Revert "Implement Apache Http verifier interface in AthenzIdentityVerifier"

This reverts commit 615232d1cd53b20c7e91a2d445c4cd162c11e54b.

1 files changed, 4 insertions, 32 deletions

diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java
index 527efaab946..bfaa6c2acda 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java
@@ -1,26 +1,21 @@
 // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
 package com.yahoo.vespa.hosted.controller.api.integration.athenz;
 
-import org.apache.http.conn.ssl.X509HostnameVerifier;
-
 import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
 import java.security.cert.X509Certificate;
 import java.util.Set;
 import java.util.logging.Level;
 import java.util.logging.Logger;
 
 /**
- * A {@link HostnameVerifier} / {@link X509HostnameVerifier} that validates
- * Athenz x509 certificates using the identity in the Common Name attribute.
+ * A {@link HostnameVerifier} that validates Athenz x509 certificates using the identity in the Common Name attribute.
  *
  * @author bjorncs
  */
 // TODO Move to dedicated Athenz bundle
-public class AthenzIdentityVerifier implements X509HostnameVerifier {
+public class AthenzIdentityVerifier implements HostnameVerifier {
 
     private static final Logger log = Logger.getLogger(AthenzIdentityVerifier.class.getName());
 
@@ -34,36 +29,13 @@ public class AthenzIdentityVerifier implements X509HostnameVerifier {
     public boolean verify(String hostname, SSLSession session) {
         try {
             X509Certificate cert = (X509Certificate) session.getPeerCertificates()[0];
-            return isTrusted(AthenzUtils.createAthenzIdentity(cert));
+            AthenzIdentity certificateIdentity = AthenzUtils.createAthenzIdentity(cert);
+            return allowedIdentities.contains(certificateIdentity);
         } catch (SSLPeerUnverifiedException e) {
             log.log(Level.WARNING, "Unverified client: " + hostname);
             return false;
         }
     }
 
-    @Override
-    public void verify(String host, SSLSocket ssl) {
-        // all sockets allowed
-    }
-
-    @Override
-    public void verify(String hostname, X509Certificate certificate) throws SSLException {
-        AthenzIdentity identity = AthenzUtils.createAthenzIdentity(certificate);
-        if (!isTrusted(identity)) {
-            throw new SSLException("Athenz identity is not trusted: " + identity.getFullName());
-        }
-    }
-
-    @Override
-    public void verify(String hostname, String[] cns, String[] subjectAlts) throws SSLException {
-        AthenzIdentity identity = AthenzUtils.createAthenzIdentity(cns[0]);
-        if (!isTrusted(identity)) {
-            throw new SSLException("Athenz identity is not trusted: " + identity.getFullName());
-        }
-    }
-
-    private boolean isTrusted(AthenzIdentity identity) {
-        return allowedIdentities.contains(identity);
-    }
 }