HTTPCLIENT-2261 - Enable HTTP/2 CONNECT tunneling for HTTP/2 clients through HTTP/2 proxies

Wire HTTP/2 tunnel establishment into InternalH2ConnPool for tunneled routes by using H2OverH2TunnelSupport to convert an existing proxy HTTP/2 connection into a stream-backed tunnel session

Author: arturobernalg

httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/AsyncConnectExec.java

@@ -250,6 +250,19 @@ public void cancelled() {
                     public void completed(final AsyncExecRuntime execRuntime) {
                         final HttpHost proxy = route.getProxyHost();
                         tracker.connectProxy(proxy, route.isSecure() && !route.isTunnelled());
+                        if (route.isTunnelled() && execRuntime instanceof InternalH2AsyncExecRuntime) {
+                            if (route.getHopCount() > 2) {
+                                asyncExecCallback.failed(new HttpException("Proxy chains are not supported"));
+                                return;
+                            }
+                            if (LOG.isDebugEnabled()) {
+                                LOG.debug("{} H2 tunnel to target already established by connection pool", exchangeId);
+                            }
+                            tracker.tunnelTarget(false);
+                            if (route.isLayered()) {
+                                tracker.layerProtocol(route.isSecure());
+                            }
+                        }
                         if (LOG.isDebugEnabled()) {
                             LOG.debug("{} connected to proxy", exchangeId);
                         }

httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/H2AsyncClientBuilder.java

@@ -840,9 +840,12 @@ public CloseableHttpAsyncClient build() {
                 new H2AsyncMainClientExec(httpProcessor),
                 ChainElement.MAIN_TRANSPORT.name());
 
+        final HttpProcessor proxyConnectHttpProcessor =
+                new DefaultHttpProcessor(new RequestTargetHost(), new RequestUserAgent(userAgentCopy));
+
         execChainDefinition.addFirst(
                 new AsyncConnectExec(
-                        new DefaultHttpProcessor(new RequestTargetHost(), new RequestUserAgent(userAgentCopy)),
+                        proxyConnectHttpProcessor,
                         proxyAuthStrategyCopy,
                         schemePortResolver != null ? schemePortResolver : DefaultSchemePortResolver.INSTANCE,
                         authCachingDisabled),
@@ -971,7 +974,21 @@ public CloseableHttpAsyncClient build() {
         }
 
         final MultihomeConnectionInitiator connectionInitiator = new MultihomeConnectionInitiator(ioReactor, dnsResolver);
-        final InternalH2ConnPool connPool = new InternalH2ConnPool(connectionInitiator, host -> null, tlsStrategyCopy);
+        final IOEventHandlerFactory tunnelProtocolStarter = new H2TunnelProtocolStarter(
+                h2Config,
+                charCodingConfig);
+        final InternalH2ConnPool connPool = new InternalH2ConnPool(
+                connectionInitiator,
+                host -> null,
+                tlsStrategyCopy,
+                tunnelProtocolStarter,
+                proxyConnectHttpProcessor,
+                proxyAuthStrategyCopy,
+                schemePortResolver != null ? schemePortResolver : DefaultSchemePortResolver.INSTANCE,
+                authCachingDisabled,
+                authSchemeRegistryCopy,
+                credentialsProviderCopy,
+                defaultRequestConfig);
         connPool.setConnectionConfigResolver(connectionConfigResolver);
 
         List<Closeable> closeablesCopy = closeables != null ? new ArrayList<>(closeables) : null;

httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/H2TunnelProtocolStarter.java

@@ -0,0 +1,74 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.hc.client5.http.impl.async;
+
+import org.apache.hc.core5.http.config.CharCodingConfig;
+import org.apache.hc.core5.http.protocol.HttpProcessorBuilder;
+import org.apache.hc.core5.http2.config.H2Config;
+import org.apache.hc.core5.http2.impl.nio.ClientH2PrefaceHandler;
+import org.apache.hc.core5.http2.impl.nio.ClientH2StreamMultiplexerFactory;
+import org.apache.hc.core5.reactor.IOEventHandler;
+import org.apache.hc.core5.reactor.IOEventHandlerFactory;
+import org.apache.hc.core5.reactor.ProtocolIOSession;
+
+/**
+ * Minimal {@link IOEventHandlerFactory} for starting HTTP/2 client protocol
+ * inside a CONNECT tunnel session.
+ * <p>
+ * Unlike {@link H2AsyncClientProtocolStarter}, this factory does not
+ * install push consumer handling, frame/header logging listeners, or
+ * exception callbacks. Those concerns belong to the outer proxy
+ * connection, not the tunneled target connection.
+ * </p>
+ *
+ * @since 5.7
+ */
+final class H2TunnelProtocolStarter implements IOEventHandlerFactory {
+
+    private final H2Config h2Config;
+    private final CharCodingConfig charCodingConfig;
+
+    H2TunnelProtocolStarter(
+            final H2Config h2Config,
+            final CharCodingConfig charCodingConfig) {
+        this.h2Config = h2Config != null ? h2Config : H2Config.DEFAULT;
+        this.charCodingConfig = charCodingConfig != null ? charCodingConfig : CharCodingConfig.DEFAULT;
+    }
+
+    @Override
+    public IOEventHandler createHandler(final ProtocolIOSession ioSession, final Object attachment) {
+        final ClientH2StreamMultiplexerFactory multiplexerFactory = new ClientH2StreamMultiplexerFactory(
+                HttpProcessorBuilder.create().build(),
+                null,
+                h2Config,
+                charCodingConfig,
+                null);
+        return new ClientH2PrefaceHandler(ioSession, multiplexerFactory, false, null);
+    }
+
+}

httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/HttpAsyncClients.java

@@ -276,12 +276,16 @@ public static MinimalHttpAsyncClient createMinimal(final AsyncClientConnectionMa
     private static MinimalH2AsyncClient createMinimalHttp2AsyncClientImpl(
             final IOEventHandlerFactory eventHandlerFactory,
             final AsyncPushConsumerRegistry pushConsumerRegistry,
+            final H2Config h2Config,
+            final CharCodingConfig charCodingConfig,
             final IOReactorConfig ioReactorConfig,
             final DnsResolver dnsResolver,
             final TlsStrategy tlsStrategy) {
         return new MinimalH2AsyncClient(
                 eventHandlerFactory,
                 pushConsumerRegistry,
+                h2Config,
+                charCodingConfig,
                 ioReactorConfig,
                 new DefaultThreadFactory("httpclient-main", true),
                 new DefaultThreadFactory("httpclient-dispatch", true),
@@ -307,6 +311,8 @@ public static MinimalH2AsyncClient createHttp2Minimal(
                         CharCodingConfig.DEFAULT,
                         LoggingExceptionCallback.INSTANCE),
                 pushConsumerRegistry,
+                h2Config,
+                CharCodingConfig.DEFAULT,
                 ioReactorConfig,
                 dnsResolver,
                 tlsStrategy);

httpclient5/src/main/java/org/apache/hc/client5/http/impl/async/InternalH2AsyncClient.java

@@ -108,11 +108,7 @@ HttpRoute determineRoute(
             final HttpHost httpHost,
             final HttpRequest request,
             final HttpClientContext clientContext) throws HttpException {
-        final HttpRoute route = routePlanner.determineRoute(httpHost, request, clientContext);
-        if (route.isTunnelled()) {
-            throw new HttpException("HTTP/2 tunneling not supported");
-        }
-        return route;
+        return routePlanner.determineRoute(httpHost, request, clientContext);
     }
 
 }