Remove SSL initializer from the prober (#378)

The prober now uses the common SSL initializer in the networking
subproject.

Also changed both initializers to take an ImmutableList of certificates
other than an array of those, for better immutability.

I have no idea where these lockfile changes are coming from. They seem
to be pure noise as far as code review is concerned.

proxy/src/main/java/google/registry/proxy/CertificateModule.java

@@ -62,7 +62,9 @@ import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
  * @see <a href="https://cloud.google.com/kms/">Cloud Key Management Service</a>
  */
 @Module
-public class CertificateModule {
+public final class CertificateModule {
+
+  private CertificateModule() {}
 
   /** Dagger qualifier to provide bindings related to the certificates that the server provides. */
   @Qualifier
@@ -94,8 +96,7 @@ public class CertificateModule {
    */
   private static <T, E> ImmutableList<E> filterAndConvert(
       ImmutableList<Object> objects, Class<T> clazz, Function<T, E> converter) {
-    return objects
-        .stream()
+    return objects.stream()
         .filter(clazz::isInstance)
         .map(clazz::cast)
         .map(converter)
@@ -112,19 +113,20 @@ public class CertificateModule {
 
   @Singleton
   @Provides
-  static Supplier<X509Certificate[]> provideCertificatesSupplier(
-      @ServerCertificates Provider<X509Certificate[]> certificatesProvider, ProxyConfig config) {
+  static Supplier<ImmutableList<X509Certificate>> provideCertificatesSupplier(
+      @ServerCertificates Provider<ImmutableList<X509Certificate>> certificatesProvider,
+      ProxyConfig config) {
     return memoizeWithExpiration(
         certificatesProvider::get, config.serverCertificateCacheSeconds, SECONDS);
   }
 
   @Provides
   @ServerCertificates
-  static X509Certificate[] provideCertificates(
+  static ImmutableList<X509Certificate> provideCertificates(
       Environment env,
-      @Local Lazy<X509Certificate[]> localCertificates,
-      @Prod Lazy<X509Certificate[]> prodCertificates) {
-    return (env == Environment.LOCAL) ? localCertificates.get() : prodCertificates.get();
+      @Local Lazy<ImmutableList<X509Certificate>> localCertificates,
+      @Prod Lazy<ImmutableList<X509Certificate>> prodCertificates) {
+    return env == Environment.LOCAL ? localCertificates.get() : prodCertificates.get();
   }
 
   @Provides
@@ -133,7 +135,7 @@ public class CertificateModule {
       Environment env,
       @Local Lazy<PrivateKey> localPrivateKey,
       @Prod Lazy<PrivateKey> prodPrivateKey) {
-    return (env == Environment.LOCAL) ? localPrivateKey.get() : prodPrivateKey.get();
+    return env == Environment.LOCAL ? localPrivateKey.get() : prodPrivateKey.get();
   }
 
   @Singleton
@@ -156,8 +158,8 @@ public class CertificateModule {
   @Singleton
   @Provides
   @Local
-  static X509Certificate[] provideLocalCertificates(SelfSignedCertificate ssc) {
-    return new X509Certificate[] {ssc.cert()};
+  static ImmutableList<X509Certificate> provideLocalCertificates(SelfSignedCertificate ssc) {
+    return ImmutableList.of(ssc.cert());
   }
 
   @Provides
@@ -210,7 +212,7 @@ public class CertificateModule {
   // This binding should not be used directly. Use the supplier binding instead.
   @Provides
   @Prod
-  static X509Certificate[] provideProdCertificates(
+  static ImmutableList<X509Certificate> provideProdCertificates(
       @Named("pemObjects") ImmutableList<Object> pemObject) {
     JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider("BC");
     Function<X509CertificateHolder, X509Certificate> certificateConverter =
@@ -224,7 +226,7 @@ public class CertificateModule {
         };
     ImmutableList<X509Certificate> certificates =
         filterAndConvert(pemObject, X509CertificateHolder.class, certificateConverter);
-    checkState(certificates.size() != 0, "No certificates found in the pem file");
+    checkState(!certificates.isEmpty(), "No certificates found in the pem file");
     X509Certificate lastCert = null;
     for (X509Certificate cert : certificates) {
       if (lastCert != null) {
@@ -236,8 +238,6 @@ public class CertificateModule {
       }
       lastCert = cert;
     }
-    X509Certificate[] certificateArray = new X509Certificate[certificates.size()];
-    certificates.toArray(certificateArray);
-    return certificateArray;
+    return certificates;
   }
 }

proxy/src/main/java/google/registry/proxy/EppProtocolModule.java

@@ -53,7 +53,9 @@ import javax.inject.Singleton;
 
 /** A module that provides the {@link FrontendProtocol} used for epp protocol. */
 @Module
-public class EppProtocolModule {
+public final class EppProtocolModule {
+
+  private EppProtocolModule() {}
 
   /** Dagger qualifier to provide epp protocol related handlers and other bindings. */
   @Qualifier
@@ -159,7 +161,7 @@ public class EppProtocolModule {
   static SslServerInitializer<NioSocketChannel> provideSslServerInitializer(
       SslProvider sslProvider,
       Supplier<PrivateKey> privateKeySupplier,
-      Supplier<X509Certificate[]> certificatesSupplier) {
+      Supplier<ImmutableList<X509Certificate>> certificatesSupplier) {
     return new SslServerInitializer<>(true, sslProvider, privateKeySupplier, certificatesSupplier);
   }
 

proxy/src/main/java/google/registry/proxy/HttpsRelayProtocolModule.java

@@ -14,6 +14,8 @@
 
 package google.registry.proxy;
 
+import static google.registry.networking.handler.SslClientInitializer.createSslClientInitializerWithSystemTrustStore;
+
 import com.google.common.collect.ImmutableList;
 import dagger.Module;
 import dagger.Provides;
@@ -63,7 +65,7 @@ public class HttpsRelayProtocolModule {
   @HttpsRelayProtocol
   static SslClientInitializer<NioSocketChannel> provideSslClientInitializer(
       SslProvider sslProvider) {
-    return new SslClientInitializer<>(
+    return createSslClientInitializerWithSystemTrustStore(
         sslProvider,
         channel -> ((BackendProtocol) channel.attr(Protocol.PROTOCOL_KEY).get()).host(),
         channel -> channel.attr(Protocol.PROTOCOL_KEY).get().port());

proxy/src/main/java/google/registry/proxy/ProxyModule.java

@@ -217,8 +217,7 @@ public class ProxyModule {
   @Singleton
   @Provides
   @Named("accessToken")
-  static Supplier<String> provideAccessTokenSupplier(
-      GoogleCredentialsBundle credentialsBundle, ProxyConfig config) {
+  static Supplier<String> provideAccessTokenSupplier(GoogleCredentialsBundle credentialsBundle) {
     return () -> {
       GoogleCredentials credentials = credentialsBundle.getGoogleCredentials();
       try {
@@ -329,14 +328,14 @@ public class ProxyModule {
   @Singleton
   @Component(
       modules = {
-          ProxyModule.class,
-          CertificateModule.class,
-          HttpsRelayProtocolModule.class,
-          WhoisProtocolModule.class,
-          WebWhoisProtocolsModule.class,
-          EppProtocolModule.class,
-          HealthCheckProtocolModule.class,
-          MetricsModule.class
+        ProxyModule.class,
+        CertificateModule.class,
+        HttpsRelayProtocolModule.class,
+        WhoisProtocolModule.class,
+        WebWhoisProtocolsModule.class,
+        EppProtocolModule.class,
+        HealthCheckProtocolModule.class,
+        MetricsModule.class
       })
   interface ProxyComponent {
 

proxy/src/main/java/google/registry/proxy/WebWhoisProtocolsModule.java

@@ -35,7 +35,9 @@ import javax.inject.Singleton;
 
 /** A module that provides the {@link FrontendProtocol}s to redirect HTTP(S) web WHOIS requests. */
 @Module
-public class WebWhoisProtocolsModule {
+public final class WebWhoisProtocolsModule {
+
+  private WebWhoisProtocolsModule() {}
 
   /** Dagger qualifier to provide HTTP whois protocol related handlers and other bindings. */
   @Qualifier
@@ -54,7 +56,7 @@ public class WebWhoisProtocolsModule {
   static FrontendProtocol provideHttpWhoisProtocol(
       @HttpWhoisProtocol int httpWhoisPort,
       @HttpWhoisProtocol ImmutableList<Provider<? extends ChannelHandler>> handlerProviders) {
-    return google.registry.proxy.Protocol.frontendBuilder()
+    return Protocol.frontendBuilder()
         .name(HTTP_PROTOCOL_NAME)
         .port(httpWhoisPort)
         .hasBackend(false)
@@ -68,7 +70,7 @@ public class WebWhoisProtocolsModule {
   static FrontendProtocol provideHttpsWhoisProtocol(
       @HttpsWhoisProtocol int httpsWhoisPort,
       @HttpsWhoisProtocol ImmutableList<Provider<? extends ChannelHandler>> handlerProviders) {
-    return google.registry.proxy.Protocol.frontendBuilder()
+    return Protocol.frontendBuilder()
         .name(HTTPS_PROTOCOL_NAME)
         .port(httpsWhoisPort)
         .hasBackend(false)
@@ -110,15 +112,13 @@ public class WebWhoisProtocolsModule {
 
   @Provides
   @HttpWhoisProtocol
-  static WebWhoisRedirectHandler provideHttpRedirectHandler(
-      google.registry.proxy.ProxyConfig config) {
+  static WebWhoisRedirectHandler provideHttpRedirectHandler(ProxyConfig config) {
     return new WebWhoisRedirectHandler(false, config.webWhois.redirectHost);
   }
 
   @Provides
   @HttpsWhoisProtocol
-  static WebWhoisRedirectHandler provideHttpsRedirectHandler(
-      google.registry.proxy.ProxyConfig config) {
+  static WebWhoisRedirectHandler provideHttpsRedirectHandler(ProxyConfig config) {
     return new WebWhoisRedirectHandler(true, config.webWhois.redirectHost);
   }
 
@@ -133,7 +133,7 @@ public class WebWhoisProtocolsModule {
   static SslServerInitializer<NioSocketChannel> provideSslServerInitializer(
       SslProvider sslProvider,
       Supplier<PrivateKey> privateKeySupplier,
-      Supplier<X509Certificate[]> certificatesSupplier) {
+      Supplier<ImmutableList<X509Certificate>> certificatesSupplier) {
     return new SslServerInitializer<>(false, sslProvider, privateKeySupplier, certificatesSupplier);
   }
 }

proxy/src/test/java/google/registry/proxy/CertificateModuleTest.java

@@ -20,6 +20,7 @@ import static google.registry.networking.handler.SslInitializerTestUtils.signKey
 import static google.registry.testing.JUnitBackports.assertThrows;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
+import com.google.common.collect.ImmutableList;
 import dagger.Component;
 import dagger.Module;
 import dagger.Provides;
@@ -79,7 +80,7 @@ public class CertificateModuleTest {
     byte[] pemBytes = getPemBytes(cert, ssc.cert(), key);
     component = createComponent(pemBytes);
     assertThat(component.privateKey()).isEqualTo(key);
-    assertThat(component.certificates()).asList().containsExactly(cert, ssc.cert()).inOrder();
+    assertThat(component.certificates()).containsExactly(cert, ssc.cert()).inOrder();
   }
 
   @Test
@@ -87,7 +88,7 @@ public class CertificateModuleTest {
     byte[] pemBytes = getPemBytes(cert, key, ssc.cert());
     component = createComponent(pemBytes);
     assertThat(component.privateKey()).isEqualTo(key);
-    assertThat(component.certificates()).asList().containsExactly(cert, ssc.cert()).inOrder();
+    assertThat(component.certificates()).containsExactly(cert, ssc.cert()).inOrder();
   }
 
   @Test
@@ -131,13 +132,13 @@ public class CertificateModuleTest {
     private final byte[] pemBytes;
 
     PemBytesModule(byte[] pemBytes) {
-      this.pemBytes = pemBytes;
+      this.pemBytes = pemBytes.clone();
     }
 
     @Provides
     @Named("pemBytes")
     byte[] providePemBytes() {
-      return pemBytes;
+      return pemBytes.clone();
     }
   }
 
@@ -156,6 +157,6 @@ public class CertificateModuleTest {
     PrivateKey privateKey();
 
     @Prod
-    X509Certificate[] certificates();
+    ImmutableList<X509Certificate> certificates();
   }
 }