diff options
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security')
3 files changed, 25 insertions, 2 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/SignatureUtils.java b/security-utils/src/main/java/com/yahoo/security/SignatureUtils.java index 7560fbbd40d..13bc140d797 100644 --- a/security-utils/src/main/java/com/yahoo/security/SignatureUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/SignatureUtils.java @@ -2,6 +2,7 @@ package com.yahoo.security; import java.security.GeneralSecurityException; +import java.security.Key; import java.security.PrivateKey; import java.security.PublicKey; import java.security.Signature; @@ -24,6 +25,11 @@ public class SignatureUtils { } } + /** Returns a signature instance which computes a hash of its content, before signing with the given private key. */ + public static Signature createSigner(PrivateKey key) { + return createSigner(key, getSignatureAlgorithm(key)); + } + /** Returns a signature instance which computes a hash of its content, before verifying with the given public key. */ public static Signature createVerifier(PublicKey key, SignatureAlgorithm algorithm) { try { @@ -34,4 +40,21 @@ public class SignatureUtils { throw new IllegalStateException(e); } } + + /** Returns a signature instance which computes a hash of its content, before verifying with the given public key. */ + public static Signature createVerifier(PublicKey key) { + return createVerifier(key, getSignatureAlgorithm(key)); + } + + /* Returns a signature algorithm supported by the key based on SHA512 */ + private static SignatureAlgorithm getSignatureAlgorithm(Key key) { + switch (key.getAlgorithm()) { + case "EC": + return SignatureAlgorithm.SHA512_WITH_ECDSA; + case "RSA": + return SignatureAlgorithm.SHA512_WITH_RSA; + default: + throw new RuntimeException("Unknown Key algorithm " + key.getAlgorithm()); + } + } } diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java index 4f8919cdd5e..08ebba1670d 100644 --- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java +++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java @@ -122,7 +122,7 @@ public class SslContextBuilder { public SSLContext build() { try { - SSLContext sslContext = SSLContext.getInstance("TLSv1.2"); + SSLContext sslContext = SSLContext.getInstance("TLS"); TrustManager[] trustManagers = new TrustManager[] { trustManagerFactory.createTrustManager(trustStoreSupplier.get()) }; X509ExtendedKeyManager keyManager = this.keyManager != null ? this.keyManager diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java index ea26be0ef4f..e878ac33467 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TlsContext.java @@ -24,7 +24,7 @@ public interface TlsContext extends AutoCloseable { "TLS_AES_256_GCM_SHA384", // TLSv1.3 "TLS_CHACHA20_POLY1305_SHA256"); // TLSv1.3 - Set<String> ALLOWED_PROTOCOLS = Set.of("TLSv1.2"); // TODO Enable TLSv1.3 + Set<String> ALLOWED_PROTOCOLS = Set.of("TLSv1.2", "TLSv1.3"); SSLContext context(); |