Netty client support for authorized proxy (#2517)

* feat(client): support proxy with auth into netty client

* test: test with proxy auth

* doc: add javadoc to public interface and update changelog

* doc: more javadoc

* fix: fix pr comments

* apply codestyle

* fix: fix doc and equals into dto and codestyle

* fix: fix typo and remove use of this into field access

Co-authored-by: Guillermo Priego <[email protected]>
Co-authored-by: Anna-Karin Salander <[email protected]>

Author: 3 people

.changes/next-release/feature-AWSSDKforJavav2-dd0c4ee.json

@@ -0,0 +1,6 @@
+{
+    "category": "AWS SDK for Java v2", 
+    "contributor": "guillepb10", 
+    "type": "feature", 
+    "description": "Add support for authenticated corporate proxies"
+}

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/ProxyConfiguration.java

@@ -33,15 +33,23 @@ public final class ProxyConfiguration implements ToCopyableBuilder<ProxyConfigur
     private final String scheme;
     private final String host;
     private final int port;
+    private final String username;
+    private final String password;
     private final Set<String> nonProxyHosts;
 
     private ProxyConfiguration(BuilderImpl builder) {
         this.scheme = builder.scheme;
         this.host = builder.host;
         this.port = builder.port;
+        this.username = builder.username;
+        this.password = builder.password;
         this.nonProxyHosts = Collections.unmodifiableSet(builder.nonProxyHosts);
     }
 
+    public static Builder builder() {
+        return new BuilderImpl();
+    }
+
     /**
      * @return The proxy scheme.
      */
@@ -63,6 +71,20 @@ public int port() {
         return port;
     }
 
+    /**
+     * @return The proxy username.
+     */
+    public String username() {
+        return username;
+    }
+
+    /**
+     * @return The proxy password.
+     */
+    public String password() {
+        return password;
+    }
+
     /**
      * @return The set of hosts that should not be proxied.
      */
@@ -94,6 +116,14 @@ public boolean equals(Object o) {
             return false;
         }
 
+        if (username != null ? !username.equals(that.username) : that.username != null) {
+            return false;
+        }
+
+        if (password != null ? !password.equals(that.password) : that.password != null) {
+            return false;
+        }
+
         return nonProxyHosts.equals(that.nonProxyHosts);
 
     }
@@ -104,6 +134,8 @@ public int hashCode() {
         result = 31 * result + (host != null ? host.hashCode() : 0);
         result = 31 * result + port;
         result = 31 * result + nonProxyHosts.hashCode();
+        result = 31 * result + (username != null ? username.hashCode() : 0);
+        result = 31 * result + (password != null ? password.hashCode() : 0);
         return result;
     }
 
@@ -112,24 +144,22 @@ public Builder toBuilder() {
         return new BuilderImpl(this);
     }
 
-    public static Builder builder() {
-        return new BuilderImpl();
-    }
-
     /**
      * Builder for {@link ProxyConfiguration}.
      */
     public interface Builder extends CopyableBuilder<Builder, ProxyConfiguration> {
 
         /**
          * Set the hostname of the proxy.
+         *
          * @param host The proxy host.
          * @return This object for method chaining.
          */
         Builder host(String host);
 
         /**
          * Set the port that the proxy expects connections on.
+         *
          * @param port The proxy port.
          * @return This object for method chaining.
          */
@@ -153,12 +183,30 @@ public interface Builder extends CopyableBuilder<Builder, ProxyConfiguration> {
          * @return This object for method chaining.
          */
         Builder nonProxyHosts(Set<String> nonProxyHosts);
+
+        /**
+         * Set the username used to authenticate with the proxy username.
+         *
+         * @param username The proxy username.
+         * @return This object for method chaining.
+         */
+        Builder username(String username);
+
+        /**
+         * Set the password used to authenticate with the proxy password.
+         *
+         * @param password The proxy password.
+         * @return This object for method chaining.
+         */
+        Builder password(String password);
     }
 
     private static final class BuilderImpl implements Builder {
         private String scheme;
         private String host;
         private int port;
+        private String username;
+        private String password;
         private Set<String> nonProxyHosts = Collections.emptySet();
 
         private BuilderImpl() {
@@ -169,6 +217,8 @@ private BuilderImpl(ProxyConfiguration proxyConfiguration) {
             this.host = proxyConfiguration.host;
             this.port = proxyConfiguration.port;
             this.nonProxyHosts = new HashSet<>(proxyConfiguration.nonProxyHosts);
+            this.username = proxyConfiguration.username;
+            this.password = proxyConfiguration.password;
         }
 
         @Override
@@ -189,6 +239,7 @@ public Builder port(int port) {
             return this;
         }
 
+
         @Override
         public Builder nonProxyHosts(Set<String> nonProxyHosts) {
             if (nonProxyHosts != null) {
@@ -199,6 +250,18 @@ public Builder nonProxyHosts(Set<String> nonProxyHosts) {
             return this;
         }
 
+        @Override
+        public Builder username(String username) {
+            this.username = username;
+            return this;
+        }
+
+        @Override
+        public Builder password(String password) {
+            this.password = password;
+            return this;
+        }
+
         @Override
         public ProxyConfiguration build() {
             return new ProxyConfiguration(this);

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/internal/AwaitCloseChannelPoolMap.java

@@ -136,8 +136,9 @@ protected SimpleChannelPoolAwareChannelPool newPool(URI key) {
         ChannelPool baseChannelPool;
         if (shouldUseProxyForHost(key)) {
             tcpChannelPool = new BetterSimpleChannelPool(bootstrap, NOOP_HANDLER);
-            baseChannelPool = new Http1TunnelConnectionPool(bootstrap.config().group().next(), tcpChannelPool,
-                                                            sslContext, proxyAddress(key), key, pipelineInitializer);
+            baseChannelPool = new Http1TunnelConnectionPool(bootstrap.config().group().next(), tcpChannelPool, sslContext,
+                                            proxyAddress(key), proxyConfiguration.username(), proxyConfiguration.password(),
+                                            key, pipelineInitializer);
         } else {
             tcpChannelPool = new BetterSimpleChannelPool(bootstrap, pipelineInitializer);
             baseChannelPool = tcpChannelPool;

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/internal/Http1TunnelConnectionPool.java

@@ -49,24 +49,38 @@ public class Http1TunnelConnectionPool implements ChannelPool {
     private final ChannelPool delegate;
     private final SslContext sslContext;
     private final URI proxyAddress;
+    private final String proxyUser;
+    private final String proxyPassword;
     private final URI remoteAddress;
     private final ChannelPoolHandler handler;
     private final InitHandlerSupplier initHandlerSupplier;
 
+    public Http1TunnelConnectionPool(EventLoop eventLoop, ChannelPool delegate, SslContext sslContext,
+                                     URI proxyAddress, String proxyUsername, String proxyPassword,
+                                     URI remoteAddress, ChannelPoolHandler handler) {
+        this(eventLoop, delegate, sslContext,
+                proxyAddress, proxyUsername, proxyPassword, remoteAddress, handler,
+                ProxyTunnelInitHandler::new);
+    }
+
     public Http1TunnelConnectionPool(EventLoop eventLoop, ChannelPool delegate, SslContext sslContext,
                                      URI proxyAddress, URI remoteAddress, ChannelPoolHandler handler) {
-        this(eventLoop, delegate, sslContext, proxyAddress, remoteAddress, handler, ProxyTunnelInitHandler::new);
+        this(eventLoop, delegate, sslContext,
+                proxyAddress, null, null, remoteAddress, handler,
+                ProxyTunnelInitHandler::new);
 
     }
 
     @SdkTestInternalApi
     Http1TunnelConnectionPool(EventLoop eventLoop, ChannelPool delegate, SslContext sslContext,
-                              URI proxyAddress, URI remoteAddress, ChannelPoolHandler handler,
-                              InitHandlerSupplier initHandlerSupplier) {
+                              URI proxyAddress, String proxyUser, String proxyPassword, URI remoteAddress,
+                              ChannelPoolHandler handler, InitHandlerSupplier initHandlerSupplier) {
         this.eventLoop = eventLoop;
         this.delegate = delegate;
         this.sslContext = sslContext;
         this.proxyAddress = proxyAddress;
+        this.proxyUser = proxyUser;
+        this.proxyPassword = proxyPassword;
         this.remoteAddress = remoteAddress;
         this.handler = handler;
         this.initHandlerSupplier = initHandlerSupplier;
@@ -120,7 +134,8 @@ private void setupChannel(Channel ch, Promise<Channel> acquirePromise) {
         if (sslHandler != null) {
             ch.pipeline().addLast(sslHandler);
         }
-        ch.pipeline().addLast(initHandlerSupplier.newInitHandler(delegate, remoteAddress, tunnelEstablishedPromise));
+        ch.pipeline().addLast(initHandlerSupplier.newInitHandler(delegate, proxyUser, proxyPassword, remoteAddress,
+                                                                    tunnelEstablishedPromise));
         tunnelEstablishedPromise.addListener((Future<Channel> f) -> {
             if (f.isSuccess()) {
                 Channel tunnel = f.getNow();
@@ -160,6 +175,7 @@ private static boolean isTunnelEstablished(Channel ch) {
     @SdkTestInternalApi
     @FunctionalInterface
     interface InitHandlerSupplier {
-        ChannelHandler newInitHandler(ChannelPool sourcePool, URI remoteAddress, Promise<Channel> tunnelInitFuture);
+        ChannelHandler newInitHandler(ChannelPool sourcePool, String proxyUsername, String proxyPassword, URI remoteAddress,
+                                      Promise<Channel> tunnelInitFuture);
     }
 }

http-clients/netty-nio-client/src/main/java/software/amazon/awssdk/http/nio/netty/internal/ProxyTunnelInitHandler.java

@@ -28,35 +28,48 @@
 import io.netty.handler.codec.http.HttpRequest;
 import io.netty.handler.codec.http.HttpResponse;
 import io.netty.handler.codec.http.HttpVersion;
+import io.netty.util.CharsetUtil;
 import io.netty.util.concurrent.Promise;
 import java.io.IOException;
 import java.net.URI;
+import java.util.Base64;
 import java.util.function.Supplier;
 import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.annotations.SdkTestInternalApi;
 import software.amazon.awssdk.utils.Logger;
+import software.amazon.awssdk.utils.StringUtils;
 
 /**
  * Handler that initializes the HTTP tunnel.
  */
 @SdkInternalApi
 public final class ProxyTunnelInitHandler extends ChannelDuplexHandler {
+    
     public static final Logger log = Logger.loggerFor(ProxyTunnelInitHandler.class);
     private final ChannelPool sourcePool;
+    private final String username;
+    private final String password;
     private final URI remoteHost;
     private final Promise<Channel> initPromise;
     private final Supplier<HttpClientCodec> httpCodecSupplier;
 
+    public ProxyTunnelInitHandler(ChannelPool sourcePool, String proxyUsername, String proxyPassword, URI remoteHost,
+                                  Promise<Channel> initPromise) {
+        this(sourcePool, proxyUsername, proxyPassword, remoteHost, initPromise, HttpClientCodec::new);
+    }
+
     public ProxyTunnelInitHandler(ChannelPool sourcePool, URI remoteHost, Promise<Channel> initPromise) {
-        this(sourcePool, remoteHost, initPromise, HttpClientCodec::new);
+        this(sourcePool, null, null, remoteHost, initPromise, HttpClientCodec::new);
     }
 
     @SdkTestInternalApi
-    public ProxyTunnelInitHandler(ChannelPool sourcePool, URI remoteHost, Promise<Channel> initPromise,
-                                  Supplier<HttpClientCodec> httpCodecSupplier) {
+    public ProxyTunnelInitHandler(ChannelPool sourcePool, String prosyUsername, String proxyPassword,
+                                  URI remoteHost, Promise<Channel> initPromise, Supplier<HttpClientCodec> httpCodecSupplier) {
         this.sourcePool = sourcePool;
         this.remoteHost = remoteHost;
         this.initPromise = initPromise;
+        this.username = prosyUsername;
+        this.password = proxyPassword;
         this.httpCodecSupplier = httpCodecSupplier;
     }
 
@@ -137,6 +150,13 @@ private HttpRequest connectRequest() {
         HttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.CONNECT, uri,
                                                          Unpooled.EMPTY_BUFFER, false);
         request.headers().add(HttpHeaderNames.HOST, uri);
+
+        if (!StringUtils.isEmpty(this.username) && !StringUtils.isEmpty(this.password)) {
+            String authToken = String.format("%s:%s", this.username, this.password);
+            String authB64 = Base64.getEncoder().encodeToString(authToken.getBytes(CharsetUtil.UTF_8));
+            request.headers().add(HttpHeaderNames.PROXY_AUTHORIZATION, String.format("Basic %s", authB64));
+        }
+        
         return request;
     }
 

http-clients/netty-nio-client/src/test/java/software/amazon/awssdk/http/nio/netty/ProxyConfigurationTest.java

@@ -16,6 +16,7 @@
 package software.amazon.awssdk.http.nio.netty;
 
 import static org.assertj.core.api.Assertions.assertThat;
+
 import java.lang.reflect.InvocationTargetException;
 import java.lang.reflect.Method;
 import java.util.HashSet;
@@ -47,8 +48,8 @@ public void toBuilder_roundTrip_producesExactCopy() {
     @Test
     public void setNonProxyHostsToNull_createsEmptySet() {
         ProxyConfiguration cfg = ProxyConfiguration.builder()
-                .nonProxyHosts(null)
-                .build();
+                                                   .nonProxyHosts(null)
+                                                   .build();
 
         assertThat(cfg.nonProxyHosts()).isEmpty();
     }
@@ -68,15 +69,15 @@ private ProxyConfiguration allPropertiesSetConfig() {
 
     private ProxyConfiguration.Builder setAllPropertiesToRandomValues(ProxyConfiguration.Builder builder) {
         Stream.of(builder.getClass().getDeclaredMethods())
-                .filter(m -> m.getParameterCount() == 1 && m.getReturnType().equals(ProxyConfiguration.Builder.class))
-                .forEach(m -> {
-                    try {
-                        m.setAccessible(true);
-                        setRandomValue(builder, m);
-                    } catch (Exception e) {
-                        throw new RuntimeException("Could not create random proxy config", e);
-                    }
-                });
+              .filter(m -> m.getParameterCount() == 1 && m.getReturnType().equals(ProxyConfiguration.Builder.class))
+              .forEach(m -> {
+                  try {
+                      m.setAccessible(true);
+                      setRandomValue(builder, m);
+                  } catch (Exception e) {
+                      throw new RuntimeException("Could not create random proxy config", e);
+                  }
+              });
         return builder;
     }
 
@@ -96,15 +97,15 @@ private void setRandomValue(Object o, Method setter) throws InvocationTargetExce
 
     private void verifyAllPropertiesSet(ProxyConfiguration cfg) {
         boolean hasNullProperty = Stream.of(cfg.getClass().getDeclaredMethods())
-                .filter(m -> !m.getReturnType().equals(Void.class) && m.getParameterCount() == 0)
-                .anyMatch(m -> {
-                    m.setAccessible(true);
-                    try {
-                        return m.invoke(cfg) == null;
-                    } catch (Exception e) {
-                        return true;
-                    }
-                });
+                                        .filter(m -> !m.getReturnType().equals(Void.class) && m.getParameterCount() == 0)
+                                        .anyMatch(m -> {
+                                            m.setAccessible(true);
+                                            try {
+                                                return m.invoke(cfg) == null;
+                                            } catch (Exception e) {
+                                                return true;
+                                            }
+                                        });
 
         if (hasNullProperty) {
             throw new RuntimeException("Given configuration has unset property");