mirror of
https://github.com/google/nomulus.git
synced 2025-08-03 16:32:11 +02:00
Use enum instead of boolean for TMCH CA mode
Also more narrowly scopes a catch block in TmchCertificateAuthority. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=144744847
This commit is contained in:
parent
0dbaa8e5bc
commit
a28e0b3ff7
13 changed files with 90 additions and 73 deletions
|
@ -25,6 +25,7 @@ import static org.joda.time.DateTimeZone.UTC;
|
|||
import static org.joda.time.Duration.standardDays;
|
||||
|
||||
import com.googlecode.objectify.Key;
|
||||
import google.registry.config.RegistryConfig.ConfigModule.TmchCaMode;
|
||||
import google.registry.flows.EppTestComponent.FakesAndMocksModule;
|
||||
import google.registry.model.domain.DomainResource;
|
||||
import google.registry.model.ofy.Ofy;
|
||||
|
@ -71,7 +72,7 @@ public class EppCommitLogsTest extends ShardableTestCase {
|
|||
SessionMetadata sessionMetadata = new HttpSessionMetadata(new FakeHttpSession());
|
||||
sessionMetadata.setClientId("TheRegistrar");
|
||||
DaggerEppTestComponent.builder()
|
||||
.fakesAndMocksModule(new FakesAndMocksModule(clock, true))
|
||||
.fakesAndMocksModule(new FakesAndMocksModule(clock, TmchCaMode.PILOT))
|
||||
.build()
|
||||
.startRequest()
|
||||
.flowComponentBuilder()
|
||||
|
|
|
@ -23,6 +23,7 @@ import static javax.servlet.http.HttpServletResponse.SC_OK;
|
|||
import static org.joda.time.DateTimeZone.UTC;
|
||||
|
||||
import com.google.common.net.MediaType;
|
||||
import google.registry.config.RegistryConfig.ConfigModule.TmchCaMode;
|
||||
import google.registry.flows.EppTestComponent.FakesAndMocksModule;
|
||||
import google.registry.model.ofy.Ofy;
|
||||
import google.registry.testing.FakeClock;
|
||||
|
@ -114,7 +115,7 @@ public class EppTestCase extends ShardableTestCase {
|
|||
FakeResponse response = new FakeResponse();
|
||||
handler.response = response;
|
||||
handler.eppController = DaggerEppTestComponent.builder()
|
||||
.fakesAndMocksModule(new FakesAndMocksModule(clock, true))
|
||||
.fakesAndMocksModule(new FakesAndMocksModule(clock, TmchCaMode.PILOT))
|
||||
.build()
|
||||
.startRequest()
|
||||
.eppController();
|
||||
|
|
|
@ -22,6 +22,7 @@ import dagger.Module;
|
|||
import dagger.Provides;
|
||||
import dagger.Subcomponent;
|
||||
import google.registry.config.RegistryConfig.ConfigModule;
|
||||
import google.registry.config.RegistryConfig.ConfigModule.TmchCaMode;
|
||||
import google.registry.dns.DnsQueue;
|
||||
import google.registry.flows.custom.CustomLogicFactory;
|
||||
import google.registry.flows.custom.TestCustomLogicFactory;
|
||||
|
@ -61,14 +62,13 @@ interface EppTestComponent {
|
|||
final Sleeper sleeper;
|
||||
|
||||
FakesAndMocksModule() {
|
||||
this(new FakeClock(), true);
|
||||
this(new FakeClock(), TmchCaMode.PILOT);
|
||||
}
|
||||
|
||||
FakesAndMocksModule(FakeClock clock, boolean tmchCaTestingMode) {
|
||||
FakesAndMocksModule(FakeClock clock, TmchCaMode tmchCaMode) {
|
||||
this.clock = clock;
|
||||
this.domainFlowTmchUtils =
|
||||
new DomainFlowTmchUtils(
|
||||
new TmchXmlSignature(new TmchCertificateAuthority(tmchCaTestingMode)));
|
||||
new DomainFlowTmchUtils(new TmchXmlSignature(new TmchCertificateAuthority(tmchCaMode)));
|
||||
this.sleeper = new FakeSleeper(clock);
|
||||
this.dnsQueue = DnsQueue.create();
|
||||
this.metricBuilder = EppMetric.builderForRequest("request-id-1", clock);
|
||||
|
|
|
@ -33,6 +33,7 @@ import com.google.common.collect.ImmutableMap;
|
|||
import com.google.common.collect.ImmutableSet;
|
||||
import com.google.common.collect.Iterables;
|
||||
import com.google.common.collect.Maps;
|
||||
import google.registry.config.RegistryConfig.ConfigModule.TmchCaMode;
|
||||
import google.registry.flows.EppTestComponent.FakesAndMocksModule;
|
||||
import google.registry.flows.picker.FlowPicker;
|
||||
import google.registry.model.billing.BillingEvent;
|
||||
|
@ -277,7 +278,7 @@ public abstract class FlowTestCase<F extends Flow> extends ShardableTestCase {
|
|||
.isEqualTo(new TypeInstantiator<F>(getClass()){}.getExactType());
|
||||
// Run the flow.
|
||||
return DaggerEppTestComponent.builder()
|
||||
.fakesAndMocksModule(new FakesAndMocksModule(clock, tmchCaTestingMode))
|
||||
.fakesAndMocksModule(new FakesAndMocksModule(clock, tmchCaMode))
|
||||
.build()
|
||||
.startRequest()
|
||||
.flowComponentBuilder()
|
||||
|
@ -339,10 +340,10 @@ public abstract class FlowTestCase<F extends Flow> extends ShardableTestCase {
|
|||
return output;
|
||||
}
|
||||
|
||||
private boolean tmchCaTestingMode = true;
|
||||
private TmchCaMode tmchCaMode = TmchCaMode.PILOT;
|
||||
|
||||
protected void useTmchProdCert() {
|
||||
tmchCaTestingMode = false;
|
||||
tmchCaMode = TmchCaMode.PRODUCTION;
|
||||
}
|
||||
|
||||
public EppOutput dryRunFlowAssertResponse(String xml, String... ignoredPaths) throws Exception {
|
||||
|
|
|
@ -17,6 +17,7 @@ java_library(
|
|||
"testdata/*/*/*",
|
||||
]),
|
||||
deps = [
|
||||
"//java/google/registry/config",
|
||||
"//java/google/registry/model",
|
||||
"//java/google/registry/request",
|
||||
"//java/google/registry/tmch",
|
||||
|
|
|
@ -14,6 +14,8 @@
|
|||
|
||||
package google.registry.tmch;
|
||||
|
||||
import static google.registry.config.RegistryConfig.ConfigModule.TmchCaMode.PILOT;
|
||||
import static google.registry.config.RegistryConfig.ConfigModule.TmchCaMode.PRODUCTION;
|
||||
import static google.registry.tmch.TmchTestData.loadString;
|
||||
import static google.registry.util.ResourceUtils.readResourceUtf8;
|
||||
import static google.registry.util.X509Utils.loadCertificate;
|
||||
|
@ -61,7 +63,7 @@ public class TmchCertificateAuthorityTest {
|
|||
|
||||
@Test
|
||||
public void testFailure_prodRootExpired() throws Exception {
|
||||
TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(false);
|
||||
TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(PRODUCTION);
|
||||
clock.setTo(DateTime.parse("2024-01-01T00:00:00Z"));
|
||||
thrown.expectRootCause(
|
||||
CertificateExpiredException.class, "NotAfter: Sun Jul 23 23:59:59 UTC 2023");
|
||||
|
@ -70,7 +72,7 @@ public class TmchCertificateAuthorityTest {
|
|||
|
||||
@Test
|
||||
public void testFailure_prodRootNotYetValid() throws Exception {
|
||||
TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(false);
|
||||
TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(PRODUCTION);
|
||||
clock.setTo(DateTime.parse("2000-01-01T00:00:00Z"));
|
||||
thrown.expectRootCause(CertificateNotYetValidException.class,
|
||||
"NotBefore: Wed Jul 24 00:00:00 UTC 2013");
|
||||
|
@ -80,7 +82,7 @@ public class TmchCertificateAuthorityTest {
|
|||
@Test
|
||||
public void testFailure_crlDoesntMatchCerts() throws Exception {
|
||||
// Use the prod cl, which won't match our test certificate.
|
||||
TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(true);
|
||||
TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(PILOT);
|
||||
TmchCrl.set(
|
||||
readResourceUtf8(TmchCertificateAuthority.class, "icann-tmch.crl"), "http://cert.crl");
|
||||
thrown.expectRootCause(SignatureException.class, "Signature does not match");
|
||||
|
@ -89,20 +91,20 @@ public class TmchCertificateAuthorityTest {
|
|||
|
||||
@Test
|
||||
public void testSuccess_verify() throws Exception {
|
||||
TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(true);
|
||||
TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(PILOT);
|
||||
tmchCertificateAuthority.verify(loadCertificate(GOOD_TEST_CERTIFICATE));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_verifySignatureDoesntMatch() throws Exception {
|
||||
TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(false);
|
||||
TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(PRODUCTION);
|
||||
thrown.expectRootCause(SignatureException.class, "Signature does not match");
|
||||
tmchCertificateAuthority.verify(loadCertificate(GOOD_TEST_CERTIFICATE));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_verifyRevoked() throws Exception {
|
||||
TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(true);
|
||||
TmchCertificateAuthority tmchCertificateAuthority = new TmchCertificateAuthority(PILOT);
|
||||
thrown.expect(CertificateRevokedException.class, "revoked, reason: KEY_COMPROMISE");
|
||||
tmchCertificateAuthority.verify(loadCertificate(REVOKED_TEST_CERTIFICATE));
|
||||
}
|
||||
|
|
|
@ -19,6 +19,7 @@ import static google.registry.util.ResourceUtils.readResourceBytes;
|
|||
import static org.mockito.Mockito.verify;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
import google.registry.config.RegistryConfig.ConfigModule.TmchCaMode;
|
||||
import java.net.MalformedURLException;
|
||||
import java.net.URL;
|
||||
import java.security.SignatureException;
|
||||
|
@ -30,10 +31,10 @@ import org.junit.Test;
|
|||
/** Unit tests for {@link TmchCrlAction}. */
|
||||
public class TmchCrlActionTest extends TmchActionTestCase {
|
||||
|
||||
private TmchCrlAction newTmchCrlAction(boolean tmchCaTestingMode) throws MalformedURLException {
|
||||
private TmchCrlAction newTmchCrlAction(TmchCaMode tmchCaMode) throws MalformedURLException {
|
||||
TmchCrlAction action = new TmchCrlAction();
|
||||
action.marksdb = marksdb;
|
||||
action.tmchCertificateAuthority = new TmchCertificateAuthority(tmchCaTestingMode);
|
||||
action.tmchCertificateAuthority = new TmchCertificateAuthority(tmchCaMode);
|
||||
action.tmchCrlUrl = new URL("http://sloth.lol/tmch.crl");
|
||||
return action;
|
||||
}
|
||||
|
@ -43,7 +44,7 @@ public class TmchCrlActionTest extends TmchActionTestCase {
|
|||
clock.setTo(DateTime.parse("2013-07-24TZ"));
|
||||
when(httpResponse.getContent()).thenReturn(
|
||||
readResourceBytes(TmchCertificateAuthority.class, "icann-tmch.crl").read());
|
||||
newTmchCrlAction(false).run();
|
||||
newTmchCrlAction(TmchCaMode.PRODUCTION).run();
|
||||
verify(httpResponse).getContent();
|
||||
verify(fetchService).fetch(httpRequest.capture());
|
||||
assertThat(httpRequest.getValue().getURL().toString()).isEqualTo("http://sloth.lol/tmch.crl");
|
||||
|
@ -53,8 +54,12 @@ public class TmchCrlActionTest extends TmchActionTestCase {
|
|||
public void testFailure_crlTooOld() throws Exception {
|
||||
clock.setTo(DateTime.parse("2020-01-01TZ"));
|
||||
when(httpResponse.getContent()).thenReturn(
|
||||
readResourceBytes(TmchCertificateAuthority.class, "icann-tmch-test.crl").read());
|
||||
TmchCrlAction action = newTmchCrlAction(false);
|
||||
readResourceBytes(TmchCertificateAuthority.class, "icann-tmch-pilot.crl").read());
|
||||
// We use the pilot CRL here only because we know that it was generated more recently than the
|
||||
// production CRL, and thus attempting to replace it with the production CRL will fail. It
|
||||
// doesn't matter that the wrong CRT would be used to verify it because that check happens after
|
||||
// the age check.
|
||||
TmchCrlAction action = newTmchCrlAction(TmchCaMode.PRODUCTION);
|
||||
thrown.expectRootCause(CRLException.class, "New CRL is more out of date than our current CRL.");
|
||||
action.run();
|
||||
}
|
||||
|
@ -65,15 +70,15 @@ public class TmchCrlActionTest extends TmchActionTestCase {
|
|||
when(httpResponse.getContent()).thenReturn(
|
||||
readResourceBytes(TmchCertificateAuthority.class, "icann-tmch.crl").read());
|
||||
thrown.expectRootCause(SignatureException.class, "Signature does not match.");
|
||||
newTmchCrlAction(true).run();
|
||||
newTmchCrlAction(TmchCaMode.PILOT).run();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_crlNotYetValid() throws Exception {
|
||||
clock.setTo(DateTime.parse("1984-01-01TZ"));
|
||||
when(httpResponse.getContent()).thenReturn(
|
||||
readResourceBytes(TmchCertificateAuthority.class, "icann-tmch-test.crl").read());
|
||||
readResourceBytes(TmchCertificateAuthority.class, "icann-tmch-pilot.crl").read());
|
||||
thrown.expectRootCause(CertificateNotYetValidException.class);
|
||||
newTmchCrlAction(true).run();
|
||||
newTmchCrlAction(TmchCaMode.PILOT).run();
|
||||
}
|
||||
}
|
||||
|
|
|
@ -16,6 +16,7 @@ package google.registry.tmch;
|
|||
|
||||
import static google.registry.tmch.TmchTestData.loadSmd;
|
||||
|
||||
import google.registry.config.RegistryConfig.ConfigModule.TmchCaMode;
|
||||
import google.registry.testing.AppEngineRule;
|
||||
import google.registry.testing.ExceptionRule;
|
||||
import google.registry.testing.FakeClock;
|
||||
|
@ -58,11 +59,11 @@ public class TmchXmlSignatureTest {
|
|||
@Before
|
||||
public void before() throws Exception {
|
||||
inject.setStaticField(TmchCertificateAuthority.class, "clock", clock);
|
||||
tmchXmlSignature = new TmchXmlSignature(new TmchCertificateAuthority(true));
|
||||
tmchXmlSignature = new TmchXmlSignature(new TmchCertificateAuthority(TmchCaMode.PILOT));
|
||||
}
|
||||
|
||||
public void wrongCertificateAuthority() throws Exception {
|
||||
tmchXmlSignature = new TmchXmlSignature(new TmchCertificateAuthority(false));
|
||||
tmchXmlSignature = new TmchXmlSignature(new TmchCertificateAuthority(TmchCaMode.PRODUCTION));
|
||||
smdData = loadSmd("active/Court-Agent-Arabic-Active.smd");
|
||||
thrown.expectRootCause(SignatureException.class, "Signature does not match");
|
||||
tmchXmlSignature.verify(smdData);
|
||||
|
|
|
@ -15,6 +15,7 @@
|
|||
package google.registry.tools;
|
||||
|
||||
import static com.google.common.io.BaseEncoding.base64;
|
||||
import static google.registry.config.RegistryConfig.ConfigModule.TmchCaMode.PILOT;
|
||||
import static google.registry.model.ofy.ObjectifyService.ofy;
|
||||
import static google.registry.testing.DatastoreHelper.createTld;
|
||||
import static google.registry.testing.DatastoreHelper.newDomainApplication;
|
||||
|
@ -69,7 +70,7 @@ public class UpdateSmdCommandTest extends CommandTestCase<UpdateSmdCommand> {
|
|||
.setEncodedSignedMarks(ImmutableList.of(EncodedSignedMark.create("base64", "garbage")))
|
||||
.build());
|
||||
command.tmchUtils =
|
||||
new DomainFlowTmchUtils(new TmchXmlSignature(new TmchCertificateAuthority(true)));
|
||||
new DomainFlowTmchUtils(new TmchXmlSignature(new TmchCertificateAuthority(PILOT)));
|
||||
}
|
||||
|
||||
private DomainApplication reloadDomainApplication() {
|
||||
|
|
Loading…
Add table
Add a link
Reference in a new issue