mirrors/nomulus
1
0
Fork 0
mirror of https://github.com/google/nomulus synced 2025-12-23 06:15:42 +00:00
Code Issues Releases Wiki Activity

Remove java.util.Date (#2373)

Browse Source 
There is one remaining instance in JpaTransactionManagerImpl that cannot
be removed because DetachingTypedQuery is implementing TypedQuery, which has
a method that expectred java.util.Date.
This commit is contained in:
Lai Jiang
2024-03-15 19:06:00 -04:00
committed by GitHub
parent 6d2eb2e140
commit c68583f666
14 changed files with 108 additions and 147 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
networking/src/test/java/google/registry/networking/handler/SslClientInitializerTest.java
View File

@@ -19,6 +19,7 @@ import static google.registry.networking.handler.SslInitializerTestUtils.getKeyP
import static google.registry.networking.handler.SslInitializerTestUtils.setUpSslChannel;
import static google.registry.networking.handler.SslInitializerTestUtils.signKeyPair;
import static google.registry.networking.handler.SslInitializerTestUtils.verifySslException;
import static org.joda.time.DateTimeZone.UTC;
import com.google.common.collect.ImmutableList;
import google.registry.util.SelfSignedCaCertificate;
@@ -43,12 +44,10 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.util.Date;
import java.util.stream.Stream;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import org.joda.time.DateTime;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
@@ -62,7 +61,7 @@ import org.junit.jupiter.params.provider.MethodSource;
* the overhead of routing traffic through the network layer, even if it were to go through
* loopback. It also alleviates the need to pick a free port to use.
*
* <p>The local addresses used in each test method must to be different, otherwise tests run in
* <p>The local addresses used in each test method must be different, otherwise tests run in
* parallel may interfere with each other.
*/
class SslClientInitializerTest {
@@ -204,7 +203,7 @@ class SslClientInitializerTest {
// Generate a new key pair.
KeyPair keyPair = getKeyPair();
// Generate a self signed certificate, and use it to sign the key pair.
// Generate a self-signed certificate, and use it to sign the key pair.
SelfSignedCaCertificate ssc = SelfSignedCaCertificate.create();
X509Certificate cert = signKeyPair(ssc, keyPair, SSL_HOST);
@@ -212,7 +211,7 @@ class SslClientInitializerTest {
PrivateKey privateKey = keyPair.getPrivate();
nettyExtension.setUpServer(localAddress, getServerHandler(false, privateKey, cert));
// Set up the client to trust the self signed cert used to sign the cert that server provides.
// Set up the client to trust the self-signed cert used to sign the cert that server provides.
SslClientInitializer<LocalChannel> sslClientInitializer =
new SslClientInitializer<>(
sslProvider,
@@ -239,21 +238,17 @@ class SslClientInitializerTest {
// Generate a new key pair.
KeyPair keyPair = getKeyPair();
// Generate a self signed certificate, and use it to sign the key pair.
// Generate a self-signed certificate, and use it to sign the key pair.
SelfSignedCaCertificate ssc = SelfSignedCaCertificate.create();
X509Certificate cert =
signKeyPair(
ssc,
keyPair,
SSL_HOST,
Date.from(Instant.now().minus(Duration.ofDays(2))),
Date.from(Instant.now().minus(Duration.ofDays(1))));
ssc, keyPair, SSL_HOST, DateTime.now(UTC).minusDays(2), DateTime.now(UTC).minusDays(1));
// Set up the server to use the signed cert and private key to perform handshake;
PrivateKey privateKey = keyPair.getPrivate();
nettyExtension.setUpServer(localAddress, getServerHandler(false, privateKey, cert));
// Set up the client to trust the self signed cert used to sign the cert that server provides.
// Set up the client to trust the self-signed cert used to sign the cert that server provides.
SslClientInitializer<LocalChannel> sslClientInitializer =
new SslClientInitializer<>(
sslProvider,
@@ -280,21 +275,17 @@ class SslClientInitializerTest {
// Generate a new key pair.
KeyPair keyPair = getKeyPair();
// Generate a self signed certificate, and use it to sign the key pair.
// Generate a self-signed certificate, and use it to sign the key pair.
SelfSignedCaCertificate ssc = SelfSignedCaCertificate.create();
X509Certificate cert =
signKeyPair(
ssc,
keyPair,
SSL_HOST,
Date.from(Instant.now().plus(Duration.ofDays(1))),
Date.from(Instant.now().plus(Duration.ofDays(2))));
ssc, keyPair, SSL_HOST, DateTime.now(UTC).plusDays(1), DateTime.now(UTC).plusDays(2));
// Set up the server to use the signed cert and private key to perform handshake;
PrivateKey privateKey = keyPair.getPrivate();
nettyExtension.setUpServer(localAddress, getServerHandler(false, privateKey, cert));
// Set up the client to trust the self signed cert used to sign the cert that server provides.
// Set up the client to trust the self-signed cert used to sign the cert that server provides.
SslClientInitializer<LocalChannel> sslClientInitializer =
new SslClientInitializer<>(
sslProvider,
@@ -333,7 +324,7 @@ class SslClientInitializerTest {
SslClientInitializerTest::hostProvider,
SslClientInitializerTest::portProvider,
ImmutableList.of(serverSsc.cert()),
() -> clientSsc.key(),
clientSsc::key,
() -> ImmutableList.of(clientSsc.cert()));
nettyExtension.setUpClient(localAddress, sslClientInitializer);
@@ -360,7 +351,7 @@ class SslClientInitializerTest {
// Generate a new key pair.
KeyPair keyPair = getKeyPair();
// Generate a self signed certificate, and use it to sign the key pair.
// Generate a self-signed certificate, and use it to sign the key pair.
SelfSignedCaCertificate ssc = SelfSignedCaCertificate.create();
X509Certificate cert = signKeyPair(ssc, keyPair, "wrong.com");
@@ -368,7 +359,7 @@ class SslClientInitializerTest {
PrivateKey privateKey = keyPair.getPrivate();
nettyExtension.setUpServer(localAddress, getServerHandler(false, privateKey, cert));
// Set up the client to trust the self signed cert used to sign the cert that server provides.
// Set up the client to trust the self-signed cert used to sign the cert that server provides.
SslClientInitializer<LocalChannel> sslClientInitializer =
new SslClientInitializer<>(
sslProvider,
@@ -379,7 +370,7 @@ class SslClientInitializerTest {
null);
nettyExtension.setUpClient(localAddress, sslClientInitializer);
// When the client rejects the server cert due to wrong hostname, both the client and server
// When the client rejects the server cert due to the wrong hostname, both the client and server
// should throw exceptions.
nettyExtension.assertThatClientRootCause().isInstanceOf(CertificateException.class);
nettyExtension.assertThatClientRootCause().hasMessageThat().contains(SSL_HOST);

26
networking/src/test/java/google/registry/networking/handler/SslInitializerTestUtils.java
View File

@@ -15,6 +15,7 @@
package google.registry.networking.handler;
import static com.google.common.truth.Truth.assertThat;
import static org.joda.time.DateTimeZone.UTC;
import static org.junit.jupiter.api.Assertions.assertThrows;
import com.google.common.base.Throwables;
@@ -27,9 +28,6 @@ import java.security.KeyPair;
import java.security.KeyPairGenerator;
import java.security.SecureRandom;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.util.Date;
import java.util.concurrent.ExecutionException;
import javax.net.ssl.SSLSession;
import org.bouncycastle.asn1.x500.X500Name;
@@ -40,6 +38,7 @@ import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder;
import org.bouncycastle.jce.provider.BouncyCastleProvider;
import org.bouncycastle.operator.ContentSigner;
import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder;
import org.joda.time.DateTime;
/**
* Utility class that provides methods used by {@link SslClientInitializerTest} and {@link
@@ -67,13 +66,13 @@ public final class SslInitializerTestUtils {
}
/**
* Signs the given key pair with the given self signed certificate to generate a certificate with
* Signs the given key pair with the given self-signed certificate to generate a certificate with
* the given validity range.
*
* @return signed public key (of the key pair) certificate
*/
public static X509Certificate signKeyPair(
SelfSignedCaCertificate ssc, KeyPair keyPair, String hostname, Date from, Date to)
SelfSignedCaCertificate ssc, KeyPair keyPair, String hostname, DateTime from, DateTime to)
throws Exception {
X500Name subjectDnName = new X500Name("CN=" + hostname);
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
@@ -81,7 +80,12 @@ public final class SslInitializerTestUtils {
ContentSigner sigGen = new JcaContentSignerBuilder("SHA256WithRSAEncryption").build(ssc.key());
X509v3CertificateBuilder v3CertGen =
new JcaX509v3CertificateBuilder(
issuerDnName, serialNumber, from, to, subjectDnName, keyPair.getPublic());
issuerDnName,
serialNumber,
from.toDate(),
to.toDate(),
subjectDnName,
keyPair.getPublic());
X509CertificateHolder certificateHolder = v3CertGen.build(sigGen);
return new JcaX509CertificateConverter()
@@ -90,7 +94,7 @@ public final class SslInitializerTestUtils {
}
/**
* Signs the given key pair with the given self signed certificate to generate a certificate that
* Signs the given key pair with the given self-signed certificate to generate a certificate that
* is valid from yesterday to tomorrow.
*
* @return signed public key (of the key pair) certificate
@@ -98,11 +102,7 @@ public final class SslInitializerTestUtils {
public static X509Certificate signKeyPair(
SelfSignedCaCertificate ssc, KeyPair keyPair, String hostname) throws Exception {
return signKeyPair(
ssc,
keyPair,
hostname,
Date.from(Instant.now().minus(Duration.ofDays(1))),
Date.from(Instant.now().plus(Duration.ofDays(1))));
ssc, keyPair, hostname, DateTime.now(UTC).minusDays(1), DateTime.now(UTC).plusDays(1));
}
/**
@@ -110,7 +110,7 @@ public final class SslInitializerTestUtils {
* and verifies if it is echoed back correctly.
*
* @param certs The certificate that the server should provide.
* @return The SSL session in current channel, can be used for further validation.
* @return The SSL session in the current channel, can be used for further validation.
*/
static SSLSession setUpSslChannel(Channel channel, X509Certificate... certs) throws Exception {
SslHandler sslHandler = channel.pipeline().get(SslHandler.class);

35
networking/src/test/java/google/registry/networking/handler/SslServerInitializerTest.java
View File

@@ -20,6 +20,7 @@ import static google.registry.networking.handler.SslInitializerTestUtils.setUpSs
import static google.registry.networking.handler.SslInitializerTestUtils.signKeyPair;
import static google.registry.networking.handler.SslInitializerTestUtils.verifySslException;
import static google.registry.networking.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY;
import static org.joda.time.DateTimeZone.UTC;
import com.google.common.base.Suppliers;
import com.google.common.collect.ImmutableList;
@@ -41,11 +42,8 @@ import java.security.cert.CertificateException;
import java.security.cert.CertificateExpiredException;
import java.security.cert.CertificateNotYetValidException;
import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.util.Arrays;
import java.util.Collections;
import java.util.Date;
import java.util.List;
import java.util.stream.Stream;
import javax.net.ssl.SSLEngine;
@@ -53,6 +51,7 @@ import javax.net.ssl.SSLException;
import javax.net.ssl.SSLHandshakeException;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSession;
import org.joda.time.DateTime;
import org.junit.jupiter.api.extension.RegisterExtension;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
@@ -66,7 +65,7 @@ import org.junit.jupiter.params.provider.MethodSource;
* the overhead of routing traffic through the network layer, even if it were to go through
* loopback. It also alleviates the need to pick a free port to use.
*
* <p>The local addresses used in each test method must to be different, otherwise tests run in
* <p>The local addresses used in each test method must be different, otherwise tests run in
* parallel may interfere with each other.
*/
class SslServerInitializerTest {
@@ -202,9 +201,7 @@ class SslServerInitializerTest {
localAddress, getServerHandler(true, true, sslProvider, serverSsc.key(), serverSsc.cert()));
SelfSignedCaCertificate clientSsc =
SelfSignedCaCertificate.create(
"CLIENT",
Date.from(Instant.now().minus(Duration.ofDays(2))),
Date.from(Instant.now().plus(Duration.ofDays(1))));
"CLIENT", DateTime.now(UTC).minusDays(2), DateTime.now(UTC).plusDays(1));
nettyExtension.setUpClient(
localAddress,
getClientHandler(
@@ -237,9 +234,7 @@ class SslServerInitializerTest {
Suppliers.ofInstance(ImmutableList.of(serverSsc.cert()))));
SelfSignedCaCertificate clientSsc =
SelfSignedCaCertificate.create(
"CLIENT",
Date.from(Instant.now().minus(Duration.ofDays(2))),
Date.from(Instant.now().plus(Duration.ofDays(1))));
"CLIENT", DateTime.now(UTC).minusDays(2), DateTime.now(UTC).plusDays(1));
nettyExtension.setUpClient(
localAddress,
getClientHandler(
@@ -271,20 +266,18 @@ class SslServerInitializerTest {
localAddress, getServerHandler(true, true, sslProvider, serverSsc.key(), serverSsc.cert()));
SelfSignedCaCertificate clientSsc =
SelfSignedCaCertificate.create(
"CLIENT",
Date.from(Instant.now().minus(Duration.ofDays(2))),
Date.from(Instant.now().plus(Duration.ofDays(1))));
"CLIENT", DateTime.now(UTC).minusDays(2), DateTime.now(UTC).plusDays(1));
nettyExtension.setUpClient(
localAddress,
getClientHandler(
sslProvider, serverSsc.cert(), clientSsc.key(), clientSsc.cert(), "TLSv1.1", null));
ImmutableList<Integer> jdkVersion =
Arrays.asList(System.getProperty("java.version").split("\\.")).stream()
Arrays.stream(System.getProperty("java.version").split("\\."))
.map(Integer::parseInt)
.collect(ImmutableList.toImmutableList());
// In JDK v11.0.11 and above TLS 1.1 is not supported any more, in which case attempting to
// In JDK v11.0.11 and above, TLS 1.1 is not supported anymore, in which case attempting to
// connect with TLS 1.1 results in a ClosedChannelException instead of a SSLHandShakeException.
// See https://www.oracle.com/java/technologies/javase/11-0-11-relnotes.html#JDK-8202343
Class<? extends Exception> rootCause =
@@ -309,9 +302,7 @@ class SslServerInitializerTest {
localAddress, getServerHandler(true, true, sslProvider, serverSsc.key(), serverSsc.cert()));
SelfSignedCaCertificate clientSsc =
SelfSignedCaCertificate.create(
"CLIENT",
Date.from(Instant.now().minus(Duration.ofDays(2))),
Date.from(Instant.now().minus(Duration.ofDays(1))));
"CLIENT", DateTime.now(UTC).minusDays(2), DateTime.now(UTC).minusDays(1));
nettyExtension.setUpClient(
localAddress,
getClientHandler(sslProvider, serverSsc.cert(), clientSsc.key(), clientSsc.cert()));
@@ -332,9 +323,7 @@ class SslServerInitializerTest {
localAddress, getServerHandler(true, true, sslProvider, serverSsc.key(), serverSsc.cert()));
SelfSignedCaCertificate clientSsc =
SelfSignedCaCertificate.create(
"CLIENT",
Date.from(Instant.now().plus(Duration.ofDays(1))),
Date.from(Instant.now().plus(Duration.ofDays(2))));
"CLIENT", DateTime.now(UTC).plusDays(1), DateTime.now(UTC).plusDays(2));
nettyExtension.setUpClient(
localAddress,
getClientHandler(sslProvider, serverSsc.cert(), clientSsc.key(), clientSsc.cert()));
@@ -446,8 +435,8 @@ class SslServerInitializerTest {
localAddress,
getClientHandler(sslProvider, serverSsc.cert(), clientSsc.key(), clientSsc.cert()));
// When the client rejects the server cert due to wrong hostname, both the server and the client
// throw exceptions.
// When the client rejects the server cert due to the wrong hostname, both the server and the
// client throw exceptions.
nettyExtension.assertThatClientRootCause().isInstanceOf(CertificateException.class);
nettyExtension.assertThatClientRootCause().hasMessageThat().contains(SSL_HOST);
nettyExtension.assertThatServerRootCause().isInstanceOf(SSLException.class);