summaryrefslogtreecommitdiffstats
path: root/jrt
diff options
context:
space:
mode:
authorBjørn Christian Seime <bjorncs@oath.com>2018-12-05 16:28:17 +0100
committerBjørn Christian Seime <bjorncs@oath.com>2018-12-05 16:35:35 +0100
commit6a33af1752ef731a368e4947f2afb123e8151c58 (patch)
tree6b732394ecbb9a5798f6c59b514837eaf81d6da2 /jrt
parentb3758264b1f374500408ecc8c6a5976012749574 (diff)
Use AuthorizationMode to configure behaviour of PeerAuthorizerTrustManager
Diffstat (limited to 'jrt')
-rw-r--r--jrt/src/com/yahoo/jrt/CryptoEngine.java5
-rw-r--r--jrt/tests/com/yahoo/jrt/CryptoUtils.java4
2 files changed, 5 insertions, 4 deletions
diff --git a/jrt/src/com/yahoo/jrt/CryptoEngine.java b/jrt/src/com/yahoo/jrt/CryptoEngine.java
index e0f15bf118e..cc59c29bc3b 100644
--- a/jrt/src/com/yahoo/jrt/CryptoEngine.java
+++ b/jrt/src/com/yahoo/jrt/CryptoEngine.java
@@ -2,11 +2,11 @@
package com.yahoo.jrt;
+import com.yahoo.security.tls.AuthorizationMode;
import com.yahoo.security.tls.MixedMode;
import com.yahoo.security.tls.ReloadingTlsContext;
import com.yahoo.security.tls.TlsContext;
import com.yahoo.security.tls.TransportSecurityUtils;
-import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager.Mode;
import java.nio.channels.SocketChannel;
@@ -23,7 +23,8 @@ public interface CryptoEngine extends AutoCloseable {
if (!TransportSecurityUtils.isTransportSecurityEnabled()) {
return new NullCryptoEngine();
}
- TlsContext tlsContext = new ReloadingTlsContext(TransportSecurityUtils.getConfigFile().get(), Mode.DRY_RUN);
+ AuthorizationMode mode = TransportSecurityUtils.getInsecureAuthorizationMode().orElse(AuthorizationMode.ENFORCE);
+ TlsContext tlsContext = new ReloadingTlsContext(TransportSecurityUtils.getConfigFile().get(), mode);
TlsCryptoEngine tlsCryptoEngine = new TlsCryptoEngine(tlsContext);
if (!TransportSecurityUtils.isInsecureMixedModeEnabled()) {
return tlsCryptoEngine;
diff --git a/jrt/tests/com/yahoo/jrt/CryptoUtils.java b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
index b0a8a4b0efb..1c2280567cb 100644
--- a/jrt/tests/com/yahoo/jrt/CryptoUtils.java
+++ b/jrt/tests/com/yahoo/jrt/CryptoUtils.java
@@ -3,9 +3,9 @@ package com.yahoo.jrt;
import com.yahoo.security.KeyUtils;
import com.yahoo.security.X509CertificateBuilder;
+import com.yahoo.security.tls.AuthorizationMode;
import com.yahoo.security.tls.DefaultTlsContext;
import com.yahoo.security.tls.TlsContext;
-import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager.Mode;
import com.yahoo.security.tls.policy.AuthorizedPeers;
import com.yahoo.security.tls.policy.HostGlobPattern;
import com.yahoo.security.tls.policy.PeerPolicy;
@@ -49,7 +49,7 @@ class CryptoUtils {
Field.CN, new HostGlobPattern("dummy"))))));
static TlsContext createTestTlsContext() {
- return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, Mode.ENFORCE);
+ return new DefaultTlsContext(singletonList(certificate), keyPair.getPrivate(), singletonList(certificate), authorizedPeers, AuthorizationMode.ENFORCE);
}
}