diff --git a/xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java b/xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java index e75440225dc..1bea9754189 100644 --- a/xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java +++ b/xds/src/main/java/io/grpc/xds/FilterChainMatchingProtocolNegotiators.java @@ -20,7 +20,7 @@ import static io.grpc.xds.InternalXdsAttributes.ATTR_DRAIN_GRACE_NANOS; import static io.grpc.xds.InternalXdsAttributes.ATTR_FILTER_CHAIN_SELECTOR_MANAGER; import static io.grpc.xds.XdsServerWrapper.ATTR_SERVER_ROUTING_CONFIG; -import static io.grpc.xds.internal.sds.SdsProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER; +import static io.grpc.xds.internal.sds.SecurityProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER; import com.google.common.annotations.VisibleForTesting; import com.google.common.base.MoreObjects; diff --git a/xds/src/main/java/io/grpc/xds/XdsChannelCredentials.java b/xds/src/main/java/io/grpc/xds/XdsChannelCredentials.java index d07f10555c6..81d1b8ecfbf 100644 --- a/xds/src/main/java/io/grpc/xds/XdsChannelCredentials.java +++ b/xds/src/main/java/io/grpc/xds/XdsChannelCredentials.java @@ -22,7 +22,7 @@ import io.grpc.ExperimentalApi; import io.grpc.netty.InternalNettyChannelCredentials; import io.grpc.netty.InternalProtocolNegotiator; -import io.grpc.xds.internal.sds.SdsProtocolNegotiators; +import io.grpc.xds.internal.sds.SecurityProtocolNegotiators; @ExperimentalApi("https://github.com/grpc/grpc-java/issues/7514") public class XdsChannelCredentials { @@ -40,6 +40,6 @@ public static ChannelCredentials create(ChannelCredentials fallback) { InternalProtocolNegotiator.ClientFactory fallbackNegotiator = InternalNettyChannelCredentials.toNegotiator(checkNotNull(fallback, "fallback")); return InternalNettyChannelCredentials.create( - SdsProtocolNegotiators.clientProtocolNegotiatorFactory(fallbackNegotiator)); + SecurityProtocolNegotiators.clientProtocolNegotiatorFactory(fallbackNegotiator)); } } diff --git a/xds/src/main/java/io/grpc/xds/XdsServerCredentials.java b/xds/src/main/java/io/grpc/xds/XdsServerCredentials.java index e6e78f319c7..38015e17afc 100644 --- a/xds/src/main/java/io/grpc/xds/XdsServerCredentials.java +++ b/xds/src/main/java/io/grpc/xds/XdsServerCredentials.java @@ -22,7 +22,7 @@ import io.grpc.ServerCredentials; import io.grpc.netty.InternalNettyServerCredentials; import io.grpc.netty.InternalProtocolNegotiator; -import io.grpc.xds.internal.sds.SdsProtocolNegotiators; +import io.grpc.xds.internal.sds.SecurityProtocolNegotiators; @ExperimentalApi("https://github.com/grpc/grpc-java/issues/7514") public class XdsServerCredentials { @@ -40,6 +40,6 @@ public static ServerCredentials create(ServerCredentials fallback) { InternalProtocolNegotiator.ServerFactory fallbackNegotiator = InternalNettyServerCredentials.toNegotiator(checkNotNull(fallback, "fallback")); return InternalNettyServerCredentials.create( - SdsProtocolNegotiators.serverProtocolNegotiatorFactory(fallbackNegotiator)); + SecurityProtocolNegotiators.serverProtocolNegotiatorFactory(fallbackNegotiator)); } } diff --git a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderClientSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderClientSslContextProvider.java index ce9ef3de680..ddb530f67fb 100644 --- a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderClientSslContextProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderClientSslContextProvider.java @@ -26,7 +26,7 @@ import io.grpc.netty.GrpcSslContexts; import io.grpc.xds.Bootstrapper.CertificateProviderInfo; import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; -import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory; +import io.grpc.xds.internal.sds.trust.XdsTrustManagerFactory; import io.netty.handler.ssl.SslContextBuilder; import java.security.cert.CertStoreException; import java.security.cert.X509Certificate; @@ -62,7 +62,7 @@ protected final SslContextBuilder getSslContextBuilder( SslContextBuilder sslContextBuilder = GrpcSslContexts.forClient() .trustManager( - new SdsTrustManagerFactory( + new XdsTrustManagerFactory( savedTrustedRoots.toArray(new X509Certificate[0]), certificateValidationContextdationContext)); if (isMtls()) { diff --git a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderServerSslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderServerSslContextProvider.java index a7f0849d00b..34fe49e1daf 100644 --- a/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderServerSslContextProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/certprovider/CertProviderServerSslContextProvider.java @@ -26,7 +26,7 @@ import io.grpc.netty.GrpcSslContexts; import io.grpc.xds.Bootstrapper.CertificateProviderInfo; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; -import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory; +import io.grpc.xds.internal.sds.trust.XdsTrustManagerFactory; import io.netty.handler.ssl.SslContextBuilder; import java.io.IOException; @@ -66,7 +66,7 @@ protected final SslContextBuilder getSslContextBuilder( setClientAuthValues( sslContextBuilder, isMtls() - ? new SdsTrustManagerFactory( + ? new XdsTrustManagerFactory( savedTrustedRoots.toArray(new X509Certificate[0]), certificateValidationContextdationContext) : null); diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/SdsProtocolNegotiators.java b/xds/src/main/java/io/grpc/xds/internal/sds/SecurityProtocolNegotiators.java similarity index 98% rename from xds/src/main/java/io/grpc/xds/internal/sds/SdsProtocolNegotiators.java rename to xds/src/main/java/io/grpc/xds/internal/sds/SecurityProtocolNegotiators.java index a032737e647..cb3521aa585 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/SdsProtocolNegotiators.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/SecurityProtocolNegotiators.java @@ -48,13 +48,14 @@ * context. */ @VisibleForTesting -public final class SdsProtocolNegotiators { +public final class SecurityProtocolNegotiators { // Prevent instantiation. - private SdsProtocolNegotiators() { + private SecurityProtocolNegotiators() { } - private static final Logger logger = Logger.getLogger(SdsProtocolNegotiators.class.getName()); + private static final Logger logger + = Logger.getLogger(SecurityProtocolNegotiators.class.getName()); private static final AsciiString SCHEME = AsciiString.of("http"); diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProvider.java b/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProvider.java index 6b661715e48..f72793cd050 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProvider.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProvider.java @@ -24,7 +24,7 @@ import io.grpc.xds.EnvoyServerProtoData.BaseTlsContext; import io.grpc.xds.EnvoyServerProtoData.DownstreamTlsContext; import io.grpc.xds.EnvoyServerProtoData.UpstreamTlsContext; -import io.grpc.xds.internal.sds.trust.SdsTrustManagerFactory; +import io.grpc.xds.internal.sds.trust.XdsTrustManagerFactory; import io.netty.handler.ssl.ClientAuth; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; @@ -70,11 +70,11 @@ protected CommonTlsContext getCommonTlsContext() { } protected void setClientAuthValues( - SslContextBuilder sslContextBuilder, SdsTrustManagerFactory sdsTrustManagerFactory) + SslContextBuilder sslContextBuilder, XdsTrustManagerFactory xdsTrustManagerFactory) throws CertificateException, IOException, CertStoreException { DownstreamTlsContext downstreamTlsContext = getDownstreamTlsContext(); - if (sdsTrustManagerFactory != null) { - sslContextBuilder.trustManager(sdsTrustManagerFactory); + if (xdsTrustManagerFactory != null) { + sslContextBuilder.trustManager(xdsTrustManagerFactory); sslContextBuilder.clientAuth( downstreamTlsContext.isRequireClientCertificate() ? ClientAuth.REQUIRE diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProviderSupplier.java b/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProviderSupplier.java index 664b4881bc2..183c4d2a634 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProviderSupplier.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/SslContextProviderSupplier.java @@ -29,7 +29,7 @@ /** * Enables Client or server side to initialize this object with the received {@link BaseTlsContext} - * and communicate it to the consumer i.e. {@link SdsProtocolNegotiators} + * and communicate it to the consumer i.e. {@link SecurityProtocolNegotiators} * to lazily evaluate the {@link SslContextProvider}. The supplier prevents credentials leakage in * cases where the user is not using xDS credentials but the client/server contains a non-default * {@link BaseTlsContext}. diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/trust/SdsTrustManagerFactory.java b/xds/src/main/java/io/grpc/xds/internal/sds/trust/XdsTrustManagerFactory.java similarity index 90% rename from xds/src/main/java/io/grpc/xds/internal/sds/trust/SdsTrustManagerFactory.java rename to xds/src/main/java/io/grpc/xds/internal/sds/trust/XdsTrustManagerFactory.java index 479569f1596..2cdcd3a2d65 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/trust/SdsTrustManagerFactory.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/trust/XdsTrustManagerFactory.java @@ -43,15 +43,15 @@ /** * Factory class used by providers of {@link TlsContextManagerImpl} to provide a - * {@link SdsX509TrustManager} for trust and SAN checks. + * {@link XdsX509TrustManager} for trust and SAN checks. */ -public final class SdsTrustManagerFactory extends SimpleTrustManagerFactory { +public final class XdsTrustManagerFactory extends SimpleTrustManagerFactory { - private static final Logger logger = Logger.getLogger(SdsTrustManagerFactory.class.getName()); - private SdsX509TrustManager sdsX509TrustManager; + private static final Logger logger = Logger.getLogger(XdsTrustManagerFactory.class.getName()); + private XdsX509TrustManager xdsX509TrustManager; /** Constructor constructs from a {@link CertificateValidationContext}. */ - public SdsTrustManagerFactory(CertificateValidationContext certificateValidationContext) + public XdsTrustManagerFactory(CertificateValidationContext certificateValidationContext) throws CertificateException, IOException, CertStoreException { this( getTrustedCaFromCertContext(certificateValidationContext), @@ -59,13 +59,13 @@ public SdsTrustManagerFactory(CertificateValidationContext certificateValidation false); } - public SdsTrustManagerFactory( + public XdsTrustManagerFactory( X509Certificate[] certs, CertificateValidationContext staticCertificateValidationContext) throws CertStoreException { this(certs, staticCertificateValidationContext, true); } - private SdsTrustManagerFactory( + private XdsTrustManagerFactory( X509Certificate[] certs, CertificateValidationContext certificateValidationContext, boolean validationContextIsStatic) @@ -75,7 +75,7 @@ private SdsTrustManagerFactory( certificateValidationContext == null || !certificateValidationContext.hasTrustedCa(), "only static certificateValidationContext expected"); } - sdsX509TrustManager = createSdsX509TrustManager(certs, certificateValidationContext); + xdsX509TrustManager = createSdsX509TrustManager(certs, certificateValidationContext); } private static X509Certificate[] getTrustedCaFromCertContext( @@ -100,7 +100,7 @@ private static X509Certificate[] getTrustedCaFromCertContext( } @VisibleForTesting - static SdsX509TrustManager createSdsX509TrustManager( + static XdsX509TrustManager createSdsX509TrustManager( X509Certificate[] certs, CertificateValidationContext certContext) throws CertStoreException { TrustManagerFactory tmf = null; try { @@ -133,7 +133,7 @@ static SdsX509TrustManager createSdsX509TrustManager( if (myDelegate == null) { throw new CertStoreException("Native X509 TrustManager not found."); } - return new SdsX509TrustManager(certContext, myDelegate); + return new XdsX509TrustManager(certContext, myDelegate); } @Override @@ -148,6 +148,6 @@ protected void engineInit(ManagerFactoryParameters managerFactoryParameters) thr @Override protected TrustManager[] engineGetTrustManagers() { - return new TrustManager[] {sdsX509TrustManager}; + return new TrustManager[] {xdsX509TrustManager}; } } diff --git a/xds/src/main/java/io/grpc/xds/internal/sds/trust/SdsX509TrustManager.java b/xds/src/main/java/io/grpc/xds/internal/sds/trust/XdsX509TrustManager.java similarity index 98% rename from xds/src/main/java/io/grpc/xds/internal/sds/trust/SdsX509TrustManager.java rename to xds/src/main/java/io/grpc/xds/internal/sds/trust/XdsX509TrustManager.java index 3178d2b3e4b..c44c42321ef 100644 --- a/xds/src/main/java/io/grpc/xds/internal/sds/trust/SdsX509TrustManager.java +++ b/xds/src/main/java/io/grpc/xds/internal/sds/trust/XdsX509TrustManager.java @@ -41,7 +41,7 @@ * Extension of {@link X509ExtendedTrustManager} that implements verification of * SANs (subject-alternate-names) against the list in CertificateValidationContext. */ -final class SdsX509TrustManager extends X509ExtendedTrustManager implements X509TrustManager { +final class XdsX509TrustManager extends X509ExtendedTrustManager implements X509TrustManager { // ref: io.grpc.okhttp.internal.OkHostnameVerifier and // sun.security.x509.GeneralNameInterface @@ -52,8 +52,8 @@ final class SdsX509TrustManager extends X509ExtendedTrustManager implements X509 private final X509ExtendedTrustManager delegate; private final CertificateValidationContext certContext; - SdsX509TrustManager(@Nullable CertificateValidationContext certContext, - X509ExtendedTrustManager delegate) { + XdsX509TrustManager(@Nullable CertificateValidationContext certContext, + X509ExtendedTrustManager delegate) { checkNotNull(delegate, "delegate"); this.certContext = certContext; this.delegate = delegate; diff --git a/xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java index a4efb226ce9..47208d44651 100644 --- a/xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java +++ b/xds/src/test/java/io/grpc/xds/FilterChainMatchingProtocolNegotiatorsTest.java @@ -18,7 +18,7 @@ import static com.google.common.truth.Truth.assertThat; import static io.grpc.xds.XdsServerWrapper.ATTR_SERVER_ROUTING_CONFIG; -import static io.grpc.xds.internal.sds.SdsProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER; +import static io.grpc.xds.internal.sds.SecurityProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER; import static org.junit.Assert.fail; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; diff --git a/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java b/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java index 442bfef653c..932bc0c2d82 100644 --- a/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java +++ b/xds/src/test/java/io/grpc/xds/XdsClientWrapperForServerSdsTestMisc.java @@ -18,7 +18,7 @@ import static com.google.common.truth.Truth.assertThat; import static io.grpc.xds.FilterChainMatchingProtocolNegotiators.FilterChainMatchingHandler.FilterChainSelector.NO_FILTER_CHAIN; -import static io.grpc.xds.internal.sds.SdsProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER; +import static io.grpc.xds.internal.sds.SecurityProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER; import static org.junit.Assert.fail; import static org.mockito.ArgumentMatchers.eq; import static org.mockito.Mockito.any; diff --git a/xds/src/test/java/io/grpc/xds/internal/sds/SdsProtocolNegotiatorsTest.java b/xds/src/test/java/io/grpc/xds/internal/sds/SecurityProtocolNegotiatorsTest.java similarity index 92% rename from xds/src/test/java/io/grpc/xds/internal/sds/SdsProtocolNegotiatorsTest.java rename to xds/src/test/java/io/grpc/xds/internal/sds/SecurityProtocolNegotiatorsTest.java index 502d2185a82..9bab877b665 100644 --- a/xds/src/test/java/io/grpc/xds/internal/sds/SdsProtocolNegotiatorsTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/sds/SecurityProtocolNegotiatorsTest.java @@ -22,7 +22,7 @@ import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.CLIENT_PEM_FILE; import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.SERVER_1_KEY_FILE; import static io.grpc.xds.internal.sds.CommonTlsContextTestsUtil.SERVER_1_PEM_FILE; -import static io.grpc.xds.internal.sds.SdsProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER; +import static io.grpc.xds.internal.sds.SecurityProtocolNegotiators.ATTR_SERVER_SSL_CONTEXT_PROVIDER_SUPPLIER; import static org.junit.Assert.assertNotNull; import static org.junit.Assert.assertTrue; import static org.junit.Assert.fail; @@ -52,8 +52,8 @@ import io.grpc.xds.InternalXdsAttributes; import io.grpc.xds.TlsContextManager; import io.grpc.xds.internal.certprovider.CommonCertProviderTestUtils; -import io.grpc.xds.internal.sds.SdsProtocolNegotiators.ClientSdsHandler; -import io.grpc.xds.internal.sds.SdsProtocolNegotiators.ClientSdsProtocolNegotiator; +import io.grpc.xds.internal.sds.SecurityProtocolNegotiators.ClientSdsHandler; +import io.grpc.xds.internal.sds.SecurityProtocolNegotiators.ClientSdsProtocolNegotiator; import io.netty.channel.ChannelHandler; import io.netty.channel.ChannelHandlerContext; import io.netty.channel.ChannelPipeline; @@ -83,9 +83,9 @@ import org.junit.runner.RunWith; import org.junit.runners.JUnit4; -/** Unit tests for {@link SdsProtocolNegotiators}. */ +/** Unit tests for {@link SecurityProtocolNegotiators}. */ @RunWith(JUnit4.class) -public class SdsProtocolNegotiatorsTest { +public class SecurityProtocolNegotiatorsTest { private final GrpcHttp2ConnectionHandler grpcHandler = FakeGrpcHttp2ConnectionHandler.newHandler(); @@ -156,8 +156,8 @@ public void clientSdsHandler_addLast() SslContextProviderSupplier sslContextProviderSupplier = new SslContextProviderSupplier(upstreamTlsContext, new TlsContextManagerImpl(bootstrapInfoForClient)); - SdsProtocolNegotiators.ClientSdsHandler clientSdsHandler = - new SdsProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier); + SecurityProtocolNegotiators.ClientSdsHandler clientSdsHandler = + new SecurityProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier); pipeline.addLast(clientSdsHandler); channelHandlerCtx = pipeline.context(clientSdsHandler); assertNotNull(channelHandlerCtx); // clientSdsHandler ctx is non-null since we just added it @@ -221,8 +221,8 @@ public SocketAddress remoteAddress() { "google_cloud_private_spiffe-server", true, true); TlsContextManagerImpl tlsContextManager = new TlsContextManagerImpl(bootstrapInfoForServer); - SdsProtocolNegotiators.HandlerPickerHandler handlerPickerHandler = - new SdsProtocolNegotiators.HandlerPickerHandler(grpcHandler, + SecurityProtocolNegotiators.HandlerPickerHandler handlerPickerHandler = + new SecurityProtocolNegotiators.HandlerPickerHandler(grpcHandler, InternalProtocolNegotiators.serverPlaintext()); pipeline.addLast(handlerPickerHandler); channelHandlerCtx = pipeline.context(handlerPickerHandler); @@ -236,7 +236,7 @@ public SocketAddress remoteAddress() { pipeline.fireUserEventTriggered(InternalProtocolNegotiationEvent.withAttributes(event, attr)); channelHandlerCtx = pipeline.context(handlerPickerHandler); assertThat(channelHandlerCtx).isNull(); - channelHandlerCtx = pipeline.context(SdsProtocolNegotiators.ServerSdsHandler.class); + channelHandlerCtx = pipeline.context(SecurityProtocolNegotiators.ServerSdsHandler.class); assertThat(channelHandlerCtx).isNotNull(); SslContextProviderSupplier sslContextProviderSupplier = @@ -259,7 +259,7 @@ protected void onException(Throwable throwable) { Object fromFuture = future.get(2, TimeUnit.SECONDS); assertThat(fromFuture).isInstanceOf(SslContext.class); channel.runPendingTasks(); - channelHandlerCtx = pipeline.context(SdsProtocolNegotiators.ServerSdsHandler.class); + channelHandlerCtx = pipeline.context(SecurityProtocolNegotiators.ServerSdsHandler.class); assertThat(channelHandlerCtx).isNull(); // pipeline should only have SslHandler and ServerTlsHandler @@ -287,8 +287,8 @@ public SocketAddress localAddress() { }; pipeline = channel.pipeline(); - SdsProtocolNegotiators.HandlerPickerHandler handlerPickerHandler = - new SdsProtocolNegotiators.HandlerPickerHandler( + SecurityProtocolNegotiators.HandlerPickerHandler handlerPickerHandler = + new SecurityProtocolNegotiators.HandlerPickerHandler( grpcHandler, mockProtocolNegotiator); pipeline.addLast(handlerPickerHandler); channelHandlerCtx = pipeline.context(handlerPickerHandler); @@ -313,8 +313,8 @@ public void serverSdsHandler_nullTlsContext_expectFallbackProtocolNegotiator() { ChannelHandler mockChannelHandler = mock(ChannelHandler.class); ProtocolNegotiator mockProtocolNegotiator = mock(ProtocolNegotiator.class); when(mockProtocolNegotiator.newHandler(grpcHandler)).thenReturn(mockChannelHandler); - SdsProtocolNegotiators.HandlerPickerHandler handlerPickerHandler = - new SdsProtocolNegotiators.HandlerPickerHandler( + SecurityProtocolNegotiators.HandlerPickerHandler handlerPickerHandler = + new SecurityProtocolNegotiators.HandlerPickerHandler( grpcHandler, mockProtocolNegotiator); pipeline.addLast(handlerPickerHandler); channelHandlerCtx = pipeline.context(handlerPickerHandler); @@ -333,8 +333,8 @@ public void serverSdsHandler_nullTlsContext_expectFallbackProtocolNegotiator() { @Test public void nullTlsContext_nullFallbackProtocolNegotiator_expectException() { - SdsProtocolNegotiators.HandlerPickerHandler handlerPickerHandler = - new SdsProtocolNegotiators.HandlerPickerHandler( + SecurityProtocolNegotiators.HandlerPickerHandler handlerPickerHandler = + new SecurityProtocolNegotiators.HandlerPickerHandler( grpcHandler, null); pipeline.addLast(handlerPickerHandler); channelHandlerCtx = pipeline.context(handlerPickerHandler); @@ -368,8 +368,8 @@ public void clientSdsProtocolNegotiatorNewHandler_fireProtocolNegotiationEvent() SslContextProviderSupplier sslContextProviderSupplier = new SslContextProviderSupplier(upstreamTlsContext, new TlsContextManagerImpl(bootstrapInfoForClient)); - SdsProtocolNegotiators.ClientSdsHandler clientSdsHandler = - new SdsProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier); + SecurityProtocolNegotiators.ClientSdsHandler clientSdsHandler = + new SecurityProtocolNegotiators.ClientSdsHandler(grpcHandler, sslContextProviderSupplier); pipeline.addLast(clientSdsHandler); channelHandlerCtx = pipeline.context(clientSdsHandler); diff --git a/xds/src/test/java/io/grpc/xds/internal/sds/trust/SdsTrustManagerFactoryTest.java b/xds/src/test/java/io/grpc/xds/internal/sds/trust/XdsTrustManagerFactoryTest.java similarity index 78% rename from xds/src/test/java/io/grpc/xds/internal/sds/trust/SdsTrustManagerFactoryTest.java rename to xds/src/test/java/io/grpc/xds/internal/sds/trust/XdsTrustManagerFactoryTest.java index f693261f929..ac2db38d190 100644 --- a/xds/src/test/java/io/grpc/xds/internal/sds/trust/SdsTrustManagerFactoryTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/sds/trust/XdsTrustManagerFactoryTest.java @@ -38,22 +38,22 @@ import org.junit.runner.RunWith; import org.junit.runners.JUnit4; -/** Unit tests for {@link SdsTrustManagerFactory}. */ +/** Unit tests for {@link XdsTrustManagerFactory}. */ @RunWith(JUnit4.class) -public class SdsTrustManagerFactoryTest { +public class XdsTrustManagerFactoryTest { @Test public void constructor_fromFile() throws CertificateException, IOException, CertStoreException { - SdsTrustManagerFactory factory = - new SdsTrustManagerFactory(getCertContextFromPath(CA_PEM_FILE)); + XdsTrustManagerFactory factory = + new XdsTrustManagerFactory(getCertContextFromPath(CA_PEM_FILE)); assertThat(factory).isNotNull(); TrustManager[] tms = factory.getTrustManagers(); assertThat(tms).isNotNull(); assertThat(tms).hasLength(1); TrustManager myTm = tms[0]; - assertThat(myTm).isInstanceOf(SdsX509TrustManager.class); - SdsX509TrustManager sdsX509TrustManager = (SdsX509TrustManager) myTm; - X509Certificate[] acceptedIssuers = sdsX509TrustManager.getAcceptedIssuers(); + assertThat(myTm).isInstanceOf(XdsX509TrustManager.class); + XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) myTm; + X509Certificate[] acceptedIssuers = xdsX509TrustManager.getAcceptedIssuers(); assertThat(acceptedIssuers).isNotNull(); assertThat(acceptedIssuers).hasLength(1); X509Certificate caCert = acceptedIssuers[0]; @@ -64,16 +64,16 @@ public void constructor_fromFile() throws CertificateException, IOException, Cer @Test public void constructor_fromInlineBytes() throws CertificateException, IOException, CertStoreException { - SdsTrustManagerFactory factory = - new SdsTrustManagerFactory(getCertContextFromPathAsInlineBytes(CA_PEM_FILE)); + XdsTrustManagerFactory factory = + new XdsTrustManagerFactory(getCertContextFromPathAsInlineBytes(CA_PEM_FILE)); assertThat(factory).isNotNull(); TrustManager[] tms = factory.getTrustManagers(); assertThat(tms).isNotNull(); assertThat(tms).hasLength(1); TrustManager myTm = tms[0]; - assertThat(myTm).isInstanceOf(SdsX509TrustManager.class); - SdsX509TrustManager sdsX509TrustManager = (SdsX509TrustManager) myTm; - X509Certificate[] acceptedIssuers = sdsX509TrustManager.getAcceptedIssuers(); + assertThat(myTm).isInstanceOf(XdsX509TrustManager.class); + XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) myTm; + X509Certificate[] acceptedIssuers = xdsX509TrustManager.getAcceptedIssuers(); assertThat(acceptedIssuers).isNotNull(); assertThat(acceptedIssuers).hasLength(1); X509Certificate caCert = acceptedIssuers[0]; @@ -87,16 +87,16 @@ public void constructor_fromRootCert() X509Certificate x509Cert = TestUtils.loadX509Cert(CA_PEM_FILE); CertificateValidationContext staticValidationContext = buildStaticValidationContext("san1", "san2"); - SdsTrustManagerFactory factory = - new SdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext); + XdsTrustManagerFactory factory = + new XdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext); assertThat(factory).isNotNull(); TrustManager[] tms = factory.getTrustManagers(); assertThat(tms).isNotNull(); assertThat(tms).hasLength(1); TrustManager myTm = tms[0]; - assertThat(myTm).isInstanceOf(SdsX509TrustManager.class); - SdsX509TrustManager sdsX509TrustManager = (SdsX509TrustManager) myTm; - X509Certificate[] acceptedIssuers = sdsX509TrustManager.getAcceptedIssuers(); + assertThat(myTm).isInstanceOf(XdsX509TrustManager.class); + XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) myTm; + X509Certificate[] acceptedIssuers = xdsX509TrustManager.getAcceptedIssuers(); assertThat(acceptedIssuers).isNotNull(); assertThat(acceptedIssuers).hasLength(1); X509Certificate caCert = acceptedIssuers[0]; @@ -110,12 +110,12 @@ public void constructorRootCert_checkServerTrusted() X509Certificate x509Cert = TestUtils.loadX509Cert(CA_PEM_FILE); CertificateValidationContext staticValidationContext = buildStaticValidationContext("san1", "waterzooi.test.google.be"); - SdsTrustManagerFactory factory = - new SdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext); - SdsX509TrustManager sdsX509TrustManager = (SdsX509TrustManager) factory.getTrustManagers()[0]; + XdsTrustManagerFactory factory = + new XdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext); + XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) factory.getTrustManagers()[0]; X509Certificate[] serverChain = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); - sdsX509TrustManager.checkServerTrusted(serverChain, "RSA"); + xdsX509TrustManager.checkServerTrusted(serverChain, "RSA"); } @Test @@ -123,7 +123,7 @@ public void constructorRootCert_nonStaticContext_throwsException() throws CertificateException, IOException, CertStoreException { X509Certificate x509Cert = TestUtils.loadX509Cert(CA_PEM_FILE); try { - new SdsTrustManagerFactory( + new XdsTrustManagerFactory( new X509Certificate[] {x509Cert}, getCertContextFromPath(CA_PEM_FILE)); Assert.fail("no exception thrown"); } catch (IllegalArgumentException expected) { @@ -139,13 +139,13 @@ public void constructorRootCert_checkServerTrusted_throwsException() X509Certificate x509Cert = TestUtils.loadX509Cert(CA_PEM_FILE); CertificateValidationContext staticValidationContext = buildStaticValidationContext("san1", "san2"); - SdsTrustManagerFactory factory = - new SdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext); - SdsX509TrustManager sdsX509TrustManager = (SdsX509TrustManager) factory.getTrustManagers()[0]; + XdsTrustManagerFactory factory = + new XdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext); + XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) factory.getTrustManagers()[0]; X509Certificate[] serverChain = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); try { - sdsX509TrustManager.checkServerTrusted(serverChain, "RSA"); + xdsX509TrustManager.checkServerTrusted(serverChain, "RSA"); Assert.fail("no exception thrown"); } catch (CertificateException expected) { assertThat(expected) @@ -160,13 +160,13 @@ public void constructorRootCert_checkClientTrusted_throwsException() X509Certificate x509Cert = TestUtils.loadX509Cert(CA_PEM_FILE); CertificateValidationContext staticValidationContext = buildStaticValidationContext("san1", "san2"); - SdsTrustManagerFactory factory = - new SdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext); - SdsX509TrustManager sdsX509TrustManager = (SdsX509TrustManager) factory.getTrustManagers()[0]; + XdsTrustManagerFactory factory = + new XdsTrustManagerFactory(new X509Certificate[]{x509Cert}, staticValidationContext); + XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) factory.getTrustManagers()[0]; X509Certificate[] clientChain = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); try { - sdsX509TrustManager.checkClientTrusted(clientChain, "RSA"); + xdsX509TrustManager.checkClientTrusted(clientChain, "RSA"); Assert.fail("no exception thrown"); } catch (CertificateException expected) { assertThat(expected) @@ -178,35 +178,35 @@ public void constructorRootCert_checkClientTrusted_throwsException() @Test public void checkServerTrusted_goodCert() throws CertificateException, IOException, CertStoreException { - SdsTrustManagerFactory factory = - new SdsTrustManagerFactory(getCertContextFromPath(CA_PEM_FILE)); - SdsX509TrustManager sdsX509TrustManager = (SdsX509TrustManager) factory.getTrustManagers()[0]; + XdsTrustManagerFactory factory = + new XdsTrustManagerFactory(getCertContextFromPath(CA_PEM_FILE)); + XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) factory.getTrustManagers()[0]; X509Certificate[] serverChain = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); - sdsX509TrustManager.checkServerTrusted(serverChain, "RSA"); + xdsX509TrustManager.checkServerTrusted(serverChain, "RSA"); } @Test public void checkClientTrusted_goodCert() throws CertificateException, IOException, CertStoreException { - SdsTrustManagerFactory factory = - new SdsTrustManagerFactory(getCertContextFromPath(CA_PEM_FILE)); - SdsX509TrustManager sdsX509TrustManager = (SdsX509TrustManager) factory.getTrustManagers()[0]; + XdsTrustManagerFactory factory = + new XdsTrustManagerFactory(getCertContextFromPath(CA_PEM_FILE)); + XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) factory.getTrustManagers()[0]; X509Certificate[] clientChain = CertificateUtils.toX509Certificates(TestUtils.loadCert(CLIENT_PEM_FILE)); - sdsX509TrustManager.checkClientTrusted(clientChain, "RSA"); + xdsX509TrustManager.checkClientTrusted(clientChain, "RSA"); } @Test public void checkServerTrusted_badCert_throwsException() throws CertificateException, IOException, CertStoreException { - SdsTrustManagerFactory factory = - new SdsTrustManagerFactory(getCertContextFromPath(CA_PEM_FILE)); - SdsX509TrustManager sdsX509TrustManager = (SdsX509TrustManager) factory.getTrustManagers()[0]; + XdsTrustManagerFactory factory = + new XdsTrustManagerFactory(getCertContextFromPath(CA_PEM_FILE)); + XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) factory.getTrustManagers()[0]; X509Certificate[] serverChain = CertificateUtils.toX509Certificates(TestUtils.loadCert(BAD_SERVER_PEM_FILE)); try { - sdsX509TrustManager.checkServerTrusted(serverChain, "RSA"); + xdsX509TrustManager.checkServerTrusted(serverChain, "RSA"); Assert.fail("no exception thrown"); } catch (CertificateException expected) { assertThat(expected) @@ -218,13 +218,13 @@ public void checkServerTrusted_badCert_throwsException() @Test public void checkClientTrusted_badCert_throwsException() throws CertificateException, IOException, CertStoreException { - SdsTrustManagerFactory factory = - new SdsTrustManagerFactory(getCertContextFromPath(CA_PEM_FILE)); - SdsX509TrustManager sdsX509TrustManager = (SdsX509TrustManager) factory.getTrustManagers()[0]; + XdsTrustManagerFactory factory = + new XdsTrustManagerFactory(getCertContextFromPath(CA_PEM_FILE)); + XdsX509TrustManager xdsX509TrustManager = (XdsX509TrustManager) factory.getTrustManagers()[0]; X509Certificate[] clientChain = CertificateUtils.toX509Certificates(TestUtils.loadCert(BAD_CLIENT_PEM_FILE)); try { - sdsX509TrustManager.checkClientTrusted(clientChain, "RSA"); + xdsX509TrustManager.checkClientTrusted(clientChain, "RSA"); Assert.fail("no exception thrown"); } catch (CertificateException expected) { assertThat(expected) diff --git a/xds/src/test/java/io/grpc/xds/internal/sds/trust/SdsX509TrustManagerTest.java b/xds/src/test/java/io/grpc/xds/internal/sds/trust/XdsX509TrustManagerTest.java similarity index 92% rename from xds/src/test/java/io/grpc/xds/internal/sds/trust/SdsX509TrustManagerTest.java rename to xds/src/test/java/io/grpc/xds/internal/sds/trust/XdsX509TrustManagerTest.java index 7ceae30b1e8..fe68adc2ac8 100644 --- a/xds/src/test/java/io/grpc/xds/internal/sds/trust/SdsX509TrustManagerTest.java +++ b/xds/src/test/java/io/grpc/xds/internal/sds/trust/XdsX509TrustManagerTest.java @@ -54,10 +54,10 @@ import org.mockito.junit.MockitoRule; /** - * Unit tests for {@link SdsX509TrustManager}. + * Unit tests for {@link XdsX509TrustManager}. */ @RunWith(JUnit4.class) -public class SdsX509TrustManagerTest { +public class XdsX509TrustManagerTest { @Rule public final MockitoRule mockitoRule = MockitoJUnit.rule(); @@ -68,11 +68,11 @@ public class SdsX509TrustManagerTest { @Mock private SSLSession mockSession; - private SdsX509TrustManager trustManager; + private XdsX509TrustManager trustManager; @Test public void nullCertContextTest() throws CertificateException, IOException { - trustManager = new SdsX509TrustManager(null, mockDelegate); + trustManager = new XdsX509TrustManager(null, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -81,7 +81,7 @@ public void nullCertContextTest() throws CertificateException, IOException { @Test public void emptySanListContextTest() throws CertificateException, IOException { CertificateValidationContext certContext = CertificateValidationContext.getDefaultInstance(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -93,7 +93,7 @@ public void missingPeerCerts() { @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); try { trustManager.verifySubjectAltNameInChain(null); fail("no exception thrown"); @@ -108,7 +108,7 @@ public void emptyArrayPeerCerts() { @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); try { trustManager.verifySubjectAltNameInChain(new X509Certificate[0]); fail("no exception thrown"); @@ -123,7 +123,7 @@ public void noSansInPeerCerts() throws CertificateException, IOException { @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(CLIENT_PEM_FILE)); try { @@ -144,7 +144,7 @@ public void oneSanInPeerCertsVerifies() throws CertificateException, IOException @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -161,7 +161,7 @@ public void oneSanInPeerCertsVerifies_differentCase_expectException() @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); try { @@ -179,7 +179,7 @@ public void oneSanInPeerCertsVerifies_ignoreCase() throws CertificateException, @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -195,7 +195,7 @@ public void oneSanInPeerCerts_prefix() throws CertificateException, IOException @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -209,7 +209,7 @@ public void oneSanInPeerCertsPrefix_differentCase_expectException() @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); try { @@ -230,7 +230,7 @@ public void oneSanInPeerCerts_prefixIgnoreCase() throws CertificateException, IO @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -243,7 +243,7 @@ public void oneSanInPeerCerts_suffix() throws CertificateException, IOException @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -257,7 +257,7 @@ public void oneSanInPeerCertsSuffix_differentCase_expectException() @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); try { @@ -275,7 +275,7 @@ public void oneSanInPeerCerts_suffixIgnoreCase() throws CertificateException, IO @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -288,7 +288,7 @@ public void oneSanInPeerCerts_substring() throws CertificateException, IOExcepti @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -302,7 +302,7 @@ public void oneSanInPeerCertsSubstring_differentCase_expectException() @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); try { @@ -320,7 +320,7 @@ public void oneSanInPeerCerts_substringIgnoreCase() throws CertificateException, @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -336,7 +336,7 @@ public void oneSanInPeerCerts_safeRegex() throws CertificateException, IOExcepti @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -352,7 +352,7 @@ public void oneSanInPeerCerts_safeRegex1() throws CertificateException, IOExcept @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -368,7 +368,7 @@ public void oneSanInPeerCerts_safeRegex_ipAddress() throws CertificateException, @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -384,7 +384,7 @@ public void oneSanInPeerCerts_safeRegex_noMatch() throws CertificateException, I @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); try { @@ -407,7 +407,7 @@ public void oneSanInPeerCertsVerifiesMultipleVerifySans() .addMatchSubjectAltNames(stringMatcher) .addMatchSubjectAltNames(stringMatcher1) .build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -420,7 +420,7 @@ public void oneSanInPeerCertsNotFoundException() @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); try { @@ -443,7 +443,7 @@ public void wildcardSanInPeerCertsVerifiesMultipleVerifySans() .addMatchSubjectAltNames(stringMatcher) .addMatchSubjectAltNames(stringMatcher1) // should match suffix test.youTube.Com .build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -461,7 +461,7 @@ public void wildcardSanInPeerCertsVerifiesMultipleVerifySans1() .addMatchSubjectAltNames(stringMatcher) .addMatchSubjectAltNames(stringMatcher1) // should contain est.Google.f .build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -478,7 +478,7 @@ public void wildcardSanInPeerCertsSubdomainMismatch() @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); try { @@ -499,7 +499,7 @@ public void oneIpAddressInPeerCertsVerifies() throws CertificateException, IOExc .addMatchSubjectAltNames(stringMatcher) .addMatchSubjectAltNames(stringMatcher1) .build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); trustManager.verifySubjectAltNameInChain(certs); @@ -515,7 +515,7 @@ public void oneIpAddressInPeerCertsMismatch() throws CertificateException, IOExc .addMatchSubjectAltNames(stringMatcher) .addMatchSubjectAltNames(stringMatcher1) .build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate[] certs = CertificateUtils.toX509Certificates(TestUtils.loadCert(SERVER_1_PEM_FILE)); try { @@ -590,7 +590,7 @@ public void unsupportedAltNameType() throws CertificateException, IOException { @SuppressWarnings("deprecation") CertificateValidationContext certContext = CertificateValidationContext.newBuilder().addMatchSubjectAltNames(stringMatcher).build(); - trustManager = new SdsX509TrustManager(certContext, mockDelegate); + trustManager = new XdsX509TrustManager(certContext, mockDelegate); X509Certificate mockCert = mock(X509Certificate.class); when(mockCert.getSubjectAlternativeNames()) @@ -629,7 +629,7 @@ private SSLParameters buildTrustManagerAndGetSslParameters() throws CertificateException, IOException, CertStoreException { X509Certificate[] caCerts = CertificateUtils.toX509Certificates(TestUtils.loadCert(CA_PEM_FILE)); - trustManager = SdsTrustManagerFactory.createSdsX509TrustManager(caCerts, + trustManager = XdsTrustManagerFactory.createSdsX509TrustManager(caCerts, null); when(mockSession.getProtocol()).thenReturn("TLSv1.2"); when(mockSession.getPeerHost()).thenReturn("peer-host-from-mock");