aboutsummaryrefslogtreecommitdiffstats
path: root/jrt
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@verizonmedia.com>2020-02-17 13:40:26 +0100
committerBjørn Christian Seime <bjorncs@verizonmedia.com>2020-02-17 16:36:35 +0100
commit03079a1c20a0e0b41bc12dd034091f1e408e1c7c (patch)
treec9ed71323e03630d339625d633ca51996807bfa9 /jrt
parent06df2d189b63b561472ac677389298038486ba70 (diff)
Override hostname verification in PeerAuthorizerTrustManager
Override hostname verification on client-side. Remove overriding of hostname verification for server-side.
Diffstat (limited to 'jrt')
-rw-r--r--jrt/tests/com/yahoo/jrt/CryptoUtils.java13
1 files changed, 8 insertions, 5 deletions
diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
index e7e4eea568d..95ea581cb90 100644
--- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java
+++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
@@ -5,6 +5,7 @@ import com.yahoo.security.KeyUtils;
import com.yahoo.security.X509CertificateBuilder;
import com.yahoo.security.tls.AuthorizationMode;
import com.yahoo.security.tls.DefaultTlsContext;
+import com.yahoo.security.tls.HostnameVerification;
import com.yahoo.security.tls.PeerAuthentication;
import com.yahoo.security.tls.TlsContext;
import com.yahoo.security.tls.policy.AuthorizedPeers;
@@ -35,21 +36,23 @@ class CryptoUtils {
static final KeyPair keyPair = KeyUtils.generateKeypair(EC);
static final X509Certificate certificate = X509CertificateBuilder
- .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_ECDSA, generateRandomSerialNumber())
+ .fromKeypair(keyPair, new X500Principal("CN=localhost"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_ECDSA, generateRandomSerialNumber())
.build();
static final AuthorizedPeers authorizedPeers = new AuthorizedPeers(
singleton(
new PeerPolicy(
- "dummy-policy",
+ "localhost-policy",
singleton(
- new Role("dummy-role")),
+ new Role("localhost-role")),
singletonList(
new RequiredPeerCredential(
- Field.CN, new HostGlobPattern("dummy"))))));
+ Field.CN, new HostGlobPattern("localhost"))))));
static TlsContext createTestTlsContext() {
- return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE, PeerAuthentication.NEED);
+ return new DefaultTlsContext(
+ singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers,
+ AuthorizationMode.ENFORCE, PeerAuthentication.NEED, HostnameVerification.ENABLED);
}
}