diff options
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java | 5 |
1 files changed, 1 insertions, 4 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java b/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java index 40f3817c5f9..8c4e87c1de2 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java @@ -6,7 +6,6 @@ import com.yahoo.security.X509CertificateUtils; import com.yahoo.security.tls.policy.AuthorizedPeers; import com.yahoo.security.tls.policy.PeerPolicy; import com.yahoo.security.tls.policy.RequiredPeerCredential; -import com.yahoo.security.tls.policy.Role; import java.security.cert.X509Certificate; import java.util.HashSet; @@ -36,18 +35,16 @@ public class PeerAuthorizer { } public AuthorizationResult authorizePeer(X509Certificate peerCertificate) { - Set<Role> assumedRoles = new HashSet<>(); Set<String> matchedPolicies = new HashSet<>(); String cn = getCommonName(peerCertificate).orElse(null); List<String> sans = getSubjectAlternativeNames(peerCertificate); log.fine(() -> String.format("Subject info from x509 certificate: CN=[%s], 'SAN=%s", cn, sans)); for (PeerPolicy peerPolicy : authorizedPeers.peerPolicies()) { if (matchesPolicy(peerPolicy, cn, sans)) { - assumedRoles.addAll(peerPolicy.assumedRoles()); matchedPolicies.add(peerPolicy.policyName()); } } - return new AuthorizationResult(assumedRoles, matchedPolicies); + return new AuthorizationResult(matchedPolicies); } private static boolean matchesPolicy(PeerPolicy peerPolicy, String cn, List<String> sans) { |