zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-07-24 11:38:35 +02:00
Code Issues Projects Releases Packages Wiki Activity

Convert Strings to X509 Certificates before validating (#948)

Browse source 
* Convert certificate strings to certificates

* Format fixes

* Revert "Format fixes"

This reverts commit 26f88bd313.

* Revert "Convert certificate strings to certificates"

This reverts commit 6d47ed2861.

* Convert strings to certs for validation

* Add clarification comments

* Add test to verify endoded cert from proxy

* Add some helper methods

* add tests for PEM with metadata

* small changes

* replace .com with .test
This commit is contained in:
sarahcaseybot 2021-01-29 16:59:57 -05:00 committed by GitHub
parent c8d878d084
commit 279f65b6cf
7 changed files with 229 additions and 26 deletions
Download patch file Download diff file Expand all files Collapse all files

19
proxy/src/test/java/google/registry/proxy/handler/EppServiceHandlerTest.java
View file

@ -21,6 +21,7 @@ import static google.registry.proxy.TestUtils.assertHttpRequestEquivalent;
import static google.registry.proxy.TestUtils.makeEppHttpResponse;
import static google.registry.proxy.handler.ProxyProtocolHandler.REMOTE_ADDRESS_KEY;
import static google.registry.util.X509Utils.getCertificateHash;
import static google.registry.util.X509Utils.loadCertificate;
import static java.nio.charset.StandardCharsets.UTF_8;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.Mockito.mock;
@ -47,6 +48,7 @@ import io.netty.util.concurrent.Promise;
import java.io.ByteArrayInputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.Base64;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
@ -239,6 +241,23 @@ class EppServiceHandlerTest {
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_requestContainsEncodedCertificate() throws Exception {
setHandshakeSuccess();
// First inbound message is hello.
channel.readInbound();
String content = "<epp>stuff</epp>";
channel.writeInbound(Unpooled.wrappedBuffer(content.getBytes(UTF_8)));
FullHttpRequest request = channel.readInbound();
assertThat(request).isEqualTo(makeEppHttpRequestWithCertificate(content));
String encodedCert = request.headers().get("X-SSL-Full-Certificate");
assertThat(encodedCert).isNotEqualTo(SAMPLE_CERT);
X509Certificate decodedCert =
loadCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(encodedCert)));
X509Certificate pemCert = loadCertificate(SAMPLE_CERT);
assertThat(decodedCert).isEqualTo(pemCert);
}
@Test
void testSuccess_sendCertificateOnlyBeforeLogin() throws Exception {
setHandshakeSuccess();