diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-20 13:44:00 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-20 13:56:34 +0200 |
commit | 2e3005c471ba6520b17438c93f4a36369cbc3acd (patch) | |
tree | 90d3d6c4a9acbf323512d201f62b5bf1c8df3480 /security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizerTrustManager.java | |
parent | 6c9dcea0e9c3b9dd3a1b8979c84d2d2fe5b17e4c (diff) |
Implement RequireCapabilitiesFilter in jrt + misc
Add peerSpec to Target/Connection. Always provide ConnectionAuthContext.
Add helper for creating default, all-granting ConnectionAuthContext.
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizerTrustManager.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizerTrustManager.java | 3 |
1 files changed, 1 insertions, 2 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizerTrustManager.java b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizerTrustManager.java index 089023e55f1..e6239e3f694 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizerTrustManager.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizerTrustManager.java @@ -14,7 +14,6 @@ import java.security.cert.CertificateException; import java.security.cert.X509Certificate; import java.util.List; import java.util.Optional; -import java.util.Set; import java.util.logging.Logger; /** @@ -106,7 +105,7 @@ public class PeerAuthorizerTrustManager extends X509ExtendedTrustManager { log.fine(() -> "Verifying certificate: " + createInfoString(certChain[0], authType, isVerifyingClient)); ConnectionAuthContext result = mode != AuthorizationMode.DISABLE ? authorizer.authorizePeer(List.of(certChain)) - : new ConnectionAuthContext(List.of(certChain), CapabilitySet.all(), Set.of()); + : ConnectionAuthContext.defaultAllCapabilities(); if (sslEngine != null) { // getHandshakeSession() will never return null in this context sslEngine.getHandshakeSession().putValue(HANDSHAKE_SESSION_AUTH_CONTEXT_PROPERTY, result); } |