/// <exception cref="System.IO.IOException"></exception>
        public virtual void Connect(HttpClientConnection conn, HttpRoute route, int connectTimeout
                                    , HttpContext context)
        {
            Args.NotNull(conn, "Connection");
            Args.NotNull(route, "HTTP route");
            Asserts.Check(conn == this.conn, "Connection not obtained from this manager");
            HttpHost host;

            if (route.GetProxyHost() != null)
            {
                host = route.GetProxyHost();
            }
            else
            {
                host = route.GetTargetHost();
            }
            IPEndPoint localAddress = route.GetLocalSocketAddress();

            this.connectionOperator.Connect(this.conn, host, localAddress, connectTimeout, this
                                            .socketConfig, context);
        }
Exemplo n.º 2
0
 /// <exception cref="Apache.Http.ProtocolException"></exception>
 internal virtual void RewriteRequestURI(HttpRequestWrapper request, HttpRoute route
                                         )
 {
     try
     {
         URI uri = request.GetURI();
         if (uri != null)
         {
             if (route.GetProxyHost() != null && !route.IsTunnelled())
             {
                 // Make sure the request URI is absolute
                 if (!uri.IsAbsolute())
                 {
                     HttpHost target = route.GetTargetHost();
                     uri = URIUtils.RewriteURI(uri, target, true);
                 }
                 else
                 {
                     uri = URIUtils.RewriteURI(uri);
                 }
             }
             else
             {
                 // Make sure the request URI is relative
                 if (uri.IsAbsolute())
                 {
                     uri = URIUtils.RewriteURI(uri, null, true);
                 }
                 else
                 {
                     uri = URIUtils.RewriteURI(uri);
                 }
             }
             request.SetURI(uri);
         }
     }
     catch (URISyntaxException ex)
     {
         throw new ProtocolException("Invalid URI: " + request.GetRequestLine().GetUri(),
                                     ex);
     }
 }
Exemplo n.º 3
0
        private bool NeedAuthentication(AuthState targetAuthState, AuthState proxyAuthState
                                        , HttpRoute route, HttpResponse response, HttpClientContext context)
        {
            RequestConfig config = context.GetRequestConfig();

            if (config.IsAuthenticationEnabled())
            {
                HttpHost target = context.GetTargetHost();
                if (target == null)
                {
                    target = route.GetTargetHost();
                }
                if (target.GetPort() < 0)
                {
                    target = new HttpHost(target.GetHostName(), route.GetTargetHost().GetPort(), target
                                          .GetSchemeName());
                }
                if (this.authenticator.IsAuthenticationRequested(target, response, this.targetAuthStrategy
                                                                 , targetAuthState, context))
                {
                    return(this.authenticator.HandleAuthChallenge(target, response, this.targetAuthStrategy
                                                                  , targetAuthState, context));
                }
                HttpHost proxy = route.GetProxyHost();
                if (this.authenticator.IsAuthenticationRequested(proxy, response, this.proxyAuthStrategy
                                                                 , proxyAuthState, context))
                {
                    // if proxy is not set use target host instead
                    if (proxy == null)
                    {
                        proxy = route.GetTargetHost();
                    }
                    return(this.authenticator.HandleAuthChallenge(proxy, response, this.proxyAuthStrategy
                                                                  , proxyAuthState, context));
                }
            }
            return(false);
        }
Exemplo n.º 4
0
        /// <exception cref="Apache.Http.Auth.AuthenticationException"></exception>
        public override Header Authenticate(Credentials credentials, IHttpRequest request
                                            , HttpContext context)
        {
            Args.NotNull(request, "HTTP request");
            switch (state)
            {
            case GGSSchemeBase.State.Uninitiated:
            {
                throw new AuthenticationException(GetSchemeName() + " authentication has not been initiated"
                                                  );
            }

            case GGSSchemeBase.State.Failed:
            {
                throw new AuthenticationException(GetSchemeName() + " authentication has failed");
            }

            case GGSSchemeBase.State.ChallengeReceived:
            {
                try
                {
                    HttpRoute route = (HttpRoute)context.GetAttribute(HttpClientContext.HttpRoute);
                    if (route == null)
                    {
                        throw new AuthenticationException("Connection route is not available");
                    }
                    HttpHost host;
                    if (IsProxy())
                    {
                        host = route.GetProxyHost();
                        if (host == null)
                        {
                            host = route.GetTargetHost();
                        }
                    }
                    else
                    {
                        host = route.GetTargetHost();
                    }
                    string authServer;
                    if (!this.stripPort && host.GetPort() > 0)
                    {
                        authServer = host.ToHostString();
                    }
                    else
                    {
                        authServer = host.GetHostName();
                    }
                    if (log.IsDebugEnabled())
                    {
                        log.Debug("init " + authServer);
                    }
                    token = GenerateToken(token, authServer);
                    state = GGSSchemeBase.State.TokenGenerated;
                }
                catch (GSSException gsse)
                {
                    state = GGSSchemeBase.State.Failed;
                    if (gsse.GetMajor() == GSSException.DefectiveCredential || gsse.GetMajor() == GSSException
                        .CredentialsExpired)
                    {
                        throw new InvalidCredentialsException(gsse.Message, gsse);
                    }
                    if (gsse.GetMajor() == GSSException.NoCred)
                    {
                        throw new InvalidCredentialsException(gsse.Message, gsse);
                    }
                    if (gsse.GetMajor() == GSSException.DefectiveToken || gsse.GetMajor() == GSSException
                        .DuplicateToken || gsse.GetMajor() == GSSException.OldToken)
                    {
                        throw new AuthenticationException(gsse.Message, gsse);
                    }
                    // other error
                    throw new AuthenticationException(gsse.Message);
                }
                goto case GGSSchemeBase.State.TokenGenerated;
            }

            case GGSSchemeBase.State.TokenGenerated:
            {
                string tokenstr = Sharpen.Runtime.GetStringForBytes(base64codec.Encode(token));
                if (log.IsDebugEnabled())
                {
                    log.Debug("Sending response '" + tokenstr + "' back to the auth server");
                }
                CharArrayBuffer buffer = new CharArrayBuffer(32);
                if (IsProxy())
                {
                    buffer.Append(AUTH.ProxyAuthResp);
                }
                else
                {
                    buffer.Append(AUTH.WwwAuthResp);
                }
                buffer.Append(": Negotiate ");
                buffer.Append(tokenstr);
                return(new BufferedHeader(buffer));
            }

            default:
            {
                throw new InvalidOperationException("Illegal state: " + state);
            }
            }
        }
Exemplo n.º 5
0
        /// <summary>Creates a tunnel to the target server.</summary>
        /// <remarks>
        /// Creates a tunnel to the target server.
        /// The connection must be established to the (last) proxy.
        /// A CONNECT request for tunnelling through the proxy will
        /// be created and sent, the response received and checked.
        /// This method does <i>not</i> update the connection with
        /// information about the tunnel, that is left to the caller.
        /// </remarks>
        /// <exception cref="Apache.Http.HttpException"></exception>
        /// <exception cref="System.IO.IOException"></exception>
        private bool CreateTunnelToTarget(AuthState proxyAuthState, HttpClientConnection
                                          managedConn, HttpRoute route, IHttpRequest request, HttpClientContext context)
        {
            RequestConfig config  = context.GetRequestConfig();
            int           timeout = config.GetConnectTimeout();
            HttpHost      target  = route.GetTargetHost();
            HttpHost      proxy   = route.GetProxyHost();
            HttpResponse  response;
            string        authority = target.ToHostString();
            IHttpRequest  connect   = new BasicHttpRequest("CONNECT", authority, request.GetProtocolVersion
                                                               ());

            this.requestExecutor.PreProcess(connect, this.proxyHttpProcessor, context);
            for (; ;)
            {
                if (!managedConn.IsOpen())
                {
                    this.connManager.Connect(managedConn, route, timeout > 0 ? timeout : 0, context);
                }
                connect.RemoveHeaders(AUTH.ProxyAuthResp);
                this.authenticator.GenerateAuthResponse(connect, proxyAuthState, context);
                response = this.requestExecutor.Execute(connect, managedConn, context);
                int status = response.GetStatusLine().GetStatusCode();
                if (status < 200)
                {
                    throw new HttpException("Unexpected response to CONNECT request: " + response.GetStatusLine
                                                ());
                }
                if (config.IsAuthenticationEnabled())
                {
                    if (this.authenticator.IsAuthenticationRequested(proxy, response, this.proxyAuthStrategy
                                                                     , proxyAuthState, context))
                    {
                        if (this.authenticator.HandleAuthChallenge(proxy, response, this.proxyAuthStrategy
                                                                   , proxyAuthState, context))
                        {
                            // Retry request
                            if (this.reuseStrategy.KeepAlive(response, context))
                            {
                                this.log.Debug("Connection kept alive");
                                // Consume response content
                                HttpEntity entity = response.GetEntity();
                                EntityUtils.Consume(entity);
                            }
                            else
                            {
                                managedConn.Close();
                            }
                        }
                        else
                        {
                            break;
                        }
                    }
                    else
                    {
                        break;
                    }
                }
            }
            int status_1 = response.GetStatusLine().GetStatusCode();

            if (status_1 > 299)
            {
                // Buffer response content
                HttpEntity entity = response.GetEntity();
                if (entity != null)
                {
                    response.SetEntity(new BufferedHttpEntity(entity));
                }
                managedConn.Close();
                throw new TunnelRefusedException("CONNECT refused by proxy: " + response.GetStatusLine
                                                     (), response);
            }
            // How to decide on security of the tunnelled connection?
            // The socket factory knows only about the segment to the proxy.
            // Even if that is secure, the hop to the target may be insecure.
            // Leave it to derived classes, consider insecure by default here.
            return(false);
        }
Exemplo n.º 6
0
        /// <summary>Establishes the target route.</summary>
        /// <remarks>Establishes the target route.</remarks>
        /// <exception cref="Apache.Http.HttpException"></exception>
        /// <exception cref="System.IO.IOException"></exception>
        internal virtual void EstablishRoute(AuthState proxyAuthState, HttpClientConnection
                                             managedConn, HttpRoute route, IHttpRequest request, HttpClientContext context)
        {
            RequestConfig config  = context.GetRequestConfig();
            int           timeout = config.GetConnectTimeout();
            RouteTracker  tracker = new RouteTracker(route);
            int           step;

            do
            {
                HttpRoute fact = tracker.ToRoute();
                step = this.routeDirector.NextStep(route, fact);
                switch (step)
                {
                case HttpRouteDirector.ConnectTarget:
                {
                    this.connManager.Connect(managedConn, route, timeout > 0 ? timeout : 0, context);
                    tracker.ConnectTarget(route.IsSecure());
                    break;
                }

                case HttpRouteDirector.ConnectProxy:
                {
                    this.connManager.Connect(managedConn, route, timeout > 0 ? timeout : 0, context);
                    HttpHost proxy = route.GetProxyHost();
                    tracker.ConnectProxy(proxy, false);
                    break;
                }

                case HttpRouteDirector.TunnelTarget:
                {
                    bool secure = CreateTunnelToTarget(proxyAuthState, managedConn, route, request, context
                                                       );
                    this.log.Debug("Tunnel to target created.");
                    tracker.TunnelTarget(secure);
                    break;
                }

                case HttpRouteDirector.TunnelProxy:
                {
                    // The most simple example for this case is a proxy chain
                    // of two proxies, where P1 must be tunnelled to P2.
                    // route: Source -> P1 -> P2 -> Target (3 hops)
                    // fact:  Source -> P1 -> Target       (2 hops)
                    int hop = fact.GetHopCount() - 1;
                    // the hop to establish
                    bool secure = CreateTunnelToProxy(route, hop, context);
                    this.log.Debug("Tunnel to proxy created.");
                    tracker.TunnelProxy(route.GetHopTarget(hop), secure);
                    break;
                }

                case HttpRouteDirector.LayerProtocol:
                {
                    this.connManager.Upgrade(managedConn, route, context);
                    tracker.LayerProtocol(route.IsSecure());
                    break;
                }

                case HttpRouteDirector.Unreachable:
                {
                    throw new HttpException("Unable to establish route: " + "planned = " + route + "; current = "
                                            + fact);
                }

                case HttpRouteDirector.Complete:
                {
                    this.connManager.RouteComplete(managedConn, route, context);
                    break;
                }

                default:
                {
                    throw new InvalidOperationException("Unknown step indicator " + step + " from RouteDirector."
                                                        );
                }
                }
            }while (step > HttpRouteDirector.Complete);
        }