Daggerize TMCH/signed mark util classes

This allows them to support injectable configuration. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=143709052
2025-06-27 14:54:51 +02:00 · 2017-01-05 14:26:18 -08:00 · 2017-01-05 14:26:18 -08:00 · c05424b947
commit c05424b947
parent 534e3ba01c
19 changed files with 242 additions and 165 deletions
--- a/java/google/registry/tmch/TmchCertificateAuthority.java
+++ b/java/google/registry/tmch/TmchCertificateAuthority.java
@ -14,13 +14,13 @@

 package google.registry.tmch;

-import static com.google.common.base.Throwables.propagateIfInstanceOf;
-import static google.registry.util.CacheUtils.memoizeWithLongExpiration;
-import static google.registry.util.CacheUtils.memoizeWithShortExpiration;
 import static google.registry.util.ResourceUtils.readResourceUtf8;
-import static google.registry.util.X509Utils.loadCrl;
+import static java.util.concurrent.TimeUnit.MILLISECONDS;

-import com.google.common.base.Supplier;
+import com.google.common.cache.CacheBuilder;
+import com.google.common.cache.CacheLoader;
+import com.google.common.cache.LoadingCache;
+import google.registry.config.ConfigModule.Config;
 import google.registry.config.RegistryEnvironment;
 import google.registry.model.tmch.TmchCrl;
 import google.registry.util.Clock;
@ -30,10 +30,18 @@ import google.registry.util.X509Utils;
 import java.security.GeneralSecurityException;
 import java.security.cert.X509CRL;
 import java.security.cert.X509Certificate;
+import java.util.concurrent.ExecutionException;
 import javax.annotation.concurrent.Immutable;
 import javax.annotation.concurrent.ThreadSafe;
+import javax.inject.Inject;

-/** Datastore singleton for ICANN's TMCH root certificate and revocation list. */
+/**
+ * Helper methods for accessing ICANN's TMCH root certificate and revocation list.
+ *
+ * <p>There are two CRLs, a real one for the production environment and a testing one for
+ * non-production environments. The Datastore singleton {@link TmchCrl} entity is used to cache this
+ * CRL once loaded and will always contain the proper one corresponding to the environment.
+ */
@Immutable
@ThreadSafe
 public final class TmchCertificateAuthority {
@ -45,45 +53,70 @@ public final class TmchCertificateAuthority {
  private static final String CRL_FILE = "icann-tmch.crl";
  private static final String TEST_CRL_FILE = "icann-tmch-test.crl";

-  /**
-   * A cached supplier that loads the crl from datastore or chooses a default value.
-   *
-   * <p>We keep the cache here rather than caching TmchCrl in the model, because loading the crl
-   * string into an X509CRL instance is expensive and should itself be cached.
-   */
-  private static final Supplier<X509CRL> CRL_CACHE =
-      memoizeWithShortExpiration(new Supplier<X509CRL>() {
-        @Override
-        public X509CRL get() {
-          TmchCrl storedCrl = TmchCrl.get();
-          try {
-            X509CRL crl = loadCrl((storedCrl == null)
-                ? readResourceUtf8(
-                    TmchCertificateAuthority.class,
-                    ENVIRONMENT.config().getTmchCaTestingMode() ? TEST_CRL_FILE : CRL_FILE)
-                : storedCrl.getCrl());
-            crl.verify(getRoot().getPublicKey());
-            return crl;
-          } catch (GeneralSecurityException e) {
-            throw new RuntimeException(e);
-          }
-        }});
+  private boolean tmchCaTestingMode;

-  /** A cached function that loads the crt from a jar resource. */
-  private static final Supplier<X509Certificate> ROOT_CACHE =
-      memoizeWithLongExpiration(new Supplier<X509Certificate>() {
-        @Override
-        public X509Certificate get() {
-          try {
-            X509Certificate root = X509Utils.loadCertificate(readResourceUtf8(
-                TmchCertificateAuthority.class,
-                ENVIRONMENT.config().getTmchCaTestingMode() ? TEST_ROOT_CRT_FILE : ROOT_CRT_FILE));
-            root.checkValidity(clock.nowUtc().toDate());
-            return root;
-          } catch (GeneralSecurityException e) {
-            throw new RuntimeException(e);
-          }
-        }});
+  public @Inject TmchCertificateAuthority(@Config("tmchCaTestingMode") boolean tmchCaTestingMode) {
+    this.tmchCaTestingMode = tmchCaTestingMode;
+  }
+
+  /**
+   * A cached supplier that loads the CRL from Datastore or chooses a default value.
+   *
+   * <p>We keep the cache here rather than caching TmchCrl in the model, because loading the CRL
+   * string into an X509CRL instance is expensive and should itself be cached.
+   *
+   * <p>Note that the stored CRL won't exist for tests, and on deployed environments will always
+   * correspond to the correct CRL for the given testing mode because {@link TmchCrlAction} can
+   * only persist the correct one for this given environment.
+   */
+  private static final LoadingCache<Boolean, X509CRL> CRL_CACHE =
+      CacheBuilder.newBuilder()
+          .expireAfterWrite(
+              ENVIRONMENT.config().getSingletonCacheRefreshDuration().getMillis(), MILLISECONDS)
+          .build(
+              new CacheLoader<Boolean, X509CRL>() {
+                @Override
+                public X509CRL load(final Boolean tmchCaTestingMode)
+                    throws GeneralSecurityException {
+                  TmchCrl storedCrl = TmchCrl.get();
+                  try {
+                    String crlContents;
+                    if (storedCrl == null) {
+                      String file = tmchCaTestingMode.booleanValue() ? TEST_CRL_FILE : CRL_FILE;
+                      crlContents = readResourceUtf8(TmchCertificateAuthority.class, file);
+                    } else {
+                      crlContents = storedCrl.getCrl();
+                    }
+                    X509CRL crl = X509Utils.loadCrl(crlContents);
+                    crl.verify(ROOT_CACHE.get(tmchCaTestingMode).getPublicKey());
+                    return crl;
+                  } catch (ExecutionException e) {
+                    if (e.getCause() instanceof GeneralSecurityException) {
+                      throw (GeneralSecurityException) e.getCause();
+                    } else {
+                      throw new RuntimeException("Unexpected exception while loading CRL", e);
+                    }
+                  }
+                }});
+
+  /** A cached function that loads the CRT from a jar resource. */
+  private static final LoadingCache<Boolean, X509Certificate> ROOT_CACHE =
+      CacheBuilder.newBuilder()
+          .expireAfterWrite(
+              ENVIRONMENT.config().getSingletonCachePersistDuration().getMillis(), MILLISECONDS)
+          .build(
+              new CacheLoader<Boolean, X509Certificate>() {
+                @Override
+                public X509Certificate load(final Boolean tmchCaTestingMode)
+                    throws GeneralSecurityException {
+                  String file =
+                      tmchCaTestingMode.booleanValue() ? TEST_ROOT_CRT_FILE : ROOT_CRT_FILE;
+                  X509Certificate root =
+                      X509Utils.loadCertificate(
+                          readResourceUtf8(TmchCertificateAuthority.class, file));
+                  root.checkValidity(clock.nowUtc().toDate());
+                  return root;
+                }});

  @NonFinalForTesting
  private static Clock clock = new SystemClock();
@ -97,14 +130,14 @@ public final class TmchCertificateAuthority {
   *         incorrect keys, and for invalid, old, not-yet-valid or revoked certificates.
   * @see X509Utils#verifyCertificate
   */
-  public static void verify(X509Certificate cert) throws GeneralSecurityException {
+  public void verify(X509Certificate cert) throws GeneralSecurityException {
    synchronized (TmchCertificateAuthority.class) {
      X509Utils.verifyCertificate(getRoot(), getCrl(), cert, clock.nowUtc().toDate());
    }
  }

  /**
-   * Update to the latest TMCH X.509 certificate revocation list and save to the datastore.
+   * Update to the latest TMCH X.509 certificate revocation list and save it to Datastore.
   *
   * <p>Your ASCII-armored CRL must be signed by the current ICANN root certificate.
   *
@ -115,27 +148,35 @@ public final class TmchCertificateAuthority {
   *         incorrect keys, and for invalid, old, not-yet-valid or revoked certificates.
   * @see X509Utils#verifyCrl
   */
-  public static void updateCrl(String asciiCrl) throws GeneralSecurityException {
+  public void updateCrl(String asciiCrl, String url) throws GeneralSecurityException {
    X509CRL crl = X509Utils.loadCrl(asciiCrl);
    X509Utils.verifyCrl(getRoot(), getCrl(), crl, clock.nowUtc().toDate());
-    TmchCrl.set(asciiCrl);
+    TmchCrl.set(asciiCrl, url);
  }

-  public static X509Certificate getRoot() throws GeneralSecurityException {
+  public X509Certificate getRoot() throws GeneralSecurityException {
    try {
-      return ROOT_CACHE.get();
-    } catch (RuntimeException e) {
-      propagateIfInstanceOf(e.getCause(), GeneralSecurityException.class);
-      throw e;
+      return ROOT_CACHE.get(tmchCaTestingMode);
+    } catch (Exception e) {
+      if (e.getCause() instanceof GeneralSecurityException) {
+        throw (GeneralSecurityException) e.getCause();
+      } else if (e instanceof RuntimeException) {
+        throw (RuntimeException) e;
+      }
+      throw new RuntimeException(e);
    }
  }

-  public static X509CRL getCrl() throws GeneralSecurityException {
+  public X509CRL getCrl() throws GeneralSecurityException {
    try {
-      return CRL_CACHE.get();
-    } catch (RuntimeException e) {
-      propagateIfInstanceOf(e.getCause(), GeneralSecurityException.class);
-      throw e;
+      return CRL_CACHE.get(tmchCaTestingMode);
+    } catch (Exception e) {
+      if (e.getCause() instanceof GeneralSecurityException) {
+        throw (GeneralSecurityException) e.getCause();
+      } else if (e instanceof RuntimeException) {
+        throw (RuntimeException) e;
+      }
+      throw new RuntimeException(e);
    }
  }
 }