Add builders and helpers for x509 certificate and csr

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-03-19 14:55:17 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-03-22 13:01:02 +0100
commit: 2fccf2914cf26b53407432310366fb9630ceb096 (patch)
tree: b4c26c1b2b0b3137604ac785fc36530fe767dca7 /vespa-athenz/src/test
parent: 53b11524f83b30d11a5c6d690a60ab34fdac1804 (diff)
4 files changed, 151 insertions, 0 deletions
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrBuilderTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrBuilderTest.java
new file mode 100644
index 00000000000..e3aaba66efe
--- /dev/null
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrBuilderTest.java
@@ -0,0 +1,27 @@
+package com.yahoo.vespa.athenz.tls;
+
+import org.junit.Test;
+
+import javax.security.auth.x500.X500Principal;
+
+import java.security.KeyPair;
+
+import static org.junit.Assert.*;
+
+/**
+ * @author bjorncs
+ */
+public class Pkcs10CsrBuilderTest {
+
+    @Test
+    public void can_build_csr_with_sans() {
+        X500Principal subject = new X500Principal("CN=subject");
+        KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
+        Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, keypair, SignatureAlgorithm.SHA256_WITH_RSA)
+                .addSubjectAlternativeName("san1.com")
+                .addSubjectAlternativeName("san2.com")
+                .build();
+        assertEquals(subject, csr.getSubject());
+    }
+
+}
+\ No newline at end of file
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrUtilsTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrUtilsTest.java
new file mode 100644
index 00000000000..1927e18eba0
--- /dev/null
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrUtilsTest.java
@@ -0,0 +1,24 @@
+package com.yahoo.vespa.athenz.tls;
+
+import org.junit.Test;
+
+import javax.security.auth.x500.X500Principal;
+import java.security.KeyPair;
+
+import static org.junit.Assert.*;
+
+/**
+ * @author bjorncs
+ */
+public class Pkcs10CsrUtilsTest {
+
+    @Test
+    public void can_deserialize_serialized_pem_csr() {
+        X500Principal subject = new X500Principal("CN=subject");
+        KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
+        Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, keypair, SignatureAlgorithm.SHA256_WITH_RSA).build();
+        Pkcs10Csr deserializedCsr = Pkcs10CsrUtils.fromPem(Pkcs10CsrUtils.toPem(csr));
+        assertEquals(subject, deserializedCsr.getSubject());
+    }
+
+}
+\ No newline at end of file
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateBuilderTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateBuilderTest.java
new file mode 100644
index 00000000000..4a6340ab0d5
--- /dev/null
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateBuilderTest.java
@@ -0,0 +1,59 @@
+package com.yahoo.vespa.athenz.tls;
+
+import org.junit.Test;
+
+import javax.security.auth.x500.X500Principal;
+import java.security.KeyPair;
+import java.security.NoSuchAlgorithmException;
+import java.security.cert.X509Certificate;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+
+import static com.yahoo.vespa.athenz.tls.TestUtils.createKeyPair;
+import static org.junit.Assert.assertEquals;
+
+/**
+ * @author bjorncs
+ */
+public class X509CertificateBuilderTest {
+
+    @Test
+    public void can_build_self_signed_certificate() throws NoSuchAlgorithmException {
+        KeyPair keyPair = createKeyPair();
+        X500Principal subject = new X500Principal("CN=myservice");
+        X509Certificate cert =
+                X509CertificateBuilder.fromKeypair(
+                        keyPair,
+                        subject,
+                        Instant.now(),
+                        Instant.now().plus(1, ChronoUnit.DAYS),
+                        SignatureAlgorithm.SHA256_WITH_RSA,
+                        1)
+                .setBasicConstraints(true, true)
+                .build();
+        assertEquals(subject, cert.getSubjectX500Principal());
+    }
+
+    @Test
+    public void can_build_certificate_from_csr() {
+        X500Principal subject = new X500Principal("CN=subject");
+        X500Principal issuer = new X500Principal("CN=issuer");
+        KeyPair csrKeypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
+        Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, csrKeypair, SignatureAlgorithm.SHA256_WITH_RSA).build();
+        KeyPair caKeypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
+        X509Certificate cert = X509CertificateBuilder
+                .fromCsr(
+                        csr,
+                        issuer,
+                        Instant.now(),
+                        Instant.now().plus(1, ChronoUnit.DAYS),
+                        caKeypair.getPrivate(),
+                        SignatureAlgorithm.SHA256_WITH_RSA,
+                        1)
+                .addSubjectAlternativeName("subject1.alt")
+                .addSubjectAlternativeName("subject2.alt")
+                .build();
+        assertEquals(subject, cert.getSubjectX500Principal());
+    }
+
+}
+\ No newline at end of file
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java
new file mode 100644
index 00000000000..847f49bf537
--- /dev/null
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java
@@ -0,0 +1,41 @@
+package com.yahoo.vespa.athenz.tls;
+
+import org.junit.Test;
+
+import javax.security.auth.x500.X500Principal;
+import java.security.KeyPair;
+import java.security.cert.X509Certificate;
+import java.time.Instant;
+import java.time.temporal.ChronoUnit;
+
+import static org.hamcrest.CoreMatchers.containsString;
+import static org.junit.Assert.assertEquals;
+import static org.junit.Assert.assertThat;
+
+/**
+ * @author bjorncs
+ */
+public class X509CertificateUtilsTest {
+    @Test
+    public void can_deserialize_serialized_pem_certificate() {
+        KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
+        X500Principal subject = new X500Principal("CN=myservice");
+        X509Certificate cert = X509CertificateBuilder
+                .fromKeypair(
+                        keypair,
+                        subject,
+                        Instant.now(),
+                        Instant.now().plus(1, ChronoUnit.DAYS),
+                        SignatureAlgorithm.SHA256_WITH_RSA,
+                        1)
+                .build();
+        assertEquals(subject, cert.getSubjectX500Principal());
+        String pem = X509CertificateUtils.toPem(cert);
+        assertThat(pem, containsString("BEGIN CERTIFICATE"));
+        assertThat(pem, containsString("END CERTIFICATE"));
+        X509Certificate deserializedCert = X509CertificateUtils.fromPem(pem);
+        assertEquals(subject, deserializedCert.getSubjectX500Principal());
+    }
+
+
+}
+\ No newline at end of file
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-03-19 14:55:17 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-03-22 13:01:02 +0100
commit	2fccf2914cf26b53407432310366fb9630ceb096 (patch)
tree	b4c26c1b2b0b3137604ac785fc36530fe767dca7 /vespa-athenz/src/test
parent	53b11524f83b30d11a5c6d690a60ab34fdac1804 (diff)