Remove checking of SNI headers

This is only useful when we used the [] proxy because the GFE requires SNI during handshake in order to request the client certificate. The GCP proxy does not need this (it always requests the client certificate). We do not need to check for its existence.

Also removed the checking of internal headers for ssl cert hash used only by the [] proxy.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=213059027

javatests/google/registry/flows/EppLoginTlsTest.java

@@ -40,8 +40,8 @@ public class EppLoginTlsTest extends EppTestCase {
 
 
   void setClientCertificateHash(String clientCertificateHash) {
-    setTransportCredentials(new TlsCredentials(
-        clientCertificateHash, Optional.of("192.168.1.100:54321"), "test.example"));
+    setTransportCredentials(
+        new TlsCredentials(clientCertificateHash, Optional.of("192.168.1.100:54321")));
   }
 
   @Before

javatests/google/registry/flows/EppTlsActionTest.java

@@ -21,7 +21,6 @@ import static org.mockito.Matchers.eq;
 import static org.mockito.Matchers.same;
 import static org.mockito.Mockito.mock;
 import static org.mockito.Mockito.verify;
-import static org.mockito.Mockito.when;
 
 import google.registry.testing.FakeHttpSession;
 import google.registry.testing.ShardableTestCase;
@@ -41,7 +40,6 @@ public class EppTlsActionTest extends ShardableTestCase {
     EppTlsAction action = new EppTlsAction();
     action.inputXmlBytes = INPUT_XML_BYTES;
     action.tlsCredentials = mock(TlsCredentials.class);
-    when(action.tlsCredentials.hasSni()).thenReturn(true);
     action.session = new FakeHttpSession();
     action.session.setAttribute("CLIENT_ID", "ClientIdentifier");
     action.eppRequestHandler = mock(EppRequestHandler.class);

javatests/google/registry/flows/FlowRunnerTest.java

@@ -164,11 +164,10 @@ public class FlowRunnerTest extends ShardableTestCase {
 
   @Test
   public void testRun_loggingStatement_tlsCredentials() throws Exception {
-    flowRunner.credentials = new TlsCredentials("abc123def", Optional.of("127.0.0.1"), "sni");
+    flowRunner.credentials = new TlsCredentials("abc123def", Optional.of("127.0.0.1"));
     flowRunner.run(eppMetricBuilder);
     assertThat(Splitter.on("\n\t").split(findFirstLogMessageByPrefix(handler, "EPP Command\n\t")))
-        .contains(
-            "TlsCredentials{clientCertificateHash=abc123def, clientAddress=/127.0.0.1, sni=sni}");
+        .contains("TlsCredentials{clientCertificateHash=abc123def, clientAddress=/127.0.0.1}");
   }
 
   @Test

javatests/google/registry/flows/TlsCredentialsTest.java

@@ -46,21 +46,8 @@ public final class TlsCredentialsTest {
   }
 
   @Test
-  public void testProvideRequestedServername() {
-    HttpServletRequest req = mock(HttpServletRequest.class);
-    when(req.getHeader("X-Requested-Servername-SNI")).thenReturn("data");
-    assertThat(TlsCredentials.EppTlsModule.provideRequestedServername(req))
-        .isEqualTo("data");
-  }
+  public void testNothing1() {}
 
   @Test
-  public void testProvideRequestedServername_missing() {
-    HttpServletRequest req = mock(HttpServletRequest.class);
-    BadRequestException thrown =
-        assertThrows(
-            BadRequestException.class,
-            () -> TlsCredentials.EppTlsModule.provideRequestedServername(req));
-    assertThat(thrown).hasMessageThat().contains("Missing header: X-Requested-Servername-SNI");
-  }
-
+  public void testNothing2() {}
 }

javatests/google/registry/flows/session/LoginFlowViaTlsTest.java

@@ -22,7 +22,6 @@ import google.registry.flows.TlsCredentials;
 import google.registry.flows.TlsCredentials.BadRegistrarCertificateException;
 import google.registry.flows.TlsCredentials.BadRegistrarIpAddressException;
 import google.registry.flows.TlsCredentials.MissingRegistrarCertificateException;
-import google.registry.flows.TlsCredentials.NoSniException;
 import google.registry.model.registrar.Registrar;
 import google.registry.testing.CertificateSamples;
 import google.registry.util.CidrAddressBlock;
@@ -50,7 +49,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
   @Test
   public void testSuccess_withGoodCredentials() throws Exception {
     persistResource(getRegistrarBuilder().build());
-    credentials = new TlsCredentials(GOOD_CERT, GOOD_IP, "goo.example");
+    credentials = new TlsCredentials(GOOD_CERT, GOOD_IP);
     doSuccessfulTest("login_valid.xml");
   }
 
@@ -61,7 +60,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
             .setIpAddressWhitelist(ImmutableList.of(
                 CidrAddressBlock.create("2001:db8:0:0:0:0:1:1/32")))
             .build());
-    credentials = new TlsCredentials(GOOD_CERT, GOOD_IPV6, "goo.example");
+    credentials = new TlsCredentials(GOOD_CERT, GOOD_IPV6);
     doSuccessfulTest("login_valid.xml");
   }
 
@@ -72,7 +71,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
             .setIpAddressWhitelist(ImmutableList.of(
                 CidrAddressBlock.create("2001:db8:0:0:0:0:1:1/32")))
             .build());
-    credentials = new TlsCredentials(GOOD_CERT, GOOD_IPV6, "goo.example");
+    credentials = new TlsCredentials(GOOD_CERT, GOOD_IPV6);
     doSuccessfulTest("login_valid.xml");
   }
 
@@ -83,31 +82,24 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
             .setIpAddressWhitelist(ImmutableList.of(
                 CidrAddressBlock.create("192.168.1.255/24")))
             .build());
-    credentials = new TlsCredentials(GOOD_CERT, GOOD_IP, "goo.example");
+    credentials = new TlsCredentials(GOOD_CERT, GOOD_IP);
     doSuccessfulTest("login_valid.xml");
   }
 
   @Test
   public void testFailure_incorrectClientCertificateHash() {
     persistResource(getRegistrarBuilder().build());
-    credentials = new TlsCredentials(BAD_CERT, GOOD_IP, "goo.example");
+    credentials = new TlsCredentials(BAD_CERT, GOOD_IP);
     doFailingTest("login_valid.xml", BadRegistrarCertificateException.class);
   }
 
   @Test
   public void testFailure_missingClientCertificateHash() {
     persistResource(getRegistrarBuilder().build());
-    credentials = new TlsCredentials(null, GOOD_IP, "goo.example");
+    credentials = new TlsCredentials(null, GOOD_IP);
     doFailingTest("login_valid.xml", MissingRegistrarCertificateException.class);
   }
 
-  @Test
-  public void testFailure_noSniAndCertRequired() {
-    persistResource(getRegistrarBuilder().build());
-    credentials = new TlsCredentials(null, GOOD_IP, null);
-    doFailingTest("login_valid.xml", NoSniException.class);
-  }
-
   @Test
   public void testFailure_missingClientIpAddress() {
     persistResource(
@@ -116,7 +108,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
                 CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
                 CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
             .build());
-    credentials = new TlsCredentials(GOOD_CERT, Optional.empty(), "goo.example");
+    credentials = new TlsCredentials(GOOD_CERT, Optional.empty());
     doFailingTest("login_valid.xml", BadRegistrarIpAddressException.class);
   }
 
@@ -128,7 +120,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
                 CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
                 CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
             .build());
-    credentials = new TlsCredentials(GOOD_CERT, BAD_IP, "goo.example");
+    credentials = new TlsCredentials(GOOD_CERT, BAD_IP);
     doFailingTest("login_valid.xml", BadRegistrarIpAddressException.class);
   }
 
@@ -140,7 +132,7 @@ public class LoginFlowViaTlsTest extends LoginFlowTestCase {
                 CidrAddressBlock.create(InetAddresses.forString("192.168.1.1"), 32),
                 CidrAddressBlock.create(InetAddresses.forString("2001:db8::1"), 128)))
             .build());
-    credentials = new TlsCredentials(GOOD_CERT, BAD_IPV6, "goo.example");
+    credentials = new TlsCredentials(GOOD_CERT, BAD_IPV6);
     doFailingTest("login_valid.xml", BadRegistrarIpAddressException.class);
   }
 }