mirror of
https://github.com/google/nomulus.git
synced 2025-07-23 19:20:44 +02:00
Add string constants for HTTP header names (#956)
* Add string constants for HTTP header names * revert package-lock changes * Clarify names * add CONTENT_TYPE * Fix formatting * Move X-FORWARDED-FOR to ProxyHttpHeaders
This commit is contained in:
parent
844f1fac41
commit
3f6a796aaf
8 changed files with 88 additions and 46 deletions
|
@ -22,6 +22,7 @@ import static google.registry.util.X509Utils.getCertificateHash;
|
|||
|
||||
import com.google.common.flogger.FluentLogger;
|
||||
import google.registry.proxy.metric.FrontendMetrics;
|
||||
import google.registry.util.ProxyHttpHeaders;
|
||||
import io.netty.buffer.ByteBuf;
|
||||
import io.netty.buffer.Unpooled;
|
||||
import io.netty.channel.ChannelFuture;
|
||||
|
@ -51,21 +52,6 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
|
|||
public static final AttributeKey<String> CLIENT_CERTIFICATE_HASH_KEY =
|
||||
AttributeKey.valueOf("CLIENT_CERTIFICATE_HASH_KEY");
|
||||
|
||||
/** Name of the HTTP header that stores the client certificate hash. */
|
||||
public static final String SSL_CLIENT_CERTIFICATE_HASH_FIELD = "X-SSL-Certificate";
|
||||
|
||||
/** Name of the HTTP header that stores the full client certificate. */
|
||||
public static final String SSL_CLIENT_FULL_CERTIFICATE_FIELD = "X-SSL-Full-Certificate";
|
||||
|
||||
/** Name of the HTTP header that stores the client IP address. */
|
||||
public static final String FORWARDED_FOR_FIELD = "X-Forwarded-For";
|
||||
|
||||
/** Name of the HTTP header that indicates if the EPP session should be closed. */
|
||||
public static final String EPP_SESSION_FIELD = "Epp-Session";
|
||||
|
||||
/** Name of the HTTP header that indicates a successful login has occurred. */
|
||||
public static final String EPP_LOGGED_IN_FIELD = "Logged-In";
|
||||
|
||||
public static final String EPP_CONTENT_TYPE = "application/epp+xml";
|
||||
|
||||
private final byte[] helloBytes;
|
||||
|
@ -139,8 +125,8 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
|
|||
FullHttpRequest request = super.decodeFullHttpRequest(byteBuf);
|
||||
request
|
||||
.headers()
|
||||
.set(SSL_CLIENT_CERTIFICATE_HASH_FIELD, sslClientCertificateHash)
|
||||
.set(FORWARDED_FOR_FIELD, clientAddress)
|
||||
.set(ProxyHttpHeaders.CERTIFICATE_HASH, sslClientCertificateHash)
|
||||
.set(ProxyHttpHeaders.IP_ADDRESS, clientAddress)
|
||||
.set(HttpHeaderNames.CONTENT_TYPE, EPP_CONTENT_TYPE)
|
||||
.set(HttpHeaderNames.ACCEPT, EPP_CONTENT_TYPE);
|
||||
if (!isLoggedIn) {
|
||||
|
@ -148,7 +134,7 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
|
|||
request
|
||||
.headers()
|
||||
.set(
|
||||
SSL_CLIENT_FULL_CERTIFICATE_FIELD,
|
||||
ProxyHttpHeaders.FULL_CERTIFICATE,
|
||||
Base64.getEncoder().encodeToString(sslClientCertificate.getEncoded()));
|
||||
} catch (CertificateEncodingException e) {
|
||||
throw new RuntimeException("Cannot encode client certificate", e);
|
||||
|
@ -162,8 +148,8 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
|
|||
throws Exception {
|
||||
checkArgument(msg instanceof HttpResponse);
|
||||
HttpResponse response = (HttpResponse) msg;
|
||||
String sessionAliveValue = response.headers().get(EPP_SESSION_FIELD);
|
||||
String loginValue = response.headers().get(EPP_LOGGED_IN_FIELD);
|
||||
String sessionAliveValue = response.headers().get(ProxyHttpHeaders.EPP_SESSION);
|
||||
String loginValue = response.headers().get(ProxyHttpHeaders.LOGGED_IN);
|
||||
if (sessionAliveValue != null && sessionAliveValue.equals("close")) {
|
||||
promise.addListener(ChannelFutureListener.CLOSE);
|
||||
}
|
||||
|
|
|
@ -17,6 +17,7 @@ package google.registry.proxy;
|
|||
import static com.google.common.truth.Truth.assertThat;
|
||||
import static java.nio.charset.StandardCharsets.US_ASCII;
|
||||
|
||||
import google.registry.util.ProxyHttpHeaders;
|
||||
import io.netty.buffer.ByteBuf;
|
||||
import io.netty.buffer.Unpooled;
|
||||
import io.netty.handler.codec.http.DefaultFullHttpRequest;
|
||||
|
@ -24,6 +25,7 @@ import io.netty.handler.codec.http.DefaultFullHttpResponse;
|
|||
import io.netty.handler.codec.http.FullHttpMessage;
|
||||
import io.netty.handler.codec.http.FullHttpRequest;
|
||||
import io.netty.handler.codec.http.FullHttpResponse;
|
||||
import io.netty.handler.codec.http.HttpHeaderNames;
|
||||
import io.netty.handler.codec.http.HttpMessage;
|
||||
import io.netty.handler.codec.http.HttpMethod;
|
||||
import io.netty.handler.codec.http.HttpRequest;
|
||||
|
@ -122,7 +124,7 @@ public class TestUtils {
|
|||
request
|
||||
.headers()
|
||||
.set("authorization", "Bearer " + accessToken)
|
||||
.set("content-type", "text/plain")
|
||||
.set(HttpHeaderNames.CONTENT_TYPE, "text/plain")
|
||||
.set("accept", "text/plain");
|
||||
return request;
|
||||
}
|
||||
|
@ -139,10 +141,10 @@ public class TestUtils {
|
|||
request
|
||||
.headers()
|
||||
.set("authorization", "Bearer " + accessToken)
|
||||
.set("content-type", "application/epp+xml")
|
||||
.set(HttpHeaderNames.CONTENT_TYPE, "application/epp+xml")
|
||||
.set("accept", "application/epp+xml")
|
||||
.set("X-SSL-Certificate", sslClientCertificateHash)
|
||||
.set("X-Forwarded-For", clientAddress);
|
||||
.set(ProxyHttpHeaders.CERTIFICATE_HASH, sslClientCertificateHash)
|
||||
.set(ProxyHttpHeaders.IP_ADDRESS, clientAddress);
|
||||
if (cookies.length != 0) {
|
||||
request.headers().set("cookie", ClientCookieEncoder.STRICT.encode(cookies));
|
||||
}
|
||||
|
@ -166,14 +168,14 @@ public class TestUtils {
|
|||
|
||||
public static FullHttpResponse makeWhoisHttpResponse(String content, HttpResponseStatus status) {
|
||||
FullHttpResponse response = makeHttpResponse(content, status);
|
||||
response.headers().set("content-type", "text/plain");
|
||||
response.headers().set(HttpHeaderNames.CONTENT_TYPE, "text/plain");
|
||||
return response;
|
||||
}
|
||||
|
||||
public static FullHttpResponse makeEppHttpResponse(
|
||||
String content, HttpResponseStatus status, Cookie... cookies) {
|
||||
FullHttpResponse response = makeHttpResponse(content, status);
|
||||
response.headers().set("content-type", "application/epp+xml");
|
||||
response.headers().set(HttpHeaderNames.CONTENT_TYPE, "application/epp+xml");
|
||||
for (Cookie cookie : cookies) {
|
||||
response.headers().add("set-cookie", ServerCookieEncoder.STRICT.encode(cookie));
|
||||
}
|
||||
|
|
|
@ -32,6 +32,7 @@ import com.google.common.base.Throwables;
|
|||
import google.registry.proxy.TestUtils;
|
||||
import google.registry.proxy.handler.HttpsRelayServiceHandler.NonOkHttpResponseException;
|
||||
import google.registry.proxy.metric.FrontendMetrics;
|
||||
import google.registry.util.ProxyHttpHeaders;
|
||||
import google.registry.util.SelfSignedCaCertificate;
|
||||
import io.netty.buffer.ByteBuf;
|
||||
import io.netty.buffer.Unpooled;
|
||||
|
@ -250,7 +251,7 @@ class EppServiceHandlerTest {
|
|||
channel.writeInbound(Unpooled.wrappedBuffer(content.getBytes(UTF_8)));
|
||||
FullHttpRequest request = channel.readInbound();
|
||||
assertThat(request).isEqualTo(makeEppHttpRequestWithCertificate(content));
|
||||
String encodedCert = request.headers().get("X-SSL-Full-Certificate");
|
||||
String encodedCert = request.headers().get(ProxyHttpHeaders.FULL_CERTIFICATE);
|
||||
assertThat(encodedCert).isNotEqualTo(SAMPLE_CERT);
|
||||
X509Certificate decodedCert =
|
||||
loadCertificate(new ByteArrayInputStream(Base64.getDecoder().decode(encodedCert)));
|
||||
|
@ -269,7 +270,7 @@ class EppServiceHandlerTest {
|
|||
assertThat(request).isEqualTo(makeEppHttpRequestWithCertificate(content));
|
||||
// Receive response indicating session is logged in
|
||||
HttpResponse response = makeEppHttpResponse(content, HttpResponseStatus.OK);
|
||||
response.headers().set("Logged-In", "true");
|
||||
response.headers().set(ProxyHttpHeaders.LOGGED_IN, "true");
|
||||
// Send another inbound message after login
|
||||
channel.writeOutbound(response);
|
||||
channel.writeInbound(Unpooled.wrappedBuffer(content.getBytes(UTF_8)));
|
||||
|
@ -297,7 +298,7 @@ class EppServiceHandlerTest {
|
|||
setHandshakeSuccess();
|
||||
String content = "<epp>stuff</epp>";
|
||||
HttpResponse response = makeEppHttpResponse(content, HttpResponseStatus.OK);
|
||||
response.headers().set("Epp-Session", "close");
|
||||
response.headers().set(ProxyHttpHeaders.EPP_SESSION, "close");
|
||||
channel.writeOutbound(response);
|
||||
ByteBuf expectedResponse = channel.readOutbound();
|
||||
assertThat(Unpooled.wrappedBuffer(content.getBytes(UTF_8))).isEqualTo(expectedResponse);
|
||||
|
@ -384,7 +385,7 @@ class EppServiceHandlerTest {
|
|||
// Second response written.
|
||||
HttpResponse response =
|
||||
makeEppHttpResponse(responseContent2, HttpResponseStatus.OK, cookie3, newCookie2);
|
||||
response.headers().set("Logged-In", "true");
|
||||
response.headers().set(ProxyHttpHeaders.LOGGED_IN, "true");
|
||||
channel.writeOutbound(response);
|
||||
channel.readOutbound();
|
||||
String requestContent2 = "<epp>request2</epp>";
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue