summaryrefslogtreecommitdiffstats
path: root/controller-server
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@oath.com>2018-03-13 13:22:53 +0100
committerBjørn Christian Seime <bjorncs@oath.com>2018-03-13 13:25:20 +0100
commitc224f1bfa5e087be63a0f6df2321ebde7778cbfb (patch)
treef86dc0d834e14105f56374995afb2fdcf722d629 /controller-server
parenta72221f64cd61a8a5d10dbc5acea1aa560d3c97d (diff)
Change return type of getClientCertificateChain() to List<X509Certificate>
Diffstat (limited to 'controller-server')
-rw-r--r--controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java6
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilterTest.java15
-rw-r--r--controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ApplicationRequestToDiscFilterRequestWrapper.java5
3 files changed, 14 insertions, 12 deletions
diff --git a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java
index c5406669f67..5ad44b82370 100644
--- a/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java
+++ b/controller-server/src/main/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilter.java
@@ -13,6 +13,7 @@ import com.yahoo.vespa.hosted.controller.api.integration.athenz.ZmsKeystore;
import com.yahoo.vespa.hosted.controller.athenz.config.AthenzConfig;
import java.security.cert.X509Certificate;
+import java.util.List;
import java.util.Optional;
import java.util.concurrent.Executor;
@@ -81,8 +82,9 @@ public class AthenzPrincipalFilter implements SecurityRequestFilter {
}
private static Optional<X509Certificate> getClientCertificate(DiscFilterRequest request) {
- return request.getClientCertificateChain()
- .map(chain -> chain[0]);
+ List<X509Certificate> chain = request.getClientCertificateChain();
+ if (chain.isEmpty()) return Optional.empty();
+ return Optional.of(chain.get(0));
}
private static Optional<NToken> getPrincipalToken(DiscFilterRequest request, String principalTokenHeaderName) {
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilterTest.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilterTest.java
index b0a51ecb16f..53ced43a9ba 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilterTest.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/athenz/filter/AthenzPrincipalFilterTest.java
@@ -36,9 +36,10 @@ import java.time.Duration;
import java.time.Instant;
import java.util.Date;
import java.util.Objects;
-import java.util.Optional;
import static com.yahoo.jdisc.Response.Status.UNAUTHORIZED;
+import static java.util.Collections.emptyList;
+import static java.util.Collections.singletonList;
import static java.util.stream.Collectors.joining;
import static org.hamcrest.Matchers.containsString;
import static org.hamcrest.Matchers.equalTo;
@@ -70,7 +71,7 @@ public class AthenzPrincipalFilterTest {
DiscFilterRequest request = mock(DiscFilterRequest.class);
AthenzPrincipal principal = new AthenzPrincipal(IDENTITY, NTOKEN);
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
- when(request.getClientCertificateChain()).thenReturn(Optional.empty());
+ when(request.getClientCertificateChain()).thenReturn(emptyList());
when(validator.validate(NTOKEN)).thenReturn(principal);
AthenzPrincipalFilter filter = new AthenzPrincipalFilter(validator, Runnable::run, ATHENZ_PRINCIPAL_HEADER);
@@ -83,7 +84,7 @@ public class AthenzPrincipalFilterTest {
public void missing_token_and_certificate_is_unauthorized() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(null);
- when(request.getClientCertificateChain()).thenReturn(Optional.empty());
+ when(request.getClientCertificateChain()).thenReturn(emptyList());
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
@@ -98,7 +99,7 @@ public class AthenzPrincipalFilterTest {
DiscFilterRequest request = mock(DiscFilterRequest.class);
String errorMessage = "Invalid token";
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
- when(request.getClientCertificateChain()).thenReturn(Optional.empty());
+ when(request.getClientCertificateChain()).thenReturn(emptyList());
when(validator.validate(NTOKEN)).thenThrow(new InvalidTokenException(errorMessage));
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
@@ -113,7 +114,7 @@ public class AthenzPrincipalFilterTest {
public void certificate_is_accepted() {
DiscFilterRequest request = mock(DiscFilterRequest.class);
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(null);
- when(request.getClientCertificateChain()).thenReturn(Optional.of(new X509Certificate[]{CERTIFICATE}));
+ when(request.getClientCertificateChain()).thenReturn(singletonList(CERTIFICATE));
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
@@ -129,7 +130,7 @@ public class AthenzPrincipalFilterTest {
DiscFilterRequest request = mock(DiscFilterRequest.class);
AthenzPrincipal principalWithToken = new AthenzPrincipal(IDENTITY, NTOKEN);
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
- when(request.getClientCertificateChain()).thenReturn(Optional.of(new X509Certificate[]{CERTIFICATE}));
+ when(request.getClientCertificateChain()).thenReturn(singletonList(CERTIFICATE));
when(validator.validate(NTOKEN)).thenReturn(principalWithToken);
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
@@ -146,7 +147,7 @@ public class AthenzPrincipalFilterTest {
AthenzUser conflictingIdentity = AthenzUser.fromUserId("mallory");
when(request.getHeader(ATHENZ_PRINCIPAL_HEADER)).thenReturn(NTOKEN.getRawToken());
when(request.getClientCertificateChain())
- .thenReturn(Optional.of(new X509Certificate[]{createSelfSignedCertificate(conflictingIdentity)}));
+ .thenReturn(singletonList(createSelfSignedCertificate(conflictingIdentity)));
when(validator.validate(NTOKEN)).thenReturn(new AthenzPrincipal(IDENTITY));
ResponseHandlerMock responseHandler = new ResponseHandlerMock();
diff --git a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ApplicationRequestToDiscFilterRequestWrapper.java b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ApplicationRequestToDiscFilterRequestWrapper.java
index d5b1b85de5f..eee0519b12b 100644
--- a/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ApplicationRequestToDiscFilterRequestWrapper.java
+++ b/controller-server/src/test/java/com/yahoo/vespa/hosted/controller/restapi/ApplicationRequestToDiscFilterRequestWrapper.java
@@ -16,7 +16,6 @@ import java.util.Collections;
import java.util.Enumeration;
import java.util.List;
import java.util.Map;
-import java.util.Optional;
import java.util.concurrent.TimeUnit;
/**
@@ -178,8 +177,8 @@ public class ApplicationRequestToDiscFilterRequestWrapper extends DiscFilterRequ
}
@Override
- public Optional<X509Certificate[]> getClientCertificateChain() {
- return Optional.empty();
+ public List<X509Certificate> getClientCertificateChain() {
+ return Collections.emptyList();
}
@Override