Merge pull request #364 from jekh/add-auto-basic-auth

Add auto basic authentication to LittleProxy implementation

Author: jekh

browsermob-core-littleproxy/src/main/java/net/lightbody/bmp/BrowserMobProxyServer.java

@@ -13,6 +13,7 @@
 import net.lightbody.bmp.core.har.HarPage;
 import net.lightbody.bmp.exception.NameResolutionException;
 import net.lightbody.bmp.filters.AddHeadersFilter;
+import net.lightbody.bmp.filters.AutoBasicAuthFilter;
 import net.lightbody.bmp.filters.BlacklistFilter;
 import net.lightbody.bmp.filters.BrowserMobHttpFilterChain;
 import net.lightbody.bmp.filters.HarCaptureFilter;
@@ -63,9 +64,11 @@
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import javax.xml.bind.DatatypeConverter;
 import java.net.InetAddress;
 import java.net.InetSocketAddress;
 import java.net.UnknownHostException;
+import java.nio.charset.StandardCharsets;
 import java.util.ArrayList;
 import java.util.Arrays;
 import java.util.Collection;
@@ -304,6 +307,14 @@ public void setUpstreamMaxKB(long upstreamMaxKB) {
      */
     private final StreamManagerLegacyAdapter streamManagerAdapter = new StreamManagerLegacyAdapter();
 
+    /**
+     * A mapping of hostnames to base64-encoded Basic auth credentials that will be added to the Authorization header for
+     * matching requests.
+     */
+    private final ConcurrentMap<String, String> basicAuthCredentials = new MapMaker()
+            .concurrencyLevel(1)
+            .makeMap();
+
     public BrowserMobProxyServer() {
         this(0);
     }
@@ -832,20 +843,24 @@ public void setLatency(long latency, TimeUnit timeUnit) {
 
     @Override
     public void autoAuthorization(String domain, String username, String password, AuthType authType) {
-        if (errorOnUnsupportedOperation) {
-            throw new UnsupportedOperationException("No LittleProxy implementation for operation: " + new Throwable().getStackTrace()[0].getMethodName());
-        } else {
-            log.warn("No LittleProxy implementation for operation: " + new Throwable().getStackTrace()[0].getMethodName());
+        switch (authType) {
+            case BASIC:
+                // base64 encode the "username:password" string
+                String credentialsToEncode = username + ':' + password;
+                byte[] credentialsAsUsAscii = credentialsToEncode.getBytes(StandardCharsets.US_ASCII);
+                String base64EncodedCredentials = DatatypeConverter.printBase64Binary(credentialsAsUsAscii);
+
+                basicAuthCredentials.put(domain, base64EncodedCredentials);
+                break;
+
+            default:
+                throw new UnsupportedOperationException("AuthType " + authType + " is not supported");
         }
     }
 
     @Override
     public void stopAutoAuthorization(String domain) {
-        if (errorOnUnsupportedOperation) {
-            throw new UnsupportedOperationException("No LittleProxy implementation for operation: " + new Throwable().getStackTrace()[0].getMethodName());
-        } else {
-            log.warn("No LittleProxy implementation for operation: " + new Throwable().getStackTrace()[0].getMethodName());
-        }
+        basicAuthCredentials.remove(domain);
     }
 
     /**
@@ -931,7 +946,7 @@ public void setRequestTimeout(int requestTimeoutMs) {
      * @deprecated use {@link #autoAuthorization(String, String, String, net.lightbody.bmp.proxy.auth.AuthType)}
      */
     @Deprecated
-//    @Override
+    @Override
     public void autoBasicAuthorization(String domain, String username, String password) {
         autoAuthorization(domain, username, password, AuthType.BASIC);
     }
@@ -1446,6 +1461,13 @@ public HttpFilters filterRequest(HttpRequest originalRequest, ChannelHandlerCont
             }
         });
 
+        addHttpFilterFactory(new HttpFiltersSourceAdapter() {
+            @Override
+            public HttpFilters filterRequest(HttpRequest originalRequest, ChannelHandlerContext ctx) {
+                return new AutoBasicAuthFilter(originalRequest, ctx, basicAuthCredentials);
+            }
+        });
+
         addHttpFilterFactory(new HttpFiltersSourceAdapter() {
             @Override
             public HttpFilters filterRequest(HttpRequest originalRequest, ChannelHandlerContext ctx) {

browsermob-core-littleproxy/src/main/java/net/lightbody/bmp/filters/AutoBasicAuthFilter.java

@@ -0,0 +1,54 @@
+package net.lightbody.bmp.filters;
+
+import io.netty.channel.ChannelHandlerContext;
+import io.netty.handler.codec.http.HttpHeaders;
+import io.netty.handler.codec.http.HttpObject;
+import io.netty.handler.codec.http.HttpRequest;
+import io.netty.handler.codec.http.HttpResponse;
+import org.littleshoot.proxy.impl.ProxyUtils;
+
+import java.util.Map;
+
+/**
+ * A filter that adds Basic authentication information to non-CONNECT requests. Takes a map of domain names to base64-encoded
+ * Basic auth credentials as a constructor parameter. If a key in the map matches the hostname of a filtered request, an Authorization
+ * header will be added to the request.
+ * <p/>
+ * The Authorization header itself is specified in RFC 7235, section 4.2: https://tools.ietf.org/html/rfc7235#section-4.2
+ * The Basic authentication scheme is specified in RFC 2617, section 2: https://tools.ietf.org/html/rfc2617#section-2
+ */
+public class AutoBasicAuthFilter extends HttpsAwareFiltersAdapter {
+    private final Map<String, String> credentialsByHostname;
+
+    public AutoBasicAuthFilter(HttpRequest originalRequest, ChannelHandlerContext ctx, Map<String, String> credentialsByHostname) {
+        super(originalRequest, ctx);
+
+        this.credentialsByHostname = credentialsByHostname;
+    }
+
+    @Override
+    public HttpResponse clientToProxyRequest(HttpObject httpObject) {
+        if (credentialsByHostname.isEmpty()) {
+            return null;
+        }
+
+        if (httpObject instanceof HttpRequest) {
+            HttpRequest httpRequest = (HttpRequest) httpObject;
+
+            // providing authorization during a CONNECT is generally not useful
+            if (ProxyUtils.isCONNECT(httpRequest)) {
+                return null;
+            }
+
+            String hostname = getHost(httpRequest);
+
+            // if there is an entry in the credentials map matching this hostname, add the credentials to the request
+            String base64CredentialsForHostname = credentialsByHostname.get(hostname);
+            if (base64CredentialsForHostname != null) {
+                httpRequest.headers().add(HttpHeaders.Names.AUTHORIZATION, "Basic " + base64CredentialsForHostname);
+            }
+        }
+
+        return null;
+    }
+}

browsermob-core-littleproxy/src/main/java/net/lightbody/bmp/filters/HarCaptureFilter.java

@@ -620,7 +620,7 @@ protected void captureConnectTiming() {
      * @param httpRequest HTTP request to take the hostname from
      */
     protected void populateAddressFromCache(HttpRequest httpRequest) {
-        String serverHost = getHostAndPort(httpRequest);
+        String serverHost = getHost(httpRequest);
 
         if (serverHost != null && !serverHost.isEmpty()) {
             String resolvedAddress = ResolvedHostnameCacheFilter.getPreviouslyResolvedAddressForHost(serverHost);

browsermob-core-littleproxy/src/main/java/net/lightbody/bmp/filters/HttpsAwareFiltersAdapter.java

@@ -41,37 +41,6 @@ public boolean isHttps() {
         }
     }
 
-    /**
-     * Returns the host and port of this HTTPS request, including any modifications by other filters.
-     *
-     * @return host and port of this HTTPS request
-     * @throws IllegalStateException if this is not an HTTPS request
-     */
-    public String getHttpsRequestHostAndPort() throws IllegalStateException {
-        if (!isHttps()) {
-            throw new IllegalStateException("Request is not HTTPS. Cannot get host and port on non-HTTPS request using this method.");
-        }
-
-        Attribute<String> hostnameAttr = ctx.attr(AttributeKey.<String>valueOf(HOST_ATTRIBUTE_NAME));
-        return hostnameAttr.get();
-    }
-
-    /**
-     * Returns the original host and port of this HTTPS request, as sent by the client. Does not reflect any modifications
-     * by other filters.
-     *
-     * @return host and port of this HTTPS request
-     * @throws IllegalStateException if this is not an HTTPS request
-     */
-    public String getHttpsOriginalRequestHostAndPort() throws IllegalStateException {
-        if (!isHttps()) {
-            throw new IllegalStateException("Request is not HTTPS. Cannot get original host and port on non-HTTPS request using this method.");
-        }
-
-        Attribute<String> hostnameAttr = ctx.attr(AttributeKey.<String>valueOf(ORIGINAL_HOST_ATTRIBUTE_NAME));
-        return hostnameAttr.get();
-    }
-
     /**
      * Returns the full, absolute URL of the specified request for both HTTP and HTTPS URLs. The request may reflect
      * modifications from this or other filters. This filter instance must be currently handling the specified request;
@@ -91,19 +60,14 @@ public String getFullUrl(HttpRequest modifiedRequest) {
         // To get the full URL, we need to retrieve the Scheme, Host + Port, Path, and Query Params from the request.
         // Scheme: the scheme (HTTP/HTTPS) may or may not be part of the request, and so must be generated based on the
         //   type of connection.
-        // Host and Port: for HTTP requests, the host and port can be read from the request itself using the URI and/or
-        //   Host header. for HTTPS requests, the host and port are not available in the request. by using the
-        //   getHttpsRequestHostAndPort() helper method in HttpsAwareFiltersAdapter, we can capture the host and port for
-        //   HTTPS requests.
-        // Path + Query Params + Fragment: these elements are contained in the HTTP request
+        // Host and Port: available for HTTP and HTTPS requests using the getHostAndPort() helper method.
+        // Path + Query Params + Fragment: these elements are contained in the HTTP request for both HTTP and HTTPS
+        String hostAndPort = getHostAndPort(modifiedRequest);
+        String path = BrowserMobHttpUtil.getPathFromRequest(modifiedRequest);
         String url;
         if (isHttps()) {
-            String hostAndPort = getHttpsRequestHostAndPort();
-            String path = BrowserMobHttpUtil.getPathFromRequest(modifiedRequest);
             url = "https://" + hostAndPort + path;
         } else {
-            String hostAndPort = BrowserMobHttpUtil.getHostAndPortFromRequest(modifiedRequest);
-            String path = BrowserMobHttpUtil.getPathFromRequest(modifiedRequest);
             url = "http://" + hostAndPort + path;
         }
         return url;
@@ -120,14 +84,14 @@ public String getOriginalUrl() {
     }
 
     /**
-     * Returns the host and port of the specified request for both HTTP and HTTPS requests.  The request may reflect
+     * Returns the hostname (but not the port) the specified request for both HTTP and HTTPS requests.  The request may reflect
      * modifications from this or other filters. This filter instance must be currently handling the specified request;
      * otherwise the results are undefined.
      *
      * @param modifiedRequest a possibly-modified version of the request currently being processed
-     * @return host and port of the specified request
+     * @return hostname of the specified request, without the port
      */
-    public String getHostAndPort(HttpRequest modifiedRequest) {
+    public String getHost(HttpRequest modifiedRequest) {
         String serverHost;
         if (isHttps()) {
             HostAndPort hostAndPort = HostAndPort.fromString(getHttpsRequestHostAndPort());
@@ -137,4 +101,55 @@ public String getHostAndPort(HttpRequest modifiedRequest) {
         }
         return serverHost;
     }
+
+    /**
+     * Returns the host and port of the specified request for both HTTP and HTTPS requests.  The request may reflect
+     * modifications from this or other filters. This filter instance must be currently handling the specified request;
+     * otherwise the results are undefined.
+     *
+     * @param modifiedRequest a possibly-modified version of the request currently being processed
+     * @return host and port of the specified request
+     */
+    public String getHostAndPort(HttpRequest modifiedRequest) {
+        // For HTTP requests, the host and port can be read from the request itself using the URI and/or
+        //   Host header. for HTTPS requests, the host and port are not available in the request. by using the
+        //   getHttpsRequestHostAndPort() helper method, we can retrieve the host and port for HTTPS requests.
+        if (isHttps()) {
+            return getHttpsRequestHostAndPort();
+        } else {
+            return BrowserMobHttpUtil.getHostAndPortFromRequest(modifiedRequest);
+        }
+    }
+
+    /**
+     * Returns the host and port of this HTTPS request, including any modifications by other filters.
+     *
+     * @return host and port of this HTTPS request
+     * @throws IllegalStateException if this is not an HTTPS request
+     */
+    private String getHttpsRequestHostAndPort() throws IllegalStateException {
+        if (!isHttps()) {
+            throw new IllegalStateException("Request is not HTTPS. Cannot get host and port on non-HTTPS request using this method.");
+        }
+
+        Attribute<String> hostnameAttr = ctx.attr(AttributeKey.<String>valueOf(HOST_ATTRIBUTE_NAME));
+        return hostnameAttr.get();
+    }
+
+    /**
+     * Returns the original host and port of this HTTPS request, as sent by the client. Does not reflect any modifications
+     * by other filters.
+     * TODO: evaluate this (unused) method and its capture mechanism in HttpsOriginalHostCaptureFilter; remove if not useful.
+     *
+     * @return host and port of this HTTPS request
+     * @throws IllegalStateException if this is not an HTTPS request
+     */
+    private String getHttpsOriginalRequestHostAndPort() throws IllegalStateException {
+        if (!isHttps()) {
+            throw new IllegalStateException("Request is not HTTPS. Cannot get original host and port on non-HTTPS request using this method.");
+        }
+
+        Attribute<String> hostnameAttr = ctx.attr(AttributeKey.<String>valueOf(ORIGINAL_HOST_ATTRIBUTE_NAME));
+        return hostnameAttr.get();
+    }
 }

browsermob-core-littleproxy/src/main/java/net/lightbody/bmp/filters/HttpsHostCaptureFilter.java

@@ -13,7 +13,7 @@
 /**
  * Captures the host for HTTPS requests and stores the value in the ChannelHandlerContext for use by {@link HttpsAwareFiltersAdapter}
  * filters. This filter reads the host from the HttpRequest during the HTTP CONNECT call, and therefore MUST be invoked
- * after any other filters which modify the host.
+ * <b>after</b> any other filters which modify the host.
  * Note: If the request uses the default HTTPS port (443), it will be removed from the hostname captured by this filter.
  */
 public class HttpsHostCaptureFilter extends HttpFiltersAdapter {

browsermob-core-littleproxy/src/main/java/net/lightbody/bmp/filters/HttpsOriginalHostCaptureFilter.java

@@ -9,10 +9,13 @@
 
 /**
  * Captures the original host for HTTPS requests and stores the value in the ChannelHandlerContext for use by {@link HttpsAwareFiltersAdapter}
- * filters. This filter sets the isHttps attribute on the ChannelHandlerContext during the HTTP CONNECT and therefore MUST be invoked before
+ * filters. This filter sets the isHttps attribute on the ChannelHandlerContext during the HTTP CONNECT and therefore MUST be invoked <b>before</b>
  * any other filters calling any of the methods in {@link HttpsAwareFiltersAdapter}.
+ * This filter extends {@link HttpsHostCaptureFilter} and so also sets the host attribute on the channel for use by filters
+ * that modify the original host during the CONNECT. If the hostname is modified by filters, it will be overwritten when the {@link HttpsHostCaptureFilter}
+ * is processed later in the filter chain.
  */
-public class HttpsOriginalHostCaptureFilter extends HttpFiltersAdapter {
+public class HttpsOriginalHostCaptureFilter extends HttpsHostCaptureFilter {
     public HttpsOriginalHostCaptureFilter(HttpRequest originalRequest, ChannelHandlerContext ctx) {
         super(originalRequest, ctx);