Implement RequireCapabilitiesFilter in jrt + misc

Add peerSpec to Target/Connection. Always provide ConnectionAuthContext. Add helper for creating default, all-granting ConnectionAuthContext.
author: Bjørn Christian Seime <bjorncs@yahooinc.com> 2022-07-20 13:44:00 +0200
committer: Bjørn Christian Seime <bjorncs@yahooinc.com> 2022-07-20 13:56:34 +0200
commit: 2e3005c471ba6520b17438c93f4a36369cbc3acd (patch)
tree: 90d3d6c4a9acbf323512d201f62b5bf1c8df3480 /security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java
parent: 6c9dcea0e9c3b9dd3a1b8979c84d2d2fe5b17e4c (diff)
1 files changed, 1 insertions, 3 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java
index 608a8c9c933..99787725063 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java
@@ -35,9 +35,7 @@ public class PeerAuthorizer {
     public ConnectionAuthContext authorizePeer(X509Certificate cert) { return authorizePeer(List.of(cert)); }
 
     public ConnectionAuthContext authorizePeer(List<X509Certificate> certChain) {
-        if (authorizedPeers.isEmpty()) {
-            return new ConnectionAuthContext(certChain, CapabilitySet.all(), Set.of());
-        }
+        if (authorizedPeers.isEmpty()) return ConnectionAuthContext.defaultAllCapabilities();
         X509Certificate cert = certChain.get(0);
         Set<String> matchedPolicies = new HashSet<>();
         Set<CapabilitySet> grantedCapabilities = new HashSet<>();
author	Bjørn Christian Seime <bjorncs@yahooinc.com>	2022-07-20 13:44:00 +0200
committer	Bjørn Christian Seime <bjorncs@yahooinc.com>	2022-07-20 13:56:34 +0200
commit	2e3005c471ba6520b17438c93f4a36369cbc3acd (patch)
tree	90d3d6c4a9acbf323512d201f62b5bf1c8df3480 /security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java
parent	6c9dcea0e9c3b9dd3a1b8979c84d2d2fe5b17e4c (diff)