Add support for proxies requiing authentication

sdk/lib/io/http_impl.dart

 // Copyright (c) 2013, the Dart project authors.  Please see the AUTHORS file
 // for details. All rights reserved. Use of this source code is governed by a
 // BSD-style license that can be found in the LICENSE file.
 
 part of dart.io;
 
 class _HttpIncoming extends Stream<List<int>> {
   final int _transferLength;
   final Completer _dataCompleter = new Completer();
   Stream<List<int>> _stream;
@@ skipping 233 matching lines @@
                          unsubscribeOnError: unsubscribeOnError);
   }
 
   Future<Socket> detachSocket() {
     _httpClient._connectionClosed(_httpRequest._httpClientConnection);
     return _httpRequest._httpClientConnection.detachSocket();
   }
 
   HttpConnectionInfo get connectionInfo => _httpRequest.connectionInfo;
 
+  bool get _shouldAuthenticateProxy {
+    // Only try to authenticate if there is a challenge in the response.
+    List<String> challenge = headers[HttpHeaders.PROXY_AUTHENTICATE];

[Anders Johnsen, 2013/04/15 07:07:19]

Use headers.value? It should do the length == 1 check.

[Søren Gjesse, 2013/04/15 07:42:00]

Value throws, and I don't want that here.

+    return statusCode == HttpStatus.PROXY_AUTHENTICATION_REQUIRED &&
+        challenge != null && challenge.length == 1;
+  }
+
   bool get _shouldAuthenticate {
     // Only try to authenticate if there is a challenge in the response.
     List<String> challenge = headers[HttpHeaders.WWW_AUTHENTICATE];
     return statusCode == HttpStatus.UNAUTHORIZED &&
         challenge != null && challenge.length == 1;
   }
 
   Future<HttpClientResponse> _authenticate() {
     Future<HttpClientResponse> retryWithCredentials(_Credentials cr) {
       if (cr != null) {
@@ skipping 44 matching lines @@
       return authComplete.then((credsAvailable) {
         if (credsAvailable) {
           cr = _httpClient._findCredentials(_httpRequest.uri, scheme);
           return retryWithCredentials(cr);
         } else {
           // No credentials available, complete with original response.
           return this;
         }
       });
     }
+
     // No credentials were found and the callback was not set.
     return new Future.immediate(this);
   }
+
+  Future<HttpClientResponse> _authenticateProxy() {
+    Future<HttpClientResponse> retryWithProxyCredentials(_ProxyCredentials cr) {
+      _httpRequest.headers._mutable = true;

[Anders Johnsen, 2013/04/15 07:07:19]

Are you sure about this? Don't you want to modify the headers of the new
request? Also, event if, remember to set to false again.

[Søren Gjesse, 2013/04/15 07:42:00]

Not needed - removed.

+      cr.authorize(_httpRequest);

[Anders Johnsen, 2013/04/15 07:07:19]

This should be done automatically in _HttpClientRequest.send, right? (of the new
request).

[Søren Gjesse, 2013/04/15 07:42:00]

Good point - removed.

+      return fold(null, (x, y) {}).then((_) {
+          return _httpClient._openUrlFromRequest(_httpRequest.method,
+                                                 _httpRequest.uri,
+                                                 _httpRequest)
+              .then((request) => request.close());
+        });
+    }
+
+    List<String> challenge = headers[HttpHeaders.PROXY_AUTHENTICATE];
+    assert(challenge != null || challenge.length == 1);
+    _HeaderValue header =
+        new _HeaderValue.fromString(challenge[0], parameterSeparator: ",");
+    _AuthenticationScheme scheme =
+        new _AuthenticationScheme.fromString(header.value);
+    String realm = header.parameters["realm"];
+
+    // See if any credentials are available.
+    var proxy = _httpRequest._proxy;
+
+    var cr =  _httpClient._findProxyCredentials(proxy);
+    if (cr != null) {
+      return retryWithProxyCredentials(cr);
+    }
+
+    // Ask for more credentials if none found.
+    if (_httpClient._authenticateProxy != null) {
+      Future authComplete = _httpClient._authenticateProxy(proxy.host,
+                                                           proxy.port,
+                                                           "basic",
+                                                           realm);
+      return authComplete.then((credsAvailable) {
+        if (credsAvailable) {
+          var cr =  _httpClient._findProxyCredentials(proxy);
+          return retryWithProxyCredentials(cr);
+        } else {
+          // No credentials available, complete with original response.
+          return this;
+        }
+      });
+    }
+
+    // No credentials were found and the callback was not set.
+    return new Future.immediate(this);
+  }
 }
 
 
 abstract class _HttpOutboundMessage<T> implements IOSink {
   // Used to mark when the body should be written. This is used for HEAD
   // requests and in error handling.
   bool _ignoreBody = false;
   bool _headersWritten = false;
 
   IOSink _ioSink;
@@ skipping 367 matching lines @@
   final Uri uri;
   final List<Cookie> cookies = new List<Cookie>();
 
   // The HttpClient this request belongs to.
   final _HttpClient _httpClient;
   final _HttpClientConnection _httpClientConnection;
 
   final Completer<HttpClientResponse> _responseCompleter
       = new Completer<HttpClientResponse>();
 
-  final bool _usingProxy;
+  final _Proxy _proxy;
 
   Future<HttpClientResponse> _response;
 
   // TODO(ajohnsen): Get default value from client?
   bool _followRedirects = true;
 
   int _maxRedirects = 5;
 
   List<RedirectInfo> _responseRedirects = [];
 
   _HttpClientRequest(_HttpOutgoing outgoing,
                      Uri this.uri,
                      String this.method,
-                     bool this._usingProxy,
+                     _Proxy this._proxy,
                      _HttpClient this._httpClient,
                      _HttpClientConnection this._httpClientConnection)
       : super("1.1", outgoing) {
     // GET and HEAD have 'content-length: 0' by default.
     if (method == "GET" || method == "HEAD") {
       contentLength = 0;
     }
   }
 
   Future<HttpClientResponse> get done {
@@ skipping 37 matching lines @@
       if (response.redirects.length < maxRedirects) {
         // Redirect and drain response.
         future = response.fold(null, (x, y) {})
           .then((_) => response.redirect());
       } else {
         // End with exception, too many redirects.
         future = response.fold(null, (x, y) {})
             .then((_) => new Future.immediateError(
                 new RedirectLimitExceededException(response.redirects)));
       }
+    } else if (response._shouldAuthenticateProxy) {
+      future = response._authenticateProxy();
     } else if (response._shouldAuthenticate) {
       future = response._authenticate();
     } else {
       future = new Future<HttpClientResponse>.immediate(response);
     }
     future.then(
         (v) => _responseCompleter.complete(v),
         onError: (e) {
           _responseCompleter.completeError(e);
         });
   }
 
   void _onError(AsyncError error) {
     _responseCompleter.completeError(error);
   }
 
   void _writeHeader() {
     var buffer = new _BufferList();
     writeSP() => buffer.add(const [_CharCode.SP]);
     writeCRLF() => buffer.add(const [_CharCode.CR, _CharCode.LF]);
 
     buffer.add(method.codeUnits);
     writeSP();
     // Send the path for direct connections and the whole URL for
     // proxy connections.
-    if (!_usingProxy) {
+    if (_proxy.isDirect) {
       String path = uri.path;
       if (path.length == 0) path = "/";
       if (uri.query != "") {
         if (uri.fragment != "") {
           path = "${path}?${uri.query}#${uri.fragment}";
         } else {
           path = "${path}?${uri.query}";
         }
       }
       buffer.add(path.codeUnits);
@@ skipping 157 matching lines @@
           if (_nextResponseCompleter != null) {
             _nextResponseCompleter.completeError(error);
             _nextResponseCompleter = null;
           }
         },
         onDone: () {
           close();
         });
   }
 
-  _HttpClientRequest send(Uri uri, int port, String method, bool isDirect) {
+  _HttpClientRequest send(Uri uri, int port, String method, _Proxy proxy) {
     // Start with pausing the parser.
     _subscription.pause();
     var outgoing = new _HttpOutgoing();
     // Create new request object, wrapping the outgoing connection.
     var request = new _HttpClientRequest(outgoing,
                                          uri,
                                          method,
-                                         !isDirect,
+                                         proxy,
                                          _httpClient,
                                          this);
     request.headers.host = uri.domain;
     request.headers.port = port;
     request.headers.set(HttpHeaders.ACCEPT_ENCODING, "gzip");
+    if (proxy.isAuthenticated) {
+      // If the proxy configuration contains user information use that
+      // for proxy basic authorization.
+      String auth = CryptoUtils.bytesToBase64(
+          _encodeString("${proxy.username}:${proxy.password}"));
+      request.headers.set(HttpHeaders.PROXY_AUTHORIZATION, "Basic $auth");
+    } else if (!proxy.isDirect && _httpClient._proxyCredentials.length > 0) {
+      var cr =  _httpClient._findProxyCredentials(proxy);
+      if (cr != null) {
+        cr.authorize(request);
+      }
+    }
     if (uri.userInfo != null && !uri.userInfo.isEmpty) {
       // If the URL contains user information use that for basic
-      // authorization
+      // authorization.
       String auth =
           CryptoUtils.bytesToBase64(_encodeString(uri.userInfo));
       request.headers.set(HttpHeaders.AUTHORIZATION, "Basic $auth");
     } else {
       // Look for credentials.
       _Credentials cr = _httpClient._findCredentials(uri);
       if (cr != null) {
         cr.authorize(request);
       }
     }
@@ skipping 78 matching lines @@
 class _HttpClient implements HttpClient {
   // TODO(ajohnsen): Use eviction timeout.
   static const int DEFAULT_EVICTION_TIMEOUT = 60000;
   bool _closing = false;
 
   final Map<String, Queue<_HttpClientConnection>> _idleConnections
       = new Map<String, Queue<_HttpClientConnection>>();
   final Set<_HttpClientConnection> _activeConnections
       = new Set<_HttpClientConnection>();
   final List<_Credentials> _credentials = [];
+  final List<_ProxyCredentials> _proxyCredentials = [];
   Function _authenticate;
+  Function _authenticateProxy;
   Function _findProxy = HttpClient.findProxyFromEnvironment;
 
   Future<HttpClientRequest> open(String method,
                                  String host,
                                  int port,
                                  String path) {
     // TODO(sgjesse): The path set here can contain both query and
     // fragment. They should be cracked and set correctly.
     return _openUrl(method, new Uri.fromComponents(
         scheme: "http", domain: host, port: port, path: path));
@@ skipping 47 matching lines @@
   }
 
   set authenticate(Future<bool> f(Uri url, String scheme, String realm)) {
     _authenticate = f;
   }
 
   void addCredentials(Uri url, String realm, HttpClientCredentials cr) {
     _credentials.add(new _Credentials(url, realm, cr));
   }
 
+  set authenticateProxy(
+      Future<bool> f(String host, int port, String scheme, String realm)) {
+    _authenticateProxy = f;
+  }
+
+  void addProxyCredentials(String host,
+                           int port,
+                           String realm,
+                           HttpClientCredentials cr) {
+    _proxyCredentials.add(new _ProxyCredentials(host, port, realm, cr));
+  }
+
   set findProxy(String f(Uri uri)) => _findProxy = f;
 
   Future<HttpClientRequest> _openUrl(String method, Uri uri) {
     if (method == null) {
       throw new ArgumentError(method);
     }
     if (uri.domain.isEmpty || (uri.scheme != "http" && uri.scheme != "https")) {
       throw new ArgumentError("Unsupported scheme '${uri.scheme}' in $uri");
     }
 
@@ skipping 13 matching lines @@
         proxyConf = new _ProxyConfiguration(_findProxy(uri));
       } catch (error, stackTrace) {
         return new Future.immediateError(error, stackTrace);
       }
     }
     return _getConnection(uri.domain, port, proxyConf, isSecure)
         .then((info) {
           return info.connection.send(uri,
                                       port,
                                       method.toUpperCase(),
-                                      info.proxy.isDirect);
+                                      info.proxy);
         });
   }
 
   Future<HttpClientRequest> _openUrlFromRequest(String method,
                                                 Uri uri,
                                                 _HttpClientRequest previous) {
     return openUrl(method, uri).then((_HttpClientRequest request) {
           // Only follow redirects if initial request did.
           request.followRedirects = previous.followRedirects;
           // Allow same number of redirects.
           request.maxRedirects = previous.maxRedirects;
-          // Copy headers
+          // Copy headers.
           for (var header in previous.headers._headers.keys) {
             if (request.headers[header] == null) {
               request.headers.set(header, previous.headers[header]);
             }
           }
           request.headers.chunkedTransferEncoding = false;
           request.contentLength = 0;
           return request;
         });
   }
@@ skipping 70 matching lines @@
           if (value.applies(url, scheme)) {
             if (prev == null) return value;
             return value.uri.path.length > prev.uri.path.length ? value : prev;
           } else {
             return prev;
           }
         });
     return cr;
   }
 
+  _ProxyCredentials _findProxyCredentials(_Proxy proxy) {
+    // Look for credentials.
+    var it = _proxyCredentials.iterator;
+    while (it.moveNext()) {
+      if (it.current.applies(proxy, _AuthenticationScheme.BASIC)) {
+        return it.current;
+      }
+    }
+  }
+
   void _removeCredentials(_Credentials cr) {
     int index = _credentials.indexOf(cr);
     if (index != -1) {
       _credentials.removeAt(index);
     }
   }
 
   static String _findProxyFromEnvironment(Uri url,
                                           Map<String, String> environment) {
     checkNoProxy(String option) {
@@ skipping 271 matching lines @@
 
   _ProxyConfiguration(String configuration) : proxies = new List<_Proxy>() {
     if (configuration == null) {
       throw new HttpException("Invalid proxy configuration $configuration");
     }
     List<String> list = configuration.split(";");
     list.forEach((String proxy) {
       proxy = proxy.trim();
       if (!proxy.isEmpty) {
         if (proxy.startsWith(PROXY_PREFIX)) {
+          String username;
+          String password;
+          // Skip the "PROXY " prefix.
+          proxy = proxy.substring(PROXY_PREFIX.length).trim();
+          // Look for proxy authentication.
+          int at = proxy.indexOf("@");
+          if (at != -1) {
+            String userinfo = proxy.substring(0, at).trim();
+            proxy = proxy.substring(at + 1).trim();
+            int colon = userinfo.indexOf(":");
+            if (colon == -1 || colon == 0 || colon == proxy.length - 1) {
+              throw new HttpException(
+                  "Invalid proxy configuration $configuration");
+            }
+            username = userinfo.substring(0, colon).trim();
+            password = userinfo.substring(colon + 1).trim();
+          }
+          // Look for proxy host and port.
           int colon = proxy.indexOf(":");
           if (colon == -1 || colon == 0 || colon == proxy.length - 1) {
             throw new HttpException(
                 "Invalid proxy configuration $configuration");
           }
-          // Skip the "PROXY " prefix.
-          String host = proxy.substring(PROXY_PREFIX.length, colon).trim();
+          String host = proxy.substring(0, colon).trim();
           String portString = proxy.substring(colon + 1).trim();
           int port;
           try {
             port = int.parse(portString);
           } on FormatException catch (e) {
             throw new HttpException(
                 "Invalid proxy configuration $configuration, "
                 "invalid port '$portString'");
           }
-          proxies.add(new _Proxy(host, port));
+          proxies.add(new _Proxy(host, port, username, password));
         } else if (proxy.trim() == DIRECT_PREFIX) {
           proxies.add(new _Proxy.direct());
         } else {
           throw new HttpException("Invalid proxy configuration $configuration");
         }
       }
     });
   }
 
   const _ProxyConfiguration.direct()
       : proxies = const [const _Proxy.direct()];
 
   final List<_Proxy> proxies;
 }
 
 
 class _Proxy {
-  const _Proxy(this.host, this.port) : isDirect = false;
-  const _Proxy.direct() : host = null, port = null, isDirect = true;
+  const _Proxy(
+      this.host, this.port, this.username, this.password) : isDirect = false;
+  const _Proxy.direct() : host = null, port = null,
+                          username = null, password = null, isDirect = true;
+
+  bool get isAuthenticated => username != null;
 
   final String host;
   final int port;
+  final String username;
+  final String password;
   final bool isDirect;
 }
 
 
 class _HttpConnectionInfo implements HttpConnectionInfo {
   static _HttpConnectionInfo create(Socket socket) {
     if (socket == null) return null;
     try {
       _HttpConnectionInfo info = new _HttpConnectionInfo._();
       info.remoteHost = socket.remoteHost;
@@ skipping 126 matching lines @@
   String realm;
   _HttpClientCredentials credentials;
 
   // Digest specific fields.
   String nonce;
   String algorithm;
   String qop;
 }
 
 
+class _ProxyCredentials {
+  _ProxyCredentials(this.host, this.port, this.realm, this.credentials);
+
+  _AuthenticationScheme get scheme => credentials.scheme;
+
+  bool applies(_Proxy proxy, _AuthenticationScheme scheme) {
+    return proxy.host == host && proxy.port == port;
+  }
+
+  void authorize(HttpClientRequest request) {
+    credentials.authorizeProxy(this, request);
+  }
+
+  String host;
+  int port;
+  String realm;
+  _HttpClientCredentials credentials;
+}
+
+
 abstract class _HttpClientCredentials implements HttpClientCredentials {
   _AuthenticationScheme get scheme;
   void authorize(_Credentials credentials, HttpClientRequest request);
 }
 
 
 class _HttpClientBasicCredentials
     extends _HttpClientCredentials
     implements HttpClientBasicCredentials {
   _HttpClientBasicCredentials(this.username,
                               this.password);
 
   _AuthenticationScheme get scheme => _AuthenticationScheme.BASIC;
 
-  void authorize(_Credentials _, HttpClientRequest request) {
+  String authorization() {
     // There is no mentioning of username/password encoding in RFC
     // 2617. However there is an open draft for adding an additional
     // accept-charset parameter to the WWW-Authenticate and
     // Proxy-Authenticate headers, see
     // http://tools.ietf.org/html/draft-reschke-basicauth-enc-06. For
     // now always use UTF-8 encoding.
     String auth =
         CryptoUtils.bytesToBase64(_encodeString("$username:$password"));
-    request.headers.set(HttpHeaders.AUTHORIZATION, "Basic $auth");
+    return "Basic $auth";
+  }
+
+  void authorize(_Credentials _, HttpClientRequest request) {
+    request.headers.set(HttpHeaders.AUTHORIZATION, authorization());
+  }
+
+  void authorizeProxy(_ProxyCredentials _, HttpClientRequest request) {
+    request.headers.set(HttpHeaders.PROXY_AUTHORIZATION, authorization());
   }
 
   String username;
   String password;
 }
 
 
 class _HttpClientDigestCredentials
     extends _HttpClientCredentials
     implements HttpClientDigestCredentials {
   _HttpClientDigestCredentials(this.username,
                                this.password);
 
   _AuthenticationScheme get scheme => _AuthenticationScheme.DIGEST;
 
   void authorize(_Credentials credentials, HttpClientRequest request) {
     // TODO(sgjesse): Implement!!!
     throw new UnsupportedError("Digest authentication not yet supported");
   }
 
+  void authorizeProxy(_Credentials credentials, HttpClientRequest request) {
+    // TODO(sgjesse): Implement!!!
+    throw new UnsupportedError("Digest authentication not yet supported");
+  }
+
   String username;
   String password;
 }
 
 
 class _RedirectInfo implements RedirectInfo {
   const _RedirectInfo(int this.statusCode,
                       String this.method,
                       Uri this.location);
   final int statusCode;
   final String method;
   final Uri location;
 }