diff options
-rw-r--r-- | jrt/src/com/yahoo/jrt/CryptoEngine.java | 9 | ||||
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java | 16 |
2 files changed, 10 insertions, 15 deletions
diff --git a/jrt/src/com/yahoo/jrt/CryptoEngine.java b/jrt/src/com/yahoo/jrt/CryptoEngine.java index 0d1dfe8a22b..41a567a83f2 100644 --- a/jrt/src/com/yahoo/jrt/CryptoEngine.java +++ b/jrt/src/com/yahoo/jrt/CryptoEngine.java @@ -23,14 +23,13 @@ public interface CryptoEngine extends AutoCloseable { if (!TransportSecurityUtils.isTransportSecurityEnabled()) { return new NullCryptoEngine(); } - AuthorizationMode mode = TransportSecurityUtils.getInsecureAuthorizationMode().orElse(AuthorizationMode.ENFORCE); + AuthorizationMode mode = TransportSecurityUtils.getInsecureAuthorizationMode(); TlsContext tlsContext = new ReloadingTlsContext(TransportSecurityUtils.getConfigFile().get(), mode); TlsCryptoEngine tlsCryptoEngine = new TlsCryptoEngine(tlsContext); - if (!TransportSecurityUtils.isInsecureMixedModeEnabled()) { - return tlsCryptoEngine; - } - MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode().get(); + MixedMode mixedMode = TransportSecurityUtils.getInsecureMixedMode(); switch (mixedMode) { + case DISABLED: + return tlsCryptoEngine; case PLAINTEXT_CLIENT_MIXED_SERVER: return new MaybeTlsCryptoEngine(tlsCryptoEngine, false); case TLS_CLIENT_MIXED_SERVER: diff --git a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java index f07924f3ce9..afa95d5b1b8 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/TransportSecurityUtils.java @@ -22,20 +22,16 @@ public class TransportSecurityUtils { return getConfigFile().isPresent(); } - public static boolean isInsecureMixedModeEnabled() { - return getInsecureMixedMode().isPresent(); - } - - public static Optional<MixedMode> getInsecureMixedMode() { - if (!isTransportSecurityEnabled()) return Optional.empty(); + public static MixedMode getInsecureMixedMode() { return getEnvironmentVariable(INSECURE_MIXED_MODE_ENVIRONMENT_VARIABLE) - .map(MixedMode::fromConfigValue); + .map(MixedMode::fromConfigValue) + .orElse(MixedMode.defaultValue()); } - public static Optional<AuthorizationMode> getInsecureAuthorizationMode() { - if (!isInsecureMixedModeEnabled()) return Optional.empty(); + public static AuthorizationMode getInsecureAuthorizationMode() { return getEnvironmentVariable(INSECURE_AUTHORIZATION_MODE_ENVIRONMENT_VARIABLE) - .map(AuthorizationMode::fromConfigValue); + .map(AuthorizationMode::fromConfigValue) + .orElse(AuthorizationMode.defaultValue()); } public static Optional<Path> getConfigFile() { |