Interface Keyring
-
- All Superinterfaces:
java.lang.AutoCloseable
- All Known Implementing Classes:
InMemoryKeyring
,SecretManagerKeyring
@ThreadSafe public interface Keyring extends java.lang.AutoCloseable
Nomulus keyring interface.Separate methods are defined for each specific situation in which the registry server needs a secret value, like a PGP key or password.
-
-
Method Summary
All Methods Instance Methods Abstract Methods Modifier and Type Method Description void
close()
org.bouncycastle.openpgp.PGPPublicKey
getBrdaReceiverKey()
Returns public key of receiver of Bulk Registration Data Access (BRDA) deposits.org.bouncycastle.openpgp.PGPKeyPair
getBrdaSigningKey()
Returns the PGP key we use to sign Bulk Registration Data Access (BRDA) deposits.java.lang.String
getIcannReportingPassword()
Returns password to be used when uploading reports to ICANN.java.lang.String
getJsonCredential()
Returns the credentials for a service account on the Google AppEngine project downloaded from the Cloud Console dashboard in JSON format.java.lang.String
getMarksdbDnlLoginAndPassword()
Returnsuser:password
login for TMCH MarksDB HTTP server DNL interface.java.lang.String
getMarksdbLordnPassword()
Returns password for TMCH MarksDB HTTP server LORDN interface.java.lang.String
getMarksdbSmdrlLoginAndPassword()
Returnsuser:password
login for TMCH MarksDB HTTP server SMDRL interface.org.bouncycastle.openpgp.PGPPublicKey
getRdeReceiverKey()
Returns public key of escrow agent for encrypting deposits as they're uploaded.org.bouncycastle.openpgp.PGPKeyPair
getRdeSigningKey()
Returns the key which should be used to sign RDE deposits being uploaded to a third-party.java.lang.String
getRdeSshClientPrivateKey()
Returns private key for SSH client connections made by RDE.java.lang.String
getRdeSshClientPublicKey()
Returns public key for SSH client connections made by RDE.org.bouncycastle.openpgp.PGPPrivateKey
getRdeStagingDecryptionKey()
Returns private key for decrypting escrow deposits retrieved from cloud storage.org.bouncycastle.openpgp.PGPPublicKey
getRdeStagingEncryptionKey()
Returns public key for encrypting escrow deposits being staged to cloud storage.java.lang.String
getSafeBrowsingAPIKey()
Returns the API key for accessing the SafeBrowsing API.
-
-
-
Method Detail
-
getRdeSigningKey
org.bouncycastle.openpgp.PGPKeyPair getRdeSigningKey()
Returns the key which should be used to sign RDE deposits being uploaded to a third-party.When we give all our data to the escrow provider, they'll need a signature to ensure the data is authentic.
This keypair should only be known to the domain registry shared registry system.
- See Also:
RdeUploadAction
-
getRdeStagingEncryptionKey
org.bouncycastle.openpgp.PGPPublicKey getRdeStagingEncryptionKey()
Returns public key for encrypting escrow deposits being staged to cloud storage.This adds an additional layer of security so cloud storage administrators won't be tempted to go poking around the App Engine Cloud Console and see a dump of the entire database.
This keypair should only be known to the domain registry shared registry system.
- See Also:
getRdeStagingDecryptionKey()
-
getRdeStagingDecryptionKey
org.bouncycastle.openpgp.PGPPrivateKey getRdeStagingDecryptionKey()
Returns private key for decrypting escrow deposits retrieved from cloud storage.This method may impose restrictions on who can call it. For example, we'd want to check that the caller isn't an HTTP request attacking a vulnerability in the admin console. The request should originate from a backend task queue servlet invocation of the RDE upload thing.
- See Also:
getRdeStagingEncryptionKey()
,RdeUploadAction
-
getRdeReceiverKey
org.bouncycastle.openpgp.PGPPublicKey getRdeReceiverKey()
Returns public key of escrow agent for encrypting deposits as they're uploaded.- See Also:
RdeUploadAction
-
getBrdaSigningKey
org.bouncycastle.openpgp.PGPKeyPair getBrdaSigningKey()
Returns the PGP key we use to sign Bulk Registration Data Access (BRDA) deposits.- See Also:
BrdaCopyAction
-
getBrdaReceiverKey
org.bouncycastle.openpgp.PGPPublicKey getBrdaReceiverKey()
Returns public key of receiver of Bulk Registration Data Access (BRDA) deposits.- See Also:
BrdaCopyAction
-
getRdeSshClientPublicKey
java.lang.String getRdeSshClientPublicKey()
Returns public key for SSH client connections made by RDE.This is a string containing what would otherwise be the contents of an
~/.ssh/id_rsa.pub
file. It's usually a single line with the name of the algorithm, the base64 key, and the email address of the owner.- See Also:
RdeUploadAction
-
getRdeSshClientPrivateKey
java.lang.String getRdeSshClientPrivateKey()
Returns private key for SSH client connections made by RDE.This is a string containing what would otherwise be the contents of an
~/.ssh/id_rsa
file. It's ASCII-armored text.This method may impose restrictions on who can call it. For example, we'd want to check that the caller isn't an HTTP request attacking a vulnerability in the admin console. The request should originate from a backend task queue servlet invocation of the RDE upload thing.
- See Also:
RdeUploadAction
-
getSafeBrowsingAPIKey
java.lang.String getSafeBrowsingAPIKey()
Returns the API key for accessing the SafeBrowsing API.- See Also:
GenerateSpec11ReportAction
-
getIcannReportingPassword
java.lang.String getIcannReportingPassword()
Returns password to be used when uploading reports to ICANN.- See Also:
RdeReportAction
-
getMarksdbDnlLoginAndPassword
java.lang.String getMarksdbDnlLoginAndPassword()
Returnsuser:password
login for TMCH MarksDB HTTP server DNL interface.- See Also:
TmchDnlAction
-
getMarksdbLordnPassword
java.lang.String getMarksdbLordnPassword()
Returns password for TMCH MarksDB HTTP server LORDN interface.- See Also:
- "google.registry.tmch.LordnRequestInitializer"
-
getMarksdbSmdrlLoginAndPassword
java.lang.String getMarksdbSmdrlLoginAndPassword()
Returnsuser:password
login for TMCH MarksDB HTTP server SMDRL interface.- See Also:
TmchSmdrlAction
-
getJsonCredential
java.lang.String getJsonCredential()
Returns the credentials for a service account on the Google AppEngine project downloaded from the Cloud Console dashboard in JSON format.
-
close
void close()
- Specified by:
close
in interfacejava.lang.AutoCloseable
-
-