zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-21 11:49:37 +02:00
Code Issues Projects Releases Packages Wiki Activity

Refine tests in GCP proxy

Browse source 
Previously the ssl initializer tests always uses JDK, which is not really testing what happens in production when we take advantage of the OpenSSL provider. Now the tests will run with all providers that are available (through JUnit parameterization). Some bugs that may cause flakiness are fixed in the process.

Change how SNI is verified in tests. It turns out that the old method (only verifying the SSL parameters in the SSL engine) does not actually ensure that the SNI address is sent to the peer, but only that the SSL engine is configured to send it (this value exists even before a handshake is performed). Also there's likely a bug in Netty's SSL engine that does not set this parameter when created with a peer host.

Lastly HTTP test utils are changed so that they do not use pre-defined constants for header names and values. We want the test to confirm that these constants are what we expect they are. Using string literals makes these tests also more explicit.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=207930282
This commit is contained in:
jianglai 2018-08-08 12:44:36 -07:00
parent d80f431e21
commit 9eec70729f
8 changed files with 120 additions and 136 deletions
Download patch file Download diff file Expand all files Collapse all files

7
java/google/registry/proxy/handler/HttpsRelayServiceHandler.java
View file

@ -39,6 +39,7 @@ import java.util.LinkedHashMap;
import java.util.List;
import java.util.Map;
import java.util.function.Supplier;
import javax.net.ssl.SSLHandshakeException;
/**
* Handler that relays a single (framed) ByteBuf message to an HTTPS server.
@ -168,7 +169,11 @@ abstract class HttpsRelayServiceHandler extends ByteToMessageCodec<FullHttpRespo
// IllegalArgumentException is thrown by the checkArgument in the #encode command, it just means
// that GAE returns a non-200 response and the connection should be killed. The request is still
// processed by GAE, so this is not an unexpected behavior.
if (cause instanceof ReadTimeoutException || cause instanceof IllegalArgumentException) {
// SslHandshakeException is caused by the client not able to complete the handshake, we should
// not log it at error as we do not control client behavior.
if (cause instanceof ReadTimeoutException
|| cause instanceof IllegalArgumentException
|| cause instanceof SSLHandshakeException) {
logger.atWarning().withCause(cause).log(
"Inbound exception caught for channel %s", ctx.channel());
} else {