diff options
Diffstat (limited to 'security-utils/src')
10 files changed, 32 insertions, 47 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java b/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java index c4c01ca130c..0901ea5931f 100644 --- a/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java +++ b/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java @@ -15,8 +15,6 @@ import java.security.cert.X509Certificate; import java.util.ArrayList; import java.util.List; -import static java.util.Collections.singletonList; - /** * @author bjorncs */ @@ -53,7 +51,7 @@ public class KeyStoreBuilder { } public KeyStoreBuilder withKeyEntry(String alias, PrivateKey privateKey, char[] password, X509Certificate certificate) { - return withKeyEntry(alias, privateKey, password, singletonList(certificate)); + return withKeyEntry(alias, privateKey, password, List.of(certificate)); } public KeyStoreBuilder withKeyEntry(String alias, PrivateKey privateKey, X509Certificate certificate) { diff --git a/security-utils/src/main/java/com/yahoo/security/Pkcs10Csr.java b/security-utils/src/main/java/com/yahoo/security/Pkcs10Csr.java index 78a00246d38..d1c9ae582b7 100644 --- a/security-utils/src/main/java/com/yahoo/security/Pkcs10Csr.java +++ b/security-utils/src/main/java/com/yahoo/security/Pkcs10Csr.java @@ -15,8 +15,6 @@ import java.util.List; import java.util.Objects; import java.util.Optional; -import static java.util.Collections.emptyList; - /** * @author bjorncs */ @@ -40,7 +38,7 @@ public class Pkcs10Csr { return getExtensions() .map(extensions -> GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName)) .map(SubjectAlternativeName::fromGeneralNames) - .orElse(emptyList()); + .orElse(List.of()); } /** @@ -57,7 +55,7 @@ public class Pkcs10Csr { .map(extensions -> Arrays.stream(extensions.getExtensionOIDs()) .map(ASN1ObjectIdentifier::getId) .toList()) - .orElse(emptyList()); + .orElse(List.of()); } diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java index cedad3afc9b..8fecbb72a43 100644 --- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java +++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java @@ -18,8 +18,6 @@ import java.security.PrivateKey; import java.security.cert.X509Certificate; import java.util.List; -import static java.util.Collections.singletonList; - /** * A builder for {@link SSLContext}. * @@ -48,7 +46,7 @@ public class SslContextBuilder { } public SslContextBuilder withTrustStore(X509Certificate caCertificate) { - return withTrustStore(singletonList(caCertificate)); + return withTrustStore(List.of(caCertificate)); } public SslContextBuilder withTrustStore(List<X509Certificate> caCertificates) { @@ -66,7 +64,7 @@ public class SslContextBuilder { } public SslContextBuilder withKeyStore(PrivateKey privateKey, X509Certificate certificate) { - return withKeyStore(privateKey, singletonList(certificate)); + return withKeyStore(privateKey, List.of(certificate)); } public SslContextBuilder withKeyStore(PrivateKey privateKey, List<X509Certificate> certificates) { diff --git a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java index 171a8e890d0..f615ff2e832 100644 --- a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java @@ -34,7 +34,6 @@ import java.security.cert.X509Certificate; import java.time.Duration; import java.time.Instant; import java.util.ArrayList; -import java.util.Collections; import java.util.List; import java.util.Optional; import java.util.Random; @@ -150,7 +149,7 @@ public class X509CertificateUtils { public static List<SubjectAlternativeName> getSubjectAlternativeNames(X509Certificate certificate) { try { byte[] extensionValue = certificate.getExtensionValue(SUBJECT_ALTERNATIVE_NAMES.getOId()); - if (extensionValue == null) return Collections.emptyList(); + if (extensionValue == null) return List.of(); ASN1Encodable asn1Encodable = ASN1Primitive.fromByteArray(extensionValue); if (asn1Encodable instanceof ASN1OctetString) { asn1Encodable = ASN1Primitive.fromByteArray(((ASN1OctetString) asn1Encodable).getOctets()); diff --git a/security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java b/security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java index e80d3840bce..afd5fa315a6 100644 --- a/security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java +++ b/security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java @@ -3,7 +3,6 @@ package com.yahoo.security; import java.security.PrivateKey; import java.security.cert.X509Certificate; -import java.util.Collections; import java.util.List; /** @@ -18,7 +17,7 @@ public class X509CertificateWithKey { private final PrivateKey privateKey; public X509CertificateWithKey(X509Certificate certificate, PrivateKey privateKey) { - this(Collections.singletonList(certificate), privateKey); + this(List.of(certificate), privateKey); } public X509CertificateWithKey(List<X509Certificate> certificate, PrivateKey privateKey) { diff --git a/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java b/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java index e6f3450332d..ee54a80f732 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java @@ -3,11 +3,10 @@ package com.yahoo.security.tls; import org.junit.jupiter.api.Test; -import java.util.HashSet; +import java.util.List; +import java.util.Set; import static com.yahoo.security.tls.RequiredPeerCredential.Field.CN; -import static java.util.Arrays.asList; -import static java.util.Collections.singletonList; import static org.junit.jupiter.api.Assertions.assertThrows; /** @@ -18,9 +17,9 @@ public class AuthorizedPeersTest { @Test void throws_exception_on_peer_policies_with_duplicate_names() { assertThrows(IllegalArgumentException.class, () -> { - PeerPolicy peerPolicy1 = new PeerPolicy("duplicate-name", singletonList(RequiredPeerCredential.of(CN, "mycfgserver"))); - PeerPolicy peerPolicy2 = new PeerPolicy("duplicate-name", singletonList(RequiredPeerCredential.of(CN, "myclient"))); - new AuthorizedPeers(new HashSet<>(asList(peerPolicy1, peerPolicy2))); + PeerPolicy peerPolicy1 = new PeerPolicy("duplicate-name", List.of(RequiredPeerCredential.of(CN, "mycfgserver"))); + PeerPolicy peerPolicy2 = new PeerPolicy("duplicate-name", List.of(RequiredPeerCredential.of(CN, "myclient"))); + new AuthorizedPeers(Set.of(peerPolicy1, peerPolicy2)); }); } diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java index ec7d5b8ca05..267e770050d 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java @@ -18,7 +18,6 @@ import static com.yahoo.security.X509CertificateBuilder.generateRandomSerialNumb import static java.time.Instant.EPOCH; import static java.time.temporal.ChronoUnit.DAYS; import static java.util.Collections.singleton; -import static java.util.Collections.singletonList; import static org.assertj.core.api.Assertions.assertThat; /** @@ -38,7 +37,7 @@ public class DefaultTlsContextTest { singleton( new PeerPolicy( "dummy-policy", - singletonList(RequiredPeerCredential.of(RequiredPeerCredential.Field.CN, "dummy"))))); + List.of(RequiredPeerCredential.of(RequiredPeerCredential.Field.CN, "dummy"))))); DefaultTlsContext tlsContext = DefaultTlsContext.of( diff --git a/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java index 112cfa75102..91ce19574fe 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java @@ -23,9 +23,6 @@ import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; import static com.yahoo.security.tls.RequiredPeerCredential.Field.CN; import static com.yahoo.security.tls.RequiredPeerCredential.Field.SAN_DNS; import static com.yahoo.security.tls.RequiredPeerCredential.Field.SAN_URI; -import static java.util.Arrays.asList; -import static java.util.Collections.emptyList; -import static java.util.Collections.singletonList; import static java.util.stream.Collectors.toSet; import static org.assertj.core.api.Assertions.assertThat; import static org.junit.jupiter.api.Assertions.assertFalse; @@ -45,13 +42,13 @@ public class PeerAuthorizerTest { RequiredPeerCredential sanRequirement = createRequiredCredential(SAN_DNS, "*.matching.san"); PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, cnRequirement, sanRequirement)); - ConnectionAuthContext result = authorizer.authorizePeer(createCertificate("foo.matching.cn", asList("foo.matching.san", "foo.invalid.san"), emptyList())); + ConnectionAuthContext result = authorizer.authorizePeer(createCertificate("foo.matching.cn", List.of("foo.matching.san", "foo.invalid.san"), List.of())); assertAuthorized(result); assertThat(result.matchedPolicies()).containsOnly(POLICY_1); - assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", singletonList("foo.matching.san"), emptyList()))); - assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", asList("foo.matching.san", "foo.invalid.san"), emptyList()))); - assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.invalid.san"), emptyList()))); + assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", List.of("foo.matching.san"), List.of()))); + assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", List.of("foo.matching.san", "foo.invalid.san"), List.of()))); + assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", List.of("foo.invalid.san"), List.of()))); } @Test @@ -64,7 +61,7 @@ public class PeerAuthorizerTest { createPolicy(POLICY_2, cnRequirement, sanRequirement)); ConnectionAuthContext result = peerAuthorizer - .authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.matching.san"), emptyList())); + .authorizePeer(createCertificate("foo.matching.cn", List.of("foo.matching.san"), List.of())); assertAuthorized(result); assertThat(result.matchedPolicies()).containsOnly(POLICY_1, POLICY_2); } @@ -75,7 +72,7 @@ public class PeerAuthorizerTest { createPolicy(POLICY_1, createRequiredCredential(CN, "*.matching.cn")), createPolicy(POLICY_2, createRequiredCredential(SAN_DNS, "*.matching.san"))); - ConnectionAuthContext result = peerAuthorizer.authorizePeer(createCertificate("foo.invalid.cn", singletonList("foo.matching.san"), emptyList())); + ConnectionAuthContext result = peerAuthorizer.authorizePeer(createCertificate("foo.invalid.cn", List.of("foo.matching.san"), List.of())); assertAuthorized(result); assertThat(result.matchedPolicies()).containsOnly(POLICY_2); } @@ -89,9 +86,9 @@ public class PeerAuthorizerTest { PeerAuthorizer peerAuthorizer = createPeerAuthorizer( createPolicy(POLICY_1, cnSuffixRequirement, cnPrefixRequirement, sanPrefixRequirement, sanSuffixRequirement)); - assertAuthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", singletonList("matching.prefix.matching.suffix.san"), emptyList()))); - assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", singletonList("matching.prefix.invalid.suffix.san"), emptyList()))); - assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("invalid.prefix.matching.suffix.cn", singletonList("matching.prefix.matching.suffix.san"), emptyList()))); + assertAuthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", List.of("matching.prefix.matching.suffix.san"), List.of()))); + assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", List.of("matching.prefix.invalid.suffix.san"), List.of()))); + assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("invalid.prefix.matching.suffix.cn", List.of("matching.prefix.matching.suffix.san"), List.of()))); } @Test @@ -100,11 +97,11 @@ public class PeerAuthorizerTest { RequiredPeerCredential sanUriRequirement = createRequiredCredential(SAN_URI, "myscheme://my/*/uri"); PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, cnRequirement, sanUriRequirement)); - ConnectionAuthContext result = authorizer.authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.irrelevant.san"), singletonList("myscheme://my/matching/uri"))); + ConnectionAuthContext result = authorizer.authorizePeer(createCertificate("foo.matching.cn", List.of("foo.irrelevant.san"), List.of("myscheme://my/matching/uri"))); assertAuthorized(result); assertThat(result.matchedPolicies()).containsOnly(POLICY_1); - assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", emptyList(), singletonList("myscheme://my/nonmatching/url")))); + assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", List.of(), List.of("myscheme://my/nonmatching/url")))); } @Test @@ -145,7 +142,7 @@ public class PeerAuthorizerTest { } private static PeerPolicy createPolicy(String name, RequiredPeerCredential... requiredCredentials) { - return new PeerPolicy(name, asList(requiredCredentials)); + return new PeerPolicy(name, List.of(requiredCredentials)); } private static PeerPolicy createPolicy(String name, List<Capability> caps, List<RequiredPeerCredential> creds) { diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java index 1871bb43569..cde1a346fc9 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java @@ -15,8 +15,8 @@ import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; import java.util.Arrays; -import java.util.Collections; import java.util.LinkedHashSet; +import java.util.List; import java.util.Optional; import static com.yahoo.security.tls.RequiredPeerCredential.Field.CN; @@ -50,7 +50,7 @@ public class TransportSecurityOptionsJsonSerializerTest { RequiredPeerCredential.of(SAN_URI, "myscheme://resource/path/"))), new PeerPolicy("node", Optional.empty(), CapabilitySet.of(Capability.SLOBROK__API), - Collections.singletonList(RequiredPeerCredential.of(CN, "hostname"))))))) + List.of(RequiredPeerCredential.of(CN, "hostname"))))))) .build(); ByteArrayOutputStream out = new ByteArrayOutputStream(); @@ -68,7 +68,7 @@ public class TransportSecurityOptionsJsonSerializerTest { .withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key")) .withCaCertificates(Paths.get("my_cas.pem")) .withAcceptedCiphers(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384")) - .withAcceptedProtocols(Collections.singletonList("TLSv1.2")) + .withAcceptedProtocols(List.of("TLSv1.2")) .withHostnameValidationDisabled(true) .build(); File outputFile = File.createTempFile("junit", null, tempDirectory); diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java index 08e573fed7e..188a6a1568a 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java @@ -4,12 +4,10 @@ package com.yahoo.security.tls; import org.junit.jupiter.api.Test; import java.io.IOException; -import java.nio.charset.StandardCharsets; import java.nio.file.Files; import java.nio.file.Path; import java.nio.file.Paths; -import java.util.Arrays; -import java.util.Collections; +import java.util.List; import static org.junit.jupiter.api.Assertions.assertEquals; @@ -22,8 +20,8 @@ public class TransportSecurityOptionsTest { private static final TransportSecurityOptions OPTIONS = new TransportSecurityOptions.Builder() .withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key")) .withCaCertificates(Paths.get("my_cas.pem")) - .withAcceptedCiphers(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384")) - .withAcceptedProtocols(Collections.singletonList("TLSv1.2")) + .withAcceptedCiphers(List.of("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384")) + .withAcceptedProtocols(List.of("TLSv1.2")) .withHostnameValidationDisabled(true) .build(); @@ -35,7 +33,7 @@ public class TransportSecurityOptionsTest { @Test void can_read_options_from_json() throws IOException { - String tlsJson = new String(Files.readAllBytes(TEST_CONFIG_FILE), StandardCharsets.UTF_8); + String tlsJson = Files.readString(TEST_CONFIG_FILE); TransportSecurityOptions actualOptions = TransportSecurityOptions.fromJson(tlsJson); assertEquals(OPTIONS, actualOptions); } |