diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-02-17 13:40:26 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-02-17 16:36:35 +0100 |
commit | 03079a1c20a0e0b41bc12dd034091f1e408e1c7c (patch) | |
tree | c9ed71323e03630d339625d633ca51996807bfa9 /jrt | |
parent | 06df2d189b63b561472ac677389298038486ba70 (diff) |
Override hostname verification in PeerAuthorizerTrustManager
Override hostname verification on client-side.
Remove overriding of hostname verification for server-side.
Diffstat (limited to 'jrt')
-rw-r--r-- | jrt/tests/com/yahoo/jrt/CryptoUtils.java | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java index e7e4eea568d..95ea581cb90 100644 --- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java +++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java @@ -5,6 +5,7 @@ import com.yahoo.security.KeyUtils; import com.yahoo.security.X509CertificateBuilder; import com.yahoo.security.tls.AuthorizationMode; import com.yahoo.security.tls.DefaultTlsContext; +import com.yahoo.security.tls.HostnameVerification; import com.yahoo.security.tls.PeerAuthentication; import com.yahoo.security.tls.TlsContext; import com.yahoo.security.tls.policy.AuthorizedPeers; @@ -35,21 +36,23 @@ class CryptoUtils { static final KeyPair keyPair = KeyUtils.generateKeypair(EC); static final X509Certificate certificate = X509CertificateBuilder - .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_ECDSA, generateRandomSerialNumber()) + .fromKeypair(keyPair, new X500Principal("CN=localhost"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_ECDSA, generateRandomSerialNumber()) .build(); static final AuthorizedPeers authorizedPeers = new AuthorizedPeers( singleton( new PeerPolicy( - "dummy-policy", + "localhost-policy", singleton( - new Role("dummy-role")), + new Role("localhost-role")), singletonList( new RequiredPeerCredential( - Field.CN, new HostGlobPattern("dummy")))))); + Field.CN, new HostGlobPattern("localhost")))))); static TlsContext createTestTlsContext() { - return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE, PeerAuthentication.NEED); + return new DefaultTlsContext( + singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, + AuthorizationMode.ENFORCE, PeerAuthentication.NEED, HostnameVerification.ENABLED); } } |