summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
Diffstat
-rw-r--r--config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java10
-rw-r--r--configserver/src/main/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializer.java10
-rw-r--r--configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java15
-rw-r--r--configserver/src/test/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializerTest.java30
-rw-r--r--security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java17
5 files changed, 21 insertions, 61 deletions
diff --git a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java
index 543318f9224..6649087f454 100644
--- a/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java
+++ b/config-model/src/test/java/com/yahoo/vespa/model/container/xml/ContainerModelBuilderTest.java
@@ -73,7 +73,6 @@ import java.io.StringReader;
import java.math.BigInteger;
import java.security.KeyPair;
import java.security.cert.X509Certificate;
-import java.time.Duration;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
@@ -837,9 +836,14 @@ public class ContainerModelBuilderTest extends ContainerModelBuilderTestBase {
.withRoot(applicationFolder.getRoot())
.build();
+ KeyPair key = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256);
var applicationTrustCert = X509CertificateUtils.toPem(
- X509CertificateUtils.createSelfSigned("CN=application", Duration.ofDays(1)).certificate());
- var operatorCert = X509CertificateUtils.createSelfSigned("CN=operator", Duration.ofDays(1)).certificate();
+ X509CertificateBuilder
+ .fromKeypair(key, new X500Principal("CN=application"), Instant.now(), Instant.now().plus(1, ChronoUnit.DAYS), SignatureAlgorithm.SHA512_WITH_ECDSA, BigInteger.valueOf(1))
+ .build());
+ var operatorCert = X509CertificateBuilder
+ .fromKeypair(key, new X500Principal("CN=operator"), Instant.now(), Instant.now().plus(1, ChronoUnit.DAYS), SignatureAlgorithm.SHA512_WITH_ECDSA, BigInteger.valueOf(1))
+ .build();
applicationPackage.getFile(Path.fromString("security")).createDirectory();
applicationPackage.getFile(Path.fromString("security/clients.pem")).writeFile(new StringReader(applicationTrustCert));
diff --git a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializer.java b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializer.java
index 3dbdf1380f1..7fe2ab5e12f 100644
--- a/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializer.java
+++ b/configserver/src/main/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializer.java
@@ -15,21 +15,17 @@ import java.util.stream.Collectors;
public class OperatorCertificateSerializer {
- private final static String certificateField = "certificates";
-
-
public static Slime toSlime(List<X509Certificate> certificateList) {
Slime slime = new Slime();
- var root = slime.setObject();
- Cursor array = root.setArray(certificateField);
+ Cursor array = slime.setArray();
certificateList.stream()
.map(X509CertificateUtils::toPem)
.forEach(array::addString);
return slime;
}
- public static List<X509Certificate> fromSlime(Inspector object) {
- return SlimeUtils.entriesStream(object.field(certificateField))
+ public static List<X509Certificate> fromSlime(Inspector array) {
+ return SlimeUtils.entriesStream(array)
.map(Inspector::asString)
.map(X509CertificateUtils::fromPem)
.collect(Collectors.toList());
diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java
index 08794cf0b78..06ff9f4b3f6 100644
--- a/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java
+++ b/configserver/src/test/java/com/yahoo/vespa/config/server/session/PrepareParamsTest.java
@@ -12,7 +12,6 @@ import com.yahoo.security.KeyUtils;
import com.yahoo.security.SignatureAlgorithm;
import com.yahoo.security.X509CertificateBuilder;
import com.yahoo.security.X509CertificateUtils;
-import com.yahoo.security.X509CertificateWithKey;
import com.yahoo.slime.ArrayInserter;
import com.yahoo.slime.Cursor;
import com.yahoo.slime.Injector;
@@ -196,11 +195,19 @@ public class PrepareParamsTest {
Slime slime = SlimeUtils.jsonToSlime(json);
Cursor cursor = slime.get();
Cursor array = cursor.setArray(PrepareParams.OPERATOR_CERTIFICATES);
- X509Certificate certificate = X509CertificateUtils.createSelfSigned("cn=myservice", Duration.ofDays(1)).certificate();
- array.addString(X509CertificateUtils.toPem(certificate));
+
+ KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256);
+ X500Principal subject = new X500Principal("CN=myservice");
+ X509Certificate cert =
+ X509CertificateBuilder.fromKeypair(keyPair, subject, Instant.now(),
+ Instant.now().plus(1, ChronoUnit.DAYS), SignatureAlgorithm.SHA256_WITH_ECDSA,
+ BigInteger.valueOf(1))
+ .setBasicConstraints(true, true)
+ .build();
+ array.addString(X509CertificateUtils.toPem(cert));
PrepareParams prepareParams = PrepareParams.fromJson(SlimeUtils.toJsonBytes(slime), TenantName.from("foo"), Duration.ofSeconds(60));
assertEquals(1, prepareParams.operatorCertificates().size());
- assertEquals(certificate, prepareParams.operatorCertificates().get(0));
+ assertEquals(cert, prepareParams.operatorCertificates().get(0));
}
private void assertPrepareParamsEqual(PrepareParams urlParams, PrepareParams jsonParams) {
diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializerTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializerTest.java
deleted file mode 100644
index b77248f0840..00000000000
--- a/configserver/src/test/java/com/yahoo/vespa/config/server/tenant/OperatorCertificateSerializerTest.java
+++ /dev/null
@@ -1,30 +0,0 @@
-// Copyright Verizon Media. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
-
-package com.yahoo.vespa.config.server.tenant;
-
-import com.yahoo.security.X509CertificateUtils;
-import com.yahoo.security.X509CertificateWithKey;
-import com.yahoo.slime.Slime;
-import com.yahoo.slime.SlimeUtils;
-import org.junit.Assert;
-import org.junit.Test;
-
-import java.io.IOException;
-import java.nio.charset.StandardCharsets;
-import java.security.cert.X509Certificate;
-import java.time.Duration;
-import java.util.List;
-
-import static org.junit.Assert.assertEquals;
-
-public class OperatorCertificateSerializerTest {
-
- @Test
- public void testSerialization() {
- X509Certificate certificate = X509CertificateUtils.createSelfSigned("cn=mycn", Duration.ofDays(1)).certificate();
- Slime slime = OperatorCertificateSerializer.toSlime(List.of(certificate));
- List<X509Certificate> deserialized = OperatorCertificateSerializer.fromSlime(slime.get());
- assertEquals(1, deserialized.size());
- assertEquals(certificate, deserialized.get(0));
- }
-}
diff --git a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
index 215dc311af3..cefa8ab2f51 100644
--- a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
@@ -18,18 +18,13 @@ import java.io.IOException;
import java.io.StringReader;
import java.io.StringWriter;
import java.io.UncheckedIOException;
-import java.math.BigInteger;
import java.security.GeneralSecurityException;
-import java.security.KeyPair;
import java.security.PrivateKey;
import java.security.PublicKey;
import java.security.Signature;
import java.security.SignatureException;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
-import java.time.Duration;
-import java.time.Instant;
-import java.time.temporal.ChronoUnit;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@@ -166,16 +161,4 @@ public class X509CertificateUtils {
}
}
- public static X509CertificateWithKey createSelfSigned(String cn, Duration duration) {
- KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256);
- X500Principal subject = new X500Principal(cn);
- Instant now = Instant.now();
- X509Certificate cert =
- X509CertificateBuilder.fromKeypair(keyPair, subject, now,
- now.plus(duration), SignatureAlgorithm.SHA256_WITH_ECDSA,
- BigInteger.ONE)
- .setBasicConstraints(true, true)
- .build();
- return new X509CertificateWithKey(cert, keyPair.getPrivate());
- }
}