summaryrefslogtreecommitdiffstats
path: root/controller-api
diff options
context:
space:
mode:
Diffstat (limited to 'controller-api')
-rw-r--r--controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java33
1 files changed, 4 insertions, 29 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java
index 527efaab946..6f8ebc4c5db 100644
--- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java
+++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java
@@ -1,26 +1,21 @@
// Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root.
package com.yahoo.vespa.hosted.controller.api.integration.athenz;
-import org.apache.http.conn.ssl.X509HostnameVerifier;
-
import javax.net.ssl.HostnameVerifier;
-import javax.net.ssl.SSLException;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
-import javax.net.ssl.SSLSocket;
import java.security.cert.X509Certificate;
import java.util.Set;
import java.util.logging.Level;
import java.util.logging.Logger;
/**
- * A {@link HostnameVerifier} / {@link X509HostnameVerifier} that validates
- * Athenz x509 certificates using the identity in the Common Name attribute.
+ * A {@link HostnameVerifier} that validates Athenz x509 certificates using the identity in the Common Name attribute.
*
* @author bjorncs
*/
// TODO Move to dedicated Athenz bundle
-public class AthenzIdentityVerifier implements X509HostnameVerifier {
+public class AthenzIdentityVerifier implements HostnameVerifier {
private static final Logger log = Logger.getLogger(AthenzIdentityVerifier.class.getName());
@@ -41,29 +36,9 @@ public class AthenzIdentityVerifier implements X509HostnameVerifier {
}
}
- @Override
- public void verify(String host, SSLSocket ssl) {
- // all sockets allowed
- }
-
- @Override
- public void verify(String hostname, X509Certificate certificate) throws SSLException {
- AthenzIdentity identity = AthenzUtils.createAthenzIdentity(certificate);
- if (!isTrusted(identity)) {
- throw new SSLException("Athenz identity is not trusted: " + identity.getFullName());
- }
- }
-
- @Override
- public void verify(String hostname, String[] cns, String[] subjectAlts) throws SSLException {
- AthenzIdentity identity = AthenzUtils.createAthenzIdentity(cns[0]);
- if (!isTrusted(identity)) {
- throw new SSLException("Athenz identity is not trusted: " + identity.getFullName());
- }
- }
-
- private boolean isTrusted(AthenzIdentity identity) {
+ public boolean isTrusted(AthenzIdentity identity) {
return allowedIdentities.contains(identity);
}
+
}