diff options
author | Morten Tokle <mortent@verizonmedia.com> | 2021-05-21 14:12:00 +0200 |
---|---|---|
committer | Morten Tokle <mortent@verizonmedia.com> | 2021-05-25 08:01:56 +0200 |
commit | d97430f1bb633fc9eb541f2fb057a41a012d088f (patch) | |
tree | dc057905a336908b768ee67c2c88acbcb83579d3 | |
parent | 05c8138b4936a3144e8b95348ebc525148ba709f (diff) |
Add top-level object, simplify tests
5 files changed, 61 insertions, 21 deletions
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java index 6649087f454..543318f9224 100644 --- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java +++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java @@ -73,6 +73,7 @@ import java.io.StringReader; import java.math.BigInteger; import java.security.KeyPair; import java.security.cert.X509Certificate; +import java.time.Duration; import java.time.Instant; import java.time.temporal.ChronoUnit; import java.util.ArrayList; @@ -836,14 +837,9 @@ public class ContainerModelBuilderTest extends ContainerModelBuilderTestBase { .withRoot(applicationFolder.getRoot()) .build(); - KeyPair key = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); var applicationTrustCert = X509CertificateUtils.toPem( - X509CertificateBuilder - .fromKeypair(key, new X500Principal("CN=application"), Instant.now(), Instant.now().plus(1, ChronoUnit.DAYS), SignatureAlgorithm.SHA512_WITH_ECDSA, BigInteger.valueOf(1)) - .build()); - var operatorCert = X509CertificateBuilder - .fromKeypair(key, new X500Principal("CN=operator"), Instant.now(), Instant.now().plus(1, ChronoUnit.DAYS), SignatureAlgorithm.SHA512_WITH_ECDSA, BigInteger.valueOf(1)) - .build(); + X509CertificateUtils.createSelfSigned("CN=application", Duration.ofDays(1)).certificate()); + var operatorCert = X509CertificateUtils.createSelfSigned("CN=operator", Duration.ofDays(1)).certificate(); applicationPackage.getFile(Path.fromString("security")).createDirectory(); applicationPackage.getFile(Path.fromString("security/clients.pem")).writeFile(new StringReader(applicationTrustCert)); diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializer.java index 7fe2ab5e12f..3dbdf1380f1 100644 --- a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializer.java +++ b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializer.java @@ -15,17 +15,21 @@ import java.util.stream.Collectors; public class OperatorCertificateSerializer { + private final static String certificateField = "certificates"; + + public static Slime toSlime(List<X509Certificate> certificateList) { Slime slime = new Slime(); - Cursor array = slime.setArray(); + var root = slime.setObject(); + Cursor array = root.setArray(certificateField); certificateList.stream() .map(X509CertificateUtils::toPem) .forEach(array::addString); return slime; } - public static List<X509Certificate> fromSlime(Inspector array) { - return SlimeUtils.entriesStream(array) + public static List<X509Certificate> fromSlime(Inspector object) { + return SlimeUtils.entriesStream(object.field(certificateField)) .map(Inspector::asString) .map(X509CertificateUtils::fromPem) .collect(Collectors.toList()); diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java index 06ff9f4b3f6..08794cf0b78 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java @@ -12,6 +12,7 @@ import com.yahoo.security.KeyUtils; import com.yahoo.security.SignatureAlgorithm; import com.yahoo.security.X509CertificateBuilder; import com.yahoo.security.X509CertificateUtils; +import com.yahoo.security.X509CertificateWithKey; import com.yahoo.slime.ArrayInserter; import com.yahoo.slime.Cursor; import com.yahoo.slime.Injector; @@ -195,19 +196,11 @@ public class PrepareParamsTest { Slime slime = SlimeUtils.jsonToSlime(json); Cursor cursor = slime.get(); Cursor array = cursor.setArray(PrepareParams.OPERATOR_CERTIFICATES); - - KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); - X500Principal subject = new X500Principal("CN=myservice"); - X509Certificate cert = - X509CertificateBuilder.fromKeypair(keyPair, subject, Instant.now(), - Instant.now().plus(1, ChronoUnit.DAYS), SignatureAlgorithm.SHA256_WITH_ECDSA, - BigInteger.valueOf(1)) - .setBasicConstraints(true, true) - .build(); - array.addString(X509CertificateUtils.toPem(cert)); + X509Certificate certificate = X509CertificateUtils.createSelfSigned("cn=myservice", Duration.ofDays(1)).certificate(); + array.addString(X509CertificateUtils.toPem(certificate)); PrepareParams prepareParams = PrepareParams.fromJson(SlimeUtils.toJsonBytes(slime), TenantName.from("foo"), Duration.ofSeconds(60)); assertEquals(1, prepareParams.operatorCertificates().size()); - assertEquals(cert, prepareParams.operatorCertificates().get(0)); + assertEquals(certificate, prepareParams.operatorCertificates().get(0)); } private void assertPrepareParamsEqual(PrepareParams urlParams, PrepareParams jsonParams) { diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializerTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializerTest.java new file mode 100644 index 00000000000..b77248f0840 --- /dev/null +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializerTest.java @@ -0,0 +1,30 @@ +// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. + +package com.yahoo.vespa.config.server.tenant; + +import com.yahoo.security.X509CertificateUtils; +import com.yahoo.security.X509CertificateWithKey; +import com.yahoo.slime.Slime; +import com.yahoo.slime.SlimeUtils; +import org.junit.Assert; +import org.junit.Test; + +import java.io.IOException; +import java.nio.charset.StandardCharsets; +import java.security.cert.X509Certificate; +import java.time.Duration; +import java.util.List; + +import static org.junit.Assert.assertEquals; + +public class OperatorCertificateSerializerTest { + + @Test + public void testSerialization() { + X509Certificate certificate = X509CertificateUtils.createSelfSigned("cn=mycn", Duration.ofDays(1)).certificate(); + Slime slime = OperatorCertificateSerializer.toSlime(List.of(certificate)); + List<X509Certificate> deserialized = OperatorCertificateSerializer.fromSlime(slime.get()); + assertEquals(1, deserialized.size()); + assertEquals(certificate, deserialized.get(0)); + } +} diff --git a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java index cefa8ab2f51..215dc311af3 100644 --- a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java @@ -18,13 +18,18 @@ import java.io.IOException; import java.io.StringReader; import java.io.StringWriter; import java.io.UncheckedIOException; +import java.math.BigInteger; import java.security.GeneralSecurityException; +import java.security.KeyPair; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; import java.security.SignatureException; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; +import java.time.Duration; +import java.time.Instant; +import java.time.temporal.ChronoUnit; import java.util.ArrayList; import java.util.Collections; import java.util.List; @@ -161,4 +166,16 @@ public class X509CertificateUtils { } } + public static X509CertificateWithKey createSelfSigned(String cn, Duration duration) { + KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); + X500Principal subject = new X500Principal(cn); + Instant now = Instant.now(); + X509Certificate cert = + X509CertificateBuilder.fromKeypair(keyPair, subject, now, + now.plus(duration), SignatureAlgorithm.SHA256_WITH_ECDSA, + BigInteger.ONE) + .setBasicConstraints(true, true) + .build(); + return new X509CertificateWithKey(cert, keyPair.getPrivate()); + } } |