private void addNTLMAuthorizationHeader(FluentCaseInsensitiveStringsMap headers, String challengeHeader, boolean proxyInd) { headers.add(authorizationHeaderName(proxyInd), "NTLM " + challengeHeader); }
/** * Implemented in accordance with RFC 7230 section 6.1 * https://tools.ietf.org/html/rfc7230#section-6.1 */ @Override public boolean keepAlive(HttpRequest request, HttpResponse response) { String responseConnectionHeader = connectionHeader(response); if (CLOSE.equalsIgnoreCase(responseConnectionHeader)) { return false; } else { String requestConnectionHeader = connectionHeader(request); if (request.getProtocolVersion() == HttpVersion.HTTP_1_0) { // only use keep-alive if both parties agreed upon it return KEEP_ALIVE.equalsIgnoreCase(requestConnectionHeader) && KEEP_ALIVE.equalsIgnoreCase(responseConnectionHeader); } else { // 1.1+, keep-alive is default behavior return !CLOSE.equalsIgnoreCase(requestConnectionHeader); } } }
public void configureBootstraps(NettyRequestSender requestSender, AtomicBoolean closed) { Protocol httpProtocol = new HttpProtocol(this, config, nettyConfig, requestSender); final Processor httpProcessor = new Processor(config, this, requestSender, httpProtocol); Protocol wsProtocol = new WebSocketProtocol(this, config, nettyConfig, requestSender); wsProcessor = new Processor(config, this, requestSender, wsProtocol);
private boolean handleHttpResponse(final HttpResponse response,// final Channel channel,// final NettyResponseFuture<?> future,// AsyncHandler<?> handler) throws Exception { HttpRequest httpRequest = future.getNettyRequest().getHttpRequest(); ProxyServer proxyServer = future.getProxyServer(); logger.debug("\n\nRequest {}\n\nResponse {}\n", httpRequest, response); // store the original headers so we can re-send all them to // the handler in case of trailing headers future.setHttpHeaders(response.headers()); future.setKeepAlive(connectionStrategy.keepAlive(httpRequest, response)); NettyResponseStatus status = new NettyResponseStatus(future.getUri(), config, response); int statusCode = response.getStatus().getCode(); Request request = future.getRequest(); Realm realm = request.getRealm() != null ? request.getRealm() : config.getRealm(); NettyResponseHeaders responseHeaders = new NettyResponseHeaders(response.headers()); return exitAfterProcessingFilters(channel, future, handler, status, responseHeaders) || exitAfterHandling401(channel, future, response, request, statusCode, realm) || // exitAfterHandling407(channel, future, response, request, statusCode, proxyServer) || // exitAfterHandling100(channel, future, statusCode) || // exitAfterHandlingRedirect(channel, future, response, request, statusCode, realm) || // exitAfterHandlingConnect(channel, future, request, proxyServer, statusCode, httpRequest) || // exitAfterHandlingStatus(channel, future, response, handler, status) || // exitAfterHandlingHeaders(channel, future, response, handler, responseHeaders) || // exitAfterHandlingBody(channel, future, response, handler); }
try { if (e instanceof HttpResponse) { if (handleHttpResponse((HttpResponse) e, channel, future, handler)) return; handleChunk((HttpChunk) e, channel, future, handler); logger.debug("Abort failed", abortException); } finally { finishUpdate(future, channel, false);
private boolean exitAfterHandlingBody(Channel channel, NettyResponseFuture<?> future, HttpResponse response, AsyncHandler<?> handler) throws Exception { if (!response.isChunked()) { // no chunks expected, exiting if (response.getContent().readableBytes() > 0) // FIXME no need to notify an empty bodypart? updateBodyAndInterrupt(future, handler, new NettyResponseBodyPart(response, null, true)); finishUpdate(future, channel, false); return true; } return false; }
private void addType3NTLMAuthorizationHeader(String auth, FluentCaseInsensitiveStringsMap headers, Realm realm, boolean proxyInd) throws NTLMEngineException { headers.remove(authorizationHeaderName(proxyInd)); if (isNonEmpty(auth) && auth.startsWith("NTLM ")) { String serverChallenge = auth.substring("NTLM ".length()).trim(); String challengeHeader = NTLMEngine.INSTANCE.generateType3Msg(realm.getPrincipal(), realm.getPassword(), realm.getNtlmDomain(), realm.getNtlmHost(), serverChallenge); addNTLMAuthorizationHeader(headers, challengeHeader, proxyInd); } }
private Realm ntlmChallenge(String wwwAuth, Request request, FluentCaseInsensitiveStringsMap headers, Realm realm, NettyResponseFuture<?> future) throws NTLMEngineException { Uri uri = request.getUri(); if (wwwAuth.equals("NTLM")) { // server replied bare NTLM => we didn't preemptively sent Type1Msg String challengeHeader = NTLMEngine.INSTANCE.generateType1Msg(); addNTLMAuthorizationHeader(headers, challengeHeader, false); future.getAndSetAuth(false); } else { // probably receiving Type2Msg, so we issue Type3Msg addType3NTLMAuthorizationHeader(wwwAuth, headers, realm, false); } return new Realm.RealmBuilder().clone(realm)// .setUri(uri)// .setMethodName(request.getMethod())// .build(); }
if (!authHeaders.contains("Kerberos") && ntlmAuthenticate != null) { newRealm = ntlmChallenge(ntlmAuthenticate, request, request.getHeaders(), realm, future); newRealm = kerberosChallenge(channel, authHeaders, request, request.getHeaders(), realm, future); if (newRealm == null) return true;
if (!proxyAuthHeaders.contains("Kerberos") && ntlmAuthenticate != null) { newRealm = ntlmProxyChallenge(ntlmAuthenticate, request, proxyServer, requestHeaders, future); newRealm = kerberosProxyChallenge(channel, proxyAuthHeaders, request, proxyServer, requestHeaders, future); if (newRealm == null) return true;
private boolean exitAfterHandlingStatus(Channel channel, NettyResponseFuture<?> future, HttpResponse response, AsyncHandler<?> handler, NettyResponseStatus status) throws IOException, Exception { if (!future.getAndSetStatusReceived(true) && handler.onStatusReceived(status) != STATE.CONTINUE) { finishUpdate(future, channel, HttpHeaders.isTransferEncodingChunked(response)); return true; } return false; }
@Override public void messageReceived(final ChannelHandlerContext ctx, MessageEvent e) throws Exception { // call super to reset the read timeout super.messageReceived(ctx, e); Channel channel = ctx.getChannel(); Object attribute = Channels.getAttribute(channel); if (attribute instanceof Callback) { Object message = e.getMessage(); Callback ac = (Callback) attribute; if (message instanceof HttpChunk) { // the AsyncCallable is to be processed on the last chunk if (HttpChunk.class.cast(message).isLast()) // process the AsyncCallable before passing the message to the protocol ac.call(); // FIXME remove attribute? } else { LOGGER.info("Received unexpected message while expecting a chunk: " + message); ac.call(); Channels.setDiscard(channel); } } else if (attribute instanceof NettyResponseFuture<?>) { NettyResponseFuture<?> future = (NettyResponseFuture<?>) attribute; protocol.handle(channel, future, e.getMessage()); } else if (attribute != DiscardEvent.INSTANCE) { // unhandled message LOGGER.debug("Orphan channel {} with attribute {} received message {}, closing", channel, attribute, e.getMessage()); Channels.silentlyCloseChannel(channel); } }
private Realm ntlmProxyChallenge(String wwwAuth, Request request, ProxyServer proxyServer, FluentCaseInsensitiveStringsMap headers, NettyResponseFuture<?> future) throws NTLMEngineException { future.getAndSetAuth(false); headers.remove(HttpHeaders.Names.PROXY_AUTHORIZATION); Realm realm = proxyServer.realmBuilder()// .setScheme(AuthScheme.NTLM)// .setUri(request.getUri())// .setMethodName(request.getMethod()).build(); addType3NTLMAuthorizationHeader(wwwAuth, headers, realm, true); return realm; }
@Override public void channelClosed(ChannelHandlerContext ctx, ChannelStateEvent e) throws Exception { if (requestSender.isClosed()) return; Channel channel = ctx.getChannel(); channelManager.removeAll(channel); try { super.channelClosed(ctx, e); } catch (Exception ex) { LOGGER.trace("super.channelClosed", ex); } Object attribute = Channels.getAttribute(channel); LOGGER.debug("Channel Closed: {} with attribute {}", channel, attribute); if (attribute instanceof Callback) { Callback callback = (Callback) attribute; Channels.setAttribute(channel, callback.future()); callback.call(); } else if (attribute instanceof NettyResponseFuture<?>) { NettyResponseFuture<?> future = (NettyResponseFuture<?>) attribute; future.touch(); if (!config.getIOExceptionFilters().isEmpty() && requestSender.applyIoExceptionFiltersAndReplayRequest(future, CHANNEL_CLOSED_EXCEPTION, channel)) return; protocol.onClose(future); requestSender.handleUnexpectedClosedChannel(channel, future); } }
LOGGER.debug("Was unable to recover Future: {}", future); requestSender.abort(channel, future, cause); protocol.onError(future, e.getCause()); } catch (Throwable t) { LOGGER.error(t.getMessage(), t);
private Realm kerberosProxyChallenge(Channel channel,// List<String> proxyAuth,// Request request,// ProxyServer proxyServer,// FluentCaseInsensitiveStringsMap headers,// NettyResponseFuture<?> future) throws NTLMEngineException { Uri uri = request.getUri(); try { String challengeHeader = SpnegoEngine.INSTANCE.generateToken(proxyServer.getHost()); headers.remove(HttpHeaders.Names.AUTHORIZATION); headers.add(HttpHeaders.Names.AUTHORIZATION, "Negotiate " + challengeHeader); return proxyServer.realmBuilder()// .setUri(uri)// .setMethodName(request.getMethod())// .setScheme(Realm.AuthScheme.KERBEROS)// .build(); } catch (Throwable throwable) { String ntlmAuthenticate = getNTLM(proxyAuth); if (ntlmAuthenticate != null) { return ntlmProxyChallenge(ntlmAuthenticate, request, proxyServer, headers, future); } requestSender.abort(channel, future, throwable); return null; } }
private Realm kerberosChallenge(Channel channel,// List<String> authHeaders,// Request request,// FluentCaseInsensitiveStringsMap headers,// Realm realm,// NettyResponseFuture<?> future) throws NTLMEngineException { Uri uri = request.getUri(); String host = request.getVirtualHost() == null ? uri.getHost() : request.getVirtualHost(); try { String challengeHeader = SpnegoEngine.INSTANCE.generateToken(host); headers.remove(HttpHeaders.Names.AUTHORIZATION); headers.add(HttpHeaders.Names.AUTHORIZATION, "Negotiate " + challengeHeader); return new Realm.RealmBuilder().clone(realm)// .setUri(uri)// .setMethodName(request.getMethod())// .setScheme(Realm.AuthScheme.KERBEROS)// .build(); } catch (Throwable throwable) { String ntlmAuthenticate = getNTLM(authHeaders); if (ntlmAuthenticate != null) { return ntlmChallenge(ntlmAuthenticate, request, headers, realm, future); } requestSender.abort(channel, future, throwable); return null; } }
requestBuilder.setHeaders(propagatedHeaders(request, realm, switchToGet)); requestBuilder.setHeaders(propagatedHeaders(future.getRequest(), realm, switchToGet));
private void handleChunk(HttpChunk chunk,// final Channel channel,// final NettyResponseFuture<?> future,// AsyncHandler<?> handler) throws IOException, Exception { boolean last = chunk.isLast(); // we don't notify updateBodyAndInterrupt with the last chunk as it's empty if (last || updateBodyAndInterrupt(future, handler, new NettyResponseBodyPart(null, chunk, last))) { // only possible if last is true if (chunk instanceof HttpChunkTrailer) { HttpChunkTrailer chunkTrailer = (HttpChunkTrailer) chunk; if (!chunkTrailer.trailingHeaders().isEmpty()) { NettyResponseHeaders responseHeaders = new NettyResponseHeaders(future.getHttpHeaders(), chunkTrailer.trailingHeaders()); handler.onHeadersReceived(responseHeaders); } } finishUpdate(future, channel, !chunk.isLast()); } }
private boolean exitAfterHandlingHeaders(Channel channel, NettyResponseFuture<?> future, HttpResponse response, AsyncHandler<?> handler, NettyResponseHeaders responseHeaders) throws IOException, Exception { if (!response.headers().isEmpty() && handler.onHeadersReceived(responseHeaders) != STATE.CONTINUE) { finishUpdate(future, channel, HttpHeaders.isTransferEncodingChunked(response)); return true; } return false; }