From e1eedb2e0a6ad2c1d5d57a3d2679add9d8184ee5 Mon Sep 17 00:00:00 2001 From: sarahcaseybot Date: Fri, 30 Oct 2020 15:57:12 -0400 Subject: [PATCH] Move CertificateChecker to core/ (#852) * Move CertificateChecker to core/ * rename certificates/ to certs/ --- .../config/CertificateCheckerModule.java | 44 ------------ .../flows/certs}/CertificateChecker.java | 14 ++-- .../module/frontend/FrontendComponent.java | 2 - .../tools/CreateOrUpdateRegistrarCommand.java | 2 +- .../registry/tools/RegistryToolComponent.java | 2 - .../registrar/RegistrarSettingsAction.java | 2 +- .../flows/certs}/CertificateCheckerTest.java | 67 +++---------------- .../tools/CreateRegistrarCommandTest.java | 2 +- .../tools/UpdateRegistrarCommandTest.java | 2 +- .../RegistrarSettingsActionTestCase.java | 2 +- 10 files changed, 26 insertions(+), 113 deletions(-) delete mode 100644 core/src/main/java/google/registry/config/CertificateCheckerModule.java rename {util/src/main/java/google/registry/util => core/src/main/java/google/registry/flows/certs}/CertificateChecker.java (95%) rename {util/src/test/java/google/registry/util => core/src/test/java/google/registry/flows/certs}/CertificateCheckerTest.java (68%) diff --git a/core/src/main/java/google/registry/config/CertificateCheckerModule.java b/core/src/main/java/google/registry/config/CertificateCheckerModule.java deleted file mode 100644 index 8644bde7c..000000000 --- a/core/src/main/java/google/registry/config/CertificateCheckerModule.java +++ /dev/null @@ -1,44 +0,0 @@ -// Copyright 2020 The Nomulus Authors. All Rights Reserved. -// -// Licensed under the Apache License, Version 2.0 (the "License"); -// you may not use this file except in compliance with the License. -// You may obtain a copy of the License at -// -// http://www.apache.org/licenses/LICENSE-2.0 -// -// Unless required by applicable law or agreed to in writing, software -// distributed under the License is distributed on an "AS IS" BASIS, -// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. -// See the License for the specific language governing permissions and -// limitations under the License. - -package google.registry.config; - -import com.google.common.collect.ImmutableSortedMap; -import dagger.Module; -import dagger.Provides; -import google.registry.config.RegistryConfig.Config; -import google.registry.util.CertificateChecker; -import google.registry.util.Clock; -import javax.inject.Singleton; -import org.joda.time.DateTime; - -/** Dagger module that provides the {@link CertificateChecker} used in the application. */ -// TODO(sarahbot@): Move this module to a better location. Possibly flows/. If we decide to move -// CertificateChecker.java to core/ delete this file and inject the CertificateChecker constructor -// instead. -@Module -public abstract class CertificateCheckerModule { - - @Provides - @Singleton - static CertificateChecker provideCertificateChecker( - @Config("maxValidityDaysSchedule") ImmutableSortedMap validityDaysMap, - @Config("expirationWarningDays") int daysToExpiration, - @Config("minimumRsaKeyLength") int minimumRsaKeyLength, - Clock clock) { - return new CertificateChecker(validityDaysMap, daysToExpiration, minimumRsaKeyLength, clock); - } - - private CertificateCheckerModule() {} -} diff --git a/util/src/main/java/google/registry/util/CertificateChecker.java b/core/src/main/java/google/registry/flows/certs/CertificateChecker.java similarity index 95% rename from util/src/main/java/google/registry/util/CertificateChecker.java rename to core/src/main/java/google/registry/flows/certs/CertificateChecker.java index 06b591d96..a9b5b72c9 100644 --- a/util/src/main/java/google/registry/util/CertificateChecker.java +++ b/core/src/main/java/google/registry/flows/certs/CertificateChecker.java @@ -12,7 +12,7 @@ // See the License for the specific language governing permissions and // limitations under the License. -package google.registry.util; +package google.registry.flows.certs; import static com.google.common.base.Preconditions.checkArgument; import static google.registry.util.DateTimeUtils.START_OF_TIME; @@ -20,6 +20,9 @@ import static java.nio.charset.StandardCharsets.UTF_8; import com.google.common.collect.ImmutableSet; import com.google.common.collect.ImmutableSortedMap; +import google.registry.config.RegistryConfig.Config; +import google.registry.util.Clock; +import google.registry.util.DateTimeUtils; import java.io.ByteArrayInputStream; import java.security.PublicKey; import java.security.cert.CertificateException; @@ -28,6 +31,7 @@ import java.security.cert.X509Certificate; import java.security.interfaces.RSAPublicKey; import java.util.Date; import java.util.stream.Collectors; +import javax.inject.Inject; import org.joda.time.DateTime; import org.joda.time.Days; @@ -58,10 +62,12 @@ public class CertificateChecker { * ); * */ + @Inject public CertificateChecker( - ImmutableSortedMap maxValidityLengthSchedule, - int daysToExpiration, - int minimumRsaKeyLength, + @Config("maxValidityDaysSchedule") + ImmutableSortedMap maxValidityLengthSchedule, + @Config("expirationWarningDays") int daysToExpiration, + @Config("minimumRsaKeyLength") int minimumRsaKeyLength, Clock clock) { checkArgument( maxValidityLengthSchedule.containsKey(START_OF_TIME), diff --git a/core/src/main/java/google/registry/module/frontend/FrontendComponent.java b/core/src/main/java/google/registry/module/frontend/FrontendComponent.java index 98ff720ca..56e867886 100644 --- a/core/src/main/java/google/registry/module/frontend/FrontendComponent.java +++ b/core/src/main/java/google/registry/module/frontend/FrontendComponent.java @@ -17,7 +17,6 @@ package google.registry.module.frontend; import com.google.monitoring.metrics.MetricReporter; import dagger.Component; import dagger.Lazy; -import google.registry.config.CertificateCheckerModule; import google.registry.config.CredentialModule; import google.registry.config.RegistryConfig.ConfigModule; import google.registry.flows.ServerTridProviderModule; @@ -45,7 +44,6 @@ import javax.inject.Singleton; @Component( modules = { AuthModule.class, - CertificateCheckerModule.class, ConfigModule.class, ConsoleConfigModule.class, CredentialModule.class, diff --git a/core/src/main/java/google/registry/tools/CreateOrUpdateRegistrarCommand.java b/core/src/main/java/google/registry/tools/CreateOrUpdateRegistrarCommand.java index b55384ddf..b1a7925f4 100644 --- a/core/src/main/java/google/registry/tools/CreateOrUpdateRegistrarCommand.java +++ b/core/src/main/java/google/registry/tools/CreateOrUpdateRegistrarCommand.java @@ -30,6 +30,7 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableSet; import com.google.common.collect.Sets; import com.google.common.flogger.FluentLogger; +import google.registry.flows.certs.CertificateChecker; import google.registry.model.registrar.Registrar; import google.registry.model.registrar.RegistrarAddress; import google.registry.model.registry.Registry; @@ -38,7 +39,6 @@ import google.registry.tools.params.OptionalLongParameter; import google.registry.tools.params.OptionalPhoneNumberParameter; import google.registry.tools.params.OptionalStringParameter; import google.registry.tools.params.PathParameter; -import google.registry.util.CertificateChecker; import google.registry.util.CidrAddressBlock; import java.nio.file.Files; import java.nio.file.Path; diff --git a/core/src/main/java/google/registry/tools/RegistryToolComponent.java b/core/src/main/java/google/registry/tools/RegistryToolComponent.java index cec473997..09943422b 100644 --- a/core/src/main/java/google/registry/tools/RegistryToolComponent.java +++ b/core/src/main/java/google/registry/tools/RegistryToolComponent.java @@ -20,7 +20,6 @@ import dagger.Lazy; import google.registry.batch.BatchModule; import google.registry.beam.initsql.BeamJpaModule; import google.registry.bigquery.BigqueryModule; -import google.registry.config.CertificateCheckerModule; import google.registry.config.CredentialModule.LocalCredentialJson; import google.registry.config.RegistryConfig.Config; import google.registry.config.RegistryConfig.ConfigModule; @@ -61,7 +60,6 @@ import javax.inject.Singleton; BatchModule.class, BeamJpaModule.class, BigqueryModule.class, - CertificateCheckerModule.class, ConfigModule.class, CloudDnsWriterModule.class, DatastoreAdminModule.class, diff --git a/core/src/main/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java b/core/src/main/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java index 2d49938f2..7694cc51a 100644 --- a/core/src/main/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java +++ b/core/src/main/java/google/registry/ui/server/registrar/RegistrarSettingsAction.java @@ -38,6 +38,7 @@ import com.google.common.collect.Sets; import com.google.common.collect.Streams; import com.google.common.flogger.FluentLogger; import google.registry.config.RegistryEnvironment; +import google.registry.flows.certs.CertificateChecker; import google.registry.model.registrar.Registrar; import google.registry.model.registrar.RegistrarContact; import google.registry.model.registrar.RegistrarContact.Type; @@ -56,7 +57,6 @@ import google.registry.ui.forms.FormFieldException; import google.registry.ui.server.RegistrarFormFields; import google.registry.ui.server.SendEmailUtils; import google.registry.util.AppEngineServiceUtils; -import google.registry.util.CertificateChecker; import google.registry.util.CollectionUtils; import google.registry.util.DiffUtils; import java.util.HashSet; diff --git a/util/src/test/java/google/registry/util/CertificateCheckerTest.java b/core/src/test/java/google/registry/flows/certs/CertificateCheckerTest.java similarity index 68% rename from util/src/test/java/google/registry/util/CertificateCheckerTest.java rename to core/src/test/java/google/registry/flows/certs/CertificateCheckerTest.java index 15511a5ee..7e468f22c 100644 --- a/util/src/test/java/google/registry/util/CertificateCheckerTest.java +++ b/core/src/test/java/google/registry/flows/certs/CertificateCheckerTest.java @@ -12,19 +12,22 @@ // See the License for the specific language governing permissions and // limitations under the License. -package google.registry.util; +package google.registry.flows.certs; import static com.google.common.truth.Truth.assertThat; -import static google.registry.util.CertificateChecker.CertificateViolation.ALGORITHM_CONSTRAINED; -import static google.registry.util.CertificateChecker.CertificateViolation.EXPIRED; -import static google.registry.util.CertificateChecker.CertificateViolation.NOT_YET_VALID; -import static google.registry.util.CertificateChecker.CertificateViolation.RSA_KEY_LENGTH_TOO_SHORT; -import static google.registry.util.CertificateChecker.CertificateViolation.VALIDITY_LENGTH_TOO_LONG; +import static google.registry.flows.certs.CertificateChecker.CertificateViolation.ALGORITHM_CONSTRAINED; +import static google.registry.flows.certs.CertificateChecker.CertificateViolation.EXPIRED; +import static google.registry.flows.certs.CertificateChecker.CertificateViolation.NOT_YET_VALID; +import static google.registry.flows.certs.CertificateChecker.CertificateViolation.RSA_KEY_LENGTH_TOO_SHORT; +import static google.registry.flows.certs.CertificateChecker.CertificateViolation.VALIDITY_LENGTH_TOO_LONG; +import static google.registry.testing.CertificateSamples.SAMPLE_CERT; +import static google.registry.testing.CertificateSamples.SAMPLE_CERT3; import static google.registry.util.DateTimeUtils.START_OF_TIME; import static org.junit.jupiter.api.Assertions.assertThrows; import com.google.common.collect.ImmutableSortedMap; import google.registry.testing.FakeClock; +import google.registry.util.SelfSignedCaCertificate; import java.security.KeyPairGenerator; import java.security.SecureRandom; import java.security.cert.X509Certificate; @@ -36,54 +39,6 @@ import org.junit.jupiter.api.Test; class CertificateCheckerTest { private static final String SSL_HOST = "www.example.tld"; - private static final String GOOD_CERTIFICATE = - "-----BEGIN CERTIFICATE-----\n" - + "MIIDyzCCArOgAwIBAgIUJnhiVrxAxgwkLJzHPm1w/lBoNs4wDQYJKoZIhvcNAQEL\n" - + "BQAwdTELMAkGA1UEBhMCVVMxETAPBgNVBAgMCE5ldyBZb3JrMREwDwYDVQQHDAhO\n" - + "ZXcgWW9yazEPMA0GA1UECgwGR29vZ2xlMR0wGwYDVQQLDBRkb21haW4tcmVnaXN0\n" - + "cnktdGVzdDEQMA4GA1UEAwwHY2xpZW50MTAeFw0yMDEwMTIxNzU5NDFaFw0yMTA0\n" - + "MzAxNzU5NDFaMHUxCzAJBgNVBAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8G\n" - + "A1UEBwwITmV3IFlvcmsxDzANBgNVBAoMBkdvb2dsZTEdMBsGA1UECwwUZG9tYWlu\n" - + "LXJlZ2lzdHJ5LXRlc3QxEDAOBgNVBAMMB2NsaWVudDEwggEiMA0GCSqGSIb3DQEB\n" - + "AQUAA4IBDwAwggEKAoIBAQC0msirO7kXyGEC93stsNYGc02Z77Q2qfHFwaGYkUG8\n" - + "QvOF5SWN+jwTo5Td6Jj26A26a8MLCtK45TCBuMRNcUsHhajhT19ocphO20iY3zhi\n" - + "ycwV1id0iwME4kPd1m57BELRE9tUPOxF81/JQXdR1fwT5KRVHYRDWZhaZ5aBmlZY\n" - + "3t/H9Ly0RBYyApkMaGs3nlb94OOug6SouUfRt02S59ja3wsE2SVF/Eui647OXP7O\n" - + "QdYXofxuqLoNkE8EnAdl43/enGLiCIVd0G2lABibFF+gbxTtfgbg7YtfUZJdL+Mb\n" - + "RAcAtuLXEamNQ9H63JgVF16PlQVCDz2XyI3uCfPpDDiBAgMBAAGjUzBRMB0GA1Ud\n" - + "DgQWBBQ26bWk8qfEBjXs/xZ4m8JZyalnITAfBgNVHSMEGDAWgBQ26bWk8qfEBjXs\n" - + "/xZ4m8JZyalnITAPBgNVHRMBAf8EBTADAQH/MA0GCSqGSIb3DQEBCwUAA4IBAQAZ\n" - + "VcsgslBKanKOieJ5ik2d9qzOMXKfBuWPRFWbkC3t9i5awhHqnGAaj6nICnnMZIyt\n" - + "rdx5lZW5aaQyf0EP/90JAA8Xmty4A6MXmEjQAMiCOpP3A7eeS6Xglgi8IOZl4/bg\n" - + "LonW62TUkilo5IiFt/QklFTeHIjXB+OvA8+2Quqyd+zp7v6KnhXjvaomim78DhwE\n" - + "0PIUnjmiRpGpHfTVioTdfhPHZ2Y93Y8K7juL93sQog9aBu5m9XRJCY6wGyWPE83i\n" - + "kmLfGzjcnaJ6kqCd9xQRFZ0JwHmGlkAQvFoeengbNUqSyjyVgsOoNkEsrWwe/JFO\n" - + "iqBvjEhJlvRoefvkdR98\n" - + "-----END CERTIFICATE-----\n"; - private static final String BAD_CERTIFICATE = - "-----BEGIN CERTIFICATE-----\n" - + "MIIDvTCCAqWgAwIBAgIJANoEy6mYwalPMA0GCSqGSIb3DQEBCwUAMHUxCzAJBgNV\n" - + "BAYTAlVTMREwDwYDVQQIDAhOZXcgWW9yazERMA8GA1UEBwwITmV3IFlvcmsxDzAN\n" - + "BgNVBAoMBkdvb2dsZTEdMBsGA1UECwwUZG9tYWluLXJlZ2lzdHJ5LXRlc3QxEDAO\n" - + "BgNVBAMMB2NsaWVudDIwHhcNMTUwODI2MTkyODU3WhcNNDMwMTExMTkyODU3WjB1\n" - + "MQswCQYDVQQGEwJVUzERMA8GA1UECAwITmV3IFlvcmsxETAPBgNVBAcMCE5ldyBZ\n" - + "b3JrMQ8wDQYDVQQKDAZHb29nbGUxHTAbBgNVBAsMFGRvbWFpbi1yZWdpc3RyeS10\n" - + "ZXN0MRAwDgYDVQQDDAdjbGllbnQyMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIB\n" - + "CgKCAQEAw2FtuDyoR+rUJHp6k7KwaoHGHPV1xnC8IpG9O0SZubOXrFrnBHggBsbu\n" - + "+DsknbHXjmoihSFFem0KQqJg5y34aDAHXQV3iqa7nDfb1x4oc5voVz9gqjdmGKNm\n" - + "WF4MTIPNMu8KY52M852mMCxODK+6MZYp7wCmVa63KdCm0bW/XsLgoA/+FVGwKLhf\n" - + "UqFzt10Cf+87zl4VHrSaJqcHBYM6yAO5lvkr5VC6g8rRQ+dJ+pBT2D99YpSF1aFc\n" - + "rWbBreIypixZAnXm/Xoogu6RnohS29VCJp2dXFAJmKXGwyKNQFXfEKxZBaBi8uKH\n" - + "XF459795eyF9xHgSckEgu7jZlxOk6wIDAQABo1AwTjAdBgNVHQ4EFgQUv26AsQyc\n" - + "kLOjkhqcFLOuueB33l4wHwYDVR0jBBgwFoAUv26AsQyckLOjkhqcFLOuueB33l4w\n" - + "DAYDVR0TBAUwAwEB/zANBgkqhkiG9w0BAQsFAAOCAQEANBuV+QDISSnGAEHKbR40\n" - + "zUYdOjdZ399zcFNqTSPHwmE0Qu8pbmXhofpBfjzrcv0tkVbhSLYnT22qhx7aDmhb\n" - + "bOS8CeVYCwl5eiDTkJly3pRZLzJpy+UT5z8SPxO3MrTqn+wuj0lBpWRTBCWYAUpr\n" - + "IFRmgVB3IwVb60UIuxhmuk8TVss2SzNrdhdt36eAIPJ0RWEb0KHYHi35Y6lt4f+t\n" - + "iVk+ZR0cCbHUs7Q1RqREXHd/ICuMRLY/MsadVQ9WDqVOridh198X/OIqdx/p9kvJ\n" - + "1R80jDcVGNhYVXLmHu4ho4xrOaliSYvUJSCmaaSEGVZ/xE5PI7S6A8RMdj0iXLSt\n" - + "Bg==\n" - + "-----END CERTIFICATE-----\n"; private FakeClock fakeClock = new FakeClock(); private CertificateChecker certificateChecker = @@ -241,8 +196,8 @@ class CertificateCheckerTest { @Test void test_checkCertificate_validCertificateString() throws Exception { fakeClock.setTo(DateTime.parse("2020-11-01T00:00:00Z")); - assertThat(certificateChecker.checkCertificate(GOOD_CERTIFICATE)).isEmpty(); - assertThat(certificateChecker.checkCertificate(BAD_CERTIFICATE)) + assertThat(certificateChecker.checkCertificate(SAMPLE_CERT3)).isEmpty(); + assertThat(certificateChecker.checkCertificate(SAMPLE_CERT)) .containsExactly(VALIDITY_LENGTH_TOO_LONG); } diff --git a/core/src/test/java/google/registry/tools/CreateRegistrarCommandTest.java b/core/src/test/java/google/registry/tools/CreateRegistrarCommandTest.java index 7166a0823..0152140f0 100644 --- a/core/src/test/java/google/registry/tools/CreateRegistrarCommandTest.java +++ b/core/src/test/java/google/registry/tools/CreateRegistrarCommandTest.java @@ -37,8 +37,8 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSortedMap; import com.google.common.collect.Range; import com.google.common.net.MediaType; +import google.registry.flows.certs.CertificateChecker; import google.registry.model.registrar.Registrar; -import google.registry.util.CertificateChecker; import java.io.IOException; import java.util.Optional; import org.joda.money.CurrencyUnit; diff --git a/core/src/test/java/google/registry/tools/UpdateRegistrarCommandTest.java b/core/src/test/java/google/registry/tools/UpdateRegistrarCommandTest.java index ef25389c2..29934fcca 100644 --- a/core/src/test/java/google/registry/tools/UpdateRegistrarCommandTest.java +++ b/core/src/test/java/google/registry/tools/UpdateRegistrarCommandTest.java @@ -34,12 +34,12 @@ import com.google.common.collect.ImmutableList; import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSet; import com.google.common.collect.ImmutableSortedMap; +import google.registry.flows.certs.CertificateChecker; import google.registry.model.registrar.Registrar; import google.registry.model.registrar.Registrar.State; import google.registry.model.registrar.Registrar.Type; import google.registry.persistence.VKey; import google.registry.testing.AppEngineExtension; -import google.registry.util.CertificateChecker; import google.registry.util.CidrAddressBlock; import java.util.Optional; import org.joda.money.CurrencyUnit; diff --git a/core/src/test/java/google/registry/ui/server/registrar/RegistrarSettingsActionTestCase.java b/core/src/test/java/google/registry/ui/server/registrar/RegistrarSettingsActionTestCase.java index 0416337a9..c0cc05796 100644 --- a/core/src/test/java/google/registry/ui/server/registrar/RegistrarSettingsActionTestCase.java +++ b/core/src/test/java/google/registry/ui/server/registrar/RegistrarSettingsActionTestCase.java @@ -34,6 +34,7 @@ import com.google.common.collect.ImmutableMap; import com.google.common.collect.ImmutableSetMultimap; import com.google.common.collect.ImmutableSortedMap; import com.google.common.truth.Truth; +import google.registry.flows.certs.CertificateChecker; import google.registry.model.ofy.Ofy; import google.registry.model.registrar.RegistrarContact; import google.registry.request.JsonActionRunner; @@ -48,7 +49,6 @@ import google.registry.testing.FakeClock; import google.registry.testing.InjectExtension; import google.registry.ui.server.SendEmailUtils; import google.registry.util.AppEngineServiceUtils; -import google.registry.util.CertificateChecker; import google.registry.util.EmailMessage; import google.registry.util.SendEmailService; import java.io.PrintWriter;