Add GenerateSpec11Action and SafeBrowsing evaluation

This adds actual subdomain verification via the SafeBrowsing API to the Spec11 pipeline, as well as on-the-fly KMS decryption via the GenerateSpec11Action to securely store our API key in source code. Testing the interaction becomes difficult due to serialization requirements, and will be significantly expanded in the next cl. For now, it verifies basic end-to-end pipeline behavior. ------------- Created by MOE: https://github.com/google/moe MOE_MIGRATED_REVID=208092942
2026-04-22 01:00:44 +00:00 · 2018-08-09 12:32:30 -07:00
parent f554ace51b
commit 33ee7de457
29 changed files with 767 additions and 26 deletions
--- a/javatests/google/registry/testing/FakeKeyringModule.java
+++ b/javatests/google/registry/testing/FakeKeyringModule.java
@@ -51,6 +51,7 @@ public final class FakeKeyringModule {
  private static final ByteSource PGP_PRIVATE_KEYRING =
      loadBytes(FakeKeyringModule.class, "pgp-private-keyring-registry.asc");
  private static final String ICANN_REPORTING_PASSWORD = "yolo";
+  private static final String SAFE_BROWSING_API_KEY = "a/b_c";
  private static final String MARKSDB_DNL_LOGIN = "dnl:yolo";
  private static final String MARKSDB_LORDN_PASSWORD = "yolo";
  private static final String MARKSDB_SMDRL_LOGIN = "smdrl:yolo";
@@ -134,6 +135,11 @@ public final class FakeKeyringModule {
        return ICANN_REPORTING_PASSWORD;
      }

+      @Override
+      public String getSafeBrowsingAPIKey() {
+        return SAFE_BROWSING_API_KEY;
+      }
+
      @Override
      public PGPKeyPair getBrdaSigningKey() {
        return rdeSigningKey;