diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-12-03 15:19:56 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-12-05 16:35:35 +0100 |
commit | caff08abecd3414fbb46bb002c22c36e1dede893 (patch) | |
tree | 08c9a8c08434294bc413f418f76c0df796fbc6ed /security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java | |
parent | eef87496cbdd79a32367c07311eb7867c9ae2e89 (diff) |
Split ConfigFileManagedTlsContext into ReloadingTlsContext and DefaultTlsContext
Diffstat (limited to 'security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java')
-rw-r--r-- | security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java | 59 |
1 files changed, 59 insertions, 0 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java new file mode 100644 index 00000000000..4809bad80c5 --- /dev/null +++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java @@ -0,0 +1,59 @@ +// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.security.tls; + +import com.yahoo.security.KeyUtils; +import com.yahoo.security.X509CertificateBuilder; +import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager.Mode; +import com.yahoo.security.tls.policy.AuthorizedPeers; +import com.yahoo.security.tls.policy.HostGlobPattern; +import com.yahoo.security.tls.policy.PeerPolicy; +import com.yahoo.security.tls.policy.RequiredPeerCredential; +import com.yahoo.security.tls.policy.Role; +import org.junit.Test; + +import javax.net.ssl.SSLEngine; +import javax.security.auth.x500.X500Principal; +import java.security.KeyPair; +import java.security.cert.X509Certificate; +import java.time.Instant; + +import static com.yahoo.security.KeyAlgorithm.RSA; +import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_RSA; +import static com.yahoo.security.X509CertificateBuilder.generateRandomSerialNumber; +import static java.time.Instant.EPOCH; +import static java.time.temporal.ChronoUnit.DAYS; +import static java.util.Collections.singleton; +import static java.util.Collections.singletonList; +import static org.assertj.core.api.Assertions.assertThat; + +/** + * @author bjorncs + */ +public class DefaultTlsContextTest { + + @Test + public void can_create_sslcontext_from_credentials() { + KeyPair keyPair = KeyUtils.generateKeypair(RSA); + + X509Certificate certificate = X509CertificateBuilder + .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_RSA, generateRandomSerialNumber()) + .build(); + + AuthorizedPeers authorizedPeers = new AuthorizedPeers( + singleton( + new PeerPolicy( + "dummy-policy", + singleton(new Role("dummy-role")), + singletonList(new RequiredPeerCredential(RequiredPeerCredential.Field.CN, new HostGlobPattern("dummy")))))); + + DefaultTlsContext tlsContext = + new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, Mode.ENFORCE); + + SSLEngine sslEngine = tlsContext.createSslEngine(); + assertThat(sslEngine).isNotNull(); + String[] enabledCiphers = sslEngine.getEnabledCipherSuites(); + assertThat(enabledCiphers).isNotEmpty(); + assertThat(enabledCiphers).isSubsetOf(DefaultTlsContext.ALLOWED_CIPHER_SUITS.toArray(new String[0])); + } + +}
\ No newline at end of file |