Expose encrypted data from the keyring

This makes it possible to request the encrypted data directly in application code. It will be used to download service account credential during "nomulus login".

-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=222847905

java/google/registry/keyring/api/InMemoryKeyring.java

@@ -149,6 +149,12 @@ public final class InMemoryKeyring implements Keyring {
     return jsonCredential;
   }
 
+  @Override
+  public String getEncryptedData(String keyName) {
+    throw new RuntimeException(
+        "In-memory keyring does not support the retrieval of encrypted data.");
+  }
+
   /** Does nothing. */
   @Override
   public void close() {}

java/google/registry/keyring/api/KeyModule.java

@@ -20,6 +20,8 @@ import dagger.Module;
 import dagger.Provides;
 import java.lang.annotation.Documented;
 import java.util.Optional;
+import java.util.function.Function;
+import javax.inject.Named;
 import javax.inject.Qualifier;
 import org.bouncycastle.openpgp.PGPKeyPair;
 import org.bouncycastle.openpgp.PGPPrivateKey;
@@ -126,4 +128,10 @@ public final class KeyModule {
   static String provideJsonCredential(Keyring keyring) {
     return keyring.getJsonCredential();
   }
+
+  @Provides
+  @Named("encryptedDataRetriever")
+  static Function<String, String> provideEncryptedDataRetriever(Keyring keyring) {
+    return keyring::getEncryptedData;
+  }
 }

java/google/registry/keyring/api/Keyring.java

@@ -156,6 +156,12 @@ public interface Keyring extends AutoCloseable {
    */
   String getJsonCredential();
 
+  /**
+   * Returns the encrypted data for the given key name. Only use this method when decryption is not
+   * required.
+   */
+  String getEncryptedData(String keyName);
+
   // Don't throw so try-with-resources works better.
   @Override
   void close();