Abstract KMS code with KmsConnection and create a fake KmsConnection

This simplifies the tests for KmsKeyring and KmsUpdater.

This is a followup to []

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=148496758

java/google/registry/keyring/kms/KmsConnection.java

@@ -0,0 +1,42 @@
+// Copyright 2017 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.keyring.kms;
+
+import java.io.IOException;
+
+/** An abstraction to simplify Cloud KMS operations. */
+interface KmsConnection {
+
+  /**
+   * The maximum allowable secret size, as set by Cloud KMS.
+   *
+   * @see <a
+   *     href="https://cloud.google.com/kms/docs/reference/rest/v1beta1/projects.locations.keyRings.cryptoKeys/encrypt#request-body">projects.locations.keyRings.cryptoKeys.encrypt</a>
+   */
+  int MAX_SECRET_SIZE_BYTES = 64 * 1024;
+
+  /**
+   * Encrypts a plaintext with CryptoKey {@code cryptoKeyName} on KeyRing {@code keyRingName}.
+   *
+   * <p>The latest CryptoKeyVersion is used to encrypt the value. The value must not be larger than
+   * {@code MAX_SECRET_SIZE_BYTES}.
+   *
+   * <p>If no applicable CryptoKey or CryptoKeyVersion exist, they will be created.
+   */
+  EncryptResponse encrypt(String cryptoKeyName, byte[] plaintext) throws IOException;
+
+  /** Decrypts a Cloud KMS encrypted and encoded value with CryptoKey {@code cryptoKeyName}. */
+  byte[] decrypt(String cryptoKeyName, String encodedCiphertext) throws IOException;
+}