Always run PeerAutorizer

Interpret empty AuthorizedPeers as granting all capabilities unconditionally.
Assume AuthorizedPeers as always present.

1 files changed, 3 insertions, 8 deletions

diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
index a01283318b6..c2ee573dfc6 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java
@@ -11,7 +11,6 @@ import javax.net.ssl.SSLParameters;
 import java.security.PrivateKey;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
-import java.util.Collections;
 import java.util.List;
 import java.util.Set;
 import java.util.logging.Level;
@@ -136,13 +135,9 @@ public class DefaultTlsContext implements TlsContext {
         if (!caCertificates.isEmpty()) {
             builder.withTrustStore(caCertificates);
         }
-        if (authorizedPeers != null) {
-            builder.withTrustManagerFactory(truststore -> new PeerAuthorizerTrustManager(authorizedPeers, mode, hostnameVerification, truststore));
-        } else {
-            builder.withTrustManagerFactory(truststore -> new PeerAuthorizerTrustManager(
-                    new AuthorizedPeers(Collections.emptySet()), AuthorizationMode.DISABLE, hostnameVerification, truststore));
-        }
-        return builder.build();
+        return builder.withTrustManagerFactory(truststore ->
+                        new PeerAuthorizerTrustManager(authorizedPeers, mode, hostnameVerification, truststore))
+                .build();
     }
 
 }