summaryrefslogtreecommitdiffstats
path: root/security-utils/src
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java4
-rw-r--r--security-utils/src/main/java/com/yahoo/security/Pkcs10Csr.java6
-rw-r--r--security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java6
-rw-r--r--security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java3
-rw-r--r--security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java3
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java11
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java3
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java27
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java6
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java10
10 files changed, 32 insertions, 47 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java b/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java
index c4c01ca130c..0901ea5931f 100644
--- a/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java
+++ b/security-utils/src/main/java/com/yahoo/security/KeyStoreBuilder.java
@@ -15,8 +15,6 @@ import java.security.cert.X509Certificate;
import java.util.ArrayList;
import java.util.List;
-import static java.util.Collections.singletonList;
-
/**
* @author bjorncs
*/
@@ -53,7 +51,7 @@ public class KeyStoreBuilder {
}
public KeyStoreBuilder withKeyEntry(String alias, PrivateKey privateKey, char[] password, X509Certificate certificate) {
- return withKeyEntry(alias, privateKey, password, singletonList(certificate));
+ return withKeyEntry(alias, privateKey, password, List.of(certificate));
}
public KeyStoreBuilder withKeyEntry(String alias, PrivateKey privateKey, X509Certificate certificate) {
diff --git a/security-utils/src/main/java/com/yahoo/security/Pkcs10Csr.java b/security-utils/src/main/java/com/yahoo/security/Pkcs10Csr.java
index 78a00246d38..d1c9ae582b7 100644
--- a/security-utils/src/main/java/com/yahoo/security/Pkcs10Csr.java
+++ b/security-utils/src/main/java/com/yahoo/security/Pkcs10Csr.java
@@ -15,8 +15,6 @@ import java.util.List;
import java.util.Objects;
import java.util.Optional;
-import static java.util.Collections.emptyList;
-
/**
* @author bjorncs
*/
@@ -40,7 +38,7 @@ public class Pkcs10Csr {
return getExtensions()
.map(extensions -> GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName))
.map(SubjectAlternativeName::fromGeneralNames)
- .orElse(emptyList());
+ .orElse(List.of());
}
/**
@@ -57,7 +55,7 @@ public class Pkcs10Csr {
.map(extensions -> Arrays.stream(extensions.getExtensionOIDs())
.map(ASN1ObjectIdentifier::getId)
.toList())
- .orElse(emptyList());
+ .orElse(List.of());
}
diff --git a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
index cedad3afc9b..8fecbb72a43 100644
--- a/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
+++ b/security-utils/src/main/java/com/yahoo/security/SslContextBuilder.java
@@ -18,8 +18,6 @@ import java.security.PrivateKey;
import java.security.cert.X509Certificate;
import java.util.List;
-import static java.util.Collections.singletonList;
-
/**
* A builder for {@link SSLContext}.
*
@@ -48,7 +46,7 @@ public class SslContextBuilder {
}
public SslContextBuilder withTrustStore(X509Certificate caCertificate) {
- return withTrustStore(singletonList(caCertificate));
+ return withTrustStore(List.of(caCertificate));
}
public SslContextBuilder withTrustStore(List<X509Certificate> caCertificates) {
@@ -66,7 +64,7 @@ public class SslContextBuilder {
}
public SslContextBuilder withKeyStore(PrivateKey privateKey, X509Certificate certificate) {
- return withKeyStore(privateKey, singletonList(certificate));
+ return withKeyStore(privateKey, List.of(certificate));
}
public SslContextBuilder withKeyStore(PrivateKey privateKey, List<X509Certificate> certificates) {
diff --git a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
index 171a8e890d0..f615ff2e832 100644
--- a/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/X509CertificateUtils.java
@@ -34,7 +34,6 @@ import java.security.cert.X509Certificate;
import java.time.Duration;
import java.time.Instant;
import java.util.ArrayList;
-import java.util.Collections;
import java.util.List;
import java.util.Optional;
import java.util.Random;
@@ -150,7 +149,7 @@ public class X509CertificateUtils {
public static List<SubjectAlternativeName> getSubjectAlternativeNames(X509Certificate certificate) {
try {
byte[] extensionValue = certificate.getExtensionValue(SUBJECT_ALTERNATIVE_NAMES.getOId());
- if (extensionValue == null) return Collections.emptyList();
+ if (extensionValue == null) return List.of();
ASN1Encodable asn1Encodable = ASN1Primitive.fromByteArray(extensionValue);
if (asn1Encodable instanceof ASN1OctetString) {
asn1Encodable = ASN1Primitive.fromByteArray(((ASN1OctetString) asn1Encodable).getOctets());
diff --git a/security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java b/security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java
index e80d3840bce..afd5fa315a6 100644
--- a/security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java
+++ b/security-utils/src/main/java/com/yahoo/security/X509CertificateWithKey.java
@@ -3,7 +3,6 @@ package com.yahoo.security;
import java.security.PrivateKey;
import java.security.cert.X509Certificate;
-import java.util.Collections;
import java.util.List;
/**
@@ -18,7 +17,7 @@ public class X509CertificateWithKey {
private final PrivateKey privateKey;
public X509CertificateWithKey(X509Certificate certificate, PrivateKey privateKey) {
- this(Collections.singletonList(certificate), privateKey);
+ this(List.of(certificate), privateKey);
}
public X509CertificateWithKey(List<X509Certificate> certificate, PrivateKey privateKey) {
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java b/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java
index e6f3450332d..ee54a80f732 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/AuthorizedPeersTest.java
@@ -3,11 +3,10 @@ package com.yahoo.security.tls;
import org.junit.jupiter.api.Test;
-import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
import static com.yahoo.security.tls.RequiredPeerCredential.Field.CN;
-import static java.util.Arrays.asList;
-import static java.util.Collections.singletonList;
import static org.junit.jupiter.api.Assertions.assertThrows;
/**
@@ -18,9 +17,9 @@ public class AuthorizedPeersTest {
@Test
void throws_exception_on_peer_policies_with_duplicate_names() {
assertThrows(IllegalArgumentException.class, () -> {
- PeerPolicy peerPolicy1 = new PeerPolicy("duplicate-name", singletonList(RequiredPeerCredential.of(CN, "mycfgserver")));
- PeerPolicy peerPolicy2 = new PeerPolicy("duplicate-name", singletonList(RequiredPeerCredential.of(CN, "myclient")));
- new AuthorizedPeers(new HashSet<>(asList(peerPolicy1, peerPolicy2)));
+ PeerPolicy peerPolicy1 = new PeerPolicy("duplicate-name", List.of(RequiredPeerCredential.of(CN, "mycfgserver")));
+ PeerPolicy peerPolicy2 = new PeerPolicy("duplicate-name", List.of(RequiredPeerCredential.of(CN, "myclient")));
+ new AuthorizedPeers(Set.of(peerPolicy1, peerPolicy2));
});
}
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
index ec7d5b8ca05..267e770050d 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
@@ -18,7 +18,6 @@ import static com.yahoo.security.X509CertificateBuilder.generateRandomSerialNumb
import static java.time.Instant.EPOCH;
import static java.time.temporal.ChronoUnit.DAYS;
import static java.util.Collections.singleton;
-import static java.util.Collections.singletonList;
import static org.assertj.core.api.Assertions.assertThat;
/**
@@ -38,7 +37,7 @@ public class DefaultTlsContextTest {
singleton(
new PeerPolicy(
"dummy-policy",
- singletonList(RequiredPeerCredential.of(RequiredPeerCredential.Field.CN, "dummy")))));
+ List.of(RequiredPeerCredential.of(RequiredPeerCredential.Field.CN, "dummy")))));
DefaultTlsContext tlsContext =
DefaultTlsContext.of(
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java
index 112cfa75102..91ce19574fe 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/PeerAuthorizerTest.java
@@ -23,9 +23,6 @@ import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA;
import static com.yahoo.security.tls.RequiredPeerCredential.Field.CN;
import static com.yahoo.security.tls.RequiredPeerCredential.Field.SAN_DNS;
import static com.yahoo.security.tls.RequiredPeerCredential.Field.SAN_URI;
-import static java.util.Arrays.asList;
-import static java.util.Collections.emptyList;
-import static java.util.Collections.singletonList;
import static java.util.stream.Collectors.toSet;
import static org.assertj.core.api.Assertions.assertThat;
import static org.junit.jupiter.api.Assertions.assertFalse;
@@ -45,13 +42,13 @@ public class PeerAuthorizerTest {
RequiredPeerCredential sanRequirement = createRequiredCredential(SAN_DNS, "*.matching.san");
PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, cnRequirement, sanRequirement));
- ConnectionAuthContext result = authorizer.authorizePeer(createCertificate("foo.matching.cn", asList("foo.matching.san", "foo.invalid.san"), emptyList()));
+ ConnectionAuthContext result = authorizer.authorizePeer(createCertificate("foo.matching.cn", List.of("foo.matching.san", "foo.invalid.san"), List.of()));
assertAuthorized(result);
assertThat(result.matchedPolicies()).containsOnly(POLICY_1);
- assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", singletonList("foo.matching.san"), emptyList())));
- assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", asList("foo.matching.san", "foo.invalid.san"), emptyList())));
- assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.invalid.san"), emptyList())));
+ assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", List.of("foo.matching.san"), List.of())));
+ assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.invalid.cn", List.of("foo.matching.san", "foo.invalid.san"), List.of())));
+ assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", List.of("foo.invalid.san"), List.of())));
}
@Test
@@ -64,7 +61,7 @@ public class PeerAuthorizerTest {
createPolicy(POLICY_2, cnRequirement, sanRequirement));
ConnectionAuthContext result = peerAuthorizer
- .authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.matching.san"), emptyList()));
+ .authorizePeer(createCertificate("foo.matching.cn", List.of("foo.matching.san"), List.of()));
assertAuthorized(result);
assertThat(result.matchedPolicies()).containsOnly(POLICY_1, POLICY_2);
}
@@ -75,7 +72,7 @@ public class PeerAuthorizerTest {
createPolicy(POLICY_1, createRequiredCredential(CN, "*.matching.cn")),
createPolicy(POLICY_2, createRequiredCredential(SAN_DNS, "*.matching.san")));
- ConnectionAuthContext result = peerAuthorizer.authorizePeer(createCertificate("foo.invalid.cn", singletonList("foo.matching.san"), emptyList()));
+ ConnectionAuthContext result = peerAuthorizer.authorizePeer(createCertificate("foo.invalid.cn", List.of("foo.matching.san"), List.of()));
assertAuthorized(result);
assertThat(result.matchedPolicies()).containsOnly(POLICY_2);
}
@@ -89,9 +86,9 @@ public class PeerAuthorizerTest {
PeerAuthorizer peerAuthorizer = createPeerAuthorizer(
createPolicy(POLICY_1, cnSuffixRequirement, cnPrefixRequirement, sanPrefixRequirement, sanSuffixRequirement));
- assertAuthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", singletonList("matching.prefix.matching.suffix.san"), emptyList())));
- assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", singletonList("matching.prefix.invalid.suffix.san"), emptyList())));
- assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("invalid.prefix.matching.suffix.cn", singletonList("matching.prefix.matching.suffix.san"), emptyList())));
+ assertAuthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", List.of("matching.prefix.matching.suffix.san"), List.of())));
+ assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("matching.prefix.matching.suffix.cn", List.of("matching.prefix.invalid.suffix.san"), List.of())));
+ assertUnauthorized(peerAuthorizer.authorizePeer(createCertificate("invalid.prefix.matching.suffix.cn", List.of("matching.prefix.matching.suffix.san"), List.of())));
}
@Test
@@ -100,11 +97,11 @@ public class PeerAuthorizerTest {
RequiredPeerCredential sanUriRequirement = createRequiredCredential(SAN_URI, "myscheme://my/*/uri");
PeerAuthorizer authorizer = createPeerAuthorizer(createPolicy(POLICY_1, cnRequirement, sanUriRequirement));
- ConnectionAuthContext result = authorizer.authorizePeer(createCertificate("foo.matching.cn", singletonList("foo.irrelevant.san"), singletonList("myscheme://my/matching/uri")));
+ ConnectionAuthContext result = authorizer.authorizePeer(createCertificate("foo.matching.cn", List.of("foo.irrelevant.san"), List.of("myscheme://my/matching/uri")));
assertAuthorized(result);
assertThat(result.matchedPolicies()).containsOnly(POLICY_1);
- assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", emptyList(), singletonList("myscheme://my/nonmatching/url"))));
+ assertUnauthorized(authorizer.authorizePeer(createCertificate("foo.matching.cn", List.of(), List.of("myscheme://my/nonmatching/url"))));
}
@Test
@@ -145,7 +142,7 @@ public class PeerAuthorizerTest {
}
private static PeerPolicy createPolicy(String name, RequiredPeerCredential... requiredCredentials) {
- return new PeerPolicy(name, asList(requiredCredentials));
+ return new PeerPolicy(name, List.of(requiredCredentials));
}
private static PeerPolicy createPolicy(String name, List<Capability> caps, List<RequiredPeerCredential> creds) {
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java
index 1871bb43569..cde1a346fc9 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsJsonSerializerTest.java
@@ -15,8 +15,8 @@ import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
import java.util.Arrays;
-import java.util.Collections;
import java.util.LinkedHashSet;
+import java.util.List;
import java.util.Optional;
import static com.yahoo.security.tls.RequiredPeerCredential.Field.CN;
@@ -50,7 +50,7 @@ public class TransportSecurityOptionsJsonSerializerTest {
RequiredPeerCredential.of(SAN_URI, "myscheme://resource/path/"))),
new PeerPolicy("node", Optional.empty(),
CapabilitySet.of(Capability.SLOBROK__API),
- Collections.singletonList(RequiredPeerCredential.of(CN, "hostname")))))))
+ List.of(RequiredPeerCredential.of(CN, "hostname")))))))
.build();
ByteArrayOutputStream out = new ByteArrayOutputStream();
@@ -68,7 +68,7 @@ public class TransportSecurityOptionsJsonSerializerTest {
.withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key"))
.withCaCertificates(Paths.get("my_cas.pem"))
.withAcceptedCiphers(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384"))
- .withAcceptedProtocols(Collections.singletonList("TLSv1.2"))
+ .withAcceptedProtocols(List.of("TLSv1.2"))
.withHostnameValidationDisabled(true)
.build();
File outputFile = File.createTempFile("junit", null, tempDirectory);
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java
index 08e573fed7e..188a6a1568a 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/TransportSecurityOptionsTest.java
@@ -4,12 +4,10 @@ package com.yahoo.security.tls;
import org.junit.jupiter.api.Test;
import java.io.IOException;
-import java.nio.charset.StandardCharsets;
import java.nio.file.Files;
import java.nio.file.Path;
import java.nio.file.Paths;
-import java.util.Arrays;
-import java.util.Collections;
+import java.util.List;
import static org.junit.jupiter.api.Assertions.assertEquals;
@@ -22,8 +20,8 @@ public class TransportSecurityOptionsTest {
private static final TransportSecurityOptions OPTIONS = new TransportSecurityOptions.Builder()
.withCertificates(Paths.get("certs.pem"), Paths.get("myhost.key"))
.withCaCertificates(Paths.get("my_cas.pem"))
- .withAcceptedCiphers(Arrays.asList("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384"))
- .withAcceptedProtocols(Collections.singletonList("TLSv1.2"))
+ .withAcceptedCiphers(List.of("TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384", "TLS_AES_256_GCM_SHA384"))
+ .withAcceptedProtocols(List.of("TLSv1.2"))
.withHostnameValidationDisabled(true)
.build();
@@ -35,7 +33,7 @@ public class TransportSecurityOptionsTest {
@Test
void can_read_options_from_json() throws IOException {
- String tlsJson = new String(Files.readAllBytes(TEST_CONFIG_FILE), StandardCharsets.UTF_8);
+ String tlsJson = Files.readString(TEST_CONFIG_FILE);
TransportSecurityOptions actualOptions = TransportSecurityOptions.fromJson(tlsJson);
assertEquals(OPTIONS, actualOptions);
}