mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2026-04-24 02:00:50 +00:00
Code Issues Releases Wiki Activity

Remove WHOIS classes and configuration (#2859)

Browse Source 
This is steps one and two of b/454947209

We already haven't been serving WHOIS for a while, so there's no point
in keeping the old code around. This can simplify some code paths in the
future (like, certain foreign-key-loads that are only used in WHOIS
queries).
This commit is contained in:
gbrodman
2025-10-27 14:57:25 -04:00
committed by GitHub
parent 19e03dbd2e
commit 6cd351ec7c
105 changed files with 19 additions and 8623 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
proxy/src/main/java/google/registry/proxy/HttpsRelayProtocolModule.java
View File

@@ -39,7 +39,7 @@ import javax.annotation.Nullable;
*
* <p>Only a builder is provided because the client protocol itself depends on the remote host
* address, which is provided in the server protocol module that relays to this client protocol
* module, e.g., {@link WhoisProtocolModule}.
* module, e.g., {@link EppProtocolModule}.
*
* <p>The protocol can be configured without TLS. In this case, the remote host has to be
* "localhost". Plan HTTP is only expected to be used when communication with Nomulus is via local

19
proxy/src/main/java/google/registry/proxy/ProxyConfig.java
View File

@@ -47,9 +47,7 @@ public class ProxyConfig {
public Gcs gcs;
public Kms kms;
public Epp epp;
public Whois whois;
public HealthCheck healthCheck;
public WebWhois webWhois;
public HttpsRelay httpsRelay;
public Metrics metrics;
@@ -77,16 +75,6 @@ public class ProxyConfig {
public Quota quota;
}
/** Configuration options that apply to WHOIS protocol. */
public static class Whois {
public int port;
public String relayHost;
public String relayPath;
public int maxMessageLengthBytes;
public int readTimeoutSeconds;
public Quota quota;
}
/** Configuration options that apply to GCP load balancer health check protocol. */
public static class HealthCheck {
public int port;
@@ -94,13 +82,6 @@ public class ProxyConfig {
public String checkResponse;
}
/** Configuration options that apply to web WHOIS redirects. */
public static class WebWhois {
public int httpPort;
public int httpsPort;
public String redirectHost;
}
/** Configuration options that apply to HTTPS relay protocol. */
public static class HttpsRelay {
public int port;

34
proxy/src/main/java/google/registry/proxy/ProxyModule.java
View File

@@ -40,9 +40,6 @@ import google.registry.proxy.HealthCheckProtocolModule.HealthCheckProtocol;
import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol;
import google.registry.proxy.Protocol.FrontendProtocol;
import google.registry.proxy.ProxyConfig.Environment;
import google.registry.proxy.WebWhoisProtocolsModule.HttpWhoisProtocol;
import google.registry.proxy.WebWhoisProtocolsModule.HttpsWhoisProtocol;
import google.registry.proxy.WhoisProtocolModule.WhoisProtocol;
import google.registry.proxy.handler.ProxyProtocolHandler;
import google.registry.util.Clock;
import google.registry.util.GcpJsonFormatter;
@@ -79,25 +76,16 @@ import java.util.logging.Level;
@Module
public class ProxyModule {
@Parameter(names = "--whois", description = "Port for WHOIS")
private Integer whoisPort;
@Parameter(names = "--epp", description = "Port for EPP")
private Integer eppPort;
@Parameter(names = "--health_check", description = "Port for health check")
private Integer healthCheckPort;
@Parameter(names = "--http_whois", description = "Port for HTTP WHOIS")
private Integer httpWhoisPort;
@Parameter(names = "--https_whois", description = "Port for HTTPS WHOIS")
private Integer httpsWhoisPort;
@Parameter(
names = "--local",
description =
"Whether EPP/WHOIS traffic should be forwarded to localhost using HTTP on port defined in"
"Whether EPP traffic should be forwarded to localhost using HTTP on port defined in"
+ " httpsRelay.localPort")
private boolean local = false;
@@ -184,12 +172,6 @@ public class ProxyModule {
return local;
}
@Provides
@WhoisProtocol
int provideWhoisPort(ProxyConfig config) {
return Optional.ofNullable(whoisPort).orElse(config.whois.port);
}
@Provides
@EppProtocol
int provideEppPort(ProxyConfig config) {
@@ -202,18 +184,6 @@ public class ProxyModule {
return Optional.ofNullable(healthCheckPort).orElse(config.healthCheck.port);
}
@Provides
@HttpWhoisProtocol
int provideHttpWhoisProtocol(ProxyConfig config) {
return Optional.ofNullable(httpWhoisPort).orElse(config.webWhois.httpPort);
}
@Provides
@HttpsWhoisProtocol
int provideHttpsWhoisProtocol(ProxyConfig config) {
return Optional.ofNullable(httpsWhoisPort).orElse(config.webWhois.httpsPort);
}
@Provides
Environment provideEnvironment() {
return env;
@@ -423,8 +393,6 @@ public class ProxyModule {
ProxyModule.class,
CertificateSupplierModule.class,
HttpsRelayProtocolModule.class,
WhoisProtocolModule.class,
WebWhoisProtocolsModule.class,
EppProtocolModule.class,
HealthCheckProtocolModule.class,
MetricsModule.class

3
proxy/src/main/java/google/registry/proxy/ProxyServer.java
View File

@@ -93,8 +93,7 @@ public class ProxyServer implements Runnable {
addHandlers(inboundChannel.pipeline(), inboundProtocol.handlerProviders());
if (!inboundProtocol.hasBackend()) {
// If the frontend has no backend to relay to (health check, web WHOIS redirect, etc), start
// reading immediately.
// If the frontend has no backend to relay to (e.g. health check) start reading immediately.
inboundChannel.config().setAutoRead(true);
} else {
logger.atInfo().log(

140
proxy/src/main/java/google/registry/proxy/WebWhoisProtocolsModule.java
View File

@@ -1,140 +0,0 @@
// Copyright 2018 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.proxy;
import com.google.common.collect.ImmutableList;
import dagger.Module;
import dagger.Provides;
import dagger.multibindings.IntoSet;
import google.registry.networking.handler.SslServerInitializer;
import google.registry.proxy.Protocol.FrontendProtocol;
import google.registry.proxy.handler.WebWhoisRedirectHandler;
import io.netty.channel.ChannelHandler;
import io.netty.channel.socket.nio.NioSocketChannel;
import io.netty.handler.codec.http.HttpServerCodec;
import io.netty.handler.codec.http.HttpServerExpectContinueHandler;
import io.netty.handler.ssl.SslProvider;
import jakarta.inject.Provider;
import jakarta.inject.Qualifier;
import jakarta.inject.Singleton;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.function.Supplier;
/** A module that provides the {@link FrontendProtocol}s to redirect HTTP(S) web WHOIS requests. */
@Module
public final class WebWhoisProtocolsModule {
private WebWhoisProtocolsModule() {}
/** Dagger qualifier to provide HTTP whois protocol related handlers and other bindings. */
@Qualifier
@interface HttpWhoisProtocol {}
/** Dagger qualifier to provide HTTPS whois protocol related handlers and other bindings. */
@Qualifier
@interface HttpsWhoisProtocol {}
private static final String HTTP_PROTOCOL_NAME = "whois_http";
private static final String HTTPS_PROTOCOL_NAME = "whois_https";
@Singleton
@Provides
@IntoSet
static FrontendProtocol provideHttpWhoisProtocol(
@HttpWhoisProtocol int httpWhoisPort,
@HttpWhoisProtocol ImmutableList<Provider<? extends ChannelHandler>> handlerProviders) {
return Protocol.frontendBuilder()
.name(HTTP_PROTOCOL_NAME)
.port(httpWhoisPort)
.hasBackend(false)
.handlerProviders(handlerProviders)
.build();
}
@Singleton
@Provides
@IntoSet
static FrontendProtocol provideHttpsWhoisProtocol(
@HttpsWhoisProtocol int httpsWhoisPort,
@HttpsWhoisProtocol ImmutableList<Provider<? extends ChannelHandler>> handlerProviders) {
return Protocol.frontendBuilder()
.name(HTTPS_PROTOCOL_NAME)
.port(httpsWhoisPort)
.hasBackend(false)
.handlerProviders(handlerProviders)
.build();
}
@Provides
@HttpWhoisProtocol
static ImmutableList<Provider<? extends ChannelHandler>> providerHttpWhoisHandlerProviders(
Provider<HttpServerCodec> httpServerCodecProvider,
Provider<HttpServerExpectContinueHandler> httpServerExpectContinueHandlerProvider,
@HttpWhoisProtocol Provider<WebWhoisRedirectHandler> webWhoisRedirectHandlerProvides) {
return ImmutableList.of(
httpServerCodecProvider,
httpServerExpectContinueHandlerProvider,
webWhoisRedirectHandlerProvides);
}
@Provides
@HttpsWhoisProtocol
static ImmutableList<Provider<? extends ChannelHandler>> providerHttpsWhoisHandlerProviders(
@HttpsWhoisProtocol
Provider<SslServerInitializer<NioSocketChannel>> sslServerInitializerProvider,
Provider<HttpServerCodec> httpServerCodecProvider,
Provider<HttpServerExpectContinueHandler> httpServerExpectContinueHandlerProvider,
@HttpsWhoisProtocol Provider<WebWhoisRedirectHandler> webWhoisRedirectHandlerProvides) {
return ImmutableList.of(
sslServerInitializerProvider,
httpServerCodecProvider,
httpServerExpectContinueHandlerProvider,
webWhoisRedirectHandlerProvides);
}
@Provides
static HttpServerCodec provideHttpServerCodec() {
return new HttpServerCodec();
}
@Provides
@HttpWhoisProtocol
static WebWhoisRedirectHandler provideHttpRedirectHandler(ProxyConfig config) {
return new WebWhoisRedirectHandler(false, config.webWhois.redirectHost);
}
@Provides
@HttpsWhoisProtocol
static WebWhoisRedirectHandler provideHttpsRedirectHandler(ProxyConfig config) {
return new WebWhoisRedirectHandler(true, config.webWhois.redirectHost);
}
@Provides
static HttpServerExpectContinueHandler provideHttpServerExpectContinueHandler() {
return new HttpServerExpectContinueHandler();
}
@Singleton
@Provides
@HttpsWhoisProtocol
static SslServerInitializer<NioSocketChannel> provideSslServerInitializer(
SslProvider sslProvider,
Supplier<PrivateKey> privateKeySupplier,
Supplier<ImmutableList<X509Certificate>> certificatesSupplier) {
return new SslServerInitializer<>(
false, false, sslProvider, privateKeySupplier, certificatesSupplier);
}
}

136
proxy/src/main/java/google/registry/proxy/WhoisProtocolModule.java
View File

@@ -1,136 +0,0 @@
// Copyright 2017 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.proxy;
import com.google.common.collect.ImmutableList;
import dagger.Module;
import dagger.Provides;
import dagger.multibindings.IntoSet;
import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol;
import google.registry.proxy.Protocol.BackendProtocol;
import google.registry.proxy.Protocol.FrontendProtocol;
import google.registry.proxy.handler.FrontendMetricsHandler;
import google.registry.proxy.handler.ProxyProtocolHandler;
import google.registry.proxy.handler.QuotaHandler.WhoisQuotaHandler;
import google.registry.proxy.handler.RelayHandler.FullHttpRequestRelayHandler;
import google.registry.proxy.handler.WhoisServiceHandler;
import google.registry.proxy.metric.FrontendMetrics;
import google.registry.proxy.quota.QuotaConfig;
import google.registry.proxy.quota.QuotaManager;
import google.registry.proxy.quota.TokenStore;
import google.registry.util.Clock;
import io.netty.channel.ChannelHandler;
import io.netty.handler.codec.LineBasedFrameDecoder;
import io.netty.handler.timeout.ReadTimeoutHandler;
import jakarta.inject.Named;
import jakarta.inject.Provider;
import jakarta.inject.Qualifier;
import jakarta.inject.Singleton;
import java.util.concurrent.ExecutorService;
import java.util.concurrent.ScheduledExecutorService;
import java.util.function.Supplier;
/** A module that provides the {@link FrontendProtocol} used for whois protocol. */
@Module
public final class WhoisProtocolModule {
private WhoisProtocolModule() {}
/** Dagger qualifier to provide whois protocol related handlers and other bindings. */
@Qualifier
public @interface WhoisProtocol {}
private static final String PROTOCOL_NAME = "whois";
@Singleton
@Provides
@IntoSet
static FrontendProtocol provideProtocol(
ProxyConfig config,
@WhoisProtocol int whoisPort,
@WhoisProtocol ImmutableList<Provider<? extends ChannelHandler>> handlerProviders,
@HttpsRelayProtocol BackendProtocol.Builder backendProtocolBuilder,
@HttpsRelayProtocol boolean localRelay) {
return Protocol.frontendBuilder()
.name(PROTOCOL_NAME)
.port(whoisPort)
.handlerProviders(handlerProviders)
.relayProtocol(
backendProtocolBuilder.host(localRelay ? "localhost" : config.whois.relayHost).build())
.build();
}
@Provides
@WhoisProtocol
static ImmutableList<Provider<? extends ChannelHandler>> provideHandlerProviders(
Provider<ProxyProtocolHandler> proxyProtocolHandlerProvider,
@WhoisProtocol Provider<ReadTimeoutHandler> readTimeoutHandlerProvider,
Provider<LineBasedFrameDecoder> lineBasedFrameDecoderProvider,
Provider<WhoisServiceHandler> whoisServiceHandlerProvider,
Provider<FrontendMetricsHandler> frontendMetricsHandlerProvider,
Provider<WhoisQuotaHandler> whoisQuotaHandlerProvider,
Provider<FullHttpRequestRelayHandler> relayHandlerProvider) {
return ImmutableList.of(
proxyProtocolHandlerProvider,
readTimeoutHandlerProvider,
lineBasedFrameDecoderProvider,
whoisServiceHandlerProvider,
frontendMetricsHandlerProvider,
whoisQuotaHandlerProvider,
relayHandlerProvider);
}
@Provides
static WhoisServiceHandler provideWhoisServiceHandler(
ProxyConfig config,
@Named("idToken") Supplier<String> idTokenSupplier,
@Named("canary") boolean canary,
FrontendMetrics metrics,
@HttpsRelayProtocol boolean localRelay) {
return new WhoisServiceHandler(
localRelay ? "localhost" : config.whois.relayHost,
config.whois.relayPath,
canary,
idTokenSupplier,
metrics);
}
@Provides
static LineBasedFrameDecoder provideLineBasedFrameDecoder(ProxyConfig config) {
return new LineBasedFrameDecoder(config.whois.maxMessageLengthBytes);
}
@Provides
@WhoisProtocol
static ReadTimeoutHandler provideReadTimeoutHandler(ProxyConfig config) {
return new ReadTimeoutHandler(config.whois.readTimeoutSeconds);
}
@Provides
@WhoisProtocol
static TokenStore provideTokenStore(
ProxyConfig config, ScheduledExecutorService refreshExecutor, Clock clock) {
return new TokenStore(
new QuotaConfig(config.whois.quota, PROTOCOL_NAME), refreshExecutor, clock);
}
@Provides
@Singleton
@WhoisProtocol
static QuotaManager provideQuotaManager(
@WhoisProtocol TokenStore tokenStore, ExecutorService executorService) {
return new QuotaManager(tokenStore, executorService);
}
}

56
proxy/src/main/java/google/registry/proxy/config/default-config.yaml
View File

@@ -118,54 +118,6 @@ epp:
# defaultQuota for list entries.
customQuota: []
whois:
port: 30001
relayHost: registry-project-id.appspot.com
relayPath: /_dr/whois
# Maximum input message length in bytes.
#
# Domain name cannot be longer than 256 characters. 512-character message
# length should be safe for most cases, including registrar queries.
#
# See also: RFC 1035 2.3.4 Size limits
# (http://www.freesoft.org/CIE/RFC/1035/9.htm).
maxMessageLengthBytes: 512
# Whois protocol is transient, the client should not establish a long-lasting
# idle connection.
readTimeoutSeconds: 60
# Quota configuration for WHOIS
quota:
# Token database refresh period. Set to 0 to disable refresh.
#
# After the set time period, inactive token buckets will be deleted.
refreshSeconds: 3600
# Default quota for any userId not matched in customQuota.
defaultQuota:
# List of identifiers, e.g. IP address, certificate hash.
#
# userId for defaultQuota should always be an empty list.
userId: []
# Number of tokens allotted to the matched user. Set to -1 to allow
# infinite quota.
tokenAmount: 100
# Token refill period. Set to 0 to disable refill.
#
# After the set time period, the token for the given user will be
# reset to tokenAmount.
refillSeconds: 600
# List of custom quotas for specific userId. Use the same schema as
# defaultQuota for list entries.
customQuota: []
healthCheck:
port: 30000
@@ -181,14 +133,6 @@ httpsRelay:
# Maximum size of an HTTP message in bytes.
maxMessageLengthBytes: 524288
webWhois:
httpPort: 30010
httpsPort: 30011
# The 302 redirect destination of HTTPS web WHOIS GET requests.
# HTTP web WHOIS GET requests will be 301 redirected to HTTPS first.
redirectHost: whois.yourdomain.tld
metrics:
# Max queries per second for the Google Cloud Monitoring V3 (aka Stackdriver)
# API. The limit can be adjusted by contacting Cloud Support.

1
proxy/src/main/java/google/registry/proxy/handler/BackendMetricsHandler.java
View File

@@ -104,7 +104,6 @@ public class BackendMetricsHandler extends ChannelDuplexHandler {
@Override
public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise) {
checkArgument(msg instanceof FullHttpRequest, "Outgoing request must be FullHttpRequest.");
// For WHOIS, client certificate hash is always set to "none".
// For EPP, the client hash attribute is set upon handshake completion, before the first HELLO
// is sent to the server. Therefore the first call to write() with HELLO payload has access to
// the hash in its channel attribute.

7
proxy/src/main/java/google/registry/proxy/handler/FrontendMetricsHandler.java
View File

@@ -52,18 +52,14 @@ public class FrontendMetricsHandler extends ChannelDuplexHandler {
*
* <p>This queue is used to calculate frontend request-response latency.
*
* <p>For the WHOIS protocol, the TCP connection closes after one request-response round trip and
* the request always comes first. The queue for WHOIS therefore only need to store one value.
*
* <p>For the EPP protocol, the specification allows for pipelining, in which a client can sent
* multiple requests without waiting for each responses. Therefore a queue is needed to record all
* multiple requests without waiting for each response. Therefore, a queue is needed to record all
* the requests that are sent but have not yet received a response.
*
* <p>A server must send its response in the same order it receives requests. This invariance
* guarantees that the request time at the head of the queue always corresponds to the response
* received in {@link #channelRead}.
*
* @see <a href="https://tools.ietf.org/html/rfc3912">RFC 3912 WHOIS Protocol Specification</a>
* @see <a href="https://tools.ietf.org/html/rfc5734#section-3">RFC 5734 Extensible Provisioning
* Protocol (EPP) Transport over TCP</a>
*/
@@ -97,7 +93,6 @@ public class FrontendMetricsHandler extends ChannelDuplexHandler {
// increase in size if more requests are received from the client, but that does not invalidate
// this check.
checkState(!requestReceivedTimeQueue.isEmpty(), "Response sent before request is received.");
// For WHOIS, client certificate hash is always set to "none".
// For EPP, the client hash attribute is set upon handshake completion, before the first HELLO
// is sent to the server. Therefore the first call to write() with HELLO payload has access to
// the hash in its channel attribute.

38
proxy/src/main/java/google/registry/proxy/handler/QuotaHandler.java
View File

@@ -17,10 +17,8 @@ package google.registry.proxy.handler;
import static com.google.common.base.Preconditions.checkNotNull;
import static google.registry.proxy.Protocol.PROTOCOL_KEY;
import static google.registry.proxy.handler.EppServiceHandler.CLIENT_CERTIFICATE_HASH_KEY;
import static google.registry.proxy.handler.ProxyProtocolHandler.REMOTE_ADDRESS_KEY;
import google.registry.proxy.EppProtocolModule.EppProtocol;
import google.registry.proxy.WhoisProtocolModule.WhoisProtocol;
import google.registry.proxy.metric.FrontendMetrics;
import google.registry.proxy.quota.QuotaManager;
import google.registry.proxy.quota.QuotaManager.QuotaRebate;
@@ -83,42 +81,6 @@ public abstract class QuotaHandler extends ChannelInboundHandlerAdapter {
}
}
/** Quota Handler for WHOIS protocol. */
public static class WhoisQuotaHandler extends QuotaHandler {
@Inject
WhoisQuotaHandler(@WhoisProtocol QuotaManager quotaManager, FrontendMetrics metrics) {
super(quotaManager, metrics);
}
/**
* Reads user ID from channel attribute {@code REMOTE_ADDRESS_KEY}.
*
* <p>This attribute is set by {@link ProxyProtocolHandler} when the first frame of message is
* read.
*/
@Override
String getUserId(ChannelHandlerContext ctx) {
return ctx.channel().attr(REMOTE_ADDRESS_KEY).get();
}
@Override
boolean isUserIdPii() {
return true;
}
/**
* Do nothing when connection terminates.
*
* <p>WHOIS protocol is configured with a QPS type quota, there is no need to return the tokens
* back to the quota store because the quota store will auto-refill tokens based on the QPS.
*/
@Override
public void channelInactive(ChannelHandlerContext ctx) {
ctx.fireChannelInactive();
}
}
/** Quota Handler for EPP protocol. */
public static class EppQuotaHandler extends QuotaHandler {

145
proxy/src/main/java/google/registry/proxy/handler/WebWhoisRedirectHandler.java
View File

@@ -1,145 +0,0 @@
// Copyright 2018 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.proxy.handler;
import static io.netty.handler.codec.http.HttpHeaderNames.CONNECTION;
import static io.netty.handler.codec.http.HttpHeaderNames.CONTENT_LENGTH;
import static io.netty.handler.codec.http.HttpHeaderNames.CONTENT_TYPE;
import static io.netty.handler.codec.http.HttpHeaderNames.HOST;
import static io.netty.handler.codec.http.HttpHeaderNames.LOCATION;
import static io.netty.handler.codec.http.HttpHeaderValues.KEEP_ALIVE;
import static io.netty.handler.codec.http.HttpHeaderValues.TEXT_PLAIN;
import static io.netty.handler.codec.http.HttpMethod.GET;
import static io.netty.handler.codec.http.HttpMethod.HEAD;
import static io.netty.handler.codec.http.HttpResponseStatus.BAD_REQUEST;
import static io.netty.handler.codec.http.HttpResponseStatus.FORBIDDEN;
import static io.netty.handler.codec.http.HttpResponseStatus.FOUND;
import static io.netty.handler.codec.http.HttpResponseStatus.METHOD_NOT_ALLOWED;
import static io.netty.handler.codec.http.HttpResponseStatus.MOVED_PERMANENTLY;
import static io.netty.handler.codec.http.HttpResponseStatus.OK;
import static io.netty.handler.codec.http.HttpVersion.HTTP_1_1;
import com.google.common.base.Splitter;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import com.google.common.flogger.FluentLogger;
import io.netty.channel.ChannelFuture;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.SimpleChannelInboundHandler;
import io.netty.handler.codec.http.DefaultFullHttpResponse;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpMethod;
import io.netty.handler.codec.http.HttpRequest;
import io.netty.handler.codec.http.HttpUtil;
import java.time.Duration;
/**
* Handler that redirects web WHOIS requests to a canonical website.
*
* <p>ICANN requires that port 43 and web-based WHOIS are both available on whois.nic.TLD. Since we
* expose a single IPv4/IPv6 anycast external IP address for the proxy, we need the load balancer to
* router port 80/443 traffic to the proxy to support web WHOIS.
*
* <p>HTTP (port 80) traffic is simply upgraded to HTTPS (port 443) on the same host, while HTTPS
* requests are redirected to the {@code redirectHost}, which is the canonical website that provide
* the web WHOIS service.
*
* @see <a
* href="https://newgtlds.icann.org/sites/default/files/agreements/agreement-approved-31jul17-en.html">
* REGISTRY AGREEMENT</a>
*/
public class WebWhoisRedirectHandler extends SimpleChannelInboundHandler<HttpRequest> {
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
/**
* HTTP health check sent by GCP HTTP load balancer is set to use this host name.
*
* <p>Status 200 must be returned in order for a health check to be considered successful.
*
* @see <a
* href="https://cloud.google.com/load-balancing/docs/health-check-concepts#http_https_and_http2_health_checks">
* HTTP, HTTPS, and HTTP/2 health checks</a>
*/
private static final String HEALTH_CHECK_HOST = "health-check.invalid";
private static final String HSTS_HEADER_NAME = "Strict-Transport-Security";
private static final Duration HSTS_MAX_AGE = Duration.ofDays(365);
private static final ImmutableList<HttpMethod> ALLOWED_METHODS = ImmutableList.of(GET, HEAD);
private final boolean isHttps;
private final String redirectHost;
public WebWhoisRedirectHandler(boolean isHttps, String redirectHost) {
this.isHttps = isHttps;
this.redirectHost = redirectHost;
}
@Override
protected void channelRead0(ChannelHandlerContext ctx, HttpRequest msg) {
FullHttpResponse response;
if (!ALLOWED_METHODS.contains(msg.method())) {
response = new DefaultFullHttpResponse(HTTP_1_1, METHOD_NOT_ALLOWED);
} else if (Strings.isNullOrEmpty(msg.headers().get(HOST))) {
response = new DefaultFullHttpResponse(HTTP_1_1, BAD_REQUEST);
} else {
// All HTTP/1.1 request must contain a Host header with the format "host:[port]".
// See https://tools.ietf.org/html/rfc2616#section-14.23
String host = Splitter.on(':').split(msg.headers().get(HOST)).iterator().next();
if (host.equals(HEALTH_CHECK_HOST)) {
// The health check request should always be sent to the HTTP port.
response =
isHttps
? new DefaultFullHttpResponse(HTTP_1_1, FORBIDDEN)
: new DefaultFullHttpResponse(HTTP_1_1, OK);
} else {
// HTTP -> HTTPS is a 301 redirect, whereas HTTPS -> web WHOIS site is 302 redirect.
response = new DefaultFullHttpResponse(HTTP_1_1, isHttps ? FOUND : MOVED_PERMANENTLY);
String redirectUrl = String.format("https://%s/", isHttps ? redirectHost : host);
response.headers().set(LOCATION, redirectUrl);
// Add HSTS header to HTTPS response.
if (isHttps) {
response
.headers()
.set(HSTS_HEADER_NAME, String.format("max-age=%d", HSTS_MAX_AGE.getSeconds()));
}
}
}
// Common headers that need to be set on any response.
response
.headers()
.set(CONTENT_TYPE, TEXT_PLAIN)
.setInt(CONTENT_LENGTH, response.content().readableBytes());
// Close the connection if keep-alive is not set in the request.
if (!HttpUtil.isKeepAlive(msg)) {
ChannelFuture unusedFuture =
ctx.writeAndFlush(response).addListener(ChannelFutureListener.CLOSE);
} else {
response.headers().set(CONNECTION, KEEP_ALIVE);
ChannelFuture unusedFuture = ctx.writeAndFlush(response);
}
}
@Override
public void exceptionCaught(ChannelHandlerContext ctx, Throwable cause) {
logger.atWarning().withCause(cause).log(
(isHttps ? "HTTPS" : "HTTP") + " WHOIS inbound exception caught for channel %s",
ctx.channel());
ChannelFuture unusedFuture = ctx.close();
}
}

83
proxy/src/main/java/google/registry/proxy/handler/WhoisServiceHandler.java
View File

@@ -1,83 +0,0 @@
// Copyright 2017 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.proxy.handler;
import static com.google.common.base.Preconditions.checkArgument;
import static google.registry.proxy.handler.ProxyProtocolHandler.REMOTE_ADDRESS_KEY;
import google.registry.proxy.metric.FrontendMetrics;
import google.registry.util.ProxyHttpHeaders;
import io.netty.buffer.ByteBuf;
import io.netty.channel.ChannelFutureListener;
import io.netty.channel.ChannelHandlerContext;
import io.netty.channel.ChannelPromise;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.HttpHeaderNames;
import io.netty.handler.codec.http.HttpHeaderValues;
import io.netty.handler.codec.http.HttpResponse;
import java.util.function.Supplier;
/** Handler that processes WHOIS protocol logic. */
public final class WhoisServiceHandler extends HttpsRelayServiceHandler {
private String clientAddress;
public WhoisServiceHandler(
String relayHost,
String relayPath,
boolean canary,
Supplier<String> idTokenSupplier,
FrontendMetrics metrics) {
super(relayHost, relayPath, canary, idTokenSupplier, metrics);
}
@Override
public void channelActive(ChannelHandlerContext ctx) throws Exception {
metrics.registerActiveConnection("whois", "none", ctx.channel());
super.channelActive(ctx);
}
@Override
public void channelRead(ChannelHandlerContext ctx, Object msg) throws Exception {
clientAddress = ctx.channel().attr(REMOTE_ADDRESS_KEY).get();
super.channelRead(ctx, msg);
}
@Override
protected FullHttpRequest decodeFullHttpRequest(ByteBuf byteBuf) {
FullHttpRequest request = super.decodeFullHttpRequest(byteBuf);
request
.headers()
.set(HttpHeaderNames.CONTENT_TYPE, HttpHeaderValues.TEXT_PLAIN)
.set(HttpHeaderNames.ACCEPT, HttpHeaderValues.TEXT_PLAIN);
if (clientAddress != null) {
request
.headers()
.set(ProxyHttpHeaders.IP_ADDRESS, clientAddress)
.set(ProxyHttpHeaders.FALLBACK_IP_ADDRESS, clientAddress);
}
return request;
}
@Override
public void write(ChannelHandlerContext ctx, Object msg, ChannelPromise promise)
throws Exception {
// Close connection after a response is received, per RFC-3912
// https://tools.ietf.org/html/rfc3912
checkArgument(msg instanceof HttpResponse);
promise.addListener(ChannelFutureListener.CLOSE);
super.write(ctx, msg, promise);
}
}

5
proxy/src/main/java/google/registry/proxy/metric/BaseMetrics.java
View File

@@ -27,9 +27,8 @@ public abstract class BaseMetrics {
/**
* Labels to register metrics with.
*
* <p>The client certificate hash value is only used for EPP metrics. For WHOIS metrics, it will
* always be {@code "none"}. In order to get the actual registrar name, one can use the {@code
* nomulus} tool:
* <p>The client certificate hash value is only used for EPP metrics. In order to get the actual
* registrar name, one can use the {@code nomulus} tool:
*
* <pre>
* nomulus -e production list_registrars -f clientCertificateHash | grep $HASH

18
proxy/src/test/java/google/registry/proxy/ProtocolModuleTest.java
View File

@@ -33,16 +33,12 @@ import google.registry.proxy.EppProtocolModule.EppProtocol;
import google.registry.proxy.HealthCheckProtocolModule.HealthCheckProtocol;
import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol;
import google.registry.proxy.ProxyConfig.Environment;
import google.registry.proxy.WebWhoisProtocolsModule.HttpWhoisProtocol;
import google.registry.proxy.WhoisProtocolModule.WhoisProtocol;
import google.registry.proxy.handler.BackendMetricsHandler;
import google.registry.proxy.handler.FrontendMetricsHandler;
import google.registry.proxy.handler.ProxyProtocolHandler;
import google.registry.proxy.handler.QuotaHandler.EppQuotaHandler;
import google.registry.proxy.handler.QuotaHandler.WhoisQuotaHandler;
import google.registry.proxy.handler.RelayHandler.FullHttpRequestRelayHandler;
import google.registry.proxy.handler.RelayHandler.FullHttpResponseRelayHandler;
import google.registry.proxy.handler.WebWhoisRedirectHandler;
import google.registry.testing.FakeClock;
import google.registry.util.Clock;
import io.netty.channel.Channel;
@@ -102,18 +98,12 @@ public abstract class ProtocolModuleTest {
// tested separately in their respective unit tests.
FullHttpRequestRelayHandler.class,
FullHttpResponseRelayHandler.class,
// This handler is tested in its own unit tests. It is installed in web whois redirect
// protocols. The end-to-end tests for the rest of the handlers in its pipeline need to
// be able to emit incoming requests out of the channel for assertions. Therefore, this
// handler is removed from the pipeline.
WebWhoisRedirectHandler.class,
// The rest are not part of business logic and do not need to be tested, obviously.
LoggingHandler.class,
// Metrics instrumentation is tested separately.
BackendMetricsHandler.class,
FrontendMetricsHandler.class,
// Quota management is tested separately.
WhoisQuotaHandler.class,
EppQuotaHandler.class,
ReadTimeoutHandler.class);
@@ -190,17 +180,12 @@ public abstract class ProtocolModuleTest {
modules = {
TestModule.class,
CertificateSupplierModule.class,
WhoisProtocolModule.class,
WebWhoisProtocolsModule.class,
EppProtocolModule.class,
HealthCheckProtocolModule.class,
HttpsRelayProtocolModule.class
})
interface TestComponent {
@WhoisProtocol
ImmutableList<Provider<? extends ChannelHandler>> whoisHandlers();
@EppProtocol
ImmutableList<Provider<? extends ChannelHandler>> eppHandlers();
@@ -209,9 +194,6 @@ public abstract class ProtocolModuleTest {
@HttpsRelayProtocol
ImmutableList<Provider<? extends ChannelHandler>> httpsRelayHandlers();
@HttpWhoisProtocol
ImmutableList<Provider<? extends ChannelHandler>> httpWhoisHandlers();
}
/**

26
proxy/src/test/java/google/registry/proxy/ProxyModuleTest.java
View File

@@ -33,14 +33,9 @@ class ProxyModuleTest {
void testSuccess_parseArgs_defaultArgs() {
String[] args = {};
proxyModule.parse(args);
assertThat(proxyModule.provideWhoisPort(PROXY_CONFIG)).isEqualTo(PROXY_CONFIG.whois.port);
assertThat(proxyModule.provideEppPort(PROXY_CONFIG)).isEqualTo(PROXY_CONFIG.epp.port);
assertThat(proxyModule.provideHealthCheckPort(PROXY_CONFIG))
.isEqualTo(PROXY_CONFIG.healthCheck.port);
assertThat(proxyModule.provideHttpWhoisProtocol(PROXY_CONFIG))
.isEqualTo(PROXY_CONFIG.webWhois.httpPort);
assertThat(proxyModule.provideHttpsWhoisProtocol(PROXY_CONFIG))
.isEqualTo(PROXY_CONFIG.webWhois.httpsPort);
assertThat(proxyModule.provideEnvironment()).isEqualTo(LOCAL);
assertThat(proxyModule.log).isFalse();
}
@@ -74,13 +69,6 @@ class ProxyModuleTest {
assertThat(proxyModule.log).isTrue();
}
@Test
void testSuccess_parseArgs_customWhoisPort() {
String[] args = {"--whois", "12345"};
proxyModule.parse(args);
assertThat(proxyModule.provideWhoisPort(PROXY_CONFIG)).isEqualTo(12345);
}
@Test
void testSuccess_parseArgs_customEppPort() {
String[] args = {"--epp", "22222"};
@@ -95,20 +83,6 @@ class ProxyModuleTest {
assertThat(proxyModule.provideHealthCheckPort(PROXY_CONFIG)).isEqualTo(23456);
}
@Test
void testSuccess_parseArgs_customhttpWhoisPort() {
String[] args = {"--http_whois", "12121"};
proxyModule.parse(args);
assertThat(proxyModule.provideHttpWhoisProtocol(PROXY_CONFIG)).isEqualTo(12121);
}
@Test
void testSuccess_parseArgs_customhttpsWhoisPort() {
String[] args = {"--https_whois", "21212"};
proxyModule.parse(args);
assertThat(proxyModule.provideHttpsWhoisProtocol(PROXY_CONFIG)).isEqualTo(21212);
}
@Test
void testSuccess_parseArgs_customEnvironment() {
String[] args = {"--env", "ALpHa"};

22
proxy/src/test/java/google/registry/proxy/TestUtils.java
View File

@@ -88,22 +88,6 @@ public final class TestUtils {
return response;
}
public static FullHttpRequest makeWhoisHttpRequest(
String content, String host, String path, boolean canary, String idToken) throws IOException {
FullHttpRequest request = makeHttpPostRequest(content, host, path, canary);
request
.headers()
.set("authorization", "Bearer " + idToken)
.set("content-type", "text/plain")
.set("accept", "text/plain");
return request;
}
public static FullHttpRequest makeWhoisHttpRequest(
String content, String host, String path, String idToken) throws IOException {
return makeWhoisHttpRequest(content, host, path, false, idToken);
}
public static FullHttpRequest makeEppHttpRequest(
String content,
String host,
@@ -142,12 +126,6 @@ public final class TestUtils {
content, host, path, false, idToken, sslClientCertificateHash, clientAddress, cookies);
}
public static FullHttpResponse makeWhoisHttpResponse(String content, HttpResponseStatus status) {
FullHttpResponse response = makeHttpResponse(content, status);
response.headers().set("content-type", "text/plain");
return response;
}
public static FullHttpResponse makeEppHttpResponse(
String content, HttpResponseStatus status, Cookie... cookies) {
FullHttpResponse response = makeHttpResponse(content, status);

106
proxy/src/test/java/google/registry/proxy/WebWhoisProtocolsModuleTest.java
View File

@@ -1,106 +0,0 @@
// Copyright 2018 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.proxy;
import static com.google.common.truth.Truth.assertThat;
import static google.registry.proxy.TestUtils.assertHttpRequestEquivalent;
import static google.registry.proxy.TestUtils.assertHttpResponseEquivalent;
import static google.registry.proxy.TestUtils.makeHttpGetRequest;
import static google.registry.proxy.TestUtils.makeHttpResponse;
import io.netty.buffer.ByteBuf;
import io.netty.channel.embedded.EmbeddedChannel;
import io.netty.handler.codec.http.DefaultHttpRequest;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpClientCodec;
import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.codec.http.HttpResponseStatus;
import org.junit.jupiter.api.Test;
/**
* End-to-end tests for {@link WebWhoisProtocolsModule}.
*
* <p>This protocol defines a connection in which the proxy behaves as a standard http server (sans
* the redirect operation which is excluded in end-to-end testing). Because non user-defined
* handlers are used, the tests here focus on verifying that the request written to the network
* socket by a client is reconstructed faithfully by the server, and vice versa, that the response a
* client decoded from incoming bytes is equivalent to the response sent by the server.
*
* <p>These tests only ensure that the server represented by this protocol is compatible with a
* client implementation provided by Netty itself. They test the self-consistency of various Netty
* handlers that deal with HTTP protocol, but not whether the handlers converts between bytes and
* HTTP messages correctly, which is presumed correct.
*
* <p>Only the HTTP redirect protocol is tested as both protocols share the same handlers except for
* those that are excluded ({@code SslServerInitializer}, {@code WebWhoisRedirectHandler}).
*/
class WebWhoisProtocolsModuleTest extends ProtocolModuleTest {
private static final String HOST = "test.tld";
private static final String PATH = "/path/to/test";
private final EmbeddedChannel clientChannel =
new EmbeddedChannel(new HttpClientCodec(), new HttpObjectAggregator(512 * 1024));
WebWhoisProtocolsModuleTest() {
super(TestComponent::httpWhoisHandlers);
}
/**
* Tests that the client converts given {@link FullHttpRequest} to bytes, which is sent to the
* server and reconstructed to a {@link FullHttpRequest} that is equivalent to the original. Then
* test that the server converts given {@link FullHttpResponse} to bytes, which is sent to the
* client and reconstructed to a {@link FullHttpResponse} that is equivalent to the original.
*
* <p>The request and response equivalences are tested in the same method because the client codec
* tries to pair the response it receives with the request it sends. Receiving a response without
* sending a request first will cause the {@link HttpObjectAggregator} to fail to aggregate
* properly.
*/
private void requestAndRespondWithStatus(HttpResponseStatus status) {
ByteBuf buffer;
FullHttpRequest requestSent = makeHttpGetRequest(HOST, PATH);
// Need to send a copy as the content read index will advance after the request is written to
// the outbound of client channel, making comparison with requestReceived fail.
assertThat(clientChannel.writeOutbound(requestSent.copy())).isTrue();
buffer = clientChannel.readOutbound();
assertThat(channel.writeInbound(buffer)).isTrue();
// We only have a DefaultHttpRequest, not a FullHttpRequest because there is no HTTP aggregator
// in the server's pipeline. But it is fine as we are not interested in the content (payload) of
// the request, just its headers, which are contained in the DefaultHttpRequest.
DefaultHttpRequest requestReceived = channel.readInbound();
// Verify that the request received is the same as the request sent.
assertHttpRequestEquivalent(requestSent, requestReceived);
FullHttpResponse responseSent = makeHttpResponse(status);
assertThat(channel.writeOutbound(responseSent.copy())).isTrue();
buffer = channel.readOutbound();
assertThat(clientChannel.writeInbound(buffer)).isTrue();
FullHttpResponse responseReceived = clientChannel.readInbound();
// Verify that the request received is the same as the request sent.
assertHttpResponseEquivalent(responseSent, responseReceived);
}
@Test
void testSuccess_OkResponse() {
requestAndRespondWithStatus(HttpResponseStatus.OK);
}
@Test
void testSuccess_NonOkResponse() {
requestAndRespondWithStatus(HttpResponseStatus.BAD_REQUEST);
}
}

161
proxy/src/test/java/google/registry/proxy/WhoisProtocolModuleTest.java
View File

@@ -1,161 +0,0 @@
// Copyright 2017 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.proxy;
import static com.google.common.truth.Truth.assertThat;
import static google.registry.proxy.TestUtils.makeWhoisHttpRequest;
import static google.registry.proxy.TestUtils.makeWhoisHttpResponse;
import static java.nio.charset.StandardCharsets.US_ASCII;
import static java.util.stream.Collectors.joining;
import static org.junit.jupiter.api.Assertions.assertThrows;
import com.google.common.base.Throwables;
import google.registry.proxy.handler.HttpsRelayServiceHandler.NonOkHttpResponseException;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.handler.codec.EncoderException;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpResponseStatus;
import java.nio.channels.ClosedChannelException;
import java.util.stream.Stream;
import org.junit.jupiter.api.Test;
/** End-to-end tests for {@link WhoisProtocolModule}. */
class WhoisProtocolModuleTest extends ProtocolModuleTest {
WhoisProtocolModuleTest() {
super(TestComponent::whoisHandlers);
}
@Test
void testSuccess_singleFrameInboundMessage() throws Exception {
String inputString = "test.tld\r\n";
// Inbound message processed and passed along.
assertThat(channel.writeInbound(Unpooled.wrappedBuffer(inputString.getBytes(US_ASCII))))
.isTrue();
FullHttpRequest actualRequest = channel.readInbound();
FullHttpRequest expectedRequest =
makeWhoisHttpRequest(
"test.tld",
PROXY_CONFIG.whois.relayHost,
PROXY_CONFIG.whois.relayPath,
TestModule.provideFakeIdToken().get());
assertThat(actualRequest).isEqualTo(expectedRequest);
assertThat(channel.isActive()).isTrue();
// Nothing more to read.
assertThat((Object) channel.readInbound()).isNull();
}
@Test
void testSuccess_noNewlineInboundMessage() {
String inputString = "test.tld";
// No newline encountered, no message formed.
assertThat(channel.writeInbound(Unpooled.wrappedBuffer(inputString.getBytes(US_ASCII))))
.isFalse();
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_multiFrameInboundMessage() throws Exception {
String frame1 = "test";
String frame2 = "1.tld";
String frame3 = "\r\nte";
String frame4 = "st2.tld\r";
String frame5 = "\ntest3.tld";
// No newline yet.
assertThat(channel.writeInbound(Unpooled.wrappedBuffer(frame1.getBytes(US_ASCII)))).isFalse();
// Still no newline yet.
assertThat(channel.writeInbound(Unpooled.wrappedBuffer(frame2.getBytes(US_ASCII)))).isFalse();
// First newline encountered.
assertThat(channel.writeInbound(Unpooled.wrappedBuffer(frame3.getBytes(US_ASCII)))).isTrue();
FullHttpRequest actualRequest1 = channel.readInbound();
FullHttpRequest expectedRequest1 =
makeWhoisHttpRequest(
"test1.tld",
PROXY_CONFIG.whois.relayHost,
PROXY_CONFIG.whois.relayPath,
TestModule.provideFakeIdToken().get());
assertThat(actualRequest1).isEqualTo(expectedRequest1);
// No more message at this point.
assertThat((Object) channel.readInbound()).isNull();
// More inbound bytes, but no newline.
assertThat(channel.writeInbound(Unpooled.wrappedBuffer(frame4.getBytes(US_ASCII)))).isFalse();
// Second message read.
assertThat(channel.writeInbound(Unpooled.wrappedBuffer(frame5.getBytes(US_ASCII)))).isTrue();
FullHttpRequest actualRequest2 = channel.readInbound();
FullHttpRequest expectedRequest2 =
makeWhoisHttpRequest(
"test2.tld",
PROXY_CONFIG.whois.relayHost,
PROXY_CONFIG.whois.relayPath,
TestModule.provideFakeIdToken().get());
assertThat(actualRequest2).isEqualTo(expectedRequest2);
// The third message is not complete yet.
assertThat(channel.isActive()).isTrue();
assertThat((Object) channel.readInbound()).isNull();
}
@Test
void testSuccess_inboundMessageTooLong() {
String inputString = Stream.generate(() -> "x").limit(513).collect(joining()) + "\r\n";
// Nothing gets propagated further.
assertThat(channel.writeInbound(Unpooled.wrappedBuffer(inputString.getBytes(US_ASCII))))
.isFalse();
// Connection is closed due to inbound message overflow.
assertThat(channel.isActive()).isFalse();
}
@Test
void testSuccess_parseSingleOutboundHttpResponse() {
String outputString = "line1\r\nline2\r\n";
FullHttpResponse response = makeWhoisHttpResponse(outputString, HttpResponseStatus.OK);
// Http response parsed and passed along.
assertThat(channel.writeOutbound(response)).isTrue();
ByteBuf outputBuffer = channel.readOutbound();
assertThat(outputBuffer.toString(US_ASCII)).isEqualTo(outputString);
assertThat(channel.isActive()).isFalse();
// Nothing more to write.
assertThat((Object) channel.readOutbound()).isNull();
}
@Test
void testFailure_parseOnlyFirstFromMultipleOutboundHttpResponse() {
String outputString1 = "line1\r\nline2\r\n";
String outputString2 = "line3\r\nline4\r\nline5\r\n";
FullHttpResponse response1 = makeWhoisHttpResponse(outputString1, HttpResponseStatus.OK);
FullHttpResponse response2 = makeWhoisHttpResponse(outputString2, HttpResponseStatus.OK);
assertThrows(ClosedChannelException.class, () -> channel.writeOutbound(response1, response2));
// First Http response parsed
ByteBuf outputBuffer1 = channel.readOutbound();
assertThat(outputBuffer1.toString(US_ASCII)).isEqualTo(outputString1);
// Second Http response not parsed because the connection is closed.
assertThat(channel.isActive()).isFalse();
assertThat((Object) channel.readOutbound()).isNull();
}
@Test
void testFailure_outboundResponseStatusNotOK() {
String outputString = "line1\r\nline2\r\n";
FullHttpResponse response = makeWhoisHttpResponse(outputString, HttpResponseStatus.BAD_REQUEST);
EncoderException thrown =
assertThrows(EncoderException.class, () -> channel.writeOutbound(response));
assertThat(Throwables.getRootCause(thrown)).isInstanceOf(NonOkHttpResponseException.class);
assertThat(thrown).hasMessageThat().contains("400 Bad Request");
assertThat((Object) channel.readOutbound()).isNull();
assertThat(channel.isActive()).isFalse();
}
}

230
proxy/src/test/java/google/registry/proxy/handler/WebWhoisRedirectHandlerTest.java
View File

@@ -1,230 +0,0 @@
// Copyright 2018 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.proxy.handler;
import static com.google.common.truth.Truth.assertThat;
import static google.registry.proxy.TestUtils.assertHttpResponseEquivalent;
import static google.registry.proxy.TestUtils.makeHttpGetRequest;
import static google.registry.proxy.TestUtils.makeHttpPostRequest;
import static google.registry.proxy.TestUtils.makeHttpResponse;
import io.netty.channel.embedded.EmbeddedChannel;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpResponseStatus;
import org.junit.jupiter.api.Test;
/** Unit tests for {@link WebWhoisRedirectHandler}. */
class WebWhoisRedirectHandlerTest {
private static final String REDIRECT_HOST = "www.example.com";
private static final String TARGET_HOST = "whois.nic.tld";
private EmbeddedChannel channel;
private FullHttpRequest request;
private FullHttpResponse response;
private void setupChannel(boolean isHttps) {
channel = new EmbeddedChannel(new WebWhoisRedirectHandler(isHttps, REDIRECT_HOST));
}
private static FullHttpResponse makeRedirectResponse(
HttpResponseStatus status, String location, boolean keepAlive, boolean hsts) {
FullHttpResponse response = makeHttpResponse("", status);
response.headers().set("content-type", "text/plain").set("content-length", "0");
if (location != null) {
response.headers().set("location", location);
}
if (keepAlive) {
response.headers().set("connection", "keep-alive");
}
if (hsts) {
response.headers().set("Strict-Transport-Security", "max-age=31536000");
}
return response;
}
// HTTP redirect tests.
@Test
void testSuccess_http_methodNotAllowed() {
setupChannel(false);
request = makeHttpPostRequest("", TARGET_HOST, "/");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response, makeRedirectResponse(HttpResponseStatus.METHOD_NOT_ALLOWED, null, true, false));
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_http_badHost() {
setupChannel(false);
request = makeHttpGetRequest("", "/");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response, makeRedirectResponse(HttpResponseStatus.BAD_REQUEST, null, true, false));
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_http_noHost() {
setupChannel(false);
request = makeHttpGetRequest("", "/");
request.headers().remove("host");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response, makeRedirectResponse(HttpResponseStatus.BAD_REQUEST, null, true, false));
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_http_healthCheck() {
setupChannel(false);
request = makeHttpPostRequest("", TARGET_HOST, "/");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response, makeRedirectResponse(HttpResponseStatus.METHOD_NOT_ALLOWED, null, true, false));
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_http_redirectToHttps() {
setupChannel(false);
request = makeHttpGetRequest(TARGET_HOST, "/");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response,
makeRedirectResponse(
HttpResponseStatus.MOVED_PERMANENTLY, "https://whois.nic.tld/", true, false));
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_http_redirectToHttps_hostAndPort() {
setupChannel(false);
request = makeHttpGetRequest(TARGET_HOST + ":80", "/");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response,
makeRedirectResponse(
HttpResponseStatus.MOVED_PERMANENTLY, "https://whois.nic.tld/", true, false));
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_http_redirectToHttps_noKeepAlive() {
setupChannel(false);
request = makeHttpGetRequest(TARGET_HOST, "/");
request.headers().set("connection", "close");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response,
makeRedirectResponse(
HttpResponseStatus.MOVED_PERMANENTLY, "https://whois.nic.tld/", false, false));
assertThat(channel.isActive()).isFalse();
}
// HTTPS redirect tests.
@Test
void testSuccess_https_methodNotAllowed() {
setupChannel(true);
request = makeHttpPostRequest("", TARGET_HOST, "/");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response, makeRedirectResponse(HttpResponseStatus.METHOD_NOT_ALLOWED, null, true, false));
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_https_badHost() {
setupChannel(true);
request = makeHttpGetRequest("", "/");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response, makeRedirectResponse(HttpResponseStatus.BAD_REQUEST, null, true, false));
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_https_noHost() {
setupChannel(true);
request = makeHttpGetRequest("", "/");
request.headers().remove("host");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response, makeRedirectResponse(HttpResponseStatus.BAD_REQUEST, null, true, false));
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_https_healthCheck() {
setupChannel(true);
request = makeHttpGetRequest("health-check.invalid", "/");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response, makeRedirectResponse(HttpResponseStatus.FORBIDDEN, null, true, false));
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_https_redirectToDestination() {
setupChannel(true);
request = makeHttpGetRequest(TARGET_HOST, "/");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response,
makeRedirectResponse(HttpResponseStatus.FOUND, "https://www.example.com/", true, true));
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_https_redirectToDestination_noKeepAlive() {
setupChannel(true);
request = makeHttpGetRequest(TARGET_HOST, "/");
request.headers().set("connection", "close");
// No inbound message passed to the next handler.
assertThat(channel.writeInbound(request)).isFalse();
response = channel.readOutbound();
assertHttpResponseEquivalent(
response,
makeRedirectResponse(HttpResponseStatus.FOUND, "https://www.example.com/", false, true));
assertThat(channel.isActive()).isFalse();
}
}

176
proxy/src/test/java/google/registry/proxy/handler/WhoisQuotaHandlerTest.java
View File

@@ -1,176 +0,0 @@
// Copyright 2017 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.proxy.handler;
import static com.google.common.truth.Truth.assertThat;
import static google.registry.proxy.Protocol.PROTOCOL_KEY;
import static google.registry.proxy.handler.ProxyProtocolHandler.REMOTE_ADDRESS_KEY;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import static org.mockito.Mockito.when;
import com.google.common.collect.ImmutableList;
import google.registry.proxy.Protocol;
import google.registry.proxy.handler.QuotaHandler.OverQuotaException;
import google.registry.proxy.handler.QuotaHandler.WhoisQuotaHandler;
import google.registry.proxy.metric.FrontendMetrics;
import google.registry.proxy.quota.QuotaManager;
import google.registry.proxy.quota.QuotaManager.QuotaRequest;
import google.registry.proxy.quota.QuotaManager.QuotaResponse;
import io.netty.channel.Channel;
import io.netty.channel.ChannelFuture;
import io.netty.channel.embedded.EmbeddedChannel;
import org.joda.time.DateTime;
import org.joda.time.DateTimeZone;
import org.joda.time.Duration;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
/** Unit tests for {@link WhoisQuotaHandler} */
class WhoisQuotaHandlerTest {
private final QuotaManager quotaManager = mock(QuotaManager.class);
private final FrontendMetrics metrics = mock(FrontendMetrics.class);
private final WhoisQuotaHandler handler = new WhoisQuotaHandler(quotaManager, metrics);
private final EmbeddedChannel channel = new EmbeddedChannel(handler);
private final DateTime now = DateTime.now(DateTimeZone.UTC);
private final String remoteAddress = "127.0.0.1";
private final Object message = new Object();
private void setProtocol(Channel channel) {
channel
.attr(PROTOCOL_KEY)
.set(
Protocol.frontendBuilder()
.name("whois")
.port(12345)
.handlerProviders(ImmutableList.of())
.relayProtocol(
Protocol.backendBuilder()
.name("backend")
.host("host.tld")
.port(1234)
.handlerProviders(ImmutableList.of())
.build())
.build());
}
@BeforeEach
void beforeEach() {
channel.attr(REMOTE_ADDRESS_KEY).set(remoteAddress);
setProtocol(channel);
}
@Test
void testSuccess_quotaGranted() {
when(quotaManager.acquireQuota(new QuotaRequest(remoteAddress)))
.thenReturn(new QuotaResponse(true, remoteAddress, now));
// First read, acquire quota.
assertThat(channel.writeInbound(message)).isTrue();
assertThat((Object) channel.readInbound()).isEqualTo(message);
assertThat(channel.isActive()).isTrue();
verify(quotaManager).acquireQuota(new QuotaRequest(remoteAddress));
// Second read, should not acquire quota again.
assertThat(channel.writeInbound(message)).isTrue();
assertThat((Object) channel.readInbound()).isEqualTo(message);
// Channel closed, release quota.
ChannelFuture unusedFuture = channel.close();
verifyNoMoreInteractions(quotaManager);
}
@Test
void testFailure_quotaNotGranted() {
when(quotaManager.acquireQuota(new QuotaRequest(remoteAddress)))
.thenReturn(new QuotaResponse(false, remoteAddress, now));
OverQuotaException e =
assertThrows(OverQuotaException.class, () -> channel.writeInbound(message));
assertThat(e).hasMessageThat().contains("none");
verify(metrics).registerQuotaRejection("whois", "none");
verifyNoMoreInteractions(metrics);
}
@Test
void testSuccess_twoChannels_twoUserIds() {
// Set up another user.
final WhoisQuotaHandler otherHandler = new WhoisQuotaHandler(quotaManager, metrics);
final EmbeddedChannel otherChannel = new EmbeddedChannel(otherHandler);
final String otherRemoteAddress = "192.168.0.1";
otherChannel.attr(REMOTE_ADDRESS_KEY).set(otherRemoteAddress);
setProtocol(otherChannel);
final DateTime later = now.plus(Duration.standardSeconds(1));
when(quotaManager.acquireQuota(new QuotaRequest(remoteAddress)))
.thenReturn(new QuotaResponse(true, remoteAddress, now));
when(quotaManager.acquireQuota(new QuotaRequest(otherRemoteAddress)))
.thenReturn(new QuotaResponse(false, otherRemoteAddress, later));
// Allows the first user.
assertThat(channel.writeInbound(message)).isTrue();
assertThat((Object) channel.readInbound()).isEqualTo(message);
assertThat(channel.isActive()).isTrue();
// Blocks the second user.
OverQuotaException e =
assertThrows(OverQuotaException.class, () -> otherChannel.writeInbound(message));
assertThat(e).hasMessageThat().contains("none");
verify(metrics).registerQuotaRejection("whois", "none");
verifyNoMoreInteractions(metrics);
}
@Test
void testSuccess_oneUser_rateLimited() {
// Set up another channel for the same user.
final WhoisQuotaHandler otherHandler = new WhoisQuotaHandler(quotaManager, metrics);
final EmbeddedChannel otherChannel = new EmbeddedChannel(otherHandler);
otherChannel.attr(REMOTE_ADDRESS_KEY).set(remoteAddress);
setProtocol(otherChannel);
final DateTime later = now.plus(Duration.standardSeconds(1));
// Set up the third channel for the same user
final WhoisQuotaHandler thirdHandler = new WhoisQuotaHandler(quotaManager, metrics);
final EmbeddedChannel thirdChannel = new EmbeddedChannel(thirdHandler);
thirdChannel.attr(REMOTE_ADDRESS_KEY).set(remoteAddress);
final DateTime evenLater = now.plus(Duration.standardSeconds(60));
when(quotaManager.acquireQuota(new QuotaRequest(remoteAddress)))
.thenReturn(new QuotaResponse(true, remoteAddress, now))
// Throttles the second connection.
.thenReturn(new QuotaResponse(false, remoteAddress, later))
// Allows the third connection because token refilled.
.thenReturn(new QuotaResponse(true, remoteAddress, evenLater));
// Allows the first channel.
assertThat(channel.writeInbound(message)).isTrue();
assertThat((Object) channel.readInbound()).isEqualTo(message);
assertThat(channel.isActive()).isTrue();
// Blocks the second channel.
OverQuotaException e =
assertThrows(OverQuotaException.class, () -> otherChannel.writeInbound(message));
assertThat(e).hasMessageThat().contains("none");
verify(metrics).registerQuotaRejection("whois", "none");
// Allows the third channel.
assertThat(thirdChannel.writeInbound(message)).isTrue();
assertThat((Object) thirdChannel.readInbound()).isEqualTo(message);
assertThat(thirdChannel.isActive()).isTrue();
verifyNoMoreInteractions(metrics);
}
}

143
proxy/src/test/java/google/registry/proxy/handler/WhoisServiceHandlerTest.java
View File

@@ -1,143 +0,0 @@
// Copyright 2017 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.proxy.handler;
import static com.google.common.truth.Truth.assertThat;
import static google.registry.proxy.TestUtils.makeWhoisHttpRequest;
import static google.registry.proxy.TestUtils.makeWhoisHttpResponse;
import static java.nio.charset.StandardCharsets.US_ASCII;
import static org.junit.jupiter.api.Assertions.assertThrows;
import static org.mockito.Mockito.mock;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyNoMoreInteractions;
import com.google.common.base.Throwables;
import google.registry.proxy.handler.HttpsRelayServiceHandler.NonOkHttpResponseException;
import google.registry.proxy.metric.FrontendMetrics;
import io.netty.buffer.ByteBuf;
import io.netty.buffer.Unpooled;
import io.netty.channel.DefaultChannelId;
import io.netty.channel.embedded.EmbeddedChannel;
import io.netty.handler.codec.EncoderException;
import io.netty.handler.codec.http.FullHttpRequest;
import io.netty.handler.codec.http.FullHttpResponse;
import io.netty.handler.codec.http.HttpResponseStatus;
import org.junit.jupiter.api.BeforeEach;
import org.junit.jupiter.api.Test;
/** Unit tests for {@link WhoisServiceHandler}. */
class WhoisServiceHandlerTest {
private static final String RELAY_HOST = "www.example.tld";
private static final String RELAY_PATH = "/test";
private static final String QUERY_CONTENT = "test.tld";
private static final String PROTOCOL = "whois";
private static final String CLIENT_HASH = "none";
private static final String ID_TOKEN = "fake.id.token";
private final FrontendMetrics metrics = mock(FrontendMetrics.class);
private final WhoisServiceHandler whoisServiceHandler =
new WhoisServiceHandler(RELAY_HOST, RELAY_PATH, false, () -> ID_TOKEN, metrics);
private EmbeddedChannel channel;
@BeforeEach
void beforeEach() throws Exception {
// Need to reset metrics for each test method, since they are static fields on the class and
// shared between each run.
channel = new EmbeddedChannel(whoisServiceHandler);
}
@Test
void testSuccess_connectionMetrics_oneChannel() {
assertThat(channel.isActive()).isTrue();
verify(metrics).registerActiveConnection(PROTOCOL, CLIENT_HASH, channel);
verifyNoMoreInteractions(metrics);
}
@Test
void testSuccess_ConnectionMetrics_twoConnections() {
assertThat(channel.isActive()).isTrue();
verify(metrics).registerActiveConnection(PROTOCOL, CLIENT_HASH, channel);
// Setup second channel.
WhoisServiceHandler whoisServiceHandler2 =
new WhoisServiceHandler(RELAY_HOST, RELAY_PATH, false, () -> ID_TOKEN, metrics);
EmbeddedChannel channel2 =
// We need a new channel id so that it has a different hash code.
// This only is needed for EmbeddedChannel because it has a dummy hash code implementation.
new EmbeddedChannel(DefaultChannelId.newInstance(), whoisServiceHandler2);
assertThat(channel2.isActive()).isTrue();
verify(metrics).registerActiveConnection(PROTOCOL, CLIENT_HASH, channel2);
verifyNoMoreInteractions(metrics);
}
@Test
void testSuccess_fireInboundHttpRequest() throws Exception {
ByteBuf inputBuffer = Unpooled.wrappedBuffer(QUERY_CONTENT.getBytes(US_ASCII));
FullHttpRequest expectedRequest =
makeWhoisHttpRequest(QUERY_CONTENT, RELAY_HOST, RELAY_PATH, ID_TOKEN);
// Input data passed to next handler
assertThat(channel.writeInbound(inputBuffer)).isTrue();
FullHttpRequest inputRequest = channel.readInbound();
assertThat(inputRequest).isEqualTo(expectedRequest);
// The channel is still open, and nothing else is to be read from it.
assertThat((Object) channel.readInbound()).isNull();
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_fireInboundHttpRequest_canary() throws Exception {
WhoisServiceHandler whoisServiceHandler2 =
new WhoisServiceHandler(RELAY_HOST, RELAY_PATH, true, () -> ID_TOKEN, metrics);
channel = new EmbeddedChannel(whoisServiceHandler2);
ByteBuf inputBuffer = Unpooled.wrappedBuffer(QUERY_CONTENT.getBytes(US_ASCII));
FullHttpRequest expectedRequest =
makeWhoisHttpRequest(QUERY_CONTENT, RELAY_HOST, RELAY_PATH, true, ID_TOKEN);
// Input data passed to next handler
assertThat(channel.writeInbound(inputBuffer)).isTrue();
FullHttpRequest inputRequest = channel.readInbound();
assertThat(inputRequest).isEqualTo(expectedRequest);
// The channel is still open, and nothing else is to be read from it.
assertThat((Object) channel.readInbound()).isNull();
assertThat(channel.isActive()).isTrue();
}
@Test
void testSuccess_parseOutboundHttpResponse() {
String outputString = "line1\r\nline2\r\n";
FullHttpResponse outputResponse = makeWhoisHttpResponse(outputString, HttpResponseStatus.OK);
// output data passed to next handler
assertThat(channel.writeOutbound(outputResponse)).isTrue();
ByteBuf parsedBuffer = channel.readOutbound();
assertThat(parsedBuffer.toString(US_ASCII)).isEqualTo(outputString);
// The channel is still open, and nothing else is to be written to it.
assertThat((Object) channel.readOutbound()).isNull();
assertThat(channel.isActive()).isFalse();
}
@Test
void testFailure_OutboundHttpResponseNotOK() {
String outputString = "line1\r\nline2\r\n";
FullHttpResponse outputResponse =
makeWhoisHttpResponse(outputString, HttpResponseStatus.BAD_REQUEST);
EncoderException thrown =
assertThrows(EncoderException.class, () -> channel.writeOutbound(outputResponse));
assertThat(Throwables.getRootCause(thrown)).isInstanceOf(NonOkHttpResponseException.class);
assertThat(thrown).hasMessageThat().contains("400 Bad Request");
assertThat((Object) channel.readOutbound()).isNull();
assertThat(channel.isActive()).isFalse();
}
}