summaryrefslogtreecommitdiffstats
path: root/controller-api
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@oath.com>2018-01-04 15:35:10 +0100
committerBjørn Christian Seime <bjorncs@oath.com>2018-01-04 15:35:10 +0100
commit85a21591c08c719f628276c87c8ced385b078228 (patch)
treee9e79aedf053ed6bf1b5ee201ad2fbde83506d67 /controller-api
parent580914705e9eeb08a1b995267d7e74df56d4b0fd (diff)
Create X509HostnameVerifier adapter to verify Athenz identity in httpclient
Diffstat (limited to 'controller-api')
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java7
1 files changed, 5 insertions, 2 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java
index bfaa6c2acda..6f8ebc4c5db 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java
@@ -29,13 +29,16 @@ public class AthenzIdentityVerifier implements HostnameVerifier {
public boolean verify(String hostname, SSLSession session) {
try {
X509Certificate cert = (X509Certificate) session.getPeerCertificates()[0];
- AthenzIdentity certificateIdentity = AthenzUtils.createAthenzIdentity(cert);
- return allowedIdentities.contains(certificateIdentity);
+ return isTrusted(AthenzUtils.createAthenzIdentity(cert));
} catch (SSLPeerUnverifiedException e) {
log.log(Level.WARNING, "Unverified client: " + hostname);
return false;
}
}
+ public boolean isTrusted(AthenzIdentity identity) {
+ return allowedIdentities.contains(identity);
+ }
+
}