zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-07-27 13:06:27 +02:00
Code Issues Projects Releases Packages Wiki Activity

Extend IP validation test with message verification (#1736)

Browse source
This commit is contained in:
Pavlo Tkach 2022-08-10 13:27:55 -04:00 committed by GitHub
parent 028005906a
commit 45d90e7c68
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 14 additions and 5 deletions
Download patch file Download diff file Expand all files Collapse all files

3
core/src/main/java/google/registry/flows/TlsCredentials.java
View file

@ -220,7 +220,8 @@ public class TlsCredentials implements TransportCredentials {
super( super(
clientInetAddr.isPresent() clientInetAddr.isPresent()
? String.format( ? String.format(
"Registrar IP address %s is not in stored allow list", clientInetAddr.get()) "Registrar IP address %s is not in stored allow list",
clientInetAddr.get().getHostAddress())
: "Registrar IP address is not in stored allow list"); : "Registrar IP address is not in stored allow list");
} }
} }

10
core/src/test/java/google/registry/flows/TlsCredentialsTest.java
View file

@ -14,6 +14,7 @@
package google.registry.flows; package google.registry.flows;
import static com.google.common.truth.Truth.assertThat;
import static com.google.common.truth.Truth8.assertThat; import static com.google.common.truth.Truth8.assertThat;
import static google.registry.testing.CertificateSamples.SAMPLE_CERT; import static google.registry.testing.CertificateSamples.SAMPLE_CERT;
import static google.registry.testing.DatabaseHelper.loadRegistrar; import static google.registry.testing.DatabaseHelper.loadRegistrar;
@ -81,16 +82,23 @@ final class TlsCredentialsTest {
@Test @Test
void test_missingIpAddress_doesntAllowAccess() { void test_missingIpAddress_doesntAllowAccess() {
TlsCredentials tls = TlsCredentials tls =
new TlsCredentials(false, Optional.of("certHash"), Optional.empty(), certificateChecker); new TlsCredentials(
false, Optional.of("certHash"), Optional.of("127.0.0.1"), certificateChecker);
persistResource( persistResource(
loadRegistrar("TheRegistrar") loadRegistrar("TheRegistrar")
.asBuilder() .asBuilder()
.setClientCertificate(SAMPLE_CERT, clock.nowUtc()) .setClientCertificate(SAMPLE_CERT, clock.nowUtc())
.setIpAddressAllowList(ImmutableSet.of(CidrAddressBlock.create("3.5.8.13"))) .setIpAddressAllowList(ImmutableSet.of(CidrAddressBlock.create("3.5.8.13")))
.build()); .build());
BadRegistrarIpAddressException thrown =
assertThrows( assertThrows(
BadRegistrarIpAddressException.class, BadRegistrarIpAddressException.class,
() -> tls.validate(Registrar.loadByRegistrarId("TheRegistrar").get(), "password")); () -> tls.validate(Registrar.loadByRegistrarId("TheRegistrar").get(), "password"));
assertThat(thrown)
.hasMessageThat()
.isEqualTo("Registrar IP address 127.0.0.1 is not in stored allow list");
} }
@Test @Test