zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-05-13 16:07:15 +02:00
Code Issues Projects Releases Packages Wiki Activity

Use self signed certificate when running the proxy locally

Browse source 
This allows us to not obtain a certificate and encrypt it with KMS when running the proxy locally during development.

Also updated FOSS build dagger version.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=191746309
This commit is contained in:
jianglai 2018-04-05 08:37:27 -07:00 committed by Ben McIlwain
parent ea891001d9
commit 18a145eef1
10 changed files with 157 additions and 117 deletions
Download patch file Download diff file Expand all files Collapse all files

84
java/google/registry/proxy/CertificateModule.java
View file

@ -19,10 +19,12 @@ import static com.google.common.collect.ImmutableList.toImmutableList;
import static java.nio.charset.StandardCharsets.UTF_8; import static java.nio.charset.StandardCharsets.UTF_8;
import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableList;
import dagger.Lazy;
import dagger.Module; import dagger.Module;
import dagger.Provides; import dagger.Provides;
import google.registry.proxy.ProxyModule.PemBytes; import google.registry.proxy.ProxyConfig.Environment;
import google.registry.util.FormattingLogger; import google.registry.util.FormattingLogger;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.io.ByteArrayInputStream; import java.io.ByteArrayInputStream;
import java.io.IOException; import java.io.IOException;
import java.io.InputStreamReader; import java.io.InputStreamReader;
@ -32,6 +34,7 @@ import java.security.cert.CertificateException;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import java.util.function.Function; import java.util.function.Function;
import javax.inject.Named; import javax.inject.Named;
import javax.inject.Qualifier;
import javax.inject.Singleton; import javax.inject.Singleton;
import org.bouncycastle.cert.X509CertificateHolder; import org.bouncycastle.cert.X509CertificateHolder;
import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter;
@ -44,18 +47,32 @@ import org.bouncycastle.openssl.jcajce.JcaPEMKeyConverter;
/** /**
* Dagger module that provides bindings needed to inject EPP SSL certificate chain and private key. * Dagger module that provides bindings needed to inject EPP SSL certificate chain and private key.
* *
* <p>The certificates and private key are stored in a .pem file that is encrypted by Cloud KMS. The * <p>The production certificates and private key are stored in a .pem file that is encrypted by
* .pem file can be generated by concatenating the .crt certificate files on the chain and the .key * Cloud KMS. The .pem file can be generated by concatenating the .crt certificate files on the
* private file. * chain and the .key private file.
* *
* <p>The certificates in the .pem file must be stored in order, where the next certificate's * <p>The production certificates in the .pem file must be stored in order, where the next
* subject is the previous certificate's issuer. * certificate's subject is the previous certificate's issuer.
*
* <p>When running the proxy locally or in test, a self signed certificate is used.
* *
* @see <a href="https://cloud.google.com/kms/">Cloud Key Management Service</a> * @see <a href="https://cloud.google.com/kms/">Cloud Key Management Service</a>
*/ */
@Module @Module
public class CertificateModule { public class CertificateModule {
/** Dagger qualifier to provide bindings related to EPP certificates */
@Qualifier
public @interface EppCertificates {}
/** Dagger qualifier to provide bindings when running locally. */
@Qualifier
public @interface Local {}
/** Dagger qualifier to provide bindings when running in production. */
@Qualifier
public @interface Prod {}
private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass(); private static final FormattingLogger logger = FormattingLogger.getLoggerForCallerClass();
static { static {
@ -79,12 +96,56 @@ public class CertificateModule {
.collect(toImmutableList()); .collect(toImmutableList());
} }
@Singleton
@Provides
@EppCertificates
static X509Certificate[] provideCertificates(
Environment env,
@Local Lazy<X509Certificate[]> localCertificates,
@Prod Lazy<X509Certificate[]> prodCertificates) {
return (env == Environment.LOCAL) ? localCertificates.get() : prodCertificates.get();
}
@Singleton
@Provides
@EppCertificates
static PrivateKey providePrivateKey(
Environment env,
@Local Lazy<PrivateKey> localPrivateKey,
@Prod Lazy<PrivateKey> prodPrivateKey) {
return (env == Environment.LOCAL) ? localPrivateKey.get() : prodPrivateKey.get();
}
@Singleton
@Provides
static SelfSignedCertificate provideSelfSignedCertificate() {
try {
return new SelfSignedCertificate();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
@Singleton
@Provides
@Local
static PrivateKey provideLocalPrivateKey(SelfSignedCertificate ssc) {
return ssc.key();
}
@Singleton
@Provides
@Local
static X509Certificate[] provideLocalCertificates(SelfSignedCertificate ssc) {
return new X509Certificate[] {ssc.cert()};
}
@Singleton @Singleton
@Provides @Provides
@Named("pemObjects") @Named("pemObjects")
static ImmutableList<Object> providePemObjects(PemBytes pemBytes) { static ImmutableList<Object> providePemObjects(@Named("pemBytes") byte[] pemBytes) {
PEMParser pemParser = PEMParser pemParser =
new PEMParser(new InputStreamReader(new ByteArrayInputStream(pemBytes.getBytes()), UTF_8)); new PEMParser(new InputStreamReader(new ByteArrayInputStream(pemBytes), UTF_8));
ImmutableList.Builder<Object> listBuilder = new ImmutableList.Builder<>(); ImmutableList.Builder<Object> listBuilder = new ImmutableList.Builder<>();
Object obj; Object obj;
// PEMParser returns an object (private key, certificate, etc) each time readObject() is called, // PEMParser returns an object (private key, certificate, etc) each time readObject() is called,
@ -107,7 +168,8 @@ public class CertificateModule {
@Singleton @Singleton
@Provides @Provides
static PrivateKey providePrivateKey(@Named("pemObjects") ImmutableList<Object> pemObjects) { @Prod
static PrivateKey provideProdPrivateKey(@Named("pemObjects") ImmutableList<Object> pemObjects) {
JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC"); JcaPEMKeyConverter converter = new JcaPEMKeyConverter().setProvider("BC");
Function<PEMKeyPair, PrivateKey> privateKeyConverter = Function<PEMKeyPair, PrivateKey> privateKeyConverter =
pemKeyPair -> { pemKeyPair -> {
@ -129,8 +191,8 @@ public class CertificateModule {
@Singleton @Singleton
@Provides @Provides
@Named("eppServerCertificates") @Prod
static X509Certificate[] provideCertificates( static X509Certificate[] provideProdCertificates(
@Named("pemObjects") ImmutableList<Object> pemObject) { @Named("pemObjects") ImmutableList<Object> pemObject) {
JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider("BC"); JcaX509CertificateConverter converter = new JcaX509CertificateConverter().setProvider("BC");
Function<X509CertificateHolder, X509Certificate> certificateConverter = Function<X509CertificateHolder, X509Certificate> certificateConverter =

5
java/google/registry/proxy/HttpsRelayProtocolModule.java
View file

@ -28,7 +28,6 @@ import io.netty.handler.codec.http.HttpObjectAggregator;
import io.netty.handler.logging.LoggingHandler; import io.netty.handler.logging.LoggingHandler;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import javax.annotation.Nullable; import javax.annotation.Nullable;
import javax.inject.Named;
import javax.inject.Provider; import javax.inject.Provider;
import javax.inject.Qualifier; import javax.inject.Qualifier;
@ -44,7 +43,7 @@ public class HttpsRelayProtocolModule {
/** Dagger qualifier to provide https relay protocol related handlers and other bindings. */ /** Dagger qualifier to provide https relay protocol related handlers and other bindings. */
@Qualifier @Qualifier
@interface HttpsRelayProtocol {} public @interface HttpsRelayProtocol {}
private static final String PROTOCOL_NAME = "https_relay"; private static final String PROTOCOL_NAME = "https_relay";
@ -89,7 +88,7 @@ public class HttpsRelayProtocolModule {
@Nullable @Nullable
@Provides @Provides
@Named("relayTrustedCertificates") @HttpsRelayProtocol
public static X509Certificate[] provideTrustedCertificates() { public static X509Certificate[] provideTrustedCertificates() {
// null uses the system default trust store. // null uses the system default trust store.
return null; return null;

33
java/google/registry/proxy/ProxyModule.java
View file

@ -232,7 +232,8 @@ public class ProxyModule {
@Singleton @Singleton
@Provides @Provides
static PemBytes providePemBytes( @Named("pemBytes")
static byte[] providePemBytes(
CloudKMS cloudKms, @Named("encryptedPemBytes") byte[] encryptedPemBytes, ProxyConfig config) { CloudKMS cloudKms, @Named("encryptedPemBytes") byte[] encryptedPemBytes, ProxyConfig config) {
String cryptoKeyUrl = String cryptoKeyUrl =
String.format( String.format(
@ -240,15 +241,14 @@ public class ProxyModule {
config.projectId, config.kms.location, config.kms.keyRing, config.kms.cryptoKey); config.projectId, config.kms.location, config.kms.keyRing, config.kms.cryptoKey);
try { try {
DecryptRequest decryptRequest = new DecryptRequest().encodeCiphertext(encryptedPemBytes); DecryptRequest decryptRequest = new DecryptRequest().encodeCiphertext(encryptedPemBytes);
return PemBytes.create( return cloudKms
cloudKms
.projects() .projects()
.locations() .locations()
.keyRings() .keyRings()
.cryptoKeys() .cryptoKeys()
.decrypt(cryptoKeyUrl, decryptRequest) .decrypt(cryptoKeyUrl, decryptRequest)
.execute() .execute()
.decodePlaintext()); .decodePlaintext();
} catch (IOException e) { } catch (IOException e) {
logger.severefmt(e, "PEM file decryption failed using CryptoKey: %s", cryptoKeyUrl); logger.severefmt(e, "PEM file decryption failed using CryptoKey: %s", cryptoKeyUrl);
throw new RuntimeException(e); throw new RuntimeException(e);
@ -283,31 +283,6 @@ public class ProxyModule {
return getProxyConfig(env); return getProxyConfig(env);
} }
/**
* A wrapper class for decrypted bytes of the PEM file.
*
* <p>Note that this should not be an @AutoValue class because we need a clone of the bytes to be
* returned, otherwise the wrapper class becomes mutable.
*/
// TODO: remove this class once FOSS build can use @BindsInstance to bind a byte[]
// (https://github.com/bazelbuild/bazel/issues/4138)
static class PemBytes {
private final byte[] bytes;
static PemBytes create(byte[] bytes) {
return new PemBytes(bytes);
}
private PemBytes(byte[] bytes) {
this.bytes = bytes;
}
byte[] getBytes() {
return bytes.clone();
}
}
/** Root level component that exposes the port-to-protocol map. */ /** Root level component that exposes the port-to-protocol map. */
@Singleton @Singleton
@Component( @Component(

1
java/google/registry/proxy/config/proxy-config-test.yaml
View file

@ -1 +0,0 @@
# This file is for test only. Leave it blank.

5
java/google/registry/proxy/handler/SslClientInitializer.java
View file

@ -17,6 +17,7 @@ package google.registry.proxy.handler;
import static com.google.common.base.Preconditions.checkNotNull; import static com.google.common.base.Preconditions.checkNotNull;
import static google.registry.proxy.Protocol.PROTOCOL_KEY; import static google.registry.proxy.Protocol.PROTOCOL_KEY;
import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol;
import google.registry.proxy.Protocol.BackendProtocol; import google.registry.proxy.Protocol.BackendProtocol;
import google.registry.util.FormattingLogger; import google.registry.util.FormattingLogger;
import io.netty.channel.Channel; import io.netty.channel.Channel;
@ -29,7 +30,6 @@ import io.netty.handler.ssl.SslProvider;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import javax.annotation.Nullable; import javax.annotation.Nullable;
import javax.inject.Inject; import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton; import javax.inject.Singleton;
import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngine;
import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLParameters;
@ -51,8 +51,7 @@ public class SslClientInitializer<C extends Channel> extends ChannelInitializer<
@Inject @Inject
SslClientInitializer( SslClientInitializer(
SslProvider sslProvider, SslProvider sslProvider, @Nullable @HttpsRelayProtocol X509Certificate... trustCertificates) {
@Nullable @Named("relayTrustedCertificates") X509Certificate... trustCertificates) {
logger.infofmt("Client SSL Provider: %s", sslProvider); logger.infofmt("Client SSL Provider: %s", sslProvider);
this.sslProvider = sslProvider; this.sslProvider = sslProvider;
this.trustedCertificates = trustCertificates; this.trustedCertificates = trustCertificates;

6
java/google/registry/proxy/handler/SslServerInitializer.java
View file

@ -14,6 +14,7 @@
package google.registry.proxy.handler; package google.registry.proxy.handler;
import google.registry.proxy.CertificateModule.EppCertificates;
import google.registry.util.FormattingLogger; import google.registry.util.FormattingLogger;
import io.netty.channel.Channel; import io.netty.channel.Channel;
import io.netty.channel.ChannelHandler.Sharable; import io.netty.channel.ChannelHandler.Sharable;
@ -30,7 +31,6 @@ import io.netty.util.concurrent.Promise;
import java.security.PrivateKey; import java.security.PrivateKey;
import java.security.cert.X509Certificate; import java.security.cert.X509Certificate;
import javax.inject.Inject; import javax.inject.Inject;
import javax.inject.Named;
import javax.inject.Singleton; import javax.inject.Singleton;
/** /**
@ -66,8 +66,8 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
@Inject @Inject
SslServerInitializer( SslServerInitializer(
SslProvider sslProvider, SslProvider sslProvider,
PrivateKey privateKey, @EppCertificates PrivateKey privateKey,
@Named("eppServerCertificates") X509Certificate... certificates) { @EppCertificates X509Certificate... certificates) {
logger.infofmt("Server SSL Provider: %s", sslProvider); logger.infofmt("Server SSL Provider: %s", sslProvider);
this.sslProvider = sslProvider; this.sslProvider = sslProvider;
this.privateKey = privateKey; this.privateKey = privateKey;

18
java/google/registry/repositories.bzl
View file

@ -1147,10 +1147,10 @@ def com_google_code_findbugs_jsr305():
def com_google_dagger(): def com_google_dagger():
java_import_external( java_import_external(
name = "com_google_dagger", name = "com_google_dagger",
jar_sha256 = "b2142693bc7413f0b74330f0a92ca44ea95a12a22b659972ed6aa9832e8352e4", jar_sha256 = "1f14720ffc3152a4207e374edb2ce114d94625058a6ef48a35cb67764dac4756",
jar_urls = [ jar_urls = [
"http://repo1.maven.org/maven2/com/google/dagger/dagger/2.13/dagger-2.13.jar", "http://repo1.maven.org/maven2/com/google/dagger/dagger/2.15/dagger-2.15.jar",
"http://maven.ibiblio.org/maven2/com/google/dagger/dagger/2.13/dagger-2.13.jar", "http://maven.ibiblio.org/maven2/com/google/dagger/dagger/2.15/dagger-2.15.jar",
], ],
licenses = ["notice"], # Apache 2.0 licenses = ["notice"], # Apache 2.0
deps = ["@javax_inject"], deps = ["@javax_inject"],
@ -1170,10 +1170,10 @@ def com_google_dagger():
def com_google_dagger_compiler(): def com_google_dagger_compiler():
java_import_external( java_import_external(
name = "com_google_dagger_compiler", name = "com_google_dagger_compiler",
jar_sha256 = "8b711253c9cbb58bd2c019cb38afb32ee79f283e1bb3030c8c85b645c7a6d25f", jar_sha256 = "ecd1e8ee0224312ae29203767fb8ec70af13e4f2724df2174ba0d2867cd2de78",
jar_urls = [ jar_urls = [
"http://maven.ibiblio.org/maven2/com/google/dagger/dagger-compiler/2.13/dagger-compiler-2.13.jar", "http://maven.ibiblio.org/maven2/com/google/dagger/dagger-compiler/2.15/dagger-compiler-2.15.jar",
"http://repo1.maven.org/maven2/com/google/dagger/dagger-compiler/2.13/dagger-compiler-2.13.jar", "http://repo1.maven.org/maven2/com/google/dagger/dagger-compiler/2.15/dagger-compiler-2.15.jar",
], ],
licenses = ["notice"], # Apache 2.0 licenses = ["notice"], # Apache 2.0
deps = [ deps = [
@ -1204,10 +1204,10 @@ def com_google_dagger_compiler():
def com_google_dagger_producers(): def com_google_dagger_producers():
java_import_external( java_import_external(
name = "com_google_dagger_producers", name = "com_google_dagger_producers",
jar_sha256 = "cf35b21c634939917eee9ffcd72a9f5f6e261ad57a4c0f0d15cf6f1430262bb0", jar_sha256 = "eb189206f80df260de4331bb51e92a94e06f5cbf5ef3d1492d34c5e139e92eb1",
jar_urls = [ jar_urls = [
"http://repo1.maven.org/maven2/com/google/dagger/dagger-producers/2.13/dagger-producers-2.13.jar", "http://repo1.maven.org/maven2/com/google/dagger/dagger-producers/2.15/dagger-producers-2.15.jar",
"http://maven.ibiblio.org/maven2/com/google/dagger/dagger-producers/2.13/dagger-producers-2.13.jar", "http://maven.ibiblio.org/maven2/com/google/dagger/dagger-producers/2.15/dagger-producers-2.15.jar",
], ],
licenses = ["notice"], # Apache 2.0 licenses = ["notice"], # Apache 2.0
deps = [ deps = [

45
javatests/google/registry/proxy/CertificateModuleTest.java
View file

@ -20,9 +20,10 @@ import static google.registry.proxy.handler.SslInitializerTestUtils.signKeyPair;
import static java.nio.charset.StandardCharsets.UTF_8; import static java.nio.charset.StandardCharsets.UTF_8;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
import dagger.BindsInstance;
import dagger.Component; import dagger.Component;
import google.registry.proxy.ProxyModule.PemBytes; import dagger.Module;
import dagger.Provides;
import google.registry.proxy.CertificateModule.Prod;
import io.netty.handler.ssl.util.SelfSignedCertificate; import io.netty.handler.ssl.util.SelfSignedCertificate;
import java.io.ByteArrayOutputStream; import java.io.ByteArrayOutputStream;
import java.io.OutputStreamWriter; import java.io.OutputStreamWriter;
@ -59,9 +60,9 @@ public class CertificateModuleTest {
} }
/** Create a component with bindings to the given bytes[] as the contents from a PEM file. */ /** Create a component with bindings to the given bytes[] as the contents from a PEM file. */
private TestComponent createComponent(byte[] bytes) { private TestComponent createComponent(byte[] pemBytes) {
return DaggerCertificateModuleTest_TestComponent.builder() return DaggerCertificateModuleTest_TestComponent.builder()
.pemBytes(PemBytes.create(bytes)) .pemBytesModule(new PemBytesModule(pemBytes))
.build(); .build();
} }
@ -137,22 +138,36 @@ public class CertificateModuleTest {
} }
} }
@Module
static class PemBytesModule {
private final byte[] pemBytes;
PemBytesModule(byte[] pemBytes) {
this.pemBytes = pemBytes;
}
@Provides
@Named("pemBytes")
byte[] providePemBytes() {
return pemBytes;
}
}
/**
* Test component that exposes prod certificate and key.
*
* <p>Local certificate and key are not tested because they are directly extracted from a
* self-signed certificate. Here we want to test that we can correctly parse and create
* certificate and keys from a .pem file.
*/
@Singleton @Singleton
@Component(modules = {CertificateModule.class}) @Component(modules = {CertificateModule.class, PemBytesModule.class})
interface TestComponent { interface TestComponent {
@Prod
PrivateKey privateKey(); PrivateKey privateKey();
@Named("eppServerCertificates") @Prod
X509Certificate[] certificates(); X509Certificate[] certificates();
@Component.Builder
interface Builder {
@BindsInstance
Builder pemBytes(PemBytes pemBytes);
TestComponent build();
}
} }
} }

53
javatests/google/registry/proxy/ProtocolModuleTest.java
View file

@ -15,7 +15,7 @@
package google.registry.proxy; package google.registry.proxy;
import static com.google.common.collect.ImmutableList.toImmutableList; import static com.google.common.collect.ImmutableList.toImmutableList;
import static google.registry.proxy.ProxyConfig.Environment.TEST; import static google.registry.proxy.ProxyConfig.Environment.LOCAL;
import static google.registry.proxy.ProxyConfig.getProxyConfig; import static google.registry.proxy.ProxyConfig.getProxyConfig;
import com.google.common.base.Suppliers; import com.google.common.base.Suppliers;
@ -28,6 +28,7 @@ import dagger.Provides;
import google.registry.proxy.EppProtocolModule.EppProtocol; import google.registry.proxy.EppProtocolModule.EppProtocol;
import google.registry.proxy.HealthCheckProtocolModule.HealthCheckProtocol; import google.registry.proxy.HealthCheckProtocolModule.HealthCheckProtocol;
import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol; import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol;
import google.registry.proxy.ProxyConfig.Environment;
import google.registry.proxy.WhoisProtocolModule.WhoisProtocol; import google.registry.proxy.WhoisProtocolModule.WhoisProtocol;
import google.registry.proxy.handler.BackendMetricsHandler; import google.registry.proxy.handler.BackendMetricsHandler;
import google.registry.proxy.handler.ProxyProtocolHandler; import google.registry.proxy.handler.ProxyProtocolHandler;
@ -45,10 +46,7 @@ import io.netty.channel.ChannelInitializer;
import io.netty.channel.embedded.EmbeddedChannel; import io.netty.channel.embedded.EmbeddedChannel;
import io.netty.handler.logging.LoggingHandler; import io.netty.handler.logging.LoggingHandler;
import io.netty.handler.ssl.SslProvider; import io.netty.handler.ssl.SslProvider;
import io.netty.handler.ssl.util.SelfSignedCertificate;
import io.netty.handler.timeout.ReadTimeoutHandler; import io.netty.handler.timeout.ReadTimeoutHandler;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.concurrent.ExecutorService; import java.util.concurrent.ExecutorService;
import java.util.concurrent.Executors; import java.util.concurrent.Executors;
import java.util.concurrent.ScheduledExecutorService; import java.util.concurrent.ScheduledExecutorService;
@ -74,7 +72,7 @@ import org.junit.Before;
*/ */
public abstract class ProtocolModuleTest { public abstract class ProtocolModuleTest {
protected static final ProxyConfig PROXY_CONFIG = getProxyConfig(TEST); protected static final ProxyConfig PROXY_CONFIG = getProxyConfig(LOCAL);
protected TestComponent testComponent; protected TestComponent testComponent;
@ -179,6 +177,7 @@ public abstract class ProtocolModuleTest {
@Component( @Component(
modules = { modules = {
TestModule.class, TestModule.class,
CertificateModule.class,
WhoisProtocolModule.class, WhoisProtocolModule.class,
EppProtocolModule.class, EppProtocolModule.class,
HealthCheckProtocolModule.class, HealthCheckProtocolModule.class,
@ -224,7 +223,7 @@ public abstract class ProtocolModuleTest {
@Singleton @Singleton
@Provides @Provides
static ProxyConfig provideProxyConfig() { static ProxyConfig provideProxyConfig() {
return getProxyConfig(TEST); return getProxyConfig(LOCAL);
} }
@Singleton @Singleton
@ -246,29 +245,6 @@ public abstract class ProtocolModuleTest {
return new LoggingHandler(); return new LoggingHandler();
} }
@Singleton
@Provides
static SelfSignedCertificate provideSelfSignedCertificate() {
try {
return new SelfSignedCertificate();
} catch (Exception e) {
throw new RuntimeException(e);
}
}
@Singleton
@Provides
@Named("eppServerCertificates")
static X509Certificate[] provideCertificate(SelfSignedCertificate ssc) {
return new X509Certificate[] {ssc.cert()};
}
@Singleton
@Provides
static PrivateKey providePrivateKey(SelfSignedCertificate ssc) {
return ssc.key();
}
@Singleton @Singleton
@Provides @Provides
Clock provideFakeClock() { Clock provideFakeClock() {
@ -277,14 +253,29 @@ public abstract class ProtocolModuleTest {
@Singleton @Singleton
@Provides @Provides
ExecutorService provideExecutorService() { static ExecutorService provideExecutorService() {
return MoreExecutors.newDirectExecutorService(); return MoreExecutors.newDirectExecutorService();
} }
@Singleton @Singleton
@Provides @Provides
ScheduledExecutorService provideScheduledExecutorService() { static ScheduledExecutorService provideScheduledExecutorService() {
return Executors.newSingleThreadScheduledExecutor(); return Executors.newSingleThreadScheduledExecutor();
} }
@Singleton
@Provides
static Environment provideEnvironment() {
return Environment.LOCAL;
}
// This method is only here to satisfy Dagger binding, but is never used. In test environment,
// it is the self-signed certificate and its key that end up being used.
@Singleton
@Provides
@Named("pemBytes")
static byte[] providePemBytes() {
return new byte[0];
}
} }
} }

6
javatests/google/registry/proxy/ProxyModuleTest.java
View file

@ -15,7 +15,7 @@
package google.registry.proxy; package google.registry.proxy;
import static com.google.common.truth.Truth.assertThat; import static com.google.common.truth.Truth.assertThat;
import static google.registry.proxy.ProxyConfig.Environment.TEST; import static google.registry.proxy.ProxyConfig.Environment.LOCAL;
import static google.registry.proxy.ProxyConfig.getProxyConfig; import static google.registry.proxy.ProxyConfig.getProxyConfig;
import static google.registry.testing.JUnitBackports.assertThrows; import static google.registry.testing.JUnitBackports.assertThrows;
import static org.junit.Assert.fail; import static org.junit.Assert.fail;
@ -30,7 +30,7 @@ import org.junit.runners.JUnit4;
@RunWith(JUnit4.class) @RunWith(JUnit4.class)
public class ProxyModuleTest { public class ProxyModuleTest {
private static final ProxyConfig PROXY_CONFIG = getProxyConfig(TEST); private static final ProxyConfig PROXY_CONFIG = getProxyConfig(LOCAL);
private final ProxyModule proxyModule = new ProxyModule(); private final ProxyModule proxyModule = new ProxyModule();
@Test @Test
@ -41,7 +41,7 @@ public class ProxyModuleTest {
assertThat(proxyModule.provideEppPort(PROXY_CONFIG)).isEqualTo(PROXY_CONFIG.epp.port); assertThat(proxyModule.provideEppPort(PROXY_CONFIG)).isEqualTo(PROXY_CONFIG.epp.port);
assertThat(proxyModule.provideHealthCheckPort(PROXY_CONFIG)) assertThat(proxyModule.provideHealthCheckPort(PROXY_CONFIG))
.isEqualTo(PROXY_CONFIG.healthCheck.port); .isEqualTo(PROXY_CONFIG.healthCheck.port);
assertThat(proxyModule.provideEnvironment()).isEqualTo(Environment.LOCAL); assertThat(proxyModule.provideEnvironment()).isEqualTo(LOCAL);
assertThat(proxyModule.log).isFalse(); assertThat(proxyModule.log).isFalse();
} }