[http] add pre-emptive basic authentication and fix header handling (#9584)

* add preemptive basic authentication

Signed-off-by: Jan N. Klug <jan.n.klug@rub.de>

* improve header handling

Signed-off-by: Jan N. Klug <jan.n.klug@rub.de>

* Update bundles/org.openhab.binding.http/README.md

Co-authored-by: t2000 <t2000@users.noreply.github.com>

Co-authored-by: t2000 <t2000@users.noreply.github.com>

bundles/org.openhab.binding.http/src/main/java/org/openhab/binding/http/internal/HttpThingHandler.java

@@ -14,10 +14,7 @@ package org.openhab.binding.http.internal;
 
 import java.net.URI;
 import java.net.URISyntaxException;
-import java.util.Date;
-import java.util.HashMap;
-import java.util.Map;
-import java.util.Set;
+import java.util.*;
 import java.util.concurrent.CompletableFuture;
 import java.util.concurrent.TimeUnit;
 import java.util.function.Function;
@@ -85,7 +82,6 @@ public class HttpThingHandler extends BaseThingHandler {
     private final Map<String, RefreshingUrlCache> urlHandlers = new HashMap<>();
     private final Map<ChannelUID, ItemValueConverter> channels = new HashMap<>();
     private final Map<ChannelUID, String> channelUrls = new HashMap<>();
-    private @Nullable Authentication authentication;
 
     public HttpThingHandler(Thing thing, HttpClientProvider httpClientProvider,
             ValueTransformationProvider valueTransformationProvider,
@@ -139,6 +135,7 @@ public class HttpThingHandler extends BaseThingHandler {
             return;
         }
 
+        // check SSL handling and initialize client
         if (config.ignoreSSLErrors) {
             logger.info("Using the insecure client for thing '{}'.", thing.getUID());
             httpClient = httpClientProvider.getInsecureClient();
@@ -158,29 +155,34 @@ public class HttpThingHandler extends BaseThingHandler {
                     channelCount, thing.getUID(), config.delay, config.refresh);
         }
 
-        authentication = null;
+        // remove empty headers
+        config.headers.removeIf(String::isBlank);
+
+        // configure authentication
         if (!config.username.isEmpty()) {
             try {
+                AuthenticationStore authStore = httpClient.getAuthenticationStore();
                 URI uri = new URI(config.baseURL);
                 switch (config.authMode) {
+                    case BASIC_PREEMPTIVE:
+                        config.headers.add("Authorization=Basic " + Base64.getEncoder()
+                                .encodeToString((config.username + ":" + config.password).getBytes()));
+                        logger.debug("Preemptive Basic Authentication configured for thing '{}'", thing.getUID());
+                        break;
                     case BASIC:
-                        authentication = new BasicAuthentication(uri, Authentication.ANY_REALM, config.username,
-                                config.password);
+                        authStore.addAuthentication(new BasicAuthentication(uri, Authentication.ANY_REALM,
+                                config.username, config.password));
                         logger.debug("Basic Authentication configured for thing '{}'", thing.getUID());
                         break;
                     case DIGEST:
-                        authentication = new DigestAuthentication(uri, Authentication.ANY_REALM, config.username,
-                                config.password);
+                        authStore.addAuthentication(new DigestAuthentication(uri, Authentication.ANY_REALM,
+                                config.username, config.password));
                         logger.debug("Digest Authentication configured for thing '{}'", thing.getUID());
                         break;
                     default:
                         logger.warn("Unknown authentication method '{}' for thing '{}'", config.authMode,
                                 thing.getUID());
                 }
-                if (authentication != null) {
-                    AuthenticationStore authStore = httpClient.getAuthenticationStore();
-                    authStore.addAuthentication(authentication);
-                }
             } catch (URISyntaxException e) {
                 updateStatus(ThingStatus.OFFLINE, ThingStatusDetail.CONFIGURATION_ERROR,
                         "failed to create authentication: baseUrl is invalid");
@@ -189,6 +191,7 @@ public class HttpThingHandler extends BaseThingHandler {
             logger.debug("No authentication configured for thing '{}'", thing.getUID());
         }
 
+        // create channels
         thing.getChannels().forEach(this::createChannel);
 
         updateStatus(ThingStatus.ONLINE);

bundles/org.openhab.binding.http/src/main/java/org/openhab/binding/http/internal/config/HttpAuthMode.java

@@ -21,6 +21,7 @@ import org.eclipse.jdt.annotation.NonNullByDefault;
  */
 @NonNullByDefault
 public enum HttpAuthMode {
+    BASIC_PREEMPTIVE,
     BASIC,
     DIGEST
 }

bundles/org.openhab.binding.http/src/main/java/org/openhab/binding/http/internal/config/HttpThingConfig.java

@@ -12,8 +12,7 @@
  */
 package org.openhab.binding.http.internal.config;
 
-import java.util.Collections;
-import java.util.List;
+import java.util.ArrayList;
 
 import org.eclipse.jdt.annotation.NonNullByDefault;
 import org.eclipse.jdt.annotation.Nullable;
@@ -43,5 +42,6 @@ public class HttpThingConfig {
 
     public boolean ignoreSSLErrors = false;
 
-    public List<String> headers = Collections.emptyList();
+    // ArrayList is required as implementation because list may be modified later
+    public ArrayList<String> headers = new ArrayList<>();
 }

bundles/org.openhab.binding.http/src/main/resources/OH-INF/thing/thing-types.xml

@@ -52,6 +52,7 @@
 				<label>Authentication Mode</label>
 				<options>
 					<option value="BASIC">Basic Authentication</option>
+					<option value="BASIC_PREEMPTIVE">Preemptive Basic Authentication</option>
 					<option value="DIGEST">Digest Authentication</option>
 				</options>
 				<default>BASIC</default>