diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-01-04 15:35:10 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-01-04 15:35:10 +0100 |
commit | 85a21591c08c719f628276c87c8ced385b078228 (patch) | |
tree | e9e79aedf053ed6bf1b5ee201ad2fbde83506d67 /controller-api | |
parent | 580914705e9eeb08a1b995267d7e74df56d4b0fd (diff) |
Create X509HostnameVerifier adapter to verify Athenz identity in httpclient
Diffstat (limited to 'controller-api')
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java index bfaa6c2acda..6f8ebc4c5db 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java @@ -29,13 +29,16 @@ public class AthenzIdentityVerifier implements HostnameVerifier { public boolean verify(String hostname, SSLSession session) { try { X509Certificate cert = (X509Certificate) session.getPeerCertificates()[0]; - AthenzIdentity certificateIdentity = AthenzUtils.createAthenzIdentity(cert); - return allowedIdentities.contains(certificateIdentity); + return isTrusted(AthenzUtils.createAthenzIdentity(cert)); } catch (SSLPeerUnverifiedException e) { log.log(Level.WARNING, "Unverified client: " + hostname); return false; } } + public boolean isTrusted(AthenzIdentity identity) { + return allowedIdentities.contains(identity); + } + } |