Skip to content

Commit

Permalink
TKSS-600: Test and demos would not use XXXInsts classes
Browse files Browse the repository at this point in the history
  • Loading branch information
@johnshajiang
johnshajiang committed Dec 20, 2023
1 parent 739c499 commit 689f8a9
Show file tree
Hide file tree
Showing 26 changed files with 202 additions and 250 deletions.
21 changes: 11 additions & 10 deletions kona-demo/src/main/java/com/tencent/kona/demo/TomcatServer.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,8 +20,6 @@
package com.tencent.kona.demo;

import com.tencent.kona.KonaProvider;
import com.tencent.kona.pkix.PKIXInsts;
import com.tencent.kona.ssl.SSLInsts;
import org.apache.catalina.Context;
import org.apache.catalina.connector.Connector;
import org.apache.juli.logging.Log;
Expand Down Expand Up @@ -59,6 +57,7 @@
import java.security.KeyStore;
import java.security.KeyStoreException;
import java.security.NoSuchAlgorithmException;
import java.security.NoSuchProviderException;
import java.security.SecureRandom;
import java.security.Security;
import java.security.cert.CertificateException;
Expand Down Expand Up @@ -96,7 +95,7 @@ public String response() {
@Bean
public TomcatServletWebServerFactory webServerFactory(AppConfig appConfig)
throws CertificateException, KeyStoreException, IOException,
NoSuchAlgorithmException {
NoSuchAlgorithmException, NoSuchProviderException {
TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {

@Override
Expand All @@ -115,7 +114,7 @@ protected void postProcessContext(Context context) {

private Connector httpsConnector(AppConfig appConfig)
throws CertificateException, KeyStoreException, IOException,
NoSuchAlgorithmException {
NoSuchAlgorithmException, NoSuchProviderException {
Connector connector = new Connector(
TomcatServletWebServerFactory.DEFAULT_PROTOCOL);
connector.setScheme("https");
Expand All @@ -142,8 +141,8 @@ private Connector httpsConnector(AppConfig appConfig)
private static KeyStore createKeyStore(
String storeType, String storePath, char[] password)
throws KeyStoreException, IOException, CertificateException,
NoSuchAlgorithmException {
KeyStore keyStore = PKIXInsts.getKeyStore(storeType);
NoSuchAlgorithmException, NoSuchProviderException {
KeyStore keyStore = KeyStore.getInstance(storeType, "Kona");
try (InputStream in = new FileInputStream(
ResourceUtils.getFile(storePath))) {
keyStore.load(in, password);
Expand Down Expand Up @@ -212,7 +211,7 @@ public KonaSSLUtil(SSLHostConfigCertificate certificate,

@Override
public KeyManager[] getKeyManagers() throws Exception {
KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509");
KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "Kona");
kmf.init(certificate.getCertificateKeystore(),
certificate.getCertificateKeystorePassword().toCharArray());
return kmf.getKeyManagers();
Expand Down Expand Up @@ -259,7 +258,8 @@ protected boolean isTls13RenegAuthAvailable() {

@Override
public org.apache.tomcat.util.net.SSLContext createSSLContextInternal(
List<String> negotiableProtocols) throws NoSuchAlgorithmException {
List<String> negotiableProtocols)
throws NoSuchAlgorithmException, NoSuchProviderException {
return new KonaSSLContext(sslHostConfig.getSslProtocol());
}
}
Expand All @@ -271,8 +271,9 @@ public static class KonaSSLContext
private KeyManager[] kms;
private TrustManager[] tms;

public KonaSSLContext(String protocol) throws NoSuchAlgorithmException {
context = SSLInsts.getSSLContext(protocol);
public KonaSSLContext(String protocol)
throws NoSuchAlgorithmException, NoSuchProviderException {
context = SSLContext.getInstance(protocol, "Kona");
}

@Override
Expand Down
4 changes: 2 additions & 2 deletions kona-pkix/src/test/java/com/tencent/kona/pkix/TestUtils.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -307,7 +307,7 @@ private static String filterPem(List<String> lines, boolean keepSeparator) {
public static KeyStore trustStore(String[] aliases, String[] certStrs)
throws KeyStoreException, CertificateException, IOException,
NoSuchAlgorithmException, NoSuchProviderException {
KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12");
KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX");
keyStore.load(null, null);

for (int i = 0; i < aliases.length; i++) {
Expand All @@ -319,7 +319,7 @@ public static KeyStore trustStore(String[] aliases, String[] certStrs)

public static KeyStore keyStore(String alias, String keyStr,
char[] password, String[] certStrs) throws Exception {
KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12");;
KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX");
keyStore.load(null, null);

keyStore.setKeyEntry(
Expand Down
22 changes: 10 additions & 12 deletions kona-pkix/src/test/java/com/tencent/kona/pkix/demo/PKIDemo.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@

package com.tencent.kona.pkix.demo;

import com.tencent.kona.crypto.CryptoInsts;
import com.tencent.kona.pkix.PKIXInsts;
import com.tencent.kona.pkix.TestUtils;
import org.junit.jupiter.api.Test;

Expand Down Expand Up @@ -218,7 +216,7 @@ public void pkiDemo() throws Exception {
= (X509Certificate) keyStore.getCertificate("ee-demo");
CertPath certPath = createCertPath(new X509Certificate[] { eeCert });

CertPathValidator validator = PKIXInsts.getCertPathValidator("PKIX");
CertPathValidator validator = CertPathValidator.getInstance("PKIX", "KonaPKIX");

// Validate the cert path with the trusted CA,
// and not check the revocation status.
Expand Down Expand Up @@ -259,7 +257,7 @@ private static KeyStore createKeyStore(String caStr, String eeStr,
X509Certificate eeCert = loadCert(eeStr);

// Create a PKCS#12 key store
KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12");
KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX");
keyStore.load(null, null);

// Add the CA as trusted certificate
Expand All @@ -279,8 +277,8 @@ private static KeyStore createKeyStore(String caStr, String eeStr,

// Load a certificate
private static X509Certificate loadCert(String certPEM) throws Exception {
CertificateFactory certFactory = PKIXInsts.getCertificateFactory(
"X.509");
CertificateFactory certFactory = CertificateFactory.getInstance(
"X.509", "KonaPKIX");
return (X509Certificate) certFactory.generateCertificate(
new ByteArrayInputStream(certPEM.getBytes()));
}
Expand All @@ -289,29 +287,29 @@ private static X509Certificate loadCert(String certPEM) throws Exception {
private static PrivateKey loadPrivateKey(String keyPEM) throws Exception {
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(keyPEM));
KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC");
KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto");
return keyFactory.generatePrivate(privateKeySpec);
}

// Create a certificate path from a certificate collection
private static CertPath createCertPath(X509Certificate[] certChain)
throws Exception {
CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509");
CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX");
return cf.generateCertPath(Arrays.asList(certChain));
}

// Load a certificate revocation list
private static X509CRL loadCrl(String crlPEM) throws Exception {
CertificateFactory certFactory = PKIXInsts.getCertificateFactory(
"X.509");
CertificateFactory certFactory = CertificateFactory.getInstance(
"X.509", "KonaPKIX");
return (X509CRL) certFactory.generateCRL(
new ByteArrayInputStream(crlPEM.getBytes()));
}

// Create a cert store with certificate revocation lists
private static CertStore createCertStore(Collection<X509CRL> crls)
throws Exception {
return PKIXInsts.getCertStore("Collection",
new CollectionCertStoreParameters(crls));
return CertStore.getInstance("Collection",
new CollectionCertStoreParameters(crls), "KonaPKIX");
}
}
18 changes: 8 additions & 10 deletions kona-pkix/src/test/java/com/tencent/kona/pkix/demo/SignatureDemo.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -19,8 +19,6 @@

package com.tencent.kona.pkix.demo;

import com.tencent.kona.crypto.CryptoInsts;
import com.tencent.kona.pkix.PKIXInsts;
import com.tencent.kona.pkix.PKIXUtils;
import com.tencent.kona.pkix.TestUtils;
import org.junit.jupiter.api.Assertions;
Expand Down Expand Up @@ -109,13 +107,13 @@ public static void setup() {
@Test
public void testSignature() throws Exception {
PrivateKey privateKey = privateKey(KEY);
Signature signer = CryptoInsts.getSignature("SM3withSM2");
Signature signer = Signature.getInstance("SM3withSM2", "KonaCrypto");
signer.initSign(privateKey);
signer.update(DATA);
byte[] sign = signer.sign();

Certificate certificate = certificate(CERT);
Signature verifier = CryptoInsts.getSignature("SM3withSM2");
Signature verifier = Signature.getInstance("SM3withSM2", "KonaCrypto");
verifier.initVerify(certificate);
verifier.update(DATA);
boolean verified = verifier.verify(sign);
Expand All @@ -127,8 +125,8 @@ private static PrivateKey privateKey(String pkcs8PEM)
InvalidKeySpecException, NoSuchProviderException {
PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec(
Base64.getMimeDecoder().decode(removeBELines(pkcs8PEM)));
KeyFactory keyFactory = CryptoInsts.getKeyFactory(
"EC");
KeyFactory keyFactory = KeyFactory.getInstance(
"EC", "KonaCrypto");
return keyFactory.generatePrivate(privateKeySpec);
}

Expand All @@ -139,8 +137,8 @@ private static String removeBELines(String pkcs8PEM) {

private static Certificate certificate(String certPEM)
throws CertificateException, NoSuchProviderException {
CertificateFactory certFactory = PKIXInsts.getCertificateFactory(
"X.509");
CertificateFactory certFactory = CertificateFactory.getInstance(
"X.509", "KonaPKIX");
return certFactory.generateCertificate(
new ByteArrayInputStream(certPEM.getBytes(StandardCharsets.UTF_8)));
}
Expand All @@ -149,13 +147,13 @@ private static Certificate certificate(String certPEM)
@Test
public void testSignatureWithCustomAPI() throws Exception {
PrivateKey privateKey = PKIXUtils.getPrivateKey("EC", KEY);
Signature signer = CryptoInsts.getSignature("SM3withSM2");
Signature signer = Signature.getInstance("SM3withSM2", "KonaCrypto");
signer.initSign(privateKey);
signer.update(DATA);
byte[] sign = signer.sign();

Certificate certificate = PKIXUtils.getCertificate(CERT);
Signature verifier = CryptoInsts.getSignature("SM3withSM2");
Signature verifier = Signature.getInstance("SM3withSM2", "KonaCrypto");
verifier.initVerify(certificate);
verifier.update(DATA);
Assertions.assertTrue(verifier.verify(sign));
Expand Down
9 changes: 4 additions & 5 deletions kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertPathBuilderTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
package com.tencent.kona.pkix.provider;

import com.tencent.kona.pkix.KonaPKIXProvider;
import com.tencent.kona.pkix.PKIXInsts;
import com.tencent.kona.pkix.TestUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
Expand Down Expand Up @@ -52,7 +51,7 @@ public static void setup() {

@Test
public void testGetCertPathBuilder() throws Exception {
CertPathBuilder cpb = PKIXInsts.getCertPathBuilder("PKIX");
CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX", "KonaPKIX");
Assertions.assertTrue(cpb.getProvider() instanceof KonaPKIXProvider);
}

Expand All @@ -79,11 +78,11 @@ private void testBuild(String ee, String intCa, String ca) throws Exception {
Collection<X509Certificate> certs = new HashSet<>();
certs.add(TestUtils.certAsFile(ee));
certs.add(TestUtils.certAsFile(intCa));
CertStore certStore = PKIXInsts.getCertStore("Collection",
new CollectionCertStoreParameters(certs));
CertStore certStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certs), "KonaPKIX");
params.addCertStore(certStore);

CertPathBuilder cpb = PKIXInsts.getCertPathBuilder("PKIX");
CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX", "KonaPKIX");
CertPathBuilderResult result = cpb.build(params);
CertPath certPath = result.getCertPath();

Expand Down
13 changes: 6 additions & 7 deletions kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertPathValidatorTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
package com.tencent.kona.pkix.provider;

import com.tencent.kona.pkix.KonaPKIXProvider;
import com.tencent.kona.pkix.PKIXInsts;
import com.tencent.kona.pkix.TestUtils;
import com.tencent.kona.pkix.SimpleOCSPServer;
import com.tencent.kona.sun.security.x509.SMCertificate;
Expand Down Expand Up @@ -72,7 +71,7 @@ public void beforeEach() {

@Test
public void testGetCertPathValidator() throws Exception {
CertPathValidator cpv = PKIXInsts.getCertPathValidator("PKIX");
CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "KonaPKIX");
Assertions.assertTrue(cpv.getProvider() instanceof KonaPKIXProvider);
}

Expand Down Expand Up @@ -403,7 +402,7 @@ private void validateWithCrl(String[] certChain, String[] cas,
private void validateWithCrl(String[] certChain, String[] ids,
String[] cas, String[] crls, boolean checkCertStatus,
Class<? extends Exception> expectedEx) throws Exception {
CertPathValidator cpv = PKIXInsts.getCertPathValidator("PKIX");
CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "KonaPKIX");
try {
cpv.validate(certPath(certChain, ids), certPathParams(
cas, crls, checkCertStatus));
Expand Down Expand Up @@ -434,7 +433,7 @@ private CertPath certPath(String[] certChain, String[] ids)
certs.add(x509Cert);
}

CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509");;
CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX");;
return cf.generateCertPath(certs);
}

Expand All @@ -459,8 +458,8 @@ private PKIXParameters certPathParams(String[] cas, String[] crls,
for (String crl : crls) {
x509Crls.add(TestUtils.crlAsFile(crl));
}
CertStore certStore = PKIXInsts.getCertStore("Collection",
new CollectionCertStoreParameters(x509Crls));
CertStore certStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(x509Crls), "KonaPKIX");
params.addCertStore(certStore);
}

Expand All @@ -469,7 +468,7 @@ private PKIXParameters certPathParams(String[] cas, String[] crls,

private SimpleOCSPServer createOCSPServer(
String issuerCertName, String issuerKeyName) throws Exception {
KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12");
KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX");
keyStore.load(null, null);

String password = "password";
Expand Down
9 changes: 4 additions & 5 deletions kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertStoreTest.java
View file
Original file line number Diff line number Diff line change
Expand Up @@ -20,7 +20,6 @@
package com.tencent.kona.pkix.provider;

import com.tencent.kona.pkix.KonaPKIXProvider;
import com.tencent.kona.pkix.PKIXInsts;
import com.tencent.kona.pkix.TestUtils;
import org.junit.jupiter.api.Assertions;
import org.junit.jupiter.api.BeforeAll;
Expand All @@ -46,8 +45,8 @@ public static void setup() {

@Test
public void testGetCertStore() throws Exception {
CertStore certStore = PKIXInsts.getCertStore("Collection",
new CollectionCertStoreParameters());
CertStore certStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(), "KonaPKIX");
Assertions.assertTrue(certStore.getProvider() instanceof KonaPKIXProvider);
}

Expand Down Expand Up @@ -75,8 +74,8 @@ private void testGetCertificates(String ee, String intCa, String ca)
certs.add(TestUtils.certAsFile(intCa));
certs.add(TestUtils.certAsFile(ca));

CertStore certStore = PKIXInsts.getCertStore("Collection",
new CollectionCertStoreParameters(certs));
CertStore certStore = CertStore.getInstance("Collection",
new CollectionCertStoreParameters(certs), "KonaPKIX");

X509CertSelector certSelector = new X509CertSelector();
certSelector.setCertificate(target);
Expand Down
Loading

0 comments on commit 689f8a9

Please sign in to comment.