fix: limit thing name to 128 characters

aws-greengrass · Mar 21, 2024 · c640dd7 · c640dd7
1 parent 1b8c589
commit c640dd7
Show file tree

Hide file tree

Showing 3 changed files with 8 additions and 2 deletions.
diff --git a/src/main/java/com/aws/greengrass/clientdevices/auth/iot/Thing.java b/src/main/java/com/aws/greengrass/clientdevices/auth/iot/Thing.java
@@ -32,6 +32,7 @@ public final class Thing implements AttributeProvider, Cloneable {
     public static final String NAMESPACE = "Thing";
     private static final String THING_NAME_ATTRIBUTE = "ThingName";
     private static final String thingNamePattern = "[a-zA-Z0-9\\-_:]+";
+    public static final int MAX_THING_NAME_LENGTH = 128;
     private static final AtomicInteger metadataTrustDurationMinutes =
             new AtomicInteger(DEFAULT_CLIENT_DEVICE_TRUST_DURATION_MINUTES);
 
@@ -58,6 +59,9 @@ public static Thing of(String thingName) {
      * @throws IllegalArgumentException If the given ThingName contains illegal characters
      */
     public static Thing of(String thingName, Map<String, Instant> certificateIds) {
+        if (thingName.length() > MAX_THING_NAME_LENGTH) {
+            throw new IllegalArgumentException("Invalid thing name. The thing name must be less than 128 characters.");
+        }
         if (!Pattern.matches(thingNamePattern, thingName)) {
             throw new IllegalArgumentException("Invalid thing name. The thing name must match \"[a-zA-Z0-9\\-_:]+\".");
         }

diff --git a/src/main/java/com/aws/greengrass/clientdevices/auth/iot/usecases/CreateIoTThingSession.java b/src/main/java/com/aws/greengrass/clientdevices/auth/iot/usecases/CreateIoTThingSession.java
@@ -21,6 +21,8 @@
 
 import javax.inject.Inject;
 
+import static com.aws.greengrass.clientdevices.auth.iot.Thing.MAX_THING_NAME_LENGTH;
+
 public class CreateIoTThingSession implements UseCases.UseCase<Session, CreateSessionDTO> {
     private static final Logger logger = LogManager.getLogger(CreateIoTThingSession.class);
     private final ThingRegistry thingRegistry;
@@ -51,7 +53,7 @@ public CreateIoTThingSession(ThingRegistry thingRegistry, CertificateRegistry ce
      */
     @Override
     public Session apply(CreateSessionDTO dto) throws AuthenticationException {
-        if (dto.getThingName() != null && dto.getThingName().length() > 65_535) {
+        if (dto.getThingName() != null && dto.getThingName().length() > MAX_THING_NAME_LENGTH) {
             throw new AuthenticationException("Thing name is too long");
         }
 

diff --git a/src/test/java/com/aws/greengrass/clientdevices/auth/session/MqttSessionFactoryTest.java b/src/test/java/com/aws/greengrass/clientdevices/auth/session/MqttSessionFactoryTest.java
@@ -105,7 +105,7 @@ void GIVEN_credentialsWithInvalidCertificate_WHEN_createSession_THEN_throwsAuthe
     void GIVEN_credentialsWithLongClientId_WHEN_createSession_THEN_throwsAuthenticationException() {
         AuthenticationException ex = Assertions.assertThrows(AuthenticationException.class,
                 () -> mqttSessionFactory.createSession(
-                        ImmutableMap.of("certificatePem", "PEM", "clientId", new String(new byte[65536]), "username",
+                        ImmutableMap.of("certificatePem", "PEM", "clientId", new String(new byte[130]), "username",
                                 "", "password", "")));
         assertThat(ex.getMessage(), containsString("too long"));
     }