Merge pull request #1136 from quickfix-j/copilot/add-unit-test-for-error-code-407

chrjohn · web-flow · commit c4f074fc03cb · 2026-02-13T13:11:22.000+01:00
Add `Proxy-Authorization` header for HTTP proxy `Basic` authentication
diff --git a/quickfixj-core/src/main/java/quickfix/mina/ProtocolFactory.java b/quickfixj-core/src/main/java/quickfix/mina/ProtocolFactory.java
@@ -21,7 +21,12 @@
 
 import java.net.InetSocketAddress;
 import java.net.SocketAddress;
+import java.nio.charset.StandardCharsets;
+import java.util.Base64;
+import java.util.Collections;
 import java.util.HashMap;
+import java.util.List;
+import java.util.Map;
 
 
 import org.apache.mina.core.service.IoAcceptor;
@@ -52,6 +57,8 @@ public class ProtocolFactory {
 
     public final static int SOCKET = 0;
     public final static int VM_PIPE = 1;
+    
+    public final static String PROXY_AUTHORIZATION_HEADER = "Proxy-Authorization";
 
     public static String getTypeString(int type) {
         switch (type) {
@@ -155,12 +162,26 @@ private static ProxyRequest createHttpProxyRequest(InetSocketAddress address,
 
         HttpProxyRequest req = new HttpProxyRequest(address);
         req.setProperties(props);
+        
         if (proxyVersion != null && proxyVersion.equalsIgnoreCase("1.1")) {
             req.setHttpVersion(HttpProxyConstants.HTTP_1_1);
         } else {
             req.setHttpVersion(HttpProxyConstants.HTTP_1_0);
         }
 
+        // Set Proxy-Authorization header for Basic authentication if credentials are provided
+        // Some proxy servers require this header to be set upfront rather than waiting for a 407 response
+        // Note: NTLM authentication requires a multi-step handshake and should not set headers upfront
+        if (proxyUser != null && !proxyUser.isEmpty() 
+                && proxyPassword != null && !proxyPassword.isEmpty()
+                && proxyDomain == null && proxyWorkstation == null) {
+            Map<String, List<String>> headers = new HashMap<>();
+            String credentials = proxyUser + ":" + proxyPassword;
+            String encodedCredentials = Base64.getEncoder().encodeToString(credentials.getBytes(StandardCharsets.UTF_8));
+            headers.put(PROXY_AUTHORIZATION_HEADER, Collections.singletonList("Basic " + encodedCredentials));
+            req.setHeaders(headers);
+        }
+
         return req;
     }
 
diff --git a/quickfixj-core/src/test/java/quickfix/mina/ProtocolFactoryTest.java b/quickfixj-core/src/test/java/quickfix/mina/ProtocolFactoryTest.java
@@ -21,15 +21,23 @@
 
 import org.apache.mina.core.service.IoConnector;
 import org.apache.mina.proxy.ProxyConnector;
+import org.apache.mina.proxy.handlers.http.HttpProxyRequest;
 import org.apache.mina.proxy.session.ProxyIoSession;
 import org.apache.mina.transport.socket.SocketConnector;
 import org.apache.mina.util.AvailablePortFinder;
 import org.junit.Test;
 import quickfix.ConfigError;
 
 import java.net.InetSocketAddress;
+import java.util.Base64;
+import java.util.List;
+import java.util.Map;
 
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertNotNull;
 import static org.junit.Assert.assertNull;
+import static org.junit.Assert.assertTrue;
+import static quickfix.mina.ProtocolFactory.PROXY_AUTHORIZATION_HEADER;
 
 public class ProtocolFactoryTest {
 
@@ -46,4 +54,77 @@ public void shouldCreateProxyConnectorWithoutPreferredAuthOrder() throws ConfigE
         ProxyIoSession proxySession = proxyConnector.getProxyIoSession();
         assertNull(proxySession.getPreferedOrder());
     }
+
+    @Test
+    public void shouldSetBasicAuthorizationHeaderForHttpProxy() throws ConfigError {
+        InetSocketAddress address = new InetSocketAddress(AvailablePortFinder.getNextAvailable());
+        InetSocketAddress proxyAddress = new InetSocketAddress(AvailablePortFinder.getNextAvailable());
+
+        IoConnector connector = ProtocolFactory.createIoConnector(address);
+        ProxyConnector proxyConnector = ProtocolFactory
+                .createIoProxyConnector((SocketConnector) connector, address, proxyAddress, "http", "1.0", "testuser",
+                                        "testpassword", null, null);
+
+        ProxyIoSession proxySession = proxyConnector.getProxyIoSession();
+        HttpProxyRequest request = (HttpProxyRequest) proxySession.getRequest();
+        
+        Map<String, List<String>> headers = request.getHeaders();
+        assertNotNull("Headers should not be null", headers);
+        assertTrue("Headers should contain Proxy-Authorization", headers.containsKey(PROXY_AUTHORIZATION_HEADER));
+        
+        List<String> authHeaders = headers.get(PROXY_AUTHORIZATION_HEADER);
+        assertNotNull("Proxy-Authorization header should not be null", authHeaders);
+        assertEquals("Should have exactly one Proxy-Authorization header", 1, authHeaders.size());
+        
+        String authHeader = authHeaders.get(0);
+        assertTrue("Auth header should start with 'Basic '", authHeader.startsWith("Basic "));
+        
+        // Verify the encoded credentials
+        String encodedPart = authHeader.substring("Basic ".length());
+        String decoded = new String(Base64.getDecoder().decode(encodedPart));
+        assertEquals("Decoded credentials should match", "testuser:testpassword", decoded);
+    }
+
+    @Test
+    public void shouldNotSetAuthorizationHeaderForNTLMAuthentication() throws ConfigError {
+        InetSocketAddress address = new InetSocketAddress(AvailablePortFinder.getNextAvailable());
+        InetSocketAddress proxyAddress = new InetSocketAddress(AvailablePortFinder.getNextAvailable());
+
+        IoConnector connector = ProtocolFactory.createIoConnector(address);
+        ProxyConnector proxyConnector = ProtocolFactory
+                .createIoProxyConnector((SocketConnector) connector, address, proxyAddress, "http", "1.0", "testuser",
+                                        "testpassword", "TESTDOMAIN", "TESTWORKSTATION");
+
+        ProxyIoSession proxySession = proxyConnector.getProxyIoSession();
+        HttpProxyRequest request = (HttpProxyRequest) proxySession.getRequest();
+        
+        Map<String, List<String>> headers = request.getHeaders();
+        // NTLM requires multi-step handshake, so Proxy-Authorization header should not be set upfront
+        assertTrue("Headers should be null or not contain Proxy-Authorization for NTLM", 
+                   headers == null || !headers.containsKey(PROXY_AUTHORIZATION_HEADER));
+        
+        // Verify NTLM properties are set correctly for the MINA proxy handler to use
+        Map<String, String> props = request.getProperties();
+        assertNotNull("Properties should not be null", props);
+        assertTrue("Properties should contain user credentials", props.size() >= 4);
+    }
+
+    @Test
+    public void shouldNotSetAuthorizationHeaderWhenCredentialsNotProvided() throws ConfigError {
+        InetSocketAddress address = new InetSocketAddress(AvailablePortFinder.getNextAvailable());
+        InetSocketAddress proxyAddress = new InetSocketAddress(AvailablePortFinder.getNextAvailable());
+
+        IoConnector connector = ProtocolFactory.createIoConnector(address);
+        ProxyConnector proxyConnector = ProtocolFactory
+                .createIoProxyConnector((SocketConnector) connector, address, proxyAddress, "http", "1.0", null,
+                                        null, null, null);
+
+        ProxyIoSession proxySession = proxyConnector.getProxyIoSession();
+        HttpProxyRequest request = (HttpProxyRequest) proxySession.getRequest();
+        
+        Map<String, List<String>> headers = request.getHeaders();
+        // Headers should either be null or not contain Proxy-Authorization
+        assertTrue("Headers should be null or empty when no credentials provided", 
+                   headers == null || !headers.containsKey(PROXY_AUTHORIZATION_HEADER));
+    }
 }
