zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-06-26 22:34:55 +02:00
Code Issues Projects Releases Packages Wiki Activity

mv com/google/domain/registry google/registry

Browse source 
This change renames directories in preparation for the great package
rename. The repository is now in a broken state because the code
itself hasn't been updated. However this should ensure that git
correctly preserves history for each file.
This commit is contained in:
Justine Tunney 2016-05-13 18:55:08 -04:00
parent a41677aea1
commit 5012893c1d
2396 changed files with 0 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

165
java/google/registry/keyring/api/Keyring.java Normal file
View file

@ -0,0 +1,165 @@
// Copyright 2016 The Domain Registry Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.domain.registry.keyring.api;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
import javax.annotation.concurrent.ThreadSafe;
/**
* Domain Registry keyring interface.
*
* <p>Separate methods are defined for each specific situation in which the
* registry server needs a secret value, like a PGP key or password.
*/
@ThreadSafe
public interface Keyring extends AutoCloseable {
/**
* Returns the key which should be used to sign RDE deposits being uploaded to a third-party.
*
* <p>When we give all our data to the escrow provider, they'll need
* a signature to ensure the data is authentic.
*
* <p>This keypair should only be known to the domain registry shared
* registry system.
*
* @see com.google.domain.registry.rde.RdeUploadAction
*/
PGPKeyPair getRdeSigningKey();
/**
* Returns public key for encrypting escrow deposits being staged to cloud storage.
*
* <p>This adds an additional layer of security so cloud storage administrators
* won't be tempted to go poking around the App Engine Cloud Console and see a
* dump of the entire database.
*
* <p>This keypair should only be known to the domain registry shared
* registry system.
*
* @see #getRdeStagingDecryptionKey()
*/
PGPPublicKey getRdeStagingEncryptionKey();
/**
* Returns private key for decrypting escrow deposits retrieved from cloud storage.
*
* <p>This method may impose restrictions on who can call it. For example, we'd want
* to check that the caller isn't an HTTP request attacking a vulnerability in the
* admin console. The request should originate from a backend task queue servlet
* invocation of the RDE upload thing.
*
* @see #getRdeStagingEncryptionKey()
* @see com.google.domain.registry.rde.RdeUploadAction
*/
PGPPrivateKey getRdeStagingDecryptionKey();
/**
* Returns public key of escrow agent for encrypting deposits as they're uploaded.
*
* @see com.google.domain.registry.rde.RdeUploadAction
*/
PGPPublicKey getRdeReceiverKey();
/**
* Returns the PGP key we use to sign Bulk Registration Data Access (BRDA) deposits.
*
* @see com.google.domain.registry.rde.BrdaCopyAction
*/
PGPKeyPair getBrdaSigningKey();
/**
* Returns public key of receiver of Bulk Registration Data Access (BRDA) deposits.
*
* @see com.google.domain.registry.rde.BrdaCopyAction
*/
PGPPublicKey getBrdaReceiverKey();
/**
* Returns public key for SSH client connections made by RDE.
*
* <p>This is a string containing what would otherwise be the contents of an
* {@code ~/.ssh/id_rsa.pub} file. It's usually a single line with the name of
* the algorithm, the base64 key, and the email address of the owner.
*
* @see com.google.domain.registry.rde.RdeUploadAction
*/
String getRdeSshClientPublicKey();
/**
* Returns private key for SSH client connections made by RDE.
*
* <p>This is a string containing what would otherwise be the contents of an
* {@code ~/.ssh/id_rsa} file. It's ASCII-armored text.
*
* <p>This method may impose restrictions on who can call it. For example, we'd want
* to check that the caller isn't an HTTP request attacking a vulnerability in the
* admin console. The request should originate from a backend task queue servlet
* invocation of the RDE upload thing.
*
* @see com.google.domain.registry.rde.RdeUploadAction
*/
String getRdeSshClientPrivateKey();
/**
* Returns password to be used when uploading reports to ICANN.
*
* @see com.google.domain.registry.rde.RdeReportAction
*/
String getIcannReportingPassword();
/**
* Returns {@code user:password} login for TMCH MarksDB HTTP server DNL interface.
*
* @see com.google.domain.registry.tmch.TmchDnlAction
*/
String getMarksdbDnlLogin();
/**
* Returns password for TMCH MarksDB HTTP server LORDN interface.
*
* @see "com.google.domain.registry.tmch.LordnRequestInitializer"
*/
String getMarksdbLordnPassword();
/**
* Returns {@code user:password} login for TMCH MarksDB HTTP server SMDRL interface.
*
* @see com.google.domain.registry.tmch.TmchSmdrlAction
*/
String getMarksdbSmdrlLogin();
/**
* Returns the credentials for a service account on the Google AppEngine project downloaded from
* the Cloud Console dashboard in JSON format.
*/
String getJsonCredential();
/**
* Returns Braintree API private key for Registry.
*
* <p>This is a base32 value copied from the Braintree website.
*
* @see com.google.domain.registry.config.ConfigModule#provideBraintreePublicKey
*/
String getBraintreePrivateKey();
// Don't throw so try-with-resources works better.
@Override
void close();
}