Name: stC104175 Date: 03/22/2000


Classic VM (build JDK-1.2.1, green threads, mipsjit)


I am trying to make a secure https connection through my company's proxy. The
proxy requires a name:password authorization. I have modified your sample
URLReaderWith Options.java from the JSSE to set a "Proxy-Authorization:" header.

The exception that comes back when attempting to connect through the proxy is
from the proxy "402 Authorization Required".

I believe that when HttpsURLConnection.connect() issues the CONNECT GET <URL> to
the proxy initially it must also send a header to read "Proxy-Authorization:
<encoded name:password>". This doesn't seem to be sent, and I can't see any
option to set the authorization string.

I added these lines to the sample code URLReaderWithOptions:

  
     BASE64Encoder b64Encoder = new BASE64Encoder();

     StringBuffer authStringb = new StringBuffer( "Basic " );
     authStringb.append( b64Encoder.encodeBuffer( "500922:sugartree".getBytes()
) );
     String authString = authStringb.toString();

     // Somehow authString acquires an extra '\n' so chop it off
     authString = authString.substring( 0, authString.length() - 1 );

     conn.setRequestProperty( "Proxy-Authorization", authString );

When I run the program I get:

USAGE: java URLReaderWithOptions [-h proxyhost -p proxyport] [-k
protocolhandlerpkgs] [-c ciphersarray]
d: -h
h: www-proxy.sabre.com
d: -p
p: 80
d: -k
k: com.sun.net.ssl.internal.www.protocol

Exception in thread "main" java.io.IOException: Unable to tunnel through
www-proxy.sabre.com:80. Proxy return
s "HTTP/1.0 407 Proxy authorization required"
        at
com.sun.net.ssl.internal.www.https.HttpsClient.a([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.https.HttpsClient.doConnect([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.NetworkClient.openServer([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.https.HttpClient.d([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.https.HttpClient.&lt;init&gt;([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.https.HttpsClient.&lt;init&gt;([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.https.HttpsClient.New([DashoPro-V1.2-120198])
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.connect([DashoPro
-V1.2-120198])
        at
com.sun.net.ssl.internal.www.protocol.https.HttpsURLConnection.getInputStream([D
ashoPro-V1.2-120198
])
        at URLReaderWithOptions.main(URLReaderWithOptions.java:96)

Testing shows that the following is sent to the Proxy:

CONNECT www.verisign.com:443 HTTP/1.0
  User-Agent: Java1.2.1

I believe this should also contain:
Proxy-Authorization: <authString>
(Review ID: 102231)
======================================================================

Name: krC82822 Date: 02/06/2001


java version "1.3.0rc3"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0rc3-Z)
Java HotSpot(TM) Client VM (build 1.3.0rc3-Z, mixed mode)


1. Set up a proxy server that requires authentication and try running the demo
program SSLSocketClientWithTunneling provided in samples/sockets/client

You will get
java.io.IOException: Unable to tunnel through <proxyIP:port>. Proxy return
s "HTTP/1.0 407 Proxy Authentication Required"
        at SSLSocketClientWithTunneling.doTunnelHandshake(SSLSocketClientWithTun
neling.java:148)
        at SSLSocketClientWithTunneling.doIt(SSLSocketClientWithTunneling.java:4
7)
        at SSLSocketClientWithTunneling.main(SSLSocketClientWithTunneling.java:3
4)

2. Bug in the source code in
com/sun/net/ssl/internal/www/protocol/https/HttpsClient.java
line 128 (in the decompiled version)

        String s1 = "CONNECT " + s + ":" + j + " HTTP/1.0\n" + "User-Agent: " +
HttpURLConnection.userAgent + "\r\n\r\n";


line: 172
        if(!s2.startsWith("HTTP/1.0 200"))
            throw new IOException("Unable to tunnel through " + g + ":" + h
+ ". Proxy returns \"" + s2 + "\"");

3.
java.io.IOException: Unable to tunnel through <Proxyhost:proxyport>. Proxy
return
s "HTTP/1.0 407 Proxy Authentication Required"
        at SSLSocketClientWithTunneling.doTunnelHandshake(SSLSocketClientWithTun
neling.java:148)
        at SSLSocketClientWithTunneling.doIt(SSLSocketClientWithTunneling.java:4
7)
        at SSLSocketClientWithTunneling.main(SSLSocketClientWithTunneling.java:3
(Review ID: 109110)
======================================================================

Name: krC82822 Date: 03/23/2001


java version "1.3.0"
Java(TM) 2 Runtime Environment, Standard Edition (build 1.3.0-C)
Java HotSpot(TM) Client VM (build 1.3.0-C, mixed mode)


I have made changes to the sample URLReaderWithOptions.java code
to get through our firewall/proxy server. It requires a userid:password.
I have set this up using BASE64encode, and have gotten it to work
with http://www.sun.com. The problem is that it does not work
when connecting to https://www.sun.com. Whenever I try to connect
to any secure site, it doesn't work. The response from my firewall
is an error 407 Proxy Authentication Required. The following is a
snippet from the sample code as I have changed it.


HttpsURLConnection con = (HttpsURLConnection) url.openConnection();
con.setRequestProperty("Proxy-Authorization", "Basic " + auth);


I put an IP sniffer on my machine, and I can see that the
Proxy-Authorization token/parameter is NOT being sent when
attempting connection to an https site. In this vein, I tried
adding another setRequestProperty(), and did not see this
token being passed, either.

I don't think its a fundamental problem with JSSE, as I was
able to change the SSLSocketClientWithTunneling.java sample
and make it work. All I had to do was add the appropriate
"Proxy-Authorization:" token to the "CONNECT" statement in the
doTunnelHandshake method.
(Review ID: 119406)
======================================================================