Support auth in http proxy server

src/net/tools/naive/http_proxy_server_socket.cc

@@ -10,6 +10,7 @@
 #include <utility>
 #include <vector>
 
+#include "base/base64.h"
 #include "base/functional/bind.h"
 #include "base/functional/callback_helpers.h"
 #include "base/logging.h"
@@ -40,6 +41,8 @@ constexpr int kMaxPaddingSize = kMinPaddingSize + 32;
 
 HttpProxyServerSocket::HttpProxyServerSocket(
     std::unique_ptr<StreamSocket> transport_socket,
+    const std::string& user,
+    const std::string& pass,
     ClientPaddingDetectorDelegate* padding_detector_delegate,
     const NetworkTrafficAnnotationTag& traffic_annotation,
     const std::vector<PaddingType>& supported_padding_types)
@@ -53,7 +56,12 @@ HttpProxyServerSocket::HttpProxyServerSocket(
       header_write_size_(-1),
       net_log_(transport_->NetLog()),
       traffic_annotation_(traffic_annotation),
-      supported_padding_types_(supported_padding_types) {}
+      supported_padding_types_(supported_padding_types) {
+  if (!user.empty() || !pass.empty()) {
+    basic_auth_ =
+        std::string("Basic ").append(base::Base64Encode(user + ":" + pass));
+  }
+}
 
 HttpProxyServerSocket::~HttpProxyServerSocket() {
   Disconnect();
@@ -347,6 +355,15 @@ int HttpProxyServerSocket::DoHeaderReadComplete(int result) {
     headers.AddHeadersFromString(headers_str);
   }
 
+  if (!basic_auth_.empty()) {
+    std::string proxy_auth;
+    headers.GetHeader(HttpRequestHeaders::kProxyAuthorization, &proxy_auth);
+    if (proxy_auth != basic_auth_) {
+      LOG(WARNING) << "Invalid Proxy-Authorization: " << proxy_auth;
+      return ERR_INVALID_ARGUMENT;
+    }
+  }
+
   if (is_http_1_0) {
     GURL url(uri);
     if (!url.is_valid()) {

src/net/tools/naive/http_proxy_server_socket.h

@@ -35,6 +35,8 @@ class HttpProxyServerSocket : public StreamSocket {
  public:
   HttpProxyServerSocket(
       std::unique_ptr<StreamSocket> transport_socket,
+      const std::string& user,
+      const std::string& pass,
       ClientPaddingDetectorDelegate* padding_detector_delegate,
       const NetworkTrafficAnnotationTag& traffic_annotation,
       const std::vector<PaddingType>& supported_padding_types);
@@ -117,6 +119,8 @@ class HttpProxyServerSocket : public StreamSocket {
   bool was_ever_used_;
   int header_write_size_;
 
+  std::string basic_auth_;
+
   HostPortPair request_endpoint_;
 
   NetLogWithSource net_log_;

src/net/tools/naive/naive_proxy.cc

@@ -116,8 +116,9 @@ void NaiveProxy::DoConnect() {
                                                   traffic_annotation_);
   } else if (protocol_ == ClientProtocol::kHttp) {
     socket = std::make_unique<HttpProxyServerSocket>(
-        std::move(accepted_socket_), padding_detector_delegate.get(),
-        traffic_annotation_, supported_padding_types_);
+        std::move(accepted_socket_), listen_user_, listen_pass_,
+        padding_detector_delegate.get(), traffic_annotation_,
+        supported_padding_types_);
   } else if (protocol_ == ClientProtocol::kRedir) {
     socket = std::move(accepted_socket_);
   } else {