Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Setting https proxy via Configuration with auth doesn't work for TSL #106

Open
angryziber opened this issue Apr 18, 2022 · 5 comments
Open

Setting https proxy via Configuration with auth doesn't work for TSL #106

angryziber opened this issue Apr 18, 2022 · 5 comments

Comments

@angryziber
Copy link

TSL tries to use the proxy without auth and fails.
TSP and OCSP respect proxy auth.
@rsarendus
Copy link
Contributor

What kind of parameters are you configuring via Configuration to enable proxying? What type of authentication is your proxy using? Are you using the same proxy for proxying both HTTP and HTTPS requests?

For example, when configuring proxying via the following:

  • Configuration#setHttpsProxyHost(String)
  • Configuration#setHttpsProxyPort(int)
  • Configuration#setHttpProxyUser(String) - NB: this currently configures proxy user for both HTTP and HTTPS!
  • Configuration#setHttpProxyPassword(String) - NB: this currently configures proxy password for both HTTP and HTTPS!

then TSL HTTPS requests (as I understood HTTP requests already work for you for TSP and OCSP) seem to work without a problem via a proxy that requests Basic auth.

@angryziber
Copy link
Author

We set both http and https and user and password using these mentioned setters, but it doesn't work - we get errors only TSL requests in logs, but no specifics besides IOException. If we disable proxy, everything works again. We actually found an inconvenient way to disable proxy for TSL only using the internal registry.

@rsarendus
Copy link
Contributor

We actually found an inconvenient way to disable proxy for TSL only using the internal registry.

By "internal registry", do you mean the ConfigurationRegistry instance inside the org.digidoc4j.Configuration class?

Did you try configuring everything else but the TSL proxy via the connection-type-specific methods?

  • Configuration#setHttpProxyHostFor(ExternalConnectionType, String)
  • Configuration#setHttpProxyPortFor(ExternalConnectionType, int)
  • Configuration#setHttpsProxyHostFor(ExternalConnectionType, String)
  • Configuration#setHttpsProxyPortFor(ExternalConnectionType, int)
  • Configuration#setHttpProxyUserFor(ExternalConnectionType, String)
  • Configuration#setHttpProxyPasswordFor(ExternalConnectionType, String)

Where ExternalConnectionType stands for one of TSL, OCSP and TSP.

We are looking into trying to reproduce the issue locally, but with no luck so far.

@cbxp
Copy link

cbxp commented Apr 26, 2022

Unfortunately, it is not possible to set proxy for everything except TSL, e.g.
setHttpProxyHostFor(TSL, "") has no effect if "global" proxy is already set, but it should accept either blank string or even better, null, do disable TSL proxy.

@cbxp
Copy link

cbxp commented Apr 26, 2022

But the original problem remains: if TSL proxy is set (both http & https), it doesn't use the httpProxyUser/httpProxyPassword, so all requests result in 407 responses

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@angryziber @cbxp @rsarendus