diff options
| author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-12-05 16:28:17 +0100 |
|---|---|---|
| committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-12-05 16:35:35 +0100 |
| commit | 6a33af1752ef731a368e4947f2afb123e8151c58 (patch) | |
| tree | 6b732394ecbb9a5798f6c59b514837eaf81d6da2 /security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java | |
| parent | b3758264b1f374500408ecc8c6a5976012749574 (diff) | |
Use AuthorizationMode to configure behaviour of PeerAuthorizerTrustManager
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java')
| -rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java index 28f05b3c6d9..dcf3a4162ee 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/DefaultTlsContext.java @@ -2,7 +2,6 @@ package com.yahoo.security.tls; import com.yahoo.security.SslContextBuilder; -import com.yahoo.security.tls.authz.PeerAuthorizerTrustManager; import com.yahoo.security.tls.authz.PeerAuthorizerTrustManagersFactory; import com.yahoo.security.tls.policy.AuthorizedPeers; @@ -43,11 +42,11 @@ public class DefaultTlsContext implements TlsContext { PrivateKey privateKey, List<X509Certificate> caCertificates, AuthorizedPeers authorizedPeers, - PeerAuthorizerTrustManager.Mode mode) { + AuthorizationMode mode) { this.sslContext = createSslContext(certificates, privateKey, caCertificates, authorizedPeers, mode); } - public DefaultTlsContext(Path tlsOptionsConfigFile, PeerAuthorizerTrustManager.Mode mode) { + public DefaultTlsContext(Path tlsOptionsConfigFile, AuthorizationMode mode) { this.sslContext = createSslContext(tlsOptionsConfigFile, mode); } @@ -73,7 +72,7 @@ public class DefaultTlsContext implements TlsContext { PrivateKey privateKey, List<X509Certificate> caCertificates, AuthorizedPeers authorizedPeers, - PeerAuthorizerTrustManager.Mode mode) { + AuthorizationMode mode) { SslContextBuilder builder = new SslContextBuilder(); if (!certificates.isEmpty()) { builder.withKeyStore(privateKey, certificates); @@ -87,14 +86,16 @@ public class DefaultTlsContext implements TlsContext { return builder.build(); } - private static SSLContext createSslContext(Path tlsOptionsConfigFile, PeerAuthorizerTrustManager.Mode mode) { + private static SSLContext createSslContext(Path tlsOptionsConfigFile, AuthorizationMode mode) { TransportSecurityOptions options = TransportSecurityOptions.fromJsonFile(tlsOptionsConfigFile); SslContextBuilder builder = new SslContextBuilder(); options.getCertificatesFile() .ifPresent(certificates -> builder.withKeyStore(options.getPrivateKeyFile().get(), certificates)); options.getCaCertificatesFile().ifPresent(builder::withTrustStore); - options.getAuthorizedPeers().ifPresent( - authorizedPeers -> builder.withTrustManagerFactory(new PeerAuthorizerTrustManagersFactory(authorizedPeers, mode))); + if (mode != AuthorizationMode.DISABLE) { + options.getAuthorizedPeers().ifPresent( + authorizedPeers -> builder.withTrustManagerFactory(new PeerAuthorizerTrustManagersFactory(authorizedPeers, mode))); + } return builder.build(); } |