From 1c8684b1edbb28f22b8868a5ba6be2e680d2f3bb Mon Sep 17 00:00:00 2001 From: Michael Dombrowski Date: Thu, 21 Mar 2024 15:44:32 -0400 Subject: [PATCH] fix: limit thing name to 128 characters (#428) --- .../java/com/aws/greengrass/clientdevices/auth/iot/Thing.java | 4 ++++ .../auth/iot/usecases/CreateIoTThingSession.java | 4 +++- .../clientdevices/auth/session/MqttSessionFactoryTest.java | 2 +- 3 files changed, 8 insertions(+), 2 deletions(-) diff --git a/src/main/java/com/aws/greengrass/clientdevices/auth/iot/Thing.java b/src/main/java/com/aws/greengrass/clientdevices/auth/iot/Thing.java index c28f05369..cea583313 100644 --- a/src/main/java/com/aws/greengrass/clientdevices/auth/iot/Thing.java +++ b/src/main/java/com/aws/greengrass/clientdevices/auth/iot/Thing.java @@ -32,6 +32,7 @@ public final class Thing implements AttributeProvider, Cloneable { public static final String NAMESPACE = "Thing"; private static final String THING_NAME_ATTRIBUTE = "ThingName"; private static final String thingNamePattern = "[a-zA-Z0-9\\-_:]+"; + public static final int MAX_THING_NAME_LENGTH = 128; private static final AtomicInteger metadataTrustDurationMinutes = new AtomicInteger(DEFAULT_CLIENT_DEVICE_TRUST_DURATION_MINUTES); @@ -58,6 +59,9 @@ public static Thing of(String thingName) { * @throws IllegalArgumentException If the given ThingName contains illegal characters */ public static Thing of(String thingName, Map certificateIds) { + if (thingName.length() > MAX_THING_NAME_LENGTH) { + throw new IllegalArgumentException("Invalid thing name. Thing name is too long."); + } if (!Pattern.matches(thingNamePattern, thingName)) { throw new IllegalArgumentException("Invalid thing name. The thing name must match \"[a-zA-Z0-9\\-_:]+\"."); } diff --git a/src/main/java/com/aws/greengrass/clientdevices/auth/iot/usecases/CreateIoTThingSession.java b/src/main/java/com/aws/greengrass/clientdevices/auth/iot/usecases/CreateIoTThingSession.java index 20593442f..88bc70028 100644 --- a/src/main/java/com/aws/greengrass/clientdevices/auth/iot/usecases/CreateIoTThingSession.java +++ b/src/main/java/com/aws/greengrass/clientdevices/auth/iot/usecases/CreateIoTThingSession.java @@ -21,6 +21,8 @@ import javax.inject.Inject; +import static com.aws.greengrass.clientdevices.auth.iot.Thing.MAX_THING_NAME_LENGTH; + public class CreateIoTThingSession implements UseCases.UseCase { private static final Logger logger = LogManager.getLogger(CreateIoTThingSession.class); private final ThingRegistry thingRegistry; @@ -51,7 +53,7 @@ public CreateIoTThingSession(ThingRegistry thingRegistry, CertificateRegistry ce */ @Override public Session apply(CreateSessionDTO dto) throws AuthenticationException { - if (dto.getThingName() != null && dto.getThingName().length() > 65_535) { + if (dto.getThingName() != null && dto.getThingName().length() > MAX_THING_NAME_LENGTH) { throw new AuthenticationException("Thing name is too long"); } diff --git a/src/test/java/com/aws/greengrass/clientdevices/auth/session/MqttSessionFactoryTest.java b/src/test/java/com/aws/greengrass/clientdevices/auth/session/MqttSessionFactoryTest.java index a517dffe1..a21f70ce2 100644 --- a/src/test/java/com/aws/greengrass/clientdevices/auth/session/MqttSessionFactoryTest.java +++ b/src/test/java/com/aws/greengrass/clientdevices/auth/session/MqttSessionFactoryTest.java @@ -105,7 +105,7 @@ void GIVEN_credentialsWithInvalidCertificate_WHEN_createSession_THEN_throwsAuthe void GIVEN_credentialsWithLongClientId_WHEN_createSession_THEN_throwsAuthenticationException() { AuthenticationException ex = Assertions.assertThrows(AuthenticationException.class, () -> mqttSessionFactory.createSession( - ImmutableMap.of("certificatePem", "PEM", "clientId", new String(new byte[65536]), "username", + ImmutableMap.of("certificatePem", "PEM", "clientId", new String(new byte[130]), "username", "", "password", ""))); assertThat(ex.getMessage(), containsString("too long")); }