zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-06-03 02:57:33 +02:00
Code Issues Projects Releases Packages Wiki Activity

Require SSL certificate hash on login by default

Browse source 
Note that it's possible to set a config option to disable this functionality
on a per-environment basis (we're disabling it for sandbox), but in general
SSL certificate hashes should be required for increased security.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=225053496
This commit is contained in:
mcilwain 2018-12-11 12:49:05 -08:00 committed by jianglai
parent 0a44ef0dca
commit 400994237c
9 changed files with 80 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

29
javatests/google/registry/flows/TlsCredentialsTest.java
View file

@ -15,19 +15,31 @@
package google.registry.flows;
import static com.google.common.truth.Truth.assertThat;
import static google.registry.testing.DatastoreHelper.loadRegistrar;
import static google.registry.testing.DatastoreHelper.persistResource;
import static google.registry.testing.JUnitBackports.assertThrows;
import static org.joda.time.DateTimeZone.UTC;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.when;
import google.registry.model.registrar.Registrar;
import google.registry.request.HttpException.BadRequestException;
import google.registry.testing.AppEngineRule;
import google.registry.testing.ShardableTestCase;
import java.util.Optional;
import javax.servlet.http.HttpServletRequest;
import org.joda.time.DateTime;
import org.junit.Rule;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.junit.runners.JUnit4;
/** Unit tests for {@link TlsCredentials}. */
@RunWith(JUnit4.class)
public final class TlsCredentialsTest {
public final class TlsCredentialsTest extends ShardableTestCase {
@Rule public final AppEngineRule appEngine = AppEngineRule.builder().withDatastore().build();
@Test
public void testProvideClientCertificateHash() {
HttpServletRequest req = mock(HttpServletRequest.class);
@ -46,8 +58,15 @@ public final class TlsCredentialsTest {
}
@Test
public void testNothing1() {}
@Test
public void testNothing2() {}
public void test_validateCertificate_canBeConfiguredToBypassCertHashes() throws Exception {
TlsCredentials tls = new TlsCredentials(false, "certHash", Optional.of("192.168.1.1"));
persistResource(
loadRegistrar("TheRegistrar")
.asBuilder()
.setClientCertificate(null, DateTime.now(UTC))
.setFailoverClientCertificate(null, DateTime.now(UTC))
.build());
// This would throw a RegistrarCertificateNotConfiguredException if cert hashes wren't bypassed.
tls.validateCertificate(Registrar.loadByClientId("TheRegistrar").get());
}
}