Do not send SNI headers in the GCP proxy

The server no longer checks it as of []

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=213278568
This commit is contained in:
jianglai 2018-09-17 08:48:33 -07:00 committed by Ben McIlwain
parent 1d134cdd3f
commit 5be04f45b2
7 changed files with 0 additions and 22 deletions

View file

@ -150,7 +150,6 @@ public class EppProtocolModule {
config.epp.relayHost,
config.epp.relayPath,
accessTokenSupplier,
config.epp.serverHostname,
helloBytes,
metrics);
}

View file

@ -69,7 +69,6 @@ public class ProxyConfig {
public int maxMessageLengthBytes;
public int headerLengthBytes;
public int readTimeoutSeconds;
public String serverHostname;
public Quota quota;
}

View file

@ -96,10 +96,6 @@ epp:
# request.
readTimeoutSeconds: 3600
# Hostname of the EPP server.
# TODO(b/64510444) Remove this after nomulus no longer check sni header.
serverHostname: epp.yourdomain.tld
# Quota configuration for EPP
quota:

View file

@ -52,10 +52,6 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
/** Name of the HTTP header that stores the client certificate hash. */
public static final String SSL_CLIENT_CERTIFICATE_HASH_FIELD = "X-SSL-Certificate";
/** Name of the HTTP header that stores the epp server name requested by the client using SNI. */
// TODO(b/64510444): remove this header entirely when borg proxy is retired.
public static final String REQUESTED_SERVERNAME_VIA_SNI_FIELD = "X-Requested-Servername-SNI";
/** Name of the HTTP header that stores the client IP address. */
public static final String FORWARDED_FOR_FIELD = "X-Forwarded-For";
@ -64,7 +60,6 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
public static final String EPP_CONTENT_TYPE = "application/epp+xml";
private final String serverHostname;
private final byte[] helloBytes;
private String sslClientCertificateHash;
@ -74,11 +69,9 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
String relayHost,
String relayPath,
Supplier<String> accessTokenSupplier,
String serverHostname,
byte[] helloBytes,
FrontendMetrics metrics) {
super(relayHost, relayPath, accessTokenSupplier, metrics);
this.serverHostname = serverHostname;
this.helloBytes = helloBytes;
}
@ -135,7 +128,6 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
request
.headers()
.set(SSL_CLIENT_CERTIFICATE_HASH_FIELD, sslClientCertificateHash)
.set(REQUESTED_SERVERNAME_VIA_SNI_FIELD, serverHostname)
.set(FORWARDED_FOR_FIELD, clientAddress)
.set(HttpHeaderNames.CONTENT_TYPE, EPP_CONTENT_TYPE)
.set(HttpHeaderNames.ACCEPT, EPP_CONTENT_TYPE);

View file

@ -106,7 +106,6 @@ public class EppProtocolModuleTest extends ProtocolModuleTest {
PROXY_CONFIG.epp.relayPath,
TestModule.provideFakeAccessToken().get(),
getCertificateHash(certificate),
PROXY_CONFIG.epp.serverHostname,
CLIENT_ADDRESS,
cookies);
}

View file

@ -85,7 +85,6 @@ public class TestUtils {
String path,
String accessToken,
String sslClientCertificateHash,
String serverHostname,
String clientAddress,
Cookie... cookies) {
FullHttpRequest request = makeHttpPostRequest(content, host, path);
@ -95,7 +94,6 @@ public class TestUtils {
.set("content-type", "application/epp+xml")
.set("accept", "application/epp+xml")
.set("X-SSL-Certificate", sslClientCertificateHash)
.set("X-Requested-Servername-SNI", serverHostname)
.set("X-Forwarded-For", clientAddress);
if (cookies.length != 0) {
request.headers().set("cookie", ClientCookieEncoder.STRICT.encode(cookies));

View file

@ -62,7 +62,6 @@ public class EppServiceHandlerTest {
private static final String RELAY_HOST = "registry.example.tld";
private static final String RELAY_PATH = "/epp";
private static final String ACCESS_TOKEN = "this.access.token";
private static final String SERVER_HOSTNAME = "epp.example.tld";
private static final String CLIENT_ADDRESS = "epp.client.tld";
private static final String PROTOCOL = "epp";
@ -75,7 +74,6 @@ public class EppServiceHandlerTest {
RELAY_HOST,
RELAY_PATH,
() -> ACCESS_TOKEN,
SERVER_HOSTNAME,
HELLO.getBytes(UTF_8),
metrics);
@ -110,7 +108,6 @@ public class EppServiceHandlerTest {
RELAY_PATH,
ACCESS_TOKEN,
getCertificateHash(clientCertificate),
SERVER_HOSTNAME,
CLIENT_ADDRESS,
cookies);
}
@ -155,7 +152,6 @@ public class EppServiceHandlerTest {
RELAY_HOST,
RELAY_PATH,
() -> ACCESS_TOKEN,
SERVER_HOSTNAME,
HELLO.getBytes(UTF_8),
metrics);
EmbeddedChannel channel2 = setUpNewChannel(eppServiceHandler2);
@ -180,7 +176,6 @@ public class EppServiceHandlerTest {
RELAY_HOST,
RELAY_PATH,
() -> ACCESS_TOKEN,
SERVER_HOSTNAME,
HELLO.getBytes(UTF_8),
metrics);
EmbeddedChannel channel2 = setUpNewChannel(eppServiceHandler2);