zydronium/google-nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus.git synced 2025-04-29 11:37:51 +02:00
Code Issues Projects Releases Packages Wiki Activity
google-nomulus/java/google/registry/keyring/api/Keyring.java
jianglai 71d7a382f3 Change all references to Domain Registry to Nomulus 
-------------
Created by MOE: https://github.com/google/moe
MOE_MIGRATED_REVID=136068582
2016-10-14 16:58:07 -04:00

164 lines
5.2 KiB
Java
Raw Blame History

// Copyright 2016 The Nomulus Authors. All Rights Reserved.
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package google.registry.keyring.api;
import javax.annotation.concurrent.ThreadSafe;
import org.bouncycastle.openpgp.PGPKeyPair;
import org.bouncycastle.openpgp.PGPPrivateKey;
import org.bouncycastle.openpgp.PGPPublicKey;
/**
* Nomulus keyring interface.
*
* <p>Separate methods are defined for each specific situation in which the
* registry server needs a secret value, like a PGP key or password.
*/
@ThreadSafe
public interface Keyring extends AutoCloseable {
/**
* Returns the key which should be used to sign RDE deposits being uploaded to a third-party.
*
* <p>When we give all our data to the escrow provider, they'll need
* a signature to ensure the data is authentic.
*
* <p>This keypair should only be known to the domain registry shared
* registry system.
*
* @see google.registry.rde.RdeUploadAction
*/
PGPKeyPair getRdeSigningKey();
/**
* Returns public key for encrypting escrow deposits being staged to cloud storage.
*
* <p>This adds an additional layer of security so cloud storage administrators
* won't be tempted to go poking around the App Engine Cloud Console and see a
* dump of the entire database.
*
* <p>This keypair should only be known to the domain registry shared
* registry system.
*
* @see #getRdeStagingDecryptionKey()
*/
PGPPublicKey getRdeStagingEncryptionKey();
/**
* Returns private key for decrypting escrow deposits retrieved from cloud storage.
*
* <p>This method may impose restrictions on who can call it. For example, we'd want
* to check that the caller isn't an HTTP request attacking a vulnerability in the
* admin console. The request should originate from a backend task queue servlet
* invocation of the RDE upload thing.
*
* @see #getRdeStagingEncryptionKey()
* @see google.registry.rde.RdeUploadAction
*/
PGPPrivateKey getRdeStagingDecryptionKey();
/**
* Returns public key of escrow agent for encrypting deposits as they're uploaded.
*
* @see google.registry.rde.RdeUploadAction
*/
PGPPublicKey getRdeReceiverKey();
/**
* Returns the PGP key we use to sign Bulk Registration Data Access (BRDA) deposits.
*
* @see google.registry.rde.BrdaCopyAction
*/
PGPKeyPair getBrdaSigningKey();
/**
* Returns public key of receiver of Bulk Registration Data Access (BRDA) deposits.
*
* @see google.registry.rde.BrdaCopyAction
*/
PGPPublicKey getBrdaReceiverKey();
/**
* Returns public key for SSH client connections made by RDE.
*
* <p>This is a string containing what would otherwise be the contents of an
* {@code ~/.ssh/id_rsa.pub} file. It's usually a single line with the name of
* the algorithm, the base64 key, and the email address of the owner.
*
* @see google.registry.rde.RdeUploadAction
*/
String getRdeSshClientPublicKey();
/**
* Returns private key for SSH client connections made by RDE.
*
* <p>This is a string containing what would otherwise be the contents of an
* {@code ~/.ssh/id_rsa} file. It's ASCII-armored text.
*
* <p>This method may impose restrictions on who can call it. For example, we'd want
* to check that the caller isn't an HTTP request attacking a vulnerability in the
* admin console. The request should originate from a backend task queue servlet
* invocation of the RDE upload thing.
*
* @see google.registry.rde.RdeUploadAction
*/
String getRdeSshClientPrivateKey();
/**
* Returns password to be used when uploading reports to ICANN.
*
* @see google.registry.rde.RdeReportAction
*/
String getIcannReportingPassword();
/**
* Returns {@code user:password} login for TMCH MarksDB HTTP server DNL interface.
*
* @see google.registry.tmch.TmchDnlAction
*/
String getMarksdbDnlLogin();
/**
* Returns password for TMCH MarksDB HTTP server LORDN interface.
*
* @see "google.registry.tmch.LordnRequestInitializer"
*/
String getMarksdbLordnPassword();
/**
* Returns {@code user:password} login for TMCH MarksDB HTTP server SMDRL interface.
*
* @see google.registry.tmch.TmchSmdrlAction
*/
String getMarksdbSmdrlLogin();
/**
* Returns the credentials for a service account on the Google AppEngine project downloaded from
* the Cloud Console dashboard in JSON format.
*/
String getJsonCredential();
/**
* Returns Braintree API private key for Registry.
*
* <p>This is a base32 value copied from the Braintree website.
*
* @see google.registry.config.ConfigModule#provideBraintreePublicKey
*/
String getBraintreePrivateKey();
// Don't throw so try-with-resources works better.
@Override
void close();
}
Reference in a new issue View git blame Copy permalink