summaryrefslogtreecommitdiffstats
path: root/security-utils
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/KeyAlgorithm.java14
-rw-r--r--security-utils/src/main/java/com/yahoo/security/KeyUtils.java3
-rw-r--r--security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java8
3 files changed, 18 insertions, 7 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyAlgorithm.java b/security-utils/src/main/java/com/yahoo/security/KeyAlgorithm.java
index 3218f81f0d6..732ac2bb12c 100644
--- a/security-utils/src/main/java/com/yahoo/security/KeyAlgorithm.java
+++ b/security-utils/src/main/java/com/yahoo/security/KeyAlgorithm.java
@@ -1,20 +1,28 @@
// Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.security;
+import java.security.spec.AlgorithmParameterSpec;
+import java.security.spec.ECGenParameterSpec;
+import java.util.Optional;
+
/**
* @author bjorncs
*/
public enum KeyAlgorithm {
- RSA("RSA"),
- EC("EC");
+ RSA("RSA", null),
+ EC("EC", new ECGenParameterSpec("prime256v1")); // TODO Make curve configurable
final String algorithmName;
+ private final AlgorithmParameterSpec spec;
- KeyAlgorithm(String algorithmName) {
+ KeyAlgorithm(String algorithmName, AlgorithmParameterSpec spec) {
this.algorithmName = algorithmName;
+ this.spec = spec;
}
String getAlgorithmName() {
return algorithmName;
}
+
+ Optional<AlgorithmParameterSpec> getSpec() { return Optional.ofNullable(spec); }
}
diff --git a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
index 0d45a62f193..76e0f5419a3 100644
--- a/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
+++ b/security-utils/src/main/java/com/yahoo/security/KeyUtils.java
@@ -46,6 +46,9 @@ public class KeyUtils {
if (keySize != -1) {
keyGen.initialize(keySize);
}
+ if (algorithm.getSpec().isPresent()) {
+ keyGen.initialize(algorithm.getSpec().get());
+ }
return keyGen.genKeyPair();
} catch (GeneralSecurityException e) {
throw new RuntimeException(e);
diff --git a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
index 659cf06dd6d..cfaa7ba06df 100644
--- a/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
+++ b/security-utils/src/test/java/com/yahoo/security/tls/DefaultTlsContextTest.java
@@ -17,8 +17,8 @@ import java.security.cert.X509Certificate;
import java.time.Instant;
import java.util.List;
-import static com.yahoo.security.KeyAlgorithm.RSA;
-import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_RSA;
+import static com.yahoo.security.KeyAlgorithm.EC;
+import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA;
import static com.yahoo.security.X509CertificateBuilder.generateRandomSerialNumber;
import static java.time.Instant.EPOCH;
import static java.time.temporal.ChronoUnit.DAYS;
@@ -33,10 +33,10 @@ public class DefaultTlsContextTest {
@Test
public void can_create_sslcontext_from_credentials() {
- KeyPair keyPair = KeyUtils.generateKeypair(RSA);
+ KeyPair keyPair = KeyUtils.generateKeypair(EC);
X509Certificate certificate = X509CertificateBuilder
- .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_RSA, generateRandomSerialNumber())
+ .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_ECDSA, generateRandomSerialNumber())
.build();
AuthorizedPeers authorizedPeers = new AuthorizedPeers(