diff --git a/buildSrc/gradle/dependency-locks/apt.lockfile b/buildSrc/gradle/dependency-locks/apt.lockfile new file mode 100644 index 000000000..656c5dbcc --- /dev/null +++ b/buildSrc/gradle/dependency-locks/apt.lockfile @@ -0,0 +1,3 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. diff --git a/buildSrc/gradle/dependency-locks/archives.lockfile b/buildSrc/gradle/dependency-locks/archives.lockfile new file mode 100644 index 000000000..656c5dbcc --- /dev/null +++ b/buildSrc/gradle/dependency-locks/archives.lockfile @@ -0,0 +1,3 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. diff --git a/buildSrc/gradle/dependency-locks/default.lockfile b/buildSrc/gradle/dependency-locks/default.lockfile new file mode 100644 index 000000000..af10edfea --- /dev/null +++ b/buildSrc/gradle/dependency-locks/default.lockfile @@ -0,0 +1,61 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +aopalliance:aopalliance:1.0 +args4j:args4j:2.0.23 +com.fasterxml.jackson.core:jackson-core:2.9.9 +com.google.api-client:google-api-client:1.27.0 +com.google.api.grpc:proto-google-common-protos:1.12.0 +com.google.api.grpc:proto-google-iam-v1:0.12.0 +com.google.api:api-common:1.7.0 +com.google.api:gax-httpjson:0.52.1 +com.google.api:gax:1.35.1 +com.google.apis:google-api-services-storage:v1-rev20181013-1.27.0 +com.google.auth:google-auth-library-credentials:0.16.1 +com.google.auth:google-auth-library-oauth2-http:0.16.1 +com.google.auto.value:auto-value-annotations:1.6.3 +com.google.cloud:google-cloud-core-http:1.59.0 +com.google.cloud:google-cloud-core:1.59.0 +com.google.cloud:google-cloud-storage:1.59.0 +com.google.code.findbugs:jsr305:3.0.2 +com.google.code.gson:gson:2.7 +com.google.common.html.types:types:1.0.4 +com.google.errorprone:error_prone_annotations:2.3.2 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:28.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.gwt:gwt-user:2.8.0-beta1 +com.google.http-client:google-http-client-appengine:1.27.0 +com.google.http-client:google-http-client-jackson2:1.30.1 +com.google.http-client:google-http-client:1.30.1 +com.google.inject.extensions:guice-multibindings:4.1.0 +com.google.inject:guice:4.1.0 +com.google.j2objc:j2objc-annotations:1.3 +com.google.oauth-client:google-oauth-client:1.27.0 +com.google.protobuf:protobuf-java-util:3.6.1 +com.google.protobuf:protobuf-java:3.6.1 +com.google.template:soy:2018-03-14 +com.ibm.icu:icu4j:57.1 +commons-codec:commons-codec:1.11 +commons-logging:commons-logging:1.2 +io.grpc:grpc-context:1.19.0 +io.opencensus:opencensus-api:0.21.0 +io.opencensus:opencensus-contrib-http-util:0.21.0 +javax.annotation:javax.annotation-api:1.2 +javax.annotation:jsr250-api:1.0 +javax.inject:javax.inject:1 +javax.validation:validation-api:1.0.0.GA +joda-time:joda-time:2.9.2 +org.apache.commons:commons-lang3:3.8.1 +org.apache.commons:commons-text:1.6 +org.apache.httpcomponents:httpclient:4.5.8 +org.apache.httpcomponents:httpcore:4.4.11 +org.checkerframework:checker-qual:2.8.1 +org.codehaus.mojo:animal-sniffer-annotations:1.18 +org.json:json:20160212 +org.ow2.asm:asm-analysis:6.0 +org.ow2.asm:asm-commons:6.0 +org.ow2.asm:asm-tree:6.0 +org.ow2.asm:asm-util:6.0 +org.ow2.asm:asm:6.0 +org.threeten:threetenbp:1.3.3 diff --git a/buildSrc/gradle/dependency-locks/errorprone.lockfile b/buildSrc/gradle/dependency-locks/errorprone.lockfile new file mode 100644 index 000000000..0e2d9b8d4 --- /dev/null +++ b/buildSrc/gradle/dependency-locks/errorprone.lockfile @@ -0,0 +1,24 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.github.kevinstern:software-and-algorithms:1.0 +com.github.stephenc.jcip:jcip-annotations:1.0-1 +com.google.auto:auto-common:0.10 +com.google.code.findbugs:jFormatString:3.0.0 +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotation:2.3.3 +com.google.errorprone:error_prone_annotations:2.3.3 +com.google.errorprone:error_prone_check_api:2.3.3 +com.google.errorprone:error_prone_core:2.3.3 +com.google.errorprone:error_prone_type_annotations:2.3.3 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:27.0.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.1 +com.google.protobuf:protobuf-java:3.4.0 +com.googlecode.java-diff-utils:diffutils:1.3.0 +org.checkerframework:checker-qual:2.5.3 +org.checkerframework:dataflow:2.5.3 +org.checkerframework:javacutil:2.5.3 +org.codehaus.mojo:animal-sniffer-annotations:1.17 +org.pcollections:pcollections:2.1.2 diff --git a/buildSrc/gradle/dependency-locks/testApt.lockfile b/buildSrc/gradle/dependency-locks/testApt.lockfile new file mode 100644 index 000000000..656c5dbcc --- /dev/null +++ b/buildSrc/gradle/dependency-locks/testApt.lockfile @@ -0,0 +1,3 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. diff --git a/db/gradle/dependency-locks/compileApi.lockfile b/db/gradle/dependency-locks/compileApi.lockfile new file mode 100644 index 000000000..656c5dbcc --- /dev/null +++ b/db/gradle/dependency-locks/compileApi.lockfile @@ -0,0 +1,3 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. diff --git a/networking/build.gradle b/networking/build.gradle new file mode 100644 index 000000000..8b8ec9bd6 --- /dev/null +++ b/networking/build.gradle @@ -0,0 +1,46 @@ +// Copyright 2019 The Nomulus Authors. All Rights Reserved. +// +// Licensed under the Apache License, Version 2.0 (the "License"); +// you may not use this file except in compliance with the License. +// You may obtain a copy of the License at +// +// http://www.apache.org/licenses/LICENSE-2.0 +// +// Unless required by applicable law or agreed to in writing, software +// distributed under the License is distributed on an "AS IS" BASIS, +// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +// See the License for the specific language governing permissions and +// limitations under the License. + +dependencies { + def deps = rootProject.dependencyMap + + compile deps['com.google.flogger:flogger'] + compile deps['com.google.guava:guava'] + compile deps['io.netty:netty-buffer'] + compile deps['io.netty:netty-codec'] + compile deps['io.netty:netty-codec-http'] + compile deps['io.netty:netty-common'] + compile deps['io.netty:netty-handler'] + compile deps['io.netty:netty-transport'] + compile deps['javax.inject:javax.inject'] + + runtime deps['com.google.flogger:flogger-system-backend'] + runtime deps['io.netty:netty-tcnative-boringssl-static'] + + testCompile deps['com.google.truth:truth'] + testCompile deps['junit:junit'] + testCompile deps['org.bouncycastle:bcpkix-jdk15on'] + testCompile deps['org.bouncycastle:bcprov-jdk15on'] + testCompile project(':third_party') +} + +// Make testing artifacts available to be depended up on by other projects. +task testJar(type: Jar) { + classifier = 'test' + from sourceSets.test.output +} + +artifacts { + testRuntime testJar +} diff --git a/networking/gradle/dependency-locks/annotationProcessor.lockfile b/networking/gradle/dependency-locks/annotationProcessor.lockfile new file mode 100644 index 000000000..0e2d9b8d4 --- /dev/null +++ b/networking/gradle/dependency-locks/annotationProcessor.lockfile @@ -0,0 +1,24 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.github.kevinstern:software-and-algorithms:1.0 +com.github.stephenc.jcip:jcip-annotations:1.0-1 +com.google.auto:auto-common:0.10 +com.google.code.findbugs:jFormatString:3.0.0 +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotation:2.3.3 +com.google.errorprone:error_prone_annotations:2.3.3 +com.google.errorprone:error_prone_check_api:2.3.3 +com.google.errorprone:error_prone_core:2.3.3 +com.google.errorprone:error_prone_type_annotations:2.3.3 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:27.0.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.1 +com.google.protobuf:protobuf-java:3.4.0 +com.googlecode.java-diff-utils:diffutils:1.3.0 +org.checkerframework:checker-qual:2.5.3 +org.checkerframework:dataflow:2.5.3 +org.checkerframework:javacutil:2.5.3 +org.codehaus.mojo:animal-sniffer-annotations:1.17 +org.pcollections:pcollections:2.1.2 diff --git a/networking/gradle/dependency-locks/apt.lockfile b/networking/gradle/dependency-locks/apt.lockfile new file mode 100644 index 000000000..656c5dbcc --- /dev/null +++ b/networking/gradle/dependency-locks/apt.lockfile @@ -0,0 +1,3 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. diff --git a/networking/gradle/dependency-locks/archives.lockfile b/networking/gradle/dependency-locks/archives.lockfile new file mode 100644 index 000000000..656c5dbcc --- /dev/null +++ b/networking/gradle/dependency-locks/archives.lockfile @@ -0,0 +1,3 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. diff --git a/networking/gradle/dependency-locks/buildscript-classpath.lockfile b/networking/gradle/dependency-locks/buildscript-classpath.lockfile new file mode 100644 index 000000000..656c5dbcc --- /dev/null +++ b/networking/gradle/dependency-locks/buildscript-classpath.lockfile @@ -0,0 +1,3 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. diff --git a/networking/gradle/dependency-locks/checkstyle.lockfile b/networking/gradle/dependency-locks/checkstyle.lockfile new file mode 100644 index 000000000..986396b59 --- /dev/null +++ b/networking/gradle/dependency-locks/checkstyle.lockfile @@ -0,0 +1,18 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +antlr:antlr:2.7.7 +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotations:2.3.2 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:28.0-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.3 +com.puppycrawl.tools:checkstyle:8.24 +commons-beanutils:commons-beanutils:1.9.4 +commons-collections:commons-collections:3.2.2 +info.picocli:picocli:4.0.3 +net.sf.saxon:Saxon-HE:9.9.1-4 +org.antlr:antlr4-runtime:4.7.2 +org.checkerframework:checker-qual:2.8.1 +org.codehaus.mojo:animal-sniffer-annotations:1.17 diff --git a/networking/gradle/dependency-locks/compile.lockfile b/networking/gradle/dependency-locks/compile.lockfile new file mode 100644 index 000000000..cfec92435 --- /dev/null +++ b/networking/gradle/dependency-locks/compile.lockfile @@ -0,0 +1,20 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotations:2.3.2 +com.google.flogger:flogger:0.1 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:28.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.3 +io.netty:netty-buffer:4.1.31.Final +io.netty:netty-codec-http:4.1.31.Final +io.netty:netty-codec:4.1.31.Final +io.netty:netty-common:4.1.31.Final +io.netty:netty-handler:4.1.31.Final +io.netty:netty-resolver:4.1.31.Final +io.netty:netty-transport:4.1.31.Final +javax.inject:javax.inject:1 +org.checkerframework:checker-qual:2.8.1 +org.codehaus.mojo:animal-sniffer-annotations:1.18 diff --git a/networking/gradle/dependency-locks/compileClasspath.lockfile b/networking/gradle/dependency-locks/compileClasspath.lockfile new file mode 100644 index 000000000..cfec92435 --- /dev/null +++ b/networking/gradle/dependency-locks/compileClasspath.lockfile @@ -0,0 +1,20 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotations:2.3.2 +com.google.flogger:flogger:0.1 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:28.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.3 +io.netty:netty-buffer:4.1.31.Final +io.netty:netty-codec-http:4.1.31.Final +io.netty:netty-codec:4.1.31.Final +io.netty:netty-common:4.1.31.Final +io.netty:netty-handler:4.1.31.Final +io.netty:netty-resolver:4.1.31.Final +io.netty:netty-transport:4.1.31.Final +javax.inject:javax.inject:1 +org.checkerframework:checker-qual:2.8.1 +org.codehaus.mojo:animal-sniffer-annotations:1.18 diff --git a/networking/gradle/dependency-locks/compileOnly.lockfile b/networking/gradle/dependency-locks/compileOnly.lockfile new file mode 100644 index 000000000..656c5dbcc --- /dev/null +++ b/networking/gradle/dependency-locks/compileOnly.lockfile @@ -0,0 +1,3 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. diff --git a/networking/gradle/dependency-locks/default.lockfile b/networking/gradle/dependency-locks/default.lockfile new file mode 100644 index 000000000..7dc8b65fb --- /dev/null +++ b/networking/gradle/dependency-locks/default.lockfile @@ -0,0 +1,22 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotations:2.3.2 +com.google.flogger:flogger-system-backend:0.1 +com.google.flogger:flogger:0.1 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:28.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.3 +io.netty:netty-buffer:4.1.31.Final +io.netty:netty-codec-http:4.1.31.Final +io.netty:netty-codec:4.1.31.Final +io.netty:netty-common:4.1.31.Final +io.netty:netty-handler:4.1.31.Final +io.netty:netty-resolver:4.1.31.Final +io.netty:netty-tcnative-boringssl-static:2.0.22.Final +io.netty:netty-transport:4.1.31.Final +javax.inject:javax.inject:1 +org.checkerframework:checker-qual:2.8.1 +org.codehaus.mojo:animal-sniffer-annotations:1.18 diff --git a/networking/gradle/dependency-locks/errorprone.lockfile b/networking/gradle/dependency-locks/errorprone.lockfile new file mode 100644 index 000000000..0e2d9b8d4 --- /dev/null +++ b/networking/gradle/dependency-locks/errorprone.lockfile @@ -0,0 +1,24 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.github.kevinstern:software-and-algorithms:1.0 +com.github.stephenc.jcip:jcip-annotations:1.0-1 +com.google.auto:auto-common:0.10 +com.google.code.findbugs:jFormatString:3.0.0 +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotation:2.3.3 +com.google.errorprone:error_prone_annotations:2.3.3 +com.google.errorprone:error_prone_check_api:2.3.3 +com.google.errorprone:error_prone_core:2.3.3 +com.google.errorprone:error_prone_type_annotations:2.3.3 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:27.0.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.1 +com.google.protobuf:protobuf-java:3.4.0 +com.googlecode.java-diff-utils:diffutils:1.3.0 +org.checkerframework:checker-qual:2.5.3 +org.checkerframework:dataflow:2.5.3 +org.checkerframework:javacutil:2.5.3 +org.codehaus.mojo:animal-sniffer-annotations:1.17 +org.pcollections:pcollections:2.1.2 diff --git a/networking/gradle/dependency-locks/errorproneJavac.lockfile b/networking/gradle/dependency-locks/errorproneJavac.lockfile new file mode 100644 index 000000000..43f098f5c --- /dev/null +++ b/networking/gradle/dependency-locks/errorproneJavac.lockfile @@ -0,0 +1,4 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.google.errorprone:javac:9+181-r4173-1 diff --git a/networking/gradle/dependency-locks/jacocoAgent.lockfile b/networking/gradle/dependency-locks/jacocoAgent.lockfile new file mode 100644 index 000000000..6b7fa31b5 --- /dev/null +++ b/networking/gradle/dependency-locks/jacocoAgent.lockfile @@ -0,0 +1,4 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +org.jacoco:org.jacoco.agent:0.8.5 diff --git a/networking/gradle/dependency-locks/jacocoAnt.lockfile b/networking/gradle/dependency-locks/jacocoAnt.lockfile new file mode 100644 index 000000000..40e2c298b --- /dev/null +++ b/networking/gradle/dependency-locks/jacocoAnt.lockfile @@ -0,0 +1,11 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +org.jacoco:org.jacoco.agent:0.8.5 +org.jacoco:org.jacoco.ant:0.8.5 +org.jacoco:org.jacoco.core:0.8.5 +org.jacoco:org.jacoco.report:0.8.5 +org.ow2.asm:asm-analysis:7.2 +org.ow2.asm:asm-commons:7.2 +org.ow2.asm:asm-tree:7.2 +org.ow2.asm:asm:7.2 diff --git a/networking/gradle/dependency-locks/runtime.lockfile b/networking/gradle/dependency-locks/runtime.lockfile new file mode 100644 index 000000000..7dc8b65fb --- /dev/null +++ b/networking/gradle/dependency-locks/runtime.lockfile @@ -0,0 +1,22 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotations:2.3.2 +com.google.flogger:flogger-system-backend:0.1 +com.google.flogger:flogger:0.1 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:28.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.3 +io.netty:netty-buffer:4.1.31.Final +io.netty:netty-codec-http:4.1.31.Final +io.netty:netty-codec:4.1.31.Final +io.netty:netty-common:4.1.31.Final +io.netty:netty-handler:4.1.31.Final +io.netty:netty-resolver:4.1.31.Final +io.netty:netty-tcnative-boringssl-static:2.0.22.Final +io.netty:netty-transport:4.1.31.Final +javax.inject:javax.inject:1 +org.checkerframework:checker-qual:2.8.1 +org.codehaus.mojo:animal-sniffer-annotations:1.18 diff --git a/networking/gradle/dependency-locks/runtimeClasspath.lockfile b/networking/gradle/dependency-locks/runtimeClasspath.lockfile new file mode 100644 index 000000000..7dc8b65fb --- /dev/null +++ b/networking/gradle/dependency-locks/runtimeClasspath.lockfile @@ -0,0 +1,22 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotations:2.3.2 +com.google.flogger:flogger-system-backend:0.1 +com.google.flogger:flogger:0.1 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:28.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.3 +io.netty:netty-buffer:4.1.31.Final +io.netty:netty-codec-http:4.1.31.Final +io.netty:netty-codec:4.1.31.Final +io.netty:netty-common:4.1.31.Final +io.netty:netty-handler:4.1.31.Final +io.netty:netty-resolver:4.1.31.Final +io.netty:netty-tcnative-boringssl-static:2.0.22.Final +io.netty:netty-transport:4.1.31.Final +javax.inject:javax.inject:1 +org.checkerframework:checker-qual:2.8.1 +org.codehaus.mojo:animal-sniffer-annotations:1.18 diff --git a/networking/gradle/dependency-locks/testAnnotationProcessor.lockfile b/networking/gradle/dependency-locks/testAnnotationProcessor.lockfile new file mode 100644 index 000000000..0e2d9b8d4 --- /dev/null +++ b/networking/gradle/dependency-locks/testAnnotationProcessor.lockfile @@ -0,0 +1,24 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.github.kevinstern:software-and-algorithms:1.0 +com.github.stephenc.jcip:jcip-annotations:1.0-1 +com.google.auto:auto-common:0.10 +com.google.code.findbugs:jFormatString:3.0.0 +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotation:2.3.3 +com.google.errorprone:error_prone_annotations:2.3.3 +com.google.errorprone:error_prone_check_api:2.3.3 +com.google.errorprone:error_prone_core:2.3.3 +com.google.errorprone:error_prone_type_annotations:2.3.3 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:27.0.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.1 +com.google.protobuf:protobuf-java:3.4.0 +com.googlecode.java-diff-utils:diffutils:1.3.0 +org.checkerframework:checker-qual:2.5.3 +org.checkerframework:dataflow:2.5.3 +org.checkerframework:javacutil:2.5.3 +org.codehaus.mojo:animal-sniffer-annotations:1.17 +org.pcollections:pcollections:2.1.2 diff --git a/networking/gradle/dependency-locks/testApt.lockfile b/networking/gradle/dependency-locks/testApt.lockfile new file mode 100644 index 000000000..656c5dbcc --- /dev/null +++ b/networking/gradle/dependency-locks/testApt.lockfile @@ -0,0 +1,3 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. diff --git a/networking/gradle/dependency-locks/testCompile.lockfile b/networking/gradle/dependency-locks/testCompile.lockfile new file mode 100644 index 000000000..daece711f --- /dev/null +++ b/networking/gradle/dependency-locks/testCompile.lockfile @@ -0,0 +1,28 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.google.auto.value:auto-value-annotations:1.6.3 +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotations:2.3.2 +com.google.flogger:flogger:0.1 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:28.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.3 +com.google.truth:truth:1.0 +com.googlecode.java-diff-utils:diffutils:1.3.0 +io.netty:netty-buffer:4.1.31.Final +io.netty:netty-codec-http:4.1.31.Final +io.netty:netty-codec:4.1.31.Final +io.netty:netty-common:4.1.31.Final +io.netty:netty-handler:4.1.31.Final +io.netty:netty-resolver:4.1.31.Final +io.netty:netty-transport:4.1.31.Final +javax.inject:javax.inject:1 +junit:junit:4.12 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 +org.checkerframework:checker-compat-qual:2.5.5 +org.checkerframework:checker-qual:2.8.1 +org.codehaus.mojo:animal-sniffer-annotations:1.18 +org.hamcrest:hamcrest-core:1.3 diff --git a/networking/gradle/dependency-locks/testCompileClasspath.lockfile b/networking/gradle/dependency-locks/testCompileClasspath.lockfile new file mode 100644 index 000000000..daece711f --- /dev/null +++ b/networking/gradle/dependency-locks/testCompileClasspath.lockfile @@ -0,0 +1,28 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.google.auto.value:auto-value-annotations:1.6.3 +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotations:2.3.2 +com.google.flogger:flogger:0.1 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:28.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.3 +com.google.truth:truth:1.0 +com.googlecode.java-diff-utils:diffutils:1.3.0 +io.netty:netty-buffer:4.1.31.Final +io.netty:netty-codec-http:4.1.31.Final +io.netty:netty-codec:4.1.31.Final +io.netty:netty-common:4.1.31.Final +io.netty:netty-handler:4.1.31.Final +io.netty:netty-resolver:4.1.31.Final +io.netty:netty-transport:4.1.31.Final +javax.inject:javax.inject:1 +junit:junit:4.12 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 +org.checkerframework:checker-compat-qual:2.5.5 +org.checkerframework:checker-qual:2.8.1 +org.codehaus.mojo:animal-sniffer-annotations:1.18 +org.hamcrest:hamcrest-core:1.3 diff --git a/networking/gradle/dependency-locks/testCompileOnly.lockfile b/networking/gradle/dependency-locks/testCompileOnly.lockfile new file mode 100644 index 000000000..656c5dbcc --- /dev/null +++ b/networking/gradle/dependency-locks/testCompileOnly.lockfile @@ -0,0 +1,3 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. diff --git a/networking/gradle/dependency-locks/testRuntime.lockfile b/networking/gradle/dependency-locks/testRuntime.lockfile new file mode 100644 index 000000000..c52811fd5 --- /dev/null +++ b/networking/gradle/dependency-locks/testRuntime.lockfile @@ -0,0 +1,30 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.google.auto.value:auto-value-annotations:1.6.3 +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotations:2.3.2 +com.google.flogger:flogger-system-backend:0.1 +com.google.flogger:flogger:0.1 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:28.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.3 +com.google.truth:truth:1.0 +com.googlecode.java-diff-utils:diffutils:1.3.0 +io.netty:netty-buffer:4.1.31.Final +io.netty:netty-codec-http:4.1.31.Final +io.netty:netty-codec:4.1.31.Final +io.netty:netty-common:4.1.31.Final +io.netty:netty-handler:4.1.31.Final +io.netty:netty-resolver:4.1.31.Final +io.netty:netty-tcnative-boringssl-static:2.0.22.Final +io.netty:netty-transport:4.1.31.Final +javax.inject:javax.inject:1 +junit:junit:4.12 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 +org.checkerframework:checker-compat-qual:2.5.5 +org.checkerframework:checker-qual:2.8.1 +org.codehaus.mojo:animal-sniffer-annotations:1.18 +org.hamcrest:hamcrest-core:1.3 diff --git a/networking/gradle/dependency-locks/testRuntimeClasspath.lockfile b/networking/gradle/dependency-locks/testRuntimeClasspath.lockfile new file mode 100644 index 000000000..c52811fd5 --- /dev/null +++ b/networking/gradle/dependency-locks/testRuntimeClasspath.lockfile @@ -0,0 +1,30 @@ +# This is a Gradle generated file for dependency locking. +# Manual edits can break the build and are not advised. +# This file is expected to be part of source control. +com.google.auto.value:auto-value-annotations:1.6.3 +com.google.code.findbugs:jsr305:3.0.2 +com.google.errorprone:error_prone_annotations:2.3.2 +com.google.flogger:flogger-system-backend:0.1 +com.google.flogger:flogger:0.1 +com.google.guava:failureaccess:1.0.1 +com.google.guava:guava:28.1-jre +com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava +com.google.j2objc:j2objc-annotations:1.3 +com.google.truth:truth:1.0 +com.googlecode.java-diff-utils:diffutils:1.3.0 +io.netty:netty-buffer:4.1.31.Final +io.netty:netty-codec-http:4.1.31.Final +io.netty:netty-codec:4.1.31.Final +io.netty:netty-common:4.1.31.Final +io.netty:netty-handler:4.1.31.Final +io.netty:netty-resolver:4.1.31.Final +io.netty:netty-tcnative-boringssl-static:2.0.22.Final +io.netty:netty-transport:4.1.31.Final +javax.inject:javax.inject:1 +junit:junit:4.12 +org.bouncycastle:bcpkix-jdk15on:1.61 +org.bouncycastle:bcprov-jdk15on:1.61 +org.checkerframework:checker-compat-qual:2.5.5 +org.checkerframework:checker-qual:2.8.1 +org.codehaus.mojo:animal-sniffer-annotations:1.18 +org.hamcrest:hamcrest-core:1.3 diff --git a/proxy/src/main/java/google/registry/proxy/handler/SslClientInitializer.java b/networking/src/main/java/google/registry/networking/handler/SslClientInitializer.java similarity index 72% rename from proxy/src/main/java/google/registry/proxy/handler/SslClientInitializer.java rename to networking/src/main/java/google/registry/networking/handler/SslClientInitializer.java index e8c200b08..6376453a7 100644 --- a/proxy/src/main/java/google/registry/proxy/handler/SslClientInitializer.java +++ b/networking/src/main/java/google/registry/networking/handler/SslClientInitializer.java @@ -12,14 +12,12 @@ // See the License for the specific language governing permissions and // limitations under the License. -package google.registry.proxy.handler; +package google.registry.networking.handler; import static com.google.common.base.Preconditions.checkNotNull; -import static google.registry.proxy.Protocol.PROTOCOL_KEY; import com.google.common.annotations.VisibleForTesting; import com.google.common.flogger.FluentLogger; -import google.registry.proxy.Protocol.BackendProtocol; import io.netty.channel.Channel; import io.netty.channel.ChannelHandler.Sharable; import io.netty.channel.ChannelInitializer; @@ -28,7 +26,7 @@ import io.netty.handler.ssl.SslContextBuilder; import io.netty.handler.ssl.SslHandler; import io.netty.handler.ssl.SslProvider; import java.security.cert.X509Certificate; -import javax.inject.Inject; +import java.util.function.Function; import javax.inject.Singleton; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; @@ -46,32 +44,42 @@ public class SslClientInitializer extends ChannelInitializer< private static final FluentLogger logger = FluentLogger.forEnclosingClass(); + private final Function hostProvider; + private final Function portProvider; private final SslProvider sslProvider; private final X509Certificate[] trustedCertificates; - @Inject - public SslClientInitializer(SslProvider sslProvider) { + public SslClientInitializer( + SslProvider sslProvider, + Function hostProvider, + Function portProvider) { // null uses the system default trust store. - this(sslProvider, null); + this(sslProvider, hostProvider, portProvider, null); } @VisibleForTesting - SslClientInitializer(SslProvider sslProvider, X509Certificate[] trustCertificates) { + SslClientInitializer( + SslProvider sslProvider, + Function hostProvider, + Function portProvider, + X509Certificate[] trustCertificates) { logger.atInfo().log("Client SSL Provider: %s", sslProvider); this.sslProvider = sslProvider; + this.hostProvider = hostProvider; + this.portProvider = portProvider; this.trustedCertificates = trustCertificates; } @Override protected void initChannel(C channel) throws Exception { - BackendProtocol protocol = (BackendProtocol) channel.attr(PROTOCOL_KEY).get(); - checkNotNull(protocol, "Protocol is not set for channel: %s", channel); + checkNotNull(hostProvider.apply(channel), "Cannot obtain SSL host for channel: %s", channel); + checkNotNull(portProvider.apply(channel), "Cannot obtain SSL port for channel: %s", channel); SslHandler sslHandler = SslContextBuilder.forClient() .sslProvider(sslProvider) .trustManager(trustedCertificates) .build() - .newHandler(channel.alloc(), protocol.host(), protocol.port()); + .newHandler(channel.alloc(), hostProvider.apply(channel), portProvider.apply(channel)); // Enable hostname verification. SSLEngine sslEngine = sslHandler.engine(); diff --git a/proxy/src/main/java/google/registry/proxy/handler/SslServerInitializer.java b/networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java similarity index 94% rename from proxy/src/main/java/google/registry/proxy/handler/SslServerInitializer.java rename to networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java index c58871c87..b4a3f8dca 100644 --- a/proxy/src/main/java/google/registry/proxy/handler/SslServerInitializer.java +++ b/networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package google.registry.proxy.handler; +package google.registry.networking.handler; import com.google.common.flogger.FluentLogger; import io.netty.channel.Channel; @@ -35,9 +35,9 @@ import java.util.function.Supplier; * Adds a server side SSL handler to the channel pipeline. * *

This should be the first handler provided for any handler provider list, if it is - * provided. Unless you wish to first process the PROXY header with {@link ProxyProtocolHandler}, - * which should come before this handler. The type parameter {@code C} is needed so that unit tests - * can construct this handler that works with {@link EmbeddedChannel}; + * provided. Unless you wish to first process the PROXY header with another handler, which should + * come before this handler. The type parameter {@code C} is needed so that unit tests can construct + * this handler that works with {@link EmbeddedChannel}; * *

The ssl handler added requires client authentication, but it uses an {@link * InsecureTrustManagerFactory}, which accepts any ssl certificate presented by the client, as long diff --git a/proxy/src/test/java/google/registry/proxy/handler/NettyRule.java b/networking/src/test/java/google/registry/networking/handler/NettyRule.java similarity index 95% rename from proxy/src/test/java/google/registry/proxy/handler/NettyRule.java rename to networking/src/test/java/google/registry/networking/handler/NettyRule.java index c0fbdae28..4a5646103 100644 --- a/proxy/src/test/java/google/registry/proxy/handler/NettyRule.java +++ b/networking/src/test/java/google/registry/networking/handler/NettyRule.java @@ -12,18 +12,16 @@ // See the License for the specific language governing permissions and // limitations under the License. -package google.registry.proxy.handler; +package google.registry.networking.handler; import static com.google.common.base.Preconditions.checkState; import static com.google.common.truth.Truth.assertThat; -import static google.registry.proxy.Protocol.PROTOCOL_KEY; import static google.registry.testing.JUnitBackports.assertThrows; import static java.nio.charset.StandardCharsets.US_ASCII; import static java.nio.charset.StandardCharsets.UTF_8; import com.google.common.base.Throwables; import com.google.common.truth.ThrowableSubject; -import google.registry.proxy.Protocol.BackendProtocol; import io.netty.bootstrap.Bootstrap; import io.netty.bootstrap.ServerBootstrap; import io.netty.buffer.ByteBuf; @@ -88,10 +86,7 @@ final class NettyRule extends ExternalResource { } /** Sets up a client channel connecting to the give local address. */ - void setUpClient( - LocalAddress localAddress, - BackendProtocol protocol, - ChannelHandler handler) { + void setUpClient(LocalAddress localAddress, ChannelHandler handler) { checkState(echoHandler != null, "Must call setUpServer before setUpClient"); checkState(dumpHandler == null, "Can't call setUpClient twice"); dumpHandler = new DumpHandler(); @@ -109,8 +104,7 @@ final class NettyRule extends ExternalResource { new Bootstrap() .group(eventLoopGroup) .channel(LocalChannel.class) - .handler(clientInitializer) - .attr(PROTOCOL_KEY, protocol); + .handler(clientInitializer); channel = b.connect(localAddress).syncUninterruptibly().channel(); } diff --git a/proxy/src/test/java/google/registry/proxy/handler/SslClientInitializerTest.java b/networking/src/test/java/google/registry/networking/handler/SslClientInitializerTest.java similarity index 80% rename from proxy/src/test/java/google/registry/proxy/handler/SslClientInitializerTest.java rename to networking/src/test/java/google/registry/networking/handler/SslClientInitializerTest.java index c6232d847..43779811b 100644 --- a/proxy/src/test/java/google/registry/proxy/handler/SslClientInitializerTest.java +++ b/networking/src/test/java/google/registry/networking/handler/SslClientInitializerTest.java @@ -12,17 +12,14 @@ // See the License for the specific language governing permissions and // limitations under the License. -package google.registry.proxy.handler; +package google.registry.networking.handler; import static com.google.common.truth.Truth.assertThat; -import static google.registry.proxy.Protocol.PROTOCOL_KEY; -import static google.registry.proxy.handler.SslInitializerTestUtils.getKeyPair; -import static google.registry.proxy.handler.SslInitializerTestUtils.setUpSslChannel; -import static google.registry.proxy.handler.SslInitializerTestUtils.signKeyPair; +import static google.registry.networking.handler.SslInitializerTestUtils.getKeyPair; +import static google.registry.networking.handler.SslInitializerTestUtils.setUpSslChannel; +import static google.registry.networking.handler.SslInitializerTestUtils.signKeyPair; -import com.google.common.collect.ImmutableList; -import google.registry.proxy.Protocol; -import google.registry.proxy.Protocol.BackendProtocol; +import io.netty.channel.Channel; import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelPipeline; import io.netty.channel.embedded.EmbeddedChannel; @@ -40,6 +37,7 @@ import java.security.PrivateKey; import java.security.cert.CertPathBuilderException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; +import java.util.function.Function; import javax.net.ssl.SSLException; import org.junit.Rule; import org.junit.Test; @@ -68,8 +66,11 @@ public class SslClientInitializerTest { /** Fake port to test if the SSL engine gets the correct peer port. */ private static final int SSL_PORT = 12345; - @Rule - public NettyRule nettyRule = new NettyRule(); + private static final Function hostProvider = channel -> SSL_HOST; + + private static final Function portProvider = channel -> SSL_PORT; + + @Rule public NettyRule nettyRule = new NettyRule(); @Parameter(0) public SslProvider sslProvider; @@ -85,15 +86,6 @@ public class SslClientInitializerTest { /** Saves the SNI hostname received by the server, if sent by the client. */ private String sniHostReceived; - /** Fake protocol saved in channel attribute. */ - private static final BackendProtocol PROTOCOL = - Protocol.backendBuilder() - .name("ssl") - .host(SSL_HOST) - .port(SSL_PORT) - .handlerProviders(ImmutableList.of()) - .build(); - private ChannelHandler getServerHandler(PrivateKey privateKey, X509Certificate certificate) throws Exception { SslContext sslContext = SslContextBuilder.forServer(privateKey, certificate).build(); @@ -107,9 +99,8 @@ public class SslClientInitializerTest { @Test public void testSuccess_swappedInitializerWithSslHandler() throws Exception { SslClientInitializer sslClientInitializer = - new SslClientInitializer<>(sslProvider); + new SslClientInitializer<>(sslProvider, hostProvider, portProvider); EmbeddedChannel channel = new EmbeddedChannel(); - channel.attr(PROTOCOL_KEY).set(PROTOCOL); ChannelPipeline pipeline = channel.pipeline(); pipeline.addLast(sslClientInitializer); ChannelHandler firstHandler = pipeline.first(); @@ -121,9 +112,20 @@ public class SslClientInitializerTest { } @Test - public void testSuccess_protocolAttributeNotSet() { + public void testSuccess_nullHost() { SslClientInitializer sslClientInitializer = - new SslClientInitializer<>(sslProvider); + new SslClientInitializer<>(sslProvider, channel -> null, portProvider); + EmbeddedChannel channel = new EmbeddedChannel(); + ChannelPipeline pipeline = channel.pipeline(); + pipeline.addLast(sslClientInitializer); + // Channel initializer swallows error thrown, and closes the connection. + assertThat(channel.isActive()).isFalse(); + } + + @Test + public void testSuccess_nullPort() { + SslClientInitializer sslClientInitializer = + new SslClientInitializer<>(sslProvider, hostProvider, channel -> null); EmbeddedChannel channel = new EmbeddedChannel(); ChannelPipeline pipeline = channel.pipeline(); pipeline.addLast(sslClientInitializer); @@ -138,8 +140,8 @@ public class SslClientInitializerTest { new LocalAddress("DEFAULT_TRUST_MANAGER_REJECT_SELF_SIGNED_CERT_" + sslProvider); nettyRule.setUpServer(localAddress, getServerHandler(ssc.key(), ssc.cert())); SslClientInitializer sslClientInitializer = - new SslClientInitializer<>(sslProvider); - nettyRule.setUpClient(localAddress, PROTOCOL, sslClientInitializer); + new SslClientInitializer<>(sslProvider, hostProvider, portProvider); + nettyRule.setUpClient(localAddress, sslClientInitializer); // The connection is now terminated, both the client side and the server side should get // exceptions. nettyRule.assertThatClientRootCause().isInstanceOf(CertPathBuilderException.class); @@ -165,8 +167,9 @@ public class SslClientInitializerTest { // Set up the client to trust the self signed cert used to sign the cert that server provides. SslClientInitializer sslClientInitializer = - new SslClientInitializer<>(sslProvider, new X509Certificate[] {ssc.cert()}); - nettyRule.setUpClient(localAddress, PROTOCOL, sslClientInitializer); + new SslClientInitializer<>( + sslProvider, hostProvider, portProvider, new X509Certificate[] {ssc.cert()}); + nettyRule.setUpClient(localAddress, sslClientInitializer); setUpSslChannel(nettyRule.getChannel(), cert); nettyRule.assertThatMessagesWork(); @@ -193,8 +196,9 @@ public class SslClientInitializerTest { // Set up the client to trust the self signed cert used to sign the cert that server provides. SslClientInitializer sslClientInitializer = - new SslClientInitializer<>(sslProvider, new X509Certificate[] {ssc.cert()}); - nettyRule.setUpClient(localAddress, PROTOCOL, sslClientInitializer); + new SslClientInitializer<>( + sslProvider, hostProvider, portProvider, new X509Certificate[] {ssc.cert()}); + nettyRule.setUpClient(localAddress, sslClientInitializer); // When the client rejects the server cert due to wrong hostname, both the client and server // should throw exceptions. diff --git a/proxy/src/test/java/google/registry/proxy/handler/SslInitializerTestUtils.java b/networking/src/test/java/google/registry/networking/handler/SslInitializerTestUtils.java similarity index 90% rename from proxy/src/test/java/google/registry/proxy/handler/SslInitializerTestUtils.java rename to networking/src/test/java/google/registry/networking/handler/SslInitializerTestUtils.java index 8e98ee5fc..317579088 100644 --- a/proxy/src/test/java/google/registry/proxy/handler/SslInitializerTestUtils.java +++ b/networking/src/test/java/google/registry/networking/handler/SslInitializerTestUtils.java @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package google.registry.proxy.handler; +package google.registry.networking.handler; import static com.google.common.truth.Truth.assertThat; @@ -31,18 +31,21 @@ import java.util.Date; import javax.net.ssl.SSLSession; import javax.security.auth.x500.X500Principal; import org.bouncycastle.jce.provider.BouncyCastleProvider; +import org.bouncycastle.x509.X509V3CertificateGenerator; /** * Utility class that provides methods used by {@link SslClientInitializerTest} and {@link * SslServerInitializerTest}. */ @SuppressWarnings("deprecation") -public class SslInitializerTestUtils { +public final class SslInitializerTestUtils { static { Security.addProvider(new BouncyCastleProvider()); } + private SslInitializerTestUtils() {} + public static KeyPair getKeyPair() throws Exception { KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC"); keyPairGenerator.initialize(2048, new SecureRandom()); @@ -56,8 +59,7 @@ public class SslInitializerTestUtils { */ public static X509Certificate signKeyPair( SelfSignedCertificate ssc, KeyPair keyPair, String hostname) throws Exception { - org.bouncycastle.x509.X509V3CertificateGenerator certGen = - new org.bouncycastle.x509.X509V3CertificateGenerator(); + X509V3CertificateGenerator certGen = new X509V3CertificateGenerator(); X500Principal dnName = new X500Principal("CN=" + hostname); certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis())); certGen.setSubjectDN(dnName); @@ -76,10 +78,7 @@ public class SslInitializerTestUtils { * @param certs The certificate that the server should provide. * @return The SSL session in current channel, can be used for further validation. */ - static SSLSession setUpSslChannel( - Channel channel, - X509Certificate... certs) - throws Exception { + static SSLSession setUpSslChannel(Channel channel, X509Certificate... certs) throws Exception { SslHandler sslHandler = channel.pipeline().get(SslHandler.class); // Wait till the handshake is complete. sslHandler.handshakeFuture().get(); diff --git a/proxy/src/test/java/google/registry/proxy/handler/SslServerInitializerTest.java b/networking/src/test/java/google/registry/networking/handler/SslServerInitializerTest.java similarity index 80% rename from proxy/src/test/java/google/registry/proxy/handler/SslServerInitializerTest.java rename to networking/src/test/java/google/registry/networking/handler/SslServerInitializerTest.java index bfc33bee9..5a6c08df1 100644 --- a/proxy/src/test/java/google/registry/proxy/handler/SslServerInitializerTest.java +++ b/networking/src/test/java/google/registry/networking/handler/SslServerInitializerTest.java @@ -12,17 +12,14 @@ // See the License for the specific language governing permissions and // limitations under the License. -package google.registry.proxy.handler; +package google.registry.networking.handler; import static com.google.common.truth.Truth.assertThat; -import static google.registry.proxy.handler.SslInitializerTestUtils.getKeyPair; -import static google.registry.proxy.handler.SslInitializerTestUtils.setUpSslChannel; -import static google.registry.proxy.handler.SslInitializerTestUtils.signKeyPair; +import static google.registry.networking.handler.SslInitializerTestUtils.getKeyPair; +import static google.registry.networking.handler.SslInitializerTestUtils.setUpSslChannel; +import static google.registry.networking.handler.SslInitializerTestUtils.signKeyPair; import com.google.common.base.Suppliers; -import com.google.common.collect.ImmutableList; -import google.registry.proxy.Protocol; -import google.registry.proxy.Protocol.BackendProtocol; import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelInitializer; import io.netty.channel.ChannelPipeline; @@ -70,17 +67,7 @@ public class SslServerInitializerTest { /** Fake port to test if the SSL engine gets the correct peer port. */ private static final int SSL_PORT = 12345; - /** Fake protocol saved in channel attribute. */ - private static final BackendProtocol PROTOCOL = - Protocol.backendBuilder() - .name("ssl") - .host(SSL_HOST) - .port(SSL_PORT) - .handlerProviders(ImmutableList.of()) - .build(); - - @Rule - public NettyRule nettyRule = new NettyRule(); + @Rule public NettyRule nettyRule = new NettyRule(); @Parameter(0) public SslProvider sslProvider; @@ -107,26 +94,25 @@ public class SslServerInitializerTest { } private ChannelHandler getClientHandler( - X509Certificate trustedCertificate, - PrivateKey privateKey, - X509Certificate certificate) { + X509Certificate trustedCertificate, PrivateKey privateKey, X509Certificate certificate) { return new ChannelInitializer() { @Override protected void initChannel(LocalChannel ch) throws Exception { - SslContextBuilder sslContextBuilder = - SslContextBuilder.forClient().trustManager(trustedCertificate).sslProvider(sslProvider); - if (privateKey != null && certificate != null) { - sslContextBuilder.keyManager(privateKey, certificate); - } - SslHandler sslHandler = sslContextBuilder.build().newHandler(ch.alloc(), SSL_HOST, SSL_PORT); + SslContextBuilder sslContextBuilder = + SslContextBuilder.forClient().trustManager(trustedCertificate).sslProvider(sslProvider); + if (privateKey != null && certificate != null) { + sslContextBuilder.keyManager(privateKey, certificate); + } + SslHandler sslHandler = + sslContextBuilder.build().newHandler(ch.alloc(), SSL_HOST, SSL_PORT); - // Enable hostname verification. - SSLEngine sslEngine = sslHandler.engine(); - SSLParameters sslParameters = sslEngine.getSSLParameters(); - sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); - sslEngine.setSSLParameters(sslParameters); + // Enable hostname verification. + SSLEngine sslEngine = sslHandler.engine(); + SSLParameters sslParameters = sslEngine.getSSLParameters(); + sslParameters.setEndpointIdentificationAlgorithm("HTTPS"); + sslEngine.setSSLParameters(sslParameters); - ch.pipeline().addLast(sslHandler); + ch.pipeline().addLast(sslHandler); } }; } @@ -158,9 +144,7 @@ public class SslServerInitializerTest { nettyRule.setUpServer(localAddress, getServerHandler(serverSsc.key(), serverSsc.cert())); SelfSignedCertificate clientSsc = new SelfSignedCertificate(); nettyRule.setUpClient( - localAddress, - PROTOCOL, - getClientHandler(serverSsc.cert(), clientSsc.key(), clientSsc.cert())); + localAddress, getClientHandler(serverSsc.cert(), clientSsc.key(), clientSsc.cert())); SSLSession sslSession = setUpSslChannel(nettyRule.getChannel(), serverSsc.cert()); nettyRule.assertThatMessagesWork(); @@ -177,11 +161,8 @@ public class SslServerInitializerTest { SelfSignedCertificate serverSsc = new SelfSignedCertificate(SSL_HOST); LocalAddress localAddress = new LocalAddress("DOES_NOT_REQUIRE_CLIENT_CERT_" + sslProvider); - nettyRule.setUpServer( - localAddress, - getServerHandler(false, serverSsc.key(), serverSsc.cert())); - nettyRule.setUpClient( - localAddress, PROTOCOL, getClientHandler(serverSsc.cert(), null, null)); + nettyRule.setUpServer(localAddress, getServerHandler(false, serverSsc.key(), serverSsc.cert())); + nettyRule.setUpClient(localAddress, getClientHandler(serverSsc.cert(), null, null)); SSLSession sslSession = setUpSslChannel(nettyRule.getChannel(), serverSsc.cert()); nettyRule.assertThatMessagesWork(); @@ -211,10 +192,9 @@ public class SslServerInitializerTest { SelfSignedCertificate clientSsc = new SelfSignedCertificate(); nettyRule.setUpClient( localAddress, - PROTOCOL, - getClientHandler( - // Client trusts the CA cert - caSsc.cert(), clientSsc.key(), clientSsc.cert())); + getClientHandler( + // Client trusts the CA cert + caSsc.cert(), clientSsc.key(), clientSsc.cert())); SSLSession sslSession = setUpSslChannel(nettyRule.getChannel(), serverCert, caSsc.cert()); nettyRule.assertThatMessagesWork(); @@ -234,7 +214,6 @@ public class SslServerInitializerTest { nettyRule.setUpServer(localAddress, getServerHandler(serverSsc.key(), serverSsc.cert())); nettyRule.setUpClient( localAddress, - PROTOCOL, getClientHandler( serverSsc.cert(), // No client cert/private key used. @@ -256,9 +235,7 @@ public class SslServerInitializerTest { nettyRule.setUpServer(localAddress, getServerHandler(serverSsc.key(), serverSsc.cert())); SelfSignedCertificate clientSsc = new SelfSignedCertificate(); nettyRule.setUpClient( - localAddress, - PROTOCOL, - getClientHandler(serverSsc.cert(), clientSsc.key(), clientSsc.cert())); + localAddress, getClientHandler(serverSsc.cert(), clientSsc.key(), clientSsc.cert())); // When the client rejects the server cert due to wrong hostname, both the server and the client // throw exceptions. diff --git a/proxy/build.gradle b/proxy/build.gradle index 1cd16e118..2f4af3da9 100644 --- a/proxy/build.gradle +++ b/proxy/build.gradle @@ -64,6 +64,7 @@ dependencies { compile deps['joda-time:joda-time'] compile deps['org.bouncycastle:bcpkix-jdk15on'] compile deps['org.bouncycastle:bcprov-jdk15on'] + compile project(':networking') compile project(':util') runtime deps['com.google.flogger:flogger-system-backend'] @@ -77,6 +78,7 @@ dependencies { testCompile deps['org.mockito:mockito-core'] testCompile project(':third_party') testCompile project(path: ':core', configuration: 'testRuntime') + testCompile project(path: ':networking', configuration: 'testRuntime') // Include auto-value in compile until nebula-lint understands // annotationProcessor diff --git a/proxy/gradle/dependency-locks/compile.lockfile b/proxy/gradle/dependency-locks/compile.lockfile index f6c13df98..19d89024f 100644 --- a/proxy/gradle/dependency-locks/compile.lockfile +++ b/proxy/gradle/dependency-locks/compile.lockfile @@ -17,6 +17,7 @@ com.google.code.findbugs:jsr305:3.0.2 com.google.code.gson:gson:2.8.5 com.google.dagger:dagger:2.21 com.google.errorprone:error_prone_annotations:2.3.2 +com.google.flogger:flogger-system-backend:0.1 com.google.flogger:flogger:0.1 com.google.guava:failureaccess:1.0.1 com.google.guava:guava:28.1-jre @@ -38,6 +39,7 @@ io.netty:netty-codec:4.1.31.Final io.netty:netty-common:4.1.31.Final io.netty:netty-handler:4.1.31.Final io.netty:netty-resolver:4.1.31.Final +io.netty:netty-tcnative-boringssl-static:2.0.22.Final io.netty:netty-transport:4.1.31.Final io.opencensus:opencensus-api:0.21.0 io.opencensus:opencensus-contrib-http-util:0.21.0 diff --git a/proxy/gradle/dependency-locks/compileClasspath.lockfile b/proxy/gradle/dependency-locks/compileClasspath.lockfile index f6c13df98..19d89024f 100644 --- a/proxy/gradle/dependency-locks/compileClasspath.lockfile +++ b/proxy/gradle/dependency-locks/compileClasspath.lockfile @@ -17,6 +17,7 @@ com.google.code.findbugs:jsr305:3.0.2 com.google.code.gson:gson:2.8.5 com.google.dagger:dagger:2.21 com.google.errorprone:error_prone_annotations:2.3.2 +com.google.flogger:flogger-system-backend:0.1 com.google.flogger:flogger:0.1 com.google.guava:failureaccess:1.0.1 com.google.guava:guava:28.1-jre @@ -38,6 +39,7 @@ io.netty:netty-codec:4.1.31.Final io.netty:netty-common:4.1.31.Final io.netty:netty-handler:4.1.31.Final io.netty:netty-resolver:4.1.31.Final +io.netty:netty-tcnative-boringssl-static:2.0.22.Final io.netty:netty-transport:4.1.31.Final io.opencensus:opencensus-api:0.21.0 io.opencensus:opencensus-contrib-http-util:0.21.0 diff --git a/proxy/gradle/dependency-locks/testCompile.lockfile b/proxy/gradle/dependency-locks/testCompile.lockfile index c0a30b4fa..32fedfd3f 100644 --- a/proxy/gradle/dependency-locks/testCompile.lockfile +++ b/proxy/gradle/dependency-locks/testCompile.lockfile @@ -164,7 +164,7 @@ io.netty:netty-common:4.1.31.Final io.netty:netty-handler-proxy:4.1.30.Final io.netty:netty-handler:4.1.31.Final io.netty:netty-resolver:4.1.31.Final -io.netty:netty-tcnative-boringssl-static:2.0.17.Final +io.netty:netty-tcnative-boringssl-static:2.0.22.Final io.netty:netty-transport:4.1.31.Final io.opencensus:opencensus-api:0.21.0 io.opencensus:opencensus-contrib-grpc-metrics:0.17.0 diff --git a/proxy/gradle/dependency-locks/testCompileClasspath.lockfile b/proxy/gradle/dependency-locks/testCompileClasspath.lockfile index 6f41ffb6b..0181c6144 100644 --- a/proxy/gradle/dependency-locks/testCompileClasspath.lockfile +++ b/proxy/gradle/dependency-locks/testCompileClasspath.lockfile @@ -152,7 +152,7 @@ io.netty:netty-common:4.1.31.Final io.netty:netty-handler-proxy:4.1.30.Final io.netty:netty-handler:4.1.31.Final io.netty:netty-resolver:4.1.31.Final -io.netty:netty-tcnative-boringssl-static:2.0.17.Final +io.netty:netty-tcnative-boringssl-static:2.0.22.Final io.netty:netty-transport:4.1.31.Final io.opencensus:opencensus-api:0.21.0 io.opencensus:opencensus-contrib-grpc-metrics:0.17.0 diff --git a/proxy/src/main/java/google/registry/proxy/EppProtocolModule.java b/proxy/src/main/java/google/registry/proxy/EppProtocolModule.java index d93b75fd8..32314225c 100644 --- a/proxy/src/main/java/google/registry/proxy/EppProtocolModule.java +++ b/proxy/src/main/java/google/registry/proxy/EppProtocolModule.java @@ -20,6 +20,7 @@ import com.google.common.collect.ImmutableList; import dagger.Module; import dagger.Provides; import dagger.multibindings.IntoSet; +import google.registry.networking.handler.SslServerInitializer; import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol; import google.registry.proxy.Protocol.BackendProtocol; import google.registry.proxy.Protocol.FrontendProtocol; @@ -28,7 +29,6 @@ import google.registry.proxy.handler.FrontendMetricsHandler; import google.registry.proxy.handler.ProxyProtocolHandler; import google.registry.proxy.handler.QuotaHandler.EppQuotaHandler; import google.registry.proxy.handler.RelayHandler.FullHttpRequestRelayHandler; -import google.registry.proxy.handler.SslServerInitializer; import google.registry.proxy.metric.FrontendMetrics; import google.registry.proxy.quota.QuotaConfig; import google.registry.proxy.quota.QuotaManager; @@ -150,11 +150,7 @@ public class EppProtocolModule { FrontendMetrics metrics, ProxyConfig config) { return new EppServiceHandler( - config.epp.relayHost, - config.epp.relayPath, - accessTokenSupplier, - helloBytes, - metrics); + config.epp.relayHost, config.epp.relayPath, accessTokenSupplier, helloBytes, metrics); } @Singleton diff --git a/proxy/src/main/java/google/registry/proxy/HttpsRelayProtocolModule.java b/proxy/src/main/java/google/registry/proxy/HttpsRelayProtocolModule.java index c575ae7da..389db1bb8 100644 --- a/proxy/src/main/java/google/registry/proxy/HttpsRelayProtocolModule.java +++ b/proxy/src/main/java/google/registry/proxy/HttpsRelayProtocolModule.java @@ -17,15 +17,16 @@ package google.registry.proxy; import com.google.common.collect.ImmutableList; import dagger.Module; import dagger.Provides; +import google.registry.networking.handler.SslClientInitializer; import google.registry.proxy.Protocol.BackendProtocol; import google.registry.proxy.handler.BackendMetricsHandler; import google.registry.proxy.handler.RelayHandler.FullHttpResponseRelayHandler; -import google.registry.proxy.handler.SslClientInitializer; import io.netty.channel.ChannelHandler; import io.netty.channel.socket.nio.NioSocketChannel; import io.netty.handler.codec.http.HttpClientCodec; import io.netty.handler.codec.http.HttpObjectAggregator; import io.netty.handler.logging.LoggingHandler; +import io.netty.handler.ssl.SslProvider; import java.security.cert.X509Certificate; import javax.annotation.Nullable; import javax.inject.Provider; @@ -58,10 +59,21 @@ public class HttpsRelayProtocolModule { .handlerProviders(handlerProviders); } + @Provides + @HttpsRelayProtocol + static SslClientInitializer provideSslClientInitializer( + SslProvider sslProvider) { + return new SslClientInitializer<>( + sslProvider, + channel -> ((BackendProtocol) channel.attr(Protocol.PROTOCOL_KEY).get()).host(), + channel -> channel.attr(Protocol.PROTOCOL_KEY).get().port()); + } + @Provides @HttpsRelayProtocol static ImmutableList> provideHandlerProviders( - Provider> sslClientInitializerProvider, + @HttpsRelayProtocol + Provider> sslClientInitializerProvider, Provider httpClientCodecProvider, Provider httpObjectAggregatorProvider, Provider backendMetricsHandlerProvider, diff --git a/proxy/src/main/java/google/registry/proxy/WebWhoisProtocolsModule.java b/proxy/src/main/java/google/registry/proxy/WebWhoisProtocolsModule.java index c8f656dd4..04c00e44a 100644 --- a/proxy/src/main/java/google/registry/proxy/WebWhoisProtocolsModule.java +++ b/proxy/src/main/java/google/registry/proxy/WebWhoisProtocolsModule.java @@ -18,8 +18,8 @@ import com.google.common.collect.ImmutableList; import dagger.Module; import dagger.Provides; import dagger.multibindings.IntoSet; +import google.registry.networking.handler.SslServerInitializer; import google.registry.proxy.Protocol.FrontendProtocol; -import google.registry.proxy.handler.SslServerInitializer; import google.registry.proxy.handler.WebWhoisRedirectHandler; import io.netty.channel.ChannelHandler; import io.netty.channel.socket.nio.NioSocketChannel; diff --git a/proxy/src/main/java/google/registry/proxy/handler/EppServiceHandler.java b/proxy/src/main/java/google/registry/proxy/handler/EppServiceHandler.java index 63cdcb56b..a7a33588f 100644 --- a/proxy/src/main/java/google/registry/proxy/handler/EppServiceHandler.java +++ b/proxy/src/main/java/google/registry/proxy/handler/EppServiceHandler.java @@ -16,8 +16,8 @@ package google.registry.proxy.handler; import static com.google.common.base.Preconditions.checkArgument; import static com.google.common.base.Preconditions.checkNotNull; +import static google.registry.networking.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY; import static google.registry.proxy.handler.ProxyProtocolHandler.REMOTE_ADDRESS_KEY; -import static google.registry.proxy.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY; import static google.registry.util.X509Utils.getCertificateHash; import com.google.common.flogger.FluentLogger; diff --git a/proxy/src/test/java/google/registry/proxy/CertificateModuleTest.java b/proxy/src/test/java/google/registry/proxy/CertificateModuleTest.java index a0c127a2d..191418a29 100644 --- a/proxy/src/test/java/google/registry/proxy/CertificateModuleTest.java +++ b/proxy/src/test/java/google/registry/proxy/CertificateModuleTest.java @@ -15,8 +15,8 @@ package google.registry.proxy; import static com.google.common.truth.Truth.assertThat; -import static google.registry.proxy.handler.SslInitializerTestUtils.getKeyPair; -import static google.registry.proxy.handler.SslInitializerTestUtils.signKeyPair; +import static google.registry.networking.handler.SslInitializerTestUtils.getKeyPair; +import static google.registry.networking.handler.SslInitializerTestUtils.signKeyPair; import static google.registry.testing.JUnitBackports.assertThrows; import static java.nio.charset.StandardCharsets.UTF_8; @@ -60,7 +60,7 @@ public class CertificateModuleTest { } /** Create a component with bindings to the given bytes[] as the contents from a PEM file. */ - private TestComponent createComponent(byte[] pemBytes) { + private static TestComponent createComponent(byte[] pemBytes) { return DaggerCertificateModuleTest_TestComponent.builder() .pemBytesModule(new PemBytesModule(pemBytes)) .build(); diff --git a/proxy/src/test/java/google/registry/proxy/EppProtocolModuleTest.java b/proxy/src/test/java/google/registry/proxy/EppProtocolModuleTest.java index 71cb81570..53c96693e 100644 --- a/proxy/src/test/java/google/registry/proxy/EppProtocolModuleTest.java +++ b/proxy/src/test/java/google/registry/proxy/EppProtocolModuleTest.java @@ -15,8 +15,8 @@ package google.registry.proxy; import static com.google.common.truth.Truth.assertThat; +import static google.registry.networking.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY; import static google.registry.proxy.handler.ProxyProtocolHandler.REMOTE_ADDRESS_KEY; -import static google.registry.proxy.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY; import static google.registry.testing.JUnitBackports.assertThrows; import static google.registry.util.ResourceUtils.readResourceBytes; import static google.registry.util.X509Utils.getCertificateHash; diff --git a/proxy/src/test/java/google/registry/proxy/ProtocolModuleTest.java b/proxy/src/test/java/google/registry/proxy/ProtocolModuleTest.java index c7b550f76..d516868cb 100644 --- a/proxy/src/test/java/google/registry/proxy/ProtocolModuleTest.java +++ b/proxy/src/test/java/google/registry/proxy/ProtocolModuleTest.java @@ -25,6 +25,8 @@ import com.google.common.util.concurrent.MoreExecutors; import dagger.Component; import dagger.Module; import dagger.Provides; +import google.registry.networking.handler.SslClientInitializer; +import google.registry.networking.handler.SslServerInitializer; import google.registry.proxy.EppProtocolModule.EppProtocol; import google.registry.proxy.HealthCheckProtocolModule.HealthCheckProtocol; import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol; @@ -38,8 +40,6 @@ import google.registry.proxy.handler.QuotaHandler.EppQuotaHandler; import google.registry.proxy.handler.QuotaHandler.WhoisQuotaHandler; import google.registry.proxy.handler.RelayHandler.FullHttpRequestRelayHandler; import google.registry.proxy.handler.RelayHandler.FullHttpResponseRelayHandler; -import google.registry.proxy.handler.SslClientInitializer; -import google.registry.proxy.handler.SslServerInitializer; import google.registry.proxy.handler.WebWhoisRedirectHandler; import google.registry.testing.FakeClock; import google.registry.util.Clock; diff --git a/proxy/src/test/java/google/registry/proxy/handler/EppServiceHandlerTest.java b/proxy/src/test/java/google/registry/proxy/handler/EppServiceHandlerTest.java index 118511932..7dd98f046 100644 --- a/proxy/src/test/java/google/registry/proxy/handler/EppServiceHandlerTest.java +++ b/proxy/src/test/java/google/registry/proxy/handler/EppServiceHandlerTest.java @@ -15,10 +15,10 @@ package google.registry.proxy.handler; import static com.google.common.truth.Truth.assertThat; +import static google.registry.networking.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY; import static google.registry.proxy.TestUtils.assertHttpRequestEquivalent; import static google.registry.proxy.TestUtils.makeEppHttpResponse; import static google.registry.proxy.handler.ProxyProtocolHandler.REMOTE_ADDRESS_KEY; -import static google.registry.proxy.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY; import static google.registry.testing.JUnitBackports.assertThrows; import static google.registry.util.X509Utils.getCertificateHash; import static java.nio.charset.StandardCharsets.UTF_8; diff --git a/settings.gradle b/settings.gradle index e229618ad..3aaddc310 100644 --- a/settings.gradle +++ b/settings.gradle @@ -29,6 +29,7 @@ rootProject.name = 'nomulus' include 'core' include 'db' +include 'networking' include 'prober' include 'proxy' include 'third_party'