Allow configuration of accepted ciphers

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-01-23 14:22:58 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-01-23 16:33:56 +0100
commit: bf0c364db7d2e31272786c3bc59eea4f26f8ac71 (patch)
tree: eb78c86dcd8720c4a1515fb3641e96c7e2373d75 /security-utils/src/test
parent: a0781f51282f8e0c489013208295947d998ca55c (diff)
4 files changed, 8 insertions, 2 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
index 608ddcd2c1d..659cf06dd6d 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
@@ -15,6 +15,7 @@ import javax.security.auth.x500.X500Principal;
 import java.security.KeyPair;
 import java.security.cert.X509Certificate;
 import java.time.Instant;
+import java.util.List;
 
 import static com.yahoo.security.KeyAlgorithm.RSA;
 import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_RSA;
@@ -46,7 +47,7 @@ public class DefaultTlsContextTest {
                                 singletonList(new RequiredPeerCredential(RequiredPeerCredential.Field.CN, new HostGlobPattern("dummy"))))));
 
         DefaultTlsContext tlsContext =
-                new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE);
+                new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE, List.of());
 
         SSLEngine sslEngine = tlsContext.createSslEngine();
         assertThat(sslEngine).isNotNull();
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java
index aa5509a23b2..9d8f26cdd2c 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java
@@ -8,6 +8,7 @@ import java.nio.charset.StandardCharsets;
 import java.nio.file.Files;
 import java.nio.file.Path;
 import java.nio.file.Paths;
+import java.util.List;
 
 import static org.junit.Assert.*;
 
@@ -20,6 +21,7 @@ public class TransportSecurityOptionsTest {
     private static final TransportSecurityOptions OPTIONS = new TransportSecurityOptions.Builder()
             .withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key"))
             .withCaCertificates(Paths.get("my_cas.pem"))
+            .withAcceptedCiphers(List.of("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" , "TLS_AES_256_GCM_SHA384"))
             .build();
 
     @Test
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java
index 5e611b1eba5..03489a60784 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java
@@ -22,6 +22,7 @@ import java.nio.file.Paths;
 import java.util.Arrays;
 import java.util.Collections;
 import java.util.HashSet;
+import java.util.List;
 
 import static com.yahoo.security.tls.policy.RequiredPeerCredential.Field.CN;
 import static com.yahoo.security.tls.policy.RequiredPeerCredential.Field.SAN_DNS;
@@ -64,6 +65,7 @@ public class TransportSecurityOptionsJsonSerializerTest {
         TransportSecurityOptions options = new TransportSecurityOptions.Builder()
                 .withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key"))
                 .withCaCertificates(Paths.get("my_cas.pem"))
+                .withAcceptedCiphers(List.of("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" , "TLS_AES_256_GCM_SHA384"))
                 .build();
         File outputFile = tempDirectory.newFile();
         try (OutputStream out = Files.newOutputStream(outputFile.toPath())) {
diff --git a/security-utils/src/test/resources/transport-security-options.json b/security-utils/src/test/resources/transport-security-options.json
index 0506c130722..2e55c8fd931 100644
--- a/security-utils/src/test/resources/transport-security-options.json
+++ b/security-utils/src/test/resources/transport-security-options.json
@@ -3,5 +3,6 @@
     "private-key": "myhost.key",
     "ca-certificates": "my_cas.pem",
     "certificates": "certs.pem"
-  }
+    },
+    "accepted-ciphers": ["TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384"]
 }
 \ No newline at end of file
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-01-23 14:22:58 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-01-23 16:33:56 +0100
commit	bf0c364db7d2e31272786c3bc59eea4f26f8ac71 (patch)
tree	eb78c86dcd8720c4a1515fb3641e96c7e2373d75 /security-utils/src/test
parent	a0781f51282f8e0c489013208295947d998ca55c (diff)