Use 'withTrustManager' in ConfigFileBasedTlsContext

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-02-14 13:07:52 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-02-17 13:41:08 +0100
commit: 06df2d189b63b561472ac677389298038486ba70 (patch)
tree: f969fa65cf0399b23358b3f03fa0bad98f3779f3 /security-utils
parent: ed4f40137e20e78c7e861aabf7814fb52c2d8a15 (diff)
1 files changed, 5 insertions, 5 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
index f746480b126..6a78e49fe1d 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/ConfigFileBasedTlsContext.java
@@ -16,7 +16,6 @@ import javax.net.ssl.X509ExtendedTrustManager;
 import java.io.IOException;
 import java.io.UncheckedIOException;
 import java.lang.ref.WeakReference;
-import java.nio.file.Files;
 import java.nio.file.Path;
 import java.security.KeyStore;
 import java.time.Duration;
@@ -110,12 +109,13 @@ public class ConfigFileBasedTlsContext implements TlsContext {
                                                              MutableX509TrustManager mutableTrustManager,
                                                              MutableX509KeyManager mutableKeyManager,
                                                              PeerAuthentication peerAuthentication) {
+
+        PeerAuthorizerTrustManager authorizerTrustManager = options.getAuthorizedPeers()
+                .map(authorizedPeers -> new PeerAuthorizerTrustManager(authorizedPeers, mode, mutableTrustManager))
+                .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, mutableTrustManager)));
         SSLContext sslContext = new SslContextBuilder()
                 .withKeyManager(mutableKeyManager)
-                .withTrustManagerFactory(
-                        ignoredTruststore -> options.getAuthorizedPeers()
-                                .map(authorizedPeers -> (X509ExtendedTrustManager) new PeerAuthorizerTrustManager(authorizedPeers, mode, mutableTrustManager))
-                                .orElseGet(() -> new PeerAuthorizerTrustManager(new AuthorizedPeers(com.yahoo.vespa.jdk8compat.Set.of()), AuthorizationMode.DISABLE, mutableTrustManager)))
+                .withTrustManager(authorizerTrustManager)
                 .build();
         List<String> acceptedCiphers = options.getAcceptedCiphers();
         Set<String> ciphers = acceptedCiphers.isEmpty() ? TlsContext.ALLOWED_CIPHER_SUITES : new HashSet<>(acceptedCiphers);
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-02-14 13:07:52 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-02-17 13:41:08 +0100
commit	06df2d189b63b561472ac677389298038486ba70 (patch)
tree	f969fa65cf0399b23358b3f03fa0bad98f3779f3 /security-utils
parent	ed4f40137e20e78c7e861aabf7814fb52c2d8a15 (diff)