summaryrefslogtreecommitdiffstats
path: root/security-utils/src/test/java
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src/test/java')
-rw-r--r--security-utils/src/test/java/com/yahoo/security/Pkcs10CsrTest.java5
-rw-r--r--security-utils/src/test/java/com/yahoo/security/X509CertificateBuilderTest.java4
-rw-r--r--security-utils/src/test/java/com/yahoo/security/X509CertificateUtilsTest.java3
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java11
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java3
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java27
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java13
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java10
8 files changed, 33 insertions, 43 deletions
diff --git a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrTest.java b/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrTest.java
index 04282ceaac7..b78fa16ae56 100644
--- a/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/Pkcs10CsrTest.java
@@ -5,7 +5,6 @@ import org.junit.jupiter.api.Test;
import javax.security.auth.x500.X500Principal;
import java.security.KeyPair;
-import java.util.Arrays;
import java.util.List;
import static com.yahoo.security.SubjectAlternativeName.Type.DNS;
@@ -27,7 +26,7 @@ public class Pkcs10CsrTest {
.addSubjectAlternativeName(san1)
.addSubjectAlternativeName(san2)
.build();
- assertEquals(Arrays.asList(san1, san2), csr.getSubjectAlternativeNames());
+ assertEquals(List.of(san1, san2), csr.getSubjectAlternativeNames());
}
@Test
@@ -49,7 +48,7 @@ public class Pkcs10CsrTest {
.addSubjectAlternativeName("san")
.setBasicConstraints(true, true)
.build();
- List<String> expected = Arrays.asList(Extension.BASIC_CONSTRAINTS.getOId(), Extension.SUBJECT_ALTERNATIVE_NAMES.getOId());
+ List<String> expected = List.of(Extension.BASIC_CONSTRAINTS.getOId(), Extension.SUBJECT_ALTERNATIVE_NAMES.getOId());
List<String> actual = csr.getExtensionOIds();
assertEquals(expected, actual);
}
diff --git a/security-utils/src/test/java/com/yahoo/security/X509CertificateBuilderTest.java b/security-utils/src/test/java/com/yahoo/security/X509CertificateBuilderTest.java
index d91c9fc23f2..5d5cc7b7fa5 100644
--- a/security-utils/src/test/java/com/yahoo/security/X509CertificateBuilderTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/X509CertificateBuilderTest.java
@@ -10,8 +10,8 @@ import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
-import java.util.Arrays;
import java.util.Collection;
+import java.util.List;
import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -21,7 +21,7 @@ import static org.junit.jupiter.api.Assertions.assertEquals;
public class X509CertificateBuilderTest {
public static Collection<Object[]> data() {
- return Arrays.asList(new Object[][]{
+ return List.of(new Object[][]{
{KeyAlgorithm.RSA, 2048, SignatureAlgorithm.SHA512_WITH_RSA},
{KeyAlgorithm.EC, 256, SignatureAlgorithm.SHA512_WITH_ECDSA}});
}
diff --git a/security-utils/src/test/java/com/yahoo/security/X509CertificateUtilsTest.java b/security-utils/src/test/java/com/yahoo/security/X509CertificateUtilsTest.java
index 6ac71a264b3..e67dce9fd8f 100644
--- a/security-utils/src/test/java/com/yahoo/security/X509CertificateUtilsTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/X509CertificateUtilsTest.java
@@ -9,7 +9,6 @@ import java.security.KeyPair;
import java.security.cert.X509Certificate;
import java.time.Instant;
import java.time.temporal.ChronoUnit;
-import java.util.Arrays;
import java.util.List;
import static com.yahoo.security.SubjectAlternativeName.Type.DNS;
@@ -42,7 +41,7 @@ public class X509CertificateUtilsTest {
X509Certificate cert1 = TestUtils.createCertificate(keypair, subject1);
X500Principal subject2 = new X500Principal("CN=myservice2");
X509Certificate cert2 = TestUtils.createCertificate(keypair, subject2);
- List<X509Certificate> certificateList = Arrays.asList(cert1, cert2);
+ List<X509Certificate> certificateList = List.of(cert1, cert2);
String pem = X509CertificateUtils.toPem(certificateList);
List<X509Certificate> deserializedCertificateList = X509CertificateUtils.certificateListFromPem(pem);
assertEquals(2, certificateList.size());
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java b/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java
index e6f3450332d..ee54a80f732 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java
@@ -3,11 +3,10 @@ package com.yahoo.security.tls;
import org.junit.jupiter.api.Test;
-import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
import static com.yahoo.security.tls.RequiredPeerCredential.Field.CN;
-import static java.util.Arrays.asList;
-import static java.util.Collections.singletonList;
import static org.junit.jupiter.api.Assertions.assertThrows;
/**
@@ -18,9 +17,9 @@ public class AuthorizedPeersTest {
@Test
void throws_exception_on_peer_policies_with_duplicate_names() {
assertThrows(IllegalArgumentException.class, () -> {
- PeerPolicy peerPolicy1 = new PeerPolicy("duplicate-name", singletonList(RequiredPeerCredential.of(CN, "mycfgserver")));
- PeerPolicy peerPolicy2 = new PeerPolicy("duplicate-name", singletonList(RequiredPeerCredential.of(CN, "myclient")));
- new AuthorizedPeers(new HashSet<>(asList(peerPolicy1, peerPolicy2)));
+ PeerPolicy peerPolicy1 = new PeerPolicy("duplicate-name", List.of(RequiredPeerCredential.of(CN, "mycfgserver")));
+ PeerPolicy peerPolicy2 = new PeerPolicy("duplicate-name", List.of(RequiredPeerCredential.of(CN, "myclient")));
+ new AuthorizedPeers(Set.of(peerPolicy1, peerPolicy2));
});
}
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
index ec7d5b8ca05..267e770050d 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
@@ -18,7 +18,6 @@ import static com.yahoo.security.X509CertificateBuilder.generateRandomSerialNumb
import static java.time.Instant.EPOCH;
import static java.time.temporal.ChronoUnit.DAYS;
import static java.util.Collections.singleton;
-import static java.util.Collections.singletonList;
import static org.assertj.core.api.Assertions.assertThat;
/**
@@ -38,7 +37,7 @@ public class DefaultTlsContextTest {
singleton(
new PeerPolicy(
"dummy-policy",
- singletonList(RequiredPeerCredential.of(RequiredPeerCredential.Field.CN, "dummy")))));
+ List.of(RequiredPeerCredential.of(RequiredPeerCredential.Field.CN, "dummy")))));
DefaultTlsContext tlsContext =
DefaultTlsContext.of(
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java
index 112cfa75102..91ce19574fe 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java
@@ -23,9 +23,6 @@ import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA;
import static com.yahoo.security.tls.RequiredPeerCredential.Field.CN;
import static com.yahoo.security.tls.RequiredPeerCredential.Field.SAN_DNS;
import static com.yahoo.security.tls.RequiredPeerCredential.Field.SAN_URI;
-import static java.util.Arrays.asList;
-import static java.util.Collections.emptyList;
-import static java.util.Collections.singletonList;
import static java.util.stream.Collectors.toSet;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertFalse;
@@ -45,13 +42,13 @@ public class PeerAuthorizerTest {
RequiredPeerCredential sanRequirement = createRequiredCredential(SAN_DNS, "*.matching.san");
PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, cnRequirement, sanRequirement));
- ConnectionAuthContext result = authorizer.authorizePeer(createCertificate("foo.matching.cn", asList("foo.matching.san", "foo.invalid.san"), emptyList()));
+ ConnectionAuthContext result = authorizer.authorizePeer(createCertificate("foo.matching.cn", List.of("foo.matching.san", "foo.invalid.san"), List.of()));
assertAuthorized(result);
assertThat(result.matchedPolicies()).containsOnly(POLICY_1);
- assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", singletonList("foo.matching.san"), emptyList())));
- assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", asList("foo.matching.san", "foo.invalid.san"), emptyList())));
- assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.invalid.san"), emptyList())));
+ assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", List.of("foo.matching.san"), List.of())));
+ assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", List.of("foo.matching.san", "foo.invalid.san"), List.of())));
+ assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", List.of("foo.invalid.san"), List.of())));
}
@Test
@@ -64,7 +61,7 @@ public class PeerAuthorizerTest {
createPolicy(POLICY_2, cnRequirement, sanRequirement));
ConnectionAuthContext result = peerAuthorizer
- .authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.matching.san"), emptyList()));
+ .authorizePeer(createCertificate("foo.matching.cn", List.of("foo.matching.san"), List.of()));
assertAuthorized(result);
assertThat(result.matchedPolicies()).containsOnly(POLICY_1, POLICY_2);
}
@@ -75,7 +72,7 @@ public class PeerAuthorizerTest {
createPolicy(POLICY_1, createRequiredCredential(CN, "*.matching.cn")),
createPolicy(POLICY_2, createRequiredCredential(SAN_DNS, "*.matching.san")));
- ConnectionAuthContext result = peerAuthorizer.authorizePeer(createCertificate("foo.invalid.cn", singletonList("foo.matching.san"), emptyList()));
+ ConnectionAuthContext result = peerAuthorizer.authorizePeer(createCertificate("foo.invalid.cn", List.of("foo.matching.san"), List.of()));
assertAuthorized(result);
assertThat(result.matchedPolicies()).containsOnly(POLICY_2);
}
@@ -89,9 +86,9 @@ public class PeerAuthorizerTest {
PeerAuthorizer peerAuthorizer = createPeerAuthorizer(
createPolicy(POLICY_1, cnSuffixRequirement, cnPrefixRequirement, sanPrefixRequirement, sanSuffixRequirement));
- assertAuthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", singletonList("matching.prefix.matching.suffix.san"), emptyList())));
- assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", singletonList("matching.prefix.invalid.suffix.san"), emptyList())));
- assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("invalid.prefix.matching.suffix.cn", singletonList("matching.prefix.matching.suffix.san"), emptyList())));
+ assertAuthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", List.of("matching.prefix.matching.suffix.san"), List.of())));
+ assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", List.of("matching.prefix.invalid.suffix.san"), List.of())));
+ assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("invalid.prefix.matching.suffix.cn", List.of("matching.prefix.matching.suffix.san"), List.of())));
}
@Test
@@ -100,11 +97,11 @@ public class PeerAuthorizerTest {
RequiredPeerCredential sanUriRequirement = createRequiredCredential(SAN_URI, "myscheme://my/*/uri");
PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, cnRequirement, sanUriRequirement));
- ConnectionAuthContext result = authorizer.authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.irrelevant.san"), singletonList("myscheme://my/matching/uri")));
+ ConnectionAuthContext result = authorizer.authorizePeer(createCertificate("foo.matching.cn", List.of("foo.irrelevant.san"), List.of("myscheme://my/matching/uri")));
assertAuthorized(result);
assertThat(result.matchedPolicies()).containsOnly(POLICY_1);
- assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", emptyList(), singletonList("myscheme://my/nonmatching/url"))));
+ assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", List.of(), List.of("myscheme://my/nonmatching/url"))));
}
@Test
@@ -145,7 +142,7 @@ public class PeerAuthorizerTest {
}
private static PeerPolicy createPolicy(String name, RequiredPeerCredential... requiredCredentials) {
- return new PeerPolicy(name, asList(requiredCredentials));
+ return new PeerPolicy(name, List.of(requiredCredentials));
}
private static PeerPolicy createPolicy(String name, List<Capability> caps, List<RequiredPeerCredential> creds) {
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java
index 1871bb43569..e7254c12985 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java
@@ -14,9 +14,8 @@ import java.io.OutputStream;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
-import java.util.Arrays;
-import java.util.Collections;
import java.util.LinkedHashSet;
+import java.util.List;
import java.util.Optional;
import static com.yahoo.security.tls.RequiredPeerCredential.Field.CN;
@@ -43,14 +42,14 @@ public class TransportSecurityOptionsJsonSerializerTest {
.withHostnameValidationDisabled(false)
.withAuthorizedPeers(
new AuthorizedPeers(
- new LinkedHashSet<>(Arrays.asList(
- new PeerPolicy("cfgserver", "cfgserver policy description", Arrays.asList(
+ new LinkedHashSet<>(List.of(
+ new PeerPolicy("cfgserver", "cfgserver policy description", List.of(
RequiredPeerCredential.of(CN, "mycfgserver"),
RequiredPeerCredential.of(SAN_DNS, "*.suffix.com"),
RequiredPeerCredential.of(SAN_URI, "myscheme://resource/path/"))),
new PeerPolicy("node", Optional.empty(),
CapabilitySet.of(Capability.SLOBROK__API),
- Collections.singletonList(RequiredPeerCredential.of(CN, "hostname")))))))
+ List.of(RequiredPeerCredential.of(CN, "hostname")))))))
.build();
ByteArrayOutputStream out = new ByteArrayOutputStream();
@@ -67,8 +66,8 @@ public class TransportSecurityOptionsJsonSerializerTest {
TransportSecurityOptions options = new TransportSecurityOptions.Builder()
.withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key"))
.withCaCertificates(Paths.get("my_cas.pem"))
- .withAcceptedCiphers(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384"))
- .withAcceptedProtocols(Collections.singletonList("TLSv1.2"))
+ .withAcceptedCiphers(List.of("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384"))
+ .withAcceptedProtocols(List.of("TLSv1.2"))
.withHostnameValidationDisabled(true)
.build();
File outputFile = File.createTempFile("junit", null, tempDirectory);
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java
index 08e573fed7e..188a6a1568a 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java
@@ -4,12 +4,10 @@ package com.yahoo.security.tls;
import org.junit.jupiter.api.Test;
import java.io.IOException;
-import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
-import java.util.Arrays;
-import java.util.Collections;
+import java.util.List;
import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -22,8 +20,8 @@ public class TransportSecurityOptionsTest {
private static final TransportSecurityOptions OPTIONS = new TransportSecurityOptions.Builder()
.withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key"))
.withCaCertificates(Paths.get("my_cas.pem"))
- .withAcceptedCiphers(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384"))
- .withAcceptedProtocols(Collections.singletonList("TLSv1.2"))
+ .withAcceptedCiphers(List.of("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384"))
+ .withAcceptedProtocols(List.of("TLSv1.2"))
.withHostnameValidationDisabled(true)
.build();
@@ -35,7 +33,7 @@ public class TransportSecurityOptionsTest {
@Test
void can_read_options_from_json() throws IOException {
- String tlsJson = new String(Files.readAllBytes(TEST_CONFIG_FILE), StandardCharsets.UTF_8);
+ String tlsJson = Files.readString(TEST_CONFIG_FILE);
TransportSecurityOptions actualOptions = TransportSecurityOptions.fromJson(tlsJson);
assertEquals(OPTIONS, actualOptions);
}