zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-08-15 22:14:12 +02:00
Code Issues Projects Releases Packages Wiki Activity

Do not send SNI headers in the GCP proxy

Browse source 
The server no longer checks it as of []

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=213278568
This commit is contained in:
jianglai 2018-09-17 08:48:33 -07:00 committed by Ben McIlwain
parent 1d134cdd3f
commit 5be04f45b2
7 changed files with 0 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

1
proxy/java/google/registry/proxy/EppProtocolModule.java
View file

@ -150,7 +150,6 @@ public class EppProtocolModule {
config.epp.relayHost, config.epp.relayHost,
config.epp.relayPath, config.epp.relayPath,
accessTokenSupplier, accessTokenSupplier,
config.epp.serverHostname,
helloBytes, helloBytes,
metrics); metrics);
} }

1
proxy/java/google/registry/proxy/ProxyConfig.java
View file

@ -69,7 +69,6 @@ public class ProxyConfig {
public int maxMessageLengthBytes; public int maxMessageLengthBytes;
public int headerLengthBytes; public int headerLengthBytes;
public int readTimeoutSeconds; public int readTimeoutSeconds;
public String serverHostname;
public Quota quota; public Quota quota;
} }

4
proxy/java/google/registry/proxy/config/default-config.yaml
View file

@ -96,10 +96,6 @@ epp:
# request. # request.
readTimeoutSeconds: 3600 readTimeoutSeconds: 3600
# Hostname of the EPP server.
# TODO(b/64510444) Remove this after nomulus no longer check sni header.
serverHostname: epp.yourdomain.tld
# Quota configuration for EPP # Quota configuration for EPP
quota: quota:

8
proxy/java/google/registry/proxy/handler/EppServiceHandler.java
View file

@ -52,10 +52,6 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
/** Name of the HTTP header that stores the client certificate hash. */ /** Name of the HTTP header that stores the client certificate hash. */
public static final String SSL_CLIENT_CERTIFICATE_HASH_FIELD = "X-SSL-Certificate"; public static final String SSL_CLIENT_CERTIFICATE_HASH_FIELD = "X-SSL-Certificate";
/** Name of the HTTP header that stores the epp server name requested by the client using SNI. */
// TODO(b/64510444): remove this header entirely when borg proxy is retired.
public static final String REQUESTED_SERVERNAME_VIA_SNI_FIELD = "X-Requested-Servername-SNI";
/** Name of the HTTP header that stores the client IP address. */ /** Name of the HTTP header that stores the client IP address. */
public static final String FORWARDED_FOR_FIELD = "X-Forwarded-For"; public static final String FORWARDED_FOR_FIELD = "X-Forwarded-For";
@ -64,7 +60,6 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
public static final String EPP_CONTENT_TYPE = "application/epp+xml"; public static final String EPP_CONTENT_TYPE = "application/epp+xml";
private final String serverHostname;
private final byte[] helloBytes; private final byte[] helloBytes;
private String sslClientCertificateHash; private String sslClientCertificateHash;
@ -74,11 +69,9 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
String relayHost, String relayHost,
String relayPath, String relayPath,
Supplier<String> accessTokenSupplier, Supplier<String> accessTokenSupplier,
String serverHostname,
byte[] helloBytes, byte[] helloBytes,
FrontendMetrics metrics) { FrontendMetrics metrics) {
super(relayHost, relayPath, accessTokenSupplier, metrics); super(relayHost, relayPath, accessTokenSupplier, metrics);
this.serverHostname = serverHostname;
this.helloBytes = helloBytes; this.helloBytes = helloBytes;
} }
@ -135,7 +128,6 @@ public class EppServiceHandler extends HttpsRelayServiceHandler {
request request
.headers() .headers()
.set(SSL_CLIENT_CERTIFICATE_HASH_FIELD, sslClientCertificateHash) .set(SSL_CLIENT_CERTIFICATE_HASH_FIELD, sslClientCertificateHash)
.set(REQUESTED_SERVERNAME_VIA_SNI_FIELD, serverHostname)
.set(FORWARDED_FOR_FIELD, clientAddress) .set(FORWARDED_FOR_FIELD, clientAddress)
.set(HttpHeaderNames.CONTENT_TYPE, EPP_CONTENT_TYPE) .set(HttpHeaderNames.CONTENT_TYPE, EPP_CONTENT_TYPE)
.set(HttpHeaderNames.ACCEPT, EPP_CONTENT_TYPE); .set(HttpHeaderNames.ACCEPT, EPP_CONTENT_TYPE);

1
proxy/javatests/google/registry/proxy/EppProtocolModuleTest.java
View file

@ -106,7 +106,6 @@ public class EppProtocolModuleTest extends ProtocolModuleTest {
PROXY_CONFIG.epp.relayPath, PROXY_CONFIG.epp.relayPath,
TestModule.provideFakeAccessToken().get(), TestModule.provideFakeAccessToken().get(),
getCertificateHash(certificate), getCertificateHash(certificate),
PROXY_CONFIG.epp.serverHostname,
CLIENT_ADDRESS, CLIENT_ADDRESS,
cookies); cookies);
} }

2
proxy/javatests/google/registry/proxy/TestUtils.java
View file

@ -85,7 +85,6 @@ public class TestUtils {
String path, String path,
String accessToken, String accessToken,
String sslClientCertificateHash, String sslClientCertificateHash,
String serverHostname,
String clientAddress, String clientAddress,
Cookie... cookies) { Cookie... cookies) {
FullHttpRequest request = makeHttpPostRequest(content, host, path); FullHttpRequest request = makeHttpPostRequest(content, host, path);
@ -95,7 +94,6 @@ public class TestUtils {
.set("content-type", "application/epp+xml") .set("content-type", "application/epp+xml")
.set("accept", "application/epp+xml") .set("accept", "application/epp+xml")
.set("X-SSL-Certificate", sslClientCertificateHash) .set("X-SSL-Certificate", sslClientCertificateHash)
.set("X-Requested-Servername-SNI", serverHostname)
.set("X-Forwarded-For", clientAddress); .set("X-Forwarded-For", clientAddress);
if (cookies.length != 0) { if (cookies.length != 0) {
request.headers().set("cookie", ClientCookieEncoder.STRICT.encode(cookies)); request.headers().set("cookie", ClientCookieEncoder.STRICT.encode(cookies));

5
proxy/javatests/google/registry/proxy/handler/EppServiceHandlerTest.java
View file

@ -62,7 +62,6 @@ public class EppServiceHandlerTest {
private static final String RELAY_HOST = "registry.example.tld"; private static final String RELAY_HOST = "registry.example.tld";
private static final String RELAY_PATH = "/epp"; private static final String RELAY_PATH = "/epp";
private static final String ACCESS_TOKEN = "this.access.token"; private static final String ACCESS_TOKEN = "this.access.token";
private static final String SERVER_HOSTNAME = "epp.example.tld";
private static final String CLIENT_ADDRESS = "epp.client.tld"; private static final String CLIENT_ADDRESS = "epp.client.tld";
private static final String PROTOCOL = "epp"; private static final String PROTOCOL = "epp";
@ -75,7 +74,6 @@ public class EppServiceHandlerTest {
RELAY_HOST, RELAY_HOST,
RELAY_PATH, RELAY_PATH,
() -> ACCESS_TOKEN, () -> ACCESS_TOKEN,
SERVER_HOSTNAME,
HELLO.getBytes(UTF_8), HELLO.getBytes(UTF_8),
metrics); metrics);
@ -110,7 +108,6 @@ public class EppServiceHandlerTest {
RELAY_PATH, RELAY_PATH,
ACCESS_TOKEN, ACCESS_TOKEN,
getCertificateHash(clientCertificate), getCertificateHash(clientCertificate),
SERVER_HOSTNAME,
CLIENT_ADDRESS, CLIENT_ADDRESS,
cookies); cookies);
} }
@ -155,7 +152,6 @@ public class EppServiceHandlerTest {
RELAY_HOST, RELAY_HOST,
RELAY_PATH, RELAY_PATH,
() -> ACCESS_TOKEN, () -> ACCESS_TOKEN,
SERVER_HOSTNAME,
HELLO.getBytes(UTF_8), HELLO.getBytes(UTF_8),
metrics); metrics);
EmbeddedChannel channel2 = setUpNewChannel(eppServiceHandler2); EmbeddedChannel channel2 = setUpNewChannel(eppServiceHandler2);
@ -180,7 +176,6 @@ public class EppServiceHandlerTest {
RELAY_HOST, RELAY_HOST,
RELAY_PATH, RELAY_PATH,
() -> ACCESS_TOKEN, () -> ACCESS_TOKEN,
SERVER_HOSTNAME,
HELLO.getBytes(UTF_8), HELLO.getBytes(UTF_8),
metrics); metrics);
EmbeddedChannel channel2 = setUpNewChannel(eppServiceHandler2); EmbeddedChannel channel2 = setUpNewChannel(eppServiceHandler2);