diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-02-14 13:07:52 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-02-17 13:41:08 +0100 |
commit | 06df2d189b63b561472ac677389298038486ba70 (patch) | |
tree | f969fa65cf0399b23358b3f03fa0bad98f3779f3 /security-utils | |
parent | ed4f40137e20e78c7e861aabf7814fb52c2d8a15 (diff) |
Use 'withTrustManager' in ConfigFileBasedTlsContext
Diffstat (limited to 'security-utils')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java | 10 |
1 files changed, 5 insertions, 5 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java index f746480b126..6a78e49fe1d 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java @@ -16,7 +16,6 @@ import javax.net.ssl.X509ExtendedTrustManager; import java.io.IOException; import java.io.UncheckedIOException; import java.lang.ref.WeakReference; -import java.nio.file.Files; import java.nio.file.Path; import java.security.KeyStore; import java.time.Duration; @@ -110,12 +109,13 @@ public class ConfigFileBasedTlsContext implements TlsContext { MutableX509TrustManager mutableTrustManager, MutableX509KeyManager mutableKeyManager, PeerAuthentication peerAuthentication) { + + PeerAuthorizerTrustManager authorizerTrustManager = options.getAuthorizedPeers() + .map(authorizedPeers -> new PeerAuthorizerTrustManager(authorizedPeers, mode, mutableTrustManager)) + .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, mutableTrustManager))); SSLContext sslContext = new SslContextBuilder() .withKeyManager(mutableKeyManager) - .withTrustManagerFactory( - ignoredTruststore -> options.getAuthorizedPeers() - .map(authorizedPeers -> (X509ExtendedTrustManager) new PeerAuthorizerTrustManager(authorizedPeers, mode, mutableTrustManager)) - .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, mutableTrustManager))) + .withTrustManager(authorizerTrustManager) .build(); List<String> acceptedCiphers = options.getAcceptedCiphers(); Set<String> ciphers = acceptedCiphers.isEmpty() ? TlsContext.ALLOWED_CIPHER_SUITES : new HashSet<>(acceptedCiphers); |