From 75e3abfc29540663f9d988b902bd26896009985c Mon Sep 17 00:00:00 2001 From: Lenain Date: Wed, 8 Mar 2023 22:26:50 +0100 Subject: [PATCH 1/3] Fix extra credentials addition --- .../http_request/auth/CredentialBasicAuthentication.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/java/jenkins/plugins/http_request/auth/CredentialBasicAuthentication.java b/src/main/java/jenkins/plugins/http_request/auth/CredentialBasicAuthentication.java index 0f02b3ab..ea717c22 100644 --- a/src/main/java/jenkins/plugins/http_request/auth/CredentialBasicAuthentication.java +++ b/src/main/java/jenkins/plugins/http_request/auth/CredentialBasicAuthentication.java @@ -37,7 +37,7 @@ public void addCredentials(HttpHost host, StandardUsernamePasswordCredentials cr if (host == null || credentials == null) { throw new IllegalArgumentException("Null target host or credentials"); } - extraCredentials.put(host, credential); + extraCredentials.put(host, credentials); } @Override From 97af838b15ca275192ec917058b781c5d8044f9b Mon Sep 17 00:00:00 2001 From: Lenain Date: Wed, 8 Mar 2023 22:32:36 +0100 Subject: [PATCH 2/3] Avoid preemptive authentication toward proxy host --- .../http_request/HttpRequestExecution.java | 4 +- .../http_request/auth/Authenticator.java | 3 +- .../auth/BasicDigestAuthentication.java | 5 ++- .../auth/CertificateAuthentication.java | 2 + .../auth/CredentialBasicAuthentication.java | 40 ++++++++++++++----- .../auth/CredentialNtlmAuthentication.java | 3 +- .../http_request/auth/FormAuthentication.java | 3 +- 7 files changed, 42 insertions(+), 18 deletions(-) diff --git a/src/main/java/jenkins/plugins/http_request/HttpRequestExecution.java b/src/main/java/jenkins/plugins/http_request/HttpRequestExecution.java index f6c14be3..94f6c3f1 100644 --- a/src/main/java/jenkins/plugins/http_request/HttpRequestExecution.java +++ b/src/main/java/jenkins/plugins/http_request/HttpRequestExecution.java @@ -424,7 +424,7 @@ private CloseableHttpClient auth( ((CredentialBasicAuthentication) authenticator).addCredentials(httpProxy, proxyCredentials); } else { new CredentialBasicAuthentication(proxyCredentials) - .prepare(clientBuilder, context, httpProxy); + .prepare(clientBuilder, context, httpProxy, httpProxy); } } @@ -433,7 +433,7 @@ private CloseableHttpClient auth( } logger().println("Using authentication: " + authenticator.getKeyName()); - return authenticator.authenticate(clientBuilder, context, httpRequestBase, logger()); + return authenticator.authenticate(clientBuilder, context, httpRequestBase, httpProxy, logger()); } private ResponseContentSupplier executeRequest( diff --git a/src/main/java/jenkins/plugins/http_request/auth/Authenticator.java b/src/main/java/jenkins/plugins/http_request/auth/Authenticator.java index 9dcee6bb..c0f4b280 100644 --- a/src/main/java/jenkins/plugins/http_request/auth/Authenticator.java +++ b/src/main/java/jenkins/plugins/http_request/auth/Authenticator.java @@ -4,6 +4,7 @@ import java.io.PrintStream; import java.io.Serializable; +import org.apache.http.HttpHost; import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; @@ -17,5 +18,5 @@ public interface Authenticator extends Serializable { String getKeyName(); CloseableHttpClient authenticate(HttpClientBuilder clientBuilder, HttpContext context, HttpRequestBase requestBase, - PrintStream logger) throws IOException, InterruptedException; + HttpHost proxyHost, PrintStream logger) throws IOException, InterruptedException; } diff --git a/src/main/java/jenkins/plugins/http_request/auth/BasicDigestAuthentication.java b/src/main/java/jenkins/plugins/http_request/auth/BasicDigestAuthentication.java index b0ee1185..c69e0849 100644 --- a/src/main/java/jenkins/plugins/http_request/auth/BasicDigestAuthentication.java +++ b/src/main/java/jenkins/plugins/http_request/auth/BasicDigestAuthentication.java @@ -2,6 +2,7 @@ import java.io.PrintStream; +import org.apache.http.HttpHost; import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.client.utils.URIUtils; import org.apache.http.impl.client.CloseableHttpClient; @@ -53,8 +54,8 @@ public String getPassword() { @Override public CloseableHttpClient authenticate(HttpClientBuilder clientBuilder, HttpContext context, - HttpRequestBase requestBase, PrintStream logger) { - CredentialBasicAuthentication.auth(clientBuilder, context, URIUtils.extractHost(requestBase.getURI()), userName, password); + HttpRequestBase requestBase, HttpHost proxyHost, PrintStream logger) { + CredentialBasicAuthentication.auth(clientBuilder, context, URIUtils.extractHost(requestBase.getURI()), proxyHost, userName, password); return clientBuilder.build(); } diff --git a/src/main/java/jenkins/plugins/http_request/auth/CertificateAuthentication.java b/src/main/java/jenkins/plugins/http_request/auth/CertificateAuthentication.java index 54d44a57..e4fa328f 100644 --- a/src/main/java/jenkins/plugins/http_request/auth/CertificateAuthentication.java +++ b/src/main/java/jenkins/plugins/http_request/auth/CertificateAuthentication.java @@ -3,6 +3,7 @@ import java.io.IOException; import java.io.PrintStream; +import org.apache.http.HttpHost; import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; @@ -28,6 +29,7 @@ public String getKeyName() { public CloseableHttpClient authenticate(HttpClientBuilder clientBuilder, HttpContext context, HttpRequestBase requestBase, + HttpHost proxyHost, PrintStream logger) throws IOException { try { clientBuilder.setSSLContext( diff --git a/src/main/java/jenkins/plugins/http_request/auth/CredentialBasicAuthentication.java b/src/main/java/jenkins/plugins/http_request/auth/CredentialBasicAuthentication.java index ea717c22..15ae1eeb 100644 --- a/src/main/java/jenkins/plugins/http_request/auth/CredentialBasicAuthentication.java +++ b/src/main/java/jenkins/plugins/http_request/auth/CredentialBasicAuthentication.java @@ -46,33 +46,42 @@ public String getKeyName() { } @Override - public CloseableHttpClient authenticate(HttpClientBuilder clientBuilder, HttpContext context, HttpRequestBase requestBase, PrintStream logger) { - prepare(clientBuilder, context, requestBase); + public CloseableHttpClient authenticate(HttpClientBuilder clientBuilder, HttpContext context, HttpRequestBase requestBase, HttpHost proxyHost, PrintStream logger) { + prepare(clientBuilder, context, requestBase, proxyHost); return clientBuilder.build(); } - public void prepare(HttpClientBuilder clientBuilder, HttpContext context, HttpRequestBase requestBase) { - prepare(clientBuilder, context, URIUtils.extractHost(requestBase.getURI())); + public void prepare(HttpClientBuilder clientBuilder, HttpContext context, HttpRequestBase requestBase, HttpHost proxyHost) { + prepare(clientBuilder, context, URIUtils.extractHost(requestBase.getURI()), proxyHost); } - public void prepare(HttpClientBuilder clientBuilder, HttpContext context, HttpHost targetHost) { - auth(clientBuilder, context, targetHost, + public void prepare(HttpClientBuilder clientBuilder, HttpContext context, HttpHost targetHost, HttpHost proxyHost) { + auth(clientBuilder, context, targetHost, proxyHost, credential.getUsername(), credential.getPassword().getPlainText(), extraCredentials); } - static void auth(HttpClientBuilder clientBuilder, HttpContext context, HttpHost targetHost, + static void auth(HttpClientBuilder clientBuilder, HttpContext context, HttpHost targetHost, HttpHost proxyHost, String username, String password) { - auth(clientBuilder, context, targetHost, username, password, null); + auth(clientBuilder, context, targetHost, proxyHost, username, password, null); } - static void auth(HttpClientBuilder clientBuilder, HttpContext context, HttpHost targetHost, + static void auth(HttpClientBuilder clientBuilder, HttpContext context, HttpHost targetHost, HttpHost proxyHost, String username, String password, Map extraCreds) { CredentialsProvider provider = new BasicCredentialsProvider(); AuthCache authCache = new BasicAuthCache(); provider.setCredentials(new AuthScope(targetHost.getHostName(), targetHost.getPort()), new org.apache.http.auth.UsernamePasswordCredentials(username, password)); - authCache.put(targetHost, new BasicScheme()); + + if (proxyHost != null) { + // Do not preempt authentication if target is the proxy + if (!targetHost.getHostName().equals(proxyHost.getHostName()) || + (targetHost.getPort() != (proxyHost.getPort()))) { + authCache.put(targetHost, new BasicScheme()); + } + } else { + authCache.put(targetHost, new BasicScheme()); + } if (extraCreds != null && !extraCreds.isEmpty()) { for (Map.Entry creds : extraCreds.entrySet()) { @@ -83,7 +92,16 @@ static void auth(HttpClientBuilder clientBuilder, HttpContext context, HttpHost creds.getValue().getPassword().getPlainText() ) ); - authCache.put(creds.getKey(), new BasicScheme()); + + if (proxyHost != null) { + // Do not preempt authentication if target is the proxy + if (!creds.getKey().getHostName().equals(proxyHost.getHostName()) || + (creds.getKey().getPort() != (proxyHost.getPort()))) { + authCache.put(targetHost, new BasicScheme()); + } + } else { + authCache.put(targetHost, new BasicScheme()); + } } } diff --git a/src/main/java/jenkins/plugins/http_request/auth/CredentialNtlmAuthentication.java b/src/main/java/jenkins/plugins/http_request/auth/CredentialNtlmAuthentication.java index a9ea3955..0d3e3fd1 100644 --- a/src/main/java/jenkins/plugins/http_request/auth/CredentialNtlmAuthentication.java +++ b/src/main/java/jenkins/plugins/http_request/auth/CredentialNtlmAuthentication.java @@ -2,6 +2,7 @@ import java.io.PrintStream; +import org.apache.http.HttpHost; import org.apache.http.auth.AuthScope; import org.apache.http.auth.NTCredentials; import org.apache.http.client.CredentialsProvider; @@ -50,7 +51,7 @@ public String getKeyName() { } @Override - public CloseableHttpClient authenticate(HttpClientBuilder clientBuilder, HttpContext context, HttpRequestBase requestBase, PrintStream logger) { + public CloseableHttpClient authenticate(HttpClientBuilder clientBuilder, HttpContext context, HttpRequestBase requestBase, HttpHost proxyHost, PrintStream logger) { return auth(clientBuilder, context, requestBase, username, credential.getPassword().getPlainText(), domain); } diff --git a/src/main/java/jenkins/plugins/http_request/auth/FormAuthentication.java b/src/main/java/jenkins/plugins/http_request/auth/FormAuthentication.java index 15b4266a..ba35e1f4 100644 --- a/src/main/java/jenkins/plugins/http_request/auth/FormAuthentication.java +++ b/src/main/java/jenkins/plugins/http_request/auth/FormAuthentication.java @@ -6,6 +6,7 @@ import java.util.Collections; import java.util.List; +import org.apache.http.HttpHost; import org.apache.http.HttpResponse; import org.apache.http.client.methods.HttpRequestBase; import org.apache.http.impl.client.CloseableHttpClient; @@ -50,7 +51,7 @@ public List getActions() { @Override public CloseableHttpClient authenticate(HttpClientBuilder clientBuilder, HttpContext context, - HttpRequestBase requestBase, PrintStream logger) throws IOException { + HttpRequestBase requestBase, HttpHost proxyHost, PrintStream logger) throws IOException { CloseableHttpClient client = clientBuilder.build(); final HttpClientUtil clientUtil = new HttpClientUtil(); for (RequestAction requestAction : actions) { From 4ca1abfcee37c2797c5f6850a562edaff8b6bda6 Mon Sep 17 00:00:00 2001 From: Lenain Date: Wed, 8 Mar 2023 22:49:59 +0100 Subject: [PATCH 3/3] Fix proxy authentication usage documentation --- README.adoc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/README.adoc b/README.adoc index 6889a40f..19fdb404 100644 --- a/README.adoc +++ b/README.adoc @@ -187,7 +187,7 @@ You can send a request with http proxy authenticate [source,groovy] ---- -def response = httpRequest httpProxy-authenticate: Basic, 'http://proxy.local', +def response = httpRequest httpProxy: 'http://proxy.local', proxyAuthentication: 'my-jenkins-credential-id', responseHandle: 'NONE', url: 'https://api.github.com/orgs/${orgName}' ---- @@ -250,7 +250,7 @@ You can use a Jenkins credential to authenticate the request [source,groovy] ---- -def response = httpRequest authenticate: 'my-jenkins-credential-id', +def response = httpRequest authentication: 'my-jenkins-credential-id', url: 'https://api.github.com/user/jenkinsci' ----