diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-03 12:22:44 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2023-02-03 12:23:24 +0100 |
commit | 90892ba4d2a302b1a262fdd1198fac8c6724e44f (patch) | |
tree | 0eaa5c41368af736cd3bdb0a36f4b74f4370b886 /vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java | |
parent | e09b191faf77bb95b923bb709b2181a0a3ee2c81 (diff) |
Add SAN URI with cluster type in instance certificates
Diffstat (limited to 'vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java')
-rw-r--r-- | vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java | 17 |
1 files changed, 14 insertions, 3 deletions
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java index aa4c3e68094..09fefdff0bd 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identityprovider/client/InstanceCsrGeneratorTest.java @@ -1,17 +1,22 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.athenz.identityprovider.client; +import com.yahoo.config.provision.ClusterSpec; import com.yahoo.security.KeyAlgorithm; import com.yahoo.security.KeyUtils; +import com.yahoo.security.Pkcs10Csr; +import com.yahoo.security.SubjectAlternativeName; import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.identityprovider.api.VespaUniqueInstanceId; -import com.yahoo.security.Pkcs10Csr; import org.junit.jupiter.api.Test; import javax.security.auth.x500.X500Principal; import java.security.KeyPair; import java.util.Collections; +import java.util.Set; +import static com.yahoo.security.SubjectAlternativeName.Type.DNS; +import static com.yahoo.security.SubjectAlternativeName.Type.URI; import static org.junit.jupiter.api.Assertions.assertEquals; /** @@ -24,14 +29,20 @@ public class InstanceCsrGeneratorTest { private static final String ATHENZ_SERVICE = "foo.bar"; @Test - void it_generates_csr_with_correct_subject() { + void generates_correct_subject_and_alternative_names() { CsrGenerator csrGenerator = new CsrGenerator(DNS_SUFFIX, PROVIDER_SERVICE); AthenzService service = new AthenzService(ATHENZ_SERVICE); VespaUniqueInstanceId vespaUniqueInstanceId = VespaUniqueInstanceId.fromDottedString("0.default.default.foo-app.vespa.us-north-1.prod.node"); KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); - Pkcs10Csr csr = csrGenerator.generateInstanceCsr(service, vespaUniqueInstanceId, Collections.emptySet(), "container", keyPair); + Pkcs10Csr csr = csrGenerator.generateInstanceCsr(service, vespaUniqueInstanceId, Collections.emptySet(), ClusterSpec.Type.container, keyPair); assertEquals(new X500Principal(String.format("OU=%s, CN=%s", PROVIDER_SERVICE, ATHENZ_SERVICE)), csr.getSubject()); + var actualSans = Set.copyOf(csr.getSubjectAlternativeNames()); + var expectedSans = Set.of( + new SubjectAlternativeName(DNS, "bar.foo.prod-us-north-1.vespa.yahoo.cloud"), + new SubjectAlternativeName(DNS, "0.default.default.foo-app.vespa.us-north-1.prod.node.instanceid.athenz.prod-us-north-1.vespa.yahoo.cloud"), + new SubjectAlternativeName(URI, "vespa://cluster-type/container")); + assertEquals(expectedSans, actualSans); } } |