Add tunnel exception

arturobernalg · arturobernalg · commit e3d265192d85 · 2026-03-06T16:55:00.000+01:00
Allow handle Exchange
diff --git a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/nio/support/H2OverH2TunnelExchangeHandler.java b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/nio/support/H2OverH2TunnelExchangeHandler.java
@@ -40,9 +40,9 @@
 import org.apache.hc.core5.http.HttpResponse;
 import org.apache.hc.core5.http.Method;
 import org.apache.hc.core5.http.StreamControl;
+import org.apache.hc.core5.http.HttpRequestInterceptor;
 import org.apache.hc.core5.http.impl.BasicEntityDetails;
 import org.apache.hc.core5.http.message.BasicHttpRequest;
-import org.apache.hc.core5.http.message.StatusLine;
 import org.apache.hc.core5.http.nio.AsyncClientExchangeHandler;
 import org.apache.hc.core5.http.nio.CapacityChannel;
 import org.apache.hc.core5.http.nio.DataStreamChannel;
@@ -69,6 +69,7 @@ final class H2OverH2TunnelExchangeHandler implements AsyncClientExchangeHandler
     private final Timeout connectTimeout;
     private final boolean secure;
     private final TlsStrategy tlsStrategy;
+    private final HttpRequestInterceptor connectRequestInterceptor;
     private final IOEventHandlerFactory protocolStarter;
     private final FutureCallback<ProtocolIOSession> callback;
 
@@ -85,13 +86,15 @@ final class H2OverH2TunnelExchangeHandler implements AsyncClientExchangeHandler
             final Timeout connectTimeout,
             final boolean secure,
             final TlsStrategy tlsStrategy,
+            final HttpRequestInterceptor connectRequestInterceptor,
             final IOEventHandlerFactory protocolStarter,
             final FutureCallback<ProtocolIOSession> callback) {
         this.physicalSession = physicalSession;
         this.targetEndpoint = targetEndpoint;
         this.connectTimeout = connectTimeout;
         this.secure = secure;
         this.tlsStrategy = tlsStrategy;
+        this.connectRequestInterceptor = connectRequestInterceptor;
         this.protocolStarter = protocolStarter;
         this.callback = callback;
         this.done = new AtomicBoolean(false);
@@ -123,6 +126,9 @@ public void cancel() {
     public void produceRequest(final RequestChannel requestChannel, final HttpContext context) throws HttpException, IOException {
         final HttpRequest connectRequest = new BasicHttpRequest(Method.CONNECT.name(), (String) null);
         connectRequest.setAuthority(new URIAuthority(targetEndpoint));
+        if (connectRequestInterceptor != null) {
+            connectRequestInterceptor.process(connectRequest, null, context);
+        }
         requestChannel.sendRequest(connectRequest, new BasicEntityDetails(-1, null), context);
     }
 
@@ -154,7 +160,7 @@ public void consumeResponse(
 
         final int status = response.getCode();
         if (status < 200 || status >= 300) {
-            throw new HttpException("Tunnel refused: " + new StatusLine(response));
+            throw new TunnelRefusedException(response);
         }
 
         if (entityDetails == null) {
diff --git a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/nio/support/H2OverH2TunnelSupport.java b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/nio/support/H2OverH2TunnelSupport.java
@@ -27,6 +27,7 @@
 package org.apache.hc.core5.http2.nio.support;
 
 import org.apache.hc.core5.concurrent.FutureCallback;
+import org.apache.hc.core5.http.HttpRequestInterceptor;
 import org.apache.hc.core5.http.nio.command.RequestExecutionCommand;
 import org.apache.hc.core5.http.nio.ssl.TlsStrategy;
 import org.apache.hc.core5.http.protocol.HttpCoreContext;
@@ -66,7 +67,7 @@ public static void establish(
             final boolean secure,
             final TlsStrategy tlsStrategy,
             final FutureCallback<ProtocolIOSession> callback) {
-        establishInternal(proxySession, target, connectTimeout, secure, tlsStrategy, null, callback);
+        establishInternal(proxySession, target, connectTimeout, secure, tlsStrategy, null, null, callback);
     }
 
     public static void establish(
@@ -75,6 +76,29 @@ public static void establish(
             final Timeout connectTimeout,
             final boolean secure,
             final TlsStrategy tlsStrategy,
+            final HttpRequestInterceptor connectRequestInterceptor,
+            final FutureCallback<ProtocolIOSession> callback) {
+        establishInternal(proxySession, target, connectTimeout, secure, tlsStrategy, connectRequestInterceptor, null, callback);
+    }
+
+    public static void establish(
+            final IOSession proxySession,
+            final NamedEndpoint target,
+            final Timeout connectTimeout,
+            final boolean secure,
+            final TlsStrategy tlsStrategy,
+            final IOEventHandlerFactory protocolStarter,
+            final FutureCallback<IOSession> callback) {
+        establish(proxySession, target, connectTimeout, secure, tlsStrategy, null, protocolStarter, callback);
+    }
+
+    public static void establish(
+            final IOSession proxySession,
+            final NamedEndpoint target,
+            final Timeout connectTimeout,
+            final boolean secure,
+            final TlsStrategy tlsStrategy,
+            final HttpRequestInterceptor connectRequestInterceptor,
             final IOEventHandlerFactory protocolStarter,
             final FutureCallback<IOSession> callback) {
 
@@ -97,7 +121,7 @@ public void cancelled() {
 
         } : null;
 
-        establishInternal(proxySession, target, connectTimeout, secure, tlsStrategy, protocolStarter, adapter);
+        establishInternal(proxySession, target, connectTimeout, secure, tlsStrategy, connectRequestInterceptor, protocolStarter, adapter);
     }
 
     private static void establishInternal(
@@ -106,6 +130,7 @@ private static void establishInternal(
             final Timeout connectTimeout,
             final boolean secure,
             final TlsStrategy tlsStrategy,
+            final HttpRequestInterceptor connectRequestInterceptor,
             final IOEventHandlerFactory protocolStarter,
             final FutureCallback<ProtocolIOSession> callback) {
 
@@ -121,6 +146,7 @@ private static void establishInternal(
                 connectTimeout,
                 secure,
                 tlsStrategy,
+                connectRequestInterceptor,
                 protocolStarter,
                 callback);
 
diff --git a/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/nio/support/TunnelRefusedException.java b/httpcore5-h2/src/main/java/org/apache/hc/core5/http2/nio/support/TunnelRefusedException.java
@@ -0,0 +1,68 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+package org.apache.hc.core5.http2.nio.support;
+
+import org.apache.hc.core5.http.Header;
+import org.apache.hc.core5.http.HttpException;
+import org.apache.hc.core5.http.HttpResponse;
+import org.apache.hc.core5.http.message.BasicHttpResponse;
+import org.apache.hc.core5.http.message.StatusLine;
+import org.apache.hc.core5.util.Args;
+
+/**
+ * Exception indicating CONNECT tunnel refusal by the proxy.
+ *
+ * @since 5.5
+ */
+public final class TunnelRefusedException extends HttpException {
+
+    private static final long serialVersionUID = 1L;
+
+    private final HttpResponse response;
+
+    public TunnelRefusedException(final HttpResponse response) {
+        super("Tunnel refused: " + new StatusLine(Args.notNull(response, "Response")));
+        this.response = copy(response);
+    }
+
+    public HttpResponse getResponse() {
+        return response;
+    }
+
+    public int getStatusCode() {
+        return response.getCode();
+    }
+
+    private static HttpResponse copy(final HttpResponse response) {
+        final BasicHttpResponse copy = new BasicHttpResponse(response.getCode(), response.getReasonPhrase());
+        copy.setVersion(response.getVersion());
+        for (final Header header : response.getHeaders()) {
+            copy.addHeader(header);
+        }
+        return copy;
+    }
+}
diff --git a/httpcore5-h2/src/test/java/org/apache/hc/core5/http2/nio/support/TestH2OverH2TunnelSupport.java b/httpcore5-h2/src/test/java/org/apache/hc/core5/http2/nio/support/TestH2OverH2TunnelSupport.java
@@ -82,6 +82,25 @@ void testEstablishBuildsH2ConnectForAuthorityAndCompletes() {
         Assertions.assertNull(session.capturedRequest.getPath());
     }
 
+    @Test
+    void testEstablishAppliesConnectRequestInterceptor() {
+        final ScriptedProxySession session = new ScriptedProxySession(HttpStatus.SC_OK, true);
+        final RecordingCallback<ProtocolIOSession> callback = new RecordingCallback<>();
+
+        H2OverH2TunnelSupport.establish(
+                session,
+                new HttpHost("https", "example.org", 443),
+                Timeout.ofSeconds(1),
+                false,
+                null,
+                (request, entityDetails, context) -> request.addHeader("Proxy-Authorization", "Basic dGVzdDp0ZXN0"),
+                callback);
+
+        Assertions.assertTrue(callback.completed);
+        Assertions.assertNotNull(session.capturedRequest);
+        Assertions.assertEquals("Basic dGVzdDp0ZXN0", session.capturedRequest.getFirstHeader("Proxy-Authorization").getValue());
+    }
+
     @Test
     void testEstablishFailsOnRefusedTunnel() {
         final ScriptedProxySession session = new ScriptedProxySession(HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED, false);
@@ -97,6 +116,10 @@ void testEstablishFailsOnRefusedTunnel() {
 
         Assertions.assertFalse(callback.completed);
         Assertions.assertNotNull(callback.failed);
+        Assertions.assertInstanceOf(TunnelRefusedException.class, callback.failed);
+        Assertions.assertEquals(
+                HttpStatus.SC_PROXY_AUTHENTICATION_REQUIRED,
+                ((TunnelRefusedException) callback.failed).getStatusCode());
     }
 
     @Test
