diff --git a/java/google/registry/tmch/TmchXmlSignature.java b/java/google/registry/tmch/TmchXmlSignature.java index 64f882328..8a9d1188a 100644 --- a/java/google/registry/tmch/TmchXmlSignature.java +++ b/java/google/registry/tmch/TmchXmlSignature.java @@ -56,7 +56,7 @@ import org.xml.sax.SAXException; /** Helper class for verifying TMCH certificates and XML signatures. */ @ThreadSafe -public final class TmchXmlSignature { +public class TmchXmlSignature { @VisibleForTesting final TmchCertificateAuthority tmchCertificateAuthority; diff --git a/javatests/google/registry/flows/EppCommitLogsTest.java b/javatests/google/registry/flows/EppCommitLogsTest.java index 6685167f4..ae4f2913b 100644 --- a/javatests/google/registry/flows/EppCommitLogsTest.java +++ b/javatests/google/registry/flows/EppCommitLogsTest.java @@ -25,7 +25,6 @@ import static org.joda.time.DateTimeZone.UTC; import static org.joda.time.Duration.standardDays; import com.googlecode.objectify.Key; -import google.registry.config.RegistryConfig.ConfigModule.TmchCaMode; import google.registry.flows.EppTestComponent.FakesAndMocksModule; import google.registry.model.domain.DomainResource; import google.registry.model.ofy.Ofy; @@ -74,8 +73,7 @@ public class EppCommitLogsTest extends ShardableTestCase { sessionMetadata.setClientId("TheRegistrar"); DaggerEppTestComponent.builder() .fakesAndMocksModule( - FakesAndMocksModule.create( - clock, TmchCaMode.PILOT, EppMetric.builderForRequest("request-id-1", clock))) + FakesAndMocksModule.create(clock, EppMetric.builderForRequest("request-id-1", clock))) .build() .startRequest() .flowComponentBuilder() diff --git a/javatests/google/registry/flows/EppTestCase.java b/javatests/google/registry/flows/EppTestCase.java index 327dd4832..6610807d9 100644 --- a/javatests/google/registry/flows/EppTestCase.java +++ b/javatests/google/registry/flows/EppTestCase.java @@ -23,7 +23,6 @@ import static javax.servlet.http.HttpServletResponse.SC_OK; import static org.joda.time.DateTimeZone.UTC; import com.google.common.net.MediaType; -import google.registry.config.RegistryConfig.ConfigModule.TmchCaMode; import google.registry.flows.EppTestComponent.FakesAndMocksModule; import google.registry.model.ofy.Ofy; import google.registry.monitoring.whitebox.EppMetric; @@ -118,7 +117,7 @@ public class EppTestCase extends ShardableTestCase { handler.response = response; eppMetricBuilder = EppMetric.builderForRequest("request-id-1", clock); handler.eppController = DaggerEppTestComponent.builder() - .fakesAndMocksModule(FakesAndMocksModule.create(clock, TmchCaMode.PILOT, eppMetricBuilder)) + .fakesAndMocksModule(FakesAndMocksModule.create(clock, eppMetricBuilder)) .build() .startRequest() .eppController(); diff --git a/javatests/google/registry/flows/EppTestComponent.java b/javatests/google/registry/flows/EppTestComponent.java index cad904756..707aeaaf5 100644 --- a/javatests/google/registry/flows/EppTestComponent.java +++ b/javatests/google/registry/flows/EppTestComponent.java @@ -63,15 +63,23 @@ interface EppTestComponent { public static FakesAndMocksModule create() { FakeClock clock = new FakeClock(); - return create(clock, TmchCaMode.PILOT, EppMetric.builderForRequest("request-id-1", clock)); + return create(clock, EppMetric.builderForRequest("request-id-1", clock)); + } + + public static FakesAndMocksModule create(FakeClock clock, EppMetric.Builder metricBuilder) { + return create( + clock, + metricBuilder, + new TmchXmlSignature(new TmchCertificateAuthority(TmchCaMode.PILOT))); } public static FakesAndMocksModule create( - FakeClock clock, TmchCaMode tmchCaMode, EppMetric.Builder eppMetricBuilder) { + FakeClock clock, + EppMetric.Builder eppMetricBuilder, + TmchXmlSignature tmchXmlSignature) { FakesAndMocksModule instance = new FakesAndMocksModule(); instance.clock = clock; - instance.domainFlowTmchUtils = - new DomainFlowTmchUtils(new TmchXmlSignature(new TmchCertificateAuthority(tmchCaMode))); + instance.domainFlowTmchUtils = new DomainFlowTmchUtils(tmchXmlSignature); instance.sleeper = new FakeSleeper(clock); instance.dnsQueue = DnsQueue.create(); instance.metricBuilder = eppMetricBuilder; diff --git a/javatests/google/registry/flows/FlowTestCase.java b/javatests/google/registry/flows/FlowTestCase.java index d6920d16e..e48a73f9c 100644 --- a/javatests/google/registry/flows/FlowTestCase.java +++ b/javatests/google/registry/flows/FlowTestCase.java @@ -56,6 +56,8 @@ import google.registry.testing.FakeHttpSession; import google.registry.testing.InjectRule; import google.registry.testing.ShardableTestCase; import google.registry.testing.TestDataHelper; +import google.registry.tmch.TmchCertificateAuthority; +import google.registry.tmch.TmchXmlSignature; import google.registry.util.TypeUtils.TypeInstantiator; import google.registry.xml.ValidationMode; import java.util.List; @@ -98,6 +100,7 @@ public abstract class FlowTestCase extends ShardableTestCase { protected FakeClock clock = new FakeClock(DateTime.now(UTC)); protected TransportCredentials credentials = new PasswordOnlyTransportCredentials(); protected EppRequestSource eppRequestSource = EppRequestSource.UNIT_TEST; + protected TmchXmlSignature testTmchXmlSignature = null; private EppMetric.Builder eppMetricBuilder; @@ -288,10 +291,12 @@ public abstract class FlowTestCase extends ShardableTestCase { assertThat(FlowPicker.getFlowClass(eppLoader.getEpp())) .isEqualTo(new TypeInstantiator(getClass()){}.getExactType()); // Run the flow. + TmchXmlSignature tmchXmlSignature = + testTmchXmlSignature != null + ? testTmchXmlSignature + : new TmchXmlSignature(new TmchCertificateAuthority(tmchCaMode)); return DaggerEppTestComponent.builder() - .fakesAndMocksModule( - FakesAndMocksModule.create( - clock, tmchCaMode, EppMetric.builderForRequest("request-id-1", clock))) + .fakesAndMocksModule(FakesAndMocksModule.create(clock, eppMetricBuilder, tmchXmlSignature)) .build() .startRequest() .flowComponentBuilder() diff --git a/javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java b/javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java index 27893067f..ca01e75b4 100644 --- a/javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java +++ b/javatests/google/registry/flows/domain/DomainApplicationCreateFlowTest.java @@ -126,6 +126,8 @@ import google.registry.model.reporting.HistoryEntry; import google.registry.model.smd.SignedMarkRevocationList; import google.registry.testing.DatastoreHelper; import google.registry.tmch.TmchCertificateAuthority; +import google.registry.tmch.TmchXmlSignature; +import java.security.GeneralSecurityException; import java.util.Collections; import java.util.Comparator; import java.util.List; @@ -134,7 +136,6 @@ import org.joda.money.Money; import org.joda.time.DateTime; import org.joda.time.Interval; import org.junit.Before; -import org.junit.Ignore; import org.junit.Test; /** Unit tests for {@link DomainApplicationCreateFlow}. */ @@ -291,13 +292,19 @@ public class DomainApplicationCreateFlowTest } @Test - @Ignore("I'm not sure how to get this to throw without creating a custom CA / certs") public void testFailure_signedMarkCertificateCorrupt() throws Exception { useTmchProdCert(); createTld("tld", TldState.SUNRUSH); setEppInput("domain_create_sunrush_encoded_signed_mark_certificate_corrupt.xml"); persistContactsAndHosts(); clock.advanceOneMilli(); + // It's hard to make the real verification code throw a GeneralSecurityException. Instead, + // replace the TmchXmlSignature with a stub that throws it for us. + this.testTmchXmlSignature = new TmchXmlSignature(null) { + @Override + public void verify(byte[] smdXml) throws GeneralSecurityException { + throw new GeneralSecurityException(); + }}; thrown.expect(SignedMarkCertificateInvalidException.class); runFlow(); }