Override hostname verification in PeerAuthorizerTrustManager

Override hostname verification on client-side. Remove overriding of hostname verification for server-side.
author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-02-17 13:40:26 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-02-17 16:36:35 +0100
commit: 03079a1c20a0e0b41bc12dd034091f1e408e1c7c (patch)
tree: c9ed71323e03630d339625d633ca51996807bfa9 /jrt
parent: 06df2d189b63b561472ac677389298038486ba70 (diff)
1 files changed, 8 insertions, 5 deletions
diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
index e7e4eea568d..95ea581cb90 100644
--- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java
+++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
@@ -5,6 +5,7 @@ import com.yahoo.security.KeyUtils;
 import com.yahoo.security.X509CertificateBuilder;
 import com.yahoo.security.tls.AuthorizationMode;
 import com.yahoo.security.tls.DefaultTlsContext;
+import com.yahoo.security.tls.HostnameVerification;
 import com.yahoo.security.tls.PeerAuthentication;
 import com.yahoo.security.tls.TlsContext;
 import com.yahoo.security.tls.policy.AuthorizedPeers;
@@ -35,21 +36,23 @@ class CryptoUtils {
     static final KeyPair keyPair = KeyUtils.generateKeypair(EC);
 
     static final X509Certificate certificate = X509CertificateBuilder
-            .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_ECDSA, generateRandomSerialNumber())
+            .fromKeypair(keyPair, new X500Principal("CN=localhost"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_ECDSA, generateRandomSerialNumber())
             .build();
 
     static final AuthorizedPeers authorizedPeers = new AuthorizedPeers(
             singleton(
                     new PeerPolicy(
-                            "dummy-policy",
+                            "localhost-policy",
                             singleton(
-                                    new Role("dummy-role")),
+                                    new Role("localhost-role")),
                             singletonList(
                                     new RequiredPeerCredential(
-                                            Field.CN, new HostGlobPattern("dummy"))))));
+                                            Field.CN, new HostGlobPattern("localhost"))))));
 
     static TlsContext createTestTlsContext() {
-        return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE, PeerAuthentication.NEED);
+        return new DefaultTlsContext(
+                singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers,
+                AuthorizationMode.ENFORCE, PeerAuthentication.NEED, HostnameVerification.ENABLED);
     }
 
 }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-02-17 13:40:26 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-02-17 16:36:35 +0100
commit	03079a1c20a0e0b41bc12dd034091f1e408e1c7c (patch)
tree	c9ed71323e03630d339625d633ca51996807bfa9 /jrt
parent	06df2d189b63b561472ac677389298038486ba70 (diff)