Store authorization result in TlsCryptoSocket

1 files changed, 9 insertions, 0 deletions

diff --git a/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizerTrustManager.java b/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizerTrustManager.java
index 05524cdffea..80acc940a99 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizerTrustManager.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizerTrustManager.java
@@ -14,6 +14,7 @@ import java.security.GeneralSecurityException;
 import java.security.KeyStore;
 import java.security.cert.CertificateException;
 import java.security.cert.X509Certificate;
+import java.util.Optional;
 import java.util.logging.Logger;
 
 /**
@@ -97,6 +98,14 @@ public class PeerAuthorizerTrustManager extends X509ExtendedTrustManager {
         return defaultTrustManager.getAcceptedIssuers();
     }
 
+    /**
+     * Note: The authorization result is only available during handshake. The underlying handshake session is removed once handshake is complete.
+     */
+    public static Optional<AuthorizationResult> getAuthorizationResult(SSLEngine sslEngine) {
+        return Optional.ofNullable(sslEngine.getHandshakeSession())
+                .flatMap(session -> Optional.ofNullable((AuthorizationResult) session.getValue(HANDSHAKE_SESSION_AUTHZ_RESULT_PROPERTY)));
+    }
+
     private void authorizePeer(X509Certificate certificate, String authType, boolean isVerifyingClient, SSLEngine sslEngine) throws CertificateException {
         if (mode == AuthorizationMode.DISABLE) return;