diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-11-25 17:52:42 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-11-25 17:52:42 +0100 |
commit | 64e97d099cb33c32a1c890e734f50c66701b17a6 (patch) | |
tree | f92fdbb23d1019fa53e570096c04c2927a20bafb /security-utils | |
parent | 3ca30562411372bb23d3d871a24111e20f79892b (diff) |
Encapsulate pattern implementation in RequiredPeerCredential
Diffstat (limited to 'security-utils')
7 files changed, 33 insertions, 16 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java index 4f6d9264f51..49cae9aa7fb 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializer.java @@ -8,7 +8,6 @@ import com.yahoo.security.tls.json.TransportSecurityOptionsEntity.CredentialFiel import com.yahoo.security.tls.json.TransportSecurityOptionsEntity.Files; import com.yahoo.security.tls.json.TransportSecurityOptionsEntity.RequiredCredential; import com.yahoo.security.tls.policy.AuthorizedPeers; -import com.yahoo.security.tls.policy.HostGlobPattern; import com.yahoo.security.tls.policy.PeerPolicy; import com.yahoo.security.tls.policy.RequiredPeerCredential; import com.yahoo.security.tls.policy.Role; @@ -119,7 +118,7 @@ public class TransportSecurityOptionsJsonSerializer { if (requiredCredential.matchExpression == null) { throw missingFieldException("must-match"); } - return new RequiredPeerCredential(toField(requiredCredential.field), new HostGlobPattern(requiredCredential.matchExpression)); + return RequiredPeerCredential.of(toField(requiredCredential.field), requiredCredential.matchExpression); } private static RequiredPeerCredential.Field toField(CredentialField field) { diff --git a/security-utils/src/main/java/com/yahoo/security/tls/policy/HostGlobPattern.java b/security-utils/src/main/java/com/yahoo/security/tls/policy/HostGlobPattern.java index c7acf5dfbeb..e8798686e05 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/policy/HostGlobPattern.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/policy/HostGlobPattern.java @@ -7,20 +7,22 @@ import java.util.regex.Pattern; /** * @author bjorncs */ -public class HostGlobPattern { +class HostGlobPattern implements RequiredPeerCredential.Pattern { private final String pattern; private final Pattern regexPattern; - public HostGlobPattern(String pattern) { + HostGlobPattern(String pattern) { this.pattern = pattern; this.regexPattern = toRegexPattern(pattern); } + @Override public String asString() { return pattern; } + @Override public boolean matches(String hostString) { return regexPattern.matcher(hostString).matches(); } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/policy/RequiredPeerCredential.java b/security-utils/src/main/java/com/yahoo/security/tls/policy/RequiredPeerCredential.java index 4f028d8b1ab..1eef3a67521 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/policy/RequiredPeerCredential.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/policy/RequiredPeerCredential.java @@ -11,18 +11,32 @@ public class RequiredPeerCredential { public enum Field { CN, SAN_DNS } private final Field field; - private final HostGlobPattern pattern; + private final Pattern pattern; - public RequiredPeerCredential(Field field, HostGlobPattern pattern) { + private RequiredPeerCredential(Field field, Pattern pattern) { this.field = field; this.pattern = pattern; } + public static RequiredPeerCredential of(Field field, String pattern) { + return new RequiredPeerCredential(field, createPattern(field, pattern)); + } + + private static Pattern createPattern(Field field, String pattern) { + switch (field) { + case CN: + case SAN_DNS: + return new HostGlobPattern(pattern); + default: + throw new IllegalArgumentException("Unknown field: " + field); + } + } + public Field field() { return field; } - public HostGlobPattern pattern() { + public Pattern pattern() { return pattern; } @@ -47,4 +61,9 @@ public class RequiredPeerCredential { public int hashCode() { return Objects.hash(field, pattern); } + + public interface Pattern { + String asString(); + boolean matches(String fieldValue); + } } diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java index 00928187f55..59c9cf5c356 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java @@ -4,7 +4,6 @@ package com.yahoo.security.tls; import com.yahoo.security.KeyUtils; import com.yahoo.security.X509CertificateBuilder; import com.yahoo.security.tls.policy.AuthorizedPeers; -import com.yahoo.security.tls.policy.HostGlobPattern; import com.yahoo.security.tls.policy.PeerPolicy; import com.yahoo.security.tls.policy.RequiredPeerCredential; import com.yahoo.security.tls.policy.Role; @@ -43,7 +42,7 @@ public class DefaultTlsContextTest { new PeerPolicy( "dummy-policy", singleton(new Role("dummy-role")), - singletonList(new RequiredPeerCredential(RequiredPeerCredential.Field.CN, new HostGlobPattern("dummy")))))); + singletonList(RequiredPeerCredential.of(RequiredPeerCredential.Field.CN, "dummy"))))); DefaultTlsContext tlsContext = new DefaultTlsContext( diff --git a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java index ffda4fe3c2b..2530bfcfb45 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/authz/PeerAuthorizerTest.java @@ -5,7 +5,6 @@ import com.yahoo.security.KeyAlgorithm; import com.yahoo.security.KeyUtils; import com.yahoo.security.X509CertificateBuilder; import com.yahoo.security.tls.policy.AuthorizedPeers; -import com.yahoo.security.tls.policy.HostGlobPattern; import com.yahoo.security.tls.policy.PeerPolicy; import com.yahoo.security.tls.policy.RequiredPeerCredential; import com.yahoo.security.tls.policy.RequiredPeerCredential.Field; @@ -112,7 +111,7 @@ public class PeerAuthorizerTest { } private static RequiredPeerCredential createRequiredCredential(Field field, String pattern) { - return new RequiredPeerCredential(field, new HostGlobPattern(pattern)); + return RequiredPeerCredential.of(field, pattern); } private static Set<Role> createRoles(String... roleNames) { diff --git a/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java index d996b21442a..22df35cedfb 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/json/TransportSecurityOptionsJsonSerializerTest.java @@ -3,7 +3,6 @@ package com.yahoo.security.tls.json; import com.yahoo.security.tls.TransportSecurityOptions; import com.yahoo.security.tls.policy.AuthorizedPeers; -import com.yahoo.security.tls.policy.HostGlobPattern; import com.yahoo.security.tls.policy.PeerPolicy; import com.yahoo.security.tls.policy.RequiredPeerCredential; import com.yahoo.security.tls.policy.Role; @@ -48,9 +47,9 @@ public class TransportSecurityOptionsJsonSerializerTest { new AuthorizedPeers( new HashSet<>(Arrays.asList( new PeerPolicy("cfgserver", "cfgserver policy description", singleton(new Role("myrole")), Arrays.asList( - new RequiredPeerCredential(CN, new HostGlobPattern("mycfgserver")), - new RequiredPeerCredential(SAN_DNS, new HostGlobPattern("*.suffix.com")))), - new PeerPolicy("node", singleton(new Role("anotherrole")), Collections.singletonList(new RequiredPeerCredential(CN, new HostGlobPattern("hostname")))))))) + RequiredPeerCredential.of(CN, "mycfgserver"), + RequiredPeerCredential.of(SAN_DNS, "*.suffix.com"))), + new PeerPolicy("node", singleton(new Role("anotherrole")), Collections.singletonList(RequiredPeerCredential.of(CN, "hostname"))))))) .build(); ByteArrayOutputStream out = new ByteArrayOutputStream(); diff --git a/security-utils/src/test/java/com/yahoo/security/tls/policy/AuthorizedPeersTest.java b/security-utils/src/test/java/com/yahoo/security/tls/policy/AuthorizedPeersTest.java index ce8249b9c6c..7581d7771a2 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/policy/AuthorizedPeersTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/policy/AuthorizedPeersTest.java @@ -18,7 +18,7 @@ public class AuthorizedPeersTest { @Test(expected = IllegalArgumentException.class) public void throws_exception_on_peer_policies_with_duplicate_names() { - List<RequiredPeerCredential> requiredPeerCredential = singletonList(new RequiredPeerCredential(CN, new HostGlobPattern("mycfgserver"))); + List<RequiredPeerCredential> requiredPeerCredential = singletonList(RequiredPeerCredential.of(CN, "mycfgserver")); PeerPolicy peerPolicy1 = new PeerPolicy("duplicate-name", singleton(new Role("role")), requiredPeerCredential); PeerPolicy peerPolicy2 = new PeerPolicy("duplicate-name", singleton(new Role("anotherrole")), requiredPeerCredential); new AuthorizedPeers(new HashSet<>(asList(peerPolicy1, peerPolicy2))); |