DependenciesDownloadHelper#downloadArtifactMetaData() handles header case incorrectly

[jonsten]

Describe the bug
Found this problem while upgrading Jenkins Artifactory plugin from 3.11.0 to 3.11.1. It in turn switches from version 2.26.0 to 2.26.2 of this library.
In 67cefb2 the method downloadArtifactMetaData in DependenciesDownloadHelper is refactored for some reason. Unfortunately the refactoring leads to incorrect handling of HTTP headers. Previously the header name was treated case-insensitively, but after the change it requires a certain case of the header name. If the header name doesn't mach, then, the file isn't downloaded due to the code in downloadArtifact() (which assumes that an artifact is a folder if no md5 or Sha1 is found).

Normally this isn't a problem since Artifactory produces the headers in expected case (X-Checksum-Md5 and X-Checksum-Sha1). But, in our case we have an HAProxy in between which transforms all headers to lower case (due to HTTP2 compliance). And thus the Jenkins Artifactory plugin fails to download the artifacts since the header isn't found by this library.

To be honest I don't see the point in the refactoring done to downloadArtifactMetaData(). The previous implementation relied on HttpResponse#getFirstHeader() to resolve header name to header value, which works perfectly fine. HttpResponse is a well tested and trusted implementation of header handling. Implementing your own header handling is, in my opinion, just unwise!

To Reproduce
Try to download artifacts using this library through a proxy which transforms the response headers to lowercase.

Expected behavior
That this library follows HTTP specification and ignores case of the HTTP response headers.

Versions
2.26.2 of this library
HAProxy 2.2

Additional context
It is possible to work around the issue by setting the following config parameters to HAProxy (i.e. it will ensure the headers have expected format:

default:
 option h1-case-adjust-bogus-client
global:
 h1-case-adjust accept-ranges Accept-Ranges
 h1-case-adjust content-disposition Content-Disposition
 h1-case-adjust content-length Content-Length
 h1-case-adjust content-type Content-Type
 h1-case-adjust last-modified Last-Modified
 h1-case-adjust x-artifactory-filename X-Artifactory-Filename
 h1-case-adjust x-artifactory-id X-Artifactory-Id
 h1-case-adjust x-artifactory-node-id X-Artifactory-Node-Id
 h1-case-adjust x-checksum-md5 X-Checksum-Md5
 h1-case-adjust x-checksum-sha1 X-Checksum-Sha1
 h1-case-adjust x-checksum-sha256 X-Checksum-Sha256
 h1-case-adjust x-jfrog-version X-JFrog-Version

This is not a permanent fix though. This library should really follow the HTTP standard and ignore header case.

[yahavi]

@jonsten
Jenkins Artifactory plugin 3.12.5 is released.
This version includes the fix for this issue.
We'd appreciate your feedback on that.

[jonsten]

Thanks for the quick role out of the fix. Unfortunately we have already deployed the broken version to one of our major Jenkins instances, which isn't scheduled for upgrade/restart for at least a month. So we can't undo workaround for our HAProxy until then. In any case, I will let you know as soon as I have tested it, but it might take a while.