diff options
Diffstat (limited to 'security-utils/src/test/java/com/yahoo/security')
10 files changed, 0 insertions, 524 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/KeyStoreBuilderTest.java b/security-utils/src/test/java/com/yahoo/security/KeyStoreBuilderTest.java deleted file mode 100644 index 06ea5d963a3..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/KeyStoreBuilderTest.java +++ /dev/null @@ -1,55 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security; - -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; - -import java.nio.file.Path; -import java.security.KeyPair; -import java.security.cert.X509Certificate; - -import static com.yahoo.security.TestUtils.createCertificate; -import static com.yahoo.security.TestUtils.createKeystoreFile; - - -/** - * @author bjorncs - */ -public class KeyStoreBuilderTest { - - private static final char[] PASSWORD = new char[0]; - - @Rule - public TemporaryFolder tempDirectory = new TemporaryFolder(); - - @Test - public void can_create_jks_keystore_from_privatekey_and_certificate() throws Exception { - KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); - X509Certificate certificate = createCertificate(keyPair); - KeyStoreBuilder.withType(KeyStoreType.JKS) - .withKeyEntry("key", keyPair.getPrivate(), certificate) - .build(); - } - - @Test - public void can_build_jks_keystore_from_file() throws Exception { - Path keystoreFile = tempDirectory.newFile().toPath(); - createKeystoreFile(keystoreFile, KeyStoreType.JKS, PASSWORD); - - KeyStoreBuilder.withType(KeyStoreType.JKS) - .fromFile(keystoreFile, PASSWORD) - .build(); - } - - @Test - public void can_build_pcks12_keystore_from_file() throws Exception { - Path keystoreFile = tempDirectory.newFile().toPath(); - createKeystoreFile(keystoreFile, KeyStoreType.PKCS12, PASSWORD); - - KeyStoreBuilder.withType(KeyStoreType.PKCS12) - .fromFile(keystoreFile, PASSWORD) - .build(); - } - -}
\ No newline at end of file diff --git a/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java b/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java deleted file mode 100644 index 5e786654d7c..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java +++ /dev/null @@ -1,54 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security; - -import org.junit.Test; - -import java.security.KeyPair; -import java.security.PrivateKey; -import java.security.PublicKey; - -import static org.hamcrest.CoreMatchers.containsString; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertThat; - -/** - * @author bjorncs - */ -public class KeyUtilsTest { - - @Test - public void can_extract_public_key_from_rsa_private() { - KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); - PublicKey publicKey = KeyUtils.extractPublicKey(keyPair.getPrivate()); - assertNotNull(publicKey); - } - - @Test - public void can_extract_public_key_from_ecdsa_private() { - KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); - PublicKey publicKey = KeyUtils.extractPublicKey(keyPair.getPrivate()); - assertNotNull(publicKey); - } - - @Test - public void can_serialize_and_deserialize_rsa_privatekey_using_pem_format() { - KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); - String pem = KeyUtils.toPem(keyPair.getPrivate()); - assertThat(pem, containsString("BEGIN RSA PRIVATE KEY")); - assertThat(pem, containsString("END RSA PRIVATE KEY")); - PrivateKey deserializedKey = KeyUtils.fromPemEncodedPrivateKey(pem); - assertEquals(keyPair.getPrivate(), deserializedKey); - } - - @Test - public void can_serialize_and_deserialize_ec_privatekey_using_pem_format() { - KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); - String pem = KeyUtils.toPem(keyPair.getPrivate()); - assertThat(pem, containsString("BEGIN EC PRIVATE KEY")); - assertThat(pem, containsString("END EC PRIVATE KEY")); - PrivateKey deserializedKey = KeyUtils.fromPemEncodedPrivateKey(pem); - assertEquals(keyPair.getPrivate(), deserializedKey); - } - -}
\ No newline at end of file diff --git a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrBuilderTest.java b/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrBuilderTest.java deleted file mode 100644 index d51203a5cb2..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrBuilderTest.java +++ /dev/null @@ -1,27 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security; - -import org.junit.Test; - -import javax.security.auth.x500.X500Principal; -import java.security.KeyPair; - -import static org.junit.Assert.assertEquals; - -/** - * @author bjorncs - */ -public class Pkcs10CsrBuilderTest { - - @Test - public void can_build_csr_with_sans() { - X500Principal subject = new X500Principal("CN=subject"); - KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); - Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, keypair, SignatureAlgorithm.SHA512_WITH_ECDSA) - .addSubjectAlternativeName("san1.com") - .addSubjectAlternativeName("san2.com") - .build(); - assertEquals(subject, csr.getSubject()); - } - -}
\ No newline at end of file diff --git a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrTest.java b/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrTest.java deleted file mode 100644 index cc1f6cc6a14..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrTest.java +++ /dev/null @@ -1,57 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security; - -import org.junit.Test; - -import javax.security.auth.x500.X500Principal; -import java.security.KeyPair; -import java.util.Arrays; -import java.util.List; - -import static com.yahoo.security.SubjectAlternativeName.Type.DNS_NAME; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - -/** - * @author bjorncs - */ -public class Pkcs10CsrTest { - - @Test - public void can_read_subject_alternative_names() { - X500Principal subject = new X500Principal("CN=subject"); - KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); - SubjectAlternativeName san1 = new SubjectAlternativeName(DNS_NAME, "san1.com"); - SubjectAlternativeName san2 = new SubjectAlternativeName(DNS_NAME, "san2.com"); - Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, keypair, SignatureAlgorithm.SHA512_WITH_ECDSA) - .addSubjectAlternativeName(san1) - .addSubjectAlternativeName(san2) - .build(); - assertEquals(Arrays.asList(san1, san2), csr.getSubjectAlternativeNames()); - } - - @Test - public void can_read_basic_constraints() { - X500Principal subject = new X500Principal("CN=subject"); - KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); - Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, keypair, SignatureAlgorithm.SHA512_WITH_ECDSA) - .setBasicConstraints(true, true) - .build(); - assertTrue(csr.getBasicConstraints().isPresent()); - assertTrue(csr.getBasicConstraints().get()); - } - - @Test - public void can_read_extensions() { - X500Principal subject = new X500Principal("CN=subject"); - KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); - Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, keypair, SignatureAlgorithm.SHA512_WITH_ECDSA) - .addSubjectAlternativeName("san") - .setBasicConstraints(true, true) - .build(); - List<String> expected = Arrays.asList(Extension.BASIC_CONSTRAINTS.getOId(), Extension.SUBJECT_ALTERNATIVE_NAMES.getOId()); - List<String> actual = csr.getExtensionOIds(); - assertEquals(expected, actual); - } - -}
\ No newline at end of file diff --git a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrUtilsTest.java b/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrUtilsTest.java deleted file mode 100644 index 04d35a537bb..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrUtilsTest.java +++ /dev/null @@ -1,30 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security; - -import org.junit.Test; - -import javax.security.auth.x500.X500Principal; -import java.security.KeyPair; - -import static org.hamcrest.CoreMatchers.containsString; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; - -/** - * @author bjorncs - */ -public class Pkcs10CsrUtilsTest { - - @Test - public void can_deserialize_serialized_pem_csr() { - X500Principal subject = new X500Principal("CN=subject"); - KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); - Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, keypair, SignatureAlgorithm.SHA512_WITH_ECDSA).build(); - String pem = Pkcs10CsrUtils.toPem(csr); - Pkcs10Csr deserializedCsr = Pkcs10CsrUtils.fromPem(pem); - assertThat(pem, containsString("BEGIN CERTIFICATE REQUEST")); - assertThat(pem, containsString("END CERTIFICATE REQUEST")); - assertEquals(subject, deserializedCsr.getSubject()); - } - -}
\ No newline at end of file diff --git a/security-utils/src/test/java/com/yahoo/security/SslContextBuilderTest.java b/security-utils/src/test/java/com/yahoo/security/SslContextBuilderTest.java deleted file mode 100644 index cc269a4ef43..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/SslContextBuilderTest.java +++ /dev/null @@ -1,77 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security; - -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; - -import java.nio.file.Path; -import java.security.KeyPair; -import java.security.cert.X509Certificate; - -import static com.yahoo.security.TestUtils.createCertificate; -import static com.yahoo.security.TestUtils.createKeystore; -import static com.yahoo.security.TestUtils.createKeystoreFile; - -/** - * @author bjorncs - */ -public class SslContextBuilderTest { - - private static final char[] PASSWORD = new char[0]; - - @Rule - public TemporaryFolder tempDirectory = new TemporaryFolder(); - - @Test - public void can_build_sslcontext_with_truststore_only() throws Exception { - new SslContextBuilder() - .withTrustStore(createKeystore(KeyStoreType.JKS, PASSWORD)) - .build(); - } - - @Test - public void can_build_sslcontext_with_keystore_only() throws Exception { - new SslContextBuilder() - .withKeyStore(createKeystore(KeyStoreType.JKS, PASSWORD), PASSWORD) - .build(); - } - - @Test - public void can_build_sslcontext_with_truststore_and_keystore() throws Exception { - new SslContextBuilder() - .withKeyStore(createKeystore(KeyStoreType.JKS, PASSWORD), PASSWORD) - .withTrustStore(createKeystore(KeyStoreType.JKS, PASSWORD)) - .build(); - } - - @Test - public void can_build_sslcontext_with_keystore_from_private_key_and_certificate() throws Exception { - KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); - X509Certificate certificate = createCertificate(keyPair); - new SslContextBuilder() - .withKeyStore(keyPair.getPrivate(), certificate) - .build(); - } - - @Test - public void can_build_sslcontext_with_jks_keystore_from_file() throws Exception { - Path keystoreFile = tempDirectory.newFile().toPath(); - createKeystoreFile(keystoreFile, KeyStoreType.JKS, PASSWORD); - - new SslContextBuilder() - .withKeyStore(keystoreFile, PASSWORD, KeyStoreType.JKS) - .build(); - } - - @Test - public void can_build_sslcontext_with_pcks12_keystore_from_file() throws Exception { - Path keystoreFile = tempDirectory.newFile().toPath(); - createKeystoreFile(keystoreFile, KeyStoreType.PKCS12, PASSWORD); - - new SslContextBuilder() - .withKeyStore(keystoreFile, PASSWORD, KeyStoreType.PKCS12) - .build(); - } - -} diff --git a/security-utils/src/test/java/com/yahoo/security/TestUtils.java b/security-utils/src/test/java/com/yahoo/security/TestUtils.java deleted file mode 100644 index fcfcfb2b761..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/TestUtils.java +++ /dev/null @@ -1,42 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security; - -import javax.security.auth.x500.X500Principal; -import java.math.BigInteger; -import java.nio.file.Path; -import java.security.KeyPair; -import java.security.KeyStore; -import java.security.cert.X509Certificate; -import java.time.Instant; -import java.time.temporal.ChronoUnit; - -import static com.yahoo.security.KeyStoreUtils.writeKeyStoreToFile; - - -/** - * @author bjorncs - */ -class TestUtils { - - static KeyStore createKeystore(KeyStoreType type, char[] password) { - KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); - return KeyStoreBuilder.withType(type) - .withKeyEntry("entry-name", keyPair.getPrivate(), password, createCertificate(keyPair)) - .build(); - } - - static X509Certificate createCertificate(KeyPair keyPair) { - return createCertificate(keyPair, new X500Principal("CN=mysubject")); - } - - static X509Certificate createCertificate(KeyPair keyPair, X500Principal subject) { - return X509CertificateBuilder - .fromKeypair( - keyPair, subject, Instant.now(), Instant.now().plus(1, ChronoUnit.DAYS), SignatureAlgorithm.SHA512_WITH_ECDSA, BigInteger.valueOf(1)) - .build(); - } - - static void createKeystoreFile(Path file, KeyStoreType type, char[] password) { - writeKeyStoreToFile(createKeystore(type, password), file, password); - } -} diff --git a/security-utils/src/test/java/com/yahoo/security/X509CertificateBuilderTest.java b/security-utils/src/test/java/com/yahoo/security/X509CertificateBuilderTest.java deleted file mode 100644 index 7e6d343b570..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/X509CertificateBuilderTest.java +++ /dev/null @@ -1,83 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security; - -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; - -import javax.security.auth.x500.X500Principal; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.cert.X509Certificate; -import java.time.Instant; -import java.time.temporal.ChronoUnit; -import java.util.Arrays; -import java.util.Collection; - -import static org.junit.Assert.assertEquals; - -/** - * @author bjorncs - */ -@RunWith(Parameterized.class) -public class X509CertificateBuilderTest { - - @Parameterized.Parameters(name = "{0}") - public static Collection<Object[]> data() { - return Arrays.asList(new Object[][] { - {KeyAlgorithm.RSA, 2048, SignatureAlgorithm.SHA512_WITH_RSA}, - {KeyAlgorithm.EC, 256, SignatureAlgorithm.SHA512_WITH_ECDSA}}); - } - - private final KeyAlgorithm keyAlgorithm; - private final int keySize; - private final SignatureAlgorithm signatureAlgorithm; - - public X509CertificateBuilderTest(KeyAlgorithm keyAlgorithm, - int keySize, - SignatureAlgorithm signatureAlgorithm) { - this.keyAlgorithm = keyAlgorithm; - this.keySize = keySize; - this.signatureAlgorithm = signatureAlgorithm; - } - - @Test - public void can_build_self_signed_certificate() { - KeyPair keyPair = KeyUtils.generateKeypair(keyAlgorithm, keySize); - X500Principal subject = new X500Principal("CN=myservice"); - X509Certificate cert = - X509CertificateBuilder.fromKeypair( - keyPair, - subject, - Instant.now(), - Instant.now().plus(1, ChronoUnit.DAYS), - signatureAlgorithm, - BigInteger.valueOf(1)) - .setBasicConstraints(true, true) - .build(); - assertEquals(subject, cert.getSubjectX500Principal()); - } - - @Test - public void can_build_certificate_from_csr() { - X500Principal subject = new X500Principal("CN=subject"); - X500Principal issuer = new X500Principal("CN=issuer"); - KeyPair csrKeypair = KeyUtils.generateKeypair(keyAlgorithm, keySize); - Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, csrKeypair, signatureAlgorithm).build(); - KeyPair caKeypair = KeyUtils.generateKeypair(keyAlgorithm, keySize); - X509Certificate cert = X509CertificateBuilder - .fromCsr( - csr, - issuer, - Instant.now(), - Instant.now().plus(1, ChronoUnit.DAYS), - caKeypair.getPrivate(), - signatureAlgorithm, - BigInteger.valueOf(1)) - .addSubjectAlternativeName("subject1.alt") - .addSubjectAlternativeName("subject2.alt") - .build(); - assertEquals(subject, cert.getSubjectX500Principal()); - } - -}
\ No newline at end of file diff --git a/security-utils/src/test/java/com/yahoo/security/X509CertificateUtilsTest.java b/security-utils/src/test/java/com/yahoo/security/X509CertificateUtilsTest.java deleted file mode 100644 index 76a93028efe..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/X509CertificateUtilsTest.java +++ /dev/null @@ -1,74 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security; - -import org.junit.Test; - -import javax.security.auth.x500.X500Principal; -import java.math.BigInteger; -import java.security.KeyPair; -import java.security.cert.X509Certificate; -import java.time.Instant; -import java.time.temporal.ChronoUnit; -import java.util.Arrays; -import java.util.List; - -import static com.yahoo.security.SubjectAlternativeName.Type.DNS_NAME; -import static org.hamcrest.CoreMatchers.containsString; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.Matchers.is; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; - -/** - * @author bjorncs - */ -public class X509CertificateUtilsTest { - @Test - public void can_deserialize_serialized_pem_certificate() { - KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); - X500Principal subject = new X500Principal("CN=myservice"); - X509Certificate cert = TestUtils.createCertificate(keypair, subject); - assertEquals(subject, cert.getSubjectX500Principal()); - String pem = X509CertificateUtils.toPem(cert); - assertThat(pem, containsString("BEGIN CERTIFICATE")); - assertThat(pem, containsString("END CERTIFICATE")); - X509Certificate deserializedCert = X509CertificateUtils.fromPem(pem); - assertEquals(subject, deserializedCert.getSubjectX500Principal()); - } - - @Test - public void can_deserialize_serialized_pem_certificate_list() { - KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); - X500Principal subject1 = new X500Principal("CN=myservice1"); - X509Certificate cert1 = TestUtils.createCertificate(keypair, subject1); - X500Principal subject2 = new X500Principal("CN=myservice2"); - X509Certificate cert2 = TestUtils.createCertificate(keypair, subject2); - List<X509Certificate> certificateList = Arrays.asList(cert1, cert2); - String pem = X509CertificateUtils.toPem(certificateList); - List<X509Certificate> deserializedCertificateList = X509CertificateUtils.certificateListFromPem(pem); - assertEquals(2, certificateList.size()); - assertEquals(subject1, deserializedCertificateList.get(0).getSubjectX500Principal()); - assertEquals(subject2, deserializedCertificateList.get(1).getSubjectX500Principal()); - } - - @Test - public void can_list_subject_alternative_names() { - KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); - X500Principal subject = new X500Principal("CN=myservice"); - SubjectAlternativeName san = new SubjectAlternativeName(DNS_NAME, "dns-san"); - X509Certificate cert = X509CertificateBuilder - .fromKeypair( - keypair, - subject, - Instant.now(), - Instant.now().plus(1, ChronoUnit.DAYS), - SignatureAlgorithm.SHA512_WITH_ECDSA, - BigInteger.valueOf(1)) - .addSubjectAlternativeName(san) - .build(); - - List<SubjectAlternativeName> sans = X509CertificateUtils.getSubjectAlternativeNames(cert); - assertThat(sans.size(), is(1)); - assertThat(sans.get(0), equalTo(san)); - } -}
\ No newline at end of file diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java deleted file mode 100644 index f311651cab0..00000000000 --- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java +++ /dev/null @@ -1,25 +0,0 @@ -// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. -package com.yahoo.security.tls; - -import org.junit.Test; - -import java.nio.file.Path; -import java.nio.file.Paths; - -import static org.junit.Assert.*; - -/** - * @author bjorncs - */ -public class TransportSecurityOptionsTest { - - private static final Path TEST_CONFIG_FILE = Paths.get("src/test/resources/transport-security-options.json"); - - @Test - public void can_read_options_from_json_file() { - TransportSecurityOptions expectedOptions = new TransportSecurityOptions("myhost.key", "certs.pem", "my_cas.pem"); - TransportSecurityOptions actualOptions = TransportSecurityOptions.fromJsonFile(TEST_CONFIG_FILE); - assertEquals(expectedOptions, actualOptions); - } - -} |