open-eid / digidoc4j

DigiDoc for Java. Javadoc:
http://open-eid.github.io/digidoc4j
GNU Lesser General Public License v2.1
73 stars 39 forks source link

Setting https proxy via Configuration with auth doesn't work for TSL #106

Open angryziber opened 2 years ago

angryziber commented 2 years ago

TSL tries to use the proxy without auth and fails. TSP and OCSP respect proxy auth.

rsarendus commented 2 years ago

What kind of parameters are you configuring via Configuration to enable proxying? What type of authentication is your proxy using? Are you using the same proxy for proxying both HTTP and HTTPS requests?

For example, when configuring proxying via the following:

then TSL HTTPS requests (as I understood HTTP requests already work for you for TSP and OCSP) seem to work without a problem via a proxy that requests Basic auth.

angryziber commented 2 years ago

We set both http and https and user and password using these mentioned setters, but it doesn't work - we get errors only TSL requests in logs, but no specifics besides IOException. If we disable proxy, everything works again. We actually found an inconvenient way to disable proxy for TSL only using the internal registry.

rsarendus commented 2 years ago

We actually found an inconvenient way to disable proxy for TSL only using the internal registry.

By "internal registry", do you mean the ConfigurationRegistry instance inside the org.digidoc4j.Configuration class?

Did you try configuring everything else but the TSL proxy via the connection-type-specific methods?

Where ExternalConnectionType stands for one of TSL, OCSP and TSP.

We are looking into trying to reproduce the issue locally, but with no luck so far.

cbxp commented 2 years ago

Unfortunately, it is not possible to set proxy for everything except TSL, e.g. setHttpProxyHostFor(TSL, "") has no effect if "global" proxy is already set, but it should accept either blank string or even better, null, do disable TSL proxy.

cbxp commented 2 years ago

But the original problem remains: if TSL proxy is set (both http & https), it doesn't use the httpProxyUser/httpProxyPassword, so all requests result in 407 responses