBody(stringBody);
}
builder.setHeaders(headers);
builder.setBodyCharset(charset);
} else if (body instanceof JsonNode) {
JsonNode jsonBody = (JsonNode) body;
FluentCaseInsensitiveStringsMap headers = new FluentCaseInsensitiveStringsMap(this.headers);
List<String> contentType = new ArrayList<String>();
contentType.add("application/json; charset=utf-8");
headers.replace(HttpHeaders.Names.CONTENT_TYPE, contentType);
String bodyStr = Json.stringify(jsonBody);
byte[] bodyBytes;
try {
bodyBytes = bodyStr.getBytes("utf-8");
} catch (UnsupportedEncodingException e) {
throw new RuntimeException(e);
}
builder.setBody(bodyStr);
builder.setHeaders(headers);
builder.setBodyCharset(StandardCharsets.UTF_8);
} else if (body instanceof File) {
File fileBody = (File) body;
FileBodyGenerator bodyGenerator = new FileBodyGenerator(fileBody);
builder.setBody(bodyGenerator);
} else if (body instanceof InputStream) {
InputStream inputStreamBody = (InputStream) body;
InputStreamBodyGenerator bodyGenerator = new InputStreamBodyGenerator(inputStreamBody);
builder.setBody(bodyGenerator);
} else if (body instanceof Source) {
Source<ByteString, ?> sourceBody = (Source<ByteString, ?>) body;
Publisher<ByteBuffer> publisher =
sourceBody.map(ByteString::toByteBuffer).runWith(Sink.asPublisher(false), materializer);
builder.setBody(publisher);
} else {
throw new IllegalStateException("Impossible body: " + body);
}
if (this.timeout == -1 || this.timeout > 0) {
builder.setRequestTimeout(this.timeout);
}
if (this.followRedirects != null) {
builder.setFollowRedirect(this.followRedirects);
}
if (this.virtualHost != null) {
builder.setVirtualHost(this.virtualHost);
}
if (this.username != null && this.password != null && this.scheme != null) {
builder.setRealm(auth(this.username, this.password, this.scheme));
}
if (this.calculator != null) {
if (this.calculator instanceof OAuth.OAuthCalculator) {
OAuthSignatureCalculator calc = ((OAuth.OAuthCalculator) this.calculator).getCalculator();
builder.setSignatureCalculator(calc);
} else {
throw new IllegalStateException("Use OAuth.OAuthCalculator");
}
}
return builder.build();
}
private boolean exitAfterHandling407( //
Channel channel, //
NettyResponseFuture<?> future, //
HttpResponse response, //
Request request, //
int statusCode, //
ProxyServer proxyServer, //
HttpRequest httpRequest) {
if (future.getInProxyAuth().getAndSet(true)) {
logger.info("Can't handle 407 as auth was already performed");
return false;
}
Realm proxyRealm = future.getProxyRealm();
if (proxyRealm == null) {
logger.info("Can't handle 407 as there's no proxyRealm");
return false;
}
List<String> proxyAuthHeaders = response.headers().getAll(HttpHeaders.Names.PROXY_AUTHENTICATE);
if (proxyAuthHeaders.isEmpty()) {
logger.info("Can't handle 407 as response doesn't contain Proxy-Authenticate headers");
return false;
}
// FIXME what's this???
future.setChannelState(ChannelState.NEW);
HttpHeaders requestHeaders = new DefaultHttpHeaders(false).add(request.getHeaders());
switch (proxyRealm.getScheme()) {
case BASIC:
if (getHeaderWithPrefix(proxyAuthHeaders, "Basic") == null) {
logger.info(
"Can't handle 407 with Basic realm as Proxy-Authenticate headers don't match");
return false;
}
if (proxyRealm.isUsePreemptiveAuth()) {
// FIXME do we need this, as future.getAndSetAuth
// was tested above?
// auth was already performed, most likely auth
// failed
logger.info(
"Can't handle 407 with Basic realm as auth was preemptive and already performed");
return false;
}
// FIXME do we want to update the realm, or directly
// set the header?
Realm newBasicRealm =
realm(proxyRealm) //
.setUsePreemptiveAuth(true) //
.build();
future.setProxyRealm(newBasicRealm);
break;
case DIGEST:
String digestHeader = getHeaderWithPrefix(proxyAuthHeaders, "Digest");
if (digestHeader == null) {
logger.info(
"Can't handle 407 with Digest realm as Proxy-Authenticate headers don't match");
return false;
}
Realm newDigestRealm =
realm(proxyRealm) //
.setUri(request.getUri()) //
.setMethodName(request.getMethod()) //
.setUsePreemptiveAuth(true) //
.parseProxyAuthenticateHeader(digestHeader) //
.build();
future.setProxyRealm(newDigestRealm);
break;
case NTLM:
String ntlmHeader = getHeaderWithPrefix(proxyAuthHeaders, "NTLM");
if (ntlmHeader == null) {
logger.info("Can't handle 407 with NTLM realm as Proxy-Authenticate headers don't match");
return false;
}
ntlmProxyChallenge(ntlmHeader, request, proxyRealm, requestHeaders, future);
Realm newNtlmRealm =
realm(proxyRealm) //
.setUsePreemptiveAuth(true) //
.build();
future.setProxyRealm(newNtlmRealm);
break;
case KERBEROS:
case SPNEGO:
if (getHeaderWithPrefix(proxyAuthHeaders, "Negociate") == null) {
logger.info(
"Can't handle 407 with Kerberos or Spnego realm as Proxy-Authenticate headers don't match");
return false;
}
try {
kerberosProxyChallenge(
channel, proxyAuthHeaders, request, proxyServer, proxyRealm, requestHeaders, future);
} catch (SpnegoEngineException e) {
// FIXME
String ntlmHeader2 = getHeaderWithPrefix(proxyAuthHeaders, "NTLM");
if (ntlmHeader2 != null) {
logger.warn("Kerberos/Spnego proxy auth failed, proceeding with NTLM");
ntlmChallenge(ntlmHeader2, request, requestHeaders, proxyRealm, future);
Realm newNtlmRealm2 =
realm(proxyRealm) //
.setScheme(AuthScheme.NTLM) //
.setUsePreemptiveAuth(true) //
.build();
future.setProxyRealm(newNtlmRealm2);
} else {
requestSender.abort(channel, future, e);
return false;
}
}
break;
default:
throw new IllegalStateException("Invalid Authentication scheme " + proxyRealm.getScheme());
}
RequestBuilder nextRequestBuilder =
new RequestBuilder(future.getCurrentRequest()).setHeaders(requestHeaders);
if (future.getCurrentRequest().getUri().isSecured()) {
nextRequestBuilder.setMethod(CONNECT);
}
final Request nextRequest = nextRequestBuilder.build();
logger.debug("Sending proxy authentication to {}", request.getUri());
if (future.isKeepAlive() //
&& HttpHeaders.isKeepAlive(httpRequest) //
&& HttpHeaders.isKeepAlive(response) //
// support broken Proxy-Connection
&& !response.headers().contains("Proxy-Connection", HttpHeaders.Values.CLOSE, true) //
&& !HttpHeaders.isTransferEncodingChunked(httpRequest) //
&& !HttpHeaders.isTransferEncodingChunked(response)) {
future.setConnectAllowed(true);
future.setReuseChannel(true);
requestSender.drainChannelAndExecuteNextRequest(channel, future, nextRequest);
} else {
channelManager.closeChannel(channel);
requestSender.sendNextRequest(nextRequest, future);
}
return true;
}
protected boolean exitAfterHandlingRedirect( //
Channel channel, //
NettyResponseFuture<?> future, //
HttpResponse response, //
Request request, //
int statusCode)
throws Exception {
if (followRedirect(config, request) && REDIRECT_STATUSES.contains(statusCode)) {
if (future.incrementAndGetCurrentRedirectCount() >= config.getMaxRedirects()) {
throw new MaxRedirectException("Maximum redirect reached: " + config.getMaxRedirects());
} else {
// We must allow 401 handling again.
future.getAndSetAuth(false);
HttpHeaders responseHeaders = response.headers();
String location = responseHeaders.get(HttpHeaders.Names.LOCATION);
Uri uri = Uri.create(future.getUri(), location);
if (!uri.equals(future.getUri())) {
final RequestBuilder requestBuilder = new RequestBuilder(future.getRequest());
if (!config.isRemoveQueryParamOnRedirect())
requestBuilder.addQueryParams(future.getRequest().getQueryParams());
// if we are to strictly handle 302, we should keep the original method (which browsers
// don't)
// 303 must force GET
if ((statusCode == FOUND.code() && !config.isStrict302Handling())
|| statusCode == SEE_OTHER.code()) requestBuilder.setMethod("GET");
// in case of a redirect from HTTP to HTTPS, future attributes might change
final boolean initialConnectionKeepAlive = future.isKeepAlive();
final String initialPoolKey = channelManager.getPartitionId(future);
future.setUri(uri);
String newUrl = uri.toUrl();
if (request.getUri().getScheme().startsWith(WEBSOCKET)) {
newUrl = newUrl.replaceFirst(HTTP, WEBSOCKET);
}
logger.debug("Redirecting to {}", newUrl);
for (String cookieStr : responseHeaders.getAll(HttpHeaders.Names.SET_COOKIE)) {
Cookie c = CookieDecoder.decode(cookieStr, timeConverter);
if (c != null) requestBuilder.addOrReplaceCookie(c);
}
Callback callback =
channelManager.newDrainCallback(
future, channel, initialConnectionKeepAlive, initialPoolKey);
if (HttpHeaders.isTransferEncodingChunked(response)) {
// We must make sure there is no bytes left before
// executing the next request.
// FIXME investigate this
Channels.setAttribute(channel, callback);
} else {
// FIXME don't understand: this offers the connection to the pool, or even closes it,
// while the
// request has not been sent, right?
callback.call();
}
Request redirectRequest = requestBuilder.setUrl(newUrl).build();
// FIXME why not reuse the channel is same host?
requestSender.sendNextRequest(redirectRequest, future);
return true;
}
}
}
return false;
}