Remove most deprecated types from com.yahoo.vespa.athenz.tls

Pkcs10Csr and related classes are not removed as they are currently in use.
author: Bjørn Christian Seime <bjorncs@oath.com> 2018-09-11 16:43:41 +0200
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-09-11 17:59:47 +0200
commit: 8468d13195cc5f5ff841f1d5de34655509349735 (patch)
tree: 42100d62678f9829cfc078e4111f7ace295d7dbe /vespa-athenz/src/test
parent: bdb057ecfac68acaaeecc2fe54ae989e0fba2c75 (diff)
9 files changed, 17 insertions, 303 deletions
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyStoreBuilderTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyStoreBuilderTest.java
deleted file mode 100644
index 6060f6f3521..00000000000
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyStoreBuilderTest.java
+++ /dev/null
@@ -1,53 +0,0 @@
-package com.yahoo.vespa.athenz.tls;
-
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.rules.TemporaryFolder;
-
-import java.io.File;
-import java.security.KeyPair;
-import java.security.cert.X509Certificate;
-
-import static com.yahoo.vespa.athenz.tls.TestUtils.createCertificate;
-import static com.yahoo.vespa.athenz.tls.TestUtils.createKeystoreFile;
-
-/**
- * @author bjorncs
- */
-public class KeyStoreBuilderTest {
-
-    private static final char[] PASSWORD = new char[0];
-
-    @Rule
-    public TemporaryFolder tempDirectory = new TemporaryFolder();
-
-    @Test
-    public void can_create_jks_keystore_from_privatekey_and_certificate() throws Exception {
-        KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 4096);
-        X509Certificate certificate = createCertificate(keyPair);
-        KeyStoreBuilder.withType(KeyStoreType.JKS)
-                .withKeyEntry("key", keyPair.getPrivate(), certificate)
-                .build();
-    }
-
-    @Test
-    public void can_build_jks_keystore_from_file() throws Exception {
-        File keystoreFile = tempDirectory.newFile();
-        createKeystoreFile(keystoreFile, KeyStoreType.JKS, PASSWORD);
-
-        KeyStoreBuilder.withType(KeyStoreType.JKS)
-                .fromFile(keystoreFile, PASSWORD)
-                .build();
-    }
-
-    @Test
-    public void can_build_pcks12_keystore_from_file() throws Exception {
-        File keystoreFile = tempDirectory.newFile();
-        createKeystoreFile(keystoreFile, KeyStoreType.PKCS12, PASSWORD);
-
-        KeyStoreBuilder.withType(KeyStoreType.PKCS12)
-                .fromFile(keystoreFile, PASSWORD)
-                .build();
-    }
-
-}
-\ No newline at end of file
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyUtilsTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyUtilsTest.java
deleted file mode 100644
index fbdc6f1e3bd..00000000000
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/KeyUtilsTest.java
+++ /dev/null
@@ -1,36 +0,0 @@
-package com.yahoo.vespa.athenz.tls;
-
-import org.junit.Test;
-
-import java.security.KeyPair;
-import java.security.PrivateKey;
-import java.security.PublicKey;
-
-import static org.hamcrest.CoreMatchers.containsString;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertNotNull;
-import static org.junit.Assert.assertThat;
-
-/**
- * @author bjorncs
- */
-public class KeyUtilsTest {
-
-    @Test
-    public void can_extract_public_key_from_private() {
-        KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA);
-        PublicKey publicKey = KeyUtils.extractPublicKey(keyPair.getPrivate());
-        assertNotNull(publicKey);
-    }
-
-    @Test
-    public void can_serialize_deserialize_pem() {
-        KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA);
-        String pem = KeyUtils.toPem(keyPair.getPrivate());
-        assertThat(pem, containsString("BEGIN RSA PRIVATE KEY"));
-        assertThat(pem, containsString("END RSA PRIVATE KEY"));
-        PrivateKey deserializedKey = KeyUtils.fromPemEncodedPrivateKey(pem);
-        assertEquals(keyPair.getPrivate(), deserializedKey);
-    }
-
-}
-\ No newline at end of file
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrBuilderTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrBuilderTest.java
index e3aaba66efe..3a00ad6a7a4 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrBuilderTest.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrBuilderTest.java
@@ -1,5 +1,7 @@
 package com.yahoo.vespa.athenz.tls;
 
+import com.yahoo.security.KeyAlgorithm;
+import com.yahoo.security.KeyUtils;
 import org.junit.Test;
 
 import javax.security.auth.x500.X500Principal;
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrTest.java
index ea60511f39c..8213856512d 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrTest.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrTest.java
@@ -1,5 +1,8 @@
 package com.yahoo.vespa.athenz.tls;
 
+import com.yahoo.security.Extension;
+import com.yahoo.security.KeyAlgorithm;
+import com.yahoo.security.KeyUtils;
 import org.junit.Test;
 
 import javax.security.auth.x500.X500Principal;
@@ -48,7 +51,7 @@ public class Pkcs10CsrTest {
                 .addSubjectAlternativeName("san")
                 .setBasicConstraints(true, true)
                 .build();
-        List<String> expected = Arrays.asList(Extension.BASIC_CONSTRAINS.getOId(), Extension.SUBJECT_ALTERNATIVE_NAMES.getOId());
+        List<String> expected = Arrays.asList(Extension.BASIC_CONSTRAINTS.getOId(), Extension.SUBJECT_ALTERNATIVE_NAMES.getOId());
         List<String> actual = csr.getExtensionOIds();
         assertEquals(expected, actual);
     }
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrUtilsTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrUtilsTest.java
index 5b5a57f1fcc..fcbc6d00a8e 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrUtilsTest.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/Pkcs10CsrUtilsTest.java
@@ -1,5 +1,7 @@
 package com.yahoo.vespa.athenz.tls;
 
+import com.yahoo.security.KeyAlgorithm;
+import com.yahoo.security.KeyUtils;
 import org.junit.Test;
 
 import javax.security.auth.x500.X500Principal;
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/SslContextBuilderTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/SslContextBuilderTest.java
deleted file mode 100644
index 2f750d915d4..00000000000
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/SslContextBuilderTest.java
+++ /dev/null
@@ -1,77 +0,0 @@
-// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-package com.yahoo.vespa.athenz.tls;
-
-import org.junit.Rule;
-import org.junit.Test;
-import org.junit.rules.TemporaryFolder;
-
-import java.io.File;
-import java.security.KeyPair;
-import java.security.cert.X509Certificate;
-
-import static com.yahoo.vespa.athenz.tls.TestUtils.createCertificate;
-import static com.yahoo.vespa.athenz.tls.TestUtils.createKeystore;
-import static com.yahoo.vespa.athenz.tls.TestUtils.createKeystoreFile;
-
-/**
- * @author bjorncs
- */
-public class SslContextBuilderTest {
-
-    private static final char[] PASSWORD = new char[0];
-
-    @Rule
-    public TemporaryFolder tempDirectory = new TemporaryFolder();
-
-    @Test
-    public void can_build_sslcontext_with_truststore_only() throws Exception {
-        new SslContextBuilder()
-                .withTrustStore(createKeystore(KeyStoreType.JKS, PASSWORD))
-                .build();
-    }
-
-    @Test
-    public void can_build_sslcontext_with_keystore_only() throws Exception {
-        new SslContextBuilder()
-                .withKeyStore(createKeystore(KeyStoreType.JKS, PASSWORD), PASSWORD)
-                .build();
-    }
-
-    @Test
-    public void can_build_sslcontext_with_truststore_and_keystore() throws Exception {
-        new SslContextBuilder()
-                .withKeyStore(createKeystore(KeyStoreType.JKS, PASSWORD), PASSWORD)
-                .withTrustStore(createKeystore(KeyStoreType.JKS, PASSWORD))
-                .build();
-    }
-
-    @Test
-    public void can_build_sslcontext_with_keystore_from_private_key_and_certificate() throws Exception {
-        KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
-        X509Certificate certificate = createCertificate(keyPair);
-        new SslContextBuilder()
-                .withKeyStore(keyPair.getPrivate(), certificate)
-                .build();
-    }
-
-    @Test
-    public void can_build_sslcontext_with_jks_keystore_from_file() throws Exception {
-        File keystoreFile = tempDirectory.newFile();
-        createKeystoreFile(keystoreFile, KeyStoreType.JKS, PASSWORD);
-
-        new SslContextBuilder()
-                .withKeyStore(keystoreFile, PASSWORD, KeyStoreType.JKS)
-                .build();
-    }
-
-    @Test
-    public void can_build_sslcontext_with_pcks12_keystore_from_file() throws Exception {
-        File keystoreFile = tempDirectory.newFile();
-        createKeystoreFile(keystoreFile, KeyStoreType.PKCS12, PASSWORD);
-
-        new SslContextBuilder()
-                .withKeyStore(keystoreFile, PASSWORD, KeyStoreType.PKCS12)
-                .build();
-    }
-
-}
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/TestUtils.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/TestUtils.java
index 2a9b54f9e9e..048538c1a33 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/TestUtils.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/TestUtils.java
@@ -1,15 +1,21 @@
 // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.athenz.tls;
 
+import com.yahoo.security.KeyAlgorithm;
+import com.yahoo.security.KeyStoreBuilder;
+import com.yahoo.security.KeyStoreType;
+import com.yahoo.security.KeyUtils;
+import com.yahoo.security.X509CertificateBuilder;
+
 import javax.security.auth.x500.X500Principal;
-import java.io.File;
+import java.math.BigInteger;
 import java.security.KeyPair;
 import java.security.KeyStore;
 import java.security.cert.X509Certificate;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
 
-import static com.yahoo.vespa.athenz.tls.KeyStoreUtils.writeKeyStoreToFile;
+import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_RSA;
 
 /**
  * @author bjorncs
@@ -30,11 +36,8 @@ class TestUtils {
     static X509Certificate createCertificate(KeyPair keyPair, X500Principal subject)  {
         return X509CertificateBuilder
                 .fromKeypair(
-                        keyPair, subject, Instant.now(), Instant.now().plus(1, ChronoUnit.DAYS), SignatureAlgorithm.SHA256_WITH_RSA, 1)
+                        keyPair, subject, Instant.now(), Instant.now().plus(1, ChronoUnit.DAYS), SHA256_WITH_RSA, BigInteger.ONE)
                 .build();
     }
 
-    static void createKeystoreFile(File file, KeyStoreType type, char[] password) {
-        writeKeyStoreToFile(createKeystore(type, password), file, password);
-    }
 }
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateBuilderTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateBuilderTest.java
deleted file mode 100644
index 81ff4fdb208..00000000000
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateBuilderTest.java
+++ /dev/null
@@ -1,58 +0,0 @@
-package com.yahoo.vespa.athenz.tls;
-
-import org.junit.Test;
-
-import javax.security.auth.x500.X500Principal;
-import java.security.KeyPair;
-import java.security.NoSuchAlgorithmException;
-import java.security.cert.X509Certificate;
-import java.time.Instant;
-import java.time.temporal.ChronoUnit;
-
-import static org.junit.Assert.assertEquals;
-
-/**
- * @author bjorncs
- */
-public class X509CertificateBuilderTest {
-
-    @Test
-    public void can_build_self_signed_certificate() throws NoSuchAlgorithmException {
-        KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
-        X500Principal subject = new X500Principal("CN=myservice");
-        X509Certificate cert =
-                X509CertificateBuilder.fromKeypair(
-                        keyPair,
-                        subject,
-                        Instant.now(),
-                        Instant.now().plus(1, ChronoUnit.DAYS),
-                        SignatureAlgorithm.SHA256_WITH_RSA,
-                        1)
-                .setBasicConstraints(true, true)
-                .build();
-        assertEquals(subject, cert.getSubjectX500Principal());
-    }
-
-    @Test
-    public void can_build_certificate_from_csr() {
-        X500Principal subject = new X500Principal("CN=subject");
-        X500Principal issuer = new X500Principal("CN=issuer");
-        KeyPair csrKeypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
-        Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, csrKeypair, SignatureAlgorithm.SHA256_WITH_RSA).build();
-        KeyPair caKeypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
-        X509Certificate cert = X509CertificateBuilder
-                .fromCsr(
-                        csr,
-                        issuer,
-                        Instant.now(),
-                        Instant.now().plus(1, ChronoUnit.DAYS),
-                        caKeypair.getPrivate(),
-                        SignatureAlgorithm.SHA256_WITH_RSA,
-                        1)
-                .addSubjectAlternativeName("subject1.alt")
-                .addSubjectAlternativeName("subject2.alt")
-                .build();
-        assertEquals(subject, cert.getSubjectX500Principal());
-    }
-
-}
-\ No newline at end of file
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java
deleted file mode 100644
index 4039bf36a5f..00000000000
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java
+++ /dev/null
@@ -1,72 +0,0 @@
-package com.yahoo.vespa.athenz.tls;
-
-import org.junit.Test;
-
-import javax.security.auth.x500.X500Principal;
-import java.security.KeyPair;
-import java.security.cert.X509Certificate;
-import java.time.Instant;
-import java.time.temporal.ChronoUnit;
-import java.util.Arrays;
-import java.util.List;
-
-import static com.yahoo.vespa.athenz.tls.SubjectAlternativeName.Type.DNS_NAME;
-import static org.hamcrest.CoreMatchers.containsString;
-import static org.hamcrest.CoreMatchers.equalTo;
-import static org.hamcrest.Matchers.is;
-import static org.junit.Assert.assertEquals;
-import static org.junit.Assert.assertThat;
-
-/**
- * @author bjorncs
- */
-public class X509CertificateUtilsTest {
-    @Test
-    public void can_deserialize_serialized_pem_certificate() {
-        KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
-        X500Principal subject = new X500Principal("CN=myservice");
-        X509Certificate cert = TestUtils.createCertificate(keypair, subject);
-        assertEquals(subject, cert.getSubjectX500Principal());
-        String pem = X509CertificateUtils.toPem(cert);
-        assertThat(pem, containsString("BEGIN CERTIFICATE"));
-        assertThat(pem, containsString("END CERTIFICATE"));
-        X509Certificate deserializedCert = X509CertificateUtils.fromPem(pem);
-        assertEquals(subject, deserializedCert.getSubjectX500Principal());
-    }
-
-    @Test
-    public void can_deserialize_serialized_pem_certificate_list() {
-        KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
-        X500Principal subject1 = new X500Principal("CN=myservice");
-        X509Certificate cert1 = TestUtils.createCertificate(keypair, subject1);
-        X500Principal subject2 = new X500Principal("CN=myservice");
-        X509Certificate cert2 = TestUtils.createCertificate(keypair, subject2);
-        List<X509Certificate> certificateList = Arrays.asList(cert1, cert2);
-        String pem = X509CertificateUtils.toPem(certificateList);
-        List<X509Certificate> deserializedCertificateList = X509CertificateUtils.certificateListFromPem(pem);
-        assertEquals(2, certificateList.size());
-        assertEquals(subject1, deserializedCertificateList.get(0).getSubjectX500Principal());
-        assertEquals(subject2, deserializedCertificateList.get(1).getSubjectX500Principal());
-    }
-
-    @Test
-    public void can_list_subject_alternative_names() {
-        KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
-        X500Principal subject = new X500Principal("CN=myservice");
-        SubjectAlternativeName san = new SubjectAlternativeName(DNS_NAME, "dns-san");
-        X509Certificate cert = X509CertificateBuilder
-                .fromKeypair(
-                        keypair,
-                        subject,
-                        Instant.now(),
-                        Instant.now().plus(1, ChronoUnit.DAYS),
-                        SignatureAlgorithm.SHA256_WITH_RSA,
-                        1)
-                .addSubjectAlternativeName(san)
-                .build();
-
-        List<SubjectAlternativeName> sans = X509CertificateUtils.getSubjectAlternativeNames(cert);
-        assertThat(sans.size(), is(1));
-        assertThat(sans.get(0), equalTo(san));
-    }
-}
-\ No newline at end of file
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-09-11 16:43:41 +0200
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-09-11 17:59:47 +0200
commit	8468d13195cc5f5ff841f1d5de34655509349735 (patch)
tree	42100d62678f9829cfc078e4111f7ace295d7dbe /vespa-athenz/src/test
parent	bdb057ecfac68acaaeecc2fe54ae989e0fba2c75 (diff)