diff options
author | Martin Polden <mpolden@mpolden.no> | 2019-10-21 11:03:34 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2019-10-21 11:19:09 +0200 |
commit | 7d0599b84f109b77038abcd6a170c689b6e60d27 (patch) | |
tree | 8c6783096ada5784c6db3ce0bc3a81cca6e7537a /vespa-athenz/src/test/java/com | |
parent | 1e9da543a5f9388efd9e4a43ee1fb661d0f76ce6 (diff) |
Make SiaIdentityProvider trust store type configurable
Diffstat (limited to 'vespa-athenz/src/test/java/com')
-rw-r--r-- | vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java | 33 |
1 files changed, 32 insertions, 1 deletions
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java index 31152a4602f..ce02860cc78 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java @@ -10,6 +10,7 @@ import com.yahoo.security.SignatureAlgorithm; import com.yahoo.security.X509CertificateBuilder; import com.yahoo.security.X509CertificateUtils; import com.yahoo.vespa.athenz.api.AthenzService; +import com.yahoo.yolean.Exceptions; import org.junit.Rule; import org.junit.Test; import org.junit.rules.TemporaryFolder; @@ -53,7 +54,32 @@ public class SiaIdentityProviderTest { new AthenzService("domain", "service-name"), keyFile, certificateFile, - trustStoreFile); + trustStoreFile, + SiaProviderConfig.TrustStoreType.Enum.jks); + + assertNotNull(provider.getIdentitySslContext()); + } + + @Test + public void constructs_ssl_context_with_pem_trust_store() throws IOException { + File keyFile = tempDirectory.newFile(); + KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); + createPrivateKeyFile(keyFile, keypair); + + X509Certificate certificate = createCertificate(keypair); + File certificateFile = tempDirectory.newFile(); + createCertificateFile(certificate, certificateFile); + + File trustStoreFile = tempDirectory.newFile(); + createPemTrustStoreFile(certificate, trustStoreFile); + + SiaIdentityProvider provider = + new SiaIdentityProvider( + new AthenzService("domain", "service-name"), + keyFile, + certificateFile, + trustStoreFile, + SiaProviderConfig.TrustStoreType.Enum.pem); assertNotNull(provider.getIdentitySslContext()); } @@ -81,6 +107,11 @@ public class SiaIdentityProviderTest { .build(); } + private void createPemTrustStoreFile(X509Certificate certificate, File trustStoreFile) { + var pemEncoded = X509CertificateUtils.toPem(certificate); + Exceptions.uncheck(() -> Files.writeString(trustStoreFile.toPath(), pemEncoded)); + } + private void createTrustStoreFile(X509Certificate certificate, File trustStoreFile) { KeyStore keystore = KeyStoreBuilder.withType(KeyStoreType.JKS) .withCertificateEntry("dummy-cert", certificate) |