summaryrefslogtreecommitdiffstats
path: root/security-utils/src/main/java/com/yahoo/security/tls/authz/ConnectionAuthContext.java
diff options
context:
space:
mode:
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/authz/ConnectionAuthContext.java')
-rw-r--r--security-utils/src/main/java/com/yahoo/security/tls/authz/ConnectionAuthContext.java26
1 files changed, 26 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/authz/ConnectionAuthContext.java b/security-utils/src/main/java/com/yahoo/security/tls/authz/ConnectionAuthContext.java
new file mode 100644
index 00000000000..877ba4e74bd
--- /dev/null
+++ b/security-utils/src/main/java/com/yahoo/security/tls/authz/ConnectionAuthContext.java
@@ -0,0 +1,26 @@
+package com.yahoo.security.tls.authz;
+
+import com.yahoo.security.tls.policy.CapabilitySet;
+
+import java.security.cert.X509Certificate;
+import java.util.List;
+import java.util.Set;
+
+/**
+ * @author bjorncs
+ */
+public record ConnectionAuthContext(List<X509Certificate> peerCertificateChain,
+ CapabilitySet capabilities,
+ Set<String> matchedPolicies) {
+
+ public ConnectionAuthContext {
+ if (peerCertificateChain.isEmpty()) throw new IllegalArgumentException("Peer certificate chain is empty");
+ peerCertificateChain = List.copyOf(peerCertificateChain);
+ matchedPolicies = Set.copyOf(matchedPolicies);
+ }
+
+ public boolean authorized() { return !capabilities.hasNone(); }
+
+ public X509Certificate peerCertificate() { return peerCertificateChain.get(0); }
+
+}