/*
* Licensed to the Apache Software Foundation (ASF) under one
* or more contributor license agreements. See the NOTICE file
* distributed with this work for additional information
* regarding copyright ownership. The ASF licenses this file
* to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing,
* software distributed under the License is distributed on an
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
* KIND, either express or implied. See the License for the
* specific language governing permissions and limitations
* under the License.
*
*/
package org.apache.mina.proxy.handlers.http;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.apache.mina.core.filterchain.IoFilter.NextFilter;
import org.apache.mina.proxy.ProxyAuthException;
import org.apache.mina.proxy.session.ProxyIoSession;
import org.apache.mina.proxy.utils.StringUtilities;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* HttpSmartProxyHandler.java - HTTP proxy handler that automatically handles forwarding a request
* to the appropriate authentication mechanism logic handler.
*
* @author <a href="http://mina.apache.org">Apache MINA Project</a>
* @since MINA 2.0.0-M3
*/
public class HttpSmartProxyHandler extends AbstractHttpLogicHandler {
private final static Logger logger = LoggerFactory.getLogger(HttpSmartProxyHandler.class);
/**
* Has the HTTP proxy request been sent ?
*/
private boolean requestSent = false;
/**
* The automatically selected http authentication logic handler.
*/
private AbstractAuthLogicHandler authHandler;
public HttpSmartProxyHandler(final ProxyIoSession proxyIoSession) {
super(proxyIoSession);
}
/**
* Performs the handshake processing.
*
* @param nextFilter the next filter
*/
public void doHandshake(final NextFilter nextFilter) throws ProxyAuthException {
logger.debug(" doHandshake()");
if (authHandler != null) {
authHandler.doHandshake(nextFilter);
} else {
if (requestSent) {
// Safety check
throw new ProxyAuthException("Authentication request already sent");
}
logger.debug(" sending HTTP request");
// Compute request headers
HttpProxyRequest req = (HttpProxyRequest) getProxyIoSession().getRequest();
Map<String, List<String>> headers = req.getHeaders() != null ? req.getHeaders()
: new HashMap<String, List<String>>();
AbstractAuthLogicHandler.addKeepAliveHeaders(headers);
req.setHeaders(headers);
// Write request to the proxy
writeRequest(nextFilter, req);
requestSent = true;
}
}
/**
* Automatic selection of the authentication algorithm. If <code>preferedOrder</code> is set then
* algorithms are selected from the list order otherwise the algorithm tries to select the most
* secured algorithm available first.
*
* @param response the proxy response
*/
private void autoSelectAuthHandler(final HttpProxyResponse response) throws ProxyAuthException {
// Get the Proxy-Authenticate header
List<String> values = response.getHeaders().get("Proxy-Authenticate");
ProxyIoSession proxyIoSession = getProxyIoSession();
if (values == null || values.size() == 0) {
authHandler = HttpAuthenticationMethods.NO_AUTH.getNewHandler(proxyIoSession);
} else if (getProxyIoSession().getPreferedOrder() == null) {
// No preference order set for auth mechanisms
int method = -1;
// Test which auth mechanism to use. First found is the first used
// that's why we test in a decreasing security quality order.
for (String proxyAuthHeader : values) {
proxyAuthHeader = proxyAuthHeader.toLowerCase();
if (proxyAuthHeader.contains("ntlm")) {
method = HttpAuthenticationMethods.NTLM.getId();
break;
} else if (proxyAuthHeader.contains("digest") && method != HttpAuthenticationMethods.NTLM.getId()) {
method = HttpAuthenticationMethods.DIGEST.getId();
} else if (proxyAuthHeader.contains("basic") && method == -1) {
method = HttpAuthenticationMethods.BASIC.getId();
}
}
if (method != -1) {
try {
authHandler = HttpAuthenticationMethods.getNewHandler(method, proxyIoSession);
} catch (Exception ex) {
logger.debug("Following exception occured:", ex);
}
}
if (authHandler == null) {
authHandler = HttpAuthenticationMethods.NO_AUTH.getNewHandler(proxyIoSession);
}
} else {
for (HttpAuthenticationMethods method : proxyIoSession.getPreferedOrder()) {
if (authHandler != null) {
break;
}
if (method == HttpAuthenticationMethods.NO_AUTH) {
authHandler = HttpAuthenticationMethods.NO_AUTH.getNewHandler(proxyIoSession);
break;
}
for (String proxyAuthHeader : values) {
proxyAuthHeader = proxyAuthHeader.toLowerCase();
try {
// test which auth mechanism to use
if (proxyAuthHeader.contains("basic") && method == HttpAuthenticationMethods.BASIC) {
authHandler = HttpAuthenticationMethods.BASIC.getNewHandler(proxyIoSession);
break;
} else if (proxyAuthHeader.contains("digest") && method == HttpAuthenticationMethods.DIGEST) {
authHandler = HttpAuthenticationMethods.DIGEST.getNewHandler(proxyIoSession);
break;
} else if (proxyAuthHeader.contains("ntlm") && method == HttpAuthenticationMethods.NTLM) {
authHandler = HttpAuthenticationMethods.NTLM.getNewHandler(proxyIoSession);
break;
}
} catch (Exception ex) {
logger.debug("Following exception occured:", ex);
}
}
}
}
if (authHandler == null) {
throw new ProxyAuthException("Unknown authentication mechanism(s): " + values);
}
}
/**
* Handle a HTTP response from the proxy server.
*
* @param response The proxy response.
*/
@Override
public void handleResponse(final HttpProxyResponse response) throws ProxyAuthException {
if (!isHandshakeComplete()
&& ("close".equalsIgnoreCase(StringUtilities.getSingleValuedHeader(response.getHeaders(),
"Proxy-Connection")) || "close".equalsIgnoreCase(StringUtilities.getSingleValuedHeader(
response.getHeaders(), "Connection")))) {
getProxyIoSession().setReconnectionNeeded(true);
}
if (response.getStatusCode() == 407) {
if (authHandler == null) {
autoSelectAuthHandler(response);
}
authHandler.handleResponse(response);
} else {
throw new ProxyAuthException("Error: unexpected response code " + response.getStatusLine()
+ " received from proxy.");
}
}
}