diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-04-06 10:42:33 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-04-09 12:49:33 +0200 |
commit | 4c663af3613519e98d70b921a57eefd94a4b2428 (patch) | |
tree | 73ca3e4455cab993d3735ee8dbc6805ae57dd474 /vespa-athenz | |
parent | 457aad058787375f6f17fb99b263747aeddec59f (diff) |
Replace BouncyCastle use with vespa-athenz helpers
Diffstat (limited to 'vespa-athenz')
-rw-r--r-- | vespa-athenz/src/test/java/com/yahoo/vespa/athenz/utils/AthenzIdentityVerifierTest.java | 40 |
1 files changed, 9 insertions, 31 deletions
diff --git a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/utils/AthenzIdentityVerifierTest.java b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/utils/AthenzIdentityVerifierTest.java index ebbfa232f42..73382d267be 100644 --- a/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/utils/AthenzIdentityVerifierTest.java +++ b/vespa-athenz/src/test/java/com/yahoo/vespa/athenz/utils/AthenzIdentityVerifierTest.java @@ -4,32 +4,21 @@ package com.yahoo.vespa.athenz.utils; import com.yahoo.vespa.athenz.api.AthenzIdentity; import com.yahoo.vespa.athenz.api.AthenzService; import com.yahoo.vespa.athenz.tls.AthenzIdentityVerifier; -import org.bouncycastle.asn1.x500.X500Name; -import org.bouncycastle.asn1.x509.BasicConstraints; -import org.bouncycastle.asn1.x509.Extension; -import org.bouncycastle.cert.CertIOException; -import org.bouncycastle.cert.X509v3CertificateBuilder; -import org.bouncycastle.cert.jcajce.JcaX509CertificateConverter; -import org.bouncycastle.cert.jcajce.JcaX509v3CertificateBuilder; -import org.bouncycastle.jce.provider.BouncyCastleProvider; -import org.bouncycastle.operator.ContentSigner; -import org.bouncycastle.operator.OperatorCreationException; -import org.bouncycastle.operator.jcajce.JcaContentSignerBuilder; +import com.yahoo.vespa.athenz.tls.X509CertificateBuilder; import org.junit.Test; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; -import java.math.BigInteger; +import javax.security.auth.x500.X500Principal; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.cert.Certificate; -import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.time.Duration; import java.time.Instant; -import java.util.Date; +import static com.yahoo.vespa.athenz.tls.SignatureAlgorithm.SHA256_WITH_RSA; import static java.util.Collections.singleton; import static org.junit.Assert.assertFalse; import static org.junit.Assert.assertTrue; @@ -57,24 +46,13 @@ public class AthenzIdentityVerifierTest { return keyGen.generateKeyPair(); } - private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, AthenzIdentity identity) - throws OperatorCreationException, CertIOException, CertificateException { - ContentSigner contentSigner = new JcaContentSignerBuilder("SHA256WithRSA").build(keyPair.getPrivate()); - X500Name x500Name = new X500Name("CN="+ identity.getFullName()); + private static X509Certificate createSelfSignedCertificate(KeyPair keyPair, AthenzIdentity identity) { + X500Principal x500Name = new X500Principal("CN="+ identity.getFullName()); Instant now = Instant.now(); - Date notBefore = Date.from(now); - Date notAfter = Date.from(now.plus(Duration.ofDays(30))); - - X509v3CertificateBuilder certificateBuilder = - new JcaX509v3CertificateBuilder( - x500Name, BigInteger.valueOf(now.toEpochMilli()), notBefore, notAfter, x500Name, keyPair.getPublic() - ) - .addExtension(Extension.basicConstraints, true, new BasicConstraints(true)); - - return new JcaX509CertificateConverter() - .setProvider(new BouncyCastleProvider()) - .getCertificate(certificateBuilder.build(contentSigner)); - + return X509CertificateBuilder + .fromKeypair(keyPair, x500Name, now, now.plus(Duration.ofDays(30)), SHA256_WITH_RSA, 1) + .setBasicConstraints(true, true) + .build(); } private static SSLSession createSslSessionMock(X509Certificate certificate) throws SSLPeerUnverifiedException { |