Interceptors.java
/*
* Copyright (c) 2015-2023 AsyncHttpClient Project. All rights reserved.
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.asynchttpclient.netty.handler.intercept;
import io.netty.channel.Channel;
import io.netty.handler.codec.http.HttpHeaders;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpResponse;
import io.netty.handler.codec.http.cookie.ClientCookieDecoder;
import io.netty.handler.codec.http.cookie.Cookie;
import org.asynchttpclient.AsyncHandler;
import org.asynchttpclient.AsyncHttpClientConfig;
import org.asynchttpclient.HttpResponseStatus;
import org.asynchttpclient.Realm;
import org.asynchttpclient.Request;
import org.asynchttpclient.cookie.CookieStore;
import org.asynchttpclient.netty.NettyResponseFuture;
import org.asynchttpclient.netty.channel.ChannelManager;
import org.asynchttpclient.netty.request.NettyRequestSender;
import org.asynchttpclient.proxy.ProxyServer;
import org.asynchttpclient.util.AuthenticatorUtils;
import org.asynchttpclient.util.NonceCounter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import static io.netty.handler.codec.http.HttpHeaderNames.SET_COOKIE;
import static org.asynchttpclient.Dsl.realm;
import static org.asynchttpclient.util.HttpConstants.ResponseStatusCodes.CONTINUE_100;
import static org.asynchttpclient.util.HttpConstants.ResponseStatusCodes.OK_200;
import static org.asynchttpclient.util.HttpConstants.ResponseStatusCodes.PROXY_AUTHENTICATION_REQUIRED_407;
import static org.asynchttpclient.util.HttpConstants.ResponseStatusCodes.UNAUTHORIZED_401;
public class Interceptors {
private static final Logger LOGGER = LoggerFactory.getLogger(Interceptors.class);
private final AsyncHttpClientConfig config;
private final Unauthorized401Interceptor unauthorized401Interceptor;
private final ProxyUnauthorized407Interceptor proxyUnauthorized407Interceptor;
private final Continue100Interceptor continue100Interceptor;
private final Redirect30xInterceptor redirect30xInterceptor;
private final ConnectSuccessInterceptor connectSuccessInterceptor;
private final ResponseFiltersInterceptor responseFiltersInterceptor;
private final boolean hasResponseFilters;
private final ClientCookieDecoder cookieDecoder;
private final NonceCounter nonceCounter;
public Interceptors(AsyncHttpClientConfig config,
ChannelManager channelManager,
NettyRequestSender requestSender) {
this.config = config;
nonceCounter = new NonceCounter();
unauthorized401Interceptor = new Unauthorized401Interceptor(channelManager, requestSender, nonceCounter);
proxyUnauthorized407Interceptor = new ProxyUnauthorized407Interceptor(channelManager, requestSender, nonceCounter);
continue100Interceptor = new Continue100Interceptor(requestSender);
redirect30xInterceptor = new Redirect30xInterceptor(channelManager, config, requestSender);
connectSuccessInterceptor = new ConnectSuccessInterceptor(channelManager, requestSender);
responseFiltersInterceptor = new ResponseFiltersInterceptor(config, requestSender);
hasResponseFilters = !config.getResponseFilters().isEmpty();
cookieDecoder = config.isUseLaxCookieEncoder() ? ClientCookieDecoder.LAX : ClientCookieDecoder.STRICT;
}
public boolean exitAfterIntercept(Channel channel, NettyResponseFuture<?> future, AsyncHandler<?> handler, HttpResponse response,
HttpResponseStatus status, HttpHeaders responseHeaders) throws Exception {
HttpRequest httpRequest = future.getNettyRequest().getHttpRequest();
ProxyServer proxyServer = future.getProxyServer();
int statusCode = response.status().code();
Request request = future.getCurrentRequest();
Realm realm = request.getRealm() != null ? request.getRealm() : config.getRealm();
// This MUST BE called before Redirect30xInterceptor because latter assumes cookie store is already updated
CookieStore cookieStore = config.getCookieStore();
if (cookieStore != null) {
for (String cookieStr : responseHeaders.getAll(SET_COOKIE)) {
Cookie c = cookieDecoder.decode(cookieStr);
if (c != null) {
// Set-Cookie header could be invalid/malformed
cookieStore.add(future.getCurrentRequest().getUri(), c);
}
}
}
if (hasResponseFilters && responseFiltersInterceptor.exitAfterProcessingFilters(channel, future, handler, status, responseHeaders)) {
return true;
}
if (statusCode == UNAUTHORIZED_401) {
return unauthorized401Interceptor.exitAfterHandling401(channel, future, response, request, realm, httpRequest);
}
if (statusCode == PROXY_AUTHENTICATION_REQUIRED_407) {
return proxyUnauthorized407Interceptor.exitAfterHandling407(channel, future, response, request, proxyServer, httpRequest);
}
if (statusCode == CONTINUE_100) {
return continue100Interceptor.exitAfterHandling100(channel, future);
}
if (Redirect30xInterceptor.REDIRECT_STATUSES.contains(statusCode)) {
return redirect30xInterceptor.exitAfterHandlingRedirect(channel, future, response, request, statusCode, realm);
}
if (httpRequest.method() == HttpMethod.CONNECT && statusCode == OK_200) {
return connectSuccessInterceptor.exitAfterHandlingConnect(channel, future, request, proxyServer);
}
// Process Authentication-Info / Proxy-Authentication-Info headers (RFC 7616 Section 3.5)
if (realm != null && realm.getScheme() == Realm.AuthScheme.DIGEST) {
processAuthenticationInfo(future, responseHeaders, realm, false);
}
Realm proxyRealm = future.getProxyRealm();
if (proxyRealm != null && proxyRealm.getScheme() == Realm.AuthScheme.DIGEST) {
processAuthenticationInfo(future, responseHeaders, proxyRealm, true);
}
return false;
}
private void processAuthenticationInfo(NettyResponseFuture<?> future, HttpHeaders responseHeaders,
Realm currentRealm, boolean proxy) {
String headerName = proxy ? "Proxy-Authentication-Info" : "Authentication-Info";
String authInfoHeader = responseHeaders.get(headerName);
if (authInfoHeader == null) {
return;
}
String nextnonce = Realm.Builder.matchParam(authInfoHeader, "nextnonce");
if (nextnonce != null) {
// Rotate to the new nonce
String oldNonce = currentRealm.getNonce();
if (oldNonce != null) {
nonceCounter.reset(oldNonce);
}
Realm newRealm = realm(currentRealm)
.setNonce(nextnonce)
.setNc("00000001")
.build();
if (proxy) {
future.setProxyRealm(newRealm);
} else {
future.setRealm(newRealm);
}
LOGGER.debug("Rotated to nextnonce from {} header", headerName);
}
String rspauth = Realm.Builder.matchParam(authInfoHeader, "rspauth");
if (rspauth != null) {
String expectedRspauth = AuthenticatorUtils.computeRspAuth(currentRealm);
if (!rspauth.equalsIgnoreCase(expectedRspauth)) {
LOGGER.warn("Server rspauth mismatch: expected={}, got={}", expectedRspauth, rspauth);
}
}
}
}