diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-20 13:44:00 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-20 13:56:34 +0200 |
commit | 2e3005c471ba6520b17438c93f4a36369cbc3acd (patch) | |
tree | 90d3d6c4a9acbf323512d201f62b5bf1c8df3480 /security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java | |
parent | 6c9dcea0e9c3b9dd3a1b8979c84d2d2fe5b17e4c (diff) |
Implement RequireCapabilitiesFilter in jrt + misc
Add peerSpec to Target/Connection. Always provide ConnectionAuthContext.
Add helper for creating default, all-granting ConnectionAuthContext.
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java | 4 |
1 files changed, 1 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java index 608a8c9c933..99787725063 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java @@ -35,9 +35,7 @@ public class PeerAuthorizer { public ConnectionAuthContext authorizePeer(X509Certificate cert) { return authorizePeer(List.of(cert)); } public ConnectionAuthContext authorizePeer(List<X509Certificate> certChain) { - if (authorizedPeers.isEmpty()) { - return new ConnectionAuthContext(certChain, CapabilitySet.all(), Set.of()); - } + if (authorizedPeers.isEmpty()) return ConnectionAuthContext.defaultAllCapabilities(); X509Certificate cert = certChain.get(0); Set<String> matchedPolicies = new HashSet<>(); Set<CapabilitySet> grantedCapabilities = new HashSet<>(); |