diff options
3 files changed, 5 insertions, 9 deletions
diff --git a/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizerTest.java b/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizerTest.java index 7a2e0f00433..5b5b795a412 100644 --- a/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizerTest.java +++ b/configserver/src/test/java/com/yahoo/vespa/config/server/rpc/security/MultiTenantRpcAuthorizerTest.java @@ -41,7 +41,6 @@ import java.time.Instant; import java.util.List; import java.util.Optional; import java.util.Set; -import java.util.TreeSet; import java.util.concurrent.ExecutionException; import java.util.concurrent.Executor; @@ -251,7 +250,7 @@ public class MultiTenantRpcAuthorizerTest { private static Request mockJrtRpcRequest(String payload) { ConnectionAuthContext authContext = - new ConnectionAuthContext(PEER_CERTIFICATE_CHAIN, CapabilitySet.none(), new TreeSet<>()); + new ConnectionAuthContext(PEER_CERTIFICATE_CHAIN, CapabilitySet.none(), Set.of()); Target target = mock(Target.class); when(target.getConnectionAuthContext()).thenReturn(Optional.of(authContext)); Request request = mock(Request.class); diff --git a/security-utils/src/main/java/com/yahoo/security/tls/authz/ConnectionAuthContext.java b/security-utils/src/main/java/com/yahoo/security/tls/authz/ConnectionAuthContext.java index 52d838d29ef..9f767dc99dd 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/authz/ConnectionAuthContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/authz/ConnectionAuthContext.java @@ -4,21 +4,20 @@ import com.yahoo.security.tls.policy.CapabilitySet; import java.security.cert.X509Certificate; import java.util.List; -import java.util.SortedSet; -import java.util.TreeSet; +import java.util.Set; /** * @author bjorncs */ public record ConnectionAuthContext(List<X509Certificate> peerCertificateChain, CapabilitySet capabilities, - SortedSet<String> matchedPolicies) { + Set<String> matchedPolicies) { public ConnectionAuthContext { if (peerCertificateChain.isEmpty()) throw new IllegalArgumentException("Peer certificate chain is empty"); peerCertificateChain = List.copyOf(peerCertificateChain); if (matchedPolicies.isEmpty() && !CapabilitySet.none().equals(capabilities)) throw new AssertionError(); - matchedPolicies = new TreeSet<>(matchedPolicies); + matchedPolicies = Set.copyOf(matchedPolicies); } public boolean authorized() { return matchedPolicies.size() > 0; } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java b/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java index 30b6ac3f34b..cf21befadd5 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java @@ -13,8 +13,6 @@ import java.util.HashSet; import java.util.List; import java.util.Optional; import java.util.Set; -import java.util.SortedSet; -import java.util.TreeSet; import java.util.logging.Logger; import static com.yahoo.security.SubjectAlternativeName.Type.DNS_NAME; @@ -42,7 +40,7 @@ public class PeerAuthorizer { public ConnectionAuthContext authorizePeer(List<X509Certificate> certChain) { X509Certificate cert = certChain.get(0); - SortedSet<String> matchedPolicies = new TreeSet<>(); + Set<String> matchedPolicies = new HashSet<>(); Set<CapabilitySet> grantedCapabilities = new HashSet<>(); String cn = getCommonName(cert).orElse(null); List<String> sans = getSubjectAlternativeNames(cert); |