mirror of
https://github.com/google/nomulus.git
synced 2025-05-12 22:38:16 +02:00
Remove unnecessary SecureRandom from UrlFetchUtils
We're only using it for generating multiparty boundaries, and there's no real need for the random boundary values to be cryptographically secure. The point of the randomness is just to make collisions with content in the payload sufficiently unlikely. The app itself controls the payload contents, and while it might be derived from user-submitted content, in practice it would be nearly infeasible to get the payload to contain arbitrary boundary values even if the RNG-produced boundaries could be determined in advance. To further insulate against this, I've increased the boundary size (from 40 bits to 192) and added an actual check that the boundary isn't present in the input data, so that in the extremely unlikely event of a collision, we fail rather than producing an invalid multipart request. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=142784289
This commit is contained in:
nickfelt
Ben McIlwain
parent
9d9c527917
commit
0405a427f1
2 changed files with 54 additions and 51 deletions
|
|
@ -14,7 +14,7 @@
|
|||
|
||||
package google.registry.util;
|
||||
|
||||
import static com.google.common.io.BaseEncoding.base32;
|
||||
import static com.google.common.base.Preconditions.checkState;
|
||||
import static com.google.common.io.BaseEncoding.base64;
|
||||
import static com.google.common.net.HttpHeaders.AUTHORIZATION;
|
||||
import static com.google.common.net.HttpHeaders.CONTENT_DISPOSITION;
|
||||
|
|
@ -28,16 +28,15 @@ import com.google.appengine.api.urlfetch.HTTPRequest;
|
|||
import com.google.appengine.api.urlfetch.HTTPResponse;
|
||||
import com.google.common.base.Ascii;
|
||||
import com.google.common.base.Optional;
|
||||
import com.google.common.base.Strings;
|
||||
import com.google.common.net.MediaType;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.ProviderException;
|
||||
import java.security.SecureRandom;
|
||||
import java.util.Random;
|
||||
|
||||
/** Helper methods for the App Engine URL fetch service. */
|
||||
public final class UrlFetchUtils {
|
||||
|
||||
@NonFinalForTesting
|
||||
private static SecureRandom secureRandom = initSecureRandom();
|
||||
private static Random random = new Random();
|
||||
|
||||
/** Returns value of first header matching {@code name}. */
|
||||
public static Optional<String> getHeaderFirst(HTTPResponse rsp, String name) {
|
||||
|
|
@ -66,9 +65,12 @@ public final class UrlFetchUtils {
|
|||
*
|
||||
* @see <a href="http://www.ietf.org/rfc/rfc2388.txt"> RFC2388 - Returning Values from Forms</a>
|
||||
*/
|
||||
public static <T> void setPayloadMultipart(
|
||||
HTTPRequest request, String name, String filename, MediaType contentType, T data) {
|
||||
public static void setPayloadMultipart(
|
||||
HTTPRequest request, String name, String filename, MediaType contentType, String data) {
|
||||
String boundary = createMultipartBoundary();
|
||||
checkState(
|
||||
!data.contains(boundary),
|
||||
"Multipart data contains autogenerated boundary: %s", boundary);
|
||||
StringBuilder multipart = new StringBuilder();
|
||||
multipart.append(format("--%s\r\n", boundary));
|
||||
multipart.append(format("%s: form-data; name=\"%s\"; filename=\"%s\"\r\n",
|
||||
|
|
@ -79,23 +81,19 @@ public final class UrlFetchUtils {
|
|||
multipart.append("\r\n");
|
||||
multipart.append(format("--%s--", boundary));
|
||||
byte[] payload = multipart.toString().getBytes(UTF_8);
|
||||
request.addHeader(new HTTPHeader(CONTENT_TYPE, "multipart/form-data; boundary=" + boundary));
|
||||
request.addHeader(
|
||||
new HTTPHeader(CONTENT_TYPE, format("multipart/form-data; boundary=\"%s\"", boundary)));
|
||||
request.addHeader(new HTTPHeader(CONTENT_LENGTH, Integer.toString(payload.length)));
|
||||
request.setPayload(payload);
|
||||
}
|
||||
|
||||
private static String createMultipartBoundary() {
|
||||
byte[] rand = new byte[5]; // Avoid base32 padding since `5 * 8 % log2(32) == 0`
|
||||
secureRandom.nextBytes(rand);
|
||||
return "------------------------------" + base32().encode(rand);
|
||||
}
|
||||
|
||||
private static SecureRandom initSecureRandom() {
|
||||
try {
|
||||
return SecureRandom.getInstance("NativePRNG");
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
throw new ProviderException(e);
|
||||
}
|
||||
// Generate 192 random bits (24 bytes) to produce 192/log_2(64) = 192/6 = 32 base64 digits.
|
||||
byte[] rand = new byte[24];
|
||||
random.nextBytes(rand);
|
||||
// Boundary strings can be up to 70 characters long, so use 30 hyphens plus 32 random digits.
|
||||
// See https://tools.ietf.org/html/rfc2046#section-5.1.1
|
||||
return Strings.repeat("-", 30) + base64().encode(rand);
|
||||
}
|
||||
|
||||
/** Sets the HTTP Basic Authentication header on an {@link HTTPRequest}. */
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue