aws · debora-ito · Sep 10, 2021 · Jun 7, 2021 · Jun 8, 2021 · Jun 8, 2021
@@ -0,0 +1,6 @@
+{
+    "category": "AWS SDK for Java v2", 
+    "contributor": "guillepb10", 
+    "type": "feature", 
+    "description": "Add support for autheticated corporate proxies"
+}
@@ -33,12 +33,16 @@ public final class ProxyConfiguration implements ToCopyableBuilder<ProxyConfigur
     private final String scheme;
     private final String host;
     private final int port;
+    private final String username;
+    private final String password;
     private final Set<String> nonProxyHosts;
 
     private ProxyConfiguration(BuilderImpl builder) {
         this.scheme = builder.scheme;
         this.host = builder.host;
         this.port = builder.port;
+        this.username = builder.username;
+        this.password = builder.password;
         this.nonProxyHosts = Collections.unmodifiableSet(builder.nonProxyHosts);
     }
 
@@ -63,6 +67,20 @@ public int port() {
         return port;
     }
 
+    /**
+     * @return The proxy username.
+     */
+    public String username() {
+        return username;
+    }
+
+    /**
+     * @return The proxy password.
+     */
+    public String password() {
+        return password;
+    }
+
     /**
      * @return The set of hosts that should not be proxied.
      */
@@ -153,12 +171,28 @@ public interface Builder extends CopyableBuilder<Builder, ProxyConfiguration> {
          * @return This object for method chaining.
          */
         Builder nonProxyHosts(Set<String> nonProxyHosts);
+
+        /**
+         * Set the username used to authenticate with the proxy server.
+         * @param username The proxy username.
+         * @return This object for method chaining.
+         */
+        Builder username(String username);
+
+        /**
+         * Set the password used to authenticate with the proxy server.
+         * @param password The proxy username.
+         * @return This object for method chaining.
+         */
+        Builder password(String password);
     }
 
     private static final class BuilderImpl implements Builder {
         private String scheme;
         private String host;
         private int port;
+        private String username;
+        private String password;
         private Set<String> nonProxyHosts = Collections.emptySet();
 
         private BuilderImpl() {
@@ -189,6 +223,8 @@ public Builder port(int port) {
             return this;
         }
 
+
+
         @Override
         public Builder nonProxyHosts(Set<String> nonProxyHosts) {
             if (nonProxyHosts != null) {
@@ -199,6 +235,18 @@ public Builder nonProxyHosts(Set<String> nonProxyHosts) {
             return this;
         }
 
+        @Override
+        public Builder username(String username) {
+            this.username = username;
+            return this;
+        }
+
+        @Override
+        public Builder password(String password) {
+            this.password = password;
+            return this;
+        }
+
         @Override
         public ProxyConfiguration build() {
             return new ProxyConfiguration(this);

@@ -136,8 +136,9 @@ protected SimpleChannelPoolAwareChannelPool newPool(URI key) {
         ChannelPool baseChannelPool;
         if (shouldUseProxyForHost(key)) {
             tcpChannelPool = new BetterSimpleChannelPool(bootstrap, NOOP_HANDLER);
-            baseChannelPool = new Http1TunnelConnectionPool(bootstrap.config().group().next(), tcpChannelPool,
-                                                            sslContext, proxyAddress(key), key, pipelineInitializer);
+            baseChannelPool = new Http1TunnelConnectionPool(bootstrap.config().group().next(), tcpChannelPool, sslContext,
+                                            proxyAddress(key), proxyConfiguration.username(), proxyConfiguration.password(),
+                                            key, pipelineInitializer);
         } else {
             tcpChannelPool = new BetterSimpleChannelPool(bootstrap, pipelineInitializer);
             baseChannelPool = tcpChannelPool;

@@ -49,24 +49,38 @@ public class Http1TunnelConnectionPool implements ChannelPool {
     private final ChannelPool delegate;
     private final SslContext sslContext;
     private final URI proxyAddress;
+    private final String proxyUser;
+    private final String proxyPassword;
     private final URI remoteAddress;
     private final ChannelPoolHandler handler;
     private final InitHandlerSupplier initHandlerSupplier;
 
+    public Http1TunnelConnectionPool(EventLoop eventLoop, ChannelPool delegate, SslContext sslContext,
+                                     URI proxyAddress, String proxyUsername, String proxyPassword,
+                                     URI remoteAddress, ChannelPoolHandler handler) {
+        this(eventLoop, delegate, sslContext,
+                proxyAddress, proxyUsername, proxyPassword, remoteAddress, handler,
+                ProxyTunnelInitHandler::new);
+    }
+
     public Http1TunnelConnectionPool(EventLoop eventLoop, ChannelPool delegate, SslContext sslContext,
                                      URI proxyAddress, URI remoteAddress, ChannelPoolHandler handler) {
-        this(eventLoop, delegate, sslContext, proxyAddress, remoteAddress, handler, ProxyTunnelInitHandler::new);
+        this(eventLoop, delegate, sslContext,
+                proxyAddress, null, null, remoteAddress, handler,
+                ProxyTunnelInitHandler::new);
 
     }
 
     @SdkTestInternalApi
     Http1TunnelConnectionPool(EventLoop eventLoop, ChannelPool delegate, SslContext sslContext,
-                              URI proxyAddress, URI remoteAddress, ChannelPoolHandler handler,
-                              InitHandlerSupplier initHandlerSupplier) {
+                              URI proxyAddress, String proxyUser, String proxyPassword, URI remoteAddress,
+                              ChannelPoolHandler handler, InitHandlerSupplier initHandlerSupplier) {
         this.eventLoop = eventLoop;
         this.delegate = delegate;
         this.sslContext = sslContext;
         this.proxyAddress = proxyAddress;
+        this.proxyUser = proxyUser;
+        this.proxyPassword = proxyPassword;
         this.remoteAddress = remoteAddress;
         this.handler = handler;
         this.initHandlerSupplier = initHandlerSupplier;
@@ -120,7 +134,8 @@ private void setupChannel(Channel ch, Promise<Channel> acquirePromise) {
         if (sslHandler != null) {
             ch.pipeline().addLast(sslHandler);
         }
-        ch.pipeline().addLast(initHandlerSupplier.newInitHandler(delegate, remoteAddress, tunnelEstablishedPromise));
+        ch.pipeline().addLast(initHandlerSupplier.newInitHandler(delegate, this.proxyUser, this.proxyPassword, remoteAddress,
+                                                                    tunnelEstablishedPromise));
         tunnelEstablishedPromise.addListener((Future<Channel> f) -> {
             if (f.isSuccess()) {
                 Channel tunnel = f.getNow();
@@ -160,6 +175,7 @@ private static boolean isTunnelEstablished(Channel ch) {
     @SdkTestInternalApi
     @FunctionalInterface
     interface InitHandlerSupplier {
-        ChannelHandler newInitHandler(ChannelPool sourcePool, URI remoteAddress, Promise<Channel> tunnelInitFuture);
+        ChannelHandler newInitHandler(ChannelPool sourcePool, String proxyUsername, String proxyPassword, URI remoteAddress,
+                                      Promise<Channel> tunnelInitFuture);
     }
 }
@@ -28,35 +28,48 @@
 import io.netty.handler.codec.http.HttpRequest;
 import io.netty.handler.codec.http.HttpResponse;
 import io.netty.handler.codec.http.HttpVersion;
+import io.netty.util.CharsetUtil;
 import io.netty.util.concurrent.Promise;
 import java.io.IOException;
 import java.net.URI;
+import java.util.Base64;
 import java.util.function.Supplier;
 import software.amazon.awssdk.annotations.SdkInternalApi;
 import software.amazon.awssdk.annotations.SdkTestInternalApi;
 import software.amazon.awssdk.utils.Logger;
+import software.amazon.awssdk.utils.StringUtils;
 
 /**
  * Handler that initializes the HTTP tunnel.
  */
 @SdkInternalApi
 public final class ProxyTunnelInitHandler extends ChannelDuplexHandler {
+
     public static final Logger log = Logger.loggerFor(ProxyTunnelInitHandler.class);
     private final ChannelPool sourcePool;
+    private final String username;
+    private final String password;
     private final URI remoteHost;
     private final Promise<Channel> initPromise;
     private final Supplier<HttpClientCodec> httpCodecSupplier;
 
+    public ProxyTunnelInitHandler(ChannelPool sourcePool, String proxyUsername, String proxyPassword, URI remoteHost,
+                                  Promise<Channel> initPromise) {
+        this(sourcePool, proxyUsername, proxyPassword, remoteHost, initPromise, HttpClientCodec::new);
+    }
+
     public ProxyTunnelInitHandler(ChannelPool sourcePool, URI remoteHost, Promise<Channel> initPromise) {
-        this(sourcePool, remoteHost, initPromise, HttpClientCodec::new);
+        this(sourcePool, null, null, remoteHost, initPromise, HttpClientCodec::new);
     }
 
     @SdkTestInternalApi
-    public ProxyTunnelInitHandler(ChannelPool sourcePool, URI remoteHost, Promise<Channel> initPromise,
-                                  Supplier<HttpClientCodec> httpCodecSupplier) {
+    public ProxyTunnelInitHandler(ChannelPool sourcePool, String prosyUsername, String proxyPassword,
+                                  URI remoteHost, Promise<Channel> initPromise, Supplier<HttpClientCodec> httpCodecSupplier) {
         this.sourcePool = sourcePool;
         this.remoteHost = remoteHost;
         this.initPromise = initPromise;
+        this.username = prosyUsername;
+        this.password = proxyPassword;
         this.httpCodecSupplier = httpCodecSupplier;
     }
 
@@ -137,6 +150,13 @@ private HttpRequest connectRequest() {
         HttpRequest request = new DefaultFullHttpRequest(HttpVersion.HTTP_1_1, HttpMethod.CONNECT, uri,
                                                          Unpooled.EMPTY_BUFFER, false);
         request.headers().add(HttpHeaderNames.HOST, uri);
+
+        if (!StringUtils.isEmpty(this.username) && !StringUtils.isEmpty(this.password)) {
+            String authToken = String.format("%s:%s", this.username, this.password);
+            String authB64 = Base64.getEncoder().encodeToString(authToken.getBytes(CharsetUtil.UTF_8));
+            request.headers().add(HttpHeaderNames.PROXY_AUTHORIZATION, String.format("Basic %s", authB64));
+        }
+
         return request;
     }
 

@@ -24,15 +24,15 @@
 import static software.amazon.awssdk.http.SdkHttpConfigurationOption.TLS_KEY_MANAGERS_PROVIDER;
 
 import java.net.URI;
-import java.util.ArrayList;
-import java.util.HashMap;
-import java.util.List;
-import java.util.Map;
+import java.nio.charset.StandardCharsets;
+import java.util.*;
 import java.util.stream.Collectors;
 import java.util.stream.Stream;
 
 import com.github.tomakehurst.wiremock.junit.WireMockRule;
 
+import io.netty.util.CharsetUtil;
+import org.apache.commons.lang3.CharSetUtils;
 import org.apache.commons.lang3.RandomStringUtils;
 import org.junit.After;
 import org.junit.Rule;
@@ -215,6 +215,39 @@ public void usingProxy_noSchemeGiven_defaultsToHttp() {
         assertThat(requests).contains("CONNECT some-awesome-service:443");
     }
 
+    @Test
+    public void usingProxy_withAuth() {
+        ProxyConfiguration proxyConfiguration = ProxyConfiguration.builder()
+                .host("localhost")
+                .port(mockProxy.port())
+                .username("myuser")
+                .password("mypassword")
+                .build();
+
+        channelPoolMap = AwaitCloseChannelPoolMap.builder()
+                .proxyConfiguration(proxyConfiguration)
+                .sdkChannelOptions(new SdkChannelOptions())
+                .sdkEventLoopGroup(SdkEventLoopGroup.builder().build())
+                .configuration(new NettyConfiguration(GLOBAL_HTTP_DEFAULTS))
+                .protocol(Protocol.HTTP1_1)
+                .maxStreams(100)
+                .sslProvider(SslProvider.OPENSSL)
+                .build();
+
+        SimpleChannelPoolAwareChannelPool simpleChannelPoolAwareChannelPool = channelPoolMap.newPool(
+                URI.create("https://some-awesome-service:443"));
+
+        simpleChannelPoolAwareChannelPool.acquire().awaitUninterruptibly();
+
+        String requests = recorder.requests().toString();
+
+        assertThat(requests).contains("CONNECT some-awesome-service:443");
+
+        String authB64 = Base64.getEncoder().encodeToString("myuser:mypassword".getBytes(CharsetUtil.UTF_8));
+        String authHeaderValue = String.format("Basic %s", authB64);
+        assertThat(requests).contains(String.format("proxy-authorization: %s", authHeaderValue));
+    }
+
     @Test
     public void usesProvidedKeyManagersProvider() {
         TlsKeyManagersProvider provider = mock(TlsKeyManagersProvider.class);