diff options
Diffstat (limited to 'security-utils')
3 files changed, 18 insertions, 7 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyAlgorithm.java b/security-utils/src/main/java/com/yahoo/security/KeyAlgorithm.java index 3218f81f0d6..732ac2bb12c 100644 --- a/security-utils/src/main/java/com/yahoo/security/KeyAlgorithm.java +++ b/security-utils/src/main/java/com/yahoo/security/KeyAlgorithm.java @@ -1,20 +1,28 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.security; +import java.security.spec.AlgorithmParameterSpec; +import java.security.spec.ECGenParameterSpec; +import java.util.Optional; + /** * @author bjorncs */ public enum KeyAlgorithm { - RSA("RSA"), - EC("EC"); + RSA("RSA", null), + EC("EC", new ECGenParameterSpec("prime256v1")); // TODO Make curve configurable final String algorithmName; + private final AlgorithmParameterSpec spec; - KeyAlgorithm(String algorithmName) { + KeyAlgorithm(String algorithmName, AlgorithmParameterSpec spec) { this.algorithmName = algorithmName; + this.spec = spec; } String getAlgorithmName() { return algorithmName; } + + Optional<AlgorithmParameterSpec> getSpec() { return Optional.ofNullable(spec); } } diff --git a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java index 0d45a62f193..76e0f5419a3 100644 --- a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java @@ -46,6 +46,9 @@ public class KeyUtils { if (keySize != -1) { keyGen.initialize(keySize); } + if (algorithm.getSpec().isPresent()) { + keyGen.initialize(algorithm.getSpec().get()); + } return keyGen.genKeyPair(); } catch (GeneralSecurityException e) { throw new RuntimeException(e); diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java index 659cf06dd6d..cfaa7ba06df 100644 --- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java +++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java @@ -17,8 +17,8 @@ import java.security.cert.X509Certificate; import java.time.Instant; import java.util.List; -import static com.yahoo.security.KeyAlgorithm.RSA; -import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_RSA; +import static com.yahoo.security.KeyAlgorithm.EC; +import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; import static com.yahoo.security.X509CertificateBuilder.generateRandomSerialNumber; import static java.time.Instant.EPOCH; import static java.time.temporal.ChronoUnit.DAYS; @@ -33,10 +33,10 @@ public class DefaultTlsContextTest { @Test public void can_create_sslcontext_from_credentials() { - KeyPair keyPair = KeyUtils.generateKeypair(RSA); + KeyPair keyPair = KeyUtils.generateKeypair(EC); X509Certificate certificate = X509CertificateBuilder - .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_RSA, generateRandomSerialNumber()) + .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_ECDSA, generateRandomSerialNumber()) .build(); AuthorizedPeers authorizedPeers = new AuthorizedPeers( |