diff --git a/docs/configuration.md b/docs/configuration.md index 46d88dced..ab7b288b2 100644 --- a/docs/configuration.md +++ b/docs/configuration.md @@ -87,26 +87,24 @@ control mishap. We use a secret store to persist these values in a secure manner, and abstract access to them using the `Keyring` interface. The `Keyring` interface contains methods for all sensitive configuration values, -which are primarily credentials used to access various ICANN and -ICANN-affiliated services (such as RDE). These values are only needed for real +which are primarily credentials used to access various ICANN and ICANN- +affiliated services (such as RDE). These values are only needed for real production registries and PDT environments. If you are just playing around with the platform at first, it is OK to put off defining these values until -necessary. To that end, a `VoidKeyring` implementation is provided that simply -throws an `UnsupportedOperationException` whenever any code attempts to load a -secret key. This allows the codebase to compile, but of course any actions that -attempt to connect to these services will error out because the keys won't be -present. +necessary. To that end, a `DummyKeyringModule` is included that simply provides +an `InMemoryKeyring` populated with dummy values for all secret keys. This +allows the codebase to compile and run, but of course any actions that attempt +to connect to external services will fail because none of the keys are real. -`KeyModule` is a Dagger module that is used to provide injected values for all -of the sensitive configuration options. Each `@Provides` method requires a -`Keyring` instance. In the code release, a stub implementation in the form of -`VoidKeyring` is provided by the `VoidKeyringModule`. To configure a production -registry system, you will need to write your own module to provide your own -`Keyring` implementation (which you will also need to write), and replace the -usage of `VoidKeyringModule` with your own module in all of the per-service -components in which it is referenced. The functions in `PgpHelper` will likely -prove useful for loading keys stored in PGP format into the PGP key classes that -you'll need to provide from `Keyring`. +To configure a production registry system, you will need to write a replacement +module for `DummyKeyringModule` that loads the credentials in a secure way, and +provides them using either an instance of `InMemoryKeyring` or your own custom +implementation of `Keyring`. You then need to replace all usages of +`DummyKeyringModule` with your own module in all of the per-service components +in which it is referenced. The functions in `PgpHelper` will likely prove +useful for loading keys stored in PGP format into the PGP key classes that +you'll need to provide from `Keyring`, and you can see examples of them in +action in `DummyKeyringModule`. ## Per-TLD configuration diff --git a/java/google/registry/keyring/api/BUILD b/java/google/registry/keyring/api/BUILD index cea1a5f86..fb0697803 100644 --- a/java/google/registry/keyring/api/BUILD +++ b/java/google/registry/keyring/api/BUILD @@ -8,9 +8,11 @@ licenses(["notice"]) # Apache 2.0 java_library( name = "api", srcs = glob(["*.java"]), + resources = glob(["*.asc"]), visibility = ["//visibility:public"], deps = [ "//java/com/google/common/base", + "//java/com/google/common/io", "//third_party/java/bouncycastle", "//third_party/java/bouncycastle_bcpg", "//third_party/java/dagger", diff --git a/java/google/registry/keyring/api/DummyKeyringModule.java b/java/google/registry/keyring/api/DummyKeyringModule.java new file mode 100644 index 000000000..153740fe2 --- /dev/null +++ b/java/google/registry/keyring/api/DummyKeyringModule.java @@ -0,0 +1,91 @@ +// Copyright 2016 The Domain Registry Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package google.registry.keyring.api; +import static com.google.common.io.Resources.getResource; +import static google.registry.keyring.api.PgpHelper.KeyRequirement.ENCRYPT_SIGN; +import static google.registry.keyring.api.PgpHelper.lookupKeyPair; + +import com.google.common.base.VerifyException; +import com.google.common.io.ByteSource; +import com.google.common.io.Resources; +import dagger.Module; +import dagger.Provides; +import java.io.IOException; +import java.io.InputStream; +import javax.annotation.concurrent.Immutable; +import org.bouncycastle.openpgp.PGPException; +import org.bouncycastle.openpgp.PGPKeyPair; +import org.bouncycastle.openpgp.PGPPublicKeyRingCollection; +import org.bouncycastle.openpgp.PGPSecretKeyRingCollection; +import org.bouncycastle.openpgp.PGPUtil; +import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection; +import org.bouncycastle.openpgp.bc.BcPGPSecretKeyRingCollection; + +/** + * Dagger keyring module that provides an {@link InMemoryKeyring} instance populated with dummy + * values. + * + *

This dummy module allows the domain registry code to compile and run in an unmodified state, + * with all attempted outgoing connections failing because the supplied dummy credentials aren't + * valid. For a real system that needs to connect with external services, you should replace this + * module with one that loads real credentials from secure sources. + */ +@Module +@Immutable +public final class DummyKeyringModule { + + /** The contents of a dummy PGP public key stored in a file. */ + private static final ByteSource PGP_PUBLIC_KEYRING = + Resources.asByteSource(getResource(InMemoryKeyring.class, "pgp-public-keyring.asc")); + + /** The contents of a dummy PGP private key stored in a file. */ + private static final ByteSource PGP_PRIVATE_KEYRING = + Resources.asByteSource(getResource(InMemoryKeyring.class, "pgp-private-keyring.asc")); + + /** The email address of the aforementioned PGP key. */ + private static final String EMAIL_ADDRESS = "domain-registry-users@googlegroups.com"; + + /** Always returns a {@link InMemoryKeyring} instance. */ + @Provides + static Keyring provideKeyring() { + PGPKeyPair dummyKey; + try (InputStream publicInput = PGP_PUBLIC_KEYRING.openStream(); + InputStream privateInput = PGP_PRIVATE_KEYRING.openStream()) { + PGPPublicKeyRingCollection publicKeys = + new BcPGPPublicKeyRingCollection(PGPUtil.getDecoderStream(publicInput)); + PGPSecretKeyRingCollection privateKeys = + new BcPGPSecretKeyRingCollection(PGPUtil.getDecoderStream(privateInput)); + dummyKey = lookupKeyPair(publicKeys, privateKeys, EMAIL_ADDRESS, ENCRYPT_SIGN); + } catch (PGPException | IOException e) { + throw new VerifyException("Failed to load PGP keys from jar", e); + } + // Use the same dummy PGP keypair for all required PGP keys -- a real production system would + // have different values for these keys. Pass dummy values for all Strings. + return new InMemoryKeyring( + dummyKey, + dummyKey, + dummyKey.getPublicKey(), + dummyKey, + dummyKey.getPublicKey(), + "not a real key", + "not a real key", + "not a real password", + "not a real login", + "not a real password", + "not a real login", + "not a real credential", + "not a real key"); + } +} diff --git a/java/google/registry/keyring/api/InMemoryKeyring.java b/java/google/registry/keyring/api/InMemoryKeyring.java new file mode 100644 index 000000000..b3b8d0db8 --- /dev/null +++ b/java/google/registry/keyring/api/InMemoryKeyring.java @@ -0,0 +1,155 @@ +// Copyright 2016 The Domain Registry Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +package google.registry.keyring.api; + +import static com.google.common.base.Preconditions.checkArgument; +import static com.google.common.base.Preconditions.checkNotNull; + +import javax.annotation.concurrent.Immutable; +import org.bouncycastle.openpgp.PGPKeyPair; +import org.bouncycastle.openpgp.PGPPrivateKey; +import org.bouncycastle.openpgp.PGPPublicKey; + +/** A {@link Keyring} that uses in-memory values for all credentials. */ +@Immutable +public final class InMemoryKeyring implements Keyring { + + private final PGPKeyPair rdeStagingKey; + private final PGPKeyPair rdeSigningKey; + private final PGPPublicKey rdeReceiverKey; + private final PGPKeyPair brdaSigningKey; + private final PGPPublicKey brdaEncryptionKey; + private final String rdeSshClientPublicKey; + private final String rdeSshClientPrivateKey; + private final String icannReportingPassword; + private final String marksdbDnlLogin; + private final String marksdbLordnPassword; + private final String marksdbSmdrlLogin; + private final String jsonCredential; + private final String braintreePrivateKey; + + public InMemoryKeyring( + PGPKeyPair rdeStagingKey, + PGPKeyPair rdeSigningKey, + PGPPublicKey rdeReceiverKey, + PGPKeyPair brdaSigningKey, + PGPPublicKey brdaEncryptionKey, + String rdeSshClientPublicKey, + String rdeSshClientPrivateKey, + String icannReportingPassword, + String marksdbDnlLogin, + String marksdbLordnPassword, + String marksdbSmdrlLogin, + String jsonCredential, + String braintreePrivateKey) { + checkArgument(PgpHelper.isSigningKey(rdeSigningKey.getPublicKey()), + "RDE signing key must support signing: %s", rdeSigningKey.getKeyID()); + checkArgument(rdeStagingKey.getPublicKey().isEncryptionKey(), + "staging key must support encryption: %s", rdeStagingKey.getKeyID()); + checkArgument(rdeReceiverKey.isEncryptionKey(), + "receiver key must support encryption: %s", rdeReceiverKey.getKeyID()); + checkArgument(PgpHelper.isSigningKey(brdaSigningKey.getPublicKey()), + "BRDA signing key must support signing: %s", brdaSigningKey.getKeyID()); + checkArgument(brdaEncryptionKey.isEncryptionKey(), + "encryption key must support encryption: %s", brdaEncryptionKey.getKeyID()); + this.rdeStagingKey = rdeStagingKey; + this.rdeSigningKey = rdeSigningKey; + this.rdeReceiverKey = rdeReceiverKey; + this.brdaSigningKey = brdaSigningKey; + this.brdaEncryptionKey = brdaEncryptionKey; + this.rdeSshClientPublicKey = checkNotNull(rdeSshClientPublicKey, "rdeSshClientPublicKey"); + this.rdeSshClientPrivateKey = checkNotNull(rdeSshClientPrivateKey, "rdeSshClientPrivateKey"); + this.icannReportingPassword = checkNotNull(icannReportingPassword, "icannReportingPassword"); + this.marksdbDnlLogin = checkNotNull(marksdbDnlLogin, "marksdbDnlLogin"); + this.marksdbLordnPassword = checkNotNull(marksdbLordnPassword, "marksdbLordnPassword"); + this.marksdbSmdrlLogin = checkNotNull(marksdbSmdrlLogin, "marksdbSmdrlLogin"); + this.jsonCredential = checkNotNull(jsonCredential, "jsonCredential"); + this.braintreePrivateKey = checkNotNull(braintreePrivateKey, "braintreePrivateKey"); + } + + @Override + public PGPKeyPair getRdeSigningKey() { + return rdeSigningKey; + } + + @Override + public PGPPublicKey getRdeStagingEncryptionKey() { + return rdeStagingKey.getPublicKey(); + } + + @Override + public PGPPrivateKey getRdeStagingDecryptionKey() { + return rdeStagingKey.getPrivateKey(); + } + + @Override + public PGPPublicKey getRdeReceiverKey() { + return rdeReceiverKey; + } + + @Override + public PGPKeyPair getBrdaSigningKey() { + return brdaSigningKey; + } + + @Override + public PGPPublicKey getBrdaReceiverKey() { + return brdaEncryptionKey; + } + + @Override + public String getRdeSshClientPublicKey() { + return rdeSshClientPublicKey; + } + + @Override + public String getRdeSshClientPrivateKey() { + return rdeSshClientPrivateKey; + } + + @Override + public String getIcannReportingPassword() { + return icannReportingPassword; + } + + @Override + public String getMarksdbDnlLogin() { + return marksdbDnlLogin; + } + + @Override + public String getMarksdbLordnPassword() { + return marksdbLordnPassword; + } + + @Override + public String getMarksdbSmdrlLogin() { + return marksdbSmdrlLogin; + } + + @Override + public String getJsonCredential() { + return jsonCredential; + } + + @Override + public String getBraintreePrivateKey() { + return braintreePrivateKey; + } + + /** Does nothing. */ + @Override + public void close() {} +} diff --git a/java/google/registry/keyring/api/VoidKeyring.java b/java/google/registry/keyring/api/VoidKeyring.java deleted file mode 100644 index 0ea143fa1..000000000 --- a/java/google/registry/keyring/api/VoidKeyring.java +++ /dev/null @@ -1,115 +0,0 @@ -// Copyright 2016 The Domain Registry Authors. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package google.registry.keyring.api; - -import javax.annotation.concurrent.Immutable; -import org.bouncycastle.openpgp.PGPKeyPair; -import org.bouncycastle.openpgp.PGPPrivateKey; -import org.bouncycastle.openpgp.PGPPublicKey; - -/** {@link Keyring} that throws {@link UnsupportedOperationException} if any methods are called. */ -@Immutable -public final class VoidKeyring implements Keyring { - - private static final String ERROR = "Keyring support not loaded"; - - /** @throws UnsupportedOperationException always */ - @Override - public PGPKeyPair getRdeSigningKey() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public PGPKeyPair getBrdaSigningKey() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public PGPPublicKey getRdeStagingEncryptionKey() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public PGPPrivateKey getRdeStagingDecryptionKey() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public PGPPublicKey getRdeReceiverKey() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public PGPPublicKey getBrdaReceiverKey() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public String getRdeSshClientPublicKey() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public String getRdeSshClientPrivateKey() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public String getIcannReportingPassword() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public String getMarksdbDnlLogin() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public String getMarksdbLordnPassword() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public String getMarksdbSmdrlLogin() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public String getJsonCredential() { - throw new UnsupportedOperationException(ERROR); - } - - /** @throws UnsupportedOperationException always */ - @Override - public String getBraintreePrivateKey() { - throw new UnsupportedOperationException(ERROR); - } - - /** Does nothing. */ - @Override - public void close() {} -} diff --git a/java/google/registry/keyring/api/VoidKeyringModule.java b/java/google/registry/keyring/api/VoidKeyringModule.java deleted file mode 100644 index fc1b32eb3..000000000 --- a/java/google/registry/keyring/api/VoidKeyringModule.java +++ /dev/null @@ -1,31 +0,0 @@ -// Copyright 2016 The Domain Registry Authors. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package google.registry.keyring.api; - -import dagger.Module; -import dagger.Provides; -import javax.annotation.concurrent.Immutable; - -/** Dagger keyring module that always returns {@link VoidKeyring} instances. */ -@Module -@Immutable -public final class VoidKeyringModule { - - /** Always returns a {@link VoidKeyring} instance. */ - @Provides - static Keyring provideKeyring() { - return new VoidKeyring(); - } -} diff --git a/java/google/registry/keyring/api/pgp-private-keyring.asc b/java/google/registry/keyring/api/pgp-private-keyring.asc new file mode 100644 index 000000000..ebaf595c2 --- /dev/null +++ b/java/google/registry/keyring/api/pgp-private-keyring.asc @@ -0,0 +1,35 @@ +-----BEGIN PGP PRIVATE KEY BLOCK----- +Version: GnuPG v1 + +lQH+BFfPBakBBACTKn8ZPbKVyafxVOnFh9n9Xb0DIA2ph8oTw8p5ObJpzZ/bx/Bx +eIMs5KjiZu6yr+SQAkDbokDwlFTVIVESvkxYPeHVn9vnW01T4nlQ2/4ezAqjNuGl +7B61Kl50JMprgZo+VvbRhzYWYcZclZDNO9axyphWuIFarMgdDl8TC0IuKwARAQAB +/gMDAiNREMtdTajUYJnvE5MXiUAwkiGYLgWeHu9/v+jzpKCpOFCzJpkQHRM4FoUC +tb/PuWzMT/b6ZpxsiK2bjZ0MzQGUHfHGJfyqJQBRKblmHIemS2xlXzBnqU5znlUs +IFptSNUo6Qen3Oxlr4y4ArRKpMAYAjRP0prJDE5A/Za7AuChyDWZhLFu39iVer1c +9FJlkIGMfPWNzJEfqJnsO7IyszwbpEMbHtz3mCeYQn4E+S4RO6g4GsIkaVUcFvkL +ATpmcnYvWlaRlWLkv8GTVBdTmHRb9/NGEhbrwfCN1vnjfi9iPVFpdmy9g5+zyh+6 +fQEXa/a5JhKwzYfsvBGjOIworikhN8+OmLKS7ww2hB3wHa1JtEodjbBv6UqZk8+i +bMBXqCiR1oL9hll5XeOxwrfdmoye6bkzgawA0MXNnXHJRm6pl9rZkXo9SHPenQLJ +Cqs5DNYKmNJg13ZIJdVdprT5nALCMuxMESsN6nKM7wrStDhEb21haW4gUmVnaXN0 +cnkgPGRvbWFpbi1yZWdpc3RyeS11c2Vyc0Bnb29nbGVncm91cHMuY29tPoi4BBMB +AgAiBQJXzwWpAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCIX9igNM8p +/6lZA/wIukET7iOVp/um4feLIaLoBaJlWdb6dRHPgQKZaFfNg5CaALCeVOwsBKNA +6YCCCtaSa1l6bIzziC8Lii37DB5hNF9M9A350rgUFHtKze5BAADtPkpDpY50nPug +wkQP7UEjCMcpix0fDX5cJ/bJ9va7w5fw3LX/GuBuLHemswGBup0B/gRXzwWpAQQA +xuQ90FV9LRznzfZe4/IUGGQ1L/ku9xuA1TGeTnuqRR9kdTofZw5p2a0Kh915x6En +VLogsAvshwIiDZaraJRiXLBrF7Hf4fKgc0gHNtlkVSCeow1kGScDXOpQ01deDFfU +YjQq86XSfwCognw7O5636kNsS7Te0jfPZmbgJdldGXMAEQEAAf4DAwIjURDLXU2o +1GC/wS0hrGk9x0H8daxBK1nH1U8kT+8RQM0t7c4rpY0z3p/FTpc4sKy58K0YDVT2 +7ym0ukUHBR7Em0rr9VCkUVkR0rQhpi2ioMUDLn+FyslzYSZnsvvK1WWgMYuCylHM +H7lrzkJQvN7jWdKEURwkRC38S4/JfhZQ8Y+hHa8yt96pCxB6NgUkwjPK/H4KVYz7 +hjPAu0fsvzklfo9/xZMSoRZF+K8KXNc8MqBK8gheuP8bU3c30KTjevjlLw8kUsL3 +wkqehCYCe1GKPUhdLoBQiWGAddFFwyPuMuzk1W3oaxRaXPDT2eR4+5jNkoODX9Wz +sWgM7h6gkaPdaSaKNatYAlqVQxWsdVnJOzJzj8UZp34oGQxow9ZU1WGqccd5VlJx +32aQjcGXcjgq/zY4OcKBKxiFWJX8LUzIlUmEyTppxzn4VxbOmbVc5L2Knw5isv6E +Q5CnZCaJVeGvIeHuDfIyIA0+Sk29nYifBBgBAgAJBQJXzwWpAhsMAAoJEIhf2KA0 +zyn/cZcD/0a540LdD3xv9JrEwS2bMPYUKtwqw/dysiLnkvW1hQBj7bJUhQrILb3p +9qPcubKPPODNPfUxKOjQX7zTMTd4F7wVGXoARrqiqvmCrK9XL1UnqZ+ofvvId2Sc +p5qUP0iC5kc8od3T64DEPJPqMs2/GrjfMGwRTzEbIdp22Jho0Esy +=qUDG +-----END PGP PRIVATE KEY BLOCK----- diff --git a/java/google/registry/keyring/api/pgp-public-keyring.asc b/java/google/registry/keyring/api/pgp-public-keyring.asc new file mode 100644 index 000000000..a18389dec --- /dev/null +++ b/java/google/registry/keyring/api/pgp-public-keyring.asc @@ -0,0 +1,20 @@ +-----BEGIN PGP PUBLIC KEY BLOCK----- +Version: GnuPG v1 + +mI0EV88FqQEEAJMqfxk9spXJp/FU6cWH2f1dvQMgDamHyhPDynk5smnNn9vH8HF4 +gyzkqOJm7rKv5JACQNuiQPCUVNUhURK+TFg94dWf2+dbTVPieVDb/h7MCqM24aXs +HrUqXnQkymuBmj5W9tGHNhZhxlyVkM071rHKmFa4gVqsyB0OXxMLQi4rABEBAAG0 +OERvbWFpbiBSZWdpc3RyeSA8ZG9tYWluLXJlZ2lzdHJ5LXVzZXJzQGdvb2dsZWdy +b3Vwcy5jb20+iLgEEwECACIFAlfPBakCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B +AheAAAoJEIhf2KA0zyn/qVkD/Ai6QRPuI5Wn+6bh94shougFomVZ1vp1Ec+BAplo +V82DkJoAsJ5U7CwEo0DpgIIK1pJrWXpsjPOILwuKLfsMHmE0X0z0DfnSuBQUe0rN +7kEAAO0+SkOljnSc+6DCRA/tQSMIxymLHR8Nflwn9sn29rvDl/Dctf8a4G4sd6az +AYG6uI0EV88FqQEEAMbkPdBVfS0c5832XuPyFBhkNS/5LvcbgNUxnk57qkUfZHU6 +H2cOadmtCofdecehJ1S6ILAL7IcCIg2Wq2iUYlywaxex3+HyoHNIBzbZZFUgnqMN +ZBknA1zqUNNXXgxX1GI0KvOl0n8AqIJ8Ozuet+pDbEu03tI3z2Zm4CXZXRlzABEB +AAGInwQYAQIACQUCV88FqQIbDAAKCRCIX9igNM8p/3GXA/9GueNC3Q98b/SaxMEt +mzD2FCrcKsP3crIi55L1tYUAY+2yVIUKyC296faj3LmyjzzgzT31MSjo0F+80zE3 +eBe8FRl6AEa6oqr5gqyvVy9VJ6mfqH77yHdknKealD9IguZHPKHd0+uAxDyT6jLN +vxq43zBsEU8xGyHadtiYaNBLMg== +=v+Qg +-----END PGP PUBLIC KEY BLOCK----- diff --git a/java/google/registry/module/backend/BackendComponent.java b/java/google/registry/module/backend/BackendComponent.java index 4ec783f28..18335ed70 100644 --- a/java/google/registry/module/backend/BackendComponent.java +++ b/java/google/registry/module/backend/BackendComponent.java @@ -25,7 +25,7 @@ import google.registry.groups.DirectoryModule; import google.registry.groups.GroupsModule; import google.registry.groups.GroupssettingsModule; import google.registry.keyring.api.KeyModule; -import google.registry.keyring.api.VoidKeyringModule; +import google.registry.keyring.api.DummyKeyringModule; import google.registry.monitoring.metrics.MetricReporter; import google.registry.monitoring.whitebox.StackdriverModule; import google.registry.rde.JSchModule; @@ -69,7 +69,7 @@ import javax.inject.Singleton; UrlFetchTransportModule.class, UseAppIdentityCredentialForGoogleApisModule.class, VoidDnsWriterModule.class, - VoidKeyringModule.class, + DummyKeyringModule.class, }) interface BackendComponent { BackendRequestComponent startRequest(RequestModule requestModule); diff --git a/java/google/registry/module/frontend/FrontendComponent.java b/java/google/registry/module/frontend/FrontendComponent.java index e5ab087bd..a4f5b94c2 100644 --- a/java/google/registry/module/frontend/FrontendComponent.java +++ b/java/google/registry/module/frontend/FrontendComponent.java @@ -18,7 +18,7 @@ import dagger.Component; import google.registry.braintree.BraintreeModule; import google.registry.config.ConfigModule; import google.registry.keyring.api.KeyModule; -import google.registry.keyring.api.VoidKeyringModule; +import google.registry.keyring.api.DummyKeyringModule; import google.registry.monitoring.metrics.MetricReporter; import google.registry.monitoring.whitebox.StackdriverModule; import google.registry.request.Modules.AppIdentityCredentialModule; @@ -49,7 +49,7 @@ import javax.inject.Singleton; UrlFetchTransportModule.class, UseAppIdentityCredentialForGoogleApisModule.class, UserServiceModule.class, - VoidKeyringModule.class, + DummyKeyringModule.class, }) interface FrontendComponent { FrontendRequestComponent startRequest(RequestModule requestModule); diff --git a/java/google/registry/module/tools/ToolsComponent.java b/java/google/registry/module/tools/ToolsComponent.java index 735517251..fb9492f21 100644 --- a/java/google/registry/module/tools/ToolsComponent.java +++ b/java/google/registry/module/tools/ToolsComponent.java @@ -22,7 +22,7 @@ import google.registry.groups.DirectoryModule; import google.registry.groups.GroupsModule; import google.registry.groups.GroupssettingsModule; import google.registry.keyring.api.KeyModule; -import google.registry.keyring.api.VoidKeyringModule; +import google.registry.keyring.api.DummyKeyringModule; import google.registry.request.Modules.AppIdentityCredentialModule; import google.registry.request.Modules.DatastoreServiceModule; import google.registry.request.Modules.GoogleCredentialModule; @@ -53,7 +53,7 @@ import javax.inject.Singleton; UseAppIdentityCredentialForGoogleApisModule.class, SystemClockModule.class, SystemSleeperModule.class, - VoidKeyringModule.class, + DummyKeyringModule.class, }) interface ToolsComponent { ToolsRequestComponent startRequest(RequestModule requestModule); diff --git a/java/google/registry/tools/RegistryToolComponent.java b/java/google/registry/tools/RegistryToolComponent.java index a0c57267e..c5e4b1dbd 100644 --- a/java/google/registry/tools/RegistryToolComponent.java +++ b/java/google/registry/tools/RegistryToolComponent.java @@ -20,7 +20,7 @@ import google.registry.dns.writer.VoidDnsWriterModule; import google.registry.dns.writer.clouddns.CloudDnsModule; import google.registry.dns.writer.dnsupdate.DnsUpdateWriterModule; import google.registry.keyring.api.KeyModule; -import google.registry.keyring.api.VoidKeyringModule; +import google.registry.keyring.api.DummyKeyringModule; import google.registry.request.Modules.DatastoreServiceModule; import google.registry.request.Modules.Jackson2Module; import google.registry.request.Modules.URLFetchServiceModule; @@ -44,7 +44,7 @@ import google.registry.util.SystemClock.SystemClockModule; SystemClockModule.class, URLFetchServiceModule.class, VoidDnsWriterModule.class, - VoidKeyringModule.class, + DummyKeyringModule.class, } ) interface RegistryToolComponent {