zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-15 08:57:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Require SSL certificate hash on login by default

Browse source 
Note that it's possible to set a config option to disable this functionality
on a per-environment basis (we're disabling it for sandbox), but in general
SSL certificate hashes should be required for increased security.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=225053496
This commit is contained in:
mcilwain 2018-12-11 12:49:05 -08:00 committed by jianglai
parent 0a44ef0dca
commit 400994237c
9 changed files with 80 additions and 29 deletions
Download patch file Download diff file Expand all files Collapse all files

18
javatests/google/registry/flows/session/LoginFlowViaTlsTest.java
View file

@ -49,7 +49,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
@Test
public void testSuccess_withGoodCredentials() throws Exception {
persistResource(getRegistrarBuilder().build());
credentials = new TlsCredentials(GOOD_CERT, GOOD_IP);
credentials = new TlsCredentials(true, GOOD_CERT, GOOD_IP);
doSuccessfulTest("login_valid.xml");
}
@ -60,7 +60,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
.setIpAddressWhitelist(ImmutableList.of(
CidrAddressBlock.create("2001:db8:0:0:0:0:1:1/32")))
.build());
credentials = new TlsCredentials(GOOD_CERT, GOOD_IPV6);
credentials = new TlsCredentials(true, GOOD_CERT, GOOD_IPV6);
doSuccessfulTest("login_valid.xml");
}
@ -71,7 +71,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
.setIpAddressWhitelist(ImmutableList.of(
CidrAddressBlock.create("2001:db8:0:0:0:0:1:1/32")))
.build());
credentials = new TlsCredentials(GOOD_CERT, GOOD_IPV6);
credentials = new TlsCredentials(true, GOOD_CERT, GOOD_IPV6);
doSuccessfulTest("login_valid.xml");
}
@ -82,21 +82,21 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
.setIpAddressWhitelist(ImmutableList.of(
CidrAddressBlock.create("192.168.1.255/24")))
.build());
credentials = new TlsCredentials(GOOD_CERT, GOOD_IP);
credentials = new TlsCredentials(true, GOOD_CERT, GOOD_IP);
doSuccessfulTest("login_valid.xml");
}
@Test
public void testFailure_incorrectClientCertificateHash() {
persistResource(getRegistrarBuilder().build());
credentials = new TlsCredentials(BAD_CERT, GOOD_IP);
credentials = new TlsCredentials(true, BAD_CERT, GOOD_IP);
doFailingTest("login_valid.xml", BadRegistrarCertificateException.class);
}
@Test
public void testFailure_missingClientCertificateHash() {
persistResource(getRegistrarBuilder().build());
credentials = new TlsCredentials(null, GOOD_IP);
credentials = new TlsCredentials(true, null, GOOD_IP);
doFailingTest("login_valid.xml", MissingRegistrarCertificateException.class);
}
@ -108,7 +108,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
.build());
credentials = new TlsCredentials(GOOD_CERT, Optional.empty());
credentials = new TlsCredentials(true, GOOD_CERT, Optional.empty());
doFailingTest("login_valid.xml", BadRegistrarIpAddressException.class);
}
@ -120,7 +120,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
.build());
credentials = new TlsCredentials(GOOD_CERT, BAD_IP);
credentials = new TlsCredentials(true, GOOD_CERT, BAD_IP);
doFailingTest("login_valid.xml", BadRegistrarIpAddressException.class);
}
@ -132,7 +132,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
.build());
credentials = new TlsCredentials(GOOD_CERT, BAD_IPV6);
credentials = new TlsCredentials(true, GOOD_CERT, BAD_IPV6);
doFailingTest("login_valid.xml", BadRegistrarIpAddressException.class);
}
}