Add web WHOIS redirect support

Opened two ports (30010 and 30011 by default) that handles HTTP(S) GET requests. the HTTP request is redirected to the corresponding HTTPS site, whereas the HTTPS request is redirected to a site that supports web WHOIS. The GCLB currently exposes port 80, but not port 443 on its TCP proxy load balancer (see https://cloud.google.com/load-balancing/docs/choosing-load-balancer). As a result, the HTTP traffic has to be routed by the HTTP load balancer, which requires a separate HTTP health check (as opposed to the TCP health check that the TCP proxy LB uses). This CL also added support for HTTP health check. There is not a strong case for adding an end-to-end test for WebWhoisProtocolsModule (like those for EppProtocolModule, etc) as it just assembles standard HTTP codecs used for an HTTP server, plus the WebWhoisRedirectHandler, which is tested. The end-to-end test would just be testing if the Netty provided HTTP handlers correctly parse raw HTTP messages. Sever other small improvement is also included: [1] Use setInt other than set when setting content length in HTTP headers. I don't think it is necessary, but it is nevertheless a better practice to use a more specialized setter. [2] Do not write metrics when running locally. [3] Rename the qualifier @EppCertificates to @ServerSertificate as it now provides the certificate used in HTTPS traffic as well. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=206944843
2025-07-20 09:46:03 +02:00 · 2018-08-01 09:57:25 -07:00 · 2018-08-01 09:57:25 -07:00 · 4a5b317016
commit 4a5b317016
parent f614044681
18 changed files with 686 additions and 97 deletions
--- a/javatests/google/registry/proxy/handler/SslServerInitializerTest.java
+++ b/javatests/google/registry/proxy/handler/SslServerInitializerTest.java
@ -87,6 +87,7 @@ public class SslServerInitializerTest {
          .build();

  private ChannelInitializer<LocalChannel> getServerInitializer(
+      boolean requireClientCert,
      Lock serverLock,
      Exception serverException,
      PrivateKey privateKey,
@ -97,12 +98,22 @@ public class SslServerInitializerTest {
      protected void initChannel(LocalChannel ch) throws Exception {
        ch.pipeline()
            .addLast(
-                new SslServerInitializer<LocalChannel>(SslProvider.JDK, privateKey, certificates),
+                new SslServerInitializer<LocalChannel>(
+                    requireClientCert, SslProvider.JDK, privateKey, certificates),
                new EchoHandler(serverLock, serverException));
      }
    };
  }

+  private ChannelInitializer<LocalChannel> getServerInitializer(
+      Lock serverLock,
+      Exception serverException,
+      PrivateKey privateKey,
+      X509Certificate... certificates)
+      throws Exception {
+    return getServerInitializer(true, serverLock, serverException, privateKey, certificates);
+  }
+
  private ChannelInitializer<LocalChannel> getClientInitializer(
      X509Certificate trustedCertificate,
      PrivateKey privateKey,
@ -137,7 +148,7 @@ public class SslServerInitializerTest {
  public void testSuccess_swappedInitializerWithSslHandler() throws Exception {
    SelfSignedCertificate ssc = new SelfSignedCertificate(SSL_HOST);
    SslServerInitializer<EmbeddedChannel> sslServerInitializer =
-        new SslServerInitializer<>(SslProvider.JDK, ssc.key(), ssc.cert());
+        new SslServerInitializer<>(true, SslProvider.JDK, ssc.key(), ssc.cert());
    EmbeddedChannel channel = new EmbeddedChannel();
    ChannelPipeline pipeline = channel.pipeline();
    pipeline.addLast(sslServerInitializer);
@ -187,6 +198,39 @@ public class SslServerInitializerTest {
    Future<?> unusedFuture = eventLoopGroup.shutdownGracefully().syncUninterruptibly();
  }

+  @Test
+  public void testSuccess_doesNotRequireClientCert() throws Exception {
+    SelfSignedCertificate serverSsc = new SelfSignedCertificate(SSL_HOST);
+    LocalAddress localAddress = new LocalAddress("DOES_NOT_REQUIRE_CLIENT_CERT");
+    Lock clientLock = new ReentrantLock();
+    Lock serverLock = new ReentrantLock();
+    ByteBuf buffer = Unpooled.buffer();
+    Exception clientException = new Exception();
+    Exception serverException = new Exception();
+    EventLoopGroup eventLoopGroup =
+        setUpServer(
+            getServerInitializer(
+                false, serverLock, serverException, serverSsc.key(), serverSsc.cert()),
+            localAddress);
+    Channel channel =
+        setUpClient(
+            eventLoopGroup,
+            getClientInitializer(serverSsc.cert(), null, null, clientLock, buffer, clientException),
+            localAddress,
+            PROTOCOL);
+
+    SSLSession sslSession =
+        verifySslChannel(
+            channel, ImmutableList.of(serverSsc.cert()), clientLock, serverLock, buffer, SSL_HOST);
+    // Verify that the SSL session does not contain any client cert. Note that this SslSession is
+    // for the client channel, therefore its local certificates are the remote certificates of the
+    // SslSession for the server channel, and vice versa.
+    assertThat(sslSession.getLocalCertificates()).isNull();
+    assertThat(sslSession.getPeerCertificates()).asList().containsExactly(serverSsc.cert());
+
+    Future<?> unusedFuture = eventLoopGroup.shutdownGracefully().syncUninterruptibly();
+  }
+
  @Test
  public void testSuccess_CertSignedByOtherCA() throws Exception {
    // The self-signed cert of the CA.