diff options
| author | Harald Musum <musum@oath.com> | 2018-11-07 11:18:53 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-11-07 11:18:53 +0100 |
| commit | 07430fcda1778d68eaaf6ef343cfde404f0c68d6 (patch) | |
| tree | d1f64927942a44a26be5c75efd0faa33f701a7db /security-utils | |
| parent | 95ffa3196cc6719a6295ad3ba7cee366499864f1 (diff) | |
Revert "Bjorncs/accepted ciphers"
Diffstat (limited to 'security-utils')
3 files changed, 12 insertions, 51 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java index bc124b4fe2d..67466179634 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityOptions.java @@ -8,9 +8,6 @@ import java.io.IOException; import java.io.UncheckedIOException; import java.nio.file.Path; import java.nio.file.Paths; -import java.util.ArrayList; -import java.util.Collections; -import java.util.List; import java.util.Objects; import java.util.Optional; @@ -19,7 +16,6 @@ import java.util.Optional; * * @author bjorncs */ -// TODO Add builder public class TransportSecurityOptions { private static final ObjectMapper mapper = new ObjectMapper(); @@ -27,25 +23,15 @@ public class TransportSecurityOptions { private final Path privateKeyFile; private final Path certificatesFile; private final Path caCertificatesFile; - private final List<String> acceptedCiphers; public TransportSecurityOptions(String privateKeyFile, String certificatesFile, String caCertificatesFile) { this(Paths.get(privateKeyFile), Paths.get(certificatesFile), Paths.get(caCertificatesFile)); } public TransportSecurityOptions(Path privateKeyFile, Path certificatesFile, Path caCertificatesFile) { - this(privateKeyFile, certificatesFile, caCertificatesFile, Collections.emptyList()); - } - - public TransportSecurityOptions(String privateKeyFile, String certificatesFile, String caCertificatesFile, List<String> acceptedCiphers) { - this(Paths.get(privateKeyFile), Paths.get(certificatesFile), Paths.get(caCertificatesFile), acceptedCiphers); - } - - public TransportSecurityOptions(Path privateKeyFile, Path certificatesFile, Path caCertificatesFile, List<String> acceptedCiphers) { this.privateKeyFile = privateKeyFile; this.certificatesFile = certificatesFile; this.caCertificatesFile = caCertificatesFile; - this.acceptedCiphers = acceptedCiphers; } public Path getPrivateKeyFile() { @@ -60,10 +46,6 @@ public class TransportSecurityOptions { return caCertificatesFile; } - public List<String> getAcceptedCiphers() { - return acceptedCiphers; - } - public static TransportSecurityOptions fromJsonFile(Path file) { try { return fromJsonNode(mapper.readTree(file.toFile())); @@ -81,30 +63,15 @@ public class TransportSecurityOptions { } private static TransportSecurityOptions fromJsonNode(JsonNode root) { - JsonNode filesNode = getFieldOrThrow(root, "files"); - List<String> acceptedCiphers = getField(root, "accepted-ciphers") - .map(TransportSecurityOptions::toCipherList) - .orElse(Collections.emptyList()); - String privateKeyFile = getFieldOrThrow(filesNode, "private-key").asText(); - String certificatesFile = getFieldOrThrow(filesNode, "certificates").asText(); - String caCertificatesFile = getFieldOrThrow(filesNode, "ca-certificates").asText(); - return new TransportSecurityOptions(privateKeyFile, certificatesFile, caCertificatesFile, acceptedCiphers); - } - - private static List<String> toCipherList(JsonNode ciphersNode) { - List<String> ciphers = new ArrayList<>(); - for (JsonNode cipherNode : ciphersNode) { - ciphers.add(cipherNode.asText()); - } - return ciphers; - } - - private static Optional<JsonNode> getField(JsonNode root, String fieldName) { - return Optional.ofNullable(root.get(fieldName)); + JsonNode filesNode = getField(root, "files"); + String privateKeyFile = getField(filesNode, "private-key").asText(); + String certificatesFile = getField(filesNode, "certificates").asText(); + String caCertificatesFile = getField(filesNode, "ca-certificates").asText(); + return new TransportSecurityOptions(privateKeyFile, certificatesFile, caCertificatesFile); } - private static JsonNode getFieldOrThrow(JsonNode root, String fieldName) { - return getField(root, fieldName) + private static JsonNode getField(JsonNode root, String fieldName) { + return Optional.ofNullable(root.get(fieldName)) .orElseThrow(() -> new IllegalArgumentException(String.format("'%s' field missing", fieldName))); } @@ -114,7 +81,6 @@ public class TransportSecurityOptions { "privateKeyFile=" + privateKeyFile + ", certificatesFile=" + certificatesFile + ", caCertificatesFile=" + caCertificatesFile + - ", acceptedCiphers=" + acceptedCiphers + '}'; } @@ -125,12 +91,11 @@ public class TransportSecurityOptions { TransportSecurityOptions that = (TransportSecurityOptions) o; return Objects.equals(privateKeyFile, that.privateKeyFile) && Objects.equals(certificatesFile, that.certificatesFile) && - Objects.equals(caCertificatesFile, that.caCertificatesFile) && - Objects.equals(acceptedCiphers, that.acceptedCiphers); + Objects.equals(caCertificatesFile, that.caCertificatesFile); } @Override public int hashCode() { - return Objects.hash(privateKeyFile, certificatesFile, caCertificatesFile, acceptedCiphers); + return Objects.hash(privateKeyFile, certificatesFile, caCertificatesFile); } }
\ No newline at end of file diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java index 2ae140d7958..84f71cf8fc2 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java @@ -8,8 +8,6 @@ import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import java.util.Collections; -import java.util.List; import static org.junit.Assert.*; @@ -18,12 +16,11 @@ import static org.junit.Assert.*; */ public class TransportSecurityOptionsTest { - private static final List<String> CIPHERS = Collections.singletonList("TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"); private static final Path TEST_CONFIG_FILE = Paths.get("src/test/resources/transport-security-options.json"); @Test public void can_read_options_from_json_file() { - TransportSecurityOptions expectedOptions = new TransportSecurityOptions("myhost.key", "certs.pem", "my_cas.pem", CIPHERS); + TransportSecurityOptions expectedOptions = new TransportSecurityOptions("myhost.key", "certs.pem", "my_cas.pem"); TransportSecurityOptions actualOptions = TransportSecurityOptions.fromJsonFile(TEST_CONFIG_FILE); assertEquals(expectedOptions, actualOptions); } @@ -31,7 +28,7 @@ public class TransportSecurityOptionsTest { @Test public void can_read_options_from_json() throws IOException { String tlsJson = new String(Files.readAllBytes(TEST_CONFIG_FILE), StandardCharsets.UTF_8); - TransportSecurityOptions expectedOptions = new TransportSecurityOptions("myhost.key", "certs.pem", "my_cas.pem", CIPHERS); + TransportSecurityOptions expectedOptions = new TransportSecurityOptions("myhost.key", "certs.pem", "my_cas.pem"); TransportSecurityOptions actualOptions = TransportSecurityOptions.fromJson(tlsJson); assertEquals(expectedOptions, actualOptions); } diff --git a/security-utils/src/test/resources/transport-security-options.json b/security-utils/src/test/resources/transport-security-options.json index 259d4133aee..0506c130722 100644 --- a/security-utils/src/test/resources/transport-security-options.json +++ b/security-utils/src/test/resources/transport-security-options.json @@ -3,6 +3,5 @@ "private-key": "myhost.key", "ca-certificates": "my_cas.pem", "certificates": "certs.pem" - }, - "accepted-ciphers": ["TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256"] + } }
\ No newline at end of file |