diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-01-23 15:30:06 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2019-01-23 16:33:56 +0100 |
commit | ee53aae6d9ddc47a6d0b98780e7003fb4450b72d (patch) | |
tree | af78b977ea3cfac3db53314e0b4e815825028084 /jrt/tests/com/yahoo | |
parent | bf0c364db7d2e31272786c3bc59eea4f26f8ac71 (diff) |
Use 'prime256v1' curve for EC keys
This allows the TLS test in jrt to use elliptic curves crypto in unit
tests (fixes issue where JSSE cannot find matching cipher).
Diffstat (limited to 'jrt/tests/com/yahoo')
-rw-r--r-- | jrt/tests/com/yahoo/jrt/CryptoUtils.java | 12 |
1 files changed, 5 insertions, 7 deletions
diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java index 1112234e04e..6890fe88da5 100644 --- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java +++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java @@ -17,10 +17,9 @@ import javax.security.auth.x500.X500Principal; import java.security.KeyPair; import java.security.cert.X509Certificate; import java.time.Instant; -import java.util.List; -import static com.yahoo.security.KeyAlgorithm.RSA; -import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_RSA; +import static com.yahoo.security.KeyAlgorithm.EC; +import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; import static com.yahoo.security.X509CertificateBuilder.generateRandomSerialNumber; import static java.time.Instant.EPOCH; import static java.time.temporal.ChronoUnit.DAYS; @@ -30,13 +29,12 @@ import static java.util.Collections.singletonList; /** * @author bjorncs */ -// TODO Use EC. Java/JSSE is currently unable to find compatible ciphers when using elliptic curve crypto from BouncyCastle class CryptoUtils { - static final KeyPair keyPair = KeyUtils.generateKeypair(RSA); + static final KeyPair keyPair = KeyUtils.generateKeypair(EC); static final X509Certificate certificate = X509CertificateBuilder - .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_RSA, generateRandomSerialNumber()) + .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_ECDSA, generateRandomSerialNumber()) .build(); static final AuthorizedPeers authorizedPeers = new AuthorizedPeers( @@ -50,7 +48,7 @@ class CryptoUtils { Field.CN, new HostGlobPattern("dummy")))))); static TlsContext createTestTlsContext() { - return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE, List.of()); + return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE, DefaultTlsContext.ALLOWED_CIPHER_SUITES); } } |