diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-19 14:45:41 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-20 13:56:33 +0200 |
commit | 91b46555d137dcdf73a534ba5fa10e07510eb0f9 (patch) | |
tree | b5d84e0d32f784512ec5fd70c889639828ad8e58 /security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java | |
parent | ff025feea342cabb764b8e9cc1bba34cafe09409 (diff) |
Merge Java package 'c.y.s.tls.{auth,json,policy}' into 'c.y.s.tls'
Facilitate improved encapsulation of Vespa mTLS related classes
Diffstat (limited to 'security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java')
-rw-r--r-- | security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java | 99 |
1 files changed, 99 insertions, 0 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java new file mode 100644 index 00000000000..476ab689903 --- /dev/null +++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java @@ -0,0 +1,99 @@ +// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +package com.yahoo.security.tls; + +import org.junit.Rule; +import org.junit.Test; +import org.junit.rules.TemporaryFolder; + +import java.io.ByteArrayInputStream; +import java.io.ByteArrayOutputStream; +import java.io.File; +import java.io.IOException; +import java.io.OutputStream; +import java.nio.file.Files; +import java.nio.file.Path; +import java.nio.file.Paths; +import java.util.Arrays; +import java.util.Collections; +import java.util.LinkedHashSet; +import java.util.Optional; + +import static com.yahoo.security.tls.RequiredPeerCredential.Field.CN; +import static com.yahoo.security.tls.RequiredPeerCredential.Field.SAN_DNS; +import static com.yahoo.security.tls.RequiredPeerCredential.Field.SAN_URI; +import static com.yahoo.test.json.JsonTestHelper.assertJsonEquals; +import static org.junit.Assert.assertEquals; + +/** + * @author bjorncs + */ +public class TransportSecurityOptionsJsonSerializerTest { + + @Rule public TemporaryFolder tempDirectory = new TemporaryFolder(); + + private static final Path TEST_CONFIG_FILE = Paths.get("src/test/resources/transport-security-options.json"); + + @Test + public void can_serialize_and_deserialize_transport_security_options() throws IOException { + TransportSecurityOptions options = new TransportSecurityOptions.Builder() + .withCaCertificates(Paths.get("/path/to/ca-certs.pem")) + .withCertificates(Paths.get("/path/to/cert.pem"), Paths.get("/path/to/key.pem")) + .withHostnameValidationDisabled(false) + .withAuthorizedPeers( + new AuthorizedPeers( + new LinkedHashSet<>(Arrays.asList( + new PeerPolicy("cfgserver", "cfgserver policy description", Arrays.asList( + RequiredPeerCredential.of(CN, "mycfgserver"), + RequiredPeerCredential.of(SAN_DNS, "*.suffix.com"), + RequiredPeerCredential.of(SAN_URI, "myscheme://resource/path/"))), + new PeerPolicy("node", Optional.empty(), + CapabilitySet.from(Capability.SLOBROK__API), + Collections.singletonList(RequiredPeerCredential.of(CN, "hostname"))))))) + .build(); + + ByteArrayOutputStream out = new ByteArrayOutputStream(); + TransportSecurityOptionsJsonSerializer serializer = new TransportSecurityOptionsJsonSerializer(); + serializer.serialize(out, options); + TransportSecurityOptions deserializedOptions = serializer.deserialize(new ByteArrayInputStream(out.toByteArray())); + assertEquals(options, deserializedOptions); + Path expectedJsonFile = Paths.get("src/test/resources/transport-security-options-with-authz-rules.json"); + assertJsonEquals(new String(Files.readAllBytes(expectedJsonFile)), out.toString()); + } + + @Test + public void can_serialize_options_without_authorized_peers() throws IOException { + TransportSecurityOptions options = new TransportSecurityOptions.Builder() + .withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key")) + .withCaCertificates(Paths.get("my_cas.pem")) + .withAcceptedCiphers(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" , "TLS_AES_256_GCM_SHA384")) + .withAcceptedProtocols(Collections.singletonList("TLSv1.2")) + .withHostnameValidationDisabled(true) + .build(); + File outputFile = tempDirectory.newFile(); + try (OutputStream out = Files.newOutputStream(outputFile.toPath())) { + new TransportSecurityOptionsJsonSerializer().serialize(out, options); + } + String expectedOutput = new String(Files.readAllBytes(TEST_CONFIG_FILE)); + String actualOutput = new String(Files.readAllBytes(outputFile.toPath())); + assertJsonEquals(expectedOutput, actualOutput); + } + + @Test + public void disable_hostname_validation_is_not_serialized_if_false() throws IOException { + TransportSecurityOptions options = new TransportSecurityOptions.Builder() + .withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key")) + .withCaCertificates(Paths.get("my_cas.pem")) + .withHostnameValidationDisabled(false) + .build(); + File outputFile = tempDirectory.newFile(); + try (OutputStream out = Files.newOutputStream(outputFile.toPath())) { + new TransportSecurityOptionsJsonSerializer().serialize(out, options); + } + + String expectedOutput = new String(Files.readAllBytes( + Paths.get("src/test/resources/transport-security-options-with-disable-hostname-validation-set-to-false.json"))); + String actualOutput = new String(Files.readAllBytes(outputFile.toPath())); + assertJsonEquals(expectedOutput, actualOutput); + } + +} |