HTTPCLIENT-2261 - Enable HTTP/2 CONNECT tunneling for HTTP/2 clients through HTTP/2 proxies

Wire HTTP/2 tunnel establishment into InternalH2ConnPool for tunneled routes by using H2OverH2TunnelSupport to convert an existing proxy HTTP/2 connection into a stream-backed tunnel session

Author: arturobernalg

httpclient5/src/main/java/org/apache/hc/client5/http/async/AsyncExecRuntime.java

@@ -175,6 +175,18 @@ Cancellable execute(
      */
     void markConnectionNonReusable();
 
+    /**
+     * Returns the route that has already been established by the connection pool,
+     * or {@code null} if route completion is not handled at the pool level.
+     *
+     * @return the established route, or {@code null}.
+     *
+     * @since 5.7
+     */
+    default HttpRoute getEstablishedRoute() {
+        return null;
+    }
+
     /**
      * Forks this runtime for parallel execution.
      *

httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/AsyncConnectExec.java

@@ -46,7 +46,6 @@
 import org.apache.hc.client5.http.auth.AuthenticationException;
 import org.apache.hc.client5.http.auth.ChallengeType;
 import org.apache.hc.client5.http.auth.MalformedChallengeException;
-import org.apache.hc.client5.http.config.RequestConfig;
 import org.apache.hc.client5.http.impl.auth.AuthCacheKeeper;
 import org.apache.hc.client5.http.impl.auth.AuthenticationHandler;
 import org.apache.hc.client5.http.impl.routing.BasicRouteDirector;
@@ -250,6 +249,15 @@ public void cancelled() {
                     public void completed(final AsyncExecRuntime execRuntime) {
                         final HttpHost proxy = route.getProxyHost();
                         tracker.connectProxy(proxy, route.isSecure() && !route.isTunnelled());
+                        if (route.isTunnelled() && execRuntime.getEstablishedRoute() != null) {
+                            if (LOG.isDebugEnabled()) {
+                                LOG.debug("{} tunnel to target already established by connection pool", exchangeId);
+                            }
+                            tracker.tunnelTarget(false);
+                            if (route.isLayered()) {
+                                tracker.layerProtocol(route.isSecure());
+                            }
+                        }
                         if (LOG.isDebugEnabled()) {
                             LOG.debug("{} connected to proxy", exchangeId);
                         }
@@ -519,31 +527,8 @@ private boolean needAuthentication(
             final HttpHost proxy,
             final HttpResponse response,
             final HttpClientContext context) throws AuthenticationException, MalformedChallengeException {
-        final RequestConfig config = context.getRequestConfigOrDefault();
-        if (config.isAuthenticationEnabled()) {
-            final boolean proxyAuthRequested = authenticator.isChallenged(proxy, ChallengeType.PROXY, response, proxyAuthExchange, context);
-            final boolean proxyMutualAuthRequired = authenticator.isChallengeExpected(proxyAuthExchange);
-
-            if (authCacheKeeper != null) {
-                if (proxyAuthRequested) {
-                    authCacheKeeper.updateOnChallenge(proxy, null, proxyAuthExchange, context);
-                } else {
-                    authCacheKeeper.updateOnNoChallenge(proxy, null, proxyAuthExchange, context);
-                }
-            }
-
-            if (proxyAuthRequested || proxyMutualAuthRequired) {
-                final boolean updated = authenticator.handleResponse(proxy, ChallengeType.PROXY, response,
-                        proxyAuthStrategy, proxyAuthExchange, context);
-
-                if (authCacheKeeper != null) {
-                    authCacheKeeper.updateOnResponse(proxy, null, proxyAuthExchange, context);
-                }
-
-                return updated;
-            }
-        }
-        return false;
+        return authenticator.needProxyAuthentication(
+                proxyAuthExchange, proxy, response, proxyAuthStrategy, authCacheKeeper, context);
     }
 
     private void proceedConnected(

httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/H2AsyncClientBuilder.java

@@ -840,9 +840,12 @@ public CloseableHttpAsyncClient build() {
                 new H2AsyncMainClientExec(httpProcessor),
                 ChainElement.MAIN_TRANSPORT.name());
 
+        final HttpProcessor proxyConnectHttpProcessor =
+                new DefaultHttpProcessor(new RequestTargetHost(), new RequestUserAgent(userAgentCopy));
+
         execChainDefinition.addFirst(
                 new AsyncConnectExec(
-                        new DefaultHttpProcessor(new RequestTargetHost(), new RequestUserAgent(userAgentCopy)),
+                        proxyConnectHttpProcessor,
                         proxyAuthStrategyCopy,
                         schemePortResolver != null ? schemePortResolver : DefaultSchemePortResolver.INSTANCE,
                         authCachingDisabled),
@@ -971,7 +974,21 @@ public CloseableHttpAsyncClient build() {
         }
 
         final MultihomeConnectionInitiator connectionInitiator = new MultihomeConnectionInitiator(ioReactor, dnsResolver);
-        final InternalH2ConnPool connPool = new InternalH2ConnPool(connectionInitiator, host -> null, tlsStrategyCopy);
+        final H2RouteOperator routeOperator = new H2RouteOperator(
+                tlsStrategyCopy,
+                new H2TunnelProtocolStarter(h2Config, charCodingConfig),
+                proxyConnectHttpProcessor,
+                proxyAuthStrategyCopy,
+                schemePortResolver != null ? schemePortResolver : DefaultSchemePortResolver.INSTANCE,
+                authCachingDisabled,
+                authSchemeRegistryCopy,
+                credentialsProviderCopy,
+                defaultRequestConfig);
+        final InternalH2ConnPool connPool = new InternalH2ConnPool(
+                connectionInitiator,
+                host -> null,
+                tlsStrategyCopy,
+                routeOperator);
         connPool.setConnectionConfigResolver(connectionConfigResolver);
 
         List<Closeable> closeablesCopy = closeables != null ? new ArrayList<>(closeables) : null;