From c4f1be4baa5a1e2acda9cc3d9b646c1f7f4c8941 Mon Sep 17 00:00:00 2001 From: Hans Ridder Date: Thu, 8 Mar 2018 09:30:46 -0800 Subject: [PATCH] Partially fix errors when using DummyKeyringModule This fixes a few problems encountered when building and running according to the Install Guide using the DummyKeyring. It's still failing when trying to parse the JSON credential, which I haven't solved, but before proceeding I wanted to get agreement that it needs to be fixed at all since the best we could do is provide a valid format (as with the PGP keyrings), but the metrics logging will still fail for a different reason (i.e. the credential will not work for the GC project). Things fixed in this PR: Fix format string causing MissingFormatArgumentException in FrontendServlet when keyring fails to load. Include exception cause in VerifyException in PgpHelper. Replace dummy PGP keyrings with ones without a password, as code expects. Document how the PGP keyrings are created. P.S. I see a tab character snuck into PgpHelper. I'll fix that if you're interested in this PR. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=188342973 --- .../keyring/api/DummyKeyringModule.java | 25 +++++++- .../registry/keyring/api/PgpHelper.java | 2 +- .../keyring/api/pgp-private-keyring.asc | 61 +++++++++---------- .../keyring/api/pgp-public-keyring.asc | 33 +++++----- 4 files changed, 70 insertions(+), 51 deletions(-) diff --git a/java/google/registry/keyring/api/DummyKeyringModule.java b/java/google/registry/keyring/api/DummyKeyringModule.java index b9212c20f..e0a99682e 100644 --- a/java/google/registry/keyring/api/DummyKeyringModule.java +++ b/java/google/registry/keyring/api/DummyKeyringModule.java @@ -42,6 +42,29 @@ import org.bouncycastle.openpgp.bc.BcPGPSecretKeyRingCollection; * with all attempted outgoing connections failing because the supplied dummy credentials aren't * valid. For a real system that needs to connect with external services, you should replace this * module with one that loads real credentials from secure sources. + * + *

The dummy PGP keyrings are created using gnupg1/pgp1 roughly like the following (using + * gnupg2/pgp2 is an exercise left for the developer): + * + * 

{@code
+ * # mkdir gpg
+ * # chmod 700 gpg
+ * # gpg1 --homedir gpg --gen-key <<
  */
 @Module
 @Immutable
@@ -56,7 +79,7 @@ public final class DummyKeyringModule {
       Resources.asByteSource(getResource(InMemoryKeyring.class, "pgp-private-keyring.asc"));
 
   /** The email address of the aforementioned PGP key. */
-  private static final String EMAIL_ADDRESS = "domain-registry-users@googlegroups.com";
+  private static final String EMAIL_ADDRESS = "test-registry@example.com";
 
   /** Always returns a {@link InMemoryKeyring} instance. */
   @Provides
diff --git a/java/google/registry/keyring/api/PgpHelper.java b/java/google/registry/keyring/api/PgpHelper.java
index 7a98a2cf9..15a59efcf 100644
--- a/java/google/registry/keyring/api/PgpHelper.java
+++ b/java/google/registry/keyring/api/PgpHelper.java
@@ -117,7 +117,7 @@ public final class PgpHelper {
           new BcPBESecretKeyDecryptorBuilder(new BcPGPDigestCalculatorProvider())
               .build(new char[0]));
     } catch (PGPException e) {
-      throw new VerifyException(e.getMessage());
+      throw new VerifyException(String.format("Could not load PGP private key for: %s", query), e);
     }
     return new PGPKeyPair(publicKey, privateKey);
   }
diff --git a/java/google/registry/keyring/api/pgp-private-keyring.asc b/java/google/registry/keyring/api/pgp-private-keyring.asc
index ebaf595c2..0b738f9c3 100644
--- a/java/google/registry/keyring/api/pgp-private-keyring.asc
+++ b/java/google/registry/keyring/api/pgp-private-keyring.asc
@@ -1,35 +1,32 @@
 -----BEGIN PGP PRIVATE KEY BLOCK-----
-Version: GnuPG v1
 
-lQH+BFfPBakBBACTKn8ZPbKVyafxVOnFh9n9Xb0DIA2ph8oTw8p5ObJpzZ/bx/Bx
-eIMs5KjiZu6yr+SQAkDbokDwlFTVIVESvkxYPeHVn9vnW01T4nlQ2/4ezAqjNuGl
-7B61Kl50JMprgZo+VvbRhzYWYcZclZDNO9axyphWuIFarMgdDl8TC0IuKwARAQAB
-/gMDAiNREMtdTajUYJnvE5MXiUAwkiGYLgWeHu9/v+jzpKCpOFCzJpkQHRM4FoUC
-tb/PuWzMT/b6ZpxsiK2bjZ0MzQGUHfHGJfyqJQBRKblmHIemS2xlXzBnqU5znlUs
-IFptSNUo6Qen3Oxlr4y4ArRKpMAYAjRP0prJDE5A/Za7AuChyDWZhLFu39iVer1c
-9FJlkIGMfPWNzJEfqJnsO7IyszwbpEMbHtz3mCeYQn4E+S4RO6g4GsIkaVUcFvkL
-ATpmcnYvWlaRlWLkv8GTVBdTmHRb9/NGEhbrwfCN1vnjfi9iPVFpdmy9g5+zyh+6
-fQEXa/a5JhKwzYfsvBGjOIworikhN8+OmLKS7ww2hB3wHa1JtEodjbBv6UqZk8+i
-bMBXqCiR1oL9hll5XeOxwrfdmoye6bkzgawA0MXNnXHJRm6pl9rZkXo9SHPenQLJ
-Cqs5DNYKmNJg13ZIJdVdprT5nALCMuxMESsN6nKM7wrStDhEb21haW4gUmVnaXN0
-cnkgPGRvbWFpbi1yZWdpc3RyeS11c2Vyc0Bnb29nbGVncm91cHMuY29tPoi4BBMB
-AgAiBQJXzwWpAhsDBgsJCAcDAgYVCAIJCgsEFgIDAQIeAQIXgAAKCRCIX9igNM8p
-/6lZA/wIukET7iOVp/um4feLIaLoBaJlWdb6dRHPgQKZaFfNg5CaALCeVOwsBKNA
-6YCCCtaSa1l6bIzziC8Lii37DB5hNF9M9A350rgUFHtKze5BAADtPkpDpY50nPug
-wkQP7UEjCMcpix0fDX5cJ/bJ9va7w5fw3LX/GuBuLHemswGBup0B/gRXzwWpAQQA
-xuQ90FV9LRznzfZe4/IUGGQ1L/ku9xuA1TGeTnuqRR9kdTofZw5p2a0Kh915x6En
-VLogsAvshwIiDZaraJRiXLBrF7Hf4fKgc0gHNtlkVSCeow1kGScDXOpQ01deDFfU
-YjQq86XSfwCognw7O5636kNsS7Te0jfPZmbgJdldGXMAEQEAAf4DAwIjURDLXU2o
-1GC/wS0hrGk9x0H8daxBK1nH1U8kT+8RQM0t7c4rpY0z3p/FTpc4sKy58K0YDVT2
-7ym0ukUHBR7Em0rr9VCkUVkR0rQhpi2ioMUDLn+FyslzYSZnsvvK1WWgMYuCylHM
-H7lrzkJQvN7jWdKEURwkRC38S4/JfhZQ8Y+hHa8yt96pCxB6NgUkwjPK/H4KVYz7
-hjPAu0fsvzklfo9/xZMSoRZF+K8KXNc8MqBK8gheuP8bU3c30KTjevjlLw8kUsL3
-wkqehCYCe1GKPUhdLoBQiWGAddFFwyPuMuzk1W3oaxRaXPDT2eR4+5jNkoODX9Wz
-sWgM7h6gkaPdaSaKNatYAlqVQxWsdVnJOzJzj8UZp34oGQxow9ZU1WGqccd5VlJx
-32aQjcGXcjgq/zY4OcKBKxiFWJX8LUzIlUmEyTppxzn4VxbOmbVc5L2Knw5isv6E
-Q5CnZCaJVeGvIeHuDfIyIA0+Sk29nYifBBgBAgAJBQJXzwWpAhsMAAoJEIhf2KA0
-zyn/cZcD/0a540LdD3xv9JrEwS2bMPYUKtwqw/dysiLnkvW1hQBj7bJUhQrILb3p
-9qPcubKPPODNPfUxKOjQX7zTMTd4F7wVGXoARrqiqvmCrK9XL1UnqZ+ofvvId2Sc
-p5qUP0iC5kc8od3T64DEPJPqMs2/GrjfMGwRTzEbIdp22Jho0Esy
-=qUDG
+lQHYBFo8aRIBBAC8MA2xQXYvEbeLV1iMo4GC3lRFYvrUCarenhwoWufCYH6dGien
+/HhiB0eiDF672J4MtueHQ2M7UaGJgxAoQTG9c6O90vlmFFhPZ967U1MTdY/NLvDK
+bQEGzjdaUC1T/O6kr0O4GHRAyNyHa39Q75Oaj8MNdPsTmT4tDy+aFO6kKwARAQAB
+AAP9Gd59M12tUmEcGxKBwKuFVSkc6oDlvBosG/geJMoCS+0Z2pzK0MPbBJa9mSAc
+MbRgXZ0TDLwNuwzIqO+UXARCQu1ln/NlCcSzQZd5S80Of6CSoFMdFEb0kcpFW3z9
+rpZdIBpNNk2iyBro9+7JOLJgCUkZQX7jy2K4LM5eTJsnuMECANFBnrMUde43XBiT
+gixOJ5zbekGIIGq4QeRc8fJUDUhkFMq1znNriu30bB0Ld4Btlxzyn56tx8DVgx1+
+4anONuECAOY5nm2G9i46AUxQN3dB8IE0SMMHcRcz60eX68fke+1aYjdSQA/nf9hR
+l2f+gX9+y3cPqo7bFZzrDNECRm3J2IsB/2444JDTnzyME99jRYeEZGM0BXMWZEoO
+hLU7f2V8pdN1po6mZ5bZZv6LeTXWPCIqCuBxNHZAV/xH9oWmkpjnw8Sc77QpVGVz
+dCBSZWdpc3RyeSA8dGVzdC1yZWdpc3RyeUBleGFtcGxlLmNvbT6IuAQTAQIAIgUC
+WjxpEgIbAwYLCQgHAwIGFQgCCQoLBBYCAwECHgECF4AACgkQvIOfrLbgEN2NegP+
+JV+i4DxPTv3jfRDcpGy8yDANiIoBFSyARpqMqg0+TfV/UypuyjFTGfnLuQv+osce
+OKtPevH8gCc779+OqtqyNDcPooTG5K+eUYR77PYtfzsKk/Z/33tQtEJDb8WWn4G4
+R9Nh51MOz1X17oe3ih9HNvMGIrOG9VeWPsTxjXAzBoidAdgEWjxpEgEEANiasS9p
+bG53M3jeCwLX0PFgWgspMZl3QnU6bvaTsfMAHaklJ55Tj1wuaaQymHqNm6xElCN8
+MK8exDQQvPZwYVQOuoP3cHriCslLGznB943URcuxXz6R7F7WixYUeVVpQ4J0+gFu
+bR8PfThDCtHQyP+uYx9U+EVWIvuIZIchdjl9ABEBAAEAA/4xmt2sorthIf3g9pL1
+e/jfKoZ8i1rPT1NiNvdeE217neFtEPP9i5vni76ISskGOgN2hH8bkE+y7zwWQ2YP
+FyYGlvVcw2KjT7+SrAWCkgR6Y7hWib+RDcVGje+YH5MxGtBIX2W/zcOW5S9+nC3Q
+Y3Tzc3YQxF8sOeaHvrEb1tJ9eQIA5ivEjt43GgZq0nxacKLhleXyA9Z/JmwDg15z
+FCZCnPABmR72wpXzXe2gO18W3iiqwS/WFDbdSFwxDQ0lXSy8VQIA8Okv6Q2BNXEw
+H0hufK8P7aHvuOI1ll4qTw6QkY+z5hRZAcmmID3boQJeJAmVbUissYKUNJudmiUJ
+DPLQod+wiQIAtJWxlRgHvEHRjQS5tH13ERWLObBHdZcQvKcqdtTCZj1EVH7zVHpb
+qBLggo7QwPJTC+UMf/f4nPd1U2O6zXv66p5liJ8EGAECAAkFAlo8aRICGwwACgkQ
+vIOfrLbgEN141gP9GATYCoihm5igbZ0FL8YPPb5WvHpTEA4WgdIIUUCQ0TYJ2ZOC
+dK0i3qbb1xRRBJq006qSiE4vqQ7fHO8HxmEWaPLlsPvebGm39PUuzVyWx8I2w+0/
+qcxt5L2VVzbZFp6+Yoa+meRYsO77gAzUvqUG1yLWo6MD4pSUNYJA867BB/k=
+=mkAP
 -----END PGP PRIVATE KEY BLOCK-----
diff --git a/java/google/registry/keyring/api/pgp-public-keyring.asc b/java/google/registry/keyring/api/pgp-public-keyring.asc
index a18389dec..6382d7405 100644
--- a/java/google/registry/keyring/api/pgp-public-keyring.asc
+++ b/java/google/registry/keyring/api/pgp-public-keyring.asc
@@ -1,20 +1,19 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
-Version: GnuPG v1
 
-mI0EV88FqQEEAJMqfxk9spXJp/FU6cWH2f1dvQMgDamHyhPDynk5smnNn9vH8HF4
-gyzkqOJm7rKv5JACQNuiQPCUVNUhURK+TFg94dWf2+dbTVPieVDb/h7MCqM24aXs
-HrUqXnQkymuBmj5W9tGHNhZhxlyVkM071rHKmFa4gVqsyB0OXxMLQi4rABEBAAG0
-OERvbWFpbiBSZWdpc3RyeSA8ZG9tYWluLXJlZ2lzdHJ5LXVzZXJzQGdvb2dsZWdy
-b3Vwcy5jb20+iLgEEwECACIFAlfPBakCGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4B
-AheAAAoJEIhf2KA0zyn/qVkD/Ai6QRPuI5Wn+6bh94shougFomVZ1vp1Ec+BAplo
-V82DkJoAsJ5U7CwEo0DpgIIK1pJrWXpsjPOILwuKLfsMHmE0X0z0DfnSuBQUe0rN
-7kEAAO0+SkOljnSc+6DCRA/tQSMIxymLHR8Nflwn9sn29rvDl/Dctf8a4G4sd6az
-AYG6uI0EV88FqQEEAMbkPdBVfS0c5832XuPyFBhkNS/5LvcbgNUxnk57qkUfZHU6
-H2cOadmtCofdecehJ1S6ILAL7IcCIg2Wq2iUYlywaxex3+HyoHNIBzbZZFUgnqMN
-ZBknA1zqUNNXXgxX1GI0KvOl0n8AqIJ8Ozuet+pDbEu03tI3z2Zm4CXZXRlzABEB
-AAGInwQYAQIACQUCV88FqQIbDAAKCRCIX9igNM8p/3GXA/9GueNC3Q98b/SaxMEt
-mzD2FCrcKsP3crIi55L1tYUAY+2yVIUKyC296faj3LmyjzzgzT31MSjo0F+80zE3
-eBe8FRl6AEa6oqr5gqyvVy9VJ6mfqH77yHdknKealD9IguZHPKHd0+uAxDyT6jLN
-vxq43zBsEU8xGyHadtiYaNBLMg==
-=v+Qg
+mI0EWjxpEgEEALwwDbFBdi8Rt4tXWIyjgYLeVEVi+tQJqt6eHCha58Jgfp0aJ6f8
+eGIHR6IMXrvYngy254dDYztRoYmDEChBMb1zo73S+WYUWE9n3rtTUxN1j80u8Mpt
+AQbON1pQLVP87qSvQ7gYdEDI3Idrf1Dvk5qPww10+xOZPi0PL5oU7qQrABEBAAG0
+KVRlc3QgUmVnaXN0cnkgPHRlc3QtcmVnaXN0cnlAZXhhbXBsZS5jb20+iLgEEwEC
+ACIFAlo8aRICGwMGCwkIBwMCBhUIAgkKCwQWAgMBAh4BAheAAAoJELyDn6y24BDd
+jXoD/iVfouA8T079430Q3KRsvMgwDYiKARUsgEaajKoNPk31f1MqbsoxUxn5y7kL
+/qLHHjirT3rx/IAnO+/fjqrasjQ3D6KExuSvnlGEe+z2LX87CpP2f997ULRCQ2/F
+lp+BuEfTYedTDs9V9e6Ht4ofRzbzBiKzhvVXlj7E8Y1wMwaIuI0EWjxpEgEEANia
+sS9pbG53M3jeCwLX0PFgWgspMZl3QnU6bvaTsfMAHaklJ55Tj1wuaaQymHqNm6xE
+lCN8MK8exDQQvPZwYVQOuoP3cHriCslLGznB943URcuxXz6R7F7WixYUeVVpQ4J0
++gFubR8PfThDCtHQyP+uYx9U+EVWIvuIZIchdjl9ABEBAAGInwQYAQIACQUCWjxp
+EgIbDAAKCRC8g5+stuAQ3XjWA/0YBNgKiKGbmKBtnQUvxg89vla8elMQDhaB0ghR
+QJDRNgnZk4J0rSLeptvXFFEEmrTTqpKITi+pDt8c7wfGYRZo8uWw+95sabf09S7N
+XJbHwjbD7T+pzG3kvZVXNtkWnr5ihr6Z5Fiw7vuADNS+pQbXItajowPilJQ1gkDz
+rsEH+Q==
+=ilBa
 -----END PGP PUBLIC KEY BLOCK-----