diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-01-04 15:54:49 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-01-04 15:54:49 +0100 |
commit | 989d5df90b92ba3fd667c568cf61c047b6b74ad2 (patch) | |
tree | a5b603e825adc68171278328680f319f0b0eabed /controller-server/src | |
parent | f5f5222460ff5a65ecd7c2da81fecc049a0faecc (diff) |
Use httpclient version matching zts-client
Also remove hostnameverifier adapter that is no longer needed.
Diffstat (limited to 'controller-server/src')
-rw-r--r-- | controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java | 45 |
1 files changed, 2 insertions, 43 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java index 379e5c10847..3f8e177ac8a 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java @@ -7,10 +7,8 @@ import com.google.inject.Inject; import com.yahoo.config.provision.Environment; import com.yahoo.io.IOUtils; import com.yahoo.jdisc.http.HttpRequest.Method; -import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzIdentity; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzIdentityVerifier; import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzSslContextProvider; -import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzUtils; import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneId; import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneList; import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry; @@ -23,19 +21,14 @@ import org.apache.http.client.methods.HttpPatch; import org.apache.http.client.methods.HttpPost; import org.apache.http.client.methods.HttpPut; import org.apache.http.client.methods.HttpRequestBase; -import org.apache.http.conn.ssl.X509HostnameVerifier; import org.apache.http.entity.InputStreamEntity; import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.HttpClientBuilder; -import javax.net.ssl.SSLException; -import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocket; import java.io.IOException; import java.io.InputStream; import java.net.URI; import java.nio.charset.StandardCharsets; -import java.security.cert.X509Certificate; import java.time.Duration; import java.util.ArrayList; import java.util.HashSet; @@ -260,43 +253,9 @@ public class ConfigServerRestExecutorImpl implements ConfigServerRestExecutor { ZoneId.from(proxyRequest.getEnvironment(), proxyRequest.getRegion())))); return HttpClientBuilder.create() .setUserAgent("config-server-client") - .setSslcontext(sslContextProvider.get()) - .setHostnameVerifier(new AthenzIdentityVerifierAdapter(hostnameVerifier)) + .setSSLContext(sslContextProvider.get()) + .setSSLHostnameVerifier(hostnameVerifier) .setDefaultRequestConfig(config) .build(); } - - private static class AthenzIdentityVerifierAdapter implements X509HostnameVerifier { - - private final AthenzIdentityVerifier verifier; - - AthenzIdentityVerifierAdapter(AthenzIdentityVerifier verifier) { - this.verifier = verifier; - } - - @Override - public boolean verify(String hostname, SSLSession sslSession) { - return verifier.verify(hostname, sslSession); - } - - @Override - public void verify(String host, SSLSocket ssl) { /* All sockets accepted */} - - @Override - public void verify(String hostname, X509Certificate certificate) throws SSLException { - AthenzIdentity identity = AthenzUtils.createAthenzIdentity(certificate); - if (!verifier.isTrusted(identity)) { - throw new SSLException("Athenz identity is not trusted: " + identity.getFullName()); - } - } - - @Override - public void verify(String hostname, String[] cns, String[] subjectAlts) throws SSLException { - AthenzIdentity identity = AthenzUtils.createAthenzIdentity(cns[0]); - if (!verifier.isTrusted(identity)) { - throw new SSLException("Athenz identity is not trusted: " + identity.getFullName()); - } - } - } - } |