Replace VoidKeyring with InMemoryKeyring and a dummy module

VoidKeyring always threw exceptions whenever any of its methods were called,
which caused several parts of the system to fail early (and thus required a
proper Keyring to be implemented almost immediately, early on in the "just
playing around with the system" phase).

I'm swapping this out with an InMemoryKeyring which is supplied by
DummyKeyringModule, which, instead of throwing exceptions, returns dummy
values, delaying the onset of errors to when connecting to external services
is attempted.  This pushes off the required implementation of a real Keyring-
providing module, allowing the system to be played around with more first.

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=132361157

docs/configuration.md

@@ -87,26 +87,24 @@ control mishap.  We use a secret store to persist these values in a secure
 manner, and abstract access to them using the `Keyring` interface.
 
 The `Keyring` interface contains methods for all sensitive configuration values,
-which are primarily credentials used to access various ICANN and
+which are primarily credentials used to access various ICANN and ICANN-
-ICANN-affiliated services (such as RDE).  These values are only needed for real
+affiliated services (such as RDE).  These values are only needed for real
 production registries and PDT environments.  If you are just playing around with
 the platform at first, it is OK to put off defining these values until
-necessary.  To that end, a `VoidKeyring` implementation is provided that simply
+necessary.  To that end, a `DummyKeyringModule` is included that simply provides
-throws an `UnsupportedOperationException` whenever any code attempts to load a
+an `InMemoryKeyring` populated with dummy values for all secret keys.  This
-secret key.  This allows the codebase to compile, but of course any actions that
+allows the codebase to compile and run, but of course any actions that attempt
-attempt to connect to these services will error out because the keys won't be
+to connect to external services will fail because none of the keys are real.
-present.
 
-`KeyModule` is a Dagger module that is used to provide injected values for all
+To configure a production registry system, you will need to write a replacement
-of the sensitive configuration options.  Each `@Provides` method requires a
+module for `DummyKeyringModule` that loads the credentials in a secure way, and
-`Keyring` instance.  In the code release, a stub implementation in the form of
+provides them using either an instance of `InMemoryKeyring` or your own custom
-`VoidKeyring` is provided by the `VoidKeyringModule`.  To configure a production
+implementation of `Keyring`.  You then need to replace all usages of
-registry system, you will need to write your own module to provide your own
+`DummyKeyringModule` with your own module in all of the per-service components
-`Keyring` implementation (which you will also need to write), and replace the
+in which it is referenced.  The functions in `PgpHelper` will likely prove
-usage of `VoidKeyringModule` with your own module in all of the per-service
+useful for loading keys stored in PGP format into the PGP key classes that
-components in which it is referenced.  The functions in `PgpHelper` will likely
+you'll need to provide from `Keyring`, and you can see examples of them in
-prove useful for loading keys stored in PGP format into the PGP key classes that
+action in `DummyKeyringModule`.
-you'll need to provide from `Keyring`.
 
 ## Per-TLD configuration
 

java/google/registry/keyring/api/BUILD

@@ -8,9 +8,11 @@ licenses(["notice"])  # Apache 2.0
 java_library(
     name = "api",
     srcs = glob(["*.java"]),
+    resources = glob(["*.asc"]),
     visibility = ["//visibility:public"],
     deps = [
         "//java/com/google/common/base",
+        "//java/com/google/common/io",
         "//third_party/java/bouncycastle",
         "//third_party/java/bouncycastle_bcpg",
         "//third_party/java/dagger",

java/google/registry/keyring/api/DummyKeyringModule.java

@@ -0,0 +1,91 @@
+// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.keyring.api;
+import static com.google.common.io.Resources.getResource;
+import static google.registry.keyring.api.PgpHelper.KeyRequirement.ENCRYPT_SIGN;
+import static google.registry.keyring.api.PgpHelper.lookupKeyPair;
+
+import com.google.common.base.VerifyException;
+import com.google.common.io.ByteSource;
+import com.google.common.io.Resources;
+import dagger.Module;
+import dagger.Provides;
+import java.io.IOException;
+import java.io.InputStream;
+import javax.annotation.concurrent.Immutable;
+import org.bouncycastle.openpgp.PGPException;
+import org.bouncycastle.openpgp.PGPKeyPair;
+import org.bouncycastle.openpgp.PGPPublicKeyRingCollection;
+import org.bouncycastle.openpgp.PGPSecretKeyRingCollection;
+import org.bouncycastle.openpgp.PGPUtil;
+import org.bouncycastle.openpgp.bc.BcPGPPublicKeyRingCollection;
+import org.bouncycastle.openpgp.bc.BcPGPSecretKeyRingCollection;
+
+/**
+ * Dagger keyring module that provides an {@link InMemoryKeyring} instance populated with dummy
+ * values.
+ *
+ * <p>This dummy module allows the domain registry code to compile and run in an unmodified state,
+ * with all attempted outgoing connections failing because the supplied dummy credentials aren't
+ * valid. For a real system that needs to connect with external services, you should replace this
+ * module with one that loads real credentials from secure sources.
+ */
+@Module
+@Immutable
+public final class DummyKeyringModule {
+
+  /** The contents of a dummy PGP public key stored in a file. */
+  private static final ByteSource PGP_PUBLIC_KEYRING =
+      Resources.asByteSource(getResource(InMemoryKeyring.class, "pgp-public-keyring.asc"));
+
+  /** The contents of a dummy PGP private key stored in a file. */
+  private static final ByteSource PGP_PRIVATE_KEYRING =
+      Resources.asByteSource(getResource(InMemoryKeyring.class, "pgp-private-keyring.asc"));
+
+  /** The email address of the aforementioned PGP key. */
+  private static final String EMAIL_ADDRESS = "domain-registry-users@googlegroups.com";
+
+  /** Always returns a {@link InMemoryKeyring} instance. */
+  @Provides
+  static Keyring provideKeyring() {
+    PGPKeyPair dummyKey;
+    try (InputStream publicInput = PGP_PUBLIC_KEYRING.openStream();
+        InputStream privateInput = PGP_PRIVATE_KEYRING.openStream()) {
+      PGPPublicKeyRingCollection publicKeys =
+          new BcPGPPublicKeyRingCollection(PGPUtil.getDecoderStream(publicInput));
+      PGPSecretKeyRingCollection privateKeys =
+          new BcPGPSecretKeyRingCollection(PGPUtil.getDecoderStream(privateInput));
+      dummyKey = lookupKeyPair(publicKeys, privateKeys, EMAIL_ADDRESS, ENCRYPT_SIGN);
+    } catch (PGPException | IOException e) {
+      throw new VerifyException("Failed to load PGP keys from jar", e);
+    }
+    // Use the same dummy PGP keypair for all required PGP keys -- a real production system would
+    // have different values for these keys.  Pass dummy values for all Strings.
+    return new InMemoryKeyring(
+        dummyKey,
+        dummyKey,
+        dummyKey.getPublicKey(),
+        dummyKey,
+        dummyKey.getPublicKey(),
+        "not a real key",
+        "not a real key",
+        "not a real password",
+        "not a real login",
+        "not a real password",
+        "not a real login",
+        "not a real credential",
+        "not a real key");
+  }
+}

java/google/registry/keyring/api/InMemoryKeyring.java

@@ -0,0 +1,155 @@
+// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+package google.registry.keyring.api;
+
+import static com.google.common.base.Preconditions.checkArgument;
+import static com.google.common.base.Preconditions.checkNotNull;
+
+import javax.annotation.concurrent.Immutable;
+import org.bouncycastle.openpgp.PGPKeyPair;
+import org.bouncycastle.openpgp.PGPPrivateKey;
+import org.bouncycastle.openpgp.PGPPublicKey;
+
+/** A {@link Keyring} that uses in-memory values for all credentials. */
+@Immutable
+public final class InMemoryKeyring implements Keyring {
+
+  private final PGPKeyPair rdeStagingKey;
+  private final PGPKeyPair rdeSigningKey;
+  private final PGPPublicKey rdeReceiverKey;
+  private final PGPKeyPair brdaSigningKey;
+  private final PGPPublicKey brdaEncryptionKey;
+  private final String rdeSshClientPublicKey;
+  private final String rdeSshClientPrivateKey;
+  private final String icannReportingPassword;
+  private final String marksdbDnlLogin;
+  private final String marksdbLordnPassword;
+  private final String marksdbSmdrlLogin;
+  private final String jsonCredential;
+  private final String braintreePrivateKey;
+
+  public InMemoryKeyring(
+      PGPKeyPair rdeStagingKey,
+      PGPKeyPair rdeSigningKey,
+      PGPPublicKey rdeReceiverKey,
+      PGPKeyPair brdaSigningKey,
+      PGPPublicKey brdaEncryptionKey,
+      String rdeSshClientPublicKey,
+      String rdeSshClientPrivateKey,
+      String icannReportingPassword,
+      String marksdbDnlLogin,
+      String marksdbLordnPassword,
+      String marksdbSmdrlLogin,
+      String jsonCredential,
+      String braintreePrivateKey) {
+    checkArgument(PgpHelper.isSigningKey(rdeSigningKey.getPublicKey()),
+        "RDE signing key must support signing: %s", rdeSigningKey.getKeyID());
+    checkArgument(rdeStagingKey.getPublicKey().isEncryptionKey(),
+        "staging key must support encryption: %s", rdeStagingKey.getKeyID());
+    checkArgument(rdeReceiverKey.isEncryptionKey(),
+        "receiver key must support encryption: %s", rdeReceiverKey.getKeyID());
+    checkArgument(PgpHelper.isSigningKey(brdaSigningKey.getPublicKey()),
+        "BRDA signing key must support signing: %s", brdaSigningKey.getKeyID());
+    checkArgument(brdaEncryptionKey.isEncryptionKey(),
+        "encryption key must support encryption: %s", brdaEncryptionKey.getKeyID());
+    this.rdeStagingKey = rdeStagingKey;
+    this.rdeSigningKey = rdeSigningKey;
+    this.rdeReceiverKey = rdeReceiverKey;
+    this.brdaSigningKey = brdaSigningKey;
+    this.brdaEncryptionKey = brdaEncryptionKey;
+    this.rdeSshClientPublicKey = checkNotNull(rdeSshClientPublicKey, "rdeSshClientPublicKey");
+    this.rdeSshClientPrivateKey = checkNotNull(rdeSshClientPrivateKey, "rdeSshClientPrivateKey");
+    this.icannReportingPassword = checkNotNull(icannReportingPassword, "icannReportingPassword");
+    this.marksdbDnlLogin = checkNotNull(marksdbDnlLogin, "marksdbDnlLogin");
+    this.marksdbLordnPassword = checkNotNull(marksdbLordnPassword, "marksdbLordnPassword");
+    this.marksdbSmdrlLogin = checkNotNull(marksdbSmdrlLogin, "marksdbSmdrlLogin");
+    this.jsonCredential = checkNotNull(jsonCredential, "jsonCredential");
+    this.braintreePrivateKey = checkNotNull(braintreePrivateKey, "braintreePrivateKey");
+  }
+
+  @Override
+  public PGPKeyPair getRdeSigningKey() {
+    return rdeSigningKey;
+  }
+
+  @Override
+  public PGPPublicKey getRdeStagingEncryptionKey() {
+    return rdeStagingKey.getPublicKey();
+  }
+
+  @Override
+  public PGPPrivateKey getRdeStagingDecryptionKey() {
+    return rdeStagingKey.getPrivateKey();
+  }
+
+  @Override
+  public PGPPublicKey getRdeReceiverKey() {
+    return rdeReceiverKey;
+  }
+
+  @Override
+  public PGPKeyPair getBrdaSigningKey() {
+    return brdaSigningKey;
+  }
+
+  @Override
+  public PGPPublicKey getBrdaReceiverKey() {
+    return brdaEncryptionKey;
+  }
+
+  @Override
+  public String getRdeSshClientPublicKey() {
+    return rdeSshClientPublicKey;
+  }
+
+  @Override
+  public String getRdeSshClientPrivateKey() {
+    return rdeSshClientPrivateKey;
+  }
+
+  @Override
+  public String getIcannReportingPassword() {
+    return icannReportingPassword;
+  }
+
+  @Override
+  public String getMarksdbDnlLogin() {
+    return marksdbDnlLogin;
+  }
+
+  @Override
+  public String getMarksdbLordnPassword() {
+    return marksdbLordnPassword;
+  }
+
+  @Override
+  public String getMarksdbSmdrlLogin() {
+    return marksdbSmdrlLogin;
+  }
+
+  @Override
+  public String getJsonCredential() {
+    return jsonCredential;
+  }
+
+  @Override
+  public String getBraintreePrivateKey() {
+    return braintreePrivateKey;
+  }
+
+  /** Does nothing. */
+  @Override
+  public void close() {}
+}

java/google/registry/keyring/api/VoidKeyring.java

@@ -1,115 +0,0 @@
-// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package google.registry.keyring.api;
-
-import javax.annotation.concurrent.Immutable;
-import org.bouncycastle.openpgp.PGPKeyPair;
-import org.bouncycastle.openpgp.PGPPrivateKey;
-import org.bouncycastle.openpgp.PGPPublicKey;
-
-/** {@link Keyring} that throws {@link UnsupportedOperationException} if any methods are called. */
-@Immutable
-public final class VoidKeyring implements Keyring {
-
-  private static final String ERROR = "Keyring support not loaded";
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public PGPKeyPair getRdeSigningKey() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public PGPKeyPair getBrdaSigningKey() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public PGPPublicKey getRdeStagingEncryptionKey() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public PGPPrivateKey getRdeStagingDecryptionKey() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public PGPPublicKey getRdeReceiverKey() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public PGPPublicKey getBrdaReceiverKey() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public String getRdeSshClientPublicKey() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public String getRdeSshClientPrivateKey() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public String getIcannReportingPassword() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public String getMarksdbDnlLogin() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public String getMarksdbLordnPassword() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public String getMarksdbSmdrlLogin() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public String getJsonCredential() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** @throws UnsupportedOperationException always */
-  @Override
-  public String getBraintreePrivateKey() {
-    throw new UnsupportedOperationException(ERROR);
-  }
-
-  /** Does nothing. */
-  @Override
-  public void close() {}
-}

java/google/registry/keyring/api/VoidKeyringModule.java

@@ -1,31 +0,0 @@
-// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
-//
-// Licensed under the Apache License, Version 2.0 (the "License");
-// you may not use this file except in compliance with the License.
-// You may obtain a copy of the License at
-//
-//     http://www.apache.org/licenses/LICENSE-2.0
-//
-// Unless required by applicable law or agreed to in writing, software
-// distributed under the License is distributed on an "AS IS" BASIS,
-// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-// See the License for the specific language governing permissions and
-// limitations under the License.
-
-package google.registry.keyring.api;
-
-import dagger.Module;
-import dagger.Provides;
-import javax.annotation.concurrent.Immutable;
-
-/** Dagger keyring module that always returns {@link VoidKeyring} instances. */
-@Module
-@Immutable
-public final class VoidKeyringModule {
-
-  /** Always returns a {@link VoidKeyring} instance. */
-  @Provides
-  static Keyring provideKeyring() {
-    return new VoidKeyring();
-  }
-}

java/google/registry/keyring/api/pgp-private-keyring.asc

@@ -0,0 +1,35 @@
+-----BEGIN PGP PRIVATE KEY BLOCK-----
+Version: GnuPG v1
+
+lQH+BFfPBakBBACTKn8ZPbKVyafxVOnFh9n9Xb0DIA2ph8oTw8p5ObJpzZ/bx/Bx
+eIMs5KjiZu6yr+SQAkDbokDwlFTVIVESvkxYPeHVn9vnW01T4nlQ2/4ezAqjNuGl
+7B61Kl50JMprgZo+VvbRhzYWYcZclZDNO9axyphWuIFarMgdDl8TC0IuKwARAQAB
+/gMDAiNREMtdTajUYJnvE5MXiUAwkiGYLgWeHu9/v+jzpKCpOFCzJpkQHRM4FoUC
+tb/PuWzMT/b6ZpxsiK2bjZ0MzQGUHfHGJfyqJQBRKblmHIemS2xlXzBnqU5znlUs
+IFptSNUo6Qen3Oxlr4y4ArRKpMAYAjRP0prJDE5A/Za7AuChyDWZhLFu39iVer1c
+9FJlkIGMfPWNzJEfqJnsO7IyszwbpEMbHtz3mCeYQn4E+S4RO6g4GsIkaVUcFvkL
+ATpmcnYvWlaRlWLkv8GTVBdTmHRb9/NGEhbrwfCN1vnjfi9iPVFpdmy9g5+zyh+6
+fQEXa/a5JhKwzYfsvBGjOIworikhN8+OmLKS7ww2hB3wHa1JtEodjbBv6UqZk8+i
+bMBXqCiR1oL9hll5XeOxwrfdmoye6bkzgawA0MXNnXHJRm6pl9rZkXo9SHPenQLJ
+Cqs5DNYKmNJg13ZIJdVdprT5nALCMuxMESsN6nKM7wrStDhEb21haW4gUmVnaXN0
+cnkgPGRvbWFpbi1yZWdpc3RyeS11c2Vyc0Bnb29nbGVncm91cHMuY29tPoi4BBMB
+AgAiBQJXzwWpAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCIX9igNM8p
+/6lZA/wIukET7iOVp/um4feLIaLoBaJlWdb6dRHPgQKZaFfNg5CaALCeVOwsBKNA
+6YCCCtaSa1l6bIzziC8Lii37DB5hNF9M9A350rgUFHtKze5BAADtPkpDpY50nPug
+wkQP7UEjCMcpix0fDX5cJ/bJ9va7w5fw3LX/GuBuLHemswGBup0B/gRXzwWpAQQA
+xuQ90FV9LRznzfZe4/IUGGQ1L/ku9xuA1TGeTnuqRR9kdTofZw5p2a0Kh915x6En
+VLogsAvshwIiDZaraJRiXLBrF7Hf4fKgc0gHNtlkVSCeow1kGScDXOpQ01deDFfU
+YjQq86XSfwCognw7O5636kNsS7Te0jfPZmbgJdldGXMAEQEAAf4DAwIjURDLXU2o
+1GC/wS0hrGk9x0H8daxBK1nH1U8kT+8RQM0t7c4rpY0z3p/FTpc4sKy58K0YDVT2
+7ym0ukUHBR7Em0rr9VCkUVkR0rQhpi2ioMUDLn+FyslzYSZnsvvK1WWgMYuCylHM
+H7lrzkJQvN7jWdKEURwkRC38S4/JfhZQ8Y+hHa8yt96pCxB6NgUkwjPK/H4KVYz7
+hjPAu0fsvzklfo9/xZMSoRZF+K8KXNc8MqBK8gheuP8bU3c30KTjevjlLw8kUsL3
+wkqehCYCe1GKPUhdLoBQiWGAddFFwyPuMuzk1W3oaxRaXPDT2eR4+5jNkoODX9Wz
+sWgM7h6gkaPdaSaKNatYAlqVQxWsdVnJOzJzj8UZp34oGQxow9ZU1WGqccd5VlJx
+32aQjcGXcjgq/zY4OcKBKxiFWJX8LUzIlUmEyTppxzn4VxbOmbVc5L2Knw5isv6E
+Q5CnZCaJVeGvIeHuDfIyIA0+Sk29nYifBBgBAgAJBQJXzwWpAhsMAAoJEIhf2KA0
+zyn/cZcD/0a540LdD3xv9JrEwS2bMPYUKtwqw/dysiLnkvW1hQBj7bJUhQrILb3p
+9qPcubKPPODNPfUxKOjQX7zTMTd4F7wVGXoARrqiqvmCrK9XL1UnqZ+ofvvId2Sc
+p5qUP0iC5kc8od3T64DEPJPqMs2/GrjfMGwRTzEbIdp22Jho0Esy
+=qUDG
+-----END PGP PRIVATE KEY BLOCK-----

java/google/registry/keyring/api/pgp-public-keyring.asc

@@ -0,0 +1,20 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+Version: GnuPG v1
+
+mI0EV88FqQEEAJMqfxk9spXJp/FU6cWH2f1dvQMgDamHyhPDynk5smnNn9vH8HF4
+gyzkqOJm7rKv5JACQNuiQPCUVNUhURK+TFg94dWf2+dbTVPieVDb/h7MCqM24aXs
+HrUqXnQkymuBmj5W9tGHNhZhxlyVkM071rHKmFa4gVqsyB0OXxMLQi4rABEBAAG0
+OERvbWFpbiBSZWdpc3RyeSA8ZG9tYWluLXJlZ2lzdHJ5LXVzZXJzQGdvb2dsZWdy
+b3Vwcy5jb20+iLgEEwECACIFAlfPBakCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
+AheAAAoJEIhf2KA0zyn/qVkD/Ai6QRPuI5Wn+6bh94shougFomVZ1vp1Ec+BAplo
+V82DkJoAsJ5U7CwEo0DpgIIK1pJrWXpsjPOILwuKLfsMHmE0X0z0DfnSuBQUe0rN
+7kEAAO0+SkOljnSc+6DCRA/tQSMIxymLHR8Nflwn9sn29rvDl/Dctf8a4G4sd6az
+AYG6uI0EV88FqQEEAMbkPdBVfS0c5832XuPyFBhkNS/5LvcbgNUxnk57qkUfZHU6
+H2cOadmtCofdecehJ1S6ILAL7IcCIg2Wq2iUYlywaxex3+HyoHNIBzbZZFUgnqMN
+ZBknA1zqUNNXXgxX1GI0KvOl0n8AqIJ8Ozuet+pDbEu03tI3z2Zm4CXZXRlzABEB
+AAGInwQYAQIACQUCV88FqQIbDAAKCRCIX9igNM8p/3GXA/9GueNC3Q98b/SaxMEt
+mzD2FCrcKsP3crIi55L1tYUAY+2yVIUKyC296faj3LmyjzzgzT31MSjo0F+80zE3
+eBe8FRl6AEa6oqr5gqyvVy9VJ6mfqH77yHdknKealD9IguZHPKHd0+uAxDyT6jLN
+vxq43zBsEU8xGyHadtiYaNBLMg==
+=v+Qg
+-----END PGP PUBLIC KEY BLOCK-----

java/google/registry/module/backend/BackendComponent.java

@@ -25,7 +25,7 @@ import google.registry.groups.DirectoryModule;
 import google.registry.groups.GroupsModule;
 import google.registry.groups.GroupssettingsModule;
 import google.registry.keyring.api.KeyModule;
-import google.registry.keyring.api.VoidKeyringModule;
+import google.registry.keyring.api.DummyKeyringModule;
 import google.registry.monitoring.metrics.MetricReporter;
 import google.registry.monitoring.whitebox.StackdriverModule;
 import google.registry.rde.JSchModule;
@@ -69,7 +69,7 @@ import javax.inject.Singleton;
         UrlFetchTransportModule.class,
         UseAppIdentityCredentialForGoogleApisModule.class,
         VoidDnsWriterModule.class,
-        VoidKeyringModule.class,
+        DummyKeyringModule.class,
     })
 interface BackendComponent {
   BackendRequestComponent startRequest(RequestModule requestModule);

java/google/registry/module/frontend/FrontendComponent.java

@@ -18,7 +18,7 @@ import dagger.Component;
 import google.registry.braintree.BraintreeModule;
 import google.registry.config.ConfigModule;
 import google.registry.keyring.api.KeyModule;
-import google.registry.keyring.api.VoidKeyringModule;
+import google.registry.keyring.api.DummyKeyringModule;
 import google.registry.monitoring.metrics.MetricReporter;
 import google.registry.monitoring.whitebox.StackdriverModule;
 import google.registry.request.Modules.AppIdentityCredentialModule;
@@ -49,7 +49,7 @@ import javax.inject.Singleton;
         UrlFetchTransportModule.class,
         UseAppIdentityCredentialForGoogleApisModule.class,
         UserServiceModule.class,
-        VoidKeyringModule.class,
+        DummyKeyringModule.class,
     })
 interface FrontendComponent {
   FrontendRequestComponent startRequest(RequestModule requestModule);

java/google/registry/module/tools/ToolsComponent.java

@@ -22,7 +22,7 @@ import google.registry.groups.DirectoryModule;
 import google.registry.groups.GroupsModule;
 import google.registry.groups.GroupssettingsModule;
 import google.registry.keyring.api.KeyModule;
-import google.registry.keyring.api.VoidKeyringModule;
+import google.registry.keyring.api.DummyKeyringModule;
 import google.registry.request.Modules.AppIdentityCredentialModule;
 import google.registry.request.Modules.DatastoreServiceModule;
 import google.registry.request.Modules.GoogleCredentialModule;
@@ -53,7 +53,7 @@ import javax.inject.Singleton;
         UseAppIdentityCredentialForGoogleApisModule.class,
         SystemClockModule.class,
         SystemSleeperModule.class,
-        VoidKeyringModule.class,
+        DummyKeyringModule.class,
     })
 interface ToolsComponent {
   ToolsRequestComponent startRequest(RequestModule requestModule);

java/google/registry/tools/RegistryToolComponent.java

@@ -20,7 +20,7 @@ import google.registry.dns.writer.VoidDnsWriterModule;
 import google.registry.dns.writer.clouddns.CloudDnsModule;
 import google.registry.dns.writer.dnsupdate.DnsUpdateWriterModule;
 import google.registry.keyring.api.KeyModule;
-import google.registry.keyring.api.VoidKeyringModule;
+import google.registry.keyring.api.DummyKeyringModule;
 import google.registry.request.Modules.DatastoreServiceModule;
 import google.registry.request.Modules.Jackson2Module;
 import google.registry.request.Modules.URLFetchServiceModule;
@@ -44,7 +44,7 @@ import google.registry.util.SystemClock.SystemClockModule;
     SystemClockModule.class,
     URLFetchServiceModule.class,
     VoidDnsWriterModule.class,
-    VoidKeyringModule.class,
+    DummyKeyringModule.class,
   }
 )
 interface RegistryToolComponent {