Add method to ZtsClient to retrieve identity certificate

2 files changed, 20 insertions, 10 deletions

diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/TestUtils.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/TestUtils.java
index 64f15408313..2a9b54f9e9e 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/TestUtils.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/TestUtils.java
@@ -24,7 +24,10 @@ class TestUtils {
     }
 
     static X509Certificate createCertificate(KeyPair keyPair)  {
-        X500Principal subject = new X500Principal("CN=mysubject");
+        return createCertificate(keyPair, new X500Principal("CN=mysubject"));
+    }
+
+    static X509Certificate createCertificate(KeyPair keyPair, X500Principal subject)  {
         return X509CertificateBuilder
                 .fromKeypair(
                         keyPair, subject, Instant.now(), Instant.now().plus(1, ChronoUnit.DAYS), SignatureAlgorithm.SHA256_WITH_RSA, 1)
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java
index 718c0e88972..4039bf36a5f 100644
--- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java
+++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/tls/X509CertificateUtilsTest.java
@@ -7,6 +7,7 @@ import java.security.KeyPair;
 import java.security.cert.X509Certificate;
 import java.time.Instant;
 import java.time.temporal.ChronoUnit;
+import java.util.Arrays;
 import java.util.List;
 
 import static com.yahoo.vespa.athenz.tls.SubjectAlternativeName.Type.DNS_NAME;
@@ -24,15 +25,7 @@ public class X509CertificateUtilsTest {
     public void can_deserialize_serialized_pem_certificate() {
         KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
         X500Principal subject = new X500Principal("CN=myservice");
-        X509Certificate cert = X509CertificateBuilder
-                .fromKeypair(
-                        keypair,
-                        subject,
-                        Instant.now(),
-                        Instant.now().plus(1, ChronoUnit.DAYS),
-                        SignatureAlgorithm.SHA256_WITH_RSA,
-                        1)
-                .build();
+        X509Certificate cert = TestUtils.createCertificate(keypair, subject);
         assertEquals(subject, cert.getSubjectX500Principal());
         String pem = X509CertificateUtils.toPem(cert);
         assertThat(pem, containsString("BEGIN CERTIFICATE"));
@@ -41,6 +34,20 @@ public class X509CertificateUtilsTest {
         assertEquals(subject, deserializedCert.getSubjectX500Principal());
     }
 
+    @Test
+    public void can_deserialize_serialized_pem_certificate_list() {
+        KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 2048);
+        X500Principal subject1 = new X500Principal("CN=myservice");
+        X509Certificate cert1 = TestUtils.createCertificate(keypair, subject1);
+        X500Principal subject2 = new X500Principal("CN=myservice");
+        X509Certificate cert2 = TestUtils.createCertificate(keypair, subject2);
+        List<X509Certificate> certificateList = Arrays.asList(cert1, cert2);
+        String pem = X509CertificateUtils.toPem(certificateList);
+        List<X509Certificate> deserializedCertificateList = X509CertificateUtils.certificateListFromPem(pem);
+        assertEquals(2, certificateList.size());
+        assertEquals(subject1, deserializedCertificateList.get(0).getSubjectX500Principal());
+        assertEquals(subject2, deserializedCertificateList.get(1).getSubjectX500Principal());
+    }
 
     @Test
     public void can_list_subject_alternative_names() {