diff options
| author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-12-13 13:12:08 +0100 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@oath.com> | 2019-01-08 13:44:50 +0100 |
| commit | dd49544fc92bb977389ea43b661246df08b9ad44 (patch) | |
| tree | 5a28c769f33e0678e4fc7cd914cb6d473a0e2a14 /jrt | |
| parent | daae47b2e124cb4f657e5beb02ce736339793367 (diff) | |
Store authorization result in TlsCryptoSocket
Diffstat (limited to 'jrt')
| -rw-r--r-- | jrt/src/com/yahoo/jrt/TlsCryptoSocket.java | 11 |
1 files changed, 10 insertions, 1 deletions
diff --git a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java index 39cd9f6c4f2..b4a8df52e8e 100644 --- a/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java +++ b/jrt/src/com/yahoo/jrt/TlsCryptoSocket.java @@ -1,6 +1,9 @@ // Copyright 2018 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.jrt; +import com.yahoo.security.tls.authz.AuthorizationResult; +import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager; + import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLEngineResult; import javax.net.ssl.SSLException; @@ -11,7 +14,8 @@ import java.nio.channels.ClosedChannelException; import java.nio.channels.SocketChannel; import java.util.logging.Logger; -import static javax.net.ssl.SSLEngineResult.*; +import static javax.net.ssl.SSLEngineResult.HandshakeStatus; +import static javax.net.ssl.SSLEngineResult.Status; /** * A {@link CryptoSocket} using TLS ({@link SSLEngine}) @@ -34,6 +38,7 @@ public class TlsCryptoSocket implements CryptoSocket { private int sessionApplicationBufferSize; private ByteBuffer handshakeDummyBuffer; private HandshakeState handshakeState; + private AuthorizationResult authorizationResult; public TlsCryptoSocket(SocketChannel channel, SSLEngine sslEngine) { this.channel = channel; @@ -97,6 +102,10 @@ public class TlsCryptoSocket implements CryptoSocket { return HandshakeState.COMPLETED; case NEED_TASK: sslEngine.getDelegatedTask().run(); + if (authorizationResult != null) { + PeerAuthorizerTrustManager.getAuthorizationResult(sslEngine) // only available during handshake + .ifPresent(result -> this.authorizationResult = result); + } break; case NEED_UNWRAP: if (wrapBuffer.bytes() > 0) return HandshakeState.NEED_WRITE; |