summaryrefslogtreecommitdiffstats
path: root/controller-server
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@oath.com>2018-01-04 15:54:49 +0100
committerBjørn Christian Seime <bjorncs@oath.com>2018-01-04 15:54:49 +0100
commit989d5df90b92ba3fd667c568cf61c047b6b74ad2 (patch)
treea5b603e825adc68171278328680f319f0b0eabed /controller-server
parentf5f5222460ff5a65ecd7c2da81fecc049a0faecc (diff)
Use httpclient version matching zts-client
Also remove hostnameverifier adapter that is no longer needed.
Diffstat (limited to 'controller-server')
-rw-r--r--controller-server/pom.xml3
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java45
2 files changed, 4 insertions, 44 deletions
diff --git a/controller-server/pom.xml b/controller-server/pom.xml
index b033286b82a..989dda42641 100644
--- a/controller-server/pom.xml
+++ b/controller-server/pom.xml
@@ -110,7 +110,8 @@
<dependency>
<groupId>org.apache.httpcomponents</groupId>
- <artifactId>httpcore</artifactId>
+ <artifactId>httpclient</artifactId>
+ <version>4.5.2</version>
</dependency>
<dependency>
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java
index 379e5c10847..3f8e177ac8a 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/proxy/ConfigServerRestExecutorImpl.java
@@ -7,10 +7,8 @@ import com.google.inject.Inject;
import com.yahoo.config.provision.Environment;
import com.yahoo.io.IOUtils;
import com.yahoo.jdisc.http.HttpRequest.Method;
-import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzIdentity;
import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzIdentityVerifier;
import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzSslContextProvider;
-import com.yahoo.vespa.hosted.controller.api.integration.athenz.AthenzUtils;
import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneId;
import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneList;
import com.yahoo.vespa.hosted.controller.api.integration.zone.ZoneRegistry;
@@ -23,19 +21,14 @@ import org.apache.http.client.methods.HttpPatch;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.methods.HttpPut;
import org.apache.http.client.methods.HttpRequestBase;
-import org.apache.http.conn.ssl.X509HostnameVerifier;
import org.apache.http.entity.InputStreamEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
-import javax.net.ssl.SSLException;
-import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
import java.io.IOException;
import java.io.InputStream;
import java.net.URI;
import java.nio.charset.StandardCharsets;
-import java.security.cert.X509Certificate;
import java.time.Duration;
import java.util.ArrayList;
import java.util.HashSet;
@@ -260,43 +253,9 @@ public class ConfigServerRestExecutorImpl implements ConfigServerRestExecutor {
ZoneId.from(proxyRequest.getEnvironment(), proxyRequest.getRegion()))));
return HttpClientBuilder.create()
.setUserAgent("config-server-client")
- .setSslcontext(sslContextProvider.get())
- .setHostnameVerifier(new AthenzIdentityVerifierAdapter(hostnameVerifier))
+ .setSSLContext(sslContextProvider.get())
+ .setSSLHostnameVerifier(hostnameVerifier)
.setDefaultRequestConfig(config)
.build();
}
-
- private static class AthenzIdentityVerifierAdapter implements X509HostnameVerifier {
-
- private final AthenzIdentityVerifier verifier;
-
- AthenzIdentityVerifierAdapter(AthenzIdentityVerifier verifier) {
- this.verifier = verifier;
- }
-
- @Override
- public boolean verify(String hostname, SSLSession sslSession) {
- return verifier.verify(hostname, sslSession);
- }
-
- @Override
- public void verify(String host, SSLSocket ssl) { /* All sockets accepted */}
-
- @Override
- public void verify(String hostname, X509Certificate certificate) throws SSLException {
- AthenzIdentity identity = AthenzUtils.createAthenzIdentity(certificate);
- if (!verifier.isTrusted(identity)) {
- throw new SSLException("Athenz identity is not trusted: " + identity.getFullName());
- }
- }
-
- @Override
- public void verify(String hostname, String[] cns, String[] subjectAlts) throws SSLException {
- AthenzIdentity identity = AthenzUtils.createAthenzIdentity(cns[0]);
- if (!verifier.isTrusted(identity)) {
- throw new SSLException("Athenz identity is not trusted: " + identity.getFullName());
- }
- }
- }
-
}