CBL-5689: Don't leak basic auth credentials in logs

CBL-5691: Client side proxy does not work
Also, important note on dbConfig.get/setDirectory and fix spelling error in dbChange exception

common/main/java/com/couchbase/lite/AbstractDatabaseConfiguration.java

@@ -57,6 +57,10 @@ protected AbstractDatabaseConfiguration(@Nullable String dbDir) {
  * If the directory doesn't already exist it will be created.
  * If it cannot be created an CouchbaseLiteError will be thrown.
  *
+ * Note: The directory set by this method is the canonical path to the
+ * directory whose path is passed. It is *NOT* necessarily the case that
+ * directory.equals(config.setDirectory(directory).getDirectory())
+ *
  * @param directory the directory
  * @return this.
  * @throws CouchbaseLiteError if the directory does not exist and cannot be created
@@ -76,6 +80,10 @@ public DatabaseConfiguration setDirectory(@NonNull String directory) {
  * If this path has not been set explicitly (see: <code>setDirectory</code> below),
  * then it is the system default.
  *
+ * Note: The directory returned by this method is the canonical path to the
+ * directory whose path was set. It is *NOT* necessarily the case that
+ * directory.equals(config.setDirectory(directory).getDirectory())
+ *
  * @return the database directory
  */
  @NonNull

common/main/java/com/couchbase/lite/DatabaseChange.java

@@ -32,7 +32,7 @@ public class DatabaseChange {
  private static Collection getDefaultCollection(@NonNull Database database) {
  try { return database.getDefaultCollection(); }
  catch (CouchbaseLiteException e) {
- throw new CouchbaseLiteError("Failed retrieving default collecion for database: " + database.getName(), e);
+ throw new CouchbaseLiteError("Failed retrieving default collection for database: " + database.getName(), e);
  }
  }
 

common/main/java/com/couchbase/lite/internal/replicator/AbstractCBLWebSocket.java

@@ -141,10 +141,6 @@ public abstract class AbstractCBLWebSocket implements SocketFromCore, SocketFrom
  public static final String HEADER_PROXY_AUTH = "Proxy-Authorization";
 
  private static final String CHALLENGE_BASIC = "Basic";
- private static final String CHALLENGE_PREEMPTIVE = "OkHttp-Preemptive";
-
- // OkHttp Interceptor failure message
- public static final String ERROR_INTERCEPTOR = "Interceptor Failure";
 
  private static final LogDomain LOG_DOMAIN = LogDomain.NETWORK;
 
@@ -648,28 +644,22 @@ private int getCodeForError(Throwable error) {
  }
 
  private void setupAuthentication(@NonNull OkHttpClient.Builder builder, @NonNull Map<?, ?> auth) {
- String proxyCredentials = null;
  final Object proxyUser = auth.get(C4Replicator.REPLICATOR_OPTION_PROXY_USER);
  final Object proxyPass = auth.get(C4Replicator.REPLICATOR_OPTION_PROXY_PASS);
  if (((proxyUser instanceof String) && (proxyPass instanceof String))) {
- proxyCredentials = Credentials.basic((String) proxyUser, (String) proxyPass);
+ final String proxyCred = Credentials.basic((String) proxyUser, (String) proxyPass);
+ builder.proxyAuthenticator((route, resp) -> authenticate(resp, HEADER_PROXY_AUTH, proxyCred));
  }
- final String proxyCred = proxyCredentials;
 
- String endpointCredentials = null;
  if (C4Replicator.AUTH_TYPE_BASIC.equals(auth.get(C4Replicator.REPLICATOR_AUTH_TYPE))) {
  final Object endptUser = auth.get(C4Replicator.REPLICATOR_AUTH_USER_NAME);
  final Object endptPass = auth.get(C4Replicator.REPLICATOR_AUTH_PASSWORD);
  if (((endptUser instanceof String) && (endptPass instanceof String))) {
- endpointCredentials = Credentials.basic((String) endptUser, (String) endptPass);
- forcePreAuth(builder, endpointCredentials);
+ final String endptCred = Credentials.basic((String) endptUser, (String) endptPass);
+ builder.authenticator((route, resp) -> authenticate(resp, HEADER_AUTH, endptCred));
+ forcePreAuth(builder, endptCred);
  }
  }
- final String endptCred = endpointCredentials;
-
- if ((proxyCredentials != null) || (endpointCredentials != null)) {
- builder.authenticator((route, resp) -> authenticate(resp, endptCred, proxyCred));
- }
  }
 
  @SuppressWarnings("PMD.AvoidRethrowingException")
@@ -780,7 +770,7 @@ private KeyManager getKeyManager(@Nullable Map<?, ?> auth) {
  // http:https://www.ietf.org/rfc/rfc2617.txt
  @SuppressFBWarnings("RCN_REDUNDANT_NULLCHECK_OF_NONNULL_VALUE")
  @Nullable
- private Request authenticate(@NonNull Response resp, @Nullable String endptCred, @Nullable String proxyCred) {
+ private Request authenticate(@NonNull Response resp, @NonNull String header, @NonNull String cred) {
  Log.d(LOG_DOMAIN, "%s.authenticate: %s", this, resp);
 
  // If failed 3 times, give up.
@@ -792,23 +782,10 @@ private Request authenticate(@NonNull Response resp, @Nullable String endptCred,
 
  for (Challenge challenge: challenges) {
  if (CHALLENGE_BASIC.equalsIgnoreCase(challenge.scheme())) {
- return (endptCred == null)
- ? null
- : resp.request()
- .newBuilder()
- .header(HEADER_AUTH, endptCred)
- .build();
- }
-
- // This is the challenge we will get if OkHttp determines that it
- // is talking to a proxy and needs to authenticate with it.
- if (CHALLENGE_PREEMPTIVE.equalsIgnoreCase(challenge.scheme())) {
- return (proxyCred == null)
- ? null
- : resp.request()
- .newBuilder()
- .header(HEADER_PROXY_AUTH, proxyCred)
- .build();
+ return resp.request()
+ .newBuilder()
+ .header(header, cred)
+ .build();
  }
  }
 

common/main/java/com/couchbase/lite/internal/sockets/OkHttpSocket.java

@@ -191,7 +191,7 @@ public void init(@NonNull SocketFromRemote core) {
  // Request a remote connections
  @Override
  public boolean openRemote(@NonNull URI uri, @Nullable Map<String, Object> options) {
- Log.d(LOG_DOMAIN, "%s.open: %s, %s", this, uri, options);
+ Log.d(LOG_DOMAIN, "%s.open: %s", this, uri);
  final SocketFromRemote core = getOpenCore();
  if (core == null) { return false; }