Add string constants for HTTP header names (#956)

* Add string constants for HTTP header names * revert package-lock changes * Clarify names * add CONTENT_TYPE * Fix formatting * Move X-FORWARDED-FOR to ProxyHttpHeaders
2025-08-02 07:52:11 +02:00 · 2021-02-11 12:02:51 -05:00 · 2021-02-11 12:02:51 -05:00 · 3f6a796aaf
commit 3f6a796aaf
parent 844f1fac41
8 changed files with 88 additions and 46 deletions
--- a/core/src/main/java/google/registry/flows/EppRequestHandler.java
+++ b/core/src/main/java/google/registry/flows/EppRequestHandler.java
@ -25,6 +25,7 @@ import com.google.common.flogger.FluentLogger;
 import com.google.common.net.MediaType;
 import google.registry.model.eppoutput.EppOutput;
 import google.registry.request.Response;
+import google.registry.util.ProxyHttpHeaders;
 import javax.inject.Inject;

 /** Handle an EPP request and response. */
@ -72,7 +73,7 @@ public class EppRequestHandler {
      // See: https://tools.ietf.org/html/rfc5734#section-2
      if (eppOutput.isResponse()
          && eppOutput.getResponse().getResult().getCode() == SUCCESS_AND_CLOSE) {
-        response.setHeader("Epp-Session", "close");
+        response.setHeader(ProxyHttpHeaders.EPP_SESSION, "close");
      }
      // If a login request returns a success, a logged-in header is added to the response to inform
      // the proxy that it is no longer necessary to send the full client certificate to the backend
@ -80,7 +81,7 @@ public class EppRequestHandler {
      if (eppOutput.isResponse()
          && eppOutput.getResponse().isLoginResponse()
          && eppOutput.isSuccess()) {
-        response.setHeader("Logged-In", "true");
+        response.setHeader(ProxyHttpHeaders.LOGGED_IN, "true");
      }
    } catch (Exception e) {
      logger.atWarning().withCause(e).log("handleEppCommand general exception");
--- a/core/src/main/java/google/registry/flows/TlsCredentials.java
+++ b/core/src/main/java/google/registry/flows/TlsCredentials.java
@ -34,6 +34,7 @@ import google.registry.model.registrar.Registrar;
 import google.registry.request.Header;
 import google.registry.util.CidrAddressBlock;
 import google.registry.util.Clock;
+import google.registry.util.ProxyHttpHeaders;
 import java.io.ByteArrayInputStream;
 import java.net.InetAddress;
 import java.security.cert.CertificateException;
@ -78,9 +79,9 @@ public class TlsCredentials implements TransportCredentials {
  @Inject
  public TlsCredentials(
      @Config("requireSslCertificates") boolean requireSslCertificates,
-      @Header("X-SSL-Certificate") Optional<String> clientCertificateHash,
-      @Header("X-SSL-Full-Certificate") Optional<String> clientCertificate,
-      @Header("X-Forwarded-For") Optional<String> clientAddress,
+      @Header(ProxyHttpHeaders.CERTIFICATE_HASH) Optional<String> clientCertificateHash,
+      @Header(ProxyHttpHeaders.FULL_CERTIFICATE) Optional<String> clientCertificate,
+      @Header(ProxyHttpHeaders.IP_ADDRESS) Optional<String> clientAddress,
      CertificateChecker certificateChecker,
      Clock clock) {
    this.requireSslCertificates = requireSslCertificates;
@ -328,25 +329,25 @@ public class TlsCredentials implements TransportCredentials {
  public static final class EppTlsModule {

    @Provides
-    @Header("X-SSL-Certificate")
+    @Header(ProxyHttpHeaders.CERTIFICATE_HASH)
    static Optional<String> provideClientCertificateHash(HttpServletRequest req) {
      // Note: This header is actually required, we just want to handle its absence explicitly
      // by throwing an EPP exception rather than a generic Bad Request exception.
-      return extractOptionalHeader(req, "X-SSL-Certificate");
+      return extractOptionalHeader(req, ProxyHttpHeaders.CERTIFICATE_HASH);
    }

    @Provides
-    @Header("X-SSL-Full-Certificate")
+    @Header(ProxyHttpHeaders.FULL_CERTIFICATE)
    static Optional<String> provideClientCertificate(HttpServletRequest req) {
      // Note: This header is actually required, we just want to handle its absence explicitly
      // by throwing an EPP exception rather than a generic Bad Request exception.
-      return extractOptionalHeader(req, "X-SSL-Full-Certificate");
+      return extractOptionalHeader(req, ProxyHttpHeaders.FULL_CERTIFICATE);
    }

    @Provides
-    @Header("X-Forwarded-For")
-    static Optional<String> provideForwardedFor(HttpServletRequest req) {
-      return extractOptionalHeader(req, "X-Forwarded-For");
+    @Header(ProxyHttpHeaders.IP_ADDRESS)
+    static Optional<String> provideIpAddress(HttpServletRequest req) {
+      return extractOptionalHeader(req, ProxyHttpHeaders.IP_ADDRESS);
    }
  }
 }
--- a/core/src/test/java/google/registry/flows/EppTestCase.java
+++ b/core/src/test/java/google/registry/flows/EppTestCase.java
@ -46,6 +46,7 @@ import google.registry.testing.FakeClock;
 import google.registry.testing.FakeHttpSession;
 import google.registry.testing.FakeResponse;
 import google.registry.testing.InjectExtension;
+import google.registry.util.ProxyHttpHeaders;
 import java.util.Map;
 import java.util.Objects;
 import java.util.Optional;
@ -162,7 +163,8 @@ public class EppTestCase {
    FakeResponse response = executeXmlCommand(input);

    // Check that the logged-in header was added to the response
-    assertThat(response.getHeaders()).isEqualTo(ImmutableMap.of("Logged-In", "true"));
+    assertThat(response.getHeaders())
+        .isEqualTo(ImmutableMap.of(ProxyHttpHeaders.LOGGED_IN, "true"));

    return verifyAndReturnOutput(
        response.getPayload(), expectedOutput, inputFilename, outputFilename);
@ -183,7 +185,7 @@ public class EppTestCase {

    // Checks that the Logged-In header is not in the response. If testing the login command, use
    // assertLoginCommandAndResponse instead of this method.
-    assertThat(response.getHeaders()).doesNotContainEntry("Logged-In", "true");
+    assertThat(response.getHeaders()).doesNotContainEntry(ProxyHttpHeaders.LOGGED_IN, "true");

    return verifyAndReturnOutput(
        response.getPayload(), expectedOutput, inputFilename, outputFilename);
--- a/core/src/test/java/google/registry/flows/TlsCredentialsTest.java
+++ b/core/src/test/java/google/registry/flows/TlsCredentialsTest.java
@ -33,6 +33,7 @@ import google.registry.model.registrar.Registrar;
 import google.registry.testing.AppEngineExtension;
 import google.registry.testing.FakeClock;
 import google.registry.util.CidrAddressBlock;
+import google.registry.util.ProxyHttpHeaders;
 import java.util.Optional;
 import javax.servlet.http.HttpServletRequest;
 import org.joda.time.DateTime;
@ -59,7 +60,7 @@ final class TlsCredentialsTest {
  @Test
  void testProvideClientCertificateHash() {
    HttpServletRequest req = mock(HttpServletRequest.class);
-    when(req.getHeader("X-SSL-Certificate")).thenReturn("data");
+    when(req.getHeader(ProxyHttpHeaders.CERTIFICATE_HASH)).thenReturn("data");
    assertThat(TlsCredentials.EppTlsModule.provideClientCertificateHash(req)).hasValue("data");
  }

@ -128,7 +129,7 @@ final class TlsCredentialsTest {
  @Test
  void testProvideClientCertificate() {
    HttpServletRequest req = mock(HttpServletRequest.class);
-    when(req.getHeader("X-SSL-Full-Certificate")).thenReturn("data");
+    when(req.getHeader(ProxyHttpHeaders.FULL_CERTIFICATE)).thenReturn("data");
    assertThat(TlsCredentials.EppTlsModule.provideClientCertificate(req)).hasValue("data");
  }