Proxy Digest Authentication about okhttp-digest HOT 11 CLOSED

Sorry, I don't really have experience nor the means to test proxy authentication. The basic authenticator is quite a straight port of Apache HttpClient. You might want to take a look at https://github.com/apache/httpclient/blob/4.3.x/httpclient/src/main/java/org/apache/http/impl/auth/DigestScheme.java and see if you can make it work.

from okhttp-digest.

I use Squid to test it

from okhttp-digest.

The issue is with HTTPS, the method name is CONNECT instead of the method from the request to the final server. So I changed in DigestAuthenticator.authenticateWithState() :

        final String method = request.method();
        final String uri = request.url().toString();
        getParameters().put("methodname", method);

with

        final String method = request.method();
        final String uri = request.url().toString();
        if(isProxy() && "https".equals(request.url().scheme()))
            getParameters().put("methodname", "CONNECT");
        else
            getParameters().put("methodname", method);

from okhttp-digest.

I am not sure this solution is the correct one. If you check The before mentioned apache HC you see that its sending a different authorization header (Proxy-Authorization instead of Authorization).

See https://github.com/apache/httpclient/blob/4.3.x/httpclient/src/main/java/org/apache/http/impl/auth/DigestScheme.java#L396
and https://github.com/apache/httpclient/blob/4.3.x/httpclient/src/main/java/org/apache/http/auth/AUTH.java

The fact that your approach works in your specific case is good but it doesn't make me feel confident that it would work in all situations.

from okhttp-digest.

Yes, you have also to change the authorization header, it's what I tried to describe in my first post in the thread

from okhttp-digest.

I agree, in https://github.com/rburgst/okhttp-digest/blob/master/src/main/java/com/burgstaller/okhttp/digest/DigestAuthenticator.java findDigestHeader(Headers headers) should look for more than just the header WWW-Authenticate. For proxies you should be looking for the header Proxy-Authenticate.

from okhttp-digest.

I checked in a couple of changes that might improve the situation, can someone test if this is enough?

from okhttp-digest.

I faced this issue over HTTP tunnel today from latest master branch code and unfortunately not works.
The root cause is same as @mopsop mentioned for the HTTP method.
Besides, the uri should be host:port.

Following POC is from my fix (but not for okhttp-digest as authenticateWithState don't pass Route)

    if (route.requiresTunnel()) {
      method = "CONNECT";
      uri = request.url().host() + ':' + request.url().port();
    } else {
      method = request.method();
      uri = request.url().uri().getPath();
    }

from okhttp-digest.

Without a setup to test this is very hard for me to fix. @Kudo or @mopsop can you provide a test server + account so I can try? Sample code would obviously help tremendously.

from okhttp-digest.

I have added the route to authenticateWithState, @Kudo can you give it a try to see whether you can make it work?

from okhttp-digest.

@rburgst Thanks for passing route to authenticateWithState() and it did works after #27 changes.
For test proxy server, please let me email you privately.

from okhttp-digest.