mirror of
https://github.com/google/nomulus
synced 2026-07-10 10:02:50 +00:00
Compare commits
5 Commits
| Author | SHA1 | Date | |
|---|---|---|---|
| c584de9f72 | |||
| 9be5091c84 | |||
| 28499d23a0 | |||
| 961d7e88f4 | |||
| 215de62fa7 |
@@ -18,7 +18,6 @@ import static com.google.common.base.Preconditions.checkArgument;
|
||||
import static com.google.common.base.Preconditions.checkNotNull;
|
||||
import static com.google.common.base.Predicates.equalTo;
|
||||
import static com.google.common.base.Predicates.not;
|
||||
import static com.google.common.collect.ImmutableMap.toImmutableMap;
|
||||
import static com.google.common.collect.ImmutableSet.toImmutableSet;
|
||||
import static com.google.common.collect.Maps.toMap;
|
||||
import static google.registry.config.RegistryConfig.getSingletonCacheRefreshDuration;
|
||||
@@ -41,6 +40,7 @@ import com.google.common.collect.ImmutableMap;
|
||||
import com.google.common.collect.ImmutableSet;
|
||||
import com.google.common.collect.ImmutableSortedMap;
|
||||
import com.google.common.collect.Iterables;
|
||||
import com.google.common.collect.Maps;
|
||||
import com.google.common.collect.Ordering;
|
||||
import com.google.common.collect.Range;
|
||||
import com.google.common.net.InternetDomainName;
|
||||
@@ -265,11 +265,8 @@ public class Registry extends ImmutableObject implements Buildable {
|
||||
tld -> Key.create(getCrossTldKey(), Registry.class, tld));
|
||||
Map<Key<Registry>, Registry> entities =
|
||||
tm().doTransactionless(() -> ofy().load().keys(keysMap.values()));
|
||||
return keysMap.entrySet().stream()
|
||||
.collect(
|
||||
toImmutableMap(
|
||||
Map.Entry::getKey,
|
||||
e -> Optional.ofNullable(entities.getOrDefault(e.getValue(), null))));
|
||||
return Maps.transformEntries(
|
||||
keysMap, (k, v) -> Optional.ofNullable(entities.getOrDefault(v, null)));
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
@@ -0,0 +1,147 @@
|
||||
// Copyright 2019 The Nomulus Authors. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package google.registry.schema.tld;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkState;
|
||||
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import google.registry.model.CreateAutoTimestamp;
|
||||
import google.registry.model.ImmutableObject;
|
||||
import google.registry.model.registry.label.ReservationType;
|
||||
import java.util.Map;
|
||||
import javax.annotation.Nullable;
|
||||
import javax.persistence.CollectionTable;
|
||||
import javax.persistence.Column;
|
||||
import javax.persistence.ElementCollection;
|
||||
import javax.persistence.Embeddable;
|
||||
import javax.persistence.Entity;
|
||||
import javax.persistence.GeneratedValue;
|
||||
import javax.persistence.GenerationType;
|
||||
import javax.persistence.Id;
|
||||
import javax.persistence.Index;
|
||||
import javax.persistence.JoinColumn;
|
||||
import javax.persistence.MapKeyColumn;
|
||||
import javax.persistence.Table;
|
||||
import org.joda.time.DateTime;
|
||||
|
||||
/**
|
||||
* A list of reserved domain labels that are blocked from being registered for various reasons.
|
||||
*
|
||||
* <p>Note that the primary key of this entity is {@link #revisionId}, which is auto-generated by
|
||||
* the database. So, if a retry of insertion happens after the previous attempt unexpectedly
|
||||
* succeeds, we will end up with having two exact same reserved lists that differ only by
|
||||
* revisionId. This is fine though, because we only use the list with the highest revisionId.
|
||||
*/
|
||||
@Entity
|
||||
@Table(indexes = {@Index(columnList = "name", name = "reservedlist_name_idx")})
|
||||
public class ReservedList extends ImmutableObject {
|
||||
|
||||
@Column(nullable = false)
|
||||
private String name;
|
||||
|
||||
@Id
|
||||
@GeneratedValue(strategy = GenerationType.IDENTITY)
|
||||
@Column(nullable = false)
|
||||
private Long revisionId;
|
||||
|
||||
@Column(nullable = false)
|
||||
private CreateAutoTimestamp creationTimestamp = CreateAutoTimestamp.create(null);
|
||||
|
||||
@Column(nullable = false)
|
||||
private Boolean shouldPublish;
|
||||
|
||||
@ElementCollection
|
||||
@CollectionTable(
|
||||
name = "ReservedEntry",
|
||||
joinColumns = @JoinColumn(name = "revisionId", referencedColumnName = "revisionId"))
|
||||
@MapKeyColumn(name = "domainLabel")
|
||||
private Map<String, ReservedEntry> labelsToReservations;
|
||||
|
||||
@Embeddable
|
||||
public static class ReservedEntry extends ImmutableObject {
|
||||
@Column(nullable = false)
|
||||
private ReservationType reservationType;
|
||||
|
||||
@Column(nullable = true)
|
||||
private String comment;
|
||||
|
||||
private ReservedEntry(ReservationType reservationType, @Nullable String comment) {
|
||||
this.reservationType = reservationType;
|
||||
this.comment = comment;
|
||||
}
|
||||
|
||||
// Hibernate requires this default constructor.
|
||||
private ReservedEntry() {}
|
||||
|
||||
/** Constructs a {@link ReservedEntry} object. */
|
||||
public static ReservedEntry create(ReservationType reservationType, @Nullable String comment) {
|
||||
return new ReservedEntry(reservationType, comment);
|
||||
}
|
||||
|
||||
/** Returns the reservation type for this entry. */
|
||||
public ReservationType getReservationType() {
|
||||
return reservationType;
|
||||
}
|
||||
|
||||
/** Returns the comment for this entry. Retruns null if there is no comment. */
|
||||
public String getComment() {
|
||||
return comment;
|
||||
}
|
||||
}
|
||||
|
||||
private ReservedList(
|
||||
String name, Boolean shouldPublish, Map<String, ReservedEntry> labelsToReservations) {
|
||||
this.name = name;
|
||||
this.shouldPublish = shouldPublish;
|
||||
this.labelsToReservations = labelsToReservations;
|
||||
}
|
||||
|
||||
// Hibernate requires this default constructor.
|
||||
private ReservedList() {}
|
||||
|
||||
/** Constructs a {@link ReservedList} object. */
|
||||
public static ReservedList create(
|
||||
String name, Boolean shouldPublish, Map<String, ReservedEntry> labelsToReservations) {
|
||||
return new ReservedList(name, shouldPublish, labelsToReservations);
|
||||
}
|
||||
|
||||
/** Returns the name of the reserved list. */
|
||||
public String getName() {
|
||||
return name;
|
||||
}
|
||||
|
||||
/** Returns the ID of this revision, or throws if null. */
|
||||
public Long getRevisionId() {
|
||||
checkState(
|
||||
revisionId != null,
|
||||
"revisionId is null because this object has not been persisted to the database yet");
|
||||
return revisionId;
|
||||
}
|
||||
|
||||
/** Returns the creation time of this revision of the reserved list. */
|
||||
public DateTime getCreationTimestamp() {
|
||||
return creationTimestamp.getTimestamp();
|
||||
}
|
||||
|
||||
/** Returns a {@link Map} of domain labels to {@link ReservedEntry}. */
|
||||
public ImmutableMap<String, ReservedEntry> getLabelsToReservations() {
|
||||
return ImmutableMap.copyOf(labelsToReservations);
|
||||
}
|
||||
|
||||
/** Returns true if the reserved list should be published. */
|
||||
public Boolean getShouldPublish() {
|
||||
return shouldPublish;
|
||||
}
|
||||
}
|
||||
@@ -24,6 +24,7 @@
|
||||
<class>google.registry.schema.tmch.ClaimsList</class>
|
||||
<class>google.registry.model.transfer.BaseTransferObject</class>
|
||||
<class>google.registry.schema.tld.PremiumList</class>
|
||||
<class>google.registry.schema.tld.ReservedList</class>
|
||||
<class>google.registry.model.domain.secdns.DelegationSignerData</class>
|
||||
<class>google.registry.model.domain.DesignatedContact</class>
|
||||
<class>google.registry.model.domain.DomainBase</class>
|
||||
|
||||
@@ -0,0 +1,53 @@
|
||||
// Copyright 2019 The Nomulus Authors. All Rights Reserved.
|
||||
//
|
||||
// Licensed under the Apache License, Version 2.0 (the "License");
|
||||
// you may not use this file except in compliance with the License.
|
||||
// You may obtain a copy of the License at
|
||||
//
|
||||
// http://www.apache.org/licenses/LICENSE-2.0
|
||||
//
|
||||
// Unless required by applicable law or agreed to in writing, software
|
||||
// distributed under the License is distributed on an "AS IS" BASIS,
|
||||
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
// See the License for the specific language governing permissions and
|
||||
// limitations under the License.
|
||||
|
||||
package google.registry.schema.tld;
|
||||
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
|
||||
import com.google.common.collect.ImmutableMap;
|
||||
import google.registry.model.registry.label.ReservationType;
|
||||
import google.registry.schema.tld.ReservedList.ReservedEntry;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.junit.runners.JUnit4;
|
||||
|
||||
/** Unit tests for {@link ReservedList} */
|
||||
@RunWith(JUnit4.class)
|
||||
public class ReservedListTest {
|
||||
|
||||
@Test
|
||||
public void verifyConstructorAndGetters_workCorrectly() {
|
||||
ReservedList reservedList =
|
||||
ReservedList.create(
|
||||
"app",
|
||||
false,
|
||||
ImmutableMap.of(
|
||||
"book",
|
||||
ReservedEntry.create(ReservationType.ALLOWED_IN_SUNRISE, null),
|
||||
"music",
|
||||
ReservedEntry.create(
|
||||
ReservationType.RESERVED_FOR_ANCHOR_TENANT, "reserved for anchor tenant")));
|
||||
|
||||
assertThat(reservedList.getName()).isEqualTo("app");
|
||||
assertThat(reservedList.getShouldPublish()).isFalse();
|
||||
assertThat(reservedList.getLabelsToReservations())
|
||||
.containsExactly(
|
||||
"book",
|
||||
ReservedEntry.create(ReservationType.ALLOWED_IN_SUNRISE, null),
|
||||
"music",
|
||||
ReservedEntry.create(
|
||||
ReservationType.RESERVED_FOR_ANCHOR_TENANT, "reserved for anchor tenant"));
|
||||
}
|
||||
}
|
||||
@@ -0,0 +1,36 @@
|
||||
-- Copyright 2019 The Nomulus Authors. All Rights Reserved.
|
||||
--
|
||||
-- Licensed under the Apache License, Version 2.0 (the "License");
|
||||
-- you may not use this file except in compliance with the License.
|
||||
-- You may obtain a copy of the License at
|
||||
--
|
||||
-- http://www.apache.org/licenses/LICENSE-2.0
|
||||
--
|
||||
-- Unless required by applicable law or agreed to in writing, software
|
||||
-- distributed under the License is distributed on an "AS IS" BASIS,
|
||||
-- WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
-- See the License for the specific language governing permissions and
|
||||
-- limitations under the License.
|
||||
|
||||
create table "ReservedEntry" (
|
||||
revision_id int8 not null,
|
||||
comment text,
|
||||
reservation_type int4 not null,
|
||||
domain_label text not null,
|
||||
primary key (revision_id, domain_label)
|
||||
);
|
||||
|
||||
create table "ReservedList" (
|
||||
revision_id bigserial not null,
|
||||
creation_timestamp timestamptz not null,
|
||||
name text not null,
|
||||
should_publish boolean not null,
|
||||
primary key (revision_id)
|
||||
);
|
||||
|
||||
create index reservedlist_name_idx on "ReservedList" (name);
|
||||
|
||||
alter table if exists "ReservedEntry"
|
||||
add constraint FKgq03rk0bt1hb915dnyvd3vnfc
|
||||
foreign key (revision_id)
|
||||
references "ReservedList";
|
||||
@@ -152,6 +152,22 @@
|
||||
primary key (revision_id)
|
||||
);
|
||||
|
||||
create table "ReservedEntry" (
|
||||
revision_id int8 not null,
|
||||
comment text,
|
||||
reservation_type int4 not null,
|
||||
domain_label text not null,
|
||||
primary key (revision_id, domain_label)
|
||||
);
|
||||
|
||||
create table "ReservedList" (
|
||||
revision_id bigserial not null,
|
||||
creation_timestamp timestamptz not null,
|
||||
name text not null,
|
||||
should_publish boolean not null,
|
||||
primary key (revision_id)
|
||||
);
|
||||
|
||||
alter table if exists "Domain_DelegationSignerData"
|
||||
add constraint UK_2yp55erx1i51pa7gnb8bu7tjn unique (ds_data_key_tag);
|
||||
|
||||
@@ -166,6 +182,7 @@ create index idx_registry_lock_registrar_id on "RegistryLock" (registrar_id);
|
||||
|
||||
alter table if exists "RegistryLock"
|
||||
add constraint idx_registry_lock_repo_id_revision_id unique (repo_id, revision_id);
|
||||
create index reservedlist_name_idx on "ReservedList" (name);
|
||||
|
||||
alter table if exists "ClaimsEntry"
|
||||
add constraint FK6sc6at5hedffc0nhdcab6ivuq
|
||||
@@ -221,3 +238,8 @@ create index idx_registry_lock_registrar_id on "RegistryLock" (registrar_id);
|
||||
add constraint FKo0gw90lpo1tuee56l0nb6y6g5
|
||||
foreign key (revision_id)
|
||||
references "PremiumList";
|
||||
|
||||
alter table if exists "ReservedEntry"
|
||||
add constraint FKgq03rk0bt1hb915dnyvd3vnfc
|
||||
foreign key (revision_id)
|
||||
references "ReservedList";
|
||||
|
||||
@@ -141,6 +141,49 @@ CREATE SEQUENCE public."RegistryLock_revision_id_seq"
|
||||
ALTER SEQUENCE public."RegistryLock_revision_id_seq" OWNED BY public."RegistryLock".revision_id;
|
||||
|
||||
|
||||
--
|
||||
-- Name: ReservedEntry; Type: TABLE; Schema: public; Owner: -
|
||||
--
|
||||
|
||||
CREATE TABLE public."ReservedEntry" (
|
||||
revision_id bigint NOT NULL,
|
||||
comment text,
|
||||
reservation_type integer NOT NULL,
|
||||
domain_label text NOT NULL
|
||||
);
|
||||
|
||||
|
||||
--
|
||||
-- Name: ReservedList; Type: TABLE; Schema: public; Owner: -
|
||||
--
|
||||
|
||||
CREATE TABLE public."ReservedList" (
|
||||
revision_id bigint NOT NULL,
|
||||
creation_timestamp timestamp with time zone NOT NULL,
|
||||
name text NOT NULL,
|
||||
should_publish boolean NOT NULL
|
||||
);
|
||||
|
||||
|
||||
--
|
||||
-- Name: ReservedList_revision_id_seq; Type: SEQUENCE; Schema: public; Owner: -
|
||||
--
|
||||
|
||||
CREATE SEQUENCE public."ReservedList_revision_id_seq"
|
||||
START WITH 1
|
||||
INCREMENT BY 1
|
||||
NO MINVALUE
|
||||
NO MAXVALUE
|
||||
CACHE 1;
|
||||
|
||||
|
||||
--
|
||||
-- Name: ReservedList_revision_id_seq; Type: SEQUENCE OWNED BY; Schema: public; Owner: -
|
||||
--
|
||||
|
||||
ALTER SEQUENCE public."ReservedList_revision_id_seq" OWNED BY public."ReservedList".revision_id;
|
||||
|
||||
|
||||
--
|
||||
-- Name: ClaimsList revision_id; Type: DEFAULT; Schema: public; Owner: -
|
||||
--
|
||||
@@ -162,6 +205,13 @@ ALTER TABLE ONLY public."PremiumList" ALTER COLUMN revision_id SET DEFAULT nextv
|
||||
ALTER TABLE ONLY public."RegistryLock" ALTER COLUMN revision_id SET DEFAULT nextval('public."RegistryLock_revision_id_seq"'::regclass);
|
||||
|
||||
|
||||
--
|
||||
-- Name: ReservedList revision_id; Type: DEFAULT; Schema: public; Owner: -
|
||||
--
|
||||
|
||||
ALTER TABLE ONLY public."ReservedList" ALTER COLUMN revision_id SET DEFAULT nextval('public."ReservedList_revision_id_seq"'::regclass);
|
||||
|
||||
|
||||
--
|
||||
-- Name: ClaimsEntry ClaimsEntry_pkey; Type: CONSTRAINT; Schema: public; Owner: -
|
||||
--
|
||||
@@ -202,6 +252,22 @@ ALTER TABLE ONLY public."RegistryLock"
|
||||
ADD CONSTRAINT "RegistryLock_pkey" PRIMARY KEY (revision_id);
|
||||
|
||||
|
||||
--
|
||||
-- Name: ReservedEntry ReservedEntry_pkey; Type: CONSTRAINT; Schema: public; Owner: -
|
||||
--
|
||||
|
||||
ALTER TABLE ONLY public."ReservedEntry"
|
||||
ADD CONSTRAINT "ReservedEntry_pkey" PRIMARY KEY (revision_id, domain_label);
|
||||
|
||||
|
||||
--
|
||||
-- Name: ReservedList ReservedList_pkey; Type: CONSTRAINT; Schema: public; Owner: -
|
||||
--
|
||||
|
||||
ALTER TABLE ONLY public."ReservedList"
|
||||
ADD CONSTRAINT "ReservedList_pkey" PRIMARY KEY (revision_id);
|
||||
|
||||
|
||||
--
|
||||
-- Name: RegistryLock idx_registry_lock_repo_id_revision_id; Type: CONSTRAINT; Schema: public; Owner: -
|
||||
--
|
||||
@@ -231,6 +297,13 @@ CREATE INDEX idx_registry_lock_verification_code ON public."RegistryLock" USING
|
||||
CREATE INDEX premiumlist_name_idx ON public."PremiumList" USING btree (name);
|
||||
|
||||
|
||||
--
|
||||
-- Name: reservedlist_name_idx; Type: INDEX; Schema: public; Owner: -
|
||||
--
|
||||
|
||||
CREATE INDEX reservedlist_name_idx ON public."ReservedList" USING btree (name);
|
||||
|
||||
|
||||
--
|
||||
-- Name: ClaimsEntry fk6sc6at5hedffc0nhdcab6ivuq; Type: FK CONSTRAINT; Schema: public; Owner: -
|
||||
--
|
||||
@@ -239,6 +312,14 @@ ALTER TABLE ONLY public."ClaimsEntry"
|
||||
ADD CONSTRAINT fk6sc6at5hedffc0nhdcab6ivuq FOREIGN KEY (revision_id) REFERENCES public."ClaimsList"(revision_id);
|
||||
|
||||
|
||||
--
|
||||
-- Name: ReservedEntry fkgq03rk0bt1hb915dnyvd3vnfc; Type: FK CONSTRAINT; Schema: public; Owner: -
|
||||
--
|
||||
|
||||
ALTER TABLE ONLY public."ReservedEntry"
|
||||
ADD CONSTRAINT fkgq03rk0bt1hb915dnyvd3vnfc FOREIGN KEY (revision_id) REFERENCES public."ReservedList"(revision_id);
|
||||
|
||||
|
||||
--
|
||||
-- Name: PremiumEntry fko0gw90lpo1tuee56l0nb6y6g5; Type: FK CONSTRAINT; Schema: public; Owner: -
|
||||
--
|
||||
|
||||
@@ -41,6 +41,16 @@ where:
|
||||
|
||||
SCRIPT_DIR="$(realpath $(dirname $0))"
|
||||
|
||||
function showNoncompliantFiles() {
|
||||
local forkPoint="$1"
|
||||
local message="$2"
|
||||
|
||||
git diff -U0 ${forkPoint} | \
|
||||
${SCRIPT_DIR}/google-java-format-diff.py -p1 | \
|
||||
awk -v "message=$message" \
|
||||
'/\+\+\+ ([^ ]*)/ { print message $2 }' 1>&2
|
||||
}
|
||||
|
||||
function callGoogleJavaFormatDiff() {
|
||||
local forkPoint
|
||||
forkPoint=$(git merge-base --fork-point origin/master)
|
||||
@@ -48,10 +58,12 @@ function callGoogleJavaFormatDiff() {
|
||||
local callResult
|
||||
case "$1" in
|
||||
"check")
|
||||
showNoncompliantFiles "$forkPoint" "\033[1mNeeds formatting: "
|
||||
callResult=$(git diff -U0 ${forkPoint} | \
|
||||
${SCRIPT_DIR}/google-java-format-diff.py -p1 | wc -l)
|
||||
;;
|
||||
"format")
|
||||
showNoncompliantFiles "$forkPoint" "\033[1mReformatting: "
|
||||
callResult=$(git diff -U0 ${forkPoint} | \
|
||||
${SCRIPT_DIR}/google-java-format-diff.py -p1 -i)
|
||||
;;
|
||||
@@ -60,6 +72,7 @@ function callGoogleJavaFormatDiff() {
|
||||
${SCRIPT_DIR}/google-java-format-diff.py -p1)
|
||||
;;
|
||||
esac
|
||||
echo -e "\033[0m" 1>&2
|
||||
echo "${callResult}"
|
||||
exit 0
|
||||
}
|
||||
|
||||
@@ -24,6 +24,7 @@ dependencies {
|
||||
compile deps['io.netty:netty-handler']
|
||||
compile deps['io.netty:netty-transport']
|
||||
compile deps['javax.inject:javax.inject']
|
||||
compile project(':util')
|
||||
|
||||
runtime deps['com.google.flogger:flogger-system-backend']
|
||||
runtime deps['io.netty:netty-tcnative-boringssl-static']
|
||||
|
||||
@@ -1,13 +1,30 @@
|
||||
# This is a Gradle generated file for dependency locking.
|
||||
# Manual edits can break the build and are not advised.
|
||||
# This file is expected to be part of source control.
|
||||
com.fasterxml.jackson.core:jackson-core:2.9.9
|
||||
com.google.api-client:google-api-client:1.29.2
|
||||
com.google.appengine:appengine-api-1.0-sdk:1.9.48
|
||||
com.google.appengine:appengine-testing:1.9.58
|
||||
com.google.auth:google-auth-library-credentials:0.16.1
|
||||
com.google.auth:google-auth-library-oauth2-http:0.16.1
|
||||
com.google.auto.value:auto-value-annotations:1.6.3
|
||||
com.google.auto.value:auto-value:1.6.3
|
||||
com.google.code.findbugs:jsr305:3.0.2
|
||||
com.google.dagger:dagger:2.21
|
||||
com.google.errorprone:error_prone_annotations:2.3.2
|
||||
com.google.flogger:flogger:0.1
|
||||
com.google.guava:failureaccess:1.0.1
|
||||
com.google.guava:guava:28.1-jre
|
||||
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
|
||||
com.google.http-client:google-http-client-jackson2:1.30.1
|
||||
com.google.http-client:google-http-client:1.30.1
|
||||
com.google.j2objc:j2objc-annotations:1.3
|
||||
com.google.oauth-client:google-oauth-client:1.29.2
|
||||
com.google.re2j:re2j:1.1
|
||||
com.ibm.icu:icu4j:57.1
|
||||
commons-codec:commons-codec:1.11
|
||||
commons-logging:commons-logging:1.2
|
||||
io.grpc:grpc-context:1.19.0
|
||||
io.netty:netty-buffer:4.1.31.Final
|
||||
io.netty:netty-codec-http:4.1.31.Final
|
||||
io.netty:netty-codec:4.1.31.Final
|
||||
@@ -15,6 +32,15 @@ io.netty:netty-common:4.1.31.Final
|
||||
io.netty:netty-handler:4.1.31.Final
|
||||
io.netty:netty-resolver:4.1.31.Final
|
||||
io.netty:netty-transport:4.1.31.Final
|
||||
io.opencensus:opencensus-api:0.21.0
|
||||
io.opencensus:opencensus-contrib-http-util:0.21.0
|
||||
javax.activation:activation:1.1
|
||||
javax.inject:javax.inject:1
|
||||
javax.mail:mail:1.4
|
||||
javax.xml.bind:jaxb-api:2.3.0
|
||||
joda-time:joda-time:2.9.2
|
||||
org.apache.httpcomponents:httpclient:4.5.8
|
||||
org.apache.httpcomponents:httpcore:4.4.11
|
||||
org.checkerframework:checker-qual:2.8.1
|
||||
org.codehaus.mojo:animal-sniffer-annotations:1.18
|
||||
org.yaml:snakeyaml:1.17
|
||||
|
||||
@@ -1,13 +1,30 @@
|
||||
# This is a Gradle generated file for dependency locking.
|
||||
# Manual edits can break the build and are not advised.
|
||||
# This file is expected to be part of source control.
|
||||
com.fasterxml.jackson.core:jackson-core:2.9.9
|
||||
com.google.api-client:google-api-client:1.29.2
|
||||
com.google.appengine:appengine-api-1.0-sdk:1.9.48
|
||||
com.google.appengine:appengine-testing:1.9.58
|
||||
com.google.auth:google-auth-library-credentials:0.16.1
|
||||
com.google.auth:google-auth-library-oauth2-http:0.16.1
|
||||
com.google.auto.value:auto-value-annotations:1.6.3
|
||||
com.google.auto.value:auto-value:1.6.3
|
||||
com.google.code.findbugs:jsr305:3.0.2
|
||||
com.google.dagger:dagger:2.21
|
||||
com.google.errorprone:error_prone_annotations:2.3.2
|
||||
com.google.flogger:flogger:0.1
|
||||
com.google.guava:failureaccess:1.0.1
|
||||
com.google.guava:guava:28.1-jre
|
||||
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
|
||||
com.google.http-client:google-http-client-jackson2:1.30.1
|
||||
com.google.http-client:google-http-client:1.30.1
|
||||
com.google.j2objc:j2objc-annotations:1.3
|
||||
com.google.oauth-client:google-oauth-client:1.29.2
|
||||
com.google.re2j:re2j:1.1
|
||||
com.ibm.icu:icu4j:57.1
|
||||
commons-codec:commons-codec:1.11
|
||||
commons-logging:commons-logging:1.2
|
||||
io.grpc:grpc-context:1.19.0
|
||||
io.netty:netty-buffer:4.1.31.Final
|
||||
io.netty:netty-codec-http:4.1.31.Final
|
||||
io.netty:netty-codec:4.1.31.Final
|
||||
@@ -15,6 +32,15 @@ io.netty:netty-common:4.1.31.Final
|
||||
io.netty:netty-handler:4.1.31.Final
|
||||
io.netty:netty-resolver:4.1.31.Final
|
||||
io.netty:netty-transport:4.1.31.Final
|
||||
io.opencensus:opencensus-api:0.21.0
|
||||
io.opencensus:opencensus-contrib-http-util:0.21.0
|
||||
javax.activation:activation:1.1
|
||||
javax.inject:javax.inject:1
|
||||
javax.mail:mail:1.4
|
||||
javax.xml.bind:jaxb-api:2.3.0
|
||||
joda-time:joda-time:2.9.2
|
||||
org.apache.httpcomponents:httpclient:4.5.8
|
||||
org.apache.httpcomponents:httpcore:4.4.11
|
||||
org.checkerframework:checker-qual:2.8.1
|
||||
org.codehaus.mojo:animal-sniffer-annotations:1.18
|
||||
org.yaml:snakeyaml:1.17
|
||||
|
||||
@@ -1,14 +1,31 @@
|
||||
# This is a Gradle generated file for dependency locking.
|
||||
# Manual edits can break the build and are not advised.
|
||||
# This file is expected to be part of source control.
|
||||
com.fasterxml.jackson.core:jackson-core:2.9.9
|
||||
com.google.api-client:google-api-client:1.29.2
|
||||
com.google.appengine:appengine-api-1.0-sdk:1.9.48
|
||||
com.google.appengine:appengine-testing:1.9.58
|
||||
com.google.auth:google-auth-library-credentials:0.16.1
|
||||
com.google.auth:google-auth-library-oauth2-http:0.16.1
|
||||
com.google.auto.value:auto-value-annotations:1.6.3
|
||||
com.google.auto.value:auto-value:1.6.3
|
||||
com.google.code.findbugs:jsr305:3.0.2
|
||||
com.google.dagger:dagger:2.21
|
||||
com.google.errorprone:error_prone_annotations:2.3.2
|
||||
com.google.flogger:flogger-system-backend:0.1
|
||||
com.google.flogger:flogger:0.1
|
||||
com.google.guava:failureaccess:1.0.1
|
||||
com.google.guava:guava:28.1-jre
|
||||
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
|
||||
com.google.http-client:google-http-client-jackson2:1.30.1
|
||||
com.google.http-client:google-http-client:1.30.1
|
||||
com.google.j2objc:j2objc-annotations:1.3
|
||||
com.google.oauth-client:google-oauth-client:1.29.2
|
||||
com.google.re2j:re2j:1.1
|
||||
com.ibm.icu:icu4j:57.1
|
||||
commons-codec:commons-codec:1.11
|
||||
commons-logging:commons-logging:1.2
|
||||
io.grpc:grpc-context:1.19.0
|
||||
io.netty:netty-buffer:4.1.31.Final
|
||||
io.netty:netty-codec-http:4.1.31.Final
|
||||
io.netty:netty-codec:4.1.31.Final
|
||||
@@ -17,6 +34,15 @@ io.netty:netty-handler:4.1.31.Final
|
||||
io.netty:netty-resolver:4.1.31.Final
|
||||
io.netty:netty-tcnative-boringssl-static:2.0.22.Final
|
||||
io.netty:netty-transport:4.1.31.Final
|
||||
io.opencensus:opencensus-api:0.21.0
|
||||
io.opencensus:opencensus-contrib-http-util:0.21.0
|
||||
javax.activation:activation:1.1
|
||||
javax.inject:javax.inject:1
|
||||
javax.mail:mail:1.4
|
||||
javax.xml.bind:jaxb-api:2.3.0
|
||||
joda-time:joda-time:2.9.2
|
||||
org.apache.httpcomponents:httpclient:4.5.8
|
||||
org.apache.httpcomponents:httpcore:4.4.11
|
||||
org.checkerframework:checker-qual:2.8.1
|
||||
org.codehaus.mojo:animal-sniffer-annotations:1.18
|
||||
org.yaml:snakeyaml:1.17
|
||||
|
||||
@@ -1,14 +1,31 @@
|
||||
# This is a Gradle generated file for dependency locking.
|
||||
# Manual edits can break the build and are not advised.
|
||||
# This file is expected to be part of source control.
|
||||
com.fasterxml.jackson.core:jackson-core:2.9.9
|
||||
com.google.api-client:google-api-client:1.29.2
|
||||
com.google.appengine:appengine-api-1.0-sdk:1.9.48
|
||||
com.google.appengine:appengine-testing:1.9.58
|
||||
com.google.auth:google-auth-library-credentials:0.16.1
|
||||
com.google.auth:google-auth-library-oauth2-http:0.16.1
|
||||
com.google.auto.value:auto-value-annotations:1.6.3
|
||||
com.google.auto.value:auto-value:1.6.3
|
||||
com.google.code.findbugs:jsr305:3.0.2
|
||||
com.google.dagger:dagger:2.21
|
||||
com.google.errorprone:error_prone_annotations:2.3.2
|
||||
com.google.flogger:flogger-system-backend:0.1
|
||||
com.google.flogger:flogger:0.1
|
||||
com.google.guava:failureaccess:1.0.1
|
||||
com.google.guava:guava:28.1-jre
|
||||
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
|
||||
com.google.http-client:google-http-client-jackson2:1.30.1
|
||||
com.google.http-client:google-http-client:1.30.1
|
||||
com.google.j2objc:j2objc-annotations:1.3
|
||||
com.google.oauth-client:google-oauth-client:1.29.2
|
||||
com.google.re2j:re2j:1.1
|
||||
com.ibm.icu:icu4j:57.1
|
||||
commons-codec:commons-codec:1.11
|
||||
commons-logging:commons-logging:1.2
|
||||
io.grpc:grpc-context:1.19.0
|
||||
io.netty:netty-buffer:4.1.31.Final
|
||||
io.netty:netty-codec-http:4.1.31.Final
|
||||
io.netty:netty-codec:4.1.31.Final
|
||||
@@ -17,6 +34,15 @@ io.netty:netty-handler:4.1.31.Final
|
||||
io.netty:netty-resolver:4.1.31.Final
|
||||
io.netty:netty-tcnative-boringssl-static:2.0.22.Final
|
||||
io.netty:netty-transport:4.1.31.Final
|
||||
io.opencensus:opencensus-api:0.21.0
|
||||
io.opencensus:opencensus-contrib-http-util:0.21.0
|
||||
javax.activation:activation:1.1
|
||||
javax.inject:javax.inject:1
|
||||
javax.mail:mail:1.4
|
||||
javax.xml.bind:jaxb-api:2.3.0
|
||||
joda-time:joda-time:2.9.2
|
||||
org.apache.httpcomponents:httpclient:4.5.8
|
||||
org.apache.httpcomponents:httpcore:4.4.11
|
||||
org.checkerframework:checker-qual:2.8.1
|
||||
org.codehaus.mojo:animal-sniffer-annotations:1.18
|
||||
org.yaml:snakeyaml:1.17
|
||||
|
||||
@@ -1,14 +1,31 @@
|
||||
# This is a Gradle generated file for dependency locking.
|
||||
# Manual edits can break the build and are not advised.
|
||||
# This file is expected to be part of source control.
|
||||
com.fasterxml.jackson.core:jackson-core:2.9.9
|
||||
com.google.api-client:google-api-client:1.29.2
|
||||
com.google.appengine:appengine-api-1.0-sdk:1.9.48
|
||||
com.google.appengine:appengine-testing:1.9.58
|
||||
com.google.auth:google-auth-library-credentials:0.16.1
|
||||
com.google.auth:google-auth-library-oauth2-http:0.16.1
|
||||
com.google.auto.value:auto-value-annotations:1.6.3
|
||||
com.google.auto.value:auto-value:1.6.3
|
||||
com.google.code.findbugs:jsr305:3.0.2
|
||||
com.google.dagger:dagger:2.21
|
||||
com.google.errorprone:error_prone_annotations:2.3.2
|
||||
com.google.flogger:flogger-system-backend:0.1
|
||||
com.google.flogger:flogger:0.1
|
||||
com.google.guava:failureaccess:1.0.1
|
||||
com.google.guava:guava:28.1-jre
|
||||
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
|
||||
com.google.http-client:google-http-client-jackson2:1.30.1
|
||||
com.google.http-client:google-http-client:1.30.1
|
||||
com.google.j2objc:j2objc-annotations:1.3
|
||||
com.google.oauth-client:google-oauth-client:1.29.2
|
||||
com.google.re2j:re2j:1.1
|
||||
com.ibm.icu:icu4j:57.1
|
||||
commons-codec:commons-codec:1.11
|
||||
commons-logging:commons-logging:1.2
|
||||
io.grpc:grpc-context:1.19.0
|
||||
io.netty:netty-buffer:4.1.31.Final
|
||||
io.netty:netty-codec-http:4.1.31.Final
|
||||
io.netty:netty-codec:4.1.31.Final
|
||||
@@ -17,6 +34,15 @@ io.netty:netty-handler:4.1.31.Final
|
||||
io.netty:netty-resolver:4.1.31.Final
|
||||
io.netty:netty-tcnative-boringssl-static:2.0.22.Final
|
||||
io.netty:netty-transport:4.1.31.Final
|
||||
io.opencensus:opencensus-api:0.21.0
|
||||
io.opencensus:opencensus-contrib-http-util:0.21.0
|
||||
javax.activation:activation:1.1
|
||||
javax.inject:javax.inject:1
|
||||
javax.mail:mail:1.4
|
||||
javax.xml.bind:jaxb-api:2.3.0
|
||||
joda-time:joda-time:2.9.2
|
||||
org.apache.httpcomponents:httpclient:4.5.8
|
||||
org.apache.httpcomponents:httpcore:4.4.11
|
||||
org.checkerframework:checker-qual:2.8.1
|
||||
org.codehaus.mojo:animal-sniffer-annotations:1.18
|
||||
org.yaml:snakeyaml:1.17
|
||||
|
||||
@@ -1,16 +1,32 @@
|
||||
# This is a Gradle generated file for dependency locking.
|
||||
# Manual edits can break the build and are not advised.
|
||||
# This file is expected to be part of source control.
|
||||
com.fasterxml.jackson.core:jackson-core:2.9.9
|
||||
com.google.api-client:google-api-client:1.29.2
|
||||
com.google.appengine:appengine-api-1.0-sdk:1.9.48
|
||||
com.google.appengine:appengine-testing:1.9.58
|
||||
com.google.auth:google-auth-library-credentials:0.16.1
|
||||
com.google.auth:google-auth-library-oauth2-http:0.16.1
|
||||
com.google.auto.value:auto-value-annotations:1.6.3
|
||||
com.google.auto.value:auto-value:1.6.3
|
||||
com.google.code.findbugs:jsr305:3.0.2
|
||||
com.google.dagger:dagger:2.21
|
||||
com.google.errorprone:error_prone_annotations:2.3.2
|
||||
com.google.flogger:flogger:0.1
|
||||
com.google.guava:failureaccess:1.0.1
|
||||
com.google.guava:guava:28.1-jre
|
||||
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
|
||||
com.google.http-client:google-http-client-jackson2:1.30.1
|
||||
com.google.http-client:google-http-client:1.30.1
|
||||
com.google.j2objc:j2objc-annotations:1.3
|
||||
com.google.oauth-client:google-oauth-client:1.29.2
|
||||
com.google.re2j:re2j:1.1
|
||||
com.google.truth:truth:1.0
|
||||
com.googlecode.java-diff-utils:diffutils:1.3.0
|
||||
com.ibm.icu:icu4j:57.1
|
||||
commons-codec:commons-codec:1.11
|
||||
commons-logging:commons-logging:1.2
|
||||
io.grpc:grpc-context:1.19.0
|
||||
io.netty:netty-buffer:4.1.31.Final
|
||||
io.netty:netty-codec-http:4.1.31.Final
|
||||
io.netty:netty-codec:4.1.31.Final
|
||||
@@ -18,11 +34,20 @@ io.netty:netty-common:4.1.31.Final
|
||||
io.netty:netty-handler:4.1.31.Final
|
||||
io.netty:netty-resolver:4.1.31.Final
|
||||
io.netty:netty-transport:4.1.31.Final
|
||||
io.opencensus:opencensus-api:0.21.0
|
||||
io.opencensus:opencensus-contrib-http-util:0.21.0
|
||||
javax.activation:activation:1.1
|
||||
javax.inject:javax.inject:1
|
||||
javax.mail:mail:1.4
|
||||
javax.xml.bind:jaxb-api:2.3.0
|
||||
joda-time:joda-time:2.9.2
|
||||
junit:junit:4.12
|
||||
org.apache.httpcomponents:httpclient:4.5.8
|
||||
org.apache.httpcomponents:httpcore:4.4.11
|
||||
org.bouncycastle:bcpkix-jdk15on:1.61
|
||||
org.bouncycastle:bcprov-jdk15on:1.61
|
||||
org.checkerframework:checker-compat-qual:2.5.5
|
||||
org.checkerframework:checker-qual:2.8.1
|
||||
org.codehaus.mojo:animal-sniffer-annotations:1.18
|
||||
org.hamcrest:hamcrest-core:1.3
|
||||
org.yaml:snakeyaml:1.17
|
||||
|
||||
@@ -1,16 +1,32 @@
|
||||
# This is a Gradle generated file for dependency locking.
|
||||
# Manual edits can break the build and are not advised.
|
||||
# This file is expected to be part of source control.
|
||||
com.fasterxml.jackson.core:jackson-core:2.9.9
|
||||
com.google.api-client:google-api-client:1.29.2
|
||||
com.google.appengine:appengine-api-1.0-sdk:1.9.48
|
||||
com.google.appengine:appengine-testing:1.9.58
|
||||
com.google.auth:google-auth-library-credentials:0.16.1
|
||||
com.google.auth:google-auth-library-oauth2-http:0.16.1
|
||||
com.google.auto.value:auto-value-annotations:1.6.3
|
||||
com.google.auto.value:auto-value:1.6.3
|
||||
com.google.code.findbugs:jsr305:3.0.2
|
||||
com.google.dagger:dagger:2.21
|
||||
com.google.errorprone:error_prone_annotations:2.3.2
|
||||
com.google.flogger:flogger:0.1
|
||||
com.google.guava:failureaccess:1.0.1
|
||||
com.google.guava:guava:28.1-jre
|
||||
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
|
||||
com.google.http-client:google-http-client-jackson2:1.30.1
|
||||
com.google.http-client:google-http-client:1.30.1
|
||||
com.google.j2objc:j2objc-annotations:1.3
|
||||
com.google.oauth-client:google-oauth-client:1.29.2
|
||||
com.google.re2j:re2j:1.1
|
||||
com.google.truth:truth:1.0
|
||||
com.googlecode.java-diff-utils:diffutils:1.3.0
|
||||
com.ibm.icu:icu4j:57.1
|
||||
commons-codec:commons-codec:1.11
|
||||
commons-logging:commons-logging:1.2
|
||||
io.grpc:grpc-context:1.19.0
|
||||
io.netty:netty-buffer:4.1.31.Final
|
||||
io.netty:netty-codec-http:4.1.31.Final
|
||||
io.netty:netty-codec:4.1.31.Final
|
||||
@@ -18,11 +34,20 @@ io.netty:netty-common:4.1.31.Final
|
||||
io.netty:netty-handler:4.1.31.Final
|
||||
io.netty:netty-resolver:4.1.31.Final
|
||||
io.netty:netty-transport:4.1.31.Final
|
||||
io.opencensus:opencensus-api:0.21.0
|
||||
io.opencensus:opencensus-contrib-http-util:0.21.0
|
||||
javax.activation:activation:1.1
|
||||
javax.inject:javax.inject:1
|
||||
javax.mail:mail:1.4
|
||||
javax.xml.bind:jaxb-api:2.3.0
|
||||
joda-time:joda-time:2.9.2
|
||||
junit:junit:4.12
|
||||
org.apache.httpcomponents:httpclient:4.5.8
|
||||
org.apache.httpcomponents:httpcore:4.4.11
|
||||
org.bouncycastle:bcpkix-jdk15on:1.61
|
||||
org.bouncycastle:bcprov-jdk15on:1.61
|
||||
org.checkerframework:checker-compat-qual:2.5.5
|
||||
org.checkerframework:checker-qual:2.8.1
|
||||
org.codehaus.mojo:animal-sniffer-annotations:1.18
|
||||
org.hamcrest:hamcrest-core:1.3
|
||||
org.yaml:snakeyaml:1.17
|
||||
|
||||
@@ -1,17 +1,33 @@
|
||||
# This is a Gradle generated file for dependency locking.
|
||||
# Manual edits can break the build and are not advised.
|
||||
# This file is expected to be part of source control.
|
||||
com.fasterxml.jackson.core:jackson-core:2.9.9
|
||||
com.google.api-client:google-api-client:1.29.2
|
||||
com.google.appengine:appengine-api-1.0-sdk:1.9.48
|
||||
com.google.appengine:appengine-testing:1.9.58
|
||||
com.google.auth:google-auth-library-credentials:0.16.1
|
||||
com.google.auth:google-auth-library-oauth2-http:0.16.1
|
||||
com.google.auto.value:auto-value-annotations:1.6.3
|
||||
com.google.auto.value:auto-value:1.6.3
|
||||
com.google.code.findbugs:jsr305:3.0.2
|
||||
com.google.dagger:dagger:2.21
|
||||
com.google.errorprone:error_prone_annotations:2.3.2
|
||||
com.google.flogger:flogger-system-backend:0.1
|
||||
com.google.flogger:flogger:0.1
|
||||
com.google.guava:failureaccess:1.0.1
|
||||
com.google.guava:guava:28.1-jre
|
||||
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
|
||||
com.google.http-client:google-http-client-jackson2:1.30.1
|
||||
com.google.http-client:google-http-client:1.30.1
|
||||
com.google.j2objc:j2objc-annotations:1.3
|
||||
com.google.oauth-client:google-oauth-client:1.29.2
|
||||
com.google.re2j:re2j:1.1
|
||||
com.google.truth:truth:1.0
|
||||
com.googlecode.java-diff-utils:diffutils:1.3.0
|
||||
com.ibm.icu:icu4j:57.1
|
||||
commons-codec:commons-codec:1.11
|
||||
commons-logging:commons-logging:1.2
|
||||
io.grpc:grpc-context:1.19.0
|
||||
io.netty:netty-buffer:4.1.31.Final
|
||||
io.netty:netty-codec-http:4.1.31.Final
|
||||
io.netty:netty-codec:4.1.31.Final
|
||||
@@ -20,11 +36,20 @@ io.netty:netty-handler:4.1.31.Final
|
||||
io.netty:netty-resolver:4.1.31.Final
|
||||
io.netty:netty-tcnative-boringssl-static:2.0.22.Final
|
||||
io.netty:netty-transport:4.1.31.Final
|
||||
io.opencensus:opencensus-api:0.21.0
|
||||
io.opencensus:opencensus-contrib-http-util:0.21.0
|
||||
javax.activation:activation:1.1
|
||||
javax.inject:javax.inject:1
|
||||
javax.mail:mail:1.4
|
||||
javax.xml.bind:jaxb-api:2.3.0
|
||||
joda-time:joda-time:2.9.2
|
||||
junit:junit:4.12
|
||||
org.apache.httpcomponents:httpclient:4.5.8
|
||||
org.apache.httpcomponents:httpcore:4.4.11
|
||||
org.bouncycastle:bcpkix-jdk15on:1.61
|
||||
org.bouncycastle:bcprov-jdk15on:1.61
|
||||
org.checkerframework:checker-compat-qual:2.5.5
|
||||
org.checkerframework:checker-qual:2.8.1
|
||||
org.codehaus.mojo:animal-sniffer-annotations:1.18
|
||||
org.hamcrest:hamcrest-core:1.3
|
||||
org.yaml:snakeyaml:1.17
|
||||
|
||||
@@ -1,17 +1,33 @@
|
||||
# This is a Gradle generated file for dependency locking.
|
||||
# Manual edits can break the build and are not advised.
|
||||
# This file is expected to be part of source control.
|
||||
com.fasterxml.jackson.core:jackson-core:2.9.9
|
||||
com.google.api-client:google-api-client:1.29.2
|
||||
com.google.appengine:appengine-api-1.0-sdk:1.9.48
|
||||
com.google.appengine:appengine-testing:1.9.58
|
||||
com.google.auth:google-auth-library-credentials:0.16.1
|
||||
com.google.auth:google-auth-library-oauth2-http:0.16.1
|
||||
com.google.auto.value:auto-value-annotations:1.6.3
|
||||
com.google.auto.value:auto-value:1.6.3
|
||||
com.google.code.findbugs:jsr305:3.0.2
|
||||
com.google.dagger:dagger:2.21
|
||||
com.google.errorprone:error_prone_annotations:2.3.2
|
||||
com.google.flogger:flogger-system-backend:0.1
|
||||
com.google.flogger:flogger:0.1
|
||||
com.google.guava:failureaccess:1.0.1
|
||||
com.google.guava:guava:28.1-jre
|
||||
com.google.guava:listenablefuture:9999.0-empty-to-avoid-conflict-with-guava
|
||||
com.google.http-client:google-http-client-jackson2:1.30.1
|
||||
com.google.http-client:google-http-client:1.30.1
|
||||
com.google.j2objc:j2objc-annotations:1.3
|
||||
com.google.oauth-client:google-oauth-client:1.29.2
|
||||
com.google.re2j:re2j:1.1
|
||||
com.google.truth:truth:1.0
|
||||
com.googlecode.java-diff-utils:diffutils:1.3.0
|
||||
com.ibm.icu:icu4j:57.1
|
||||
commons-codec:commons-codec:1.11
|
||||
commons-logging:commons-logging:1.2
|
||||
io.grpc:grpc-context:1.19.0
|
||||
io.netty:netty-buffer:4.1.31.Final
|
||||
io.netty:netty-codec-http:4.1.31.Final
|
||||
io.netty:netty-codec:4.1.31.Final
|
||||
@@ -20,11 +36,20 @@ io.netty:netty-handler:4.1.31.Final
|
||||
io.netty:netty-resolver:4.1.31.Final
|
||||
io.netty:netty-tcnative-boringssl-static:2.0.22.Final
|
||||
io.netty:netty-transport:4.1.31.Final
|
||||
io.opencensus:opencensus-api:0.21.0
|
||||
io.opencensus:opencensus-contrib-http-util:0.21.0
|
||||
javax.activation:activation:1.1
|
||||
javax.inject:javax.inject:1
|
||||
javax.mail:mail:1.4
|
||||
javax.xml.bind:jaxb-api:2.3.0
|
||||
joda-time:joda-time:2.9.2
|
||||
junit:junit:4.12
|
||||
org.apache.httpcomponents:httpclient:4.5.8
|
||||
org.apache.httpcomponents:httpcore:4.4.11
|
||||
org.bouncycastle:bcpkix-jdk15on:1.61
|
||||
org.bouncycastle:bcprov-jdk15on:1.61
|
||||
org.checkerframework:checker-compat-qual:2.5.5
|
||||
org.checkerframework:checker-qual:2.8.1
|
||||
org.codehaus.mojo:animal-sniffer-annotations:1.18
|
||||
org.hamcrest:hamcrest-core:1.3
|
||||
org.yaml:snakeyaml:1.17
|
||||
|
||||
+30
-4
@@ -14,9 +14,13 @@
|
||||
|
||||
package google.registry.networking.handler;
|
||||
|
||||
import static com.google.common.base.Preconditions.checkArgument;
|
||||
import static google.registry.util.X509Utils.getCertificateHash;
|
||||
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import com.google.common.flogger.FluentLogger;
|
||||
import io.netty.channel.Channel;
|
||||
import io.netty.channel.ChannelFuture;
|
||||
import io.netty.channel.ChannelHandler.Sharable;
|
||||
import io.netty.channel.ChannelInitializer;
|
||||
import io.netty.channel.embedded.EmbeddedChannel;
|
||||
@@ -29,6 +33,8 @@ import io.netty.util.AttributeKey;
|
||||
import io.netty.util.concurrent.Future;
|
||||
import io.netty.util.concurrent.Promise;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.cert.CertificateExpiredException;
|
||||
import java.security.cert.CertificateNotYetValidException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.function.Supplier;
|
||||
|
||||
@@ -58,6 +64,8 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
|
||||
|
||||
private static final FluentLogger logger = FluentLogger.forEnclosingClass();
|
||||
private final boolean requireClientCert;
|
||||
// TODO(jianglai): Always validate client certs (if required).
|
||||
private final boolean validateClientCert;
|
||||
private final SslProvider sslProvider;
|
||||
// We use suppliers for the key/cert pair because they are fetched and cached from GCS, and can
|
||||
// change when the artifacts on GCS changes.
|
||||
@@ -66,11 +74,16 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
|
||||
|
||||
public SslServerInitializer(
|
||||
boolean requireClientCert,
|
||||
boolean validateClientCert,
|
||||
SslProvider sslProvider,
|
||||
Supplier<PrivateKey> privateKeySupplier,
|
||||
Supplier<ImmutableList<X509Certificate>> certificatesSupplier) {
|
||||
logger.atInfo().log("Server SSL Provider: %s", sslProvider);
|
||||
checkArgument(
|
||||
requireClientCert || !validateClientCert,
|
||||
"Cannot validate client certificate if client certificate is not required.");
|
||||
this.requireClientCert = requireClientCert;
|
||||
this.validateClientCert = validateClientCert;
|
||||
this.sslProvider = sslProvider;
|
||||
this.privateKeySupplier = privateKeySupplier;
|
||||
this.certificatesSupplier = certificatesSupplier;
|
||||
@@ -95,10 +108,23 @@ public class SslServerInitializer<C extends Channel> extends ChannelInitializer<
|
||||
.addListener(
|
||||
future -> {
|
||||
if (future.isSuccess()) {
|
||||
Promise<X509Certificate> unusedPromise =
|
||||
clientCertificatePromise.setSuccess(
|
||||
(X509Certificate)
|
||||
sslHandler.engine().getSession().getPeerCertificates()[0]);
|
||||
X509Certificate clientCertificate =
|
||||
(X509Certificate)
|
||||
sslHandler.engine().getSession().getPeerCertificates()[0];
|
||||
try {
|
||||
clientCertificate.checkValidity();
|
||||
Promise<X509Certificate> unusedPromise =
|
||||
clientCertificatePromise.setSuccess(clientCertificate);
|
||||
} catch (CertificateNotYetValidException | CertificateExpiredException e) {
|
||||
logger.atWarning().withCause(e).log(
|
||||
"Client certificate is not valid.\nHash: %s",
|
||||
getCertificateHash(clientCertificate));
|
||||
if (validateClientCert) {
|
||||
Promise<X509Certificate> unusedPromise =
|
||||
clientCertificatePromise.setFailure(e);
|
||||
ChannelFuture unusedFuture2 = channel.close();
|
||||
}
|
||||
}
|
||||
} else {
|
||||
Promise<X509Certificate> unusedPromise =
|
||||
clientCertificatePromise.setFailure(future.cause());
|
||||
|
||||
@@ -61,7 +61,9 @@ public final class NettyRule extends ExternalResource {
|
||||
// Handler attached to client's channel to record the response received.
|
||||
private DumpHandler dumpHandler;
|
||||
|
||||
private Channel channel;
|
||||
private Channel clientChannel;
|
||||
|
||||
private Channel serverChannel;
|
||||
|
||||
public EventLoopGroup getEventLoopGroup() {
|
||||
return eventLoopGroup;
|
||||
@@ -79,6 +81,7 @@ public final class NettyRule extends ExternalResource {
|
||||
ch.pipeline().addLast(handlers);
|
||||
// Add the "echoHandler" last to log the incoming message and send it back
|
||||
ch.pipeline().addLast(echoHandler);
|
||||
serverChannel = ch;
|
||||
}
|
||||
};
|
||||
ServerBootstrap sb =
|
||||
@@ -109,11 +112,11 @@ public final class NettyRule extends ExternalResource {
|
||||
.group(eventLoopGroup)
|
||||
.channel(LocalChannel.class)
|
||||
.handler(clientInitializer);
|
||||
channel = b.connect(localAddress).syncUninterruptibly().channel();
|
||||
clientChannel = b.connect(localAddress).syncUninterruptibly().channel();
|
||||
}
|
||||
|
||||
void checkReady() {
|
||||
checkState(channel != null, "Must call setUpClient to finish NettyRule setup");
|
||||
checkState(clientChannel != null, "Must call setUpClient to finish NettyRule setup");
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -125,16 +128,21 @@ public final class NettyRule extends ExternalResource {
|
||||
*/
|
||||
void assertThatMessagesWork() throws Exception {
|
||||
checkReady();
|
||||
assertThat(channel.isActive()).isTrue();
|
||||
assertThat(clientChannel.isActive()).isTrue();
|
||||
|
||||
writeToChannelAndFlush(channel, "Hello, world!");
|
||||
writeToChannelAndFlush(clientChannel, "Hello, world!");
|
||||
assertThat(echoHandler.getRequestFuture().get()).isEqualTo("Hello, world!");
|
||||
assertThat(dumpHandler.getResponseFuture().get()).isEqualTo("Hello, world!");
|
||||
}
|
||||
|
||||
Channel getChannel() {
|
||||
Channel getClientChannel() {
|
||||
checkReady();
|
||||
return channel;
|
||||
return clientChannel;
|
||||
}
|
||||
|
||||
Channel getServerChannel() {
|
||||
checkReady();
|
||||
return serverChannel;
|
||||
}
|
||||
|
||||
ThrowableSubject assertThatServerRootCause() {
|
||||
|
||||
+78
-4
@@ -18,6 +18,7 @@ import static com.google.common.truth.Truth.assertThat;
|
||||
import static google.registry.networking.handler.SslInitializerTestUtils.getKeyPair;
|
||||
import static google.registry.networking.handler.SslInitializerTestUtils.setUpSslChannel;
|
||||
import static google.registry.networking.handler.SslInitializerTestUtils.signKeyPair;
|
||||
import static google.registry.networking.handler.SslInitializerTestUtils.verifySslExcpetion;
|
||||
|
||||
import com.google.common.collect.ImmutableList;
|
||||
import io.netty.channel.Channel;
|
||||
@@ -39,7 +40,12 @@ import java.security.KeyPair;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.cert.CertPathBuilderException;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateExpiredException;
|
||||
import java.security.cert.CertificateNotYetValidException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.time.Duration;
|
||||
import java.time.Instant;
|
||||
import java.util.Date;
|
||||
import java.util.function.Function;
|
||||
import javax.net.ssl.SSLException;
|
||||
import javax.net.ssl.SSLSession;
|
||||
@@ -159,7 +165,7 @@ public class SslClientInitializerTest {
|
||||
// exceptions.
|
||||
nettyRule.assertThatClientRootCause().isInstanceOf(CertPathBuilderException.class);
|
||||
nettyRule.assertThatServerRootCause().isInstanceOf(SSLException.class);
|
||||
assertThat(nettyRule.getChannel().isActive()).isFalse();
|
||||
assertThat(nettyRule.getClientChannel().isActive()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -184,13 +190,81 @@ public class SslClientInitializerTest {
|
||||
sslProvider, hostProvider, portProvider, ImmutableList.of(ssc.cert()), null, null);
|
||||
nettyRule.setUpClient(localAddress, sslClientInitializer);
|
||||
|
||||
setUpSslChannel(nettyRule.getChannel(), cert);
|
||||
setUpSslChannel(nettyRule.getClientChannel(), cert);
|
||||
nettyRule.assertThatMessagesWork();
|
||||
|
||||
// Verify that the SNI extension is sent during handshake.
|
||||
assertThat(sniHostReceived).isEqualTo(SSL_HOST);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_customTrustManager_serverCertExpired() throws Exception {
|
||||
LocalAddress localAddress =
|
||||
new LocalAddress("CUSTOM_TRUST_MANAGER_SERVE_CERT_EXPIRED_" + sslProvider);
|
||||
|
||||
// Generate a new key pair.
|
||||
KeyPair keyPair = getKeyPair();
|
||||
|
||||
// Generate a self signed certificate, and use it to sign the key pair.
|
||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||
X509Certificate cert =
|
||||
signKeyPair(
|
||||
ssc,
|
||||
keyPair,
|
||||
SSL_HOST,
|
||||
Date.from(Instant.now().minus(Duration.ofDays(2))),
|
||||
Date.from(Instant.now().minus(Duration.ofDays(1))));
|
||||
|
||||
// Set up the server to use the signed cert and private key to perform handshake;
|
||||
PrivateKey privateKey = keyPair.getPrivate();
|
||||
nettyRule.setUpServer(localAddress, getServerHandler(false, privateKey, cert));
|
||||
|
||||
// Set up the client to trust the self signed cert used to sign the cert that server provides.
|
||||
SslClientInitializer<LocalChannel> sslClientInitializer =
|
||||
new SslClientInitializer<>(
|
||||
sslProvider, hostProvider, portProvider, ImmutableList.of(ssc.cert()), null, null);
|
||||
nettyRule.setUpClient(localAddress, sslClientInitializer);
|
||||
|
||||
verifySslExcpetion(
|
||||
nettyRule.getClientChannel(),
|
||||
channel -> channel.pipeline().get(SslHandler.class).handshakeFuture().get(),
|
||||
CertificateExpiredException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_customTrustManager_serverCertNotYetValid() throws Exception {
|
||||
LocalAddress localAddress =
|
||||
new LocalAddress("CUSTOM_TRUST_MANAGER_SERVE_CERT_NOT_YET_VALID_" + sslProvider);
|
||||
|
||||
// Generate a new key pair.
|
||||
KeyPair keyPair = getKeyPair();
|
||||
|
||||
// Generate a self signed certificate, and use it to sign the key pair.
|
||||
SelfSignedCertificate ssc = new SelfSignedCertificate();
|
||||
X509Certificate cert =
|
||||
signKeyPair(
|
||||
ssc,
|
||||
keyPair,
|
||||
SSL_HOST,
|
||||
Date.from(Instant.now().plus(Duration.ofDays(1))),
|
||||
Date.from(Instant.now().plus(Duration.ofDays(2))));
|
||||
|
||||
// Set up the server to use the signed cert and private key to perform handshake;
|
||||
PrivateKey privateKey = keyPair.getPrivate();
|
||||
nettyRule.setUpServer(localAddress, getServerHandler(false, privateKey, cert));
|
||||
|
||||
// Set up the client to trust the self signed cert used to sign the cert that server provides.
|
||||
SslClientInitializer<LocalChannel> sslClientInitializer =
|
||||
new SslClientInitializer<>(
|
||||
sslProvider, hostProvider, portProvider, ImmutableList.of(ssc.cert()), null, null);
|
||||
nettyRule.setUpClient(localAddress, sslClientInitializer);
|
||||
|
||||
verifySslExcpetion(
|
||||
nettyRule.getClientChannel(),
|
||||
channel -> channel.pipeline().get(SslHandler.class).handshakeFuture().get(),
|
||||
CertificateNotYetValidException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_customTrustManager_acceptSelfSignedCert_clientCertRequired()
|
||||
throws Exception {
|
||||
@@ -215,7 +289,7 @@ public class SslClientInitializerTest {
|
||||
() -> ImmutableList.of(clientSsc.cert()));
|
||||
nettyRule.setUpClient(localAddress, sslClientInitializer);
|
||||
|
||||
SSLSession sslSession = setUpSslChannel(nettyRule.getChannel(), serverSsc.cert());
|
||||
SSLSession sslSession = setUpSslChannel(nettyRule.getClientChannel(), serverSsc.cert());
|
||||
nettyRule.assertThatMessagesWork();
|
||||
|
||||
// Verify that the SNI extension is sent during handshake.
|
||||
@@ -255,6 +329,6 @@ public class SslClientInitializerTest {
|
||||
nettyRule.assertThatClientRootCause().isInstanceOf(CertificateException.class);
|
||||
nettyRule.assertThatClientRootCause().hasMessageThat().contains(SSL_HOST);
|
||||
nettyRule.assertThatServerRootCause().isInstanceOf(SSLException.class);
|
||||
assertThat(nettyRule.getChannel().isActive()).isFalse();
|
||||
assertThat(nettyRule.getClientChannel().isActive()).isFalse();
|
||||
}
|
||||
}
|
||||
|
||||
+45
-4
@@ -15,8 +15,11 @@
|
||||
package google.registry.networking.handler;
|
||||
|
||||
import static com.google.common.truth.Truth.assertThat;
|
||||
import static google.registry.testing.JUnitBackports.assertThrows;
|
||||
|
||||
import com.google.common.base.Throwables;
|
||||
import io.netty.channel.Channel;
|
||||
import io.netty.channel.ChannelFuture;
|
||||
import io.netty.handler.ssl.SslHandler;
|
||||
import io.netty.handler.ssl.util.SelfSignedCertificate;
|
||||
import java.math.BigInteger;
|
||||
@@ -28,6 +31,7 @@ import java.security.cert.X509Certificate;
|
||||
import java.time.Duration;
|
||||
import java.time.Instant;
|
||||
import java.util.Date;
|
||||
import java.util.concurrent.ExecutionException;
|
||||
import javax.net.ssl.SSLSession;
|
||||
import org.bouncycastle.asn1.x500.X500Name;
|
||||
import org.bouncycastle.asn1.x509.AlgorithmIdentifier;
|
||||
@@ -61,17 +65,17 @@ public final class SslInitializerTestUtils {
|
||||
}
|
||||
|
||||
/**
|
||||
* Signs the given key pair with the given self signed certificate.
|
||||
* Signs the given key pair with the given self signed certificate to generate a certificate with
|
||||
* the given validity range.
|
||||
*
|
||||
* @return signed public key (of the key pair) certificate
|
||||
*/
|
||||
public static X509Certificate signKeyPair(
|
||||
SelfSignedCertificate ssc, KeyPair keyPair, String hostname) throws Exception {
|
||||
SelfSignedCertificate ssc, KeyPair keyPair, String hostname, Date from, Date to)
|
||||
throws Exception {
|
||||
X500Name subjectDnName = new X500Name("CN=" + hostname);
|
||||
BigInteger serialNumber = BigInteger.valueOf(System.currentTimeMillis());
|
||||
X500Name issuerDnName = new X500Name(ssc.cert().getIssuerDN().getName());
|
||||
Date from = Date.from(Instant.now().minus(Duration.ofDays(1)));
|
||||
Date to = Date.from(Instant.now().plus(Duration.ofDays(1)));
|
||||
SubjectPublicKeyInfo subPubKeyInfo =
|
||||
SubjectPublicKeyInfo.getInstance(keyPair.getPublic().getEncoded());
|
||||
AlgorithmIdentifier sigAlgId =
|
||||
@@ -89,6 +93,22 @@ public final class SslInitializerTestUtils {
|
||||
return new JcaX509CertificateConverter().setProvider("BC").getCertificate(certificateHolder);
|
||||
}
|
||||
|
||||
/**
|
||||
* Signs the given key pair with the given self signed certificate to generate a certificate that
|
||||
* is valid from yesterday to tomorrow.
|
||||
*
|
||||
* @return signed public key (of the key pair) certificate
|
||||
*/
|
||||
public static X509Certificate signKeyPair(
|
||||
SelfSignedCertificate ssc, KeyPair keyPair, String hostname) throws Exception {
|
||||
return signKeyPair(
|
||||
ssc,
|
||||
keyPair,
|
||||
hostname,
|
||||
Date.from(Instant.now().minus(Duration.ofDays(1))),
|
||||
Date.from(Instant.now().plus(Duration.ofDays(1))));
|
||||
}
|
||||
|
||||
/**
|
||||
* Verifies tha the SSL channel is established as expected, and also sends a message to the server
|
||||
* and verifies if it is echoed back correctly.
|
||||
@@ -110,4 +130,25 @@ public final class SslInitializerTestUtils {
|
||||
// Returns the SSL session for further assertion.
|
||||
return sslHandler.engine().getSession();
|
||||
}
|
||||
|
||||
/** Verifies tha the SSL channel cannot be established due to a given exception. */
|
||||
static void verifySslExcpetion(
|
||||
Channel channel, CheckedConsumer<Channel> operation, Class<? extends Exception> cause)
|
||||
throws Exception {
|
||||
// Extract SSL exception from the handshake future.
|
||||
Exception exception = assertThrows(ExecutionException.class, () -> operation.accept(channel));
|
||||
|
||||
// Verify that the exception is caused by the expected cause.
|
||||
assertThat(Throwables.getRootCause(exception)).isInstanceOf(cause);
|
||||
|
||||
// Ensure that the channel is closed. If this step times out, the channel is not properly
|
||||
// closed.
|
||||
ChannelFuture unusedFuture = channel.closeFuture().syncUninterruptibly();
|
||||
}
|
||||
|
||||
/** A consumer that can throw checked exceptions. */
|
||||
@FunctionalInterface
|
||||
interface CheckedConsumer<T> {
|
||||
void accept(T t) throws Exception;
|
||||
}
|
||||
}
|
||||
|
||||
+70
-14
@@ -18,6 +18,8 @@ import static com.google.common.truth.Truth.assertThat;
|
||||
import static google.registry.networking.handler.SslInitializerTestUtils.getKeyPair;
|
||||
import static google.registry.networking.handler.SslInitializerTestUtils.setUpSslChannel;
|
||||
import static google.registry.networking.handler.SslInitializerTestUtils.signKeyPair;
|
||||
import static google.registry.networking.handler.SslInitializerTestUtils.verifySslExcpetion;
|
||||
import static google.registry.networking.handler.SslServerInitializer.CLIENT_CERTIFICATE_PROMISE_KEY;
|
||||
|
||||
import com.google.common.base.Suppliers;
|
||||
import com.google.common.collect.ImmutableList;
|
||||
@@ -35,7 +37,12 @@ import io.netty.handler.ssl.util.SelfSignedCertificate;
|
||||
import java.security.KeyPair;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.cert.CertificateException;
|
||||
import java.security.cert.CertificateExpiredException;
|
||||
import java.security.cert.CertificateNotYetValidException;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.time.Duration;
|
||||
import java.time.Instant;
|
||||
import java.util.Date;
|
||||
import javax.net.ssl.SSLEngine;
|
||||
import javax.net.ssl.SSLException;
|
||||
import javax.net.ssl.SSLHandshakeException;
|
||||
@@ -82,18 +89,18 @@ public class SslServerInitializerTest {
|
||||
}
|
||||
|
||||
private ChannelHandler getServerHandler(
|
||||
boolean requireClientCert, PrivateKey privateKey, X509Certificate... certificates) {
|
||||
boolean requireClientCert,
|
||||
boolean validateClientCert,
|
||||
PrivateKey privateKey,
|
||||
X509Certificate... certificates) {
|
||||
return new SslServerInitializer<LocalChannel>(
|
||||
requireClientCert,
|
||||
validateClientCert,
|
||||
sslProvider,
|
||||
Suppliers.ofInstance(privateKey),
|
||||
Suppliers.ofInstance(ImmutableList.copyOf(certificates)));
|
||||
}
|
||||
|
||||
private ChannelHandler getServerHandler(PrivateKey privateKey, X509Certificate... certificates) {
|
||||
return getServerHandler(true, privateKey, certificates);
|
||||
}
|
||||
|
||||
private ChannelHandler getClientHandler(
|
||||
X509Certificate trustedCertificate, PrivateKey privateKey, X509Certificate certificate) {
|
||||
return new ChannelInitializer<LocalChannel>() {
|
||||
@@ -124,6 +131,7 @@ public class SslServerInitializerTest {
|
||||
SslServerInitializer<EmbeddedChannel> sslServerInitializer =
|
||||
new SslServerInitializer<>(
|
||||
true,
|
||||
false,
|
||||
sslProvider,
|
||||
Suppliers.ofInstance(ssc.key()),
|
||||
Suppliers.ofInstance(ImmutableList.of(ssc.cert())));
|
||||
@@ -142,12 +150,13 @@ public class SslServerInitializerTest {
|
||||
SelfSignedCertificate serverSsc = new SelfSignedCertificate(SSL_HOST);
|
||||
LocalAddress localAddress = new LocalAddress("TRUST_ANY_CLIENT_CERT_" + sslProvider);
|
||||
|
||||
nettyRule.setUpServer(localAddress, getServerHandler(serverSsc.key(), serverSsc.cert()));
|
||||
nettyRule.setUpServer(
|
||||
localAddress, getServerHandler(true, false, serverSsc.key(), serverSsc.cert()));
|
||||
SelfSignedCertificate clientSsc = new SelfSignedCertificate();
|
||||
nettyRule.setUpClient(
|
||||
localAddress, getClientHandler(serverSsc.cert(), clientSsc.key(), clientSsc.cert()));
|
||||
|
||||
SSLSession sslSession = setUpSslChannel(nettyRule.getChannel(), serverSsc.cert());
|
||||
SSLSession sslSession = setUpSslChannel(nettyRule.getClientChannel(), serverSsc.cert());
|
||||
nettyRule.assertThatMessagesWork();
|
||||
|
||||
// Verify that the SSL session gets the client cert. Note that this SslSession is for the client
|
||||
@@ -157,15 +166,58 @@ public class SslServerInitializerTest {
|
||||
assertThat(sslSession.getPeerCertificates()).asList().containsExactly(serverSsc.cert());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_clientCertExpired() throws Exception {
|
||||
SelfSignedCertificate serverSsc = new SelfSignedCertificate(SSL_HOST);
|
||||
LocalAddress localAddress = new LocalAddress("CLIENT_CERT_EXPIRED_" + sslProvider);
|
||||
|
||||
nettyRule.setUpServer(
|
||||
localAddress, getServerHandler(true, true, serverSsc.key(), serverSsc.cert()));
|
||||
SelfSignedCertificate clientSsc =
|
||||
new SelfSignedCertificate(
|
||||
"CLIENT",
|
||||
Date.from(Instant.now().minus(Duration.ofDays(2))),
|
||||
Date.from(Instant.now().minus(Duration.ofDays(1))));
|
||||
nettyRule.setUpClient(
|
||||
localAddress, getClientHandler(serverSsc.cert(), clientSsc.key(), clientSsc.cert()));
|
||||
|
||||
verifySslExcpetion(
|
||||
nettyRule.getServerChannel(),
|
||||
channel -> channel.attr(CLIENT_CERTIFICATE_PROMISE_KEY).get().get(),
|
||||
CertificateExpiredException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testFailure_clientCertNotYetValid() throws Exception {
|
||||
SelfSignedCertificate serverSsc = new SelfSignedCertificate(SSL_HOST);
|
||||
LocalAddress localAddress = new LocalAddress("CLIENT_CERT_EXPIRED_" + sslProvider);
|
||||
|
||||
nettyRule.setUpServer(
|
||||
localAddress, getServerHandler(true, true, serverSsc.key(), serverSsc.cert()));
|
||||
SelfSignedCertificate clientSsc =
|
||||
new SelfSignedCertificate(
|
||||
"CLIENT",
|
||||
Date.from(Instant.now().plus(Duration.ofDays(1))),
|
||||
Date.from(Instant.now().plus(Duration.ofDays(2))));
|
||||
nettyRule.setUpClient(
|
||||
localAddress, getClientHandler(serverSsc.cert(), clientSsc.key(), clientSsc.cert()));
|
||||
|
||||
verifySslExcpetion(
|
||||
nettyRule.getServerChannel(),
|
||||
channel -> channel.attr(CLIENT_CERTIFICATE_PROMISE_KEY).get().get(),
|
||||
CertificateNotYetValidException.class);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void testSuccess_doesNotRequireClientCert() throws Exception {
|
||||
SelfSignedCertificate serverSsc = new SelfSignedCertificate(SSL_HOST);
|
||||
LocalAddress localAddress = new LocalAddress("DOES_NOT_REQUIRE_CLIENT_CERT_" + sslProvider);
|
||||
|
||||
nettyRule.setUpServer(localAddress, getServerHandler(false, serverSsc.key(), serverSsc.cert()));
|
||||
nettyRule.setUpServer(
|
||||
localAddress, getServerHandler(false, false, serverSsc.key(), serverSsc.cert()));
|
||||
nettyRule.setUpClient(localAddress, getClientHandler(serverSsc.cert(), null, null));
|
||||
|
||||
SSLSession sslSession = setUpSslChannel(nettyRule.getChannel(), serverSsc.cert());
|
||||
SSLSession sslSession = setUpSslChannel(nettyRule.getClientChannel(), serverSsc.cert());
|
||||
nettyRule.assertThatMessagesWork();
|
||||
|
||||
// Verify that the SSL session does not contain any client cert. Note that this SslSession is
|
||||
@@ -186,6 +238,8 @@ public class SslServerInitializerTest {
|
||||
nettyRule.setUpServer(
|
||||
localAddress,
|
||||
getServerHandler(
|
||||
true,
|
||||
false,
|
||||
keyPair.getPrivate(),
|
||||
// Serving both the server cert, and the CA cert
|
||||
serverCert,
|
||||
@@ -197,7 +251,7 @@ public class SslServerInitializerTest {
|
||||
// Client trusts the CA cert
|
||||
caSsc.cert(), clientSsc.key(), clientSsc.cert()));
|
||||
|
||||
SSLSession sslSession = setUpSslChannel(nettyRule.getChannel(), serverCert, caSsc.cert());
|
||||
SSLSession sslSession = setUpSslChannel(nettyRule.getClientChannel(), serverCert, caSsc.cert());
|
||||
nettyRule.assertThatMessagesWork();
|
||||
|
||||
assertThat(sslSession.getLocalCertificates()).asList().containsExactly(clientSsc.cert());
|
||||
@@ -212,7 +266,8 @@ public class SslServerInitializerTest {
|
||||
SelfSignedCertificate serverSsc = new SelfSignedCertificate(SSL_HOST);
|
||||
LocalAddress localAddress = new LocalAddress("REQUIRE_CLIENT_CERT_" + sslProvider);
|
||||
|
||||
nettyRule.setUpServer(localAddress, getServerHandler(serverSsc.key(), serverSsc.cert()));
|
||||
nettyRule.setUpServer(
|
||||
localAddress, getServerHandler(true, false, serverSsc.key(), serverSsc.cert()));
|
||||
nettyRule.setUpClient(
|
||||
localAddress,
|
||||
getClientHandler(
|
||||
@@ -225,7 +280,7 @@ public class SslServerInitializerTest {
|
||||
// should throw exceptions.
|
||||
nettyRule.assertThatServerRootCause().isInstanceOf(SSLHandshakeException.class);
|
||||
nettyRule.assertThatClientRootCause().isInstanceOf(SSLException.class);
|
||||
assertThat(nettyRule.getChannel().isActive()).isFalse();
|
||||
assertThat(nettyRule.getClientChannel().isActive()).isFalse();
|
||||
}
|
||||
|
||||
@Test
|
||||
@@ -233,7 +288,8 @@ public class SslServerInitializerTest {
|
||||
SelfSignedCertificate serverSsc = new SelfSignedCertificate("wrong.com");
|
||||
LocalAddress localAddress = new LocalAddress("WRONG_HOSTNAME_" + sslProvider);
|
||||
|
||||
nettyRule.setUpServer(localAddress, getServerHandler(serverSsc.key(), serverSsc.cert()));
|
||||
nettyRule.setUpServer(
|
||||
localAddress, getServerHandler(true, false, serverSsc.key(), serverSsc.cert()));
|
||||
SelfSignedCertificate clientSsc = new SelfSignedCertificate();
|
||||
nettyRule.setUpClient(
|
||||
localAddress, getClientHandler(serverSsc.cert(), clientSsc.key(), clientSsc.cert()));
|
||||
@@ -243,6 +299,6 @@ public class SslServerInitializerTest {
|
||||
nettyRule.assertThatClientRootCause().isInstanceOf(CertificateException.class);
|
||||
nettyRule.assertThatClientRootCause().hasMessageThat().contains(SSL_HOST);
|
||||
nettyRule.assertThatServerRootCause().isInstanceOf(SSLException.class);
|
||||
assertThat(nettyRule.getChannel().isActive()).isFalse();
|
||||
assertThat(nettyRule.getClientChannel().isActive()).isFalse();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -162,7 +162,8 @@ public final class EppProtocolModule {
|
||||
SslProvider sslProvider,
|
||||
Supplier<PrivateKey> privateKeySupplier,
|
||||
Supplier<ImmutableList<X509Certificate>> certificatesSupplier) {
|
||||
return new SslServerInitializer<>(true, sslProvider, privateKeySupplier, certificatesSupplier);
|
||||
return new SslServerInitializer<>(
|
||||
true, false, sslProvider, privateKeySupplier, certificatesSupplier);
|
||||
}
|
||||
|
||||
@Provides
|
||||
|
||||
@@ -134,6 +134,7 @@ public final class WebWhoisProtocolsModule {
|
||||
SslProvider sslProvider,
|
||||
Supplier<PrivateKey> privateKeySupplier,
|
||||
Supplier<ImmutableList<X509Certificate>> certificatesSupplier) {
|
||||
return new SslServerInitializer<>(false, sslProvider, privateKeySupplier, certificatesSupplier);
|
||||
return new SslServerInitializer<>(
|
||||
false, false, sslProvider, privateKeySupplier, certificatesSupplier);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -65,8 +65,8 @@ steps:
|
||||
# Build and package the deployment files for production.
|
||||
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
|
||||
args: ['release/build_nomulus_for_env.sh', 'production', 'output']
|
||||
# Tentatively build and publish Cloud SQL schema jar here, before schema release
|
||||
# process is finalized.
|
||||
# Tentatively build Cloud SQL schema jar here, before schema release process
|
||||
# is finalized.
|
||||
- name: 'gcr.io/${PROJECT_ID}/builder:latest'
|
||||
entrypoint: /bin/bash
|
||||
args:
|
||||
@@ -74,11 +74,9 @@ steps:
|
||||
- |
|
||||
set -e
|
||||
./gradlew \
|
||||
:db:publish \
|
||||
:db:schemaJar \
|
||||
-PmavenUrl=https://storage.googleapis.com/domain-registry-maven-repository/maven \
|
||||
-PpluginsUrl=https://storage.googleapis.com/domain-registry-maven-repository/plugins \
|
||||
-Pschema_publish_repo=gcs://domain-registry-maven-repository/nomulus \
|
||||
-Pschema_version=${TAG_NAME}
|
||||
-PpluginsUrl=https://storage.googleapis.com/domain-registry-maven-repository/plugins
|
||||
cp db/build/libs/schema.jar output/
|
||||
# The tarballs and jars to upload to GCS.
|
||||
artifacts:
|
||||
|
||||
Reference in New Issue
Block a user