Remove com.yahoo.vespa.jdk8compat

These types are often accidentally imported, and the JDK8 replacement is typically a one-liner.
author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2021-03-10 15:20:55 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2021-03-10 15:26:07 +0100
commit: 280e41eb4261426ecc8b087b3d2fc1021871ba14 (patch)
tree: 2ce2b7d8770f4580d5babba5619e74aa3296d25d /security-utils/src/main/java/com/yahoo/security
parent: 02f7b17a645b79e91c11a6a92ee4f7d0442f3538 (diff)
6 files changed, 21 insertions, 13 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java b/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java
index d4e74e22e40..4d6b160db18 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java
@@ -12,6 +12,8 @@ import javax.net.ssl.X509ExtendedKeyManager;
 import java.io.IOException;
 import java.io.UncheckedIOException;
 import java.net.Socket;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyStore;
 import java.security.Principal;
@@ -72,8 +74,8 @@ public class AutoReloadingX509KeyManager extends X509ExtendedKeyManager implemen
             return KeyStoreBuilder.withType(KeyStoreType.PKCS12)
                     .withKeyEntry(
                             CERTIFICATE_ALIAS,
-                            KeyUtils.fromPemEncodedPrivateKey(com.yahoo.vespa.jdk8compat.Files.readString(privateKey)),
-                            X509CertificateUtils.certificateListFromPem(com.yahoo.vespa.jdk8compat.Files.readString(certificateChain)))
+                            KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKey), StandardCharsets.UTF_8)),
+                            X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(certificateChain), StandardCharsets.UTF_8)))
                     .build();
         } catch (IOException e) {
             throw new UncheckedIOException(e);
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
index acc70d50d6a..bc1f1dcc6f6 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
@@ -14,9 +14,12 @@ import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 import java.io.IOException;
 import java.io.UncheckedIOException;
+import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyStore;
 import java.time.Duration;
+import java.util.Collections;
 import java.util.HashSet;
 import java.util.List;
 import java.util.Set;
@@ -82,7 +85,7 @@ public class ConfigFileBasedTlsContext implements TlsContext {
     private static KeyStore loadTruststore(Path caCertificateFile) {
         try {
             return KeyStoreBuilder.withType(KeyStoreType.PKCS12)
-                    .withCertificateEntries("cert", X509CertificateUtils.certificateListFromPem(com.yahoo.vespa.jdk8compat.Files.readString(caCertificateFile)))
+                    .withCertificateEntries("cert", X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(caCertificateFile), StandardCharsets.UTF_8)))
                     .build();
         } catch (IOException e) {
             throw new UncheckedIOException(e);
@@ -94,8 +97,8 @@ public class ConfigFileBasedTlsContext implements TlsContext {
             return KeyStoreBuilder.withType(KeyStoreType.PKCS12)
                     .withKeyEntry(
                             "default",
-                            KeyUtils.fromPemEncodedPrivateKey(com.yahoo.vespa.jdk8compat.Files.readString(privateKeyFile)),
-                            X509CertificateUtils.certificateListFromPem(com.yahoo.vespa.jdk8compat.Files.readString(certificatesFile)))
+                            KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyFile), StandardCharsets.UTF_8)),
+                            X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(certificatesFile), StandardCharsets.UTF_8)))
                     .build();
         } catch (IOException e) {
             throw new UncheckedIOException(e);
@@ -111,7 +114,7 @@ public class ConfigFileBasedTlsContext implements TlsContext {
         HostnameVerification hostnameVerification = options.isHostnameValidationDisabled() ? HostnameVerification.DISABLED : HostnameVerification.ENABLED;
         PeerAuthorizerTrustManager authorizerTrustManager = options.getAuthorizedPeers()
                 .map(authorizedPeers -> new PeerAuthorizerTrustManager(authorizedPeers, mode, hostnameVerification, mutableTrustManager))
-                .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, hostnameVerification, mutableTrustManager));
+                .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(Collections.emptySet()), AuthorizationMode.DISABLE, hostnameVerification, mutableTrustManager));
         SSLContext sslContext = new SslContextBuilder()
                 .withKeyManager(mutableKeyManager)
                 .withTrustManager(authorizerTrustManager)
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
index 250596628ee..56f2ecb8efc 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
@@ -11,6 +11,7 @@ import javax.net.ssl.SSLParameters;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
+import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 import java.util.logging.Level;
@@ -61,7 +62,7 @@ public class DefaultTlsContext implements TlsContext {
                     String.format("None of the accepted ciphers are supported (supported=%s, accepted=%s)",
                                   supportedCiphers, acceptedCiphers));
         }
-        log.log(Level.FINE, () -> String.format("Allowed cipher suites that are supported: %s", com.yahoo.vespa.jdk8compat.List.of(allowedCiphers)));
+        log.log(Level.FINE, () -> String.format("Allowed cipher suites that are supported: %s", Arrays.asList(allowedCiphers)));
         return allowedCiphers;
     }
 
@@ -139,7 +140,7 @@ public class DefaultTlsContext implements TlsContext {
             builder.withTrustManagerFactory(truststore -> new PeerAuthorizerTrustManager(authorizedPeers, mode, hostnameVerification, truststore));
         } else {
             builder.withTrustManagerFactory(truststore -> new PeerAuthorizerTrustManager(
-                    new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, hostnameVerification, truststore));
+                    new AuthorizedPeers(Collections.emptySet()), AuthorizationMode.DISABLE, hostnameVerification, truststore));
         }
         return builder.build();
     }
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java
index c60f13f9729..a3b438fcc65 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java
@@ -30,7 +30,7 @@ public class KeyManagerUtils {
                     .filter(manager -> manager instanceof X509ExtendedKeyManager)
                     .map(X509ExtendedKeyManager.class::cast)
                     .findFirst()
-                    .orElseThrow(() -> new RuntimeException("No X509ExtendedKeyManager in " + com.yahoo.vespa.jdk8compat.List.of(keyManagers)));
+                    .orElseThrow(() -> new RuntimeException("No X509ExtendedKeyManager in " + Arrays.asList(keyManagers)));
         } catch (GeneralSecurityException e) {
             throw new RuntimeException(e);
         }
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
index eef05d4f4f2..1f78dc9d481 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
@@ -5,6 +5,8 @@ import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
 import java.util.Arrays;
+import java.util.Collections;
+import java.util.HashSet;
 import java.util.Set;
 
 import static java.util.stream.Collectors.toSet;
@@ -23,7 +25,7 @@ public interface TlsContext extends AutoCloseable {
      * For TLSv1.3 we allow the DEFAULT group ciphers.
      * Note that we _only_ allow AEAD ciphers for either TLS version.
      */
-    Set<String> ALLOWED_CIPHER_SUITES = com.yahoo.vespa.jdk8compat.Set.of(
+    Set<String> ALLOWED_CIPHER_SUITES = Collections.unmodifiableSet(new HashSet<>(Arrays.asList(
             "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
             "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
             "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", // Java 12
@@ -32,10 +34,10 @@ public interface TlsContext extends AutoCloseable {
             "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
             "TLS_AES_128_GCM_SHA256", // TLSv1.3
             "TLS_AES_256_GCM_SHA384", // TLSv1.3
-            "TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3, Java 12
+            "TLS_CHACHA20_POLY1305_SHA256"))); // TLSv1.3, Java 12
 
     // TODO Enable TLSv1.3 after upgrading to JDK 17
-    Set<String> ALLOWED_PROTOCOLS = com.yahoo.vespa.jdk8compat.Set.of("TLSv1.2");
+    Set<String> ALLOWED_PROTOCOLS = Collections.singleton("TLSv1.2");
     String SSL_CONTEXT_VERSION = "TLS"; // Use SSLContext implementations that supports all TLS versions
 
     /**
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java
index 17f56011261..cb8c6e53555 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java
@@ -29,7 +29,7 @@ public class TrustManagerUtils {
                     .filter(manager -> manager instanceof X509ExtendedTrustManager)
                     .map(X509ExtendedTrustManager.class::cast)
                     .findFirst()
-                    .orElseThrow(() -> new RuntimeException("No X509ExtendedTrustManager in " + com.yahoo.vespa.jdk8compat.List.of(trustManagers)));
+                    .orElseThrow(() -> new RuntimeException("No X509ExtendedTrustManager in " + Arrays.asList(trustManagers)));
         } catch (GeneralSecurityException e) {
             throw new RuntimeException(e);
         }
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2021-03-10 15:20:55 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2021-03-10 15:26:07 +0100
commit	280e41eb4261426ecc8b087b3d2fc1021871ba14 (patch)
tree	2ce2b7d8770f4580d5babba5619e74aa3296d25d /security-utils/src/main/java/com/yahoo/security
parent	02f7b17a645b79e91c11a6a92ee4f7d0442f3538 (diff)