diff options
Diffstat (limited to 'controller-api')
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java | 33 |
1 files changed, 4 insertions, 29 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java index 527efaab946..6f8ebc4c5db 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzIdentityVerifier.java @@ -1,26 +1,21 @@ // Copyright 2017 Yahoo Holdings. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.athenz; -import org.apache.http.conn.ssl.X509HostnameVerifier; - import javax.net.ssl.HostnameVerifier; -import javax.net.ssl.SSLException; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; -import javax.net.ssl.SSLSocket; import java.security.cert.X509Certificate; import java.util.Set; import java.util.logging.Level; import java.util.logging.Logger; /** - * A {@link HostnameVerifier} / {@link X509HostnameVerifier} that validates - * Athenz x509 certificates using the identity in the Common Name attribute. + * A {@link HostnameVerifier} that validates Athenz x509 certificates using the identity in the Common Name attribute. * * @author bjorncs */ // TODO Move to dedicated Athenz bundle -public class AthenzIdentityVerifier implements X509HostnameVerifier { +public class AthenzIdentityVerifier implements HostnameVerifier { private static final Logger log = Logger.getLogger(AthenzIdentityVerifier.class.getName()); @@ -41,29 +36,9 @@ public class AthenzIdentityVerifier implements X509HostnameVerifier { } } - @Override - public void verify(String host, SSLSocket ssl) { - // all sockets allowed - } - - @Override - public void verify(String hostname, X509Certificate certificate) throws SSLException { - AthenzIdentity identity = AthenzUtils.createAthenzIdentity(certificate); - if (!isTrusted(identity)) { - throw new SSLException("Athenz identity is not trusted: " + identity.getFullName()); - } - } - - @Override - public void verify(String hostname, String[] cns, String[] subjectAlts) throws SSLException { - AthenzIdentity identity = AthenzUtils.createAthenzIdentity(cns[0]); - if (!isTrusted(identity)) { - throw new SSLException("Athenz identity is not trusted: " + identity.getFullName()); - } - } - - private boolean isTrusted(AthenzIdentity identity) { + public boolean isTrusted(AthenzIdentity identity) { return allowedIdentities.contains(identity); } + } |