From ee53aae6d9ddc47a6d0b98780e7003fb4450b72d Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@verizonmedia.com>
Date: Wed, 23 Jan 2019 15:30:06 +0100
Subject: Use 'prime256v1' curve for EC keys

This allows the TLS test in jrt to use elliptic curves crypto in unit
tests (fixes issue where JSSE cannot find matching cipher).
---
 jrt/tests/com/yahoo/jrt/CryptoUtils.java | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

(limited to 'jrt/tests')

diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
index 1112234e04e..6890fe88da5 100644
--- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java
+++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
@@ -17,10 +17,9 @@ import javax.security.auth.x500.X500Principal;
 import java.security.KeyPair;
 import java.security.cert.X509Certificate;
 import java.time.Instant;
-import java.util.List;
 
-import static com.yahoo.security.KeyAlgorithm.RSA;
-import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_RSA;
+import static com.yahoo.security.KeyAlgorithm.EC;
+import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA;
 import static com.yahoo.security.X509CertificateBuilder.generateRandomSerialNumber;
 import static java.time.Instant.EPOCH;
 import static java.time.temporal.ChronoUnit.DAYS;
@@ -30,13 +29,12 @@ import static java.util.Collections.singletonList;
 /**
  * @author bjorncs
  */
-// TODO Use EC. Java/JSSE is currently unable to find compatible ciphers when using elliptic curve crypto from BouncyCastle
 class CryptoUtils {
 
-    static final KeyPair keyPair = KeyUtils.generateKeypair(RSA);
+    static final KeyPair keyPair = KeyUtils.generateKeypair(EC);
 
     static final X509Certificate certificate = X509CertificateBuilder
-            .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_RSA, generateRandomSerialNumber())
+            .fromKeypair(keyPair, new X500Principal("CN=dummy"), EPOCH, Instant.now().plus(1, DAYS), SHA256_WITH_ECDSA, generateRandomSerialNumber())
             .build();
 
     static final AuthorizedPeers authorizedPeers = new AuthorizedPeers(
@@ -50,7 +48,7 @@ class CryptoUtils {
                                             Field.CN, new HostGlobPattern("dummy"))))));
 
     static TlsContext createTestTlsContext() {
-        return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE, List.of());
+        return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE, DefaultTlsContext.ALLOWED_CIPHER_SUITES);
     }
 
 }
-- 
cgit v1.2.3