Merge pull request #8218 from vespa-engine/bjorncs/tls

bjorncs/tls
author: Tor Brede Vekterli <vekterli@oath.com> 2019-01-24 16:34:54 +0100
committer: GitHub <noreply@github.com> 2019-01-24 16:34:54 +0100
commit: 25f41d6c5fd105b47d9f0d0c1642f25fd9ac8795 (patch)
tree: b5e22db7bcee5a9d41da33f261c33f351307cad1 /jrt
parent: 1ed75a5681fc19966fdb1940f3f55e6c8f5c2c76 (diff)
parent: e9fb2bbd3ceb780b48c9aa60026f4f096ba2cc50 (diff)
5 files changed, 9 insertions, 10 deletions
diff --git a/jrt/src/com/yahoo/jrt/Acceptor.java b/jrt/src/com/yahoo/jrt/Acceptor.java
index d27700a5f8f..3da978fb90e 100644
--- a/jrt/src/com/yahoo/jrt/Acceptor.java
+++ b/jrt/src/com/yahoo/jrt/Acceptor.java
@@ -30,7 +30,7 @@ public class Acceptor {
 
     private final static Logger log = Logger.getLogger(Acceptor.class.getName());
 
-    private final Thread         thread = new Thread(new Run(), "<acceptor>");
+    private final Thread         thread = new Thread(new Run(), "<jrt-acceptor>");
     private final CountDownLatch shutdownGate = new CountDownLatch(1);
     private final Transport      parent;
     private final Supervisor     owner;
diff --git a/jrt/src/com/yahoo/jrt/Closer.java b/jrt/src/com/yahoo/jrt/Closer.java
index aa7dedd8a26..71d99807253 100644
--- a/jrt/src/com/yahoo/jrt/Closer.java
+++ b/jrt/src/com/yahoo/jrt/Closer.java
@@ -14,7 +14,7 @@ class Closer {
         }
     }
 
-    private Thread      thread = new Thread(new Run(), "<closer>");
+    private Thread      thread = new Thread(new Run(), "<jrt-closer>");
     private Transport   parent;
     private ThreadQueue closeQueue = new ThreadQueue();
 
diff --git a/jrt/src/com/yahoo/jrt/Connector.java b/jrt/src/com/yahoo/jrt/Connector.java
index ee387e732cb..a4cbd07d3f8 100644
--- a/jrt/src/com/yahoo/jrt/Connector.java
+++ b/jrt/src/com/yahoo/jrt/Connector.java
@@ -14,7 +14,7 @@ class Connector {
         }
     }
 
-    private Thread      thread = new Thread(new Run(), "<connector>");
+    private Thread      thread = new Thread(new Run(), "<jrt-connector>");
     private Transport   parent;
     private ThreadQueue connectQueue = new ThreadQueue();
     private boolean     done = false;
diff --git a/jrt/src/com/yahoo/jrt/Transport.java b/jrt/src/com/yahoo/jrt/Transport.java
index 8da4c737f79..0a2f2a4b7cb 100644
--- a/jrt/src/com/yahoo/jrt/Transport.java
+++ b/jrt/src/com/yahoo/jrt/Transport.java
@@ -170,7 +170,7 @@ public class Transport {
             this.fatalHandler = fatalHandler; // NB: this must be set first
         }
         this.cryptoEngine = cryptoEngine;
-        thread    = new Thread(new Run(), "<transport>");
+        thread    = new Thread(new Run(), "<jrt-transport>");
         queue     = new Queue();
         myQueue   = new Queue();
         connector = new Connector(this);
diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
index 1c2280567cb..6890fe88da5 100644
--- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java
+++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
@@ -18,8 +18,8 @@ import java.security.KeyPair;
 import java.security.cert.X509Certificate;
 import java.time.Instant;
 
-import static com.yahoo.security.KeyAlgorithm.RSA;
-import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_RSA;
+import static com.yahoo.security.KeyAlgorithm.EC;
+import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA;
 import static com.yahoo.security.X509CertificateBuilder.generateRandomSerialNumber;
 import static java.time.Instant.EPOCH;
 import static java.time.temporal.ChronoUnit.DAYS;
@@ -29,13 +29,12 @@ import static java.util.Collections.singletonList;
 /**
  * @author bjorncs
  */
-// TODO Use EC. Java/JSSE is currently unable to find compatible ciphers when using elliptic curve crypto from BouncyCastle
 class CryptoUtils {
 
-    static final KeyPair keyPair = KeyUtils.generateKeypair(RSA);
+    static final KeyPair keyPair = KeyUtils.generateKeypair(EC);
 
     static final X509Certificate certificate = X509CertificateBuilder
-            .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_RSA, generateRandomSerialNumber())
+            .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_ECDSA, generateRandomSerialNumber())
             .build();
 
     static final AuthorizedPeers authorizedPeers = new AuthorizedPeers(
@@ -49,7 +48,7 @@ class CryptoUtils {
                                             Field.CN, new HostGlobPattern("dummy"))))));
 
     static TlsContext createTestTlsContext() {
-        return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE);
+        return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE, DefaultTlsContext.ALLOWED_CIPHER_SUITES);
     }
 
 }
author	Tor Brede Vekterli <vekterli@oath.com>	2019-01-24 16:34:54 +0100
committer	GitHub <noreply@github.com>	2019-01-24 16:34:54 +0100
commit	25f41d6c5fd105b47d9f0d0c1642f25fd9ac8795 (patch)
tree	b5e22db7bcee5a9d41da33f261c33f351307cad1 /jrt
parent	1ed75a5681fc19966fdb1940f3f55e6c8f5c2c76 (diff)
parent	e9fb2bbd3ceb780b48c9aa60026f4f096ba2cc50 (diff)