diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-12-03 15:20:47 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-12-05 16:35:35 +0100 |
commit | d7161a1f6556104119031c8c70db0fb07cb64d27 (patch) | |
tree | 1fc17058dbcc09b3e257f11e839ec139b63b1639 /jrt | |
parent | caff08abecd3414fbb46bb002c22c36e1dede893 (diff) |
Use DefaultTlsContext in jrt unit tests
Diffstat (limited to 'jrt')
-rw-r--r-- | jrt/tests/com/yahoo/jrt/CryptoUtils.java | 70 |
1 files changed, 17 insertions, 53 deletions
diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java index 421c34e66ca..b0a8a4b0efb 100644 --- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java +++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java @@ -1,13 +1,11 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.jrt; -import com.yahoo.security.KeyStoreBuilder; import com.yahoo.security.KeyUtils; -import com.yahoo.security.SslContextBuilder; import com.yahoo.security.X509CertificateBuilder; +import com.yahoo.security.tls.DefaultTlsContext; import com.yahoo.security.tls.TlsContext; import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager.Mode; -import com.yahoo.security.tls.authz.PeerAuthorizerTrustManagersFactory; import com.yahoo.security.tls.policy.AuthorizedPeers; import com.yahoo.security.tls.policy.HostGlobPattern; import com.yahoo.security.tls.policy.PeerPolicy; @@ -15,16 +13,12 @@ import com.yahoo.security.tls.policy.RequiredPeerCredential; import com.yahoo.security.tls.policy.RequiredPeerCredential.Field; import com.yahoo.security.tls.policy.Role; -import javax.net.ssl.SSLContext; -import javax.net.ssl.SSLEngine; import javax.security.auth.x500.X500Principal; import java.security.KeyPair; -import java.security.KeyStore; import java.security.cert.X509Certificate; import java.time.Instant; import static com.yahoo.security.KeyAlgorithm.RSA; -import static com.yahoo.security.KeyStoreType.PKCS12; import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_RSA; import static com.yahoo.security.X509CertificateBuilder.generateRandomSerialNumber; import static java.time.Instant.EPOCH; @@ -35,57 +29,27 @@ import static java.util.Collections.singletonList; /** * @author bjorncs */ +// TODO Use EC. Java/JSSE is currently unable to find compatible ciphers when using elliptic curve crypto from BouncyCastle class CryptoUtils { - static final SSLContext testSslContext = createTestSslContext(); - static TlsContext createTestTlsContext() { - return new StaticTlsContext(testSslContext); - } - - // TODO Use EC. Java/JSSE is currently unable to find compatible ciphers when using elliptic curve crypto from BouncyCastle - static SSLContext createTestSslContext() { - KeyPair keyPair = KeyUtils.generateKeypair(RSA); + static final KeyPair keyPair = KeyUtils.generateKeypair(RSA); - X509Certificate certificate = X509CertificateBuilder - .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_RSA, generateRandomSerialNumber()) - .build(); + static final X509Certificate certificate = X509CertificateBuilder + .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_RSA, generateRandomSerialNumber()) + .build(); - KeyStore trustStore = KeyStoreBuilder.withType(PKCS12) - .withCertificateEntry("self-signed", certificate) - .build(); - - - return new SslContextBuilder() - .withTrustStore(trustStore) - .withKeyStore(keyPair.getPrivate(), certificate) - .withTrustManagerFactory(new PeerAuthorizerTrustManagersFactory(createAuthorizedPeers(), Mode.ENFORCE)) - .build(); - } + static final AuthorizedPeers authorizedPeers = new AuthorizedPeers( + singleton( + new PeerPolicy( + "dummy-policy", + singleton( + new Role("dummy-role")), + singletonList( + new RequiredPeerCredential( + Field.CN, new HostGlobPattern("dummy")))))); - private static AuthorizedPeers createAuthorizedPeers() { - return new AuthorizedPeers( - singleton( - new PeerPolicy( - "dummy-policy", - singleton( - new Role("dummy-role")), - singletonList( - new RequiredPeerCredential( - Field.CN, new HostGlobPattern("dummy")))))); + static TlsContext createTestTlsContext() { + return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, Mode.ENFORCE); } - private static class StaticTlsContext implements TlsContext { - - final SSLContext sslContext; - - StaticTlsContext(SSLContext sslContext) { - this.sslContext = sslContext; - } - - @Override - public SSLEngine createSslEngine() { - return sslContext.createSSLEngine(); - } - - } } |