github
/
acme4j
mirror of https://github.com/shred/acme4j
1
0
Fork 0
Code Issues Releases Wiki Activity

Validate nonce header

pull/17/merge
Richard Körber 2015-12-13 14:24:43 +01:00
parent fbadeb62bf
commit 618dc27fbf
1 changed files with 8 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
acme4j-client/src/main/java/org/shredzone/acme4j/connector/Connection.java
View File

@ -27,6 +27,7 @@ import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
import java.util.EnumMap;
import java.util.Map;
import java.util.regex.Pattern;
import org.jose4j.base64url.Base64Url;
import org.jose4j.json.JsonUtil;
@ -51,6 +52,8 @@ public class Connection implements AutoCloseable {
private static final Logger LOG = LoggerFactory.getLogger(Connection.class);
private static final Pattern BASE64URL_PATTERN = Pattern.compile("[0-9A-Za-z_-]+");
private final AcmeClientProvider provider;
protected HttpURLConnection conn;
@ -77,7 +80,6 @@ public class Connection implements AutoCloseable {
LOG.debug("Initial replay nonce from {}", uri);
HttpURLConnection localConn = provider.openConnection(uri);
localConn.setRequestMethod("HEAD");
localConn.setRequestProperty("Accept-Charset", "utf-8");
localConn.connect();
session.setNonce(getNonceFromHeader(localConn));
@ -301,10 +303,14 @@ public class Connection implements AutoCloseable {
*/
protected byte[] getNonceFromHeader(HttpURLConnection localConn) throws AcmeException {
String nonceHeader = localConn.getHeaderField("Replay-Nonce");
if (nonceHeader == null) {
if (nonceHeader == null || nonceHeader.trim().isEmpty()) {
throw new AcmeException("No replay nonce");
}
if (!BASE64URL_PATTERN.matcher(nonceHeader).matches()) {
throw new AcmeException("Invalid replay nonce: " + nonceHeader);
}
LOG.debug("Replay Nonce: {}", nonceHeader);
return Base64Url.decode(nonceHeader);