diff options
author | Martin Polden <mpolden@mpolden.no> | 2018-03-13 14:07:25 +0100 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2018-03-13 14:07:25 +0100 |
commit | 64e755ffa4abd322a68b966d78fbae8390521643 (patch) | |
tree | 705822f5d77285a52d17a23bee9538e61bdd57aa | |
parent | 0f69157c9f65f0ee22787effc2532d692354bc29 (diff) |
Use getClientCertificateChain
2 files changed, 3 insertions, 15 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java index bd0512ee306..64af3d5c0ca 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java @@ -8,7 +8,6 @@ import com.yahoo.jdisc.handler.ResponseDispatch; import com.yahoo.jdisc.handler.ResponseHandler; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.jdisc.http.filter.SecurityRequestFilter; -import com.yahoo.jdisc.http.servlet.ServletRequest; import com.yahoo.vespa.hosted.provision.NodeRepository; import com.yahoo.vespa.hosted.provision.restapi.v2.Authorizer; import com.yahoo.vespa.hosted.provision.restapi.v2.ErrorResponse; @@ -55,7 +54,7 @@ public class AuthorizationFilter implements SecurityRequestFilter { @Override public void filter(DiscFilterRequest request, ResponseHandler handler) { - Optional<X509Certificate> cert = certificateFrom(request); + Optional<X509Certificate> cert = request.getClientCertificateChain().stream().findFirst(); if (cert.isPresent()) { if (!authorizer.test(() -> commonName(cert.get()), request.getUri())) { responseWriter.accept(ErrorResponse.forbidden( @@ -101,14 +100,4 @@ public class AuthorizationFilter implements SecurityRequestFilter { } } - /** Get client certificate from request */ - private static Optional<X509Certificate> certificateFrom(DiscFilterRequest request) { - Object x509cert = request.getAttribute(ServletRequest.JDISC_REQUEST_X509CERT); - return Optional.ofNullable(x509cert) - .filter(X509Certificate[].class::isInstance) - .map(X509Certificate[].class::cast) - .filter(certs -> certs.length > 0) - .map(certs -> certs[0]); - } - } diff --git a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/FilterTester.java b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/FilterTester.java index ceb34cdfea8..3916be9d826 100644 --- a/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/FilterTester.java +++ b/node-repository/src/test/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/FilterTester.java @@ -5,7 +5,6 @@ import com.yahoo.application.container.handler.Request.Method; import com.yahoo.container.jdisc.RequestHandlerTestDriver; import com.yahoo.jdisc.http.filter.DiscFilterRequest; import com.yahoo.jdisc.http.filter.SecurityRequestFilter; -import com.yahoo.jdisc.http.servlet.ServletRequest; import org.bouncycastle.asn1.x500.X500Name; import org.bouncycastle.asn1.x509.BasicConstraints; import org.bouncycastle.asn1.x509.Extension; @@ -27,6 +26,7 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.time.Duration; import java.time.Instant; +import java.util.Collections; import java.util.Date; import java.util.Optional; @@ -72,8 +72,7 @@ public class FilterTester { when(r.getRemoteAddr()).thenReturn(request.remoteAddr()); if (request.commonName().isPresent()) { X509Certificate cert = certificateFor(request.commonName().get(), keyPair()); - when(r.getAttribute(ServletRequest.JDISC_REQUEST_X509CERT)) - .thenReturn(new X509Certificate[]{cert}); + when(r.getClientCertificateChain()).thenReturn(Collections.singletonList(cert)); } return r; } |