diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-20 13:44:00 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-20 13:56:34 +0200 |
commit | 2e3005c471ba6520b17438c93f4a36369cbc3acd (patch) | |
tree | 90d3d6c4a9acbf323512d201f62b5bf1c8df3480 /security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java | |
parent | 6c9dcea0e9c3b9dd3a1b8979c84d2d2fe5b17e4c (diff) |
Implement RequireCapabilitiesFilter in jrt + misc
Add peerSpec to Target/Connection. Always provide ConnectionAuthContext.
Add helper for creating default, all-granting ConnectionAuthContext.
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java index e244d5ad23f..3ee6ed1dcaa 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java @@ -18,8 +18,10 @@ public record ConnectionAuthContext(List<X509Certificate> peerCertificateChain, CapabilitySet capabilities, Set<String> matchedPolicies) { + private static final ConnectionAuthContext DEFAULT_ALL_CAPABILITIES = + new ConnectionAuthContext(List.of(), CapabilitySet.all(), Set.of()); + public ConnectionAuthContext { - if (peerCertificateChain.isEmpty()) throw new IllegalArgumentException("Peer certificate chain is empty"); peerCertificateChain = List.copyOf(peerCertificateChain); matchedPolicies = Set.copyOf(matchedPolicies); } @@ -33,7 +35,7 @@ public record ConnectionAuthContext(List<X509Certificate> peerCertificateChain, public Optional<String> peerCertificateString() { X509Certificate cert = peerCertificate().orElse(null); if (cert == null) return Optional.empty(); - StringBuilder b = new StringBuilder("X.509Cert{"); + StringBuilder b = new StringBuilder("["); String cn = X509CertificateUtils.getSubjectCommonName(cert).orElse(null); if (cn != null) { b.append("CN='").append(cn).append("'"); @@ -55,7 +57,9 @@ public record ConnectionAuthContext(List<X509Certificate> peerCertificateChain, if (cn != null || !dnsNames.isEmpty()) b.append(", "); b.append("SAN_URI=").append(uris); } - return Optional.of(b.append("}").toString()); + return Optional.of(b.append("]").toString()); } + public static ConnectionAuthContext defaultAllCapabilities() { return DEFAULT_ALL_CAPABILITIES; } + } |