diff --git a/node/src/test/kotlin/net/corda/node/utilities/TLSAuthenticationTests.kt b/node/src/test/kotlin/net/corda/node/utilities/TLSAuthenticationTests.kt index a493f4d885..98ff559fe8 100644 --- a/node/src/test/kotlin/net/corda/node/utilities/TLSAuthenticationTests.kt +++ b/node/src/test/kotlin/net/corda/node/utilities/TLSAuthenticationTests.kt @@ -78,8 +78,7 @@ class TLSAuthenticationTests { client2TLSScheme = Crypto.ECDSA_SECP256R1_SHA256 ) - val (serverSocket, clientSocket) = - buildTLSSockets(serverSocketFactory, clientSocketFactory, 0, 0) + val (serverSocket, clientSocket) = buildTLSSockets(serverSocketFactory, clientSocketFactory, 0, 0) testConnect(serverSocket, clientSocket, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256") } @@ -95,12 +94,27 @@ class TLSAuthenticationTests { client2TLSScheme = Crypto.RSA_SHA256 ) - val (serverSocket, clientSocket) = - buildTLSSockets(serverSocketFactory, clientSocketFactory, 0, 0) + val (serverSocket, clientSocket) = buildTLSSockets(serverSocketFactory, clientSocketFactory, 0, 0) testConnect(serverSocket, clientSocket, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256") } + @Test + fun `All EC K1`() { + val (serverSocketFactory, clientSocketFactory) = buildTLSFactories( + rootCAScheme = Crypto.ECDSA_SECP256K1_SHA256, + intermediateCAScheme = Crypto.ECDSA_SECP256K1_SHA256, + client1CAScheme = Crypto.ECDSA_SECP256K1_SHA256, + client1TLSScheme = Crypto.ECDSA_SECP256K1_SHA256, + client2CAScheme = Crypto.ECDSA_SECP256K1_SHA256, + client2TLSScheme = Crypto.ECDSA_SECP256K1_SHA256 + ) + + val (serverSocket, clientSocket) = buildTLSSockets(serverSocketFactory, clientSocketFactory, 0, 0) + + testConnect(serverSocket, clientSocket, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256") + } + // Server's public key type is the one selected if users use different key types (e.g RSA and EC R1). @Test fun `Server RSA - Client EC R1 - CAs all EC R1`() { @@ -113,8 +127,7 @@ class TLSAuthenticationTests { client2TLSScheme = Crypto.ECDSA_SECP256R1_SHA256 ) - val (serverSocket, clientSocket) = - buildTLSSockets(serverSocketFactory, clientSocketFactory, 0, 0) + val (serverSocket, clientSocket) = buildTLSSockets(serverSocketFactory, clientSocketFactory, 0, 0) testConnect(serverSocket, clientSocket, "TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256") // Server's key type is selected. } @@ -148,6 +161,22 @@ class TLSAuthenticationTests { testConnect(serverSocket, clientSocket, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256") } + @Test + fun `Server EC K1 - Client EC R1 - CAs all RSA`() { + val (serverSocketFactory, clientSocketFactory) = buildTLSFactories( + rootCAScheme = Crypto.RSA_SHA256, + intermediateCAScheme = Crypto.RSA_SHA256, + client1CAScheme = Crypto.RSA_SHA256, + client1TLSScheme = Crypto.ECDSA_SECP256K1_SHA256, + client2CAScheme = Crypto.RSA_SHA256, + client2TLSScheme = Crypto.ECDSA_SECP256R1_SHA256 + ) + + val (serverSocket, clientSocket) = buildTLSSockets(serverSocketFactory, clientSocketFactory, 0, 0) + testConnect(serverSocket, clientSocket, "TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256") + } + + @Test fun `Server EC R1 - Client RSA - Mixed CAs`() { val (serverSocketFactory, clientSocketFactory) = buildTLSFactories( @@ -155,7 +184,7 @@ class TLSAuthenticationTests { intermediateCAScheme = Crypto.RSA_SHA256, client1CAScheme = Crypto.RSA_SHA256, client1TLSScheme = Crypto.ECDSA_SECP256R1_SHA256, - client2CAScheme = Crypto.ECDSA_SECP256R1_SHA256, + client2CAScheme = Crypto.ECDSA_SECP256K1_SHA256, client2TLSScheme = Crypto.RSA_SHA256 )