diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-12-05 16:28:17 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-12-05 16:35:35 +0100 |
commit | 6a33af1752ef731a368e4947f2afb123e8151c58 (patch) | |
tree | 6b732394ecbb9a5798f6c59b514837eaf81d6da2 /jrt | |
parent | b3758264b1f374500408ecc8c6a5976012749574 (diff) |
Use AuthorizationMode to configure behaviour of PeerAuthorizerTrustManager
Diffstat (limited to 'jrt')
-rw-r--r-- | jrt/src/com/yahoo/jrt/CryptoEngine.java | 5 | ||||
-rw-r--r-- | jrt/tests/com/yahoo/jrt/CryptoUtils.java | 4 |
2 files changed, 5 insertions, 4 deletions
diff --git a/jrt/src/com/yahoo/jrt/CryptoEngine.java b/jrt/src/com/yahoo/jrt/CryptoEngine.java index e0f15bf118e..cc59c29bc3b 100644 --- a/jrt/src/com/yahoo/jrt/CryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/CryptoEngine.java @@ -2,11 +2,11 @@ package com.yahoo.jrt; +import com.yahoo.security.tls.AuthorizationMode; import com.yahoo.security.tls.MixedMode; import com.yahoo.security.tls.ReloadingTlsContext; import com.yahoo.security.tls.TlsContext; import com.yahoo.security.tls.TransportSecurityUtils; -import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager.Mode; import java.nio.channels.SocketChannel; @@ -23,7 +23,8 @@ public interface CryptoEngine extends AutoCloseable { if (!TransportSecurityUtils.isTransportSecurityEnabled()) { return new NullCryptoEngine(); } - TlsContext tlsContext = new ReloadingTlsContext(TransportSecurityUtils.getConfigFile().get(), Mode.DRY_RUN); + AuthorizationMode mode = TransportSecurityUtils.getInsecureAuthorizationMode().orElse(AuthorizationMode.ENFORCE); + TlsContext tlsContext = new ReloadingTlsContext(TransportSecurityUtils.getConfigFile().get(), mode); TlsCryptoEngine tlsCryptoEngine = new TlsCryptoEngine(tlsContext); if (!TransportSecurityUtils.isInsecureMixedModeEnabled()) { return tlsCryptoEngine; diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java index b0a8a4b0efb..1c2280567cb 100644 --- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java +++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java @@ -3,9 +3,9 @@ package com.yahoo.jrt; import com.yahoo.security.KeyUtils; import com.yahoo.security.X509CertificateBuilder; +import com.yahoo.security.tls.AuthorizationMode; import com.yahoo.security.tls.DefaultTlsContext; import com.yahoo.security.tls.TlsContext; -import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager.Mode; import com.yahoo.security.tls.policy.AuthorizedPeers; import com.yahoo.security.tls.policy.HostGlobPattern; import com.yahoo.security.tls.policy.PeerPolicy; @@ -49,7 +49,7 @@ class CryptoUtils { Field.CN, new HostGlobPattern("dummy")))))); static TlsContext createTestTlsContext() { - return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, Mode.ENFORCE); + return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE); } } |