Use DefaultTlsContext in jrt unit tests

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-12-03 15:20:47 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-12-05 16:35:35 +0100
commit: d7161a1f6556104119031c8c70db0fb07cb64d27 (patch)
tree: 1fc17058dbcc09b3e257f11e839ec139b63b1639 /jrt
parent: caff08abecd3414fbb46bb002c22c36e1dede893 (diff)
1 files changed, 17 insertions, 53 deletions
diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
index 421c34e66ca..b0a8a4b0efb 100644
--- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java
+++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
@@ -1,13 +1,11 @@
 // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.jrt;
 
-import com.yahoo.security.KeyStoreBuilder;
 import com.yahoo.security.KeyUtils;
-import com.yahoo.security.SslContextBuilder;
 import com.yahoo.security.X509CertificateBuilder;
+import com.yahoo.security.tls.DefaultTlsContext;
 import com.yahoo.security.tls.TlsContext;
 import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager.Mode;
-import com.yahoo.security.tls.authz.PeerAuthorizerTrustManagersFactory;
 import com.yahoo.security.tls.policy.AuthorizedPeers;
 import com.yahoo.security.tls.policy.HostGlobPattern;
 import com.yahoo.security.tls.policy.PeerPolicy;
@@ -15,16 +13,12 @@ import com.yahoo.security.tls.policy.RequiredPeerCredential;
 import com.yahoo.security.tls.policy.RequiredPeerCredential.Field;
 import com.yahoo.security.tls.policy.Role;
 
-import javax.net.ssl.SSLContext;
-import javax.net.ssl.SSLEngine;
 import javax.security.auth.x500.X500Principal;
 import java.security.KeyPair;
-import java.security.KeyStore;
 import java.security.cert.X509Certificate;
 import java.time.Instant;
 
 import static com.yahoo.security.KeyAlgorithm.RSA;
-import static com.yahoo.security.KeyStoreType.PKCS12;
 import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_RSA;
 import static com.yahoo.security.X509CertificateBuilder.generateRandomSerialNumber;
 import static java.time.Instant.EPOCH;
@@ -35,57 +29,27 @@ import static java.util.Collections.singletonList;
 /**
  * @author bjorncs
  */
+// TODO Use EC. Java/JSSE is currently unable to find compatible ciphers when using elliptic curve crypto from BouncyCastle
 class CryptoUtils {
-    static final SSLContext testSslContext = createTestSslContext();
 
-    static TlsContext createTestTlsContext() {
-        return new StaticTlsContext(testSslContext);
-    }
-
-    // TODO Use EC. Java/JSSE is currently unable to find compatible ciphers when using elliptic curve crypto from BouncyCastle
-    static SSLContext createTestSslContext() {
-        KeyPair keyPair = KeyUtils.generateKeypair(RSA);
+    static final KeyPair keyPair = KeyUtils.generateKeypair(RSA);
 
-        X509Certificate certificate = X509CertificateBuilder
-                .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_RSA, generateRandomSerialNumber())
-                .build();
+    static final X509Certificate certificate = X509CertificateBuilder
+            .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_RSA, generateRandomSerialNumber())
+            .build();
 
-        KeyStore trustStore = KeyStoreBuilder.withType(PKCS12)
-                .withCertificateEntry("self-signed", certificate)
-                .build();
-
-
-        return new SslContextBuilder()
-                .withTrustStore(trustStore)
-                .withKeyStore(keyPair.getPrivate(), certificate)
-                .withTrustManagerFactory(new PeerAuthorizerTrustManagersFactory(createAuthorizedPeers(), Mode.ENFORCE))
-                .build();
-    }
+    static final AuthorizedPeers authorizedPeers = new AuthorizedPeers(
+            singleton(
+                    new PeerPolicy(
+                            "dummy-policy",
+                            singleton(
+                                    new Role("dummy-role")),
+                            singletonList(
+                                    new RequiredPeerCredential(
+                                            Field.CN, new HostGlobPattern("dummy"))))));
 
-    private static AuthorizedPeers createAuthorizedPeers() {
-        return new AuthorizedPeers(
-                singleton(
-                        new PeerPolicy(
-                                "dummy-policy",
-                                singleton(
-                                        new Role("dummy-role")),
-                                singletonList(
-                                        new RequiredPeerCredential(
-                                                Field.CN, new HostGlobPattern("dummy"))))));
+    static TlsContext createTestTlsContext() {
+        return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, Mode.ENFORCE);
     }
 
-    private static class StaticTlsContext implements TlsContext {
-
-        final SSLContext sslContext;
-
-        StaticTlsContext(SSLContext sslContext) {
-            this.sslContext = sslContext;
-        }
-
-        @Override
-        public SSLEngine createSslEngine() {
-            return sslContext.createSSLEngine();
-        }
-
-    }
 }
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-12-03 15:20:47 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-12-05 16:35:35 +0100
commit	d7161a1f6556104119031c8c70db0fb07cb64d27 (patch)
tree	1fc17058dbcc09b3e257f11e839ec139b63b1639 /jrt
parent	caff08abecd3414fbb46bb002c22c36e1dede893 (diff)