Authentication fails if the site being accessed during proxy setup is HTTPS and digest authentication is used.
raise-isayan opened this issue · 4 comments
This seems to be a problem with the following code
// Add method name and request-URI to the parameter map
if (route == null || !route.requiresTunnel()) {
final String method = request.method();
final String uri = this.requestPath(request.url());
parameters.put("methodname", method);
parameters.put("uri", uri);
} else {
///***
/// Route when the site accessed by Proxy is HTTPS and uses Digest authentication.
///***
final String method = "CONNECT";
final String uri = request.url().host() + ':' + request.url().port();
parameters.put("methodname", method);
parameters.put("uri", uri);
}
// Problematic test cases
private void testBugProxyAuthRequest() {
final DigestAuthenticator authenticator = new DigestAuthenticator(new Credentials("username", "pass"));
SocketAddress addr = new InetSocketAddress("127.0.0.1", 8888);
Proxy proxy = new Proxy(Proxy.Type.HTTP, addr);
final Map<String, CachingAuthenticator> authCache = new ConcurrentHashMap<>();
final OkHttpClient client = new OkHttpClient.Builder()
.authenticator(new CachingAuthenticatorDecorator(authenticator, authCache))
.addInterceptor(new AuthenticationCacheInterceptor(authCache))
.proxy(proxy)
.build();
Request request = new Request.Builder()
.url("https://www.example.com/DigestAuth/")
.get()
.build();
Response response = client.newCall(request).execute();
}
can you explain a bit more what you think the problem is and how it can be reproduced? which proxy are you using?
[issue]:
Digest authentication through proxy fails
[conditions]:
All conditions are required
- Use a proxy // ex) Proxy destination is 127.0.0.1:8080
- Access the digest-authenticated URL // ex) https://www.example.com/DigestAuth/
- protocol is HTTPS only
[Test case code]:
See previous post code
[cause]:
Incorrect hash calculation for Digest authentication.
This is because an incorrect value is calculated in the DigestAuthenticator class.
The test case code would have the following values
a2= "CONNECT:www.example.com:443"
expected value
a2= "GET:/DigestAuth/"
ok, I can reproduce it with https://httpbin.org/digest-auth/auth/okhttp_basic/test and charlesproxy