diff options
| author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-11-27 15:36:00 +0100 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-11-27 16:07:12 +0100 |
| commit | b2952cef2c2020893324f2d3f4e3bc433eedf827 (patch) | |
| tree | 3c284e2542e3ce3101c5e9e95215bc9261992909 /jrt/tests | |
| parent | c564cfd01c942faa0968f544e76ca305bde3fefc (diff) | |
Use PeerAuthorizer in TLS unit tests of jrt
Diffstat (limited to 'jrt/tests')
| -rw-r--r-- | jrt/tests/com/yahoo/jrt/CryptoUtils.java | 24 |
1 files changed, 24 insertions, 0 deletions
diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java index c3128e09bd3..6c843000779 100644 --- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java +++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java @@ -5,6 +5,14 @@ import com.yahoo.security.KeyStoreBuilder; import com.yahoo.security.KeyUtils; import com.yahoo.security.SslContextBuilder; import com.yahoo.security.X509CertificateBuilder; +import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager.Mode; +import com.yahoo.security.tls.authz.PeerAuthorizerTrustManagersFactory; +import com.yahoo.security.tls.policy.AuthorizedPeers; +import com.yahoo.security.tls.policy.HostGlobPattern; +import com.yahoo.security.tls.policy.PeerPolicy; +import com.yahoo.security.tls.policy.RequiredPeerCredential; +import com.yahoo.security.tls.policy.RequiredPeerCredential.Field; +import com.yahoo.security.tls.policy.Role; import javax.net.ssl.SSLContext; import javax.security.auth.x500.X500Principal; @@ -19,6 +27,8 @@ import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_RSA; import static com.yahoo.security.X509CertificateBuilder.generateRandomSerialNumber; import static java.time.Instant.EPOCH; import static java.time.temporal.ChronoUnit.DAYS; +import static java.util.Collections.singleton; +import static java.util.Collections.singletonList; /** * @author bjorncs @@ -35,9 +45,23 @@ class CryptoUtils { .withCertificateEntry("self-signed", certificate) .build(); + return new SslContextBuilder() .withTrustStore(trustStore) .withKeyStore(keyPair.getPrivate(), certificate) + .withTrustManagerFactory(new PeerAuthorizerTrustManagersFactory(createAuthorizedPeers(), Mode.ENFORCE)) .build(); } + + private static AuthorizedPeers createAuthorizedPeers() { + return new AuthorizedPeers( + singleton( + new PeerPolicy( + "dummy-policy", + singleton( + new Role("dummy-role")), + singletonList( + new RequiredPeerCredential( + Field.CN, new HostGlobPattern("dummy")))))); + } } |