diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-11-27 15:36:46 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-11-27 16:07:12 +0100 |
commit | 26180a3cf9c00f829412a974097ff1869a3650cb (patch) | |
tree | c361a384ad64676ae8b28d055e940f30dff0c2f5 /jrt | |
parent | b2952cef2c2020893324f2d3f4e3bc433eedf827 (diff) |
Enable PeerAuthorizer in dry-run mode in TlsCryptoSocket
Diffstat (limited to 'jrt')
-rw-r--r-- | jrt/src/com/yahoo/jrt/TlsCryptoEngine.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java index 4c483072f5f..db18ddf8c9d 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoEngine.java @@ -3,6 +3,8 @@ package com.yahoo.jrt; import com.yahoo.security.SslContextBuilder; import com.yahoo.security.tls.TransportSecurityOptions; +import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager.Mode; +import com.yahoo.security.tls.authz.PeerAuthorizerTrustManagersFactory; import javax.net.ssl.SSLContext; import javax.net.ssl.SSLEngine; @@ -33,11 +35,14 @@ public class TlsCryptoEngine implements CryptoEngine { return new TlsCryptoSocket(channel, sslEngine); } + // TODO Move to dedicated factory type controlling certificate hot-reloading in security-utils private static SSLContext createSslContext(TransportSecurityOptions options) { SslContextBuilder builder = new SslContextBuilder(); options.getCertificatesFile() .ifPresent(certificates -> builder.withKeyStore(options.getPrivateKeyFile().get(), certificates)); options.getCaCertificatesFile().ifPresent(builder::withTrustStore); + options.getAuthorizedPeers().ifPresent( + authorizedPeers -> builder.withTrustManagerFactory(new PeerAuthorizerTrustManagersFactory(authorizedPeers, Mode.DRY_RUN))); return builder.build(); } } |