Class InMemoryKeyring
- All Implemented Interfaces:
Keyring
,AutoCloseable
Keyring
that uses in-memory values for all credentials.-
Constructor Summary
ConstructorDescriptionInMemoryKeyring
(org.bouncycastle.openpgp.PGPKeyPair rdeStagingKey, org.bouncycastle.openpgp.PGPKeyPair rdeSigningKey, org.bouncycastle.openpgp.PGPPublicKey rdeReceiverKey, org.bouncycastle.openpgp.PGPKeyPair brdaSigningKey, org.bouncycastle.openpgp.PGPPublicKey brdaEncryptionKey, String rdeSshClientPublicKey, String rdeSshClientPrivateKey, String icannReportingPassword, String safeBrowsingAPIKey, String marksdbDnlLoginAndPassword, String marksdbLordnPassword, String marksdbSmdrlLoginAndPassword, String cloudSqlPassword, String toolsCloudSqlPassword, String bsaApiKey, String sqlPrimaryConnectionName, String sqlReplicaConnectionName) -
Method Summary
Modifier and TypeMethodDescriptionvoid
close()
Does nothing.org.bouncycastle.openpgp.PGPPublicKey
Returns public key of receiver of Bulk Registration Data Access (BRDA) deposits.org.bouncycastle.openpgp.PGPKeyPair
Returns the PGP key we use to sign Bulk Registration Data Access (BRDA) deposits.Returns the API_KEY for authentication with the BSA portal.Returns password to be used when uploading reports to ICANN.Returnsuser:password
login for TMCH MarksDB HTTP server DNL interface.Returns password for TMCH MarksDB HTTP server LORDN interface.Returnsuser:password
login for TMCH MarksDB HTTP server SMDRL interface.org.bouncycastle.openpgp.PGPPublicKey
Returns public key of escrow agent for encrypting deposits as they're uploaded.org.bouncycastle.openpgp.PGPKeyPair
Returns the key which should be used to sign RDE deposits being uploaded to a third-party.Returns private key for SSH client connections made by RDE.Returns public key for SSH client connections made by RDE.org.bouncycastle.openpgp.PGPPrivateKey
Returns private key for decrypting escrow deposits retrieved from cloud storage.org.bouncycastle.openpgp.PGPPublicKey
Returns public key for encrypting escrow deposits being staged to cloud storage.Returns the API key for accessing the SafeBrowsing API.Returns the Cloud SQL connection name of the primary database instance.Returns the Cloud SQL connection name of the replica database instance.
-
Constructor Details
-
InMemoryKeyring
public InMemoryKeyring(org.bouncycastle.openpgp.PGPKeyPair rdeStagingKey, org.bouncycastle.openpgp.PGPKeyPair rdeSigningKey, org.bouncycastle.openpgp.PGPPublicKey rdeReceiverKey, org.bouncycastle.openpgp.PGPKeyPair brdaSigningKey, org.bouncycastle.openpgp.PGPPublicKey brdaEncryptionKey, String rdeSshClientPublicKey, String rdeSshClientPrivateKey, String icannReportingPassword, String safeBrowsingAPIKey, String marksdbDnlLoginAndPassword, String marksdbLordnPassword, String marksdbSmdrlLoginAndPassword, String cloudSqlPassword, String toolsCloudSqlPassword, String bsaApiKey, String sqlPrimaryConnectionName, String sqlReplicaConnectionName)
-
-
Method Details
-
getRdeSigningKey
public org.bouncycastle.openpgp.PGPKeyPair getRdeSigningKey()Description copied from interface:Keyring
Returns the key which should be used to sign RDE deposits being uploaded to a third-party.When we give all our data to the escrow provider, they'll need a signature to ensure the data is authentic.
This keypair should only be known to the domain registry shared registry system.
- Specified by:
getRdeSigningKey
in interfaceKeyring
- See Also:
-
getRdeStagingEncryptionKey
public org.bouncycastle.openpgp.PGPPublicKey getRdeStagingEncryptionKey()Description copied from interface:Keyring
Returns public key for encrypting escrow deposits being staged to cloud storage.This adds an additional layer of security so cloud storage administrators won't be tempted to go poking around the App Engine Cloud Console and see a dump of the entire database.
This keypair should only be known to the domain registry shared registry system.
- Specified by:
getRdeStagingEncryptionKey
in interfaceKeyring
- See Also:
-
getRdeStagingDecryptionKey
public org.bouncycastle.openpgp.PGPPrivateKey getRdeStagingDecryptionKey()Description copied from interface:Keyring
Returns private key for decrypting escrow deposits retrieved from cloud storage.This method may impose restrictions on who can call it. For example, we'd want to check that the caller isn't an HTTP request attacking a vulnerability in the admin console. The request should originate from a backend task queue servlet invocation of the RDE upload thing.
- Specified by:
getRdeStagingDecryptionKey
in interfaceKeyring
- See Also:
-
getRdeReceiverKey
public org.bouncycastle.openpgp.PGPPublicKey getRdeReceiverKey()Description copied from interface:Keyring
Returns public key of escrow agent for encrypting deposits as they're uploaded.- Specified by:
getRdeReceiverKey
in interfaceKeyring
- See Also:
-
getBrdaSigningKey
public org.bouncycastle.openpgp.PGPKeyPair getBrdaSigningKey()Description copied from interface:Keyring
Returns the PGP key we use to sign Bulk Registration Data Access (BRDA) deposits.- Specified by:
getBrdaSigningKey
in interfaceKeyring
- See Also:
-
getBrdaReceiverKey
public org.bouncycastle.openpgp.PGPPublicKey getBrdaReceiverKey()Description copied from interface:Keyring
Returns public key of receiver of Bulk Registration Data Access (BRDA) deposits.- Specified by:
getBrdaReceiverKey
in interfaceKeyring
- See Also:
-
getRdeSshClientPublicKey
Description copied from interface:Keyring
Returns public key for SSH client connections made by RDE.This is a string containing what would otherwise be the contents of an
~/.ssh/id_rsa.pub
file. It's usually a single line with the name of the algorithm, the base64 key, and the email address of the owner.- Specified by:
getRdeSshClientPublicKey
in interfaceKeyring
- See Also:
-
getRdeSshClientPrivateKey
Description copied from interface:Keyring
Returns private key for SSH client connections made by RDE.This is a string containing what would otherwise be the contents of an
~/.ssh/id_rsa
file. It's ASCII-armored text.This method may impose restrictions on who can call it. For example, we'd want to check that the caller isn't an HTTP request attacking a vulnerability in the admin console. The request should originate from a backend task queue servlet invocation of the RDE upload thing.
- Specified by:
getRdeSshClientPrivateKey
in interfaceKeyring
- See Also:
-
getIcannReportingPassword
Description copied from interface:Keyring
Returns password to be used when uploading reports to ICANN.- Specified by:
getIcannReportingPassword
in interfaceKeyring
- See Also:
-
getSafeBrowsingAPIKey
Description copied from interface:Keyring
Returns the API key for accessing the SafeBrowsing API.- Specified by:
getSafeBrowsingAPIKey
in interfaceKeyring
- See Also:
-
getMarksdbDnlLoginAndPassword
Description copied from interface:Keyring
Returnsuser:password
login for TMCH MarksDB HTTP server DNL interface.- Specified by:
getMarksdbDnlLoginAndPassword
in interfaceKeyring
- See Also:
-
getMarksdbLordnPassword
Description copied from interface:Keyring
Returns password for TMCH MarksDB HTTP server LORDN interface.- Specified by:
getMarksdbLordnPassword
in interfaceKeyring
- See Also:
-
getMarksdbSmdrlLoginAndPassword
Description copied from interface:Keyring
Returnsuser:password
login for TMCH MarksDB HTTP server SMDRL interface.- Specified by:
getMarksdbSmdrlLoginAndPassword
in interfaceKeyring
- See Also:
-
getBsaApiKey
Description copied from interface:Keyring
Returns the API_KEY for authentication with the BSA portal.- Specified by:
getBsaApiKey
in interfaceKeyring
-
getSqlPrimaryConnectionName
Description copied from interface:Keyring
Returns the Cloud SQL connection name of the primary database instance.- Specified by:
getSqlPrimaryConnectionName
in interfaceKeyring
-
getSqlReplicaConnectionName
Description copied from interface:Keyring
Returns the Cloud SQL connection name of the replica database instance.- Specified by:
getSqlReplicaConnectionName
in interfaceKeyring
-
close
public void close()Does nothing.- Specified by:
close
in interfaceAutoCloseable
- Specified by:
close
in interfaceKeyring
-