summaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java2
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java4
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java8
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java8
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java2
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java4
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java2
7 files changed, 15 insertions, 15 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java b/security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java
index 81581c8146c..ab58c607891 100644
--- a/security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java
+++ b/security-utils/src/main/java/com/yahoo/security/SubjectAlternativeName.java
@@ -64,7 +64,7 @@ public class SubjectAlternativeName {
case GeneralName.directoryName:
return X500Name.getInstance(name).toString();
case GeneralName.iPAddress:
- var octets = DEROctetString.getInstance(name.toASN1Primitive()).getOctets();
+ byte[] octets = DEROctetString.getInstance(name.toASN1Primitive()).getOctets();
try {
return InetAddress.getByAddress(octets).getHostAddress();
} catch (UnknownHostException e) {
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java b/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java
index faf6ecb4348..18764f51dc5 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/AutoReloadingX509KeyManager.java
@@ -64,8 +64,8 @@ public class AutoReloadingX509KeyManager extends X509ExtendedKeyManager implemen
return KeyStoreBuilder.withType(KeyStoreType.PKCS12)
.withKeyEntry(
CERTIFICATE_ALIAS,
- KeyUtils.fromPemEncodedPrivateKey(Files.readString(privateKey)),
- X509CertificateUtils.certificateListFromPem(Files.readString(certificateChain)))
+ KeyUtils.fromPemEncodedPrivateKey(com.yahoo.vespa.jdk8compat.Files.readString(privateKey)),
+ X509CertificateUtils.certificateListFromPem(com.yahoo.vespa.jdk8compat.Files.readString(certificateChain)))
.build();
} catch (IOException e) {
throw new UncheckedIOException(e);
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
index f5bd866eb27..f746480b126 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
@@ -85,7 +85,7 @@ public class ConfigFileBasedTlsContext implements TlsContext {
private static KeyStore loadTruststore(Path caCertificateFile) {
try {
return KeyStoreBuilder.withType(KeyStoreType.PKCS12)
- .withCertificateEntries("cert", X509CertificateUtils.certificateListFromPem(Files.readString(caCertificateFile)))
+ .withCertificateEntries("cert", X509CertificateUtils.certificateListFromPem(com.yahoo.vespa.jdk8compat.Files.readString(caCertificateFile)))
.build();
} catch (IOException e) {
throw new UncheckedIOException(e);
@@ -97,8 +97,8 @@ public class ConfigFileBasedTlsContext implements TlsContext {
return KeyStoreBuilder.withType(KeyStoreType.PKCS12)
.withKeyEntry(
"default",
- KeyUtils.fromPemEncodedPrivateKey(Files.readString(privateKeyFile)),
- X509CertificateUtils.certificateListFromPem(Files.readString(certificatesFile)))
+ KeyUtils.fromPemEncodedPrivateKey(com.yahoo.vespa.jdk8compat.Files.readString(privateKeyFile)),
+ X509CertificateUtils.certificateListFromPem(com.yahoo.vespa.jdk8compat.Files.readString(certificatesFile)))
.build();
} catch (IOException e) {
throw new UncheckedIOException(e);
@@ -115,7 +115,7 @@ public class ConfigFileBasedTlsContext implements TlsContext {
.withTrustManagerFactory(
ignoredTruststore -> options.getAuthorizedPeers()
.map(authorizedPeers -> (X509ExtendedTrustManager) new PeerAuthorizerTrustManager(authorizedPeers, mode, mutableTrustManager))
- .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(Set.of()), AuthorizationMode.DISABLE, mutableTrustManager)))
+ .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, mutableTrustManager)))
.build();
List<String> acceptedCiphers = options.getAcceptedCiphers();
Set<String> ciphers = acceptedCiphers.isEmpty() ? TlsContext.ALLOWED_CIPHER_SUITES : new HashSet<>(acceptedCiphers);
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
index f4a89da988a..c3f10a464a5 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
@@ -63,14 +63,14 @@ public class DefaultTlsContext implements TlsContext {
String.format("None of the accepted ciphers are supported (supported=%s, accepted=%s)",
supportedCiphers, acceptedCiphers));
}
- log.log(Level.FINE, () -> String.format("Allowed cipher suites that are supported: %s", List.of(allowedCiphers)));
+ log.log(Level.FINE, () -> String.format("Allowed cipher suites that are supported: %s", com.yahoo.vespa.jdk8compat.List.of(allowedCiphers)));
return allowedCiphers;
}
private static String[] getAllowedProtocols(SSLContext sslContext) {
Set<String> allowedProtocols = TlsContext.getAllowedProtocols(sslContext);
- log.log(Level.FINE, () -> String.format("Allowed protocols that are supported: %s", List.of(allowedProtocols)));
- return allowedProtocols.toArray(String[]::new);
+ log.log(Level.FINE, () -> String.format("Allowed protocols that are supported: %s", com.yahoo.vespa.jdk8compat.List.of(allowedProtocols)));
+ return com.yahoo.vespa.jdk8compat.Collection.toArray(allowedProtocols, String[]::new);
}
@Override
@@ -131,7 +131,7 @@ public class DefaultTlsContext implements TlsContext {
if (authorizedPeers != null) {
builder.withTrustManagerFactory(truststore -> new PeerAuthorizerTrustManager(authorizedPeers, mode, truststore));
} else {
- builder.withTrustManagerFactory(truststore -> new PeerAuthorizerTrustManager(new AuthorizedPeers(Set.of()), AuthorizationMode.DISABLE, truststore));
+ builder.withTrustManagerFactory(truststore -> new PeerAuthorizerTrustManager(new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, truststore));
}
return builder.build();
}
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java
index 2e48de3c01f..c60f13f9729 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/KeyManagerUtils.java
@@ -30,7 +30,7 @@ public class KeyManagerUtils {
.filter(manager -> manager instanceof X509ExtendedKeyManager)
.map(X509ExtendedKeyManager.class::cast)
.findFirst()
- .orElseThrow(() -> new RuntimeException("No X509ExtendedKeyManager in " + List.of(keyManagers)));
+ .orElseThrow(() -> new RuntimeException("No X509ExtendedKeyManager in " + com.yahoo.vespa.jdk8compat.List.of(keyManagers)));
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
}
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
index 04e1cfe77e6..886cf3e886b 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java
@@ -23,7 +23,7 @@ public interface TlsContext extends AutoCloseable {
* For TLSv1.3 we allow the DEFAULT group ciphers.
* Note that we _only_ allow AEAD ciphers for either TLS version.
*/
- Set<String> ALLOWED_CIPHER_SUITES = Set.of(
+ Set<String> ALLOWED_CIPHER_SUITES = com.yahoo.vespa.jdk8compat.Set.of(
"TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384",
"TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256", // Java 12
@@ -34,7 +34,7 @@ public interface TlsContext extends AutoCloseable {
"TLS_AES_256_GCM_SHA384", // TLSv1.3
"TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3, Java 12
- Set<String> ALLOWED_PROTOCOLS = Set.of("TLSv1.2"); // TODO Enable TLSv1.3
+ Set<String> ALLOWED_PROTOCOLS = com.yahoo.vespa.jdk8compat.Set.of("TLSv1.2"); // TODO Enable TLSv1.3
String SSL_CONTEXT_VERSION = "TLS"; // Use SSLContext implementations that supports all TLS versions
/**
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java
index 7c1d7070617..17f56011261 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/TrustManagerUtils.java
@@ -29,7 +29,7 @@ public class TrustManagerUtils {
.filter(manager -> manager instanceof X509ExtendedTrustManager)
.map(X509ExtendedTrustManager.class::cast)
.findFirst()
- .orElseThrow(() -> new RuntimeException("No X509ExtendedTrustManager in " + List.of(trustManagers)));
+ .orElseThrow(() -> new RuntimeException("No X509ExtendedTrustManager in " + com.yahoo.vespa.jdk8compat.List.of(trustManagers)));
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
}