Add proxying support to http-netty4 (Azure#44935)

Add proxying support to http-netty4

Author: alzimmermsft

sdk/clientcore/core/src/main/java/io/clientcore/core/utils/BasicChallengeHandler.java

@@ -4,13 +4,18 @@
 package io.clientcore.core.utils;
 
 import io.clientcore.core.http.models.HttpHeaderName;
+import io.clientcore.core.http.models.HttpHeaders;
 import io.clientcore.core.http.models.HttpRequest;
 import io.clientcore.core.http.models.Response;
 import io.clientcore.core.models.binarydata.BinaryData;
 
+import java.net.URI;
 import java.nio.charset.StandardCharsets;
+import java.util.AbstractMap;
 import java.util.Base64;
 import java.util.List;
+import java.util.Map;
+import java.util.Objects;
 
 import static io.clientcore.core.utils.AuthUtils.BASIC;
 
@@ -37,33 +42,61 @@ public BasicChallengeHandler(String username, String password) {
     @Override
     public void handleChallenge(HttpRequest request, Response<BinaryData> response, boolean isProxy) {
         if (canHandle(response, isProxy)) {
-            synchronized (request.getHeaders()) {
-                HttpHeaderName headerName = isProxy ? HttpHeaderName.PROXY_AUTHORIZATION : HttpHeaderName.AUTHORIZATION;
-                // Check if the appropriate Authorization header is already present
-                if (request.getHeaders().getValue(headerName) == null) {
-                    request.getHeaders().add(headerName, authHeader);
-                }
-            }
+            HttpHeaderName headerName = isProxy ? HttpHeaderName.PROXY_AUTHORIZATION : HttpHeaderName.AUTHORIZATION;
+            request.getHeaders().set(headerName, authHeader);
         }
     }
 
     @Override
     public boolean canHandle(Response<BinaryData> response, boolean isProxy) {
-        if (response.getHeaders() != null) {
-            HttpHeaderName authHeaderName
-                = isProxy ? HttpHeaderName.PROXY_AUTHENTICATE : HttpHeaderName.WWW_AUTHENTICATE;
-            String authHeader = response.getHeaders().getValue(authHeaderName);
-
-            if (authHeader != null) {
-                // Parse the authenticate header into AuthenticateChallenges, then check if any use scheme 'Basic'.
-                List<AuthenticateChallenge> challenges = AuthUtils.parseAuthenticateHeader(authHeader);
-                for (AuthenticateChallenge challenge : challenges) {
-                    if (BASIC.equalsIgnoreCase(challenge.getScheme())) {
-                        return true;
-                    }
+        HttpHeaders responseHeaders = response.getHeaders();
+        if (responseHeaders == null) {
+            return false;
+        }
+
+        HttpHeaderName authHeaderName = isProxy ? HttpHeaderName.PROXY_AUTHENTICATE : HttpHeaderName.WWW_AUTHENTICATE;
+        List<String> authenticateHeaders = responseHeaders.getValues(authHeaderName);
+        if (CoreUtils.isNullOrEmpty(authenticateHeaders)) {
+            return false;
+        }
+
+        for (String authenticateHeader : authenticateHeaders) {
+            for (AuthenticateChallenge challenge : AuthUtils.parseAuthenticateHeader(authenticateHeader)) {
+                if (canHandle(challenge)) {
+                    return true;
                 }
             }
         }
+
+        return false;
+    }
+
+    @Override
+    public Map.Entry<String, AuthenticateChallenge> handleChallenge(String method, URI uri,
+        List<AuthenticateChallenge> challenges) {
+        Objects.requireNonNull(challenges, "Cannot use a null 'challenges' to handle challenges.");
+        for (AuthenticateChallenge challenge : challenges) {
+            if (canHandle(challenge)) {
+                return new AbstractMap.SimpleImmutableEntry<>(authHeader, challenge);
+            }
+        }
+
+        return null;
+    }
+
+    @Override
+    public boolean canHandle(List<AuthenticateChallenge> challenges) {
+        Objects.requireNonNull(challenges, "Cannot use a null 'challenges' to determine if it can be handled.");
+        for (AuthenticateChallenge challenge : challenges) {
+            if (canHandle(challenge)) {
+                return true;
+            }
+        }
+
         return false;
     }
+
+    private static boolean canHandle(AuthenticateChallenge challenge) {
+        return challenge != null && BASIC.equalsIgnoreCase(challenge.getScheme());
+    }
 }

sdk/clientcore/core/src/main/java/io/clientcore/core/utils/ChallengeHandler.java

@@ -7,7 +7,10 @@
 import io.clientcore.core.http.models.Response;
 import io.clientcore.core.models.binarydata.BinaryData;
 
+import java.net.URI;
 import java.util.Arrays;
+import java.util.List;
+import java.util.Map;
 
 /**
  * Class representing a challenge handler for authentication.
@@ -19,19 +22,63 @@ public interface ChallengeHandler {
      * @param request The HTTP request to be updated with authentication info.
      * @param response The HTTP response containing the authentication challenge.
      * @param isProxy Indicates if the challenge is for a proxy.
+     * @throws NullPointerException If {@code request} or {@code response} is null.
      */
     void handleChallenge(HttpRequest request, Response<BinaryData> response, boolean isProxy);
 
     /**
-     * Validate if this ChallengeHandler can handle the provided challenge
-     * by inspecting the 'Proxy-Authenticate' or 'WWW-Authenticate' headers.
+     * Validate if this ChallengeHandler can handle the provided challenge by inspecting the {@code Proxy-Authenticate}
+     * or {@code WWW-Authenticate} headers.
+     * <p>
+     * Use of {@code Proxy-Authenticate} or {@code WWW-Authenticate} is based on {@code isProxy}.
+     * <p>
+     * This method will return true if at least one of the authenticate challenges in the response header can be handled
+     * by this ChallengeHandler. Meaning, if {@link #of(ChallengeHandler...)} is used ordering of the provided
+     * ChallengeHandlers is important, where if more secure handling is needed positioning
+     * {@link DigestChallengeHandler}, or a custom ChallengeHandler for more secure auth mechanisms, before
+     * {@link BasicChallengeHandler} is necessary.
      *
      * @param response The HTTP response containing the authentication challenge.
      * @param isProxy boolean indicating if it is a proxy challenge handler.
-     * @return boolean indicating if the challenge can be handled.
+     * @return Whether a challenge within the {@link Response#getHeaders()} {@code Proxy-Authenticate} or
+     * {@code WWW-Authenticate} can be handled.
+     * @throws NullPointerException If {@code response} is null.
      */
     boolean canHandle(Response<BinaryData> response, boolean isProxy);
 
+    /**
+     * Creates a {@code Proxy-Authorization} or {@code WWW-Authorization} compliant header from the given
+     * {@link AuthenticateChallenge}s.
+     * <p>
+     * It is left to the ChallengeHandler implementation to decide which of the {@link AuthenticateChallenge}s it
+     * {@link #canHandle(List)} to use when creating the header.
+     * <p>
+     * If none of the {@link AuthenticateChallenge}s can be handled null will be returned.
+     *
+     * @param method The HTTP method used in the request being authorized.
+     * @param uri The URI for the HTTP request being authorized.
+     * @param challenges The HTTP authenticate challenges, either from {@code Proxy-Authenticate} or
+     * {@code WWW-Authenticate} headers.
+     * @return A {@link Map.Entry} where the key is the {@code Proxy-Authorization} or {@code WWW-Authorization}
+     * compliant header and value is the {@link AuthenticateChallenge} used to generate the header, or null if none of
+     * the challenges can be handled.
+     */
+    Map.Entry<String, AuthenticateChallenge> handleChallenge(String method, URI uri,
+        List<AuthenticateChallenge> challenges);
+
+    /**
+     * Validate if this ChallengeHandler can handle any of the provided {@link AuthenticateChallenge}s.
+     * <p>
+     * This method is meant for scenarios where authenticate headers are processed into {@link AuthenticateChallenge}s
+     * externally, normally using {@link AuthUtils#parseAuthenticateHeader(String)}.
+     *
+     * @param challenges The HTTP authenticate challenges, either from {@code Proxy-Authenticate} or
+     * {@code WWW-Authenticate} headers.
+     * @return Whether any {@link AuthenticateChallenge} can be handled.
+     * @throws NullPointerException If {@code challenges} is null.
+     */
+    boolean canHandle(List<AuthenticateChallenge> challenges);
+
     /**
      * Factory method for creating composite handlers.
      *

sdk/clientcore/core/src/main/java/io/clientcore/core/utils/CompositeChallengeHandler.java

@@ -7,7 +7,10 @@
 import io.clientcore.core.instrumentation.logging.ClientLogger;
 import io.clientcore.core.models.binarydata.BinaryData;
 
+import java.net.URI;
 import java.util.List;
+import java.util.Map;
+import java.util.Objects;
 
 final class CompositeChallengeHandler implements ChallengeHandler {
     private static final ClientLogger LOGGER = new ClientLogger(CompositeChallengeHandler.class);
@@ -50,4 +53,30 @@ public void handleChallenge(HttpRequest request, Response<BinaryData> response,
         LOGGER.logThrowableAsError(
             new UnsupportedOperationException("None of the challenge handlers could handle the challenge."));
     }
+
+    @Override
+    public Map.Entry<String, AuthenticateChallenge> handleChallenge(String method, URI uri,
+        List<AuthenticateChallenge> challenges) {
+        Objects.requireNonNull(challenges, "Cannot use a null 'challenges' to handle challenges.");
+        for (ChallengeHandler handler : challengeHandlers) {
+            Map.Entry<String, AuthenticateChallenge> result = handler.handleChallenge(method, uri, challenges);
+            if (result != null) {
+                return result;
+            }
+        }
+
+        return null;
+    }
+
+    @Override
+    public boolean canHandle(List<AuthenticateChallenge> challenges) {
+        Objects.requireNonNull(challenges, "Cannot use a null 'challenges' to determine if it can be handled.");
+        for (ChallengeHandler handler : challengeHandlers) {
+            if (handler.canHandle(challenges)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
 }