Move constants from DefaultTlsContext to TlsContext

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-07-02 13:59:57 +0200
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2019-07-03 15:14:05 +0200
commit: aca94cc460b2fbfaf51712a7b9d492f8dc181bd1 (patch)
tree: b4802d9d36d7f9e226358fabf54573053c42fcab /security-utils
parent: ead6d2f4a592be23e790740a4a1d41bb42eef65b (diff)
4 files changed, 17 insertions, 15 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
index e74ad49b2f5..3c583bb8aaa 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
@@ -23,19 +23,6 @@ import java.util.logging.Logger;
  */
 public class DefaultTlsContext implements TlsContext {
 
-    public static final List<String> ALLOWED_CIPHER_SUITES = Arrays.asList(
-            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
-            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
-            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
-            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
-            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
-            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
-            "TLS_AES_128_GCM_SHA256", // TLSv1.3
-            "TLS_AES_256_GCM_SHA384", // TLSv1.3
-            "TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3
-
-    public static final List<String> ALLOWED_PROTOCOLS = List.of("TLSv1.2"); // TODO Enable TLSv1.3
-
     private static final Logger log = Logger.getLogger(DefaultTlsContext.class.getName());
 
     private final SSLContext sslContext;
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
index b315dd00b31..253331ee9c6 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
@@ -4,6 +4,8 @@ package com.yahoo.security.tls;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLParameters;
+import java.util.Arrays;
+import java.util.List;
 
 /**
  * A simplified version of {@link SSLContext} modelled as an interface.
@@ -12,6 +14,19 @@ import javax.net.ssl.SSLParameters;
  */
 public interface TlsContext extends AutoCloseable {
 
+    List<String> ALLOWED_CIPHER_SUITES = Arrays.asList(
+            "TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
+            "TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
+            "TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256",
+            "TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256",
+            "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256",
+            "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256",
+            "TLS_AES_128_GCM_SHA256", // TLSv1.3
+            "TLS_AES_256_GCM_SHA384", // TLSv1.3
+            "TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3
+
+    List<String> ALLOWED_PROTOCOLS = List.of("TLSv1.2"); // TODO Enable TLSv1.3
+
     SSLContext context();
 
     SSLParameters parameters();
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
index 5969d4d2ace..dd36b10f86f 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
@@ -53,7 +53,7 @@ public class DefaultTlsContextTest {
         assertThat(sslEngine).isNotNull();
         String[] enabledCiphers = sslEngine.getEnabledCipherSuites();
         assertThat(enabledCiphers).isNotEmpty();
-        assertThat(enabledCiphers).isSubsetOf(DefaultTlsContext.ALLOWED_CIPHER_SUITES.toArray(new String[0]));
+        assertThat(enabledCiphers).isSubsetOf(TlsContext.ALLOWED_CIPHER_SUITES.toArray(new String[0]));
 
         String[] enabledProtocols = sslEngine.getEnabledProtocols();
         assertThat(enabledProtocols).contains("TLSv1.2");
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/ReloadingTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/ReloadingTlsContextTest.java
index f991f86fdce..bcdb0793348 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/ReloadingTlsContextTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/ReloadingTlsContextTest.java
@@ -60,7 +60,7 @@ public class ReloadingTlsContextTest {
             assertThat(sslEngine).isNotNull();
             String[] enabledCiphers = sslEngine.getEnabledCipherSuites();
             assertThat(enabledCiphers).isNotEmpty();
-            assertThat(enabledCiphers).isSubsetOf(DefaultTlsContext.ALLOWED_CIPHER_SUITES.toArray(new String[0]));
+            assertThat(enabledCiphers).isSubsetOf(TlsContext.ALLOWED_CIPHER_SUITES.toArray(new String[0]));
 
             String[] enabledProtocols = sslEngine.getEnabledProtocols();
             assertThat(enabledProtocols).contains("TLSv1.2");
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-07-02 13:59:57 +0200
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2019-07-03 15:14:05 +0200
commit	aca94cc460b2fbfaf51712a7b9d492f8dc181bd1 (patch)
tree	b4802d9d36d7f9e226358fabf54573053c42fcab /security-utils
parent	ead6d2f4a592be23e790740a4a1d41bb42eef65b (diff)