diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-13 13:22:53 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-13 13:25:20 +0100 |
commit | c224f1bfa5e087be63a0f6df2321ebde7778cbfb (patch) | |
tree | f86dc0d834e14105f56374995afb2fdcf722d629 /controller-server | |
parent | a72221f64cd61a8a5d10dbc5acea1aa560d3c97d (diff) |
Change return type of getClientCertificateChain() to List<X509Certificate>
Diffstat (limited to 'controller-server')
3 files changed, 14 insertions, 12 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java index c5406669f67..5ad44b82370 100644 --- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java +++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java @@ -13,6 +13,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.athenz.ZmsKeystore; import com.yahoo.vespa.hosted.controller.athenz.config.AthenzConfig; import java.security.cert.X509Certificate; +import java.util.List; import java.util.Optional; import java.util.concurrent.Executor; @@ -81,8 +82,9 @@ public class AthenzPrincipalFilter implements SecurityRequestFilter { } private static Optional<X509Certificate> getClientCertificate(DiscFilterRequest request) { - return request.getClientCertificateChain() - .map(chain -> chain[0]); + List<X509Certificate> chain = request.getClientCertificateChain(); + if (chain.isEmpty()) return Optional.empty(); + return Optional.of(chain.get(0)); } private static Optional<NToken> getPrincipalToken(DiscFilterRequest request, String principalTokenHeaderName) { diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilterTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilterTest.java index b0a51ecb16f..53ced43a9ba 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilterTest.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilterTest.java @@ -36,9 +36,10 @@ import java.time.Duration; import java.time.Instant; import java.util.Date; import java.util.Objects; -import java.util.Optional; import static com.yahoo.jdisc.Response.Status.UNAUTHORIZED; +import static java.util.Collections.emptyList; +import static java.util.Collections.singletonList; import static java.util.stream.Collectors.joining; import static org.hamcrest.Matchers.containsString; import static org.hamcrest.Matchers.equalTo; @@ -70,7 +71,7 @@ public class AthenzPrincipalFilterTest { DiscFilterRequest request = mock(DiscFilterRequest.class); AthenzPrincipal principal = new AthenzPrincipal(IDENTITY, NTOKEN); when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken()); - when(request.getClientCertificateChain()).thenReturn(Optional.empty()); + when(request.getClientCertificateChain()).thenReturn(emptyList()); when(validator.validate(NTOKEN)).thenReturn(principal); AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER); @@ -83,7 +84,7 @@ public class AthenzPrincipalFilterTest { public void missing_token_and_certificate_is_unauthorized() { DiscFilterRequest request = mock(DiscFilterRequest.class); when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(null); - when(request.getClientCertificateChain()).thenReturn(Optional.empty()); + when(request.getClientCertificateChain()).thenReturn(emptyList()); ResponseHandlerMock responseHandler = new ResponseHandlerMock(); @@ -98,7 +99,7 @@ public class AthenzPrincipalFilterTest { DiscFilterRequest request = mock(DiscFilterRequest.class); String errorMessage = "Invalid token"; when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken()); - when(request.getClientCertificateChain()).thenReturn(Optional.empty()); + when(request.getClientCertificateChain()).thenReturn(emptyList()); when(validator.validate(NTOKEN)).thenThrow(new InvalidTokenException(errorMessage)); ResponseHandlerMock responseHandler = new ResponseHandlerMock(); @@ -113,7 +114,7 @@ public class AthenzPrincipalFilterTest { public void certificate_is_accepted() { DiscFilterRequest request = mock(DiscFilterRequest.class); when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(null); - when(request.getClientCertificateChain()).thenReturn(Optional.of(new X509Certificate[]{CERTIFICATE})); + when(request.getClientCertificateChain()).thenReturn(singletonList(CERTIFICATE)); ResponseHandlerMock responseHandler = new ResponseHandlerMock(); @@ -129,7 +130,7 @@ public class AthenzPrincipalFilterTest { DiscFilterRequest request = mock(DiscFilterRequest.class); AthenzPrincipal principalWithToken = new AthenzPrincipal(IDENTITY, NTOKEN); when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken()); - when(request.getClientCertificateChain()).thenReturn(Optional.of(new X509Certificate[]{CERTIFICATE})); + when(request.getClientCertificateChain()).thenReturn(singletonList(CERTIFICATE)); when(validator.validate(NTOKEN)).thenReturn(principalWithToken); ResponseHandlerMock responseHandler = new ResponseHandlerMock(); @@ -146,7 +147,7 @@ public class AthenzPrincipalFilterTest { AthenzUser conflictingIdentity = AthenzUser.fromUserId("mallory"); when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken()); when(request.getClientCertificateChain()) - .thenReturn(Optional.of(new X509Certificate[]{createSelfSignedCertificate(conflictingIdentity)})); + .thenReturn(singletonList(createSelfSignedCertificate(conflictingIdentity))); when(validator.validate(NTOKEN)).thenReturn(new AthenzPrincipal(IDENTITY)); ResponseHandlerMock responseHandler = new ResponseHandlerMock(); diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ApplicationRequestToDiscFilterRequestWrapper.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ApplicationRequestToDiscFilterRequestWrapper.java index d5b1b85de5f..eee0519b12b 100644 --- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ApplicationRequestToDiscFilterRequestWrapper.java +++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ApplicationRequestToDiscFilterRequestWrapper.java @@ -16,7 +16,6 @@ import java.util.Collections; import java.util.Enumeration; import java.util.List; import java.util.Map; -import java.util.Optional; import java.util.concurrent.TimeUnit; /** @@ -178,8 +177,8 @@ public class ApplicationRequestToDiscFilterRequestWrapper extends DiscFilterRequ } @Override - public Optional<X509Certificate[]> getClientCertificateChain() { - return Optional.empty(); + public List<X509Certificate> getClientCertificateChain() { + return Collections.emptyList(); } @Override |