Use self signed certificate when running the proxy locally

This allows us to not obtain a certificate and encrypt it with KMS when running the proxy locally during development.

Also updated FOSS build dagger version.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191746309

javatests/google/registry/proxy/CertificateModuleTest.java

@@ -20,9 +20,10 @@ import static google.registry.proxy.handler.SslInitializerTestUtils.signKeyPair;
 import static java.nio.charset.StandardCharsets.UTF_8;
 import static org.junit.Assert.fail;
 
-import dagger.BindsInstance;
 import dagger.Component;
-import google.registry.proxy.ProxyModule.PemBytes;
+import dagger.Module;
+import dagger.Provides;
+import google.registry.proxy.CertificateModule.Prod;
 import io.netty.handler.ssl.util.SelfSignedCertificate;
 import java.io.ByteArrayOutputStream;
 import java.io.OutputStreamWriter;
@@ -59,9 +60,9 @@ public class CertificateModuleTest {
   }
 
   /** Create a component with bindings to the given bytes[] as the contents from a PEM file. */
-  private TestComponent createComponent(byte[] bytes) {
+  private TestComponent createComponent(byte[] pemBytes) {
     return DaggerCertificateModuleTest_TestComponent.builder()
-        .pemBytes(PemBytes.create(bytes))
+        .pemBytesModule(new PemBytesModule(pemBytes))
         .build();
   }
 
@@ -137,22 +138,36 @@ public class CertificateModuleTest {
     }
   }
 
-  @Singleton
-  @Component(modules = {CertificateModule.class})
-  interface TestComponent {
+  @Module
+  static class PemBytesModule {
+    private final byte[] pemBytes;
 
-    PrivateKey privateKey();
+    PemBytesModule(byte[] pemBytes) {
+      this.pemBytes = pemBytes;
+    }
 
-    @Named("eppServerCertificates")
-    X509Certificate[] certificates();
-
-    @Component.Builder
-    interface Builder {
-
-      @BindsInstance
-      Builder pemBytes(PemBytes pemBytes);
-
-      TestComponent build();
+    @Provides
+    @Named("pemBytes")
+    byte[] providePemBytes() {
+      return pemBytes;
     }
   }
+
+  /**
+   * Test component that exposes prod certificate and key.
+   *
+   * <p>Local certificate and key are not tested because they are directly extracted from a
+   * self-signed certificate. Here we want to test that we can correctly parse and create
+   * certificate and keys from a .pem file.
+   */
+  @Singleton
+  @Component(modules = {CertificateModule.class, PemBytesModule.class})
+  interface TestComponent {
+
+    @Prod
+    PrivateKey privateKey();
+
+    @Prod
+    X509Certificate[] certificates();
+  }
 }

javatests/google/registry/proxy/ProtocolModuleTest.java

@@ -15,7 +15,7 @@
 package google.registry.proxy;
 
 import static com.google.common.collect.ImmutableList.toImmutableList;
-import static google.registry.proxy.ProxyConfig.Environment.TEST;
+import static google.registry.proxy.ProxyConfig.Environment.LOCAL;
 import static google.registry.proxy.ProxyConfig.getProxyConfig;
 
 import com.google.common.base.Suppliers;
@@ -28,6 +28,7 @@ import dagger.Provides;
 import google.registry.proxy.EppProtocolModule.EppProtocol;
 import google.registry.proxy.HealthCheckProtocolModule.HealthCheckProtocol;
 import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol;
+import google.registry.proxy.ProxyConfig.Environment;
 import google.registry.proxy.WhoisProtocolModule.WhoisProtocol;
 import google.registry.proxy.handler.BackendMetricsHandler;
 import google.registry.proxy.handler.ProxyProtocolHandler;
@@ -45,10 +46,7 @@ import io.netty.channel.ChannelInitializer;
 import io.netty.channel.embedded.EmbeddedChannel;
 import io.netty.handler.logging.LoggingHandler;
 import io.netty.handler.ssl.SslProvider;
-import io.netty.handler.ssl.util.SelfSignedCertificate;
 import io.netty.handler.timeout.ReadTimeoutHandler;
-import java.security.PrivateKey;
-import java.security.cert.X509Certificate;
 import java.util.concurrent.ExecutorService;
 import java.util.concurrent.Executors;
 import java.util.concurrent.ScheduledExecutorService;
@@ -74,7 +72,7 @@ import org.junit.Before;
  */
 public abstract class ProtocolModuleTest {
 
-  protected static final ProxyConfig PROXY_CONFIG = getProxyConfig(TEST);
+  protected static final ProxyConfig PROXY_CONFIG = getProxyConfig(LOCAL);
 
   protected TestComponent testComponent;
 
@@ -179,6 +177,7 @@ public abstract class ProtocolModuleTest {
   @Component(
     modules = {
       TestModule.class,
+      CertificateModule.class,
       WhoisProtocolModule.class,
       EppProtocolModule.class,
       HealthCheckProtocolModule.class,
@@ -224,7 +223,7 @@ public abstract class ProtocolModuleTest {
     @Singleton
     @Provides
     static ProxyConfig provideProxyConfig() {
-      return getProxyConfig(TEST);
+      return getProxyConfig(LOCAL);
     }
 
     @Singleton
@@ -246,29 +245,6 @@ public abstract class ProtocolModuleTest {
       return new LoggingHandler();
     }
 
-    @Singleton
-    @Provides
-    static SelfSignedCertificate provideSelfSignedCertificate() {
-      try {
-        return new SelfSignedCertificate();
-      } catch (Exception e) {
-        throw new RuntimeException(e);
-      }
-    }
-
-    @Singleton
-    @Provides
-    @Named("eppServerCertificates")
-    static X509Certificate[] provideCertificate(SelfSignedCertificate ssc) {
-      return new X509Certificate[] {ssc.cert()};
-    }
-
-    @Singleton
-    @Provides
-    static PrivateKey providePrivateKey(SelfSignedCertificate ssc) {
-      return ssc.key();
-    }
-
     @Singleton
     @Provides
     Clock provideFakeClock() {
@@ -277,14 +253,29 @@ public abstract class ProtocolModuleTest {
 
     @Singleton
     @Provides
-    ExecutorService provideExecutorService() {
+    static ExecutorService provideExecutorService() {
       return MoreExecutors.newDirectExecutorService();
     }
 
     @Singleton
     @Provides
-    ScheduledExecutorService provideScheduledExecutorService() {
+    static ScheduledExecutorService provideScheduledExecutorService() {
       return Executors.newSingleThreadScheduledExecutor();
     }
+
+    @Singleton
+    @Provides
+    static Environment provideEnvironment() {
+      return Environment.LOCAL;
+    }
+
+    // This method is only here to satisfy Dagger binding, but is never used. In test environment,
+    // it is the self-signed certificate and its key that end up being used.
+    @Singleton
+    @Provides
+    @Named("pemBytes")
+    static byte[] providePemBytes() {
+      return new byte[0];
+    }
   }
 }

javatests/google/registry/proxy/ProxyModuleTest.java

@@ -15,7 +15,7 @@
 package google.registry.proxy;
 
 import static com.google.common.truth.Truth.assertThat;
-import static google.registry.proxy.ProxyConfig.Environment.TEST;
+import static google.registry.proxy.ProxyConfig.Environment.LOCAL;
 import static google.registry.proxy.ProxyConfig.getProxyConfig;
 import static google.registry.testing.JUnitBackports.assertThrows;
 import static org.junit.Assert.fail;
@@ -30,7 +30,7 @@ import org.junit.runners.JUnit4;
 @RunWith(JUnit4.class)
 public class ProxyModuleTest {
 
-  private static final ProxyConfig PROXY_CONFIG = getProxyConfig(TEST);
+  private static final ProxyConfig PROXY_CONFIG = getProxyConfig(LOCAL);
   private final ProxyModule proxyModule = new ProxyModule();
 
   @Test
@@ -41,7 +41,7 @@ public class ProxyModuleTest {
     assertThat(proxyModule.provideEppPort(PROXY_CONFIG)).isEqualTo(PROXY_CONFIG.epp.port);
     assertThat(proxyModule.provideHealthCheckPort(PROXY_CONFIG))
         .isEqualTo(PROXY_CONFIG.healthCheck.port);
-    assertThat(proxyModule.provideEnvironment()).isEqualTo(Environment.LOCAL);
+    assertThat(proxyModule.provideEnvironment()).isEqualTo(LOCAL);
     assertThat(proxyModule.log).isFalse();
   }