diff --git a/core/src/main/java/google/registry/request/RequestHandler.java b/core/src/main/java/google/registry/request/RequestHandler.java index 954f67598..6611c8295 100644 --- a/core/src/main/java/google/registry/request/RequestHandler.java +++ b/core/src/main/java/google/registry/request/RequestHandler.java @@ -166,6 +166,7 @@ public class RequestHandler { } catch (Exception e) { rsp.setStatus(SC_INTERNAL_SERVER_ERROR); rsp.getWriter().write("Internal server error, please try again later"); + logger.atSevere().withCause(e).log("Encountered internal server error"); } finally { requestMetrics.record( new Duration(startTime, clock.nowUtc()), diff --git a/core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java b/core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java index 7cd251576..11ed0647f 100644 --- a/core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java +++ b/core/src/main/java/google/registry/ui/server/console/settings/SecurityAction.java @@ -17,7 +17,6 @@ package google.registry.ui.server.console.settings; import static google.registry.persistence.transaction.TransactionManagerFactory.tm; import static google.registry.request.Action.Method.POST; -import avro.shaded.com.google.common.collect.ImmutableList; import com.google.api.client.http.HttpStatusCodes; import com.google.gson.Gson; import google.registry.flows.certs.CertificateChecker; @@ -103,42 +102,31 @@ public class SecurityAction implements JsonGetAction { .asBuilder() .setIpAddressAllowList(registrarParameter.getIpAddressAllowList()); - boolean hasInvalidCerts = - ImmutableList.of( - registrarParameter.getClientCertificate(), - registrarParameter.getFailoverClientCertificate()) - .stream() - .filter(Optional::isPresent) - .map(Optional::get) - .anyMatch( - cert -> { - try { - certificateChecker.validateCertificate(cert); - return false; - } catch (InsecureCertificateException e) { - return true; - } - }); - - if (hasInvalidCerts) { + try { + if (!savedRegistrar + .getClientCertificate() + .equals(registrarParameter.getClientCertificate())) { + if (registrarParameter.getClientCertificate().isPresent()) { + String newClientCert = registrarParameter.getClientCertificate().get(); + certificateChecker.validateCertificate(newClientCert); + updatedRegistrar.setClientCertificate(newClientCert, tm().getTransactionTime()); + } + } + if (!savedRegistrar + .getFailoverClientCertificate() + .equals(registrarParameter.getFailoverClientCertificate())) { + if (registrarParameter.getFailoverClientCertificate().isPresent()) { + String newFailoverCert = registrarParameter.getFailoverClientCertificate().get(); + certificateChecker.validateCertificate(newFailoverCert); + updatedRegistrar.setFailoverClientCertificate(newFailoverCert, tm().getTransactionTime()); + } + } + } catch (InsecureCertificateException e) { response.setStatus(HttpStatusCodes.STATUS_CODE_BAD_REQUEST); - response.setPayload("Insecure Certificate in parameter"); + response.setPayload("Invalid certificate in parameter"); return; } - registrarParameter - .getClientCertificate() - .ifPresent( - newClientCert -> - updatedRegistrar.setClientCertificate(newClientCert, tm().getTransactionTime())); - - registrarParameter - .getFailoverClientCertificate() - .ifPresent( - failoverCert -> - updatedRegistrar.setFailoverClientCertificate( - failoverCert, tm().getTransactionTime())); - tm().put(updatedRegistrar.build()); response.setStatus(HttpStatusCodes.STATUS_CODE_OK); }