Adding connect auth feature. Proxy-Authorization header is being inserted when user creds are present in uri

3 files changed, 88 insertions, 6 deletions

diff --git a/test/core/end2end/fixtures/h2_http_proxy.c b/test/core/end2end/fixtures/h2_http_proxy.c
index f8c88e5953..f87036d52e 100644
--- a/test/core/end2end/fixtures/h2_http_proxy.c
+++ b/test/core/end2end/fixtures/h2_http_proxy.c
@@ -47,11 +47,26 @@ static grpc_end2end_test_fixture chttp2_create_fixture_fullstack(
     grpc_channel_args *client_args, grpc_channel_args *server_args) {
   grpc_end2end_test_fixture f;
   memset(&f, 0, sizeof(f));
+  grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
 
   fullstack_fixture_data *ffd = gpr_malloc(sizeof(fullstack_fixture_data));
   const int server_port = grpc_pick_unused_port_or_die();
   gpr_join_host_port(&ffd->server_addr, "localhost", server_port);
-  ffd->proxy = grpc_end2end_http_proxy_create();
+
+  /*const grpc_arg *proxy_auth_arg =
+      grpc_channel_args_find(client_args, "test_uses_proxy_auth");
+  ffd->proxy = grpc_end2end_http_proxy_create(proxy_args);*/
+  //If we are testing proxy auth, add the proxy auth arg to proxy channel args
+  grpc_channel_args *proxy_args = NULL;
+  const grpc_arg *proxy_auth_arg = grpc_channel_args_find(
+          client_args, GRPC_END2END_HTTP_PROXY_TEST_CONNECT_AUTH_PRESENT);
+  if(proxy_auth_arg) {
+    proxy_args = grpc_channel_args_copy_and_add(NULL, proxy_auth_arg, 1);
+  }
+  ffd->proxy = grpc_end2end_http_proxy_create(proxy_args);
+  grpc_channel_args_destroy(&exec_ctx, proxy_args);
+
+  grpc_exec_ctx_finish(&exec_ctx);
 
   f.fixture_data = ffd;
   f.cq = grpc_completion_queue_create_for_next(NULL);
@@ -64,8 +79,17 @@ void chttp2_init_client_fullstack(grpc_end2end_test_fixture *f,
                                   grpc_channel_args *client_args) {
   fullstack_fixture_data *ffd = f->fixture_data;
   char *proxy_uri;
-  gpr_asprintf(&proxy_uri, "http://%s",
-               grpc_end2end_http_proxy_get_proxy_name(ffd->proxy));
+
+  // If testing for proxy auth, add credentials to proxy uri
+  if(grpc_channel_args_find(
+      client_args, GRPC_END2END_HTTP_PROXY_TEST_CONNECT_AUTH_PRESENT) == NULL) {
+    gpr_asprintf(&proxy_uri, "http://%s",
+                 grpc_end2end_http_proxy_get_proxy_name(ffd->proxy));
+  } else {
+    gpr_asprintf(&proxy_uri, "http://%s@%s",
+                 GRPC_END2END_HTTP_PROXY_TEST_CONNECT_CRED,
+                 grpc_end2end_http_proxy_get_proxy_name(ffd->proxy));
+  }
   gpr_setenv("http_proxy", proxy_uri);
   gpr_free(proxy_uri);
   f->client = grpc_insecure_channel_create(ffd->server_addr, client_args, NULL);
diff --git a/test/core/end2end/fixtures/http_proxy_fixture.c b/test/core/end2end/fixtures/http_proxy_fixture.c
index 54693c4900..d69ed1a086 100644
--- a/test/core/end2end/fixtures/http_proxy_fixture.c
+++ b/test/core/end2end/fixtures/http_proxy_fixture.c
@@ -22,6 +22,7 @@
 
 #include <string.h>
 
+#include <grpc/grpc.h>
 #include <grpc/slice_buffer.h>
 #include <grpc/support/alloc.h>
 #include <grpc/support/atm.h>
@@ -47,6 +48,7 @@
 #include "src/core/lib/iomgr/tcp_server.h"
 #include "src/core/lib/iomgr/timer.h"
 #include "src/core/lib/slice/slice_internal.h"
+#include "src/core/lib/slice/b64.h"
 #include "test/core/util/port.h"
 
 struct grpc_end2end_http_proxy {
@@ -352,6 +354,42 @@ static void on_read_request_done(grpc_exec_ctx* exec_ctx, void* arg,
     GRPC_ERROR_UNREF(error);
     return;
   }
+  // If proxy auth is being used, check if the header is present
+  if(grpc_channel_args_find(
+      conn->proxy->channel_args,
+      GRPC_END2END_HTTP_PROXY_TEST_CONNECT_AUTH_PRESENT) != NULL) {
+    bool found = false, failed = false;
+    for(size_t i = 0; i < conn->http_request.hdr_count; i++) {
+      if(strcmp(conn->http_request.hdrs[i].key, "Proxy-Authorization") == 0) {
+        found = true;
+        // Authentication type should be Basic
+        if(strncmp(conn->http_request.hdrs[i].value, "Basic",
+                   strlen("Basic")) != 0) {
+          failed = true;
+          break;
+        }
+        // Check if encoded string is as expected
+        char *encoded_str_start =
+            strchr(conn->http_request.hdrs[i].value, ' ') + 1;
+        grpc_slice decoded_slice =
+            grpc_base64_decode(exec_ctx, encoded_str_start, 0);
+        if(grpc_slice_str_cmp(
+            decoded_slice, GRPC_END2END_HTTP_PROXY_TEST_CONNECT_CRED) != 0) {
+          failed = true;
+          break;
+        }
+        break;
+      }
+    }
+    if(!found || failed) {
+      const char *msg = "HTTP Connect could not verify authentication";
+      error = GRPC_ERROR_CREATE_FROM_COPIED_STRING(msg);
+      proxy_connection_failed(exec_ctx, conn, true /* is_client */,
+                              "HTTP proxy read request", error);
+      GRPC_ERROR_UNREF(error);
+      return;
+    }
+  }
   // Resolve address.
   grpc_resolved_addresses* resolved_addresses = NULL;
   error = grpc_blocking_resolve_address(conn->http_request.path, "80",
@@ -436,7 +474,8 @@ static void thread_main(void* arg) {
   grpc_exec_ctx_finish(&exec_ctx);
 }
 
-grpc_end2end_http_proxy* grpc_end2end_http_proxy_create(void) {
+grpc_end2end_http_proxy* grpc_end2end_http_proxy_create(
+    grpc_channel_args *args) {
   grpc_exec_ctx exec_ctx = GRPC_EXEC_CTX_INIT;
   grpc_end2end_http_proxy* proxy =
       (grpc_end2end_http_proxy*)gpr_malloc(sizeof(*proxy));
@@ -448,7 +487,7 @@ grpc_end2end_http_proxy* grpc_end2end_http_proxy_create(void) {
   gpr_join_host_port(&proxy->proxy_name, "localhost", proxy_port);
   gpr_log(GPR_INFO, "Proxy address: %s", proxy->proxy_name);
   // Create TCP server.
-  proxy->channel_args = grpc_channel_args_copy(NULL);
+  proxy->channel_args = grpc_channel_args_copy(args);
   grpc_error* error = grpc_tcp_server_create(
       &exec_ctx, NULL, proxy->channel_args, &proxy->server);
   GPR_ASSERT(error == GRPC_ERROR_NONE);
diff --git a/test/core/end2end/fixtures/http_proxy_fixture.h b/test/core/end2end/fixtures/http_proxy_fixture.h
index a72162e846..f3da0494ae 100644
--- a/test/core/end2end/fixtures/http_proxy_fixture.h
+++ b/test/core/end2end/fixtures/http_proxy_fixture.h
@@ -16,11 +16,30 @@
  *
  */
 
+#ifndef GRPC_TEST_CORE_END2END_FIXTURES_HTTP_PROXY_FIXTURE_H
+#define GRPC_TEST_CORE_END2END_FIXTURES_HTTP_PROXY_FIXTURE_H
+
+#include <grpc/grpc.h>
+
+/* The test credentials being used for HTTP Proxy Authorization */
+#define GRPC_END2END_HTTP_PROXY_TEST_CONNECT_CRED "aladdin:opensesame"
+
+/* A channel arg key used to indicate that the channel uses proxy authorization.
+ * The value is of no consequence as just the presence of the argument is
+ * enough. It is currently kept as of type integer but can be changed as seen
+ * fit.
+ */
+#define GRPC_END2END_HTTP_PROXY_TEST_CONNECT_AUTH_PRESENT \
+    "grpc.test.connect_auth"
+
 typedef struct grpc_end2end_http_proxy grpc_end2end_http_proxy;
 
-grpc_end2end_http_proxy* grpc_end2end_http_proxy_create();
+grpc_end2end_http_proxy* grpc_end2end_http_proxy_create(
+    grpc_channel_args *args);
 
 void grpc_end2end_http_proxy_destroy(grpc_end2end_http_proxy* proxy);
 
 const char* grpc_end2end_http_proxy_get_proxy_name(
     grpc_end2end_http_proxy* proxy);
+
+#endif /* GRPC_TEST_CORE_END2END_FIXTURES_HTTP_PROXY_FIXTURE_H */