Improved keystore type handling

dajudge · dajudge · commit 063e4fca4efe · 2021-08-27T09:15:59.000+02:00
diff --git a/cautils/src/main/java/com/dajudge/proxybase/ca/Helpers.java b/cautils/src/main/java/com/dajudge/proxybase/ca/Helpers.java
@@ -133,7 +133,7 @@ public static byte[] serialize(final KeyStore keyStore, final char[] password) {
         });
     }
 
-    public static KeyStore createJks(
+    public static KeyStore createKeyStore(
             final ThrowingConsumer<KeyStore> withKeyStore,
             final String type
     ) {
diff --git a/cautils/src/main/java/com/dajudge/proxybase/ca/selfsign/CertificateAuthority.java b/cautils/src/main/java/com/dajudge/proxybase/ca/selfsign/CertificateAuthority.java
@@ -49,7 +49,7 @@ private PrivateKey caPrivateKey() {
     }
 
     public KeyStore getTrustStore(final String type) {
-        return Helpers.createJks(keyStore -> {
+        return Helpers.createKeyStore(keyStore -> {
             keyStore.setCertificateEntry("ca", caCert());
         }, type);
     }
diff --git a/proxybase/src/main/java/com/dajudge/proxybase/certs/ReloadingKeyStoreManager.java b/proxybase/src/main/java/com/dajudge/proxybase/certs/ReloadingKeyStoreManager.java
@@ -34,8 +34,8 @@ public class ReloadingKeyStoreManager implements KeyStoreManager {
     private final long updateIntervalMsecs;
     private final Object keyStoreLock = new Object();
     private final Object clockLock = new Object();
-    private long lastUpdate;
     private final AtomicBoolean loading = new AtomicBoolean();
+    private long lastUpdate;
     private KeyStoreWrapper keyStore;
 
     public ReloadingKeyStoreManager(
@@ -60,6 +60,7 @@ public static ReloadingKeyStoreManager createReloader(
         );
     }
 
+    @Override
     public KeyStoreWrapper getKeyStore() {
         updateIfNecessary();
         synchronized (keyStoreLock) {
diff --git a/proxybase/src/test/java/com/dajudge/proxybase/BaseProxyTest.java b/proxybase/src/test/java/com/dajudge/proxybase/BaseProxyTest.java
@@ -44,15 +44,15 @@
 
 public abstract class BaseProxyTest {
     private static final Logger LOG = LoggerFactory.getLogger(BaseProxyTest.class);
-
+    protected static final String KEYSTORE_TYPE = "jks";
     static final TestCertificationAuthority DOWNSTREAM_SERVER_CA =
-            new TestCertificationAuthority(System::currentTimeMillis, "cn=downstreamServerCA");
+            new TestCertificationAuthority(System::currentTimeMillis, "cn=downstreamServerCA", KEYSTORE_TYPE);
     static final TestCertificationAuthority DOWNSTREAM_CLIENT_CA =
-            new TestCertificationAuthority(System::currentTimeMillis, "cn=downstreamClientCA");
+            new TestCertificationAuthority(System::currentTimeMillis, "cn=downstreamClientCA", KEYSTORE_TYPE);
     static final TestCertificationAuthority UPSTREAM_SERVER_CA =
-            new TestCertificationAuthority(System::currentTimeMillis, "cn=downstreamServerCA");
+            new TestCertificationAuthority(System::currentTimeMillis, "cn=downstreamServerCA", KEYSTORE_TYPE);
     static final TestCertificationAuthority UPSTREAM_CLIENT_CA =
-            new TestCertificationAuthority(System::currentTimeMillis, "cn=downstreamClientCA");
+            new TestCertificationAuthority(System::currentTimeMillis, "cn=downstreamClientCA", KEYSTORE_TYPE);
 
     private void withDownstreamServer(
             final SslConfiguration sslConfig,
diff --git a/proxybase/src/test/java/com/dajudge/proxybase/HotCertReplaceTest.java b/proxybase/src/test/java/com/dajudge/proxybase/HotCertReplaceTest.java
@@ -35,19 +35,20 @@
 public class HotCertReplaceTest extends BaseProxyTest {
     private final TestKeyStoreManager downstreamClientKeyStore = new TestKeyStoreManager(
             DOWNSTREAM_CLIENT_CA,
-            "cn=downstreamClient"
+            "cn=downstreamClient",
+            KEYSTORE_TYPE
     );
     private final SslConfiguration downstreamMtls = new TwoWaySslConfiguration(
             downstreamClientKeyStore,
-            () -> new KeyStoreWrapper(DOWNSTREAM_SERVER_CA.getTrustStore("jks"), null),
-            new TestKeyStoreManager(DOWNSTREAM_SERVER_CA, "cn=downstreamServer"),
-            () -> new KeyStoreWrapper(DOWNSTREAM_CLIENT_CA.getTrustStore("jks"), null)
+            () -> new KeyStoreWrapper(DOWNSTREAM_SERVER_CA.getTrustStore(KEYSTORE_TYPE), null),
+            new TestKeyStoreManager(DOWNSTREAM_SERVER_CA, "cn=downstreamServer", KEYSTORE_TYPE),
+            () -> new KeyStoreWrapper(DOWNSTREAM_CLIENT_CA.getTrustStore(KEYSTORE_TYPE), null)
     );
     private final SslConfiguration upstreamMtls = new TwoWaySslConfiguration(
-            new TestKeyStoreManager(UPSTREAM_CLIENT_CA, "cn=upstreamClient"),
-            () -> new KeyStoreWrapper(UPSTREAM_SERVER_CA.getTrustStore("jks"), null),
-            new TestKeyStoreManager(UPSTREAM_SERVER_CA, "cn=upstreamServer"),
-            () -> new KeyStoreWrapper(UPSTREAM_CLIENT_CA.getTrustStore("jks"), null)
+            new TestKeyStoreManager(UPSTREAM_CLIENT_CA, "cn=upstreamClient", KEYSTORE_TYPE),
+            () -> new KeyStoreWrapper(UPSTREAM_SERVER_CA.getTrustStore(KEYSTORE_TYPE), null),
+            new TestKeyStoreManager(UPSTREAM_SERVER_CA, "cn=upstreamServer", KEYSTORE_TYPE),
+            () -> new KeyStoreWrapper(UPSTREAM_CLIENT_CA.getTrustStore(KEYSTORE_TYPE), null)
     );
 
     @Test
diff --git a/proxybase/src/test/java/com/dajudge/proxybase/RoundtripTest.java b/proxybase/src/test/java/com/dajudge/proxybase/RoundtripTest.java
@@ -38,25 +38,26 @@
 public class RoundtripTest extends BaseProxyTest {
 
     private static final SslConfiguration PLAINTEXT = new PlaintextSslConfiguration();
+    protected static final String KEYSTORE_TYPE = "jks";
     private static final SslConfiguration DOWNSTREAM_TLS = new OneWaySslConfiguration(
-            () -> new KeyStoreWrapper(DOWNSTREAM_SERVER_CA.getTrustStore("jks"), null),
-            new TestKeyStoreManager(DOWNSTREAM_SERVER_CA, "cn=downstreamServer")
+            () -> new KeyStoreWrapper(DOWNSTREAM_SERVER_CA.getTrustStore(KEYSTORE_TYPE), null),
+            new TestKeyStoreManager(DOWNSTREAM_SERVER_CA, "cn=downstreamServer", KEYSTORE_TYPE)
     );
     private static final SslConfiguration DOWNSTREAM_MTLS = new TestSslConfiguration.TwoWaySslConfiguration(
-            new TestKeyStoreManager(DOWNSTREAM_CLIENT_CA, "cn=downstreamClient"),
-            () -> new KeyStoreWrapper(DOWNSTREAM_SERVER_CA.getTrustStore("jks"), null),
-            new TestKeyStoreManager(DOWNSTREAM_SERVER_CA, "cn=downstreamServer"),
-            () -> new KeyStoreWrapper(DOWNSTREAM_CLIENT_CA.getTrustStore("jks"), null)
+            new TestKeyStoreManager(DOWNSTREAM_CLIENT_CA, "cn=downstreamClient", KEYSTORE_TYPE),
+            () -> new KeyStoreWrapper(DOWNSTREAM_SERVER_CA.getTrustStore(KEYSTORE_TYPE), null),
+            new TestKeyStoreManager(DOWNSTREAM_SERVER_CA, "cn=downstreamServer", KEYSTORE_TYPE),
+            () -> new KeyStoreWrapper(DOWNSTREAM_CLIENT_CA.getTrustStore(KEYSTORE_TYPE), null)
     );
     private static final SslConfiguration UPSTREAM_TLS = new OneWaySslConfiguration(
-            () -> new KeyStoreWrapper(UPSTREAM_SERVER_CA.getTrustStore("jks"), null),
-            new TestKeyStoreManager(UPSTREAM_SERVER_CA, "cn=upstreamServer")
+            () -> new KeyStoreWrapper(UPSTREAM_SERVER_CA.getTrustStore(KEYSTORE_TYPE), null),
+            new TestKeyStoreManager(UPSTREAM_SERVER_CA, "cn=upstreamServer", KEYSTORE_TYPE)
     );
     private static final SslConfiguration UPSTREAM_MTLS = new TestSslConfiguration.TwoWaySslConfiguration(
-            new TestKeyStoreManager(UPSTREAM_CLIENT_CA, "cn=upstreamClient"),
-            () -> new KeyStoreWrapper(UPSTREAM_SERVER_CA.getTrustStore("jks"), null),
-            new TestKeyStoreManager(UPSTREAM_SERVER_CA, "cn=upstreamServer"),
-            () -> new KeyStoreWrapper(UPSTREAM_CLIENT_CA.getTrustStore("jks"), null)
+            new TestKeyStoreManager(UPSTREAM_CLIENT_CA, "cn=upstreamClient", KEYSTORE_TYPE),
+            () -> new KeyStoreWrapper(UPSTREAM_SERVER_CA.getTrustStore(KEYSTORE_TYPE), null),
+            new TestKeyStoreManager(UPSTREAM_SERVER_CA, "cn=upstreamServer", KEYSTORE_TYPE),
+            () -> new KeyStoreWrapper(UPSTREAM_CLIENT_CA.getTrustStore(KEYSTORE_TYPE), null)
     );
 
     @Parameterized.Parameters
diff --git a/proxybase/src/test/java/com/dajudge/proxybase/util/TestKeyStoreManager.java b/proxybase/src/test/java/com/dajudge/proxybase/util/TestKeyStoreManager.java
@@ -23,19 +23,22 @@
 
 public class TestKeyStoreManager implements KeyStoreManager {
     private final TestCertificationAuthority ca;
+    private final String keyStoreType;
     private String dn;
 
     public TestKeyStoreManager(
             final TestCertificationAuthority ca,
-            final String dn
+            final String dn,
+            final String keyStoreType
     ) {
         this.ca = ca;
         this.dn = dn;
+        this.keyStoreType = keyStoreType;
     }
 
     @Override
     public KeyStoreWrapper getKeyStore() {
-        return ca.createNewKeyStore(dn);
+        return ca.createNewKeyStore(dn, keyStoreType);
     }
 
     public void replaceDn(final String dn) {
diff --git a/testca/src/main/java/com/dajudge/proxybase/ca/test/TestCertificationAuthority.java b/testca/src/main/java/com/dajudge/proxybase/ca/test/TestCertificationAuthority.java
@@ -32,16 +32,22 @@
 public class TestCertificationAuthority extends CertificateAuthority {
     private static final String KEY_ALIAS = UUID.randomUUID().toString();
     private final Supplier<Long> clock;
+    private String keystoreType;
 
-    public TestCertificationAuthority(final Supplier<Long> clock, final String dn) {
-        super(createCaKeyStore(dn, clock), KEY_ALIAS);
+    public TestCertificationAuthority(final Supplier<Long> clock, final String dn, final String keystoreType) {
+        super(createCaKeyStore(dn, clock, keystoreType), KEY_ALIAS);
         this.clock = clock;
+        this.keystoreType = keystoreType;
     }
 
-    private static KeyStoreManager createCaKeyStore(final String dn, final Supplier<Long> clock) {
+    private static KeyStoreManager createCaKeyStore(
+            final String dn,
+            final Supplier<Long> clock,
+            final String keystoreType
+    ) {
         final String keyPassword = UUID.randomUUID().toString();
         final KeyStoreWrapper wrapper = new KeyStoreWrapper(
-                Helpers.createJks(keyStore -> {
+                Helpers.createKeyStore(keyStore -> {
                     final KeyPair keyPair = Helpers.keyPair();
                     final X509Certificate cert = Helpers.selfSignedCert(
                             dn,
@@ -57,13 +63,13 @@ private static KeyStoreManager createCaKeyStore(final String dn, final Supplier<
                             keyPassword.toCharArray(),
                             new Certificate[]{cert}
                     );
-                }, "jks"),
+                }, keystoreType),
                 keyPassword.toCharArray()
         );
         return () -> wrapper;
     }
 
-    public KeyStoreWrapper createNewKeyStore(final String dn) {
+    public KeyStoreWrapper createNewKeyStore(final String dn, final String keyStoreType) {
         final String keyPassword = UUID.randomUUID().toString();
         return new KeyStoreWrapper(
                 createKeyStore(
@@ -72,7 +78,7 @@ public KeyStoreWrapper createNewKeyStore(final String dn) {
                         keyPassword.toCharArray(),
                         Helpers.now(clock),
                         Helpers.plus(Helpers.now(clock), Duration.ofDays(1)),
-                        "jks"
+                        keyStoreType
                 ),
                 keyPassword.toCharArray()
         );

Original file line number	Diff line number	Diff line change
`@@ -133,7 +133,7 @@ public static byte[] serialize(final KeyStore keyStore, final char[] password) {`
`133`	`133`	`});`
`134`	`134`	`}`
`135`	`135`
`136`		`- public static KeyStore createJks(`
	`136`	`+ public static KeyStore createKeyStore(`
`137`	`137`	`final ThrowingConsumer<KeyStore> withKeyStore,`
`138`	`138`	`final String type`
`139`	`139`	`) {`
Original file line number	Diff line number	Diff line change
`@@ -49,7 +49,7 @@ private PrivateKey caPrivateKey() {`
`49`	`49`	`}`
`50`	`50`
`51`	`51`	`public KeyStore getTrustStore(final String type) {`
`52`		`- return Helpers.createJks(keyStore -> {`
	`52`	`+ return Helpers.createKeyStore(keyStore -> {`
`53`	`53`	`keyStore.setCertificateEntry("ca", caCert());`
`54`	`54`	`}, type);`
`55`	`55`	`}`