diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-12-13 13:12:08 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2019-01-08 13:44:50 +0100 |
commit | dd49544fc92bb977389ea43b661246df08b9ad44 (patch) | |
tree | 5a28c769f33e0678e4fc7cd914cb6d473a0e2a14 /security-utils/src | |
parent | daae47b2e124cb4f657e5beb02ce736339793367 (diff) |
Store authorization result in TlsCryptoSocket
Diffstat (limited to 'security-utils/src')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizerTrustManager.java | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizerTrustManager.java b/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizerTrustManager.java index 05524cdffea..80acc940a99 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizerTrustManager.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizerTrustManager.java @@ -14,6 +14,7 @@ import java.security.GeneralSecurityException; import java.security.KeyStore; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; +import java.util.Optional; import java.util.logging.Logger; /** @@ -97,6 +98,14 @@ public class PeerAuthorizerTrustManager extends X509ExtendedTrustManager { return defaultTrustManager.getAcceptedIssuers(); } + /** + * Note: The authorization result is only available during handshake. The underlying handshake session is removed once handshake is complete. + */ + public static Optional<AuthorizationResult> getAuthorizationResult(SSLEngine sslEngine) { + return Optional.ofNullable(sslEngine.getHandshakeSession()) + .flatMap(session -> Optional.ofNullable((AuthorizationResult) session.getValue(HANDSHAKE_SESSION_AUTHZ_RESULT_PROPERTY))); + } + private void authorizePeer(X509Certificate certificate, String authType, boolean isVerifyingClient, SSLEngine sslEngine) throws CertificateException { if (mode == AuthorizationMode.DISABLE) return; |