Authentication fails if the site being accessed during proxy setup is HTTPS and digest authentication is used.

Question

Authentication fails if the site being accessed during proxy setup is HTTPS and digest authentication is used.

raise-isayan opened this issue 2 years ago · 4 comments

This seems to be a problem with the following code

https://github.com/rburgst/okhttp-digest/blob/master/src/main/java/com/burgstaller/okhttp/digest/DigestAuthenticator.java

// Add method name and request-URI to the parameter map
if (route == null || !route.requiresTunnel()) {
final String method = request.method();
final String uri = this.requestPath(request.url());
parameters.put("methodname", method);
parameters.put("uri", uri);
} else {
///***
/// Route when the site accessed by Proxy is HTTPS and uses Digest authentication.
///***
final String method = "CONNECT";
final String uri = request.url().host() + ':' + request.url().port();
parameters.put("methodname", method);
parameters.put("uri", uri);
}

Answer 1 · 2023-03-10T13:41:19.000Z

// Problematic test cases
private void testBugProxyAuthRequest() {
    final DigestAuthenticator authenticator = new DigestAuthenticator(new Credentials("username", "pass"));
    SocketAddress addr = new InetSocketAddress("127.0.0.1", 8888);
    Proxy proxy = new Proxy(Proxy.Type.HTTP, addr);

    final Map<String, CachingAuthenticator> authCache = new ConcurrentHashMap<>();
    final OkHttpClient client = new OkHttpClient.Builder()
            .authenticator(new CachingAuthenticatorDecorator(authenticator, authCache))
            .addInterceptor(new AuthenticationCacheInterceptor(authCache))
            .proxy(proxy)
            .build();
    Request request = new Request.Builder()
            .url("https://www.example.com/DigestAuth/") 
            .get()
            .build();
    Response response = client.newCall(request).execute();
}

Answer 2 · 2023-03-11T19:47:59.000Z

can you explain a bit more what you think the problem is and how it can be reproduced? which proxy are you using?

Answer 3 · 2023-03-13T07:57:42.000Z

[issue]:
Digest authentication through proxy fails

[conditions]:
All conditions are required
- Use a proxy // ex) Proxy destination is 127.0.0.1:8080
- Access the digest-authenticated URL // ex) https://www.example.com/DigestAuth/
- protocol is HTTPS only

[Test case code]:
See previous post code

[cause]:
Incorrect hash calculation for Digest authentication.

This is because an incorrect value is calculated in the DigestAuthenticator class.

The test case code would have the following values

a2= "CONNECT:www.example.com:443"

expected value

a2= "GET:/DigestAuth/"

Answer 4 · 2023-03-14T07:53:01.000Z

ok, I can reproduce it with https://httpbin.org/digest-auth/auth/okhttp_basic/test and charlesproxy