From 689f8a906ee9487e2b21abaace8fe134eba1f0c9 Mon Sep 17 00:00:00 2001 From: John Jiang Date: Wed, 20 Dec 2023 16:45:42 +0800 Subject: [PATCH] TKSS-600: Test and demos would not use XXXInsts classes --- .../com/tencent/kona/demo/TomcatServer.java | 21 ++++++------- .../java/com/tencent/kona/pkix/TestUtils.java | 4 +-- .../com/tencent/kona/pkix/demo/PKIDemo.java | 22 +++++++------- .../tencent/kona/pkix/demo/SignatureDemo.java | 18 +++++------ .../pkix/provider/CertPathBuilderTest.java | 9 +++--- .../pkix/provider/CertPathValidatorTest.java | 13 ++++---- .../kona/pkix/provider/CertStoreTest.java | 9 +++--- .../pkix/provider/CertificateFactoryTest.java | 25 ++++++++-------- .../kona/pkix/provider/KeyFactoryTest.java | 10 +++---- .../kona/pkix/provider/KeyStoreTest.java | 17 +++++------ .../kona/pkix/tool/KeyStoreToolTest.java | 5 ++-- .../java/com/tencent/kona/ssl/TestUtils.java | 5 ++-- .../kona/ssl/demo/TLCPWithGRPCDemo.java | 19 +++++------- .../kona/ssl/demo/TLCPWithHttpClientDemo.java | 23 +++++++------- .../kona/ssl/demo/TLCPWithJettyDemo.java | 19 +++++------- .../kona/ssl/demo/TLCPWithNettyDemo.java | 19 +++++------- .../kona/ssl/demo/TLCPWithTomcatDemo.java | 30 +++++++++---------- .../demo/TLCPWithoutCertValidationDemo.java | 23 +++++++------- .../kona/ssl/demo/TLSWithGRPCDemo.java | 17 +++++------ .../kona/ssl/demo/TLSWithJettyDemo.java | 19 +++++------- .../kona/ssl/demo/TLSWithOkHttpDemo.java | 21 ++++++------- .../kona/ssl/demo/TLSWithTomcatDemo.java | 28 ++++++++--------- .../tencent/kona/ssl/tlcp/SSLEngineTest.java | 19 +++++------- .../tencent/kona/ssl/tlcp/SSLSocketTest.java | 19 +++++------- .../kona/ssl/tls/SSLSocketOnTLS12Test.java | 19 +++++------- .../kona/ssl/tls/SSLSocketOnTLS13Test.java | 19 +++++------- 26 files changed, 202 insertions(+), 250 deletions(-) diff --git a/kona-demo/src/main/java/com/tencent/kona/demo/TomcatServer.java b/kona-demo/src/main/java/com/tencent/kona/demo/TomcatServer.java index 736aebfc..9e2ac8c6 100644 --- a/kona-demo/src/main/java/com/tencent/kona/demo/TomcatServer.java +++ b/kona-demo/src/main/java/com/tencent/kona/demo/TomcatServer.java @@ -20,8 +20,6 @@ package com.tencent.kona.demo; import com.tencent.kona.KonaProvider; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import org.apache.catalina.Context; import org.apache.catalina.connector.Connector; import org.apache.juli.logging.Log; @@ -59,6 +57,7 @@ import java.security.KeyStore; import java.security.KeyStoreException; import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; import java.security.SecureRandom; import java.security.Security; import java.security.cert.CertificateException; @@ -96,7 +95,7 @@ public String response() { @Bean public TomcatServletWebServerFactory webServerFactory(AppConfig appConfig) throws CertificateException, KeyStoreException, IOException, - NoSuchAlgorithmException { + NoSuchAlgorithmException, NoSuchProviderException { TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() { @Override @@ -115,7 +114,7 @@ protected void postProcessContext(Context context) { private Connector httpsConnector(AppConfig appConfig) throws CertificateException, KeyStoreException, IOException, - NoSuchAlgorithmException { + NoSuchAlgorithmException, NoSuchProviderException { Connector connector = new Connector( TomcatServletWebServerFactory.DEFAULT_PROTOCOL); connector.setScheme("https"); @@ -142,8 +141,8 @@ private Connector httpsConnector(AppConfig appConfig) private static KeyStore createKeyStore( String storeType, String storePath, char[] password) throws KeyStoreException, IOException, CertificateException, - NoSuchAlgorithmException { - KeyStore keyStore = PKIXInsts.getKeyStore(storeType); + NoSuchAlgorithmException, NoSuchProviderException { + KeyStore keyStore = KeyStore.getInstance(storeType, "Kona"); try (InputStream in = new FileInputStream( ResourceUtils.getFile(storePath))) { keyStore.load(in, password); @@ -212,7 +211,7 @@ public KonaSSLUtil(SSLHostConfigCertificate certificate, @Override public KeyManager[] getKeyManagers() throws Exception { - KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "Kona"); kmf.init(certificate.getCertificateKeystore(), certificate.getCertificateKeystorePassword().toCharArray()); return kmf.getKeyManagers(); @@ -259,7 +258,8 @@ protected boolean isTls13RenegAuthAvailable() { @Override public org.apache.tomcat.util.net.SSLContext createSSLContextInternal( - List negotiableProtocols) throws NoSuchAlgorithmException { + List negotiableProtocols) + throws NoSuchAlgorithmException, NoSuchProviderException { return new KonaSSLContext(sslHostConfig.getSslProtocol()); } } @@ -271,8 +271,9 @@ public static class KonaSSLContext private KeyManager[] kms; private TrustManager[] tms; - public KonaSSLContext(String protocol) throws NoSuchAlgorithmException { - context = SSLInsts.getSSLContext(protocol); + public KonaSSLContext(String protocol) + throws NoSuchAlgorithmException, NoSuchProviderException { + context = SSLContext.getInstance(protocol, "Kona"); } @Override diff --git a/kona-pkix/src/test/java/com/tencent/kona/pkix/TestUtils.java b/kona-pkix/src/test/java/com/tencent/kona/pkix/TestUtils.java index aa0bd187..15bf8ebc 100644 --- a/kona-pkix/src/test/java/com/tencent/kona/pkix/TestUtils.java +++ b/kona-pkix/src/test/java/com/tencent/kona/pkix/TestUtils.java @@ -307,7 +307,7 @@ private static String filterPem(List lines, boolean keepSeparator) { public static KeyStore trustStore(String[] aliases, String[] certStrs) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException, NoSuchProviderException { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); for (int i = 0; i < aliases.length; i++) { @@ -319,7 +319,7 @@ public static KeyStore trustStore(String[] aliases, String[] certStrs) public static KeyStore keyStore(String alias, String keyStr, char[] password, String[] certStrs) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12");; + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); keyStore.setKeyEntry( diff --git a/kona-pkix/src/test/java/com/tencent/kona/pkix/demo/PKIDemo.java b/kona-pkix/src/test/java/com/tencent/kona/pkix/demo/PKIDemo.java index c20e0256..39b97eec 100644 --- a/kona-pkix/src/test/java/com/tencent/kona/pkix/demo/PKIDemo.java +++ b/kona-pkix/src/test/java/com/tencent/kona/pkix/demo/PKIDemo.java @@ -19,8 +19,6 @@ package com.tencent.kona.pkix.demo; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; import com.tencent.kona.pkix.TestUtils; import org.junit.jupiter.api.Test; @@ -218,7 +216,7 @@ public void pkiDemo() throws Exception { = (X509Certificate) keyStore.getCertificate("ee-demo"); CertPath certPath = createCertPath(new X509Certificate[] { eeCert }); - CertPathValidator validator = PKIXInsts.getCertPathValidator("PKIX"); + CertPathValidator validator = CertPathValidator.getInstance("PKIX", "KonaPKIX"); // Validate the cert path with the trusted CA, // and not check the revocation status. @@ -259,7 +257,7 @@ private static KeyStore createKeyStore(String caStr, String eeStr, X509Certificate eeCert = loadCert(eeStr); // Create a PKCS#12 key store - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); // Add the CA as trusted certificate @@ -279,8 +277,8 @@ private static KeyStore createKeyStore(String caStr, String eeStr, // Load a certificate private static X509Certificate loadCert(String certPEM) throws Exception { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory( - "X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance( + "X.509", "KonaPKIX"); return (X509Certificate) certFactory.generateCertificate( new ByteArrayInputStream(certPEM.getBytes())); } @@ -289,21 +287,21 @@ private static X509Certificate loadCert(String certPEM) throws Exception { private static PrivateKey loadPrivateKey(String keyPEM) throws Exception { PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(keyPEM)); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); return keyFactory.generatePrivate(privateKeySpec); } // Create a certificate path from a certificate collection private static CertPath createCertPath(X509Certificate[] certChain) throws Exception { - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); return cf.generateCertPath(Arrays.asList(certChain)); } // Load a certificate revocation list private static X509CRL loadCrl(String crlPEM) throws Exception { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory( - "X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance( + "X.509", "KonaPKIX"); return (X509CRL) certFactory.generateCRL( new ByteArrayInputStream(crlPEM.getBytes())); } @@ -311,7 +309,7 @@ private static X509CRL loadCrl(String crlPEM) throws Exception { // Create a cert store with certificate revocation lists private static CertStore createCertStore(Collection crls) throws Exception { - return PKIXInsts.getCertStore("Collection", - new CollectionCertStoreParameters(crls)); + return CertStore.getInstance("Collection", + new CollectionCertStoreParameters(crls), "KonaPKIX"); } } diff --git a/kona-pkix/src/test/java/com/tencent/kona/pkix/demo/SignatureDemo.java b/kona-pkix/src/test/java/com/tencent/kona/pkix/demo/SignatureDemo.java index 188a630e..95bb68fa 100644 --- a/kona-pkix/src/test/java/com/tencent/kona/pkix/demo/SignatureDemo.java +++ b/kona-pkix/src/test/java/com/tencent/kona/pkix/demo/SignatureDemo.java @@ -19,8 +19,6 @@ package com.tencent.kona.pkix.demo; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; import com.tencent.kona.pkix.PKIXUtils; import com.tencent.kona.pkix.TestUtils; import org.junit.jupiter.api.Assertions; @@ -109,13 +107,13 @@ public static void setup() { @Test public void testSignature() throws Exception { PrivateKey privateKey = privateKey(KEY); - Signature signer = CryptoInsts.getSignature("SM3withSM2"); + Signature signer = Signature.getInstance("SM3withSM2", "KonaCrypto"); signer.initSign(privateKey); signer.update(DATA); byte[] sign = signer.sign(); Certificate certificate = certificate(CERT); - Signature verifier = CryptoInsts.getSignature("SM3withSM2"); + Signature verifier = Signature.getInstance("SM3withSM2", "KonaCrypto"); verifier.initVerify(certificate); verifier.update(DATA); boolean verified = verifier.verify(sign); @@ -127,8 +125,8 @@ private static PrivateKey privateKey(String pkcs8PEM) InvalidKeySpecException, NoSuchProviderException { PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(removeBELines(pkcs8PEM))); - KeyFactory keyFactory = CryptoInsts.getKeyFactory( - "EC"); + KeyFactory keyFactory = KeyFactory.getInstance( + "EC", "KonaCrypto"); return keyFactory.generatePrivate(privateKeySpec); } @@ -139,8 +137,8 @@ private static String removeBELines(String pkcs8PEM) { private static Certificate certificate(String certPEM) throws CertificateException, NoSuchProviderException { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory( - "X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance( + "X.509", "KonaPKIX"); return certFactory.generateCertificate( new ByteArrayInputStream(certPEM.getBytes(StandardCharsets.UTF_8))); } @@ -149,13 +147,13 @@ private static Certificate certificate(String certPEM) @Test public void testSignatureWithCustomAPI() throws Exception { PrivateKey privateKey = PKIXUtils.getPrivateKey("EC", KEY); - Signature signer = CryptoInsts.getSignature("SM3withSM2"); + Signature signer = Signature.getInstance("SM3withSM2", "KonaCrypto"); signer.initSign(privateKey); signer.update(DATA); byte[] sign = signer.sign(); Certificate certificate = PKIXUtils.getCertificate(CERT); - Signature verifier = CryptoInsts.getSignature("SM3withSM2"); + Signature verifier = Signature.getInstance("SM3withSM2", "KonaCrypto"); verifier.initVerify(certificate); verifier.update(DATA); Assertions.assertTrue(verifier.verify(sign)); diff --git a/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertPathBuilderTest.java b/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertPathBuilderTest.java index 3997c499..f4a70524 100644 --- a/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertPathBuilderTest.java +++ b/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertPathBuilderTest.java @@ -20,7 +20,6 @@ package com.tencent.kona.pkix.provider; import com.tencent.kona.pkix.KonaPKIXProvider; -import com.tencent.kona.pkix.PKIXInsts; import com.tencent.kona.pkix.TestUtils; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeAll; @@ -52,7 +51,7 @@ public static void setup() { @Test public void testGetCertPathBuilder() throws Exception { - CertPathBuilder cpb = PKIXInsts.getCertPathBuilder("PKIX"); + CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX", "KonaPKIX"); Assertions.assertTrue(cpb.getProvider() instanceof KonaPKIXProvider); } @@ -79,11 +78,11 @@ private void testBuild(String ee, String intCa, String ca) throws Exception { Collection certs = new HashSet<>(); certs.add(TestUtils.certAsFile(ee)); certs.add(TestUtils.certAsFile(intCa)); - CertStore certStore = PKIXInsts.getCertStore("Collection", - new CollectionCertStoreParameters(certs)); + CertStore certStore = CertStore.getInstance("Collection", + new CollectionCertStoreParameters(certs), "KonaPKIX"); params.addCertStore(certStore); - CertPathBuilder cpb = PKIXInsts.getCertPathBuilder("PKIX"); + CertPathBuilder cpb = CertPathBuilder.getInstance("PKIX", "KonaPKIX"); CertPathBuilderResult result = cpb.build(params); CertPath certPath = result.getCertPath(); diff --git a/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertPathValidatorTest.java b/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertPathValidatorTest.java index b5f7357b..ab206968 100644 --- a/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertPathValidatorTest.java +++ b/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertPathValidatorTest.java @@ -20,7 +20,6 @@ package com.tencent.kona.pkix.provider; import com.tencent.kona.pkix.KonaPKIXProvider; -import com.tencent.kona.pkix.PKIXInsts; import com.tencent.kona.pkix.TestUtils; import com.tencent.kona.pkix.SimpleOCSPServer; import com.tencent.kona.sun.security.x509.SMCertificate; @@ -72,7 +71,7 @@ public void beforeEach() { @Test public void testGetCertPathValidator() throws Exception { - CertPathValidator cpv = PKIXInsts.getCertPathValidator("PKIX"); + CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "KonaPKIX"); Assertions.assertTrue(cpv.getProvider() instanceof KonaPKIXProvider); } @@ -403,7 +402,7 @@ private void validateWithCrl(String[] certChain, String[] cas, private void validateWithCrl(String[] certChain, String[] ids, String[] cas, String[] crls, boolean checkCertStatus, Class expectedEx) throws Exception { - CertPathValidator cpv = PKIXInsts.getCertPathValidator("PKIX"); + CertPathValidator cpv = CertPathValidator.getInstance("PKIX", "KonaPKIX"); try { cpv.validate(certPath(certChain, ids), certPathParams( cas, crls, checkCertStatus)); @@ -434,7 +433,7 @@ private CertPath certPath(String[] certChain, String[] ids) certs.add(x509Cert); } - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509");; + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX");; return cf.generateCertPath(certs); } @@ -459,8 +458,8 @@ private PKIXParameters certPathParams(String[] cas, String[] crls, for (String crl : crls) { x509Crls.add(TestUtils.crlAsFile(crl)); } - CertStore certStore = PKIXInsts.getCertStore("Collection", - new CollectionCertStoreParameters(x509Crls)); + CertStore certStore = CertStore.getInstance("Collection", + new CollectionCertStoreParameters(x509Crls), "KonaPKIX"); params.addCertStore(certStore); } @@ -469,7 +468,7 @@ private PKIXParameters certPathParams(String[] cas, String[] crls, private SimpleOCSPServer createOCSPServer( String issuerCertName, String issuerKeyName) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); String password = "password"; diff --git a/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertStoreTest.java b/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertStoreTest.java index 1471b481..eb38c709 100644 --- a/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertStoreTest.java +++ b/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertStoreTest.java @@ -20,7 +20,6 @@ package com.tencent.kona.pkix.provider; import com.tencent.kona.pkix.KonaPKIXProvider; -import com.tencent.kona.pkix.PKIXInsts; import com.tencent.kona.pkix.TestUtils; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeAll; @@ -46,8 +45,8 @@ public static void setup() { @Test public void testGetCertStore() throws Exception { - CertStore certStore = PKIXInsts.getCertStore("Collection", - new CollectionCertStoreParameters()); + CertStore certStore = CertStore.getInstance("Collection", + new CollectionCertStoreParameters(), "KonaPKIX"); Assertions.assertTrue(certStore.getProvider() instanceof KonaPKIXProvider); } @@ -75,8 +74,8 @@ private void testGetCertificates(String ee, String intCa, String ca) certs.add(TestUtils.certAsFile(intCa)); certs.add(TestUtils.certAsFile(ca)); - CertStore certStore = PKIXInsts.getCertStore("Collection", - new CollectionCertStoreParameters(certs)); + CertStore certStore = CertStore.getInstance("Collection", + new CollectionCertStoreParameters(certs), "KonaPKIX"); X509CertSelector certSelector = new X509CertSelector(); certSelector.setCertificate(target); diff --git a/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertificateFactoryTest.java b/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertificateFactoryTest.java index dd1b73b1..ad0ac344 100644 --- a/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertificateFactoryTest.java +++ b/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/CertificateFactoryTest.java @@ -21,7 +21,6 @@ import com.tencent.kona.crypto.util.Constants; import com.tencent.kona.pkix.KonaPKIXProvider; -import com.tencent.kona.pkix.PKIXInsts; import com.tencent.kona.pkix.TestUtils; import com.tencent.kona.sun.security.util.KnownOIDs; import com.tencent.kona.sun.security.util.ObjectIdentifier; @@ -57,13 +56,13 @@ public static void setup() { @Test public void testGetCertificateFactory() throws Exception { - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509");; + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); Assertions.assertTrue(cf.getProvider() instanceof KonaPKIXProvider); } @Test public void testGenCertCaRsaRsa() throws Exception { - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); X509Certificate cert = (X509Certificate) cf.generateCertificate( new ByteArrayInputStream(TestUtils.certBytes("ca-rsarsa.crt"))); RSAPublicKey pubKey = (RSAPublicKey) cert.getPublicKey(); @@ -74,7 +73,7 @@ public void testGenCertCaRsaRsa() throws Exception { @Test public void testGenCertCaP256Ecdsa() throws Exception { - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); X509Certificate cert = (X509Certificate) cf.generateCertificate( new ByteArrayInputStream(TestUtils.certBytes("ca-p256ecdsa.crt"))); ECPublicKey pubKey = (ECPublicKey) cert.getPublicKey(); @@ -85,7 +84,7 @@ public void testGenCertCaP256Ecdsa() throws Exception { @Test public void testGenCertCaP256Sm2() throws Exception { - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); X509Certificate cert = (X509Certificate) cf.generateCertificate( new ByteArrayInputStream(TestUtils.certBytes("ca-p256sm2.crt"))); ECPublicKey pubKey = (ECPublicKey) cert.getPublicKey(); @@ -98,7 +97,7 @@ public void testGenCertCaP256Sm2() throws Exception { @Test public void testGenCertCaSm2Ecdsa() throws Exception { - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); X509Certificate cert = (X509Certificate) cf.generateCertificate( new ByteArrayInputStream(TestUtils.certBytes("ca-sm2ecdsa.crt"))); ECPublicKey pubKey = (ECPublicKey) cert.getPublicKey(); @@ -111,7 +110,7 @@ public void testGenCertCaSm2Ecdsa() throws Exception { @Test public void testGenCertCaSm2Sm2() throws Exception { - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); X509Certificate cert = (X509Certificate) cf.generateCertificate( new ByteArrayInputStream(TestUtils.certBytes("ca-sm2sm2.crt"))); ECPublicKey pubKey = (ECPublicKey) cert.getPublicKey(); @@ -124,7 +123,7 @@ public void testGenCertCaSm2Sm2() throws Exception { @Test public void testSetId() throws Exception { - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); SMCertificate sm2Cert = (SMCertificate) cf.generateCertificate( new ByteArrayInputStream(TestUtils.certBytes("ca-sm2sm2-id.crt"))); Assertions.assertArrayEquals( @@ -157,7 +156,7 @@ public void testGenCerts() throws Exception { "ca-sm2sm2.crt", "ca-sm2ecdsa.crt").getBytes(StandardCharsets.UTF_8); - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); Collection certs = cf.generateCertificates( new ByteArrayInputStream(certBytes)); Iterator iterator = certs.iterator(); @@ -175,7 +174,7 @@ public void testGenCerts() throws Exception { @Test public void testGetCertPathEncodings() throws Exception { - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); Iterator it = cf.getCertPathEncodings(); Assertions.assertEquals("PkiPath", it.next()); Assertions.assertEquals("PKCS7", it.next()); @@ -190,7 +189,7 @@ public void testGenCertPath() throws Exception { certs.add(TestUtils.certAsFile("ca-sm2sm2.crt")); certs.add(TestUtils.certAsFile("ca-sm2ecdsa.crt")); - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); CertPath certPath = cf.generateCertPath(certs); Assertions.assertEquals(certs.size(), certPath.getCertificates().size()); @@ -221,7 +220,7 @@ public void testGenCRL() throws Exception { private void testGenCRL(String crlFileName, ObjectIdentifier sigAlgOid) throws Exception { - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); X509CRL crl = (X509CRL) cf.generateCRL(new ByteArrayInputStream( TestUtils.crlBytes(crlFileName))); Assertions.assertEquals(sigAlgOid.toString(), crl.getSigAlgOID()); @@ -229,7 +228,7 @@ private void testGenCRL(String crlFileName, ObjectIdentifier sigAlgOid) @Test public void testGenCRLs() throws Exception { - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); @SuppressWarnings("unchecked") List crls = (List) cf.generateCRLs( diff --git a/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/KeyFactoryTest.java b/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/KeyFactoryTest.java index acd4de19..b3505dfc 100644 --- a/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/KeyFactoryTest.java +++ b/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/KeyFactoryTest.java @@ -19,8 +19,6 @@ package com.tencent.kona.pkix.provider; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.sun.security.pkcs.PKCS8Key; import com.tencent.kona.sun.security.x509.X509Key; import com.tencent.kona.pkix.TestUtils; import org.junit.jupiter.api.Assertions; @@ -57,7 +55,7 @@ public void testGetKeySpecs() throws Exception { X509Certificate x509Cert = TestUtils.certAsFile("ca-sm2sm2.crt"); PublicKey publicKey = x509Cert.getPublicKey(); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); ECPublicKeySpec publicKeySpec = keyFactory.getKeySpec( publicKey, ECPublicKeySpec.class); @@ -83,7 +81,7 @@ public void testGeneratePublicKey() throws Exception { X509Certificate x509Cert = TestUtils.certAsFile("ca-sm2sm2.crt"); ECPublicKey publicKey = (ECPublicKey) x509Cert.getPublicKey(); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); ECPublicKeySpec ecPublicKeySpec = keyFactory.getKeySpec( publicKey, ECPublicKeySpec.class); @@ -134,7 +132,7 @@ private void testGeneratePrivateKey(PrivateKey privateKey) private void testGenerateRSAPrivateKey(RSAPrivateKey privateKey) throws Exception { - KeyFactory keyFactory = CryptoInsts.getKeyFactory("RSA"); + KeyFactory keyFactory = KeyFactory.getInstance("RSA"); RSAPrivateKeySpec rsaPrivateKeySpec = keyFactory.getKeySpec( privateKey, RSAPrivateKeySpec.class); @@ -154,7 +152,7 @@ private void testGenerateRSAPrivateKey(RSAPrivateKey privateKey) private void testGenerateECPrivateKey(ECPrivateKey privateKey) throws Exception { - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); ECPrivateKeySpec ecPrivateKeySpec = keyFactory.getKeySpec( privateKey, ECPrivateKeySpec.class); diff --git a/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/KeyStoreTest.java b/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/KeyStoreTest.java index c03f5008..1c438423 100644 --- a/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/KeyStoreTest.java +++ b/kona-pkix/src/test/java/com/tencent/kona/pkix/provider/KeyStoreTest.java @@ -20,7 +20,6 @@ package com.tencent.kona.pkix.provider; import com.tencent.kona.crypto.spec.SM2ParameterSpec; -import com.tencent.kona.pkix.PKIXInsts; import com.tencent.kona.pkix.TestUtils; import org.junit.jupiter.api.Assertions; import org.junit.jupiter.api.BeforeAll; @@ -61,7 +60,7 @@ public void testGetKeyStore() throws Exception { } private void testGetKeyStore(String type) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore(type); + KeyStore keyStore = KeyStore.getInstance(type, "KonaPKIX"); Assertions.assertEquals( PROVIDER, keyStore.getProvider().getName()); Assertions.assertEquals(type, keyStore.getType()); @@ -74,7 +73,7 @@ public void testCreateTrustStore() throws Exception { } private void testCreateTrustStore(String type) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore(type); + KeyStore keyStore = KeyStore.getInstance(type, "KonaPKIX"); keyStore.load(null, null); keyStore.setCertificateEntry("ca-rsarsa", @@ -121,7 +120,7 @@ public void testCreateKeyStore() throws Exception { } private void testCreateKeyStore(String type) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore(type); + KeyStore keyStore = KeyStore.getInstance(type, "KonaPKIX"); keyStore.load(null, null); keyStore.setKeyEntry( @@ -222,7 +221,7 @@ private void testCreateKeyStore(String type) throws Exception { @Test public void testCreatePKCS12KeyStoreLoadEncryptedKey() throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); keyStore.setKeyEntry( @@ -267,7 +266,7 @@ public void testSaveAndLoadKeyStore() throws Exception { } private void testSaveAndLoadKeyStore(String type) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore(type); + KeyStore keyStore = KeyStore.getInstance(type, "KonaPKIX"); keyStore.load(null, null); keyStore.setCertificateEntry("ca-rsarsa", @@ -309,7 +308,7 @@ private void testSaveAndLoadKeyStore(String type) throws Exception { keyStore.store(out, PASSWD_CHARS); } - KeyStore loadedKeyStore = PKIXInsts.getKeyStore(type); + KeyStore loadedKeyStore = KeyStore.getInstance(type, "KonaPKIX"); try (FileInputStream keyStoreIn = new FileInputStream(tempKeyStoreFile.toFile())) { loadedKeyStore.load(keyStoreIn, PASSWD_CHARS); @@ -341,7 +340,7 @@ private void testInterop(String type, String genProvider, String loadProvider) throws Exception { KeyStore keyStore = null; if ("JDK".equals(genProvider)) { - keyStore = PKIXInsts.getKeyStore(type); + keyStore = KeyStore.getInstance(type, "KonaPKIX"); } else { keyStore = KeyStore.getInstance(type, genProvider); } @@ -367,7 +366,7 @@ private void testInterop(String type, String genProvider, KeyStore loadedKeyStore = null; if ("JDK".equals(loadProvider)) { - loadedKeyStore = PKIXInsts.getKeyStore(type); + loadedKeyStore = KeyStore.getInstance(type, "KonaPKIX"); } else { loadedKeyStore = KeyStore.getInstance(type, loadProvider); } diff --git a/kona-pkix/src/test/java/com/tencent/kona/pkix/tool/KeyStoreToolTest.java b/kona-pkix/src/test/java/com/tencent/kona/pkix/tool/KeyStoreToolTest.java index 9afa43d0..ea3cc968 100644 --- a/kona-pkix/src/test/java/com/tencent/kona/pkix/tool/KeyStoreToolTest.java +++ b/kona-pkix/src/test/java/com/tencent/kona/pkix/tool/KeyStoreToolTest.java @@ -19,7 +19,6 @@ package com.tencent.kona.pkix.tool; -import com.tencent.kona.pkix.PKIXInsts; import com.tencent.kona.pkix.TestUtils; import org.junit.jupiter.api.AfterEach; import org.junit.jupiter.api.Assertions; @@ -120,7 +119,7 @@ private void testCreateTrustStore(String type, Path storePath, KeyStoreTool.main(args); Assertions.assertTrue(Files.exists(storePath)); - KeyStore trustStore = PKIXInsts.getKeyStore(type); + KeyStore trustStore = KeyStore.getInstance(type, "KonaPKIX"); try (InputStream in = new FileInputStream(storePath.toString())) { trustStore.load(in, storePasswd.toCharArray()); } @@ -173,7 +172,7 @@ private void testCreateKeyStore(String type, Path storePath, "-storePasswd", storePasswd }; KeyStoreTool.main(encArgs); - KeyStore trustStore = PKIXInsts.getKeyStore(type); + KeyStore trustStore = KeyStore.getInstance(type, "KonaPKIX"); try (InputStream in = new FileInputStream(storePath.toString())) { trustStore.load(in, storePasswd.toCharArray()); } diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/TestUtils.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/TestUtils.java index 311ff439..4efe25f2 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/TestUtils.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/TestUtils.java @@ -22,7 +22,6 @@ import com.tencent.kona.crypto.CryptoInsts; import com.tencent.kona.crypto.KonaCryptoProvider; import com.tencent.kona.pkix.KonaPKIXProvider; -import com.tencent.kona.pkix.PKIXInsts; import javax.crypto.Cipher; import javax.crypto.EncryptedPrivateKeyInfo; @@ -341,7 +340,7 @@ private static String filterPem(List lines, boolean keepSeparator) { public static KeyStore trustStore(String[] aliases, String[] certStrs) throws KeyStoreException, CertificateException, IOException, NoSuchAlgorithmException, NoSuchProviderException { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); for (int i = 0; i < aliases.length; i++) { @@ -353,7 +352,7 @@ public static KeyStore trustStore(String[] aliases, String[] certStrs) public static KeyStore keyStore(String alias, String keyStr, char[] password, String[] certStrs) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12");; + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX");; keyStore.load(null, null); keyStore.setKeyEntry( diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithGRPCDemo.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithGRPCDemo.java index 27705df9..4f38a278 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithGRPCDemo.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithGRPCDemo.java @@ -19,9 +19,6 @@ package com.tencent.kona.ssl.demo; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import com.tencent.kona.sun.security.x509.SMCertificate; import io.grpc.Channel; @@ -289,23 +286,23 @@ private static JdkSslContext createJdkContext(boolean isClient) private static SSLContext createContext() throws Exception { KeyStore trustStore = createTrustStore(CA, null); - TrustManagerFactory tmf = SSLInsts.getTrustManagerFactory("PKIX"); + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "KonaSSL"); tmf.init(trustStore); KeyStore keyStore = createKeyStore( SIGN_EE, SIGN_EE_ID, SIGN_EE_KEY, ENC_EE, ENC_EE_ID, ENC_EE_KEY); - KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "KonaSSL"); kmf.init(keyStore, PASSWORD.toCharArray()); - SSLContext context = SSLInsts.getSSLContext("TLCPv1.1"); + SSLContext context = SSLContext.getInstance("TLCPv1.1", "KonaSSL"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); return context; } private static KeyStore createTrustStore(String caStr, String caId) throws Exception { - KeyStore trustStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore trustStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); trustStore.load(null, null); trustStore.setCertificateEntry("tlcp-trust-demo", loadCert(caStr, caId)); return trustStore; @@ -315,7 +312,7 @@ private static KeyStore createKeyStore( String signEeStr, String signEeId, String signEeKeyStr, String encEeStr, String encEeId, String encEeKeyStr) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); keyStore.setKeyEntry("tlcp-sign-ee-demo", @@ -332,8 +329,8 @@ private static KeyStore createKeyStore( private static X509Certificate loadCert(String certPEM, String id) throws Exception { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory( - "X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance( + "X.509", "KonaPKIX"); X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate( new ByteArrayInputStream(certPEM.getBytes())); @@ -348,7 +345,7 @@ private static X509Certificate loadCert(String certPEM, String id) private static PrivateKey loadPrivateKey(String keyPEM) throws Exception { PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(keyPEM)); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); return keyFactory.generatePrivate(privateKeySpec); } diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithHttpClientDemo.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithHttpClientDemo.java index 8e2c311c..20f9dba6 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithHttpClientDemo.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithHttpClientDemo.java @@ -19,9 +19,6 @@ package com.tencent.kona.ssl.demo; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import com.tencent.kona.sun.security.x509.SMCertificate; import org.apache.http.client.methods.CloseableHttpResponse; @@ -285,7 +282,7 @@ private static void createStoreFiles() throws Exception { private static void createTrustStoreFile(String caStr, String caId) throws Exception { - KeyStore trustStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore trustStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); trustStore.load(null, null); trustStore.setCertificateEntry("tlcp-trust-demo", loadCert(caStr, caId)); try (FileOutputStream out = new FileOutputStream(TRUSTSTORE.toFile())) { @@ -297,7 +294,7 @@ private static void createKeyStoreFile( String signEeStr, String signEeId, String signEeKeyStr, String encEeStr, String encEeId, String encEeKeyStr) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); keyStore.setKeyEntry("tlcp-sign-ee-demo", @@ -316,8 +313,8 @@ private static void createKeyStoreFile( private static X509Certificate loadCert(String certPEM, String id) throws Exception { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory( - "X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance( + "X.509", "KonaPKIX"); X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate( new ByteArrayInputStream(certPEM.getBytes())); @@ -332,7 +329,7 @@ private static X509Certificate loadCert(String certPEM, String id) private static PrivateKey loadPrivateKey(String keyPEM) throws Exception { PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(keyPEM)); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC"); return keyFactory.generatePrivate(privateKeySpec); } @@ -404,25 +401,25 @@ private static CloseableHttpClient createClient() throws Exception { private static SSLContext createContext() throws Exception { // Load trust store - KeyStore trustStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore trustStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); try (FileInputStream keyStoreIn = new FileInputStream( TRUSTSTORE.toFile())) { trustStore.load(keyStoreIn, PASSWORD.toCharArray()); } - TrustManagerFactory tmf = SSLInsts.getTrustManagerFactory("PKIX"); + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "KonaSSL"); tmf.init(trustStore); // Load key store - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); try (FileInputStream keyStoreIn = new FileInputStream( KEYSTORE.toFile())) { keyStore.load(keyStoreIn, PASSWORD.toCharArray()); } - KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "KonaSSL"); kmf.init(keyStore, PASSWORD.toCharArray()); - SSLContext context = SSLInsts.getSSLContext("TLCPv1.1"); + SSLContext context = SSLContext.getInstance("TLCPv1.1", "KonaSSL"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); return context; } diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithJettyDemo.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithJettyDemo.java index 7b87483d..5e4a89c7 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithJettyDemo.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithJettyDemo.java @@ -19,9 +19,6 @@ package com.tencent.kona.ssl.demo; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import com.tencent.kona.sun.security.x509.SMCertificate; import org.eclipse.jetty.client.HttpClient; @@ -308,23 +305,23 @@ private static HttpClient createClient() throws Exception { private static SSLContext createContext() throws Exception { KeyStore trustStore = createTrustStore(CA, null); - TrustManagerFactory tmf = SSLInsts.getTrustManagerFactory("PKIX"); + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "KonaSSL"); tmf.init(trustStore); KeyStore keyStore = createKeyStore( SIGN_EE, SIGN_EE_ID, SIGN_EE_KEY, ENC_EE, ENC_EE_ID, ENC_EE_KEY); - KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "KonaSSL"); kmf.init(keyStore, PASSWORD.toCharArray()); - SSLContext context = SSLInsts.getSSLContext("TLCPv1.1"); + SSLContext context = SSLContext.getInstance("TLCPv1.1", "KonaSSL"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); return context; } private static KeyStore createTrustStore(String caStr, String caId) throws Exception { - KeyStore trustStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore trustStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); trustStore.load(null, null); trustStore.setCertificateEntry("tlcp-trust-demo", loadCert(caStr, caId)); return trustStore; @@ -334,7 +331,7 @@ private static KeyStore createKeyStore( String signEeStr, String signEeId, String signEeKeyStr, String encEeStr, String encEeId, String encEeKeyStr) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); keyStore.setKeyEntry("tlcp-sign-ee-demo", @@ -351,8 +348,8 @@ private static KeyStore createKeyStore( private static X509Certificate loadCert(String certPEM, String id) throws Exception { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory( - "X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance( + "X.509", "KonaPKIX"); X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate( new ByteArrayInputStream(certPEM.getBytes())); @@ -367,7 +364,7 @@ private static X509Certificate loadCert(String certPEM, String id) private static PrivateKey loadPrivateKey(String keyPEM) throws Exception { PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(keyPEM)); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); return keyFactory.generatePrivate(privateKeySpec); } diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithNettyDemo.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithNettyDemo.java index c7bee7c9..8cc1d79e 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithNettyDemo.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithNettyDemo.java @@ -19,9 +19,6 @@ package com.tencent.kona.ssl.demo; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import com.tencent.kona.sun.security.x509.SMCertificate; import io.netty.bootstrap.Bootstrap; @@ -407,23 +404,23 @@ private static JdkSslContext createJdkContext(boolean isClient) private static SSLContext createContext() throws Exception { KeyStore trustStore = createTrustStore(CA, null); - TrustManagerFactory tmf = SSLInsts.getTrustManagerFactory("PKIX"); + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "KonaSSL"); tmf.init(trustStore); KeyStore keyStore = createKeyStore( SIGN_EE, SIGN_EE_ID, SIGN_EE_KEY, ENC_EE, ENC_EE_ID, ENC_EE_KEY); - KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "KonaSSL"); kmf.init(keyStore, PASSWORD.toCharArray()); - SSLContext context = SSLInsts.getSSLContext("TLCPv1.1"); + SSLContext context = SSLContext.getInstance("TLCPv1.1", "KonaSSL"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); return context; } private static KeyStore createTrustStore(String caStr, String caId) throws Exception { - KeyStore trustStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore trustStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); trustStore.load(null, null); trustStore.setCertificateEntry("tlcp-trust-demo", loadCert(caStr, caId)); return trustStore; @@ -433,7 +430,7 @@ private static KeyStore createKeyStore( String signEeStr, String signEeId, String signEeKeyStr, String encEeStr, String encEeId, String encEeKeyStr) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); keyStore.setKeyEntry("tlcp-sign-ee-demo", @@ -450,8 +447,8 @@ private static KeyStore createKeyStore( private static X509Certificate loadCert(String certPEM, String id) throws Exception { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory( - "X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance( + "X.509", "KonaPKIX"); X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate( new ByteArrayInputStream(certPEM.getBytes())); @@ -466,7 +463,7 @@ private static X509Certificate loadCert(String certPEM, String id) private static PrivateKey loadPrivateKey(String keyPEM) throws Exception { PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(keyPEM)); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); return keyFactory.generatePrivate(privateKeySpec); } } diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithTomcatDemo.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithTomcatDemo.java index 10b16825..49f37599 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithTomcatDemo.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithTomcatDemo.java @@ -19,9 +19,6 @@ package com.tencent.kona.ssl.demo; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import com.tencent.kona.sun.security.x509.SMCertificate; import org.apache.catalina.Context; @@ -66,6 +63,7 @@ import java.security.KeyManagementException; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.SecureRandom; import java.security.cert.Certificate; @@ -335,23 +333,23 @@ private static HttpClient createClient() throws Exception { private static SSLContext createContext() throws Exception { KeyStore trustStore = createTrustStore(CA, null); - TrustManagerFactory tmf = SSLInsts.getTrustManagerFactory("PKIX"); + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "KonaSSL"); tmf.init(trustStore); KeyStore keyStore = createKeyStore( SIGN_EE, SIGN_EE_ID, SIGN_EE_KEY, ENC_EE, ENC_EE_ID, ENC_EE_KEY); - KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "KonaSSL"); kmf.init(keyStore, PASSWORD.toCharArray()); - SSLContext context = SSLInsts.getSSLContext("TLCPv1.1"); + SSLContext context = SSLContext.getInstance("TLCPv1.1", "KonaSSL"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); return context; } private static KeyStore createTrustStore(String caStr, String caId) throws Exception { - KeyStore trustStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore trustStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); trustStore.load(null, null); trustStore.setCertificateEntry("tlcp-trust-demo", loadCert(caStr, caId)); return trustStore; @@ -361,7 +359,7 @@ private static KeyStore createKeyStore( String signEeStr, String signEeId, String signEeKeyStr, String encEeStr, String encEeId, String encEeKeyStr) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); keyStore.setKeyEntry("tlcp-sign-ee-demo", @@ -378,8 +376,8 @@ private static KeyStore createKeyStore( private static X509Certificate loadCert(String certPEM, String id) throws Exception { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory( - "X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance( + "X.509", "KonaPKIX"); X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate( new ByteArrayInputStream(certPEM.getBytes())); @@ -394,7 +392,7 @@ private static X509Certificate loadCert(String certPEM, String id) private static PrivateKey loadPrivateKey(String keyPEM) throws Exception { PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(keyPEM)); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); return keyFactory.generatePrivate(privateKeySpec); } @@ -466,7 +464,7 @@ protected KonaSSLUtil(SSLHostConfigCertificate certificate, @Override public KeyManager[] getKeyManagers() throws Exception { - KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "KonaSSL"); kmf.init(certificate.getCertificateKeystore(), certificate.getCertificateKeystorePassword().toCharArray()); return kmf.getKeyManagers(); @@ -495,7 +493,8 @@ protected boolean isTls13RenegAuthAvailable() { @Override public org.apache.tomcat.util.net.SSLContext createSSLContextInternal( - List negotiableProtocols) throws NoSuchAlgorithmException { + List negotiableProtocols) + throws NoSuchAlgorithmException, NoSuchProviderException { return new KonaSSLContext(sslHostConfig.getSslProtocol()); } } @@ -507,8 +506,9 @@ public static class KonaSSLContext private KeyManager[] kms; private TrustManager[] tms; - public KonaSSLContext(String protocol) throws NoSuchAlgorithmException { - context = SSLInsts.getSSLContext(protocol); + public KonaSSLContext(String protocol) + throws NoSuchAlgorithmException, NoSuchProviderException { + context = SSLContext.getInstance(protocol, "KonaSSL"); } @Override diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithoutCertValidationDemo.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithoutCertValidationDemo.java index 2994ffc7..ddea1f5a 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithoutCertValidationDemo.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLCPWithoutCertValidationDemo.java @@ -19,9 +19,6 @@ package com.tencent.kona.ssl.demo; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import com.tencent.kona.sun.security.x509.SMCertificate; import org.apache.http.client.methods.CloseableHttpResponse; @@ -282,7 +279,7 @@ private static void createStoreFiles() throws Exception { private static void createTrustStoreFile(String caStr, String caId) throws Exception { - KeyStore trustStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore trustStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); trustStore.load(null, null); trustStore.setCertificateEntry("tlcp-trust-demo", loadCert(caStr, caId)); try (FileOutputStream out = new FileOutputStream( @@ -295,7 +292,7 @@ private static void createKeyStoreFile( String signEeStr, String signEeId, String signEeKeyStr, String encEeStr, String encEeId, String encEeKeyStr) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); keyStore.setKeyEntry("tlcp-sign-ee-demo", @@ -315,8 +312,8 @@ private static void createKeyStoreFile( private static X509Certificate loadCert(String certPEM, String id) throws Exception { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory( - "X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance( + "X.509", "KonaPKIX"); X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate( new ByteArrayInputStream(certPEM.getBytes())); @@ -331,7 +328,7 @@ private static X509Certificate loadCert(String certPEM, String id) private static PrivateKey loadPrivateKey(String keyPEM) throws Exception { PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(keyPEM)); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); return keyFactory.generatePrivate(privateKeySpec); } @@ -404,13 +401,13 @@ private static CloseableHttpClient createClient() throws Exception { private static SSLContext createContext() throws Exception { // Load trust store - KeyStore trustStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore trustStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); try (FileInputStream keyStoreIn = new FileInputStream( TRUSTSTORE.toFile())) { trustStore.load(keyStoreIn, PASSWORD.toCharArray()); } - TrustManagerFactory tmf = SSLInsts.getTrustManagerFactory("PKIX"); + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "KonaSSL"); tmf.init(trustStore); // Create the custom trust managers with the existing trust managers. @@ -424,15 +421,15 @@ private static SSLContext createContext() throws Exception { } // Load key store - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); try (FileInputStream keyStoreIn = new FileInputStream( KEYSTORE.toFile())) { keyStore.load(keyStoreIn, PASSWORD.toCharArray()); } - KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "KonaSSL"); kmf.init(keyStore, PASSWORD.toCharArray()); - SSLContext context = SSLInsts.getSSLContext("TLCPv1.1"); + SSLContext context = SSLContext.getInstance("TLCPv1.1", "KonaSSL"); context.init(kmf.getKeyManagers(), trustManagers, new SecureRandom()); return context; } diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithGRPCDemo.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithGRPCDemo.java index ae7e14dc..bd358561 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithGRPCDemo.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithGRPCDemo.java @@ -19,9 +19,6 @@ package com.tencent.kona.ssl.demo; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import com.tencent.kona.sun.security.x509.SMCertificate; import io.grpc.Channel; @@ -228,21 +225,21 @@ private static JdkSslContext createJdkContext(boolean isClient) private static SSLContext createContext() throws Exception { KeyStore trustStore = createTrustStore(CA, null); - TrustManagerFactory tmf = SSLInsts.getTrustManagerFactory("PKIX"); + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "KonaSSL"); tmf.init(trustStore); KeyStore keyStore = createKeyStore(EE, EE_ID, EE_KEY); - KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "KonaSSL"); kmf.init(keyStore, PASSWORD.toCharArray()); - SSLContext context = SSLInsts.getSSLContext("TLS"); + SSLContext context = SSLContext.getInstance("TLS", "KonaSSL"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); return context; } private static KeyStore createTrustStore(String caStr, String caId) throws Exception { - KeyStore trustStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore trustStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); trustStore.load(null, null); trustStore.setCertificateEntry("tls-trust-demo", loadCert(caStr, caId)); return trustStore; @@ -251,7 +248,7 @@ private static KeyStore createTrustStore(String caStr, String caId) private static KeyStore createKeyStore( String eeStr, String eeId, String eeKeyStr) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); PrivateKey privateKey = loadPrivateKey(eeKeyStr); @@ -265,7 +262,7 @@ private static KeyStore createKeyStore( private static X509Certificate loadCert(String certPEM, String id) throws Exception { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance("X.509", "KonaPKIX"); X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate( new ByteArrayInputStream(certPEM.getBytes())); @@ -280,7 +277,7 @@ private static X509Certificate loadCert(String certPEM, String id) private static PrivateKey loadPrivateKey(String keyPEM) throws Exception { PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(keyPEM)); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); return keyFactory.generatePrivate(privateKeySpec); } diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithJettyDemo.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithJettyDemo.java index 0a0f28ab..9d14ba7c 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithJettyDemo.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithJettyDemo.java @@ -19,9 +19,6 @@ package com.tencent.kona.ssl.demo; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import com.tencent.kona.sun.security.x509.SMCertificate; import org.eclipse.jetty.client.HttpClient; @@ -247,21 +244,21 @@ private static HttpClient createClient() throws Exception { private static SSLContext createContext() throws Exception { KeyStore trustStore = createTrustStore(CA, null); - TrustManagerFactory tmf = SSLInsts.getTrustManagerFactory("PKIX"); + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "KonaSSL"); tmf.init(trustStore); KeyStore keyStore = createKeyStore(EE, EE_ID, EE_KEY); - KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "KonaSSL"); kmf.init(keyStore, PASSWORD.toCharArray()); - SSLContext context = SSLInsts.getSSLContext("TLS"); + SSLContext context = SSLContext.getInstance("TLS", "KonaSSL"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); return context; } private static KeyStore createTrustStore(String caStr, String caId) throws Exception { - KeyStore trustStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore trustStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); trustStore.load(null, null); trustStore.setCertificateEntry("tls-trust-demo", loadCert(caStr, caId)); return trustStore; @@ -270,7 +267,7 @@ private static KeyStore createTrustStore(String caStr, String caId) private static KeyStore createKeyStore( String eeStr, String eeId, String eeKeyStr) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); PrivateKey privateKey = loadPrivateKey(eeKeyStr); @@ -284,8 +281,8 @@ private static KeyStore createKeyStore( private static X509Certificate loadCert(String certPEM, String id) throws Exception { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory( - "X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance( + "X.509", "KonaPKIX"); X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate( new ByteArrayInputStream(certPEM.getBytes())); @@ -300,7 +297,7 @@ private static X509Certificate loadCert(String certPEM, String id) private static PrivateKey loadPrivateKey(String keyPEM) throws Exception { PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(keyPEM)); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); return keyFactory.generatePrivate(privateKeySpec); } diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithOkHttpDemo.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithOkHttpDemo.java index ab42d1fc..581af4a1 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithOkHttpDemo.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithOkHttpDemo.java @@ -19,9 +19,6 @@ package com.tencent.kona.ssl.demo; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import com.tencent.kona.sun.security.x509.SMCertificate; import okhttp3.ConnectionSpec; @@ -245,7 +242,7 @@ private static OkHttpClient createClient() throws Exception { SSLContext sslContext = createContext(); KeyStore trustStore = createTrustStore(CA, null); - TrustManagerFactory tmf = SSLInsts.getTrustManagerFactory("PKIX"); + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "KonaSSL"); tmf.init(trustStore); ConnectionSpec spec = new ConnectionSpec.Builder(ConnectionSpec.MODERN_TLS) @@ -264,21 +261,21 @@ private static OkHttpClient createClient() throws Exception { private static SSLContext createContext() throws Exception { KeyStore trustStore = createTrustStore(CA, null); - TrustManagerFactory tmf = SSLInsts.getTrustManagerFactory("PKIX"); + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "KonaSSL"); tmf.init(trustStore); KeyStore keyStore = createKeyStore(EE, EE_ID, EE_KEY); - KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "KonaSSL"); kmf.init(keyStore, PASSWORD.toCharArray()); - SSLContext context = SSLInsts.getSSLContext("TLS"); + SSLContext context = SSLContext.getInstance("TLS", "KonaSSL"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); return context; } private static KeyStore createTrustStore(String caStr, String caId) throws Exception { - KeyStore trustStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore trustStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); trustStore.load(null, null); trustStore.setCertificateEntry("tls-trust-demo", loadCert(caStr, caId)); return trustStore; @@ -287,7 +284,7 @@ private static KeyStore createTrustStore(String caStr, String caId) private static KeyStore createKeyStore( String eeStr, String eeId, String eeKeyStr) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); PrivateKey privateKey = loadPrivateKey(eeKeyStr); @@ -301,8 +298,8 @@ private static KeyStore createKeyStore( private static X509Certificate loadCert(String certPEM, String id) throws Exception { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory( - "X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance( + "X.509", "KonaPKIX"); X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate( new ByteArrayInputStream(certPEM.getBytes())); @@ -317,7 +314,7 @@ private static X509Certificate loadCert(String certPEM, String id) private static PrivateKey loadPrivateKey(String keyPEM) throws Exception { PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(keyPEM)); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); return keyFactory.generatePrivate(privateKeySpec); } diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithTomcatDemo.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithTomcatDemo.java index ad298a40..8952a080 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithTomcatDemo.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/demo/TLSWithTomcatDemo.java @@ -19,9 +19,6 @@ package com.tencent.kona.ssl.demo; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import com.tencent.kona.sun.security.x509.SMCertificate; import org.apache.catalina.Context; @@ -66,6 +63,7 @@ import java.security.KeyManagementException; import java.security.KeyStore; import java.security.NoSuchAlgorithmException; +import java.security.NoSuchProviderException; import java.security.PrivateKey; import java.security.SecureRandom; import java.security.cert.Certificate; @@ -269,21 +267,21 @@ private static HttpClient createClient() throws Exception { private static SSLContext createContext() throws Exception { KeyStore trustStore = createTrustStore(CA, null); - TrustManagerFactory tmf = SSLInsts.getTrustManagerFactory("PKIX"); + TrustManagerFactory tmf = TrustManagerFactory.getInstance("PKIX", "KonaSSL"); tmf.init(trustStore); KeyStore keyStore = createKeyStore(EE, EE_ID, EE_KEY); - KeyManagerFactory kmf = SSLInsts.getKeyManagerFactory("NewSunX509"); + KeyManagerFactory kmf = KeyManagerFactory.getInstance("NewSunX509", "KonaSSL"); kmf.init(keyStore, PASSWORD.toCharArray()); - SSLContext context = SSLInsts.getSSLContext("TLS"); + SSLContext context = SSLContext.getInstance("TLS", "KonaSSL"); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), new SecureRandom()); return context; } private static KeyStore createTrustStore(String caStr, String caId) throws Exception { - KeyStore trustStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore trustStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); trustStore.load(null, null); trustStore.setCertificateEntry("tls-trust-demo", loadCert(caStr, caId)); return trustStore; @@ -292,7 +290,7 @@ private static KeyStore createTrustStore(String caStr, String caId) private static KeyStore createKeyStore( String eeStr, String eeId, String eeKeyStr) throws Exception { - KeyStore keyStore = PKIXInsts.getKeyStore("PKCS12"); + KeyStore keyStore = KeyStore.getInstance("PKCS12", "KonaPKIX"); keyStore.load(null, null); PrivateKey privateKey = loadPrivateKey(eeKeyStr); @@ -306,8 +304,8 @@ private static KeyStore createKeyStore( private static X509Certificate loadCert(String certPEM, String id) throws Exception { - CertificateFactory certFactory = PKIXInsts.getCertificateFactory( - "X.509"); + CertificateFactory certFactory = CertificateFactory.getInstance( + "X.509", "KonaPKIX"); X509Certificate x509Cert = (X509Certificate) certFactory.generateCertificate( new ByteArrayInputStream(certPEM.getBytes())); @@ -322,7 +320,7 @@ private static X509Certificate loadCert(String certPEM, String id) private static PrivateKey loadPrivateKey(String keyPEM) throws Exception { PKCS8EncodedKeySpec privateKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(keyPEM)); - KeyFactory keyFactory = CryptoInsts.getKeyFactory("EC"); + KeyFactory keyFactory = KeyFactory.getInstance("EC", "KonaCrypto"); return keyFactory.generatePrivate(privateKeySpec); } @@ -410,7 +408,8 @@ protected boolean isTls13RenegAuthAvailable() { @Override public org.apache.tomcat.util.net.SSLContext createSSLContextInternal( - List negotiableProtocols) throws NoSuchAlgorithmException { + List negotiableProtocols) + throws NoSuchAlgorithmException, NoSuchProviderException { return new KonaSSLContext(sslHostConfig.getSslProtocol()); } } @@ -422,8 +421,9 @@ public static class KonaSSLContext private KeyManager[] kms; private TrustManager[] tms; - public KonaSSLContext(String protocol) throws NoSuchAlgorithmException { - context = SSLInsts.getSSLContext(protocol); + public KonaSSLContext(String protocol) + throws NoSuchAlgorithmException, NoSuchProviderException { + context = SSLContext.getInstance(protocol, "KonaSSL"); } @Override diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/SSLEngineTest.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/SSLEngineTest.java index 2dd12e6d..3db490ce 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/SSLEngineTest.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/SSLEngineTest.java @@ -26,9 +26,6 @@ package com.tencent.kona.ssl.tlcp; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; @@ -123,12 +120,12 @@ public static SSLContext createSSLContext( char[] passphrase = "passphrase".toCharArray(); // Generate certificate from cert string. - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); // Import the trused certs. ByteArrayInputStream is; if (trustedCerts != null && trustedCerts.length != 0) { - ts = PKIXInsts.getKeyStore("PKCS12"); + ts = KeyStore.getInstance("PKCS12", "KonaPKIX"); ts.load(null, null); Certificate[] trustedCert = new Certificate[trustedCerts.length]; @@ -147,15 +144,15 @@ public static SSLContext createSSLContext( // Import the key materials. if (endEntityCerts != null && endEntityCerts.length != 0) { - ks = PKIXInsts.getKeyStore("PKCS12"); + ks = KeyStore.getInstance("PKCS12", "KonaPKIX"); ks.load(null, null); for (int i = 0; i < endEntityCerts.length; i++) { // generate the private key. PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(endEntityCerts[i].privKeyStr)); - KeyFactory kf = CryptoInsts.getKeyFactory( - endEntityCerts[i].keyAlgo); + KeyFactory kf = KeyFactory.getInstance( + endEntityCerts[i].keyAlgo, "KonaCrypto"); PrivateKey priKey = kf.generatePrivate(priKeySpec); // generate certificate chain @@ -178,13 +175,13 @@ public static SSLContext createSSLContext( // Create an SSLContext object. TrustManagerFactory tmf = - SSLInsts.getTrustManagerFactory(params.tmAlgorithm); + TrustManagerFactory.getInstance(params.tmAlgorithm, "KonaSSL"); tmf.init(ts); - SSLContext context = SSLInsts.getSSLContext(params.contextProtocol); + SSLContext context = SSLContext.getInstance(params.contextProtocol, "KonaSSL"); if (endEntityCerts != null && endEntityCerts.length != 0 && ks != null) { KeyManagerFactory kmf = - SSLInsts.getKeyManagerFactory(params.kmAlgorithm); + KeyManagerFactory.getInstance(params.kmAlgorithm, "KonaSSL"); kmf.init(ks, passphrase); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/SSLSocketTest.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/SSLSocketTest.java index 6e215c10..af637c57 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/SSLSocketTest.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/tlcp/SSLSocketTest.java @@ -36,9 +36,6 @@ package com.tencent.kona.ssl.tlcp; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; @@ -409,12 +406,12 @@ public static SSLContext createSSLContext( char passphrase[] = "passphrase".toCharArray(); // Generate certificate from cert string. - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); // Import the trused certs. ByteArrayInputStream is; if (trustedCerts != null && trustedCerts.length != 0) { - ts = PKIXInsts.getKeyStore("PKCS12"); + ts = KeyStore.getInstance("PKCS12", "KonaPKIX"); ts.load(null, null); Certificate[] trustedCert = new Certificate[trustedCerts.length]; @@ -433,15 +430,15 @@ public static SSLContext createSSLContext( // Import the key materials. if (endEntityCerts != null && endEntityCerts.length != 0) { - ks = PKIXInsts.getKeyStore("PKCS12"); + ks = KeyStore.getInstance("PKCS12", "KonaPKIX"); ks.load(null, null); for (int i = 0; i < endEntityCerts.length; i++) { // generate the private key. PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(endEntityCerts[i].privKeyStr)); - KeyFactory kf = CryptoInsts.getKeyFactory( - endEntityCerts[i].keyAlgo); + KeyFactory kf = KeyFactory.getInstance( + endEntityCerts[i].keyAlgo, "KonaCrypto"); PrivateKey priKey = kf.generatePrivate(priKeySpec); // generate certificate chain @@ -464,13 +461,13 @@ public static SSLContext createSSLContext( // Create an SSLContext object. TrustManagerFactory tmf = - SSLInsts.getTrustManagerFactory(params.tmAlgorithm); + TrustManagerFactory.getInstance(params.tmAlgorithm, "KonaSSL"); tmf.init(ts); - SSLContext context = SSLInsts.getSSLContext(params.contextProtocol); + SSLContext context = SSLContext.getInstance(params.contextProtocol, "KonaSSL"); if (endEntityCerts != null && endEntityCerts.length != 0 && ks != null) { KeyManagerFactory kmf = - SSLInsts.getKeyManagerFactory(params.kmAlgorithm); + KeyManagerFactory.getInstance(params.kmAlgorithm, "KonaSSL"); kmf.init(ks, passphrase); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/tls/SSLSocketOnTLS12Test.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/tls/SSLSocketOnTLS12Test.java index 9d6770dc..2f01ae4e 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/tls/SSLSocketOnTLS12Test.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/tls/SSLSocketOnTLS12Test.java @@ -36,9 +36,6 @@ package com.tencent.kona.ssl.tls; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; @@ -409,12 +406,12 @@ public static SSLContext createSSLContext( char passphrase[] = "passphrase".toCharArray(); // Generate certificate from cert string. - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); // Import the trused certs. ByteArrayInputStream is; if (trustedCerts != null && trustedCerts.length != 0) { - ts = PKIXInsts.getKeyStore("PKCS12"); + ts = KeyStore.getInstance("PKCS12", "KonaPKIX"); ts.load(null, null); Certificate[] trustedCert = new Certificate[trustedCerts.length]; @@ -433,15 +430,15 @@ public static SSLContext createSSLContext( // Import the key materials. if (endEntityCerts != null && endEntityCerts.length != 0) { - ks = PKIXInsts.getKeyStore("PKCS12"); + ks = KeyStore.getInstance("PKCS12", "KonaPKIX"); ks.load(null, null); for (int i = 0; i < endEntityCerts.length; i++) { // generate the private key. PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(endEntityCerts[i].privKeyStr)); - KeyFactory kf = CryptoInsts.getKeyFactory( - endEntityCerts[i].keyAlgo); + KeyFactory kf = KeyFactory.getInstance( + endEntityCerts[i].keyAlgo, "KonaCrypto"); PrivateKey priKey = kf.generatePrivate(priKeySpec); // generate certificate chain @@ -464,13 +461,13 @@ public static SSLContext createSSLContext( // Create an SSLContext object. TrustManagerFactory tmf = - SSLInsts.getTrustManagerFactory(params.tmAlgorithm); + TrustManagerFactory.getInstance(params.tmAlgorithm, "KonaSSL"); tmf.init(ts); - SSLContext context = SSLInsts.getSSLContext(params.contextProtocol); + SSLContext context = SSLContext.getInstance(params.contextProtocol, "KonaSSL"); if (endEntityCerts != null && endEntityCerts.length != 0 && ks != null) { KeyManagerFactory kmf = - SSLInsts.getKeyManagerFactory(params.kmAlgorithm); + KeyManagerFactory.getInstance(params.kmAlgorithm, "KonaSSL"); kmf.init(ks, passphrase); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null); diff --git a/kona-ssl/src/test/java/com/tencent/kona/ssl/tls/SSLSocketOnTLS13Test.java b/kona-ssl/src/test/java/com/tencent/kona/ssl/tls/SSLSocketOnTLS13Test.java index bdc987c8..edc9578e 100644 --- a/kona-ssl/src/test/java/com/tencent/kona/ssl/tls/SSLSocketOnTLS13Test.java +++ b/kona-ssl/src/test/java/com/tencent/kona/ssl/tls/SSLSocketOnTLS13Test.java @@ -36,9 +36,6 @@ package com.tencent.kona.ssl.tls; -import com.tencent.kona.crypto.CryptoInsts; -import com.tencent.kona.pkix.PKIXInsts; -import com.tencent.kona.ssl.SSLInsts; import com.tencent.kona.ssl.TestUtils; import org.junit.jupiter.api.BeforeAll; import org.junit.jupiter.api.Test; @@ -409,12 +406,12 @@ public static SSLContext createSSLContext( char passphrase[] = "passphrase".toCharArray(); // Generate certificate from cert string. - CertificateFactory cf = PKIXInsts.getCertificateFactory("X.509"); + CertificateFactory cf = CertificateFactory.getInstance("X.509", "KonaPKIX"); // Import the trused certs. ByteArrayInputStream is; if (trustedCerts != null && trustedCerts.length != 0) { - ts = PKIXInsts.getKeyStore("PKCS12"); + ts = KeyStore.getInstance("PKCS12", "KonaPKIX"); ts.load(null, null); Certificate[] trustedCert = new Certificate[trustedCerts.length]; @@ -433,15 +430,15 @@ public static SSLContext createSSLContext( // Import the key materials. if (endEntityCerts != null && endEntityCerts.length != 0) { - ks = PKIXInsts.getKeyStore("PKCS12"); + ks = KeyStore.getInstance("PKCS12", "KonaPKIX"); ks.load(null, null); for (int i = 0; i < endEntityCerts.length; i++) { // generate the private key. PKCS8EncodedKeySpec priKeySpec = new PKCS8EncodedKeySpec( Base64.getMimeDecoder().decode(endEntityCerts[i].privKeyStr)); - KeyFactory kf = CryptoInsts.getKeyFactory( - endEntityCerts[i].keyAlgo); + KeyFactory kf = KeyFactory.getInstance( + endEntityCerts[i].keyAlgo, "KonaCrypto"); PrivateKey priKey = kf.generatePrivate(priKeySpec); // generate certificate chain @@ -464,13 +461,13 @@ public static SSLContext createSSLContext( // Create an SSLContext object. TrustManagerFactory tmf = - SSLInsts.getTrustManagerFactory(params.tmAlgorithm); + TrustManagerFactory.getInstance(params.tmAlgorithm, "KonaSSL"); tmf.init(ts); - SSLContext context = SSLInsts.getSSLContext(params.contextProtocol); + SSLContext context = SSLContext.getInstance(params.contextProtocol, "KonaSSL"); if (endEntityCerts != null && endEntityCerts.length != 0 && ks != null) { KeyManagerFactory kmf = - SSLInsts.getKeyManagerFactory(params.kmAlgorithm); + KeyManagerFactory.getInstance(params.kmAlgorithm, "KonaSSL"); kmf.init(ks, passphrase); context.init(kmf.getKeyManagers(), tmf.getTrustManagers(), null);