diff options
author | HÃ¥kon Hallingstad <hakon@oath.com> | 2019-02-18 19:52:05 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-02-18 19:52:05 +0100 |
commit | c3f34b6b1de9836d6d2175757a3081ffcc29a90c (patch) | |
tree | b8de6a559038b0438a091e32117c51472a27598e /security-utils/src/test/java | |
parent | 10504a888b8e9affd97edd8749f87b90c23d7b9d (diff) | |
parent | a9e317a5dd2370866bc5c519d522a824cf118c8e (diff) |
Merge pull request #8543 from vespa-engine/revert-8511-bjorncs/jdisc-misc-mode-preparations
Revert "Bjorncs/jdisc mixed mode preparations"
Diffstat (limited to 'security-utils/src/test/java')
3 files changed, 0 insertions, 208 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/AutoReloadingX509KeyManagerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/AutoReloadingX509KeyManagerTest.java deleted file mode 100644 index 139d5313074..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/tls/AutoReloadingX509KeyManagerTest.java +++ /dev/null @@ -1,84 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security.tls; - -import com.yahoo.security.KeyAlgorithm; -import com.yahoo.security.KeyUtils; -import com.yahoo.security.SignatureAlgorithm; -import com.yahoo.security.X509CertificateBuilder; -import com.yahoo.security.X509CertificateUtils; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; -import org.mockito.ArgumentCaptor; -import org.mockito.Mockito; - -import javax.security.auth.x500.X500Principal; -import java.io.IOException; -import java.math.BigInteger; -import java.nio.file.Files; -import java.nio.file.Path; -import java.security.KeyPair; -import java.security.Principal; -import java.security.cert.X509Certificate; -import java.time.Instant; -import java.util.concurrent.ScheduledExecutorService; - -import static java.time.temporal.ChronoUnit.DAYS; -import static org.assertj.core.api.Assertions.assertThat; -import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anyLong; -import static org.mockito.Mockito.verify; - -/** - * @author bjorncs - */ -public class AutoReloadingX509KeyManagerTest { - private static final X500Principal SUBJECT = new X500Principal("CN=dummy"); - - @Rule - public TemporaryFolder tempDirectory = new TemporaryFolder(); - - @Test - public void crypto_material_is_reloaded_when_scheduler_task_is_executed() throws IOException { - KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); - Path privateKeyFile = tempDirectory.newFile().toPath(); - Files.writeString(privateKeyFile, KeyUtils.toPem(keyPair.getPrivate())); - - Path certificateFile = tempDirectory.newFile().toPath(); - BigInteger serialNumberInitialCertificate = BigInteger.ONE; - X509Certificate initialCertificate = generateCertificate(keyPair, serialNumberInitialCertificate); - Files.writeString(certificateFile, X509CertificateUtils.toPem(initialCertificate)); - - ScheduledExecutorService scheduler = Mockito.mock(ScheduledExecutorService.class); - ArgumentCaptor<Runnable> updaterTaskCaptor = ArgumentCaptor.forClass(Runnable.class); - - AutoReloadingX509KeyManager keyManager = new AutoReloadingX509KeyManager(privateKeyFile, certificateFile, scheduler); - verify(scheduler).scheduleAtFixedRate(updaterTaskCaptor.capture(), anyLong(), anyLong(), any()); - - String[] initialAliases = keyManager.getClientAliases(keyPair.getPublic().getAlgorithm(), new Principal[]{SUBJECT}); - X509Certificate[] certChain = keyManager.getCertificateChain(initialAliases[0]); - assertThat(certChain).hasSize(1); - assertThat(certChain[0].getSerialNumber()).isEqualTo(serialNumberInitialCertificate); - - BigInteger serialNumberUpdatedCertificate = BigInteger.TWO; - X509Certificate updatedCertificate = generateCertificate(keyPair, serialNumberUpdatedCertificate); - Files.writeString(certificateFile, X509CertificateUtils.toPem(updatedCertificate)); - - updaterTaskCaptor.getValue().run(); // run update task in ReloadingX509KeyManager - - String[] updatedAliases = keyManager.getClientAliases(keyPair.getPublic().getAlgorithm(), new Principal[]{SUBJECT}); - X509Certificate[] updatedCertChain = keyManager.getCertificateChain(updatedAliases[0]); - assertThat(updatedCertChain).hasSize(1); - assertThat(updatedCertChain[0].getSerialNumber()).isEqualTo(serialNumberUpdatedCertificate); - } - - private static X509Certificate generateCertificate(KeyPair keyPair, BigInteger serialNumber) { - return X509CertificateBuilder.fromKeypair(keyPair, - SUBJECT, - Instant.EPOCH, - Instant.EPOCH.plus(1, DAYS), - SignatureAlgorithm.SHA256_WITH_ECDSA, - serialNumber) - .build(); - } -}
\ No newline at end of file diff --git a/security-utils/src/test/java/com/yahoo/security/tls/MutableX509KeyManagerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/MutableX509KeyManagerTest.java deleted file mode 100644 index 30e54d3c09d..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/tls/MutableX509KeyManagerTest.java +++ /dev/null @@ -1,65 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security.tls; - -import com.yahoo.security.KeyAlgorithm; -import com.yahoo.security.KeyStoreBuilder; -import com.yahoo.security.KeyStoreType; -import com.yahoo.security.KeyUtils; -import com.yahoo.security.SignatureAlgorithm; -import com.yahoo.security.X509CertificateBuilder; -import org.junit.Test; - -import javax.security.auth.x500.X500Principal; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.KeyStore; -import java.security.Principal; -import java.security.cert.X509Certificate; -import java.time.Instant; - -import static java.time.temporal.ChronoUnit.DAYS; -import static org.assertj.core.api.Assertions.assertThat; - -/** - * @author bjorncs - */ -public class MutableX509KeyManagerTest { - - private static final X500Principal SUBJECT = new X500Principal("CN=dummy"); - - @Test - public void key_manager_can_be_updated_with_new_certificate() { - KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); - - BigInteger serialNumberInitialCertificate = BigInteger.ONE; - KeyStore initialKeystore = generateKeystore(keyPair, serialNumberInitialCertificate); - - MutableX509KeyManager keyManager = new MutableX509KeyManager(initialKeystore, new char[0]); - - String[] initialAliases = keyManager.getClientAliases(keyPair.getPublic().getAlgorithm(), new Principal[]{SUBJECT}); - assertThat(initialAliases).hasSize(1); - X509Certificate[] certChain = keyManager.getCertificateChain(initialAliases[0]); - assertThat(certChain).hasSize(1); - assertThat(certChain[0].getSerialNumber()).isEqualTo(serialNumberInitialCertificate); - - BigInteger serialNumberUpdatedCertificate = BigInteger.TWO; - KeyStore updatedKeystore = generateKeystore(keyPair, serialNumberUpdatedCertificate); - keyManager.updateKeystore(updatedKeystore, new char[0]); - - String[] updatedAliases = keyManager.getClientAliases(keyPair.getPublic().getAlgorithm(), new Principal[]{SUBJECT}); - assertThat(updatedAliases).hasSize(1); - X509Certificate[] updatedCertChain = keyManager.getCertificateChain(updatedAliases[0]); - assertThat(updatedCertChain).hasSize(1); - assertThat(updatedCertChain[0].getSerialNumber()).isEqualTo(serialNumberUpdatedCertificate); - } - - private static KeyStore generateKeystore(KeyPair keyPair, BigInteger serialNumber) { - X509Certificate certificate = X509CertificateBuilder.fromKeypair( - keyPair, SUBJECT, Instant.EPOCH, Instant.EPOCH.plus(1, DAYS), SignatureAlgorithm.SHA256_WITH_ECDSA, serialNumber) - .build(); - return KeyStoreBuilder.withType(KeyStoreType.PKCS12) - .withKeyEntry("default", keyPair.getPrivate(), certificate) - .build(); - } - -}
\ No newline at end of file diff --git a/security-utils/src/test/java/com/yahoo/security/tls/MutableX509TrustManagerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/MutableX509TrustManagerTest.java deleted file mode 100644 index 4c4ea332818..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/tls/MutableX509TrustManagerTest.java +++ /dev/null @@ -1,59 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security.tls; - -import com.yahoo.security.KeyAlgorithm; -import com.yahoo.security.KeyStoreBuilder; -import com.yahoo.security.KeyStoreType; -import com.yahoo.security.KeyUtils; -import com.yahoo.security.SignatureAlgorithm; -import com.yahoo.security.X509CertificateBuilder; -import org.junit.Test; - -import javax.security.auth.x500.X500Principal; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.KeyStore; -import java.security.cert.X509Certificate; -import java.time.Instant; - -import static java.time.temporal.ChronoUnit.DAYS; -import static org.assertj.core.api.Assertions.assertThat; - -/** - * @author bjorncs - */ -public class MutableX509TrustManagerTest { - - @Test - public void key_manager_can_be_updated_with_new_certificate() { - KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); - - X509Certificate initialCertificate = generateCertificate(new X500Principal("CN=issuer1"), keyPair); - KeyStore initialTruststore = generateTruststore(initialCertificate); - - MutableX509TrustManager trustManager = new MutableX509TrustManager(initialTruststore); - - X509Certificate[] initialAcceptedIssuers = trustManager.getAcceptedIssuers(); - assertThat(initialAcceptedIssuers).containsExactly(initialCertificate); - - X509Certificate updatedCertificate = generateCertificate(new X500Principal("CN=issuer2"), keyPair); - KeyStore updatedTruststore = generateTruststore(updatedCertificate); - trustManager.updateTruststore(updatedTruststore); - - X509Certificate[] updatedAcceptedIssuers = trustManager.getAcceptedIssuers(); - assertThat(updatedAcceptedIssuers).containsExactly(updatedCertificate); - } - - private static X509Certificate generateCertificate(X500Principal issuer, KeyPair keyPair) { - return X509CertificateBuilder.fromKeypair( - keyPair, issuer, Instant.EPOCH, Instant.EPOCH.plus(1, DAYS), SignatureAlgorithm.SHA256_WITH_ECDSA, BigInteger.ONE) - .build(); - } - - private static KeyStore generateTruststore(X509Certificate certificate) { - return KeyStoreBuilder.withType(KeyStoreType.PKCS12) - .withCertificateEntry("default", certificate) - .build(); - } - -}
\ No newline at end of file |