summaryrefslogtreecommitdiffstats
path: root/athenz-identity-provider-service
diff options
context:
space:
mode:
Diffstat (limited to 'athenz-identity-provider-service')
-rw-r--r--athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java3
-rw-r--r--athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerTest.java4
2 files changed, 4 insertions, 3 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java
index 2b91735b104..ad7eeb90f1c 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java
@@ -45,7 +45,7 @@ public class CertificateSigner {
private static final Logger log = Logger.getLogger(CertificateSigner.class.getName());
static final String SIGNER_ALGORITHM = "SHA256withRSA";
- private static final Duration CERTIIFICATE_DURATION = Duration.ofDays(30);
+ static final Duration CERTIIFICATE_DURATION = Duration.ofDays(30);
private static final List<ASN1ObjectIdentifier> ILLEGAL_EXTENSIONS = Arrays.asList(
Extension.basicConstraints, Extension.subjectAlternativeName);
@@ -108,6 +108,7 @@ public class CertificateSigner {
}
}
+ @SuppressWarnings("unchecked")
static void assertCertificateExtensions(PKCS10CertificationRequest request) {
List<String> illegalExt = Arrays
.stream(request.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest))
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerTest.java
index 70ddbd74ff3..461d8e004d6 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerTest.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerTest.java
@@ -100,8 +100,8 @@ public class CertificateSignerTest {
private void assertCertificate(X509Certificate certificate, String expectedSubjectName, Set<String> expectedExtensions) throws Exception {
assertEquals(3, certificate.getVersion());
assertEquals(BigInteger.valueOf(startTime), certificate.getSerialNumber());
- assertEquals("Sat Feb 14 00:31:30 CET 2009", certificate.getNotBefore().toString());
- assertEquals("Mon Mar 16 00:31:30 CET 2009", certificate.getNotAfter().toString());
+ assertEquals(startTime, certificate.getNotBefore().getTime());
+ assertEquals(startTime + CertificateSigner.CERTIIFICATE_DURATION.toMillis(), certificate.getNotAfter().getTime());
assertEquals(CertificateSigner.SIGNER_ALGORITHM, certificate.getSigAlgName());
assertEquals(expectedSubjectName, certificate.getSubjectDN().getName());
assertEquals("CN=" + cfgServerHostname, certificate.getIssuerX500Principal().getName());