Refactor common code used by the proxy and the prober (#375)

buildSrc/gradle/dependency-locks/apt.lockfile

@@ -0,0 +1,3 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.

buildSrc/gradle/dependency-locks/archives.lockfile

@@ -0,0 +1,3 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.

buildSrc/gradle/dependency-locks/default.lockfile

@@ -0,0 +1,61 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+aopalliance:aopalliance:1.0
+args4j:args4j:2.0.23
+com.fasterxml.jackson.core:jackson-core:2.9.9
+com.google.api-client:google-api-client:1.27.0
+com.google.api.grpc:proto-google-common-protos:1.12.0
+com.google.api.grpc:proto-google-iam-v1:0.12.0
+com.google.api:api-common:1.7.0
+com.google.api:gax-httpjson:0.52.1
+com.google.api:gax:1.35.1
+com.google.apis:google-api-services-storage:v1-rev20181013-1.27.0
+com.google.auth:google-auth-library-credentials:0.16.1
+com.google.auth:google-auth-library-oauth2-http:0.16.1
+com.google.auto.value:auto-value-annotations:1.6.3
+com.google.cloud:google-cloud-core-http:1.59.0
+com.google.cloud:google-cloud-core:1.59.0
+com.google.cloud:google-cloud-storage:1.59.0
+com.google.code.findbugs:jsr305:3.0.2
+com.google.code.gson:gson:2.7
+com.google.common.html.types:types:1.0.4
+com.google.errorprone:error_prone_annotations:2.3.2
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:28.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.gwt:gwt-user:2.8.0-beta1
+com.google.http-client:google-http-client-appengine:1.27.0
+com.google.http-client:google-http-client-jackson2:1.30.1
+com.google.http-client:google-http-client:1.30.1
+com.google.inject.extensions:guice-multibindings:4.1.0
+com.google.inject:guice:4.1.0
+com.google.j2objc:j2objc-annotations:1.3
+com.google.oauth-client:google-oauth-client:1.27.0
+com.google.protobuf:protobuf-java-util:3.6.1
+com.google.protobuf:protobuf-java:3.6.1
+com.google.template:soy:2018-03-14
+com.ibm.icu:icu4j:57.1
+commons-codec:commons-codec:1.11
+commons-logging:commons-logging:1.2
+io.grpc:grpc-context:1.19.0
+io.opencensus:opencensus-api:0.21.0
+io.opencensus:opencensus-contrib-http-util:0.21.0
+javax.annotation:javax.annotation-api:1.2
+javax.annotation:jsr250-api:1.0
+javax.inject:javax.inject:1
+javax.validation:validation-api:1.0.0.GA
+joda-time:joda-time:2.9.2
+org.apache.commons:commons-lang3:3.8.1
+org.apache.commons:commons-text:1.6
+org.apache.httpcomponents:httpclient:4.5.8
+org.apache.httpcomponents:httpcore:4.4.11
+org.checkerframework:checker-qual:2.8.1
+org.codehaus.mojo:animal-sniffer-annotations:1.18
+org.json:json:20160212
+org.ow2.asm:asm-analysis:6.0
+org.ow2.asm:asm-commons:6.0
+org.ow2.asm:asm-tree:6.0
+org.ow2.asm:asm-util:6.0
+org.ow2.asm:asm:6.0
+org.threeten:threetenbp:1.3.3

buildSrc/gradle/dependency-locks/errorprone.lockfile

@@ -0,0 +1,24 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.github.kevinstern:software-and-algorithms:1.0
+com.github.stephenc.jcip:jcip-annotations:1.0-1
+com.google.auto:auto-common:0.10
+com.google.code.findbugs:jFormatString:3.0.0
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotation:2.3.3
+com.google.errorprone:error_prone_annotations:2.3.3
+com.google.errorprone:error_prone_check_api:2.3.3
+com.google.errorprone:error_prone_core:2.3.3
+com.google.errorprone:error_prone_type_annotations:2.3.3
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:27.0.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.1
+com.google.protobuf:protobuf-java:3.4.0
+com.googlecode.java-diff-utils:diffutils:1.3.0
+org.checkerframework:checker-qual:2.5.3
+org.checkerframework:dataflow:2.5.3
+org.checkerframework:javacutil:2.5.3
+org.codehaus.mojo:animal-sniffer-annotations:1.17
+org.pcollections:pcollections:2.1.2

buildSrc/gradle/dependency-locks/testApt.lockfile

@@ -0,0 +1,3 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.

db/gradle/dependency-locks/compileApi.lockfile

@@ -0,0 +1,3 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.

networking/build.gradle

@@ -0,0 +1,46 @@
+// Copyright 2019 The Nomulus Authors. All Rights Reserved.
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     http://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+dependencies {
+  def deps = rootProject.dependencyMap
+
+  compile deps['com.google.flogger:flogger']
+  compile deps['com.google.guava:guava']
+  compile deps['io.netty:netty-buffer']
+  compile deps['io.netty:netty-codec']
+  compile deps['io.netty:netty-codec-http']
+  compile deps['io.netty:netty-common']
+  compile deps['io.netty:netty-handler']
+  compile deps['io.netty:netty-transport']
+  compile deps['javax.inject:javax.inject']
+
+  runtime deps['com.google.flogger:flogger-system-backend']
+  runtime deps['io.netty:netty-tcnative-boringssl-static']
+
+  testCompile deps['com.google.truth:truth']
+  testCompile deps['junit:junit']
+  testCompile deps['org.bouncycastle:bcpkix-jdk15on']
+  testCompile deps['org.bouncycastle:bcprov-jdk15on']
+  testCompile project(':third_party')
+}
+
+// Make testing artifacts available to be depended up on by other projects.
+task testJar(type: Jar) {
+  classifier = 'test'
+  from sourceSets.test.output
+}
+
+artifacts {
+  testRuntime testJar
+}

networking/gradle/dependency-locks/annotationProcessor.lockfile

@@ -0,0 +1,24 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.github.kevinstern:software-and-algorithms:1.0
+com.github.stephenc.jcip:jcip-annotations:1.0-1
+com.google.auto:auto-common:0.10
+com.google.code.findbugs:jFormatString:3.0.0
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotation:2.3.3
+com.google.errorprone:error_prone_annotations:2.3.3
+com.google.errorprone:error_prone_check_api:2.3.3
+com.google.errorprone:error_prone_core:2.3.3
+com.google.errorprone:error_prone_type_annotations:2.3.3
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:27.0.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.1
+com.google.protobuf:protobuf-java:3.4.0
+com.googlecode.java-diff-utils:diffutils:1.3.0
+org.checkerframework:checker-qual:2.5.3
+org.checkerframework:dataflow:2.5.3
+org.checkerframework:javacutil:2.5.3
+org.codehaus.mojo:animal-sniffer-annotations:1.17
+org.pcollections:pcollections:2.1.2

networking/gradle/dependency-locks/apt.lockfile

@@ -0,0 +1,3 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.

networking/gradle/dependency-locks/archives.lockfile

@@ -0,0 +1,3 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.

networking/gradle/dependency-locks/buildscript-classpath.lockfile

@@ -0,0 +1,3 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.

networking/gradle/dependency-locks/checkstyle.lockfile

@@ -0,0 +1,18 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+antlr:antlr:2.7.7
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotations:2.3.2
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:28.0-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.3
+com.puppycrawl.tools:checkstyle:8.24
+commons-beanutils:commons-beanutils:1.9.4
+commons-collections:commons-collections:3.2.2
+info.picocli:picocli:4.0.3
+net.sf.saxon:Saxon-HE:9.9.1-4
+org.antlr:antlr4-runtime:4.7.2
+org.checkerframework:checker-qual:2.8.1
+org.codehaus.mojo:animal-sniffer-annotations:1.17

networking/gradle/dependency-locks/compile.lockfile

@@ -0,0 +1,20 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotations:2.3.2
+com.google.flogger:flogger:0.1
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:28.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.3
+io.netty:netty-buffer:4.1.31.Final
+io.netty:netty-codec-http:4.1.31.Final
+io.netty:netty-codec:4.1.31.Final
+io.netty:netty-common:4.1.31.Final
+io.netty:netty-handler:4.1.31.Final
+io.netty:netty-resolver:4.1.31.Final
+io.netty:netty-transport:4.1.31.Final
+javax.inject:javax.inject:1
+org.checkerframework:checker-qual:2.8.1
+org.codehaus.mojo:animal-sniffer-annotations:1.18

networking/gradle/dependency-locks/compileClasspath.lockfile

@@ -0,0 +1,20 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotations:2.3.2
+com.google.flogger:flogger:0.1
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:28.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.3
+io.netty:netty-buffer:4.1.31.Final
+io.netty:netty-codec-http:4.1.31.Final
+io.netty:netty-codec:4.1.31.Final
+io.netty:netty-common:4.1.31.Final
+io.netty:netty-handler:4.1.31.Final
+io.netty:netty-resolver:4.1.31.Final
+io.netty:netty-transport:4.1.31.Final
+javax.inject:javax.inject:1
+org.checkerframework:checker-qual:2.8.1
+org.codehaus.mojo:animal-sniffer-annotations:1.18

networking/gradle/dependency-locks/compileOnly.lockfile

@@ -0,0 +1,3 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.

networking/gradle/dependency-locks/default.lockfile

@@ -0,0 +1,22 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotations:2.3.2
+com.google.flogger:flogger-system-backend:0.1
+com.google.flogger:flogger:0.1
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:28.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.3
+io.netty:netty-buffer:4.1.31.Final
+io.netty:netty-codec-http:4.1.31.Final
+io.netty:netty-codec:4.1.31.Final
+io.netty:netty-common:4.1.31.Final
+io.netty:netty-handler:4.1.31.Final
+io.netty:netty-resolver:4.1.31.Final
+io.netty:netty-tcnative-boringssl-static:2.0.22.Final
+io.netty:netty-transport:4.1.31.Final
+javax.inject:javax.inject:1
+org.checkerframework:checker-qual:2.8.1
+org.codehaus.mojo:animal-sniffer-annotations:1.18

networking/gradle/dependency-locks/errorprone.lockfile

@@ -0,0 +1,24 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.github.kevinstern:software-and-algorithms:1.0
+com.github.stephenc.jcip:jcip-annotations:1.0-1
+com.google.auto:auto-common:0.10
+com.google.code.findbugs:jFormatString:3.0.0
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotation:2.3.3
+com.google.errorprone:error_prone_annotations:2.3.3
+com.google.errorprone:error_prone_check_api:2.3.3
+com.google.errorprone:error_prone_core:2.3.3
+com.google.errorprone:error_prone_type_annotations:2.3.3
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:27.0.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.1
+com.google.protobuf:protobuf-java:3.4.0
+com.googlecode.java-diff-utils:diffutils:1.3.0
+org.checkerframework:checker-qual:2.5.3
+org.checkerframework:dataflow:2.5.3
+org.checkerframework:javacutil:2.5.3
+org.codehaus.mojo:animal-sniffer-annotations:1.17
+org.pcollections:pcollections:2.1.2

networking/gradle/dependency-locks/errorproneJavac.lockfile

@@ -0,0 +1,4 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.google.errorprone:javac:9+181-r4173-1

networking/gradle/dependency-locks/jacocoAgent.lockfile

@@ -0,0 +1,4 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+org.jacoco:org.jacoco.agent:0.8.5

networking/gradle/dependency-locks/jacocoAnt.lockfile

@@ -0,0 +1,11 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+org.jacoco:org.jacoco.agent:0.8.5
+org.jacoco:org.jacoco.ant:0.8.5
+org.jacoco:org.jacoco.core:0.8.5
+org.jacoco:org.jacoco.report:0.8.5
+org.ow2.asm:asm-analysis:7.2
+org.ow2.asm:asm-commons:7.2
+org.ow2.asm:asm-tree:7.2
+org.ow2.asm:asm:7.2

networking/gradle/dependency-locks/runtime.lockfile

@@ -0,0 +1,22 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotations:2.3.2
+com.google.flogger:flogger-system-backend:0.1
+com.google.flogger:flogger:0.1
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:28.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.3
+io.netty:netty-buffer:4.1.31.Final
+io.netty:netty-codec-http:4.1.31.Final
+io.netty:netty-codec:4.1.31.Final
+io.netty:netty-common:4.1.31.Final
+io.netty:netty-handler:4.1.31.Final
+io.netty:netty-resolver:4.1.31.Final
+io.netty:netty-tcnative-boringssl-static:2.0.22.Final
+io.netty:netty-transport:4.1.31.Final
+javax.inject:javax.inject:1
+org.checkerframework:checker-qual:2.8.1
+org.codehaus.mojo:animal-sniffer-annotations:1.18

networking/gradle/dependency-locks/runtimeClasspath.lockfile

@@ -0,0 +1,22 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotations:2.3.2
+com.google.flogger:flogger-system-backend:0.1
+com.google.flogger:flogger:0.1
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:28.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.3
+io.netty:netty-buffer:4.1.31.Final
+io.netty:netty-codec-http:4.1.31.Final
+io.netty:netty-codec:4.1.31.Final
+io.netty:netty-common:4.1.31.Final
+io.netty:netty-handler:4.1.31.Final
+io.netty:netty-resolver:4.1.31.Final
+io.netty:netty-tcnative-boringssl-static:2.0.22.Final
+io.netty:netty-transport:4.1.31.Final
+javax.inject:javax.inject:1
+org.checkerframework:checker-qual:2.8.1
+org.codehaus.mojo:animal-sniffer-annotations:1.18

networking/gradle/dependency-locks/testAnnotationProcessor.lockfile

@@ -0,0 +1,24 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.github.kevinstern:software-and-algorithms:1.0
+com.github.stephenc.jcip:jcip-annotations:1.0-1
+com.google.auto:auto-common:0.10
+com.google.code.findbugs:jFormatString:3.0.0
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotation:2.3.3
+com.google.errorprone:error_prone_annotations:2.3.3
+com.google.errorprone:error_prone_check_api:2.3.3
+com.google.errorprone:error_prone_core:2.3.3
+com.google.errorprone:error_prone_type_annotations:2.3.3
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:27.0.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.1
+com.google.protobuf:protobuf-java:3.4.0
+com.googlecode.java-diff-utils:diffutils:1.3.0
+org.checkerframework:checker-qual:2.5.3
+org.checkerframework:dataflow:2.5.3
+org.checkerframework:javacutil:2.5.3
+org.codehaus.mojo:animal-sniffer-annotations:1.17
+org.pcollections:pcollections:2.1.2

networking/gradle/dependency-locks/testApt.lockfile

@@ -0,0 +1,3 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.

networking/gradle/dependency-locks/testCompile.lockfile

@@ -0,0 +1,28 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.google.auto.value:auto-value-annotations:1.6.3
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotations:2.3.2
+com.google.flogger:flogger:0.1
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:28.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.3
+com.google.truth:truth:1.0
+com.googlecode.java-diff-utils:diffutils:1.3.0
+io.netty:netty-buffer:4.1.31.Final
+io.netty:netty-codec-http:4.1.31.Final
+io.netty:netty-codec:4.1.31.Final
+io.netty:netty-common:4.1.31.Final
+io.netty:netty-handler:4.1.31.Final
+io.netty:netty-resolver:4.1.31.Final
+io.netty:netty-transport:4.1.31.Final
+javax.inject:javax.inject:1
+junit:junit:4.12
+org.bouncycastle:bcpkix-jdk15on:1.61
+org.bouncycastle:bcprov-jdk15on:1.61
+org.checkerframework:checker-compat-qual:2.5.5
+org.checkerframework:checker-qual:2.8.1
+org.codehaus.mojo:animal-sniffer-annotations:1.18
+org.hamcrest:hamcrest-core:1.3

networking/gradle/dependency-locks/testCompileClasspath.lockfile

@@ -0,0 +1,28 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.google.auto.value:auto-value-annotations:1.6.3
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotations:2.3.2
+com.google.flogger:flogger:0.1
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:28.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.3
+com.google.truth:truth:1.0
+com.googlecode.java-diff-utils:diffutils:1.3.0
+io.netty:netty-buffer:4.1.31.Final
+io.netty:netty-codec-http:4.1.31.Final
+io.netty:netty-codec:4.1.31.Final
+io.netty:netty-common:4.1.31.Final
+io.netty:netty-handler:4.1.31.Final
+io.netty:netty-resolver:4.1.31.Final
+io.netty:netty-transport:4.1.31.Final
+javax.inject:javax.inject:1
+junit:junit:4.12
+org.bouncycastle:bcpkix-jdk15on:1.61
+org.bouncycastle:bcprov-jdk15on:1.61
+org.checkerframework:checker-compat-qual:2.5.5
+org.checkerframework:checker-qual:2.8.1
+org.codehaus.mojo:animal-sniffer-annotations:1.18
+org.hamcrest:hamcrest-core:1.3

networking/gradle/dependency-locks/testCompileOnly.lockfile

@@ -0,0 +1,3 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.

networking/gradle/dependency-locks/testRuntime.lockfile

@@ -0,0 +1,30 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.google.auto.value:auto-value-annotations:1.6.3
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotations:2.3.2
+com.google.flogger:flogger-system-backend:0.1
+com.google.flogger:flogger:0.1
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:28.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.3
+com.google.truth:truth:1.0
+com.googlecode.java-diff-utils:diffutils:1.3.0
+io.netty:netty-buffer:4.1.31.Final
+io.netty:netty-codec-http:4.1.31.Final
+io.netty:netty-codec:4.1.31.Final
+io.netty:netty-common:4.1.31.Final
+io.netty:netty-handler:4.1.31.Final
+io.netty:netty-resolver:4.1.31.Final
+io.netty:netty-tcnative-boringssl-static:2.0.22.Final
+io.netty:netty-transport:4.1.31.Final
+javax.inject:javax.inject:1
+junit:junit:4.12
+org.bouncycastle:bcpkix-jdk15on:1.61
+org.bouncycastle:bcprov-jdk15on:1.61
+org.checkerframework:checker-compat-qual:2.5.5
+org.checkerframework:checker-qual:2.8.1
+org.codehaus.mojo:animal-sniffer-annotations:1.18
+org.hamcrest:hamcrest-core:1.3

networking/gradle/dependency-locks/testRuntimeClasspath.lockfile

@@ -0,0 +1,30 @@
+# This is a Gradle generated file for dependency locking.
+# Manual edits can break the build and are not advised.
+# This file is expected to be part of source control.
+com.google.auto.value:auto-value-annotations:1.6.3
+com.google.code.findbugs:jsr305:3.0.2
+com.google.errorprone:error_prone_annotations:2.3.2
+com.google.flogger:flogger-system-backend:0.1
+com.google.flogger:flogger:0.1
+com.google.guava:failureaccess:1.0.1
+com.google.guava:guava:28.1-jre
+com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
+com.google.j2objc:j2objc-annotations:1.3
+com.google.truth:truth:1.0
+com.googlecode.java-diff-utils:diffutils:1.3.0
+io.netty:netty-buffer:4.1.31.Final
+io.netty:netty-codec-http:4.1.31.Final
+io.netty:netty-codec:4.1.31.Final
+io.netty:netty-common:4.1.31.Final
+io.netty:netty-handler:4.1.31.Final
+io.netty:netty-resolver:4.1.31.Final
+io.netty:netty-tcnative-boringssl-static:2.0.22.Final
+io.netty:netty-transport:4.1.31.Final
+javax.inject:javax.inject:1
+junit:junit:4.12
+org.bouncycastle:bcpkix-jdk15on:1.61
+org.bouncycastle:bcprov-jdk15on:1.61
+org.checkerframework:checker-compat-qual:2.5.5
+org.checkerframework:checker-qual:2.8.1
+org.codehaus.mojo:animal-sniffer-annotations:1.18
+org.hamcrest:hamcrest-core:1.3

networking/src/main/java/google/registry/networking/handler/SslClientInitializer.java

@@ -12,14 +12,12 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package google.registry.proxy.handler;
+package google.registry.networking.handler;
 
 import static com.google.common.base.Preconditions.checkNotNull;
-import static google.registry.proxy.Protocol.PROTOCOL_KEY;
 
 import com.google.common.annotations.VisibleForTesting;
 import com.google.common.flogger.FluentLogger;
-import google.registry.proxy.Protocol.BackendProtocol;
 import io.netty.channel.Channel;
 import io.netty.channel.ChannelHandler.Sharable;
 import io.netty.channel.ChannelInitializer;
@@ -28,7 +26,7 @@ import io.netty.handler.ssl.SslContextBuilder;
 import io.netty.handler.ssl.SslHandler;
 import io.netty.handler.ssl.SslProvider;
 import java.security.cert.X509Certificate;
-import javax.inject.Inject;
+import java.util.function.Function;
 import javax.inject.Singleton;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
@@ -46,32 +44,42 @@ public class SslClientInitializer<C extends Channel> extends ChannelInitializer<
 
   private static final FluentLogger logger = FluentLogger.forEnclosingClass();
 
+  private final Function<Channel, String> hostProvider;
+  private final Function<Channel, Integer> portProvider;
   private final SslProvider sslProvider;
   private final X509Certificate[] trustedCertificates;
 
-  @Inject
+  public SslClientInitializer(
-  public SslClientInitializer(SslProvider sslProvider) {
+      SslProvider sslProvider,
+      Function<Channel, String> hostProvider,
+      Function<Channel, Integer> portProvider) {
     // null uses the system default trust store.
-    this(sslProvider, null);
+    this(sslProvider, hostProvider, portProvider, null);
   }
 
   @VisibleForTesting
-  SslClientInitializer(SslProvider sslProvider, X509Certificate[] trustCertificates) {
+  SslClientInitializer(
+      SslProvider sslProvider,
+      Function<Channel, String> hostProvider,
+      Function<Channel, Integer> portProvider,
+      X509Certificate[] trustCertificates) {
     logger.atInfo().log("Client SSL Provider: %s", sslProvider);
     this.sslProvider = sslProvider;
+    this.hostProvider = hostProvider;
+    this.portProvider = portProvider;
     this.trustedCertificates = trustCertificates;
   }
 
   @Override
   protected void initChannel(C channel) throws Exception {
-    BackendProtocol protocol = (BackendProtocol) channel.attr(PROTOCOL_KEY).get();
+    checkNotNull(hostProvider.apply(channel), "Cannot obtain SSL host for channel: %s", channel);
-    checkNotNull(protocol, "Protocol is not set for channel: %s", channel);
+    checkNotNull(portProvider.apply(channel), "Cannot obtain SSL port for channel: %s", channel);
     SslHandler sslHandler =
         SslContextBuilder.forClient()
             .sslProvider(sslProvider)
             .trustManager(trustedCertificates)
             .build()
-            .newHandler(channel.alloc(), protocol.host(), protocol.port());
+            .newHandler(channel.alloc(), hostProvider.apply(channel), portProvider.apply(channel));
 
     // Enable hostname verification.
     SSLEngine sslEngine = sslHandler.engine();

networking/src/main/java/google/registry/networking/handler/SslServerInitializer.java

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package google.registry.proxy.handler;
+package google.registry.networking.handler;
 
 import com.google.common.flogger.FluentLogger;
 import io.netty.channel.Channel;
@@ -35,9 +35,9 @@ import java.util.function.Supplier;
  * Adds a server side SSL handler to the channel pipeline.
  *
  * <p>This <b>should</b> be the first handler provided for any handler provider list, if it is
- * provided. Unless you wish to first process the PROXY header with {@link ProxyProtocolHandler},
+ * provided. Unless you wish to first process the PROXY header with another handler, which should
- * which should come before this handler. The type parameter {@code C} is needed so that unit tests
+ * come before this handler. The type parameter {@code C} is needed so that unit tests can construct
- * can construct this handler that works with {@link EmbeddedChannel};
+ * this handler that works with {@link EmbeddedChannel};
  *
  * <p>The ssl handler added requires client authentication, but it uses an {@link
  * InsecureTrustManagerFactory}, which accepts any ssl certificate presented by the client, as long

networking/src/test/java/google/registry/networking/handler/NettyRule.java

@@ -12,18 +12,16 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package google.registry.proxy.handler;
+package google.registry.networking.handler;
 
 import static com.google.common.base.Preconditions.checkState;
 import static com.google.common.truth.Truth.assertThat;
-import static google.registry.proxy.Protocol.PROTOCOL_KEY;
 import static google.registry.testing.JUnitBackports.assertThrows;
 import static java.nio.charset.StandardCharsets.US_ASCII;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
 import com.google.common.base.Throwables;
 import com.google.common.truth.ThrowableSubject;
-import google.registry.proxy.Protocol.BackendProtocol;
 import io.netty.bootstrap.Bootstrap;
 import io.netty.bootstrap.ServerBootstrap;
 import io.netty.buffer.ByteBuf;
@@ -88,10 +86,7 @@ final class NettyRule extends ExternalResource {
   }
 
   /** Sets up a client channel connecting to the give local address. */
-  void setUpClient(
+  void setUpClient(LocalAddress localAddress, ChannelHandler handler) {
-      LocalAddress localAddress,
-      BackendProtocol protocol,
-      ChannelHandler handler) {
     checkState(echoHandler != null, "Must call setUpServer before setUpClient");
     checkState(dumpHandler == null, "Can't call setUpClient twice");
     dumpHandler = new DumpHandler();
@@ -109,8 +104,7 @@ final class NettyRule extends ExternalResource {
         new Bootstrap()
             .group(eventLoopGroup)
             .channel(LocalChannel.class)
-            .handler(clientInitializer)
+            .handler(clientInitializer);
-            .attr(PROTOCOL_KEY, protocol);
     channel = b.connect(localAddress).syncUninterruptibly().channel();
   }
 

networking/src/test/java/google/registry/networking/handler/SslClientInitializerTest.java

@@ -12,17 +12,14 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package google.registry.proxy.handler;
+package google.registry.networking.handler;
 
 import static com.google.common.truth.Truth.assertThat;
-import static google.registry.proxy.Protocol.PROTOCOL_KEY;
+import static google.registry.networking.handler.SslInitializerTestUtils.getKeyPair;
-import static google.registry.proxy.handler.SslInitializerTestUtils.getKeyPair;
+import static google.registry.networking.handler.SslInitializerTestUtils.setUpSslChannel;
-import static google.registry.proxy.handler.SslInitializerTestUtils.setUpSslChannel;
+import static google.registry.networking.handler.SslInitializerTestUtils.signKeyPair;
-import static google.registry.proxy.handler.SslInitializerTestUtils.signKeyPair;
 
-import com.google.common.collect.ImmutableList;
+import io.netty.channel.Channel;
-import google.registry.proxy.Protocol;
-import google.registry.proxy.Protocol.BackendProtocol;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelPipeline;
 import io.netty.channel.embedded.EmbeddedChannel;
@@ -40,6 +37,7 @@ import java.security.PrivateKey;
 import java.security.cert.CertPathBuilderException;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.function.Function;
 import javax.net.ssl.SSLException;
 import org.junit.Rule;
 import org.junit.Test;
@@ -68,8 +66,11 @@ public class SslClientInitializerTest {
   /** Fake port to test if the SSL engine gets the correct peer port. */
   private static final int SSL_PORT = 12345;
 
-  @Rule
+  private static final Function<Channel, String> hostProvider = channel -> SSL_HOST;
-  public NettyRule nettyRule = new NettyRule();
+
+  private static final Function<Channel, Integer> portProvider = channel -> SSL_PORT;
+
+  @Rule public NettyRule nettyRule = new NettyRule();
 
   @Parameter(0)
   public SslProvider sslProvider;
@@ -85,15 +86,6 @@ public class SslClientInitializerTest {
   /** Saves the SNI hostname received by the server, if sent by the client. */
   private String sniHostReceived;
 
-  /** Fake protocol saved in channel attribute. */
-  private static final BackendProtocol PROTOCOL =
-      Protocol.backendBuilder()
-          .name("ssl")
-          .host(SSL_HOST)
-          .port(SSL_PORT)
-          .handlerProviders(ImmutableList.of())
-          .build();
-
   private ChannelHandler getServerHandler(PrivateKey privateKey, X509Certificate certificate)
       throws Exception {
     SslContext sslContext = SslContextBuilder.forServer(privateKey, certificate).build();
@@ -107,9 +99,8 @@ public class SslClientInitializerTest {
   @Test
   public void testSuccess_swappedInitializerWithSslHandler() throws Exception {
     SslClientInitializer<EmbeddedChannel> sslClientInitializer =
-        new SslClientInitializer<>(sslProvider);
+        new SslClientInitializer<>(sslProvider, hostProvider, portProvider);
     EmbeddedChannel channel = new EmbeddedChannel();
-    channel.attr(PROTOCOL_KEY).set(PROTOCOL);
     ChannelPipeline pipeline = channel.pipeline();
     pipeline.addLast(sslClientInitializer);
     ChannelHandler firstHandler = pipeline.first();
@@ -121,9 +112,20 @@ public class SslClientInitializerTest {
   }
 
   @Test
-  public void testSuccess_protocolAttributeNotSet() {
+  public void testSuccess_nullHost() {
     SslClientInitializer<EmbeddedChannel> sslClientInitializer =
-        new SslClientInitializer<>(sslProvider);
+        new SslClientInitializer<>(sslProvider, channel -> null, portProvider);
+    EmbeddedChannel channel = new EmbeddedChannel();
+    ChannelPipeline pipeline = channel.pipeline();
+    pipeline.addLast(sslClientInitializer);
+    // Channel initializer swallows error thrown, and closes the connection.
+    assertThat(channel.isActive()).isFalse();
+  }
+
+  @Test
+  public void testSuccess_nullPort() {
+    SslClientInitializer<EmbeddedChannel> sslClientInitializer =
+        new SslClientInitializer<>(sslProvider, hostProvider, channel -> null);
     EmbeddedChannel channel = new EmbeddedChannel();
     ChannelPipeline pipeline = channel.pipeline();
     pipeline.addLast(sslClientInitializer);
@@ -138,8 +140,8 @@ public class SslClientInitializerTest {
         new LocalAddress("DEFAULT_TRUST_MANAGER_REJECT_SELF_SIGNED_CERT_" + sslProvider);
     nettyRule.setUpServer(localAddress, getServerHandler(ssc.key(), ssc.cert()));
     SslClientInitializer<LocalChannel> sslClientInitializer =
-        new SslClientInitializer<>(sslProvider);
+        new SslClientInitializer<>(sslProvider, hostProvider, portProvider);
-    nettyRule.setUpClient(localAddress, PROTOCOL, sslClientInitializer);
+    nettyRule.setUpClient(localAddress, sslClientInitializer);
     // The connection is now terminated, both the client side and the server side should get
     // exceptions.
     nettyRule.assertThatClientRootCause().isInstanceOf(CertPathBuilderException.class);
@@ -165,8 +167,9 @@ public class SslClientInitializerTest {
 
     // Set up the client to trust the self signed cert used to sign the cert that server provides.
     SslClientInitializer<LocalChannel> sslClientInitializer =
-        new SslClientInitializer<>(sslProvider, new X509Certificate[] {ssc.cert()});
+        new SslClientInitializer<>(
-    nettyRule.setUpClient(localAddress, PROTOCOL, sslClientInitializer);
+            sslProvider, hostProvider, portProvider, new X509Certificate[] {ssc.cert()});
+    nettyRule.setUpClient(localAddress, sslClientInitializer);
 
     setUpSslChannel(nettyRule.getChannel(), cert);
     nettyRule.assertThatMessagesWork();
@@ -193,8 +196,9 @@ public class SslClientInitializerTest {
 
     // Set up the client to trust the self signed cert used to sign the cert that server provides.
     SslClientInitializer<LocalChannel> sslClientInitializer =
-        new SslClientInitializer<>(sslProvider, new X509Certificate[] {ssc.cert()});
+        new SslClientInitializer<>(
-    nettyRule.setUpClient(localAddress, PROTOCOL, sslClientInitializer);
+            sslProvider, hostProvider, portProvider, new X509Certificate[] {ssc.cert()});
+    nettyRule.setUpClient(localAddress, sslClientInitializer);
 
     // When the client rejects the server cert due to wrong hostname, both the client and server
     // should throw exceptions.

networking/src/test/java/google/registry/networking/handler/SslInitializerTestUtils.java

@@ -12,7 +12,7 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package google.registry.proxy.handler;
+package google.registry.networking.handler;
 
 import static com.google.common.truth.Truth.assertThat;
 
@@ -31,18 +31,21 @@ import java.util.Date;
 import javax.net.ssl.SSLSession;
 import javax.security.auth.x500.X500Principal;
 import org.bouncycastle.jce.provider.BouncyCastleProvider;
+import org.bouncycastle.x509.X509V3CertificateGenerator;
 
 /**
  * Utility class that provides methods used by {@link SslClientInitializerTest} and {@link
  * SslServerInitializerTest}.
  */
 @SuppressWarnings("deprecation")
-public class SslInitializerTestUtils {
+public final class SslInitializerTestUtils {
 
   static {
     Security.addProvider(new BouncyCastleProvider());
   }
 
+  private SslInitializerTestUtils() {}
+
   public static KeyPair getKeyPair() throws Exception {
     KeyPairGenerator keyPairGenerator = KeyPairGenerator.getInstance("RSA", "BC");
     keyPairGenerator.initialize(2048, new SecureRandom());
@@ -56,8 +59,7 @@ public class SslInitializerTestUtils {
    */
   public static X509Certificate signKeyPair(
       SelfSignedCertificate ssc, KeyPair keyPair, String hostname) throws Exception {
-    org.bouncycastle.x509.X509V3CertificateGenerator certGen =
+    X509V3CertificateGenerator certGen = new X509V3CertificateGenerator();
-        new org.bouncycastle.x509.X509V3CertificateGenerator();
     X500Principal dnName = new X500Principal("CN=" + hostname);
     certGen.setSerialNumber(BigInteger.valueOf(System.currentTimeMillis()));
     certGen.setSubjectDN(dnName);
@@ -76,10 +78,7 @@ public class SslInitializerTestUtils {
    * @param certs The certificate that the server should provide.
    * @return The SSL session in current channel, can be used for further validation.
    */
-  static SSLSession setUpSslChannel(
+  static SSLSession setUpSslChannel(Channel channel, X509Certificate... certs) throws Exception {
-      Channel channel,
-      X509Certificate... certs)
-      throws Exception {
     SslHandler sslHandler = channel.pipeline().get(SslHandler.class);
     // Wait till the handshake is complete.
     sslHandler.handshakeFuture().get();

networking/src/test/java/google/registry/networking/handler/SslServerInitializerTest.java

@@ -12,17 +12,14 @@
 // See the License for the specific language governing permissions and
 // limitations under the License.
 
-package google.registry.proxy.handler;
+package google.registry.networking.handler;
 
 import static com.google.common.truth.Truth.assertThat;
-import static google.registry.proxy.handler.SslInitializerTestUtils.getKeyPair;
+import static google.registry.networking.handler.SslInitializerTestUtils.getKeyPair;
-import static google.registry.proxy.handler.SslInitializerTestUtils.setUpSslChannel;
+import static google.registry.networking.handler.SslInitializerTestUtils.setUpSslChannel;
-import static google.registry.proxy.handler.SslInitializerTestUtils.signKeyPair;
+import static google.registry.networking.handler.SslInitializerTestUtils.signKeyPair;
 
 import com.google.common.base.Suppliers;
-import com.google.common.collect.ImmutableList;
-import google.registry.proxy.Protocol;
-import google.registry.proxy.Protocol.BackendProtocol;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.ChannelInitializer;
 import io.netty.channel.ChannelPipeline;
@@ -70,17 +67,7 @@ public class SslServerInitializerTest {
   /** Fake port to test if the SSL engine gets the correct peer port. */
   private static final int SSL_PORT = 12345;
 
-  /** Fake protocol saved in channel attribute. */
+  @Rule public NettyRule nettyRule = new NettyRule();
-  private static final BackendProtocol PROTOCOL =
-      Protocol.backendBuilder()
-          .name("ssl")
-          .host(SSL_HOST)
-          .port(SSL_PORT)
-          .handlerProviders(ImmutableList.of())
-          .build();
-
-  @Rule
-  public NettyRule nettyRule = new NettyRule();
 
   @Parameter(0)
   public SslProvider sslProvider;
@@ -107,26 +94,25 @@ public class SslServerInitializerTest {
   }
 
   private ChannelHandler getClientHandler(
-      X509Certificate trustedCertificate,
+      X509Certificate trustedCertificate, PrivateKey privateKey, X509Certificate certificate) {
-      PrivateKey privateKey,
-      X509Certificate certificate) {
     return new ChannelInitializer<LocalChannel>() {
       @Override
       protected void initChannel(LocalChannel ch) throws Exception {
-      SslContextBuilder sslContextBuilder =
+        SslContextBuilder sslContextBuilder =
-          SslContextBuilder.forClient().trustManager(trustedCertificate).sslProvider(sslProvider);
+            SslContextBuilder.forClient().trustManager(trustedCertificate).sslProvider(sslProvider);
-      if (privateKey != null && certificate != null) {
+        if (privateKey != null && certificate != null) {
-        sslContextBuilder.keyManager(privateKey, certificate);
+          sslContextBuilder.keyManager(privateKey, certificate);
-      }
+        }
-      SslHandler sslHandler = sslContextBuilder.build().newHandler(ch.alloc(), SSL_HOST, SSL_PORT);
+        SslHandler sslHandler =
+            sslContextBuilder.build().newHandler(ch.alloc(), SSL_HOST, SSL_PORT);
 
-      // Enable hostname verification.
+        // Enable hostname verification.
-      SSLEngine sslEngine = sslHandler.engine();
+        SSLEngine sslEngine = sslHandler.engine();
-      SSLParameters sslParameters = sslEngine.getSSLParameters();
+        SSLParameters sslParameters = sslEngine.getSSLParameters();
-      sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
+        sslParameters.setEndpointIdentificationAlgorithm("HTTPS");
-      sslEngine.setSSLParameters(sslParameters);
+        sslEngine.setSSLParameters(sslParameters);
 
-      ch.pipeline().addLast(sslHandler);
+        ch.pipeline().addLast(sslHandler);
       }
     };
   }
@@ -158,9 +144,7 @@ public class SslServerInitializerTest {
     nettyRule.setUpServer(localAddress, getServerHandler(serverSsc.key(), serverSsc.cert()));
     SelfSignedCertificate clientSsc = new SelfSignedCertificate();
     nettyRule.setUpClient(
-        localAddress,
+        localAddress, getClientHandler(serverSsc.cert(), clientSsc.key(), clientSsc.cert()));
-        PROTOCOL,
-        getClientHandler(serverSsc.cert(), clientSsc.key(), clientSsc.cert()));
 
     SSLSession sslSession = setUpSslChannel(nettyRule.getChannel(), serverSsc.cert());
     nettyRule.assertThatMessagesWork();
@@ -177,11 +161,8 @@ public class SslServerInitializerTest {
     SelfSignedCertificate serverSsc = new SelfSignedCertificate(SSL_HOST);
     LocalAddress localAddress = new LocalAddress("DOES_NOT_REQUIRE_CLIENT_CERT_" + sslProvider);
 
-    nettyRule.setUpServer(
+    nettyRule.setUpServer(localAddress, getServerHandler(false, serverSsc.key(), serverSsc.cert()));
-        localAddress,
+    nettyRule.setUpClient(localAddress, getClientHandler(serverSsc.cert(), null, null));
-        getServerHandler(false, serverSsc.key(), serverSsc.cert()));
-    nettyRule.setUpClient(
-        localAddress, PROTOCOL, getClientHandler(serverSsc.cert(), null, null));
 
     SSLSession sslSession = setUpSslChannel(nettyRule.getChannel(), serverSsc.cert());
     nettyRule.assertThatMessagesWork();
@@ -211,10 +192,9 @@ public class SslServerInitializerTest {
     SelfSignedCertificate clientSsc = new SelfSignedCertificate();
     nettyRule.setUpClient(
         localAddress,
-        PROTOCOL,
+        getClientHandler(
-            getClientHandler(
+            // Client trusts the CA cert
-                // Client trusts the CA cert
+            caSsc.cert(), clientSsc.key(), clientSsc.cert()));
-                caSsc.cert(), clientSsc.key(), clientSsc.cert()));
 
     SSLSession sslSession = setUpSslChannel(nettyRule.getChannel(), serverCert, caSsc.cert());
     nettyRule.assertThatMessagesWork();
@@ -234,7 +214,6 @@ public class SslServerInitializerTest {
     nettyRule.setUpServer(localAddress, getServerHandler(serverSsc.key(), serverSsc.cert()));
     nettyRule.setUpClient(
         localAddress,
-        PROTOCOL,
         getClientHandler(
             serverSsc.cert(),
             // No client cert/private key used.
@@ -256,9 +235,7 @@ public class SslServerInitializerTest {
     nettyRule.setUpServer(localAddress, getServerHandler(serverSsc.key(), serverSsc.cert()));
     SelfSignedCertificate clientSsc = new SelfSignedCertificate();
     nettyRule.setUpClient(
-        localAddress,
+        localAddress, getClientHandler(serverSsc.cert(), clientSsc.key(), clientSsc.cert()));
-        PROTOCOL,
-        getClientHandler(serverSsc.cert(), clientSsc.key(), clientSsc.cert()));
 
     // When the client rejects the server cert due to wrong hostname, both the server and the client
     // throw exceptions.

proxy/build.gradle

@@ -64,6 +64,7 @@ dependencies {
   compile deps['joda-time:joda-time']
   compile deps['org.bouncycastle:bcpkix-jdk15on']
   compile deps['org.bouncycastle:bcprov-jdk15on']
+  compile project(':networking')
   compile project(':util')
 
   runtime deps['com.google.flogger:flogger-system-backend']
@@ -77,6 +78,7 @@ dependencies {
   testCompile deps['org.mockito:mockito-core']
   testCompile project(':third_party')
   testCompile project(path: ':core', configuration: 'testRuntime')
+  testCompile project(path: ':networking', configuration: 'testRuntime')
 
   // Include auto-value in compile until nebula-lint understands
   // annotationProcessor

proxy/gradle/dependency-locks/compile.lockfile

@@ -17,6 +17,7 @@ com.google.code.findbugs:jsr305:3.0.2
 com.google.code.gson:gson:2.8.5
 com.google.dagger:dagger:2.21
 com.google.errorprone:error_prone_annotations:2.3.2
+com.google.flogger:flogger-system-backend:0.1
 com.google.flogger:flogger:0.1
 com.google.guava:failureaccess:1.0.1
 com.google.guava:guava:28.1-jre
@@ -38,6 +39,7 @@ io.netty:netty-codec:4.1.31.Final
 io.netty:netty-common:4.1.31.Final
 io.netty:netty-handler:4.1.31.Final
 io.netty:netty-resolver:4.1.31.Final
+io.netty:netty-tcnative-boringssl-static:2.0.22.Final
 io.netty:netty-transport:4.1.31.Final
 io.opencensus:opencensus-api:0.21.0
 io.opencensus:opencensus-contrib-http-util:0.21.0

proxy/gradle/dependency-locks/compileClasspath.lockfile

@@ -17,6 +17,7 @@ com.google.code.findbugs:jsr305:3.0.2
 com.google.code.gson:gson:2.8.5
 com.google.dagger:dagger:2.21
 com.google.errorprone:error_prone_annotations:2.3.2
+com.google.flogger:flogger-system-backend:0.1
 com.google.flogger:flogger:0.1
 com.google.guava:failureaccess:1.0.1
 com.google.guava:guava:28.1-jre
@@ -38,6 +39,7 @@ io.netty:netty-codec:4.1.31.Final
 io.netty:netty-common:4.1.31.Final
 io.netty:netty-handler:4.1.31.Final
 io.netty:netty-resolver:4.1.31.Final
+io.netty:netty-tcnative-boringssl-static:2.0.22.Final
 io.netty:netty-transport:4.1.31.Final
 io.opencensus:opencensus-api:0.21.0
 io.opencensus:opencensus-contrib-http-util:0.21.0

proxy/gradle/dependency-locks/testCompile.lockfile

@@ -164,7 +164,7 @@ io.netty:netty-common:4.1.31.Final
 io.netty:netty-handler-proxy:4.1.30.Final
 io.netty:netty-handler:4.1.31.Final
 io.netty:netty-resolver:4.1.31.Final
-io.netty:netty-tcnative-boringssl-static:2.0.17.Final
+io.netty:netty-tcnative-boringssl-static:2.0.22.Final
 io.netty:netty-transport:4.1.31.Final
 io.opencensus:opencensus-api:0.21.0
 io.opencensus:opencensus-contrib-grpc-metrics:0.17.0

proxy/gradle/dependency-locks/testCompileClasspath.lockfile

@@ -152,7 +152,7 @@ io.netty:netty-common:4.1.31.Final
 io.netty:netty-handler-proxy:4.1.30.Final
 io.netty:netty-handler:4.1.31.Final
 io.netty:netty-resolver:4.1.31.Final
-io.netty:netty-tcnative-boringssl-static:2.0.17.Final
+io.netty:netty-tcnative-boringssl-static:2.0.22.Final
 io.netty:netty-transport:4.1.31.Final
 io.opencensus:opencensus-api:0.21.0
 io.opencensus:opencensus-contrib-grpc-metrics:0.17.0

proxy/src/main/java/google/registry/proxy/EppProtocolModule.java

@@ -20,6 +20,7 @@ import com.google.common.collect.ImmutableList;
 import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoSet;
+import google.registry.networking.handler.SslServerInitializer;
 import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol;
 import google.registry.proxy.Protocol.BackendProtocol;
 import google.registry.proxy.Protocol.FrontendProtocol;
@@ -28,7 +29,6 @@ import google.registry.proxy.handler.FrontendMetricsHandler;
 import google.registry.proxy.handler.ProxyProtocolHandler;
 import google.registry.proxy.handler.QuotaHandler.EppQuotaHandler;
 import google.registry.proxy.handler.RelayHandler.FullHttpRequestRelayHandler;
-import google.registry.proxy.handler.SslServerInitializer;
 import google.registry.proxy.metric.FrontendMetrics;
 import google.registry.proxy.quota.QuotaConfig;
 import google.registry.proxy.quota.QuotaManager;
@@ -150,11 +150,7 @@ public class EppProtocolModule {
       FrontendMetrics metrics,
       ProxyConfig config) {
     return new EppServiceHandler(
-        config.epp.relayHost,
+        config.epp.relayHost, config.epp.relayPath, accessTokenSupplier, helloBytes, metrics);
-        config.epp.relayPath,
-        accessTokenSupplier,
-        helloBytes,
-        metrics);
   }
 
   @Singleton

proxy/src/main/java/google/registry/proxy/HttpsRelayProtocolModule.java

@@ -17,15 +17,16 @@ package google.registry.proxy;
 import com.google.common.collect.ImmutableList;
 import dagger.Module;
 import dagger.Provides;
+import google.registry.networking.handler.SslClientInitializer;
 import google.registry.proxy.Protocol.BackendProtocol;
 import google.registry.proxy.handler.BackendMetricsHandler;
 import google.registry.proxy.handler.RelayHandler.FullHttpResponseRelayHandler;
-import google.registry.proxy.handler.SslClientInitializer;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.socket.nio.NioSocketChannel;
 import io.netty.handler.codec.http.HttpClientCodec;
 import io.netty.handler.codec.http.HttpObjectAggregator;
 import io.netty.handler.logging.LoggingHandler;
+import io.netty.handler.ssl.SslProvider;
 import java.security.cert.X509Certificate;
 import javax.annotation.Nullable;
 import javax.inject.Provider;
@@ -58,10 +59,21 @@ public class HttpsRelayProtocolModule {
         .handlerProviders(handlerProviders);
   }
 
+  @Provides
+  @HttpsRelayProtocol
+  static SslClientInitializer<NioSocketChannel> provideSslClientInitializer(
+      SslProvider sslProvider) {
+    return new SslClientInitializer<>(
+        sslProvider,
+        channel -> ((BackendProtocol) channel.attr(Protocol.PROTOCOL_KEY).get()).host(),
+        channel -> channel.attr(Protocol.PROTOCOL_KEY).get().port());
+  }
+
   @Provides
   @HttpsRelayProtocol
   static ImmutableList<Provider<? extends ChannelHandler>> provideHandlerProviders(
-      Provider<SslClientInitializer<NioSocketChannel>> sslClientInitializerProvider,
+      @HttpsRelayProtocol
+          Provider<SslClientInitializer<NioSocketChannel>> sslClientInitializerProvider,
       Provider<HttpClientCodec> httpClientCodecProvider,
       Provider<HttpObjectAggregator> httpObjectAggregatorProvider,
       Provider<BackendMetricsHandler> backendMetricsHandlerProvider,

proxy/src/main/java/google/registry/proxy/WebWhoisProtocolsModule.java

@@ -18,8 +18,8 @@ import com.google.common.collect.ImmutableList;
 import dagger.Module;
 import dagger.Provides;
 import dagger.multibindings.IntoSet;
+import google.registry.networking.handler.SslServerInitializer;
 import google.registry.proxy.Protocol.FrontendProtocol;
-import google.registry.proxy.handler.SslServerInitializer;
 import google.registry.proxy.handler.WebWhoisRedirectHandler;
 import io.netty.channel.ChannelHandler;
 import io.netty.channel.socket.nio.NioSocketChannel;

proxy/src/main/java/google/registry/proxy/handler/EppServiceHandler.java

@@ -16,8 +16,8 @@ package google.registry.proxy.handler;
 
 import static com.google.common.base.Preconditions.checkArgument;
 import static com.google.common.base.Preconditions.checkNotNull;
+import static google.registry.networking.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY;
 import static google.registry.proxy.handler.ProxyProtocolHandler.REMOTE_ADDRESS_KEY;
-import static google.registry.proxy.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY;
 import static google.registry.util.X509Utils.getCertificateHash;
 
 import com.google.common.flogger.FluentLogger;

proxy/src/test/java/google/registry/proxy/CertificateModuleTest.java

@@ -15,8 +15,8 @@
 package google.registry.proxy;
 
 import static com.google.common.truth.Truth.assertThat;
-import static google.registry.proxy.handler.SslInitializerTestUtils.getKeyPair;
+import static google.registry.networking.handler.SslInitializerTestUtils.getKeyPair;
-import static google.registry.proxy.handler.SslInitializerTestUtils.signKeyPair;
+import static google.registry.networking.handler.SslInitializerTestUtils.signKeyPair;
 import static google.registry.testing.JUnitBackports.assertThrows;
 import static java.nio.charset.StandardCharsets.UTF_8;
 
@@ -60,7 +60,7 @@ public class CertificateModuleTest {
   }
 
   /** Create a component with bindings to the given bytes[] as the contents from a PEM file. */
-  private TestComponent createComponent(byte[] pemBytes) {
+  private static TestComponent createComponent(byte[] pemBytes) {
     return DaggerCertificateModuleTest_TestComponent.builder()
         .pemBytesModule(new PemBytesModule(pemBytes))
         .build();

proxy/src/test/java/google/registry/proxy/EppProtocolModuleTest.java

@@ -15,8 +15,8 @@
 package google.registry.proxy;
 
 import static com.google.common.truth.Truth.assertThat;
+import static google.registry.networking.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY;
 import static google.registry.proxy.handler.ProxyProtocolHandler.REMOTE_ADDRESS_KEY;
-import static google.registry.proxy.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY;
 import static google.registry.testing.JUnitBackports.assertThrows;
 import static google.registry.util.ResourceUtils.readResourceBytes;
 import static google.registry.util.X509Utils.getCertificateHash;

proxy/src/test/java/google/registry/proxy/ProtocolModuleTest.java

@@ -25,6 +25,8 @@ import com.google.common.util.concurrent.MoreExecutors;
 import dagger.Component;
 import dagger.Module;
 import dagger.Provides;
+import google.registry.networking.handler.SslClientInitializer;
+import google.registry.networking.handler.SslServerInitializer;
 import google.registry.proxy.EppProtocolModule.EppProtocol;
 import google.registry.proxy.HealthCheckProtocolModule.HealthCheckProtocol;
 import google.registry.proxy.HttpsRelayProtocolModule.HttpsRelayProtocol;
@@ -38,8 +40,6 @@ import google.registry.proxy.handler.QuotaHandler.EppQuotaHandler;
 import google.registry.proxy.handler.QuotaHandler.WhoisQuotaHandler;
 import google.registry.proxy.handler.RelayHandler.FullHttpRequestRelayHandler;
 import google.registry.proxy.handler.RelayHandler.FullHttpResponseRelayHandler;
-import google.registry.proxy.handler.SslClientInitializer;
-import google.registry.proxy.handler.SslServerInitializer;
 import google.registry.proxy.handler.WebWhoisRedirectHandler;
 import google.registry.testing.FakeClock;
 import google.registry.util.Clock;

proxy/src/test/java/google/registry/proxy/handler/EppServiceHandlerTest.java

@@ -15,10 +15,10 @@
 package google.registry.proxy.handler;
 
 import static com.google.common.truth.Truth.assertThat;
+import static google.registry.networking.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY;
 import static google.registry.proxy.TestUtils.assertHttpRequestEquivalent;
 import static google.registry.proxy.TestUtils.makeEppHttpResponse;
 import static google.registry.proxy.handler.ProxyProtocolHandler.REMOTE_ADDRESS_KEY;
-import static google.registry.proxy.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY;
 import static google.registry.testing.JUnitBackports.assertThrows;
 import static google.registry.util.X509Utils.getCertificateHash;
 import static java.nio.charset.StandardCharsets.UTF_8;

settings.gradle

@@ -29,6 +29,7 @@ rootProject.name = 'nomulus'
 
 include 'core'
 include 'db'
+include 'networking'
 include 'prober'
 include 'proxy'
 include 'third_party'