diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-03-10 15:20:55 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2021-03-10 15:26:07 +0100 |
commit | 280e41eb4261426ecc8b087b3d2fc1021871ba14 (patch) | |
tree | 2ce2b7d8770f4580d5babba5619e74aa3296d25d /security-utils | |
parent | 02f7b17a645b79e91c11a6a92ee4f7d0442f3538 (diff) |
Remove com.yahoo.vespa.jdk8compat
These types are often accidentally imported, and the JDK8 replacement is typically a one-liner.
Diffstat (limited to 'security-utils')
15 files changed, 31 insertions, 104 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java b/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java index d4e74e22e40..4d6b160db18 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java @@ -12,6 +12,8 @@ import javax.net.ssl.X509ExtendedKeyManager; import java.io.IOException; import java.io.UncheckedIOException; import java.net.Socket; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; import java.nio.file.Path; import java.security.KeyStore; import java.security.Principal; @@ -72,8 +74,8 @@ public class AutoReloadingX509KeyManager extends X509ExtendedKeyManager implemen return KeyStoreBuilder.withType(KeyStoreType.PKCS12) .withKeyEntry( CERTIFICATE_ALIAS, - KeyUtils.fromPemEncodedPrivateKey(com.yahoo.vespa.jdk8compat.Files.readString(privateKey)), - X509CertificateUtils.certificateListFromPem(com.yahoo.vespa.jdk8compat.Files.readString(certificateChain))) + KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKey), StandardCharsets.UTF_8)), + X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(certificateChain), StandardCharsets.UTF_8))) .build(); } catch (IOException e) { throw new UncheckedIOException(e); diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java index acc70d50d6a..bc1f1dcc6f6 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java @@ -14,9 +14,12 @@ import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import java.io.IOException; import java.io.UncheckedIOException; +import java.nio.charset.StandardCharsets; +import java.nio.file.Files; import java.nio.file.Path; import java.security.KeyStore; import java.time.Duration; +import java.util.Collections; import java.util.HashSet; import java.util.List; import java.util.Set; @@ -82,7 +85,7 @@ public class ConfigFileBasedTlsContext implements TlsContext { private static KeyStore loadTruststore(Path caCertificateFile) { try { return KeyStoreBuilder.withType(KeyStoreType.PKCS12) - .withCertificateEntries("cert", X509CertificateUtils.certificateListFromPem(com.yahoo.vespa.jdk8compat.Files.readString(caCertificateFile))) + .withCertificateEntries("cert", X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(caCertificateFile), StandardCharsets.UTF_8))) .build(); } catch (IOException e) { throw new UncheckedIOException(e); @@ -94,8 +97,8 @@ public class ConfigFileBasedTlsContext implements TlsContext { return KeyStoreBuilder.withType(KeyStoreType.PKCS12) .withKeyEntry( "default", - KeyUtils.fromPemEncodedPrivateKey(com.yahoo.vespa.jdk8compat.Files.readString(privateKeyFile)), - X509CertificateUtils.certificateListFromPem(com.yahoo.vespa.jdk8compat.Files.readString(certificatesFile))) + KeyUtils.fromPemEncodedPrivateKey(new String(Files.readAllBytes(privateKeyFile), StandardCharsets.UTF_8)), + X509CertificateUtils.certificateListFromPem(new String(Files.readAllBytes(certificatesFile), StandardCharsets.UTF_8))) .build(); } catch (IOException e) { throw new UncheckedIOException(e); @@ -111,7 +114,7 @@ public class ConfigFileBasedTlsContext implements TlsContext { HostnameVerification hostnameVerification = options.isHostnameValidationDisabled() ? HostnameVerification.DISABLED : HostnameVerification.ENABLED; PeerAuthorizerTrustManager authorizerTrustManager = options.getAuthorizedPeers() .map(authorizedPeers -> new PeerAuthorizerTrustManager(authorizedPeers, mode, hostnameVerification, mutableTrustManager)) - .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, hostnameVerification, mutableTrustManager)); + .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(Collections.emptySet()), AuthorizationMode.DISABLE, hostnameVerification, mutableTrustManager)); SSLContext sslContext = new SslContextBuilder() .withKeyManager(mutableKeyManager) .withTrustManager(authorizerTrustManager) diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java index 250596628ee..56f2ecb8efc 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java @@ -11,6 +11,7 @@ import javax.net.ssl.SSLParameters; import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.util.Arrays; +import java.util.Collections; import java.util.List; import java.util.Set; import java.util.logging.Level; @@ -61,7 +62,7 @@ public class DefaultTlsContext implements TlsContext { String.format("None of the accepted ciphers are supported (supported=%s, accepted=%s)", supportedCiphers, acceptedCiphers)); } - log.log(Level.FINE, () -> String.format("Allowed cipher suites that are supported: %s", com.yahoo.vespa.jdk8compat.List.of(allowedCiphers))); + log.log(Level.FINE, () -> String.format("Allowed cipher suites that are supported: %s", Arrays.asList(allowedCiphers))); return allowedCiphers; } @@ -139,7 +140,7 @@ public class DefaultTlsContext implements TlsContext { builder.withTrustManagerFactory(truststore -> new PeerAuthorizerTrustManager(authorizedPeers, mode, hostnameVerification, truststore)); } else { builder.withTrustManagerFactory(truststore -> new PeerAuthorizerTrustManager( - new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, hostnameVerification, truststore)); + new AuthorizedPeers(Collections.emptySet()), AuthorizationMode.DISABLE, hostnameVerification, truststore)); } return builder.build(); } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java index c60f13f9729..a3b438fcc65 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java @@ -30,7 +30,7 @@ public class KeyManagerUtils { .filter(manager -> manager instanceof X509ExtendedKeyManager) .map(X509ExtendedKeyManager.class::cast) .findFirst() - .orElseThrow(() -> new RuntimeException("No X509ExtendedKeyManager in " + com.yahoo.vespa.jdk8compat.List.of(keyManagers))); + .orElseThrow(() -> new RuntimeException("No X509ExtendedKeyManager in " + Arrays.asList(keyManagers))); } catch (GeneralSecurityException e) { throw new RuntimeException(e); } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java index eef05d4f4f2..1f78dc9d481 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java @@ -5,6 +5,8 @@ import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLParameters; import java.util.Arrays; +import java.util.Collections; +import java.util.HashSet; import java.util.Set; import static java.util.stream.Collectors.toSet; @@ -23,7 +25,7 @@ public interface TlsContext extends AutoCloseable { * For TLSv1.3 we allow the DEFAULT group ciphers. * Note that we _only_ allow AEAD ciphers for either TLS version. */ - Set<String> ALLOWED_CIPHER_SUITES = com.yahoo.vespa.jdk8compat.Set.of( + Set<String> ALLOWED_CIPHER_SUITES = Collections.unmodifiableSet(new HashSet<>(Arrays.asList( "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384", "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", // Java 12 @@ -32,10 +34,10 @@ public interface TlsContext extends AutoCloseable { "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256", "TLS_AES_128_GCM_SHA256", // TLSv1.3 "TLS_AES_256_GCM_SHA384", // TLSv1.3 - "TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3, Java 12 + "TLS_CHACHA20_POLY1305_SHA256"))); // TLSv1.3, Java 12 // TODO Enable TLSv1.3 after upgrading to JDK 17 - Set<String> ALLOWED_PROTOCOLS = com.yahoo.vespa.jdk8compat.Set.of("TLSv1.2"); + Set<String> ALLOWED_PROTOCOLS = Collections.singleton("TLSv1.2"); String SSL_CONTEXT_VERSION = "TLS"; // Use SSLContext implementations that supports all TLS versions /** diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java index 17f56011261..cb8c6e53555 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java @@ -29,7 +29,7 @@ public class TrustManagerUtils { .filter(manager -> manager instanceof X509ExtendedTrustManager) .map(X509ExtendedTrustManager.class::cast) .findFirst() - .orElseThrow(() -> new RuntimeException("No X509ExtendedTrustManager in " + com.yahoo.vespa.jdk8compat.List.of(trustManagers))); + .orElseThrow(() -> new RuntimeException("No X509ExtendedTrustManager in " + Arrays.asList(trustManagers))); } catch (GeneralSecurityException e) { throw new RuntimeException(e); } diff --git a/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/Collection.java b/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/Collection.java deleted file mode 100644 index fbfea01b2c7..00000000000 --- a/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/Collection.java +++ /dev/null @@ -1,16 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.jdk8compat; - -import java.util.function.IntFunction; - -/** - * Backport of new {@link java.util.Collection} methods added after JDK8 - * - * @author bjorncs - */ -public interface Collection { - static <T> T[] toArray(java.util.Collection<T> collection, IntFunction<T[]> generator) { - return collection.toArray(generator.apply(collection.size())); - } - -} diff --git a/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/Files.java b/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/Files.java deleted file mode 100644 index cc3bd698cd5..00000000000 --- a/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/Files.java +++ /dev/null @@ -1,24 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.jdk8compat; - -import java.io.IOException; -import java.nio.charset.StandardCharsets; -import java.nio.file.OpenOption; -import java.nio.file.Path; - -/** - * Backport of new {@link java.nio.file.Files} methods added after JDK8 - * - * @author bjorncs - */ -public interface Files { - - static String readString(Path path) throws IOException { - byte[] bytes = java.nio.file.Files.readAllBytes(path); - return new String(bytes, StandardCharsets.UTF_8); - } - - static Path writeString(Path path, CharSequence string, OpenOption... options) throws IOException { - return java.nio.file.Files.write(path, string.toString().getBytes(), options); - } -} diff --git a/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/List.java b/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/List.java deleted file mode 100644 index f57834e93cb..00000000000 --- a/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/List.java +++ /dev/null @@ -1,17 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.jdk8compat; - -import java.util.Arrays; - -/** - * Backport of new {@link java.util.List} methods added after JDK8 - * - * @author bjorncs - */ -public interface List { - @SafeVarargs - @SuppressWarnings("varargs") - static <E> java.util.List<E> of(E... elements) { - return Arrays.asList(elements); - } -} diff --git a/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/Set.java b/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/Set.java deleted file mode 100644 index b2c998bb716..00000000000 --- a/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/Set.java +++ /dev/null @@ -1,18 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.vespa.jdk8compat; - -import java.util.Arrays; -import java.util.HashSet; - -/** - * Backport of new {@link java.util.Set} methods added after JDK8 - * - * @author bjorncs - */ -public interface Set { - @SafeVarargs - @SuppressWarnings("varargs") - static <E> java.util.Set<E> of(E... elements) { - return new HashSet<>(Arrays.asList(elements)); - } -} diff --git a/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/package-info.java b/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/package-info.java deleted file mode 100644 index 40d74321438..00000000000 --- a/security-utils/src/main/java/com/yahoo/vespa/jdk8compat/package-info.java +++ /dev/null @@ -1,8 +0,0 @@ -// Copyright 2019 Oath Inc. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -/** - * JDK8 port of types and methods added in later JDK versions. - * TODO Remove this package once vespa-http-client/security-utils no longer targets JDK8 - * - * @author bjorncs - */ -package com.yahoo.vespa.jdk8compat;
\ No newline at end of file diff --git a/security-utils/src/test/java/com/yahoo/security/tls/AutoReloadingX509KeyManagerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/AutoReloadingX509KeyManagerTest.java index 22710e7f393..024149a7282 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/AutoReloadingX509KeyManagerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/AutoReloadingX509KeyManagerTest.java @@ -15,6 +15,7 @@ import org.mockito.Mockito; import javax.security.auth.x500.X500Principal; import java.io.IOException; import java.math.BigInteger; +import java.nio.file.Files; import java.nio.file.Path; import java.security.KeyPair; import java.security.Principal; @@ -41,12 +42,12 @@ public class AutoReloadingX509KeyManagerTest { public void crypto_material_is_reloaded_when_scheduler_task_is_executed() throws IOException { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); Path privateKeyFile = tempDirectory.newFile().toPath(); - com.yahoo.vespa.jdk8compat.Files.writeString(privateKeyFile, KeyUtils.toPem(keyPair.getPrivate())); + Files.write(privateKeyFile, KeyUtils.toPem(keyPair.getPrivate()).getBytes()); Path certificateFile = tempDirectory.newFile().toPath(); BigInteger serialNumberInitialCertificate = BigInteger.ONE; X509Certificate initialCertificate = generateCertificate(keyPair, serialNumberInitialCertificate); - com.yahoo.vespa.jdk8compat.Files.writeString(certificateFile, X509CertificateUtils.toPem(initialCertificate)); + Files.write(certificateFile, X509CertificateUtils.toPem(initialCertificate).getBytes()); ScheduledExecutorService scheduler = Mockito.mock(ScheduledExecutorService.class); ArgumentCaptor<Runnable> updaterTaskCaptor = ArgumentCaptor.forClass(Runnable.class); @@ -61,7 +62,7 @@ public class AutoReloadingX509KeyManagerTest { BigInteger serialNumberUpdatedCertificate = BigInteger.TEN; X509Certificate updatedCertificate = generateCertificate(keyPair, serialNumberUpdatedCertificate); - com.yahoo.vespa.jdk8compat.Files.writeString(certificateFile, X509CertificateUtils.toPem(updatedCertificate)); + Files.write(certificateFile, X509CertificateUtils.toPem(updatedCertificate).getBytes()); updaterTaskCaptor.getValue().run(); // run update task in ReloadingX509KeyManager diff --git a/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java index 54a1e3847f9..f1c8acbaf3b 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java @@ -35,17 +35,17 @@ public class ConfigFileBasedTlsContextTest { public void can_create_sslcontext_from_credentials() throws IOException, InterruptedException { KeyPair keyPair = KeyUtils.generateKeypair(EC); Path privateKeyFile = tempDirectory.newFile().toPath(); - com.yahoo.vespa.jdk8compat.Files.writeString(privateKeyFile, KeyUtils.toPem(keyPair.getPrivate())); + Files.write(privateKeyFile, KeyUtils.toPem(keyPair.getPrivate()).getBytes()); X509Certificate certificate = X509CertificateBuilder .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, EPOCH.plus(1, DAYS), SHA256_WITH_ECDSA, BigInteger.ONE) .build(); Path certificateChainFile = tempDirectory.newFile().toPath(); String certificatePem = X509CertificateUtils.toPem(certificate); - com.yahoo.vespa.jdk8compat.Files.writeString(certificateChainFile, certificatePem); + Files.write(certificateChainFile, certificatePem.getBytes()); Path caCertificatesFile = tempDirectory.newFile().toPath(); - com.yahoo.vespa.jdk8compat.Files.writeString(caCertificatesFile, certificatePem); + Files.write(caCertificatesFile, certificatePem.getBytes()); TransportSecurityOptions options = new TransportSecurityOptions.Builder() .withCertificates(certificateChainFile, privateKeyFile) diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java index 8fd2ca065c7..43389ade275 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java @@ -8,6 +8,7 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; +import java.util.Arrays; import java.util.Collections; import static org.junit.Assert.assertEquals; @@ -21,7 +22,7 @@ public class TransportSecurityOptionsTest { private static final TransportSecurityOptions OPTIONS = new TransportSecurityOptions.Builder() .withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key")) .withCaCertificates(Paths.get("my_cas.pem")) - .withAcceptedCiphers(com.yahoo.vespa.jdk8compat.List.of("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" , "TLS_AES_256_GCM_SHA384")) + .withAcceptedCiphers(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384")) .withAcceptedProtocols(Collections.singletonList("TLSv1.2")) .withHostnameValidationDisabled(true) .build(); diff --git a/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java index e14b3d99212..35fd25b6a62 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java @@ -68,7 +68,7 @@ public class TransportSecurityOptionsJsonSerializerTest { TransportSecurityOptions options = new TransportSecurityOptions.Builder() .withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key")) .withCaCertificates(Paths.get("my_cas.pem")) - .withAcceptedCiphers(com.yahoo.vespa.jdk8compat.List.of("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" , "TLS_AES_256_GCM_SHA384")) + .withAcceptedCiphers(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" , "TLS_AES_256_GCM_SHA384")) .withAcceptedProtocols(Collections.singletonList("TLSv1.2")) .withHostnameValidationDisabled(true) .build(); |