diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-04-17 16:12:35 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-04-17 16:25:32 +0200 |
commit | b65667463f7add415a7b1240da7a22ae384b1942 (patch) | |
tree | c21744a18496b9f07197bcc8624a419243b2251e /vespa-athenz/src/test | |
parent | b9f6244b3cf0830ad423b41732e0279285bce7b8 (diff) |
Add helper for extracting SANs from certificate
- Model SAN as type SubjectAlternativeName
- Add SubjectAlternativeName to csr and certificate builders
Diffstat (limited to 'vespa-athenz/src/test')
-rw-r--r-- | vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrTest.java | 5 | ||||
-rw-r--r-- | vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java | 25 |
2 files changed, 28 insertions, 2 deletions
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrTest.java index bb2e80ba705..ea60511f39c 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrTest.java @@ -7,6 +7,7 @@ import java.security.KeyPair; import java.util.Arrays; import java.util.List; +import static com.yahoo.vespa.athenz.tls.SubjectAlternativeName.Type.DNS_NAME; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; @@ -19,8 +20,8 @@ public class Pkcs10CsrTest { public void can_read_subject_alternative_names() { X500Principal subject = new X500Principal("CN=subject"); KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048); - String san1 = "san1.com"; - String san2 = "san2.com"; + SubjectAlternativeName san1 = new SubjectAlternativeName(DNS_NAME, "san1.com"); + SubjectAlternativeName san2 = new SubjectAlternativeName(DNS_NAME, "san2.com"); Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, keypair, SignatureAlgorithm.SHA256_WITH_RSA) .addSubjectAlternativeName(san1) .addSubjectAlternativeName(san2) diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java index 847f49bf537..cc203011c0b 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java @@ -1,5 +1,6 @@ package com.yahoo.vespa.athenz.tls; +import org.hamcrest.Matchers; import org.junit.Test; import javax.security.auth.x500.X500Principal; @@ -7,8 +8,12 @@ import java.security.KeyPair; import java.security.cert.X509Certificate; import java.time.Instant; import java.time.temporal.ChronoUnit; +import java.util.List; +import static com.yahoo.vespa.athenz.tls.SubjectAlternativeName.Type.DNS_NAME; import static org.hamcrest.CoreMatchers.containsString; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.Matchers.is; import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertThat; @@ -38,4 +43,24 @@ public class X509CertificateUtilsTest { } + @Test + public void can_list_subject_alternative_names() { + KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048); + X500Principal subject = new X500Principal("CN=myservice"); + SubjectAlternativeName san = new SubjectAlternativeName(DNS_NAME, "dns-san"); + X509Certificate cert = X509CertificateBuilder + .fromKeypair( + keypair, + subject, + Instant.now(), + Instant.now().plus(1, ChronoUnit.DAYS), + SignatureAlgorithm.SHA256_WITH_RSA, + 1) + .addSubjectAlternativeName(san) + .build(); + + List<SubjectAlternativeName> sans = X509CertificateUtils.getSubjectAlternativeNames(cert); + assertThat(sans.size(), is(1)); + assertThat(sans.get(0), equalTo(san)); + } }
\ No newline at end of file |