diff options
Diffstat (limited to 'security-utils/src/test/java/com/yahoo')
18 files changed, 153 insertions, 143 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/AutoReloadingX509KeyManagerTest.java b/security-utils/src/test/java/com/yahoo/security/AutoReloadingX509KeyManagerTest.java index 5bde63598c0..c335acc12be 100644 --- a/security-utils/src/test/java/com/yahoo/security/AutoReloadingX509KeyManagerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/AutoReloadingX509KeyManagerTest.java @@ -7,13 +7,14 @@ import com.yahoo.security.KeyUtils; import com.yahoo.security.SignatureAlgorithm; import com.yahoo.security.X509CertificateBuilder; import com.yahoo.security.X509CertificateUtils; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.io.TempDir; import org.mockito.ArgumentCaptor; import org.mockito.Mockito; import javax.security.auth.x500.X500Principal; + +import java.io.File; import java.io.IOException; import java.math.BigInteger; import java.nio.file.Files; @@ -36,16 +37,16 @@ import static org.mockito.Mockito.verify; public class AutoReloadingX509KeyManagerTest { private static final X500Principal SUBJECT = new X500Principal("CN=dummy"); - @Rule - public TemporaryFolder tempDirectory = new TemporaryFolder(); + @TempDir + public File tempDirectory; @Test - public void crypto_material_is_reloaded_when_scheduler_task_is_executed() throws IOException { + void crypto_material_is_reloaded_when_scheduler_task_is_executed() throws IOException { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); - Path privateKeyFile = tempDirectory.newFile().toPath(); + Path privateKeyFile = File.createTempFile("junit", null, tempDirectory).toPath(); Files.write(privateKeyFile, KeyUtils.toPem(keyPair.getPrivate()).getBytes()); - Path certificateFile = tempDirectory.newFile().toPath(); + Path certificateFile = File.createTempFile("junit", null, tempDirectory).toPath(); BigInteger serialNumberInitialCertificate = BigInteger.ONE; X509Certificate initialCertificate = generateCertificate(keyPair, serialNumberInitialCertificate); Files.write(certificateFile, X509CertificateUtils.toPem(initialCertificate).getBytes()); diff --git a/security-utils/src/test/java/com/yahoo/security/KeyStoreBuilderTest.java b/security-utils/src/test/java/com/yahoo/security/KeyStoreBuilderTest.java index 0d3924063f3..d9ca9731065 100644 --- a/security-utils/src/test/java/com/yahoo/security/KeyStoreBuilderTest.java +++ b/security-utils/src/test/java/com/yahoo/security/KeyStoreBuilderTest.java @@ -1,10 +1,10 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.io.TempDir; +import java.io.File; import java.nio.file.Path; import java.security.KeyPair; import java.security.cert.X509Certificate; @@ -20,11 +20,11 @@ public class KeyStoreBuilderTest { private static final char[] PASSWORD = new char[0]; - @Rule - public TemporaryFolder tempDirectory = new TemporaryFolder(); + @TempDir + public File tempDirectory; @Test - public void can_create_jks_keystore_from_privatekey_and_certificate() throws Exception { + void can_create_jks_keystore_from_privatekey_and_certificate() throws Exception { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); X509Certificate certificate = createCertificate(keyPair); KeyStoreBuilder.withType(KeyStoreType.JKS) @@ -33,8 +33,8 @@ public class KeyStoreBuilderTest { } @Test - public void can_build_jks_keystore_from_file() throws Exception { - Path keystoreFile = tempDirectory.newFile().toPath(); + void can_build_jks_keystore_from_file() throws Exception { + Path keystoreFile = File.createTempFile("junit", null, tempDirectory).toPath(); createKeystoreFile(keystoreFile, KeyStoreType.JKS, PASSWORD); KeyStoreBuilder.withType(KeyStoreType.JKS) @@ -43,8 +43,8 @@ public class KeyStoreBuilderTest { } @Test - public void can_build_pcks12_keystore_from_file() throws Exception { - Path keystoreFile = tempDirectory.newFile().toPath(); + void can_build_pcks12_keystore_from_file() throws Exception { + Path keystoreFile = File.createTempFile("junit", null, tempDirectory).toPath(); createKeystoreFile(keystoreFile, KeyStoreType.PKCS12, PASSWORD); KeyStoreBuilder.withType(KeyStoreType.PKCS12) diff --git a/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java b/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java index f6f48d8b1b8..afaa25ce606 100644 --- a/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java +++ b/security-utils/src/test/java/com/yahoo/security/KeyUtilsTest.java @@ -1,15 +1,15 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security; -import org.junit.Test; +import org.junit.jupiter.api.Test; import java.security.KeyPair; import java.security.PrivateKey; import java.security.PublicKey; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertNotNull; +import static org.junit.jupiter.api.Assertions.assertTrue; /** * @author bjorncs @@ -17,41 +17,41 @@ import static org.junit.Assert.assertTrue; public class KeyUtilsTest { @Test - public void can_extract_public_key_from_rsa_private() { + void can_extract_public_key_from_rsa_private() { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); PublicKey publicKey = KeyUtils.extractPublicKey(keyPair.getPrivate()); assertNotNull(publicKey); } @Test - public void can_extract_public_key_from_ecdsa_private() { + void can_extract_public_key_from_ecdsa_private() { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); PublicKey publicKey = KeyUtils.extractPublicKey(keyPair.getPrivate()); assertNotNull(publicKey); } @Test - public void can_serialize_and_deserialize_rsa_privatekey_using_pkcs1_pem_format() { + void can_serialize_and_deserialize_rsa_privatekey_using_pkcs1_pem_format() { testPrivateKeySerialization(KeyAlgorithm.RSA, KeyFormat.PKCS1, "RSA PRIVATE KEY"); } @Test - public void can_serialize_and_deserialize_rsa_privatekey_using_pkcs8_pem_format() { + void can_serialize_and_deserialize_rsa_privatekey_using_pkcs8_pem_format() { testPrivateKeySerialization(KeyAlgorithm.RSA, KeyFormat.PKCS8, "PRIVATE KEY"); } @Test - public void can_serialize_and_deserialize_ec_privatekey_using_pkcs1_pem_format() { + void can_serialize_and_deserialize_ec_privatekey_using_pkcs1_pem_format() { testPrivateKeySerialization(KeyAlgorithm.EC, KeyFormat.PKCS1, "EC PRIVATE KEY"); } @Test - public void can_serialize_and_deserialize_ec_privatekey_using_pkcs8_pem_format() { + void can_serialize_and_deserialize_ec_privatekey_using_pkcs8_pem_format() { testPrivateKeySerialization(KeyAlgorithm.EC, KeyFormat.PKCS8, "PRIVATE KEY"); } @Test - public void can_serialize_and_deserialize_rsa_publickey_using_pem_format() { + void can_serialize_and_deserialize_rsa_publickey_using_pem_format() { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.RSA); String pem = KeyUtils.toPem(keyPair.getPublic()); assertTrue(pem.contains("BEGIN PUBLIC KEY")); @@ -62,7 +62,7 @@ public class KeyUtilsTest { } @Test - public void can_serialize_and_deserialize_ec_publickey_using_pem_format() { + void can_serialize_and_deserialize_ec_publickey_using_pem_format() { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); String pem = KeyUtils.toPem(keyPair.getPublic()); assertTrue(pem.contains("BEGIN PUBLIC KEY")); diff --git a/security-utils/src/test/java/com/yahoo/security/MutableX509KeyManagerTest.java b/security-utils/src/test/java/com/yahoo/security/MutableX509KeyManagerTest.java index 871b0937f18..ddceb762d2a 100644 --- a/security-utils/src/test/java/com/yahoo/security/MutableX509KeyManagerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/MutableX509KeyManagerTest.java @@ -8,7 +8,7 @@ import com.yahoo.security.KeyUtils; import com.yahoo.security.MutableX509KeyManager; import com.yahoo.security.SignatureAlgorithm; import com.yahoo.security.X509CertificateBuilder; -import org.junit.Test; +import org.junit.jupiter.api.Test; import javax.security.auth.x500.X500Principal; import java.math.BigInteger; @@ -29,7 +29,7 @@ public class MutableX509KeyManagerTest { private static final X500Principal SUBJECT = new X500Principal("CN=dummy"); @Test - public void key_manager_can_be_updated_with_new_certificate() { + void key_manager_can_be_updated_with_new_certificate() { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); BigInteger serialNumberInitialCertificate = BigInteger.ONE; diff --git a/security-utils/src/test/java/com/yahoo/security/MutableX509TrustManagerTest.java b/security-utils/src/test/java/com/yahoo/security/MutableX509TrustManagerTest.java index 489aa7eb4da..ea9f9a4a68a 100644 --- a/security-utils/src/test/java/com/yahoo/security/MutableX509TrustManagerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/MutableX509TrustManagerTest.java @@ -1,7 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security; -import org.junit.Test; +import org.junit.jupiter.api.Test; import javax.security.auth.x500.X500Principal; import java.math.BigInteger; @@ -19,7 +19,7 @@ import static org.assertj.core.api.Assertions.assertThat; public class MutableX509TrustManagerTest { @Test - public void key_manager_can_be_updated_with_new_certificate() { + void key_manager_can_be_updated_with_new_certificate() { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC); X509Certificate initialCertificate = generateCertificate(new X500Principal("CN=issuer1"), keyPair); diff --git a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrBuilderTest.java b/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrBuilderTest.java index 5ad49bbc599..ca8fb280ec7 100644 --- a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrBuilderTest.java +++ b/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrBuilderTest.java @@ -1,12 +1,12 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security; -import org.junit.Test; +import org.junit.jupiter.api.Test; import javax.security.auth.x500.X500Principal; import java.security.KeyPair; -import static org.junit.Assert.assertEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; /** * @author bjorncs @@ -14,7 +14,7 @@ import static org.junit.Assert.assertEquals; public class Pkcs10CsrBuilderTest { @Test - public void can_build_csr_with_sans() { + void can_build_csr_with_sans() { X500Principal subject = new X500Principal("CN=subject"); KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, keypair, SignatureAlgorithm.SHA512_WITH_ECDSA) diff --git a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrTest.java b/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrTest.java index d03c52027bf..3fe36dc6a7c 100644 --- a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrTest.java +++ b/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrTest.java @@ -1,7 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security; -import org.junit.Test; +import org.junit.jupiter.api.Test; import javax.security.auth.x500.X500Principal; import java.security.KeyPair; @@ -9,8 +9,8 @@ import java.util.Arrays; import java.util.List; import static com.yahoo.security.SubjectAlternativeName.Type.DNS; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; /** * @author bjorncs @@ -18,7 +18,7 @@ import static org.junit.Assert.assertTrue; public class Pkcs10CsrTest { @Test - public void can_read_subject_alternative_names() { + void can_read_subject_alternative_names() { X500Principal subject = new X500Principal("CN=subject"); KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); SubjectAlternativeName san1 = new SubjectAlternativeName(DNS, "san1.com"); @@ -31,7 +31,7 @@ public class Pkcs10CsrTest { } @Test - public void can_read_basic_constraints() { + void can_read_basic_constraints() { X500Principal subject = new X500Principal("CN=subject"); KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, keypair, SignatureAlgorithm.SHA512_WITH_ECDSA) @@ -42,7 +42,7 @@ public class Pkcs10CsrTest { } @Test - public void can_read_extensions() { + void can_read_extensions() { X500Principal subject = new X500Principal("CN=subject"); KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, keypair, SignatureAlgorithm.SHA512_WITH_ECDSA) diff --git a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrUtilsTest.java b/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrUtilsTest.java index 32b8dfc5bcd..48ff3e9a6fd 100644 --- a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrUtilsTest.java +++ b/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrUtilsTest.java @@ -1,13 +1,13 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security; -import org.junit.Test; +import org.junit.jupiter.api.Test; import javax.security.auth.x500.X500Principal; import java.security.KeyPair; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertTrue; /** * @author bjorncs @@ -15,7 +15,7 @@ import static org.junit.Assert.assertTrue; public class Pkcs10CsrUtilsTest { @Test - public void can_deserialize_serialized_pem_csr() { + void can_deserialize_serialized_pem_csr() { X500Principal subject = new X500Principal("CN=subject"); KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); Pkcs10Csr csr = Pkcs10CsrBuilder.fromKeypair(subject, keypair, SignatureAlgorithm.SHA512_WITH_ECDSA).build(); diff --git a/security-utils/src/test/java/com/yahoo/security/SslContextBuilderTest.java b/security-utils/src/test/java/com/yahoo/security/SslContextBuilderTest.java index 3c40cb89e6c..b08494bb8da 100644 --- a/security-utils/src/test/java/com/yahoo/security/SslContextBuilderTest.java +++ b/security-utils/src/test/java/com/yahoo/security/SslContextBuilderTest.java @@ -1,10 +1,10 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.io.TempDir; +import java.io.File; import java.nio.file.Path; import java.security.KeyPair; import java.security.cert.X509Certificate; @@ -20,25 +20,25 @@ public class SslContextBuilderTest { private static final char[] PASSWORD = new char[0]; - @Rule - public TemporaryFolder tempDirectory = new TemporaryFolder(); + @TempDir + public File tempDirectory; @Test - public void can_build_sslcontext_with_truststore_only() throws Exception { + void can_build_sslcontext_with_truststore_only() throws Exception { new SslContextBuilder() .withTrustStore(createKeystore(KeyStoreType.JKS, PASSWORD)) .build(); } @Test - public void can_build_sslcontext_with_keystore_only() throws Exception { + void can_build_sslcontext_with_keystore_only() throws Exception { new SslContextBuilder() .withKeyStore(createKeystore(KeyStoreType.JKS, PASSWORD), PASSWORD) .build(); } @Test - public void can_build_sslcontext_with_truststore_and_keystore() throws Exception { + void can_build_sslcontext_with_truststore_and_keystore() throws Exception { new SslContextBuilder() .withKeyStore(createKeystore(KeyStoreType.JKS, PASSWORD), PASSWORD) .withTrustStore(createKeystore(KeyStoreType.JKS, PASSWORD)) @@ -46,7 +46,7 @@ public class SslContextBuilderTest { } @Test - public void can_build_sslcontext_with_keystore_from_private_key_and_certificate() throws Exception { + void can_build_sslcontext_with_keystore_from_private_key_and_certificate() throws Exception { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); X509Certificate certificate = createCertificate(keyPair); new SslContextBuilder() @@ -55,8 +55,8 @@ public class SslContextBuilderTest { } @Test - public void can_build_sslcontext_with_jks_keystore_from_file() throws Exception { - Path keystoreFile = tempDirectory.newFile().toPath(); + void can_build_sslcontext_with_jks_keystore_from_file() throws Exception { + Path keystoreFile = File.createTempFile("junit", null, tempDirectory).toPath(); createKeystoreFile(keystoreFile, KeyStoreType.JKS, PASSWORD); new SslContextBuilder() @@ -65,8 +65,8 @@ public class SslContextBuilderTest { } @Test - public void can_build_sslcontext_with_pcks12_keystore_from_file() throws Exception { - Path keystoreFile = tempDirectory.newFile().toPath(); + void can_build_sslcontext_with_pcks12_keystore_from_file() throws Exception { + Path keystoreFile = File.createTempFile("junit", null, tempDirectory).toPath(); createKeystoreFile(keystoreFile, KeyStoreType.PKCS12, PASSWORD); new SslContextBuilder() diff --git a/security-utils/src/test/java/com/yahoo/security/X509CertificateBuilderTest.java b/security-utils/src/test/java/com/yahoo/security/X509CertificateBuilderTest.java index eb6fe4286d8..1a9c4999146 100644 --- a/security-utils/src/test/java/com/yahoo/security/X509CertificateBuilderTest.java +++ b/security-utils/src/test/java/com/yahoo/security/X509CertificateBuilderTest.java @@ -1,9 +1,8 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.junit.runners.Parameterized; +import org.junit.jupiter.params.ParameterizedTest; +import org.junit.jupiter.params.provider.MethodSource; import javax.security.auth.x500.X500Principal; import java.math.BigInteger; @@ -14,35 +13,35 @@ import java.time.temporal.ChronoUnit; import java.util.Arrays; import java.util.Collection; -import static org.junit.Assert.assertEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; /** * @author bjorncs */ -@RunWith(Parameterized.class) public class X509CertificateBuilderTest { - @Parameterized.Parameters(name = "{0}") public static Collection<Object[]> data() { - return Arrays.asList(new Object[][] { + return Arrays.asList(new Object[][]{ {KeyAlgorithm.RSA, 2048, SignatureAlgorithm.SHA512_WITH_RSA}, {KeyAlgorithm.EC, 256, SignatureAlgorithm.SHA512_WITH_ECDSA}}); } - private final KeyAlgorithm keyAlgorithm; - private final int keySize; - private final SignatureAlgorithm signatureAlgorithm; + private KeyAlgorithm keyAlgorithm; + private int keySize; + private SignatureAlgorithm signatureAlgorithm; - public X509CertificateBuilderTest(KeyAlgorithm keyAlgorithm, - int keySize, - SignatureAlgorithm signatureAlgorithm) { + public void initX509CertificateBuilderTest(KeyAlgorithm keyAlgorithm, + int keySize, + SignatureAlgorithm signatureAlgorithm) { this.keyAlgorithm = keyAlgorithm; this.keySize = keySize; this.signatureAlgorithm = signatureAlgorithm; } - @Test - public void can_build_self_signed_certificate() { + @MethodSource("data") + @ParameterizedTest(name = "{0}") + void can_build_self_signed_certificate(KeyAlgorithm keyAlgorithm, int keySize, SignatureAlgorithm signatureAlgorithm) { + initX509CertificateBuilderTest(keyAlgorithm, keySize, signatureAlgorithm); KeyPair keyPair = KeyUtils.generateKeypair(keyAlgorithm, keySize); X500Principal subject = new X500Principal("CN=myservice"); X509Certificate cert = @@ -53,13 +52,15 @@ public class X509CertificateBuilderTest { Instant.now().plus(1, ChronoUnit.DAYS), signatureAlgorithm, BigInteger.valueOf(1)) - .setBasicConstraints(true, true) - .build(); + .setBasicConstraints(true, true) + .build(); assertEquals(subject, cert.getSubjectX500Principal()); } - @Test - public void can_build_certificate_from_csr() { + @MethodSource("data") + @ParameterizedTest(name = "{0}") + void can_build_certificate_from_csr(KeyAlgorithm keyAlgorithm, int keySize, SignatureAlgorithm signatureAlgorithm) { + initX509CertificateBuilderTest(keyAlgorithm, keySize, signatureAlgorithm); X500Principal subject = new X500Principal("CN=subject"); X500Principal issuer = new X500Principal("CN=issuer"); KeyPair csrKeypair = KeyUtils.generateKeypair(keyAlgorithm, keySize); diff --git a/security-utils/src/test/java/com/yahoo/security/X509CertificateUtilsTest.java b/security-utils/src/test/java/com/yahoo/security/X509CertificateUtilsTest.java index 6bb87554de3..c0560627661 100644 --- a/security-utils/src/test/java/com/yahoo/security/X509CertificateUtilsTest.java +++ b/security-utils/src/test/java/com/yahoo/security/X509CertificateUtilsTest.java @@ -1,7 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security; -import org.junit.Test; +import org.junit.jupiter.api.Test; import javax.security.auth.x500.X500Principal; import java.math.BigInteger; @@ -14,16 +14,16 @@ import java.util.List; import static com.yahoo.security.SubjectAlternativeName.Type.DNS; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertEquals; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; /** * @author bjorncs */ public class X509CertificateUtilsTest { @Test - public void can_deserialize_serialized_pem_certificate() { + void can_deserialize_serialized_pem_certificate() { KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); X500Principal subject = new X500Principal("CN=myservice"); X509Certificate cert = TestUtils.createCertificate(keypair, subject); @@ -36,7 +36,7 @@ public class X509CertificateUtilsTest { } @Test - public void can_deserialize_serialized_pem_certificate_list() { + void can_deserialize_serialized_pem_certificate_list() { KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); X500Principal subject1 = new X500Principal("CN=myservice1"); X509Certificate cert1 = TestUtils.createCertificate(keypair, subject1); @@ -51,7 +51,7 @@ public class X509CertificateUtilsTest { } @Test - public void can_list_subject_alternative_names() { + void can_list_subject_alternative_names() { KeyPair keypair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); X500Principal subject = new X500Principal("CN=myservice"); SubjectAlternativeName san = new SubjectAlternativeName(DNS, "dns-san"); @@ -72,7 +72,7 @@ public class X509CertificateUtilsTest { } @Test - public void verifies_matching_cert_and_key() { + void verifies_matching_cert_and_key() { KeyPair ecKeypairA = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); KeyPair ecKeypairB = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); KeyPair rsaKeypairA = KeyUtils.generateKeypair(KeyAlgorithm.RSA, 1024); diff --git a/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java b/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java index e4c530dbb0b..2a7149ba2e3 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java @@ -1,26 +1,27 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security.tls; -import com.yahoo.security.tls.PeerPolicy; -import com.yahoo.security.tls.RequiredPeerCredential; -import org.junit.Test; +import org.junit.jupiter.api.Test; import java.util.HashSet; import static com.yahoo.security.tls.RequiredPeerCredential.Field.CN; import static java.util.Arrays.asList; import static java.util.Collections.singletonList; +import static org.junit.jupiter.api.Assertions.assertThrows; /** * @author bjorncs */ public class AuthorizedPeersTest { - @Test(expected = IllegalArgumentException.class) - public void throws_exception_on_peer_policies_with_duplicate_names() { - PeerPolicy peerPolicy1 = new PeerPolicy("duplicate-name", singletonList(RequiredPeerCredential.of(CN, "mycfgserver"))); - PeerPolicy peerPolicy2 = new PeerPolicy("duplicate-name", singletonList(RequiredPeerCredential.of(CN, "myclient"))); - new AuthorizedPeers(new HashSet<>(asList(peerPolicy1, peerPolicy2))); + @Test + void throws_exception_on_peer_policies_with_duplicate_names() { + assertThrows(IllegalArgumentException.class, () -> { + PeerPolicy peerPolicy1 = new PeerPolicy("duplicate-name", singletonList(RequiredPeerCredential.of(CN, "mycfgserver"))); + PeerPolicy peerPolicy2 = new PeerPolicy("duplicate-name", singletonList(RequiredPeerCredential.of(CN, "myclient"))); + new AuthorizedPeers(new HashSet<>(asList(peerPolicy1, peerPolicy2))); + }); } } diff --git a/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java index 0af6d231701..7b70c842a4c 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/ConfigFileBasedTlsContextTest.java @@ -4,12 +4,13 @@ package com.yahoo.security.tls; import com.yahoo.security.KeyUtils; import com.yahoo.security.X509CertificateBuilder; import com.yahoo.security.X509CertificateUtils; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.io.TempDir; import javax.net.ssl.SSLEngine; import javax.security.auth.x500.X500Principal; + +import java.io.File; import java.io.IOException; import java.math.BigInteger; import java.nio.file.Files; @@ -28,23 +29,23 @@ import static org.assertj.core.api.Assertions.assertThat; */ public class ConfigFileBasedTlsContextTest { - @Rule - public TemporaryFolder tempDirectory = new TemporaryFolder(); + @TempDir + public File tempDirectory; @Test - public void can_create_sslcontext_from_credentials() throws IOException, InterruptedException { + void can_create_sslcontext_from_credentials() throws IOException, InterruptedException { KeyPair keyPair = KeyUtils.generateKeypair(EC); - Path privateKeyFile = tempDirectory.newFile().toPath(); + Path privateKeyFile = File.createTempFile("junit", null, tempDirectory).toPath(); Files.write(privateKeyFile, KeyUtils.toPem(keyPair.getPrivate()).getBytes()); X509Certificate certificate = X509CertificateBuilder .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, EPOCH.plus(1, DAYS), SHA256_WITH_ECDSA, BigInteger.ONE) .build(); - Path certificateChainFile = tempDirectory.newFile().toPath(); + Path certificateChainFile = File.createTempFile("junit", null, tempDirectory).toPath(); String certificatePem = X509CertificateUtils.toPem(certificate); Files.write(certificateChainFile, certificatePem.getBytes()); - Path caCertificatesFile = tempDirectory.newFile().toPath(); + Path caCertificatesFile = File.createTempFile("junit", null, tempDirectory).toPath(); Files.write(caCertificatesFile, certificatePem.getBytes()); TransportSecurityOptions options = new TransportSecurityOptions.Builder() @@ -52,7 +53,7 @@ public class ConfigFileBasedTlsContextTest { .withCaCertificates(caCertificatesFile) .build(); - Path optionsFile = tempDirectory.newFile().toPath(); + Path optionsFile = File.createTempFile("junit", null, tempDirectory).toPath(); options.toJsonFile(optionsFile); try (TlsContext tlsContext = new ConfigFileBasedTlsContext(optionsFile, AuthorizationMode.ENFORCE)) { diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java index b6c40a0c2e1..bf4a618d9ce 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java @@ -3,7 +3,7 @@ package com.yahoo.security.tls; import com.yahoo.security.KeyUtils; import com.yahoo.security.X509CertificateBuilder; -import org.junit.Test; +import org.junit.jupiter.api.Test; import javax.net.ssl.SSLEngine; import javax.security.auth.x500.X500Principal; @@ -26,7 +26,7 @@ import static org.assertj.core.api.Assertions.assertThat; public class DefaultTlsContextTest { @Test - public void can_create_sslcontext_from_credentials() { + void can_create_sslcontext_from_credentials() { KeyPair keyPair = KeyUtils.generateKeypair(EC); X509Certificate certificate = X509CertificateBuilder diff --git a/security-utils/src/test/java/com/yahoo/security/tls/HostGlobPatternTest.java b/security-utils/src/test/java/com/yahoo/security/tls/HostGlobPatternTest.java index a5628a637f8..b63b1dfeaa0 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/HostGlobPatternTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/HostGlobPatternTest.java @@ -1,10 +1,10 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security.tls; -import org.junit.Test; +import org.junit.jupiter.api.Test; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; /** @@ -13,28 +13,28 @@ import static org.junit.Assert.assertTrue; public class HostGlobPatternTest { @Test - public void glob_without_wildcards_matches_entire_string() { + void glob_without_wildcards_matches_entire_string() { assertTrue(globMatches("foo", "foo")); assertFalse(globMatches("foo", "fooo")); assertFalse(globMatches("foo", "ffoo")); } @Test - public void wildcard_glob_can_match_prefix() { + void wildcard_glob_can_match_prefix() { assertTrue(globMatches("foo*", "foo")); assertTrue(globMatches("foo*", "foobar")); assertFalse(globMatches("foo*", "ffoo")); } @Test - public void wildcard_glob_can_match_suffix() { + void wildcard_glob_can_match_suffix() { assertTrue(globMatches("*foo", "foo")); assertTrue(globMatches("*foo", "ffoo")); assertFalse(globMatches("*foo", "fooo")); } @Test - public void wildcard_glob_can_match_substring() { + void wildcard_glob_can_match_substring() { assertTrue(globMatches("f*o", "fo")); assertTrue(globMatches("f*o", "foo")); assertTrue(globMatches("f*o", "ffoo")); @@ -42,7 +42,7 @@ public class HostGlobPatternTest { } @Test - public void wildcard_glob_does_not_cross_multiple_dot_delimiter_boundaries() { + void wildcard_glob_does_not_cross_multiple_dot_delimiter_boundaries() { assertTrue(globMatches("*.bar.baz", "foo.bar.baz")); assertTrue(globMatches("*.bar.baz", ".bar.baz")); assertFalse(globMatches("*.bar.baz", "zoid.foo.bar.baz")); @@ -51,7 +51,7 @@ public class HostGlobPatternTest { } @Test - public void single_char_glob_matches_non_dot_characters() { + void single_char_glob_matches_non_dot_characters() { assertTrue(globMatches("f?o", "foo")); assertFalse(globMatches("f?o", "fooo")); assertFalse(globMatches("f?o", "ffoo")); @@ -59,7 +59,7 @@ public class HostGlobPatternTest { } @Test - public void other_regex_meta_characters_are_matched_as_literal_characters() { + void other_regex_meta_characters_are_matched_as_literal_characters() { assertTrue(globMatches("<([{\\^-=$!|]})+.>", "<([{\\^-=$!|]})+.>")); } diff --git a/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java index 94b0dc4f83e..bea5c6108f2 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java @@ -6,7 +6,7 @@ import com.yahoo.security.KeyUtils; import com.yahoo.security.SubjectAlternativeName.Type; import com.yahoo.security.X509CertificateBuilder; import com.yahoo.security.tls.RequiredPeerCredential.Field; -import org.junit.Test; +import org.junit.jupiter.api.Test; import javax.security.auth.x500.X500Principal; import java.math.BigInteger; @@ -28,8 +28,8 @@ import static java.util.Collections.emptyList; import static java.util.Collections.singletonList; import static java.util.stream.Collectors.toSet; import static org.assertj.core.api.Assertions.assertThat; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; +import static org.junit.jupiter.api.Assertions.assertFalse; +import static org.junit.jupiter.api.Assertions.assertTrue; /** * @author bjorncs @@ -40,7 +40,7 @@ public class PeerAuthorizerTest { private static final String POLICY_1 = "policy-1", POLICY_2 = "policy-2"; @Test - public void certificate_must_match_both_san_and_cn_pattern() { + void certificate_must_match_both_san_and_cn_pattern() { RequiredPeerCredential cnRequirement = createRequiredCredential(CN, "*.matching.cn"); RequiredPeerCredential sanRequirement = createRequiredCredential(SAN_DNS, "*.matching.san"); PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, cnRequirement, sanRequirement)); @@ -50,12 +50,12 @@ public class PeerAuthorizerTest { assertThat(result.matchedPolicies()).containsOnly(POLICY_1); assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", singletonList("foo.matching.san"), emptyList()))); - assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", asList("foo.matching.san", "foo.invalid.san"),emptyList()))); + assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", asList("foo.matching.san", "foo.invalid.san"), emptyList()))); assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.invalid.san"), emptyList()))); } @Test - public void can_match_multiple_policies() { + void can_match_multiple_policies() { RequiredPeerCredential cnRequirement = createRequiredCredential(CN, "*.matching.cn"); RequiredPeerCredential sanRequirement = createRequiredCredential(SAN_DNS, "*.matching.san"); @@ -70,7 +70,7 @@ public class PeerAuthorizerTest { } @Test - public void can_match_subset_of_policies() { + void can_match_subset_of_policies() { PeerAuthorizer peerAuthorizer = createPeerAuthorizer( createPolicy(POLICY_1, createRequiredCredential(CN, "*.matching.cn")), createPolicy(POLICY_2, createRequiredCredential(SAN_DNS, "*.matching.san"))); @@ -81,7 +81,7 @@ public class PeerAuthorizerTest { } @Test - public void must_match_all_cn_and_san_patterns() { + void must_match_all_cn_and_san_patterns() { RequiredPeerCredential cnSuffixRequirement = createRequiredCredential(CN, "*.*.matching.suffix.cn"); RequiredPeerCredential cnPrefixRequirement = createRequiredCredential(CN, "matching.prefix.*.*.*"); RequiredPeerCredential sanPrefixRequirement = createRequiredCredential(SAN_DNS, "*.*.matching.suffix.san"); @@ -95,7 +95,7 @@ public class PeerAuthorizerTest { } @Test - public void can_match_policy_with_san_uri_pattern() { + void can_match_policy_with_san_uri_pattern() { RequiredPeerCredential cnRequirement = createRequiredCredential(CN, "*.matching.cn"); RequiredPeerCredential sanUriRequirement = createRequiredCredential(SAN_URI, "myscheme://my/*/uri"); PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, cnRequirement, sanUriRequirement)); @@ -108,7 +108,7 @@ public class PeerAuthorizerTest { } @Test - public void auth_context_contains_union_of_granted_capabilities_from_policies() { + void auth_context_contains_union_of_granted_capabilities_from_policies() { RequiredPeerCredential cnRequirement = createRequiredCredential(CN, "*.matching.cn"); RequiredPeerCredential sanRequirement = createRequiredCredential(SAN_DNS, "*.matching.san"); diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java index 476ab689903..895428037ed 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java @@ -1,9 +1,10 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security.tls; -import org.junit.Rule; -import org.junit.Test; -import org.junit.rules.TemporaryFolder; +import com.fasterxml.jackson.core.JsonProcessingException; +import com.fasterxml.jackson.databind.ObjectMapper; +import org.junit.jupiter.api.Test; +import org.junit.jupiter.api.io.TempDir; import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; @@ -21,20 +22,21 @@ import java.util.Optional; import static com.yahoo.security.tls.RequiredPeerCredential.Field.CN; import static com.yahoo.security.tls.RequiredPeerCredential.Field.SAN_DNS; import static com.yahoo.security.tls.RequiredPeerCredential.Field.SAN_URI; -import static com.yahoo.test.json.JsonTestHelper.assertJsonEquals; -import static org.junit.Assert.assertEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; /** * @author bjorncs */ public class TransportSecurityOptionsJsonSerializerTest { - @Rule public TemporaryFolder tempDirectory = new TemporaryFolder(); + @TempDir + public File tempDirectory; private static final Path TEST_CONFIG_FILE = Paths.get("src/test/resources/transport-security-options.json"); + private static final ObjectMapper mapper = new ObjectMapper(); @Test - public void can_serialize_and_deserialize_transport_security_options() throws IOException { + void can_serialize_and_deserialize_transport_security_options() throws IOException { TransportSecurityOptions options = new TransportSecurityOptions.Builder() .withCaCertificates(Paths.get("/path/to/ca-certs.pem")) .withCertificates(Paths.get("/path/to/cert.pem"), Paths.get("/path/to/key.pem")) @@ -61,15 +63,15 @@ public class TransportSecurityOptionsJsonSerializerTest { } @Test - public void can_serialize_options_without_authorized_peers() throws IOException { + void can_serialize_options_without_authorized_peers() throws IOException { TransportSecurityOptions options = new TransportSecurityOptions.Builder() .withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key")) .withCaCertificates(Paths.get("my_cas.pem")) - .withAcceptedCiphers(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384" , "TLS_AES_256_GCM_SHA384")) + .withAcceptedCiphers(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384")) .withAcceptedProtocols(Collections.singletonList("TLSv1.2")) .withHostnameValidationDisabled(true) .build(); - File outputFile = tempDirectory.newFile(); + File outputFile = File.createTempFile("junit", null, tempDirectory); try (OutputStream out = Files.newOutputStream(outputFile.toPath())) { new TransportSecurityOptionsJsonSerializer().serialize(out, options); } @@ -79,13 +81,13 @@ public class TransportSecurityOptionsJsonSerializerTest { } @Test - public void disable_hostname_validation_is_not_serialized_if_false() throws IOException { + void disable_hostname_validation_is_not_serialized_if_false() throws IOException { TransportSecurityOptions options = new TransportSecurityOptions.Builder() .withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key")) .withCaCertificates(Paths.get("my_cas.pem")) .withHostnameValidationDisabled(false) .build(); - File outputFile = tempDirectory.newFile(); + File outputFile = File.createTempFile("junit", null, tempDirectory); try (OutputStream out = Files.newOutputStream(outputFile.toPath())) { new TransportSecurityOptionsJsonSerializer().serialize(out, options); } @@ -96,4 +98,8 @@ public class TransportSecurityOptionsJsonSerializerTest { assertJsonEquals(expectedOutput, actualOutput); } + private static void assertJsonEquals(String inputJson, String expectedJson) throws JsonProcessingException { + assertEquals(mapper.readTree(expectedJson), mapper.readTree(inputJson)); + } + } diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java index 7d67c492170..089a4ca6de5 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java @@ -1,7 +1,7 @@ // Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security.tls; -import org.junit.Test; +import org.junit.jupiter.api.Test; import java.io.IOException; import java.nio.charset.StandardCharsets; @@ -11,7 +11,7 @@ import java.nio.file.Paths; import java.util.Arrays; import java.util.Collections; -import static org.junit.Assert.assertEquals; +import static org.junit.jupiter.api.Assertions.assertEquals; /** * @author bjorncs @@ -28,13 +28,13 @@ public class TransportSecurityOptionsTest { .build(); @Test - public void can_read_options_from_json_file() { + void can_read_options_from_json_file() { TransportSecurityOptions actualOptions = TransportSecurityOptions.fromJsonFile(TEST_CONFIG_FILE); assertEquals(OPTIONS, actualOptions); } @Test - public void can_read_options_from_json() throws IOException { + void can_read_options_from_json() throws IOException { String tlsJson = new String(Files.readAllBytes(TEST_CONFIG_FILE), StandardCharsets.UTF_8); TransportSecurityOptions actualOptions = TransportSecurityOptions.fromJson(tlsJson); assertEquals(OPTIONS, actualOptions); |