mirror of
https://github.com/google/nomulus.git
synced 2025-05-15 00:47:11 +02:00
Replace KeystoreKeyring with KmsKeystore comparison
Replace KeystoreKeyring with ComparatorKeyring between KeystoreKeyring and KmsKeystore. In the opensource version, will replace DummyKeyring with KmsKeyring directly. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=152893767
This commit is contained in:
guyben
Ben McIlwain
parent
dea386d08a
commit
ab515cb352
16 changed files with 94 additions and 36 deletions
|
|
@ -52,7 +52,6 @@ java_library(
|
|||
"//java/google/registry/request",
|
||||
"//java/google/registry/request:modules",
|
||||
"//java/google/registry/security",
|
||||
"//java/google/registry/tldconfig/idn",
|
||||
"//java/google/registry/tmch",
|
||||
"//java/google/registry/tools/params",
|
||||
"//java/google/registry/tools/server",
|
||||
|
|
|
|||
|
|
@ -38,6 +38,7 @@ import java.io.OutputStream;
|
|||
import java.nio.file.Files;
|
||||
import java.nio.file.Path;
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Provider;
|
||||
import org.bouncycastle.bcpg.ArmoredOutputStream;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPKeyPair;
|
||||
|
|
@ -54,8 +55,8 @@ final class EscrowDepositEncryptor {
|
|||
@Inject RydePgpFileOutputStreamFactory pgpFileFactory;
|
||||
@Inject RydePgpSigningOutputStreamFactory pgpSigningFactory;
|
||||
@Inject RydeTarOutputStreamFactory tarFactory;
|
||||
@Inject @Key("rdeSigningKey") PGPKeyPair rdeSigningKey;
|
||||
@Inject @Key("rdeReceiverKey") PGPPublicKey rdeReceiverKey;
|
||||
@Inject @Key("rdeSigningKey") Provider<PGPKeyPair> rdeSigningKey;
|
||||
@Inject @Key("rdeReceiverKey") Provider<PGPPublicKey> rdeReceiverKey;
|
||||
@Inject EscrowDepositEncryptor() {}
|
||||
|
||||
/** Creates a {@code .ryde} and {@code .sig} file, provided an XML deposit file. */
|
||||
|
|
@ -68,12 +69,12 @@ final class EscrowDepositEncryptor {
|
|||
Path rydePath = outdir.resolve(name + ".ryde");
|
||||
Path sigPath = outdir.resolve(name + ".sig");
|
||||
Path pubPath = outdir.resolve(tld + ".pub");
|
||||
PGPKeyPair signingKey = rdeSigningKey;
|
||||
PGPKeyPair signingKey = rdeSigningKey.get();
|
||||
try (OutputStream rydeOutput = Files.newOutputStream(rydePath);
|
||||
RydePgpSigningOutputStream signLayer =
|
||||
pgpSigningFactory.create(rydeOutput, signingKey)) {
|
||||
try (RydePgpEncryptionOutputStream encryptLayer =
|
||||
pgpEncryptionFactory.create(signLayer, rdeReceiverKey);
|
||||
pgpEncryptionFactory.create(signLayer, rdeReceiverKey.get());
|
||||
RydePgpCompressionOutputStream compressLayer =
|
||||
pgpCompressionFactory.create(encryptLayer);
|
||||
RydePgpFileOutputStream fileLayer =
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@ import com.beust.jcommander.Parameters;
|
|||
import com.google.common.io.ByteStreams;
|
||||
import google.registry.keyring.api.KeyModule.Key;
|
||||
import google.registry.rde.Ghostryde;
|
||||
import google.registry.tools.Command.RemoteApiCommand;
|
||||
import google.registry.tools.params.PathParameter;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
|
|
@ -32,6 +33,7 @@ import java.nio.file.Path;
|
|||
import java.nio.file.Paths;
|
||||
import java.nio.file.attribute.FileTime;
|
||||
import javax.inject.Inject;
|
||||
import javax.inject.Provider;
|
||||
import org.bouncycastle.openpgp.PGPException;
|
||||
import org.bouncycastle.openpgp.PGPPrivateKey;
|
||||
import org.bouncycastle.openpgp.PGPPublicKey;
|
||||
|
|
@ -39,7 +41,7 @@ import org.joda.time.DateTime;
|
|||
|
||||
/** Command to encrypt/decrypt {@code .ghostryde} files. */
|
||||
@Parameters(separators = " =", commandDescription = "Encrypt/decrypt a ghostryde file.")
|
||||
final class GhostrydeCommand implements Command {
|
||||
final class GhostrydeCommand implements RemoteApiCommand {
|
||||
|
||||
@Parameter(
|
||||
names = {"-e", "--encrypt"},
|
||||
|
|
@ -71,11 +73,11 @@ final class GhostrydeCommand implements Command {
|
|||
|
||||
@Inject
|
||||
@Key("rdeStagingEncryptionKey")
|
||||
PGPPublicKey rdeStagingEncryptionKey;
|
||||
Provider<PGPPublicKey> rdeStagingEncryptionKey;
|
||||
|
||||
@Inject
|
||||
@Key("rdeStagingDecryptionKey")
|
||||
PGPPrivateKey rdeStagingDecryptionKey;
|
||||
Provider<PGPPrivateKey> rdeStagingDecryptionKey;
|
||||
|
||||
@Override
|
||||
public final void run() throws Exception {
|
||||
|
|
@ -93,7 +95,7 @@ final class GhostrydeCommand implements Command {
|
|||
: output;
|
||||
try (OutputStream out = Files.newOutputStream(outFile);
|
||||
Ghostryde.Encryptor encryptor =
|
||||
ghostryde.openEncryptor(out, rdeStagingEncryptionKey);
|
||||
ghostryde.openEncryptor(out, rdeStagingEncryptionKey.get());
|
||||
Ghostryde.Compressor kompressor = ghostryde.openCompressor(encryptor);
|
||||
Ghostryde.Output ghostOutput =
|
||||
ghostryde.openOutput(kompressor, input.getFileName().toString(),
|
||||
|
|
@ -106,7 +108,7 @@ final class GhostrydeCommand implements Command {
|
|||
private void runDecrypt() throws IOException, PGPException {
|
||||
try (InputStream in = Files.newInputStream(input);
|
||||
Ghostryde.Decryptor decryptor =
|
||||
ghostryde.openDecryptor(in, rdeStagingDecryptionKey);
|
||||
ghostryde.openDecryptor(in, rdeStagingDecryptionKey.get());
|
||||
Ghostryde.Decompressor decompressor = ghostryde.openDecompressor(decryptor);
|
||||
Ghostryde.Input ghostInput = ghostryde.openInput(decompressor)) {
|
||||
Path outFile = Files.isDirectory(output)
|
||||
|
|
|
|||
|
|
@ -19,12 +19,13 @@ import google.registry.config.RegistryConfig.ConfigModule;
|
|||
import google.registry.dns.writer.VoidDnsWriterModule;
|
||||
import google.registry.dns.writer.clouddns.CloudDnsWriterModule;
|
||||
import google.registry.dns.writer.dnsupdate.DnsUpdateWriterModule;
|
||||
import google.registry.keyring.api.DummyKeyringModule;
|
||||
import google.registry.keyring.api.KeyModule;
|
||||
import google.registry.keyring.kms.KeyringModule;
|
||||
import google.registry.keyring.kms.KmsModule;
|
||||
import google.registry.rde.RdeModule;
|
||||
import google.registry.request.Modules.AppIdentityCredentialModule;
|
||||
import google.registry.request.Modules.DatastoreServiceModule;
|
||||
import google.registry.request.Modules.GoogleCredentialModule;
|
||||
import google.registry.request.Modules.Jackson2Module;
|
||||
import google.registry.request.Modules.ModulesServiceModule;
|
||||
import google.registry.request.Modules.URLFetchServiceModule;
|
||||
|
|
@ -55,9 +56,10 @@ import javax.inject.Singleton;
|
|||
DefaultRequestFactoryModule.class,
|
||||
DefaultRequestFactoryModule.RequestFactoryModule.class,
|
||||
DnsUpdateWriterModule.class,
|
||||
DummyKeyringModule.class,
|
||||
GoogleCredentialModule.class,
|
||||
Jackson2Module.class,
|
||||
KeyModule.class,
|
||||
KeyringModule.class,
|
||||
KmsModule.class,
|
||||
ModulesServiceModule.class,
|
||||
RdeModule.class,
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue