Package google.registry.flows

Class TlsCredentials

java.lang.Object

google.registry.flows.TlsCredentials

All Implemented Interfaces:

TransportCredentials

public class TlsCredentials
extends Object
implements TransportCredentials

Container and validation for TLS certificate and IP-allow-listing.

Credentials are based on the following headers:

X-SSL-Certificate

This field should contain a base64 encoded digest of the client's TLS certificate. It is used only if the validation of the full certificate fails.

X-Forwarded-For

This field should contain the host and port of the connecting client. It is validated during an EPP login command against an IP allow list that is transmitted out of band.

Nested Class Summary

Nested Classes

Modifier and Type	Class	Description
static class	TlsCredentials.BadRegistrarCertificateException	Registrar certificate does not match stored certificate.
static class	TlsCredentials.BadRegistrarIpAddressException	Registrar IP address is not in stored allow list.
static class	TlsCredentials.CertificateContainsSecurityViolationsException	Registrar certificate contains the following security violations: ...
static final class	TlsCredentials.EppTlsModule	Dagger module for the EPP TLS endpoint.
static class	TlsCredentials.MissingRegistrarCertificateException	Registrar certificate not present.
static class	TlsCredentials.RegistrarCertificateNotConfiguredException	Registrar certificate is not configured.

Nested classes/interfaces inherited from interface google.registry.flows.TransportCredentials

TransportCredentials.BadRegistrarPasswordException

Constructor Summary

Constructors

Constructor	Description
TlsCredentials(boolean requireSslCertificates, Optional<String> clientCertificateHash, Optional<InetAddress> clientInetAddr, CertificateChecker certificateChecker)

Method Summary

Modifier and Type	Method	Description
String	toString()
void	validate(Registrar registrar, String password)	Check that these credentials are valid for the registrar and optionally check the password.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Constructor Details

TlsCredentials

@Inject
public TlsCredentials(@Config("requireSslCertificates")
 boolean requireSslCertificates,
 @Header("X-SSL-Certificate")
 Optional<String> clientCertificateHash,
 Optional<InetAddress> clientInetAddr,
 CertificateChecker certificateChecker)

Method Details

validate

public void validate(Registrar registrar,
 String password)
              throws EppException.AuthenticationErrorException

Description copied from interface: TransportCredentials

Check that these credentials are valid for the registrar and optionally check the password.

Called by LoginFlow to check the transport credentials against the stored registrar's credentials. If they do not match, throw an EppException.AuthenticationErrorException.

Specified by:

validate in interface TransportCredentials

Throws:

EppException.AuthenticationErrorException

toString

public String toString()

Overrides:

toString in class Object