Package google.registry.keyring.api

Interface Keyring

All Superinterfaces:

AutoCloseable

All Known Implementing Classes:

InMemoryKeyring, SecretManagerKeyring

@ThreadSafe
public interface Keyring
extends AutoCloseable

Nomulus keyring interface.

Separate methods are defined for each specific situation in which the registry server needs a secret value, like a PGP key or password.

Method Summary

Modifier and Type	Method	Description
void	close()
org.bouncycastle.openpgp.PGPPublicKey	getBrdaReceiverKey()	Returns public key of receiver of Bulk Registration Data Access (BRDA) deposits.
org.bouncycastle.openpgp.PGPKeyPair	getBrdaSigningKey()	Returns the PGP key we use to sign Bulk Registration Data Access (BRDA) deposits.
String	getBsaApiKey()	Returns the API_KEY for authentication with the BSA portal.
String	getIcannReportingPassword()	Returns password to be used when uploading reports to ICANN.
String	getMarksdbDnlLoginAndPassword()	Returns user:password login for TMCH MarksDB HTTP server DNL interface.
String	getMarksdbLordnPassword()	Returns password for TMCH MarksDB HTTP server LORDN interface.
String	getMarksdbSmdrlLoginAndPassword()	Returns user:password login for TMCH MarksDB HTTP server SMDRL interface.
org.bouncycastle.openpgp.PGPPublicKey	getRdeReceiverKey()	Returns public key of escrow agent for encrypting deposits as they're uploaded.
org.bouncycastle.openpgp.PGPKeyPair	getRdeSigningKey()	Returns the key which should be used to sign RDE deposits being uploaded to a third-party.
String	getRdeSshClientPrivateKey()	Returns private key for SSH client connections made by RDE.
String	getRdeSshClientPublicKey()	Returns public key for SSH client connections made by RDE.
org.bouncycastle.openpgp.PGPPrivateKey	getRdeStagingDecryptionKey()	Returns private key for decrypting escrow deposits retrieved from cloud storage.
org.bouncycastle.openpgp.PGPPublicKey	getRdeStagingEncryptionKey()	Returns public key for encrypting escrow deposits being staged to cloud storage.
String	getSafeBrowsingAPIKey()	Returns the API key for accessing the SafeBrowsing API.

Method Details

getRdeSigningKey

org.bouncycastle.openpgp.PGPKeyPair getRdeSigningKey()

Returns the key which should be used to sign RDE deposits being uploaded to a third-party.

When we give all our data to the escrow provider, they'll need a signature to ensure the data is authentic.

This keypair should only be known to the domain registry shared registry system.

See Also:

• RdeUploadAction

getRdeStagingEncryptionKey

org.bouncycastle.openpgp.PGPPublicKey getRdeStagingEncryptionKey()

Returns public key for encrypting escrow deposits being staged to cloud storage.

This adds an additional layer of security so cloud storage administrators won't be tempted to go poking around the App Engine Cloud Console and see a dump of the entire database.

This keypair should only be known to the domain registry shared registry system.

See Also:

• getRdeStagingDecryptionKey()

getRdeStagingDecryptionKey

org.bouncycastle.openpgp.PGPPrivateKey getRdeStagingDecryptionKey()

Returns private key for decrypting escrow deposits retrieved from cloud storage.

This method may impose restrictions on who can call it. For example, we'd want to check that the caller isn't an HTTP request attacking a vulnerability in the admin console. The request should originate from a backend task queue servlet invocation of the RDE upload thing.

See Also:

• getRdeStagingEncryptionKey()
• RdeUploadAction

getRdeReceiverKey

org.bouncycastle.openpgp.PGPPublicKey getRdeReceiverKey()

Returns public key of escrow agent for encrypting deposits as they're uploaded.

See Also:

• RdeUploadAction

getBrdaSigningKey

org.bouncycastle.openpgp.PGPKeyPair getBrdaSigningKey()

Returns the PGP key we use to sign Bulk Registration Data Access (BRDA) deposits.

See Also:

• BrdaCopyAction

getBrdaReceiverKey

org.bouncycastle.openpgp.PGPPublicKey getBrdaReceiverKey()

Returns public key of receiver of Bulk Registration Data Access (BRDA) deposits.

See Also:

• BrdaCopyAction

getRdeSshClientPublicKey

String getRdeSshClientPublicKey()

Returns public key for SSH client connections made by RDE.

This is a string containing what would otherwise be the contents of an ~/.ssh/id_rsa.pub file. It's usually a single line with the name of the algorithm, the base64 key, and the email address of the owner.

See Also:

• RdeUploadAction

getRdeSshClientPrivateKey

String getRdeSshClientPrivateKey()

Returns private key for SSH client connections made by RDE.

This is a string containing what would otherwise be the contents of an ~/.ssh/id_rsa file. It's ASCII-armored text.

This method may impose restrictions on who can call it. For example, we'd want to check that the caller isn't an HTTP request attacking a vulnerability in the admin console. The request should originate from a backend task queue servlet invocation of the RDE upload thing.

See Also:

• RdeUploadAction

getSafeBrowsingAPIKey

String getSafeBrowsingAPIKey()

Returns the API key for accessing the SafeBrowsing API.

See Also:

• GenerateSpec11ReportAction

getIcannReportingPassword

String getIcannReportingPassword()

Returns password to be used when uploading reports to ICANN.

See Also:

• RdeReportAction

getMarksdbDnlLoginAndPassword

String getMarksdbDnlLoginAndPassword()

Returns user:password login for TMCH MarksDB HTTP server DNL interface.

See Also:

• TmchDnlAction

getMarksdbLordnPassword

String getMarksdbLordnPassword()

Returns password for TMCH MarksDB HTTP server LORDN interface.

See Also:

• "google.registry.tmch.LordnRequestInitializer"

getMarksdbSmdrlLoginAndPassword

String getMarksdbSmdrlLoginAndPassword()

Returns user:password login for TMCH MarksDB HTTP server SMDRL interface.

See Also:

• TmchSmdrlAction

getBsaApiKey

String getBsaApiKey()

Returns the API_KEY for authentication with the BSA portal.

close

void close()

Specified by:

close in interface AutoCloseable