Make SiaIdentityProvider trust store type configurable

author: Martin Polden <mpolden@mpolden.no> 2019-10-21 11:03:34 +0200
committer: Martin Polden <mpolden@mpolden.no> 2019-10-21 11:19:09 +0200
commit: 7d0599b84f109b77038abcd6a170c689b6e60d27 (patch)
tree: 8c6783096ada5784c6db3ce0bc3a81cca6e7537a /vespa-athenz/src/test/java/com
parent: 1e9da543a5f9388efd9e4a43ee1fb661d0f76ce6 (diff)
1 files changed, 32 insertions, 1 deletions
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java
index 31152a4602f..ce02860cc78 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/identity/SiaIdentityProviderTest.java
@@ -10,6 +10,7 @@ import com.yahoo.security.SignatureAlgorithm;
 import com.yahoo.security.X509CertificateBuilder;
 import com.yahoo.security.X509CertificateUtils;
 import com.yahoo.vespa.athenz.api.AthenzService;
+import com.yahoo.yolean.Exceptions;
 import org.junit.Rule;
 import org.junit.Test;
 import org.junit.rules.TemporaryFolder;
@@ -53,7 +54,32 @@ public class SiaIdentityProviderTest {
                         new AthenzService("domain", "service-name"),
                         keyFile,
                         certificateFile,
-                        trustStoreFile);
+                        trustStoreFile,
+                        SiaProviderConfig.TrustStoreType.Enum.jks);
+
+        assertNotNull(provider.getIdentitySslContext());
+    }
+
+    @Test
+    public void constructs_ssl_context_with_pem_trust_store() throws IOException {
+        File keyFile = tempDirectory.newFile();
+        KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA);
+        createPrivateKeyFile(keyFile, keypair);
+
+        X509Certificate certificate = createCertificate(keypair);
+        File certificateFile = tempDirectory.newFile();
+        createCertificateFile(certificate, certificateFile);
+
+        File trustStoreFile = tempDirectory.newFile();
+        createPemTrustStoreFile(certificate, trustStoreFile);
+
+        SiaIdentityProvider provider =
+                new SiaIdentityProvider(
+                        new AthenzService("domain", "service-name"),
+                        keyFile,
+                        certificateFile,
+                        trustStoreFile,
+                        SiaProviderConfig.TrustStoreType.Enum.pem);
 
         assertNotNull(provider.getIdentitySslContext());
     }
@@ -81,6 +107,11 @@ public class SiaIdentityProviderTest {
                 .build();
     }
 
+    private void createPemTrustStoreFile(X509Certificate certificate, File trustStoreFile) {
+        var pemEncoded = X509CertificateUtils.toPem(certificate);
+        Exceptions.uncheck(() -> Files.writeString(trustStoreFile.toPath(), pemEncoded));
+    }
+
     private void createTrustStoreFile(X509Certificate certificate, File trustStoreFile) {
         KeyStore keystore = KeyStoreBuilder.withType(KeyStoreType.JKS)
                 .withCertificateEntry("dummy-cert", certificate)
author	Martin Polden <mpolden@mpolden.no>	2019-10-21 11:03:34 +0200
committer	Martin Polden <mpolden@mpolden.no>	2019-10-21 11:19:09 +0200
commit	7d0599b84f109b77038abcd6a170c689b6e60d27 (patch)
tree	8c6783096ada5784c6db3ce0bc3a81cca6e7537a /vespa-athenz/src/test/java/com
parent	1e9da543a5f9388efd9e4a43ee1fb661d0f76ce6 (diff)