From f4965306b79f0015ca9e8e32072877e57f7f532c Mon Sep 17 00:00:00 2001
From: Bjørn Christian Seime <bjorncs@yahooinc.com>
Date: Thu, 21 Jul 2022 14:56:51 +0200
Subject: Move logic for capability checking/logging to ConnectionAuthContext

---
 .../src/main/java/com/yahoo/security/tls/PeerAuthorizer.java         | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

(limited to 'security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java')

diff --git a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java
index 44293de6eb7..951b5c57c9e 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java
@@ -47,7 +47,10 @@ public class PeerAuthorizer {
                 grantedCapabilities.add(peerPolicy.capabilities());
             }
         }
-        return new ConnectionAuthContext(certChain, CapabilitySet.unionOf(grantedCapabilities), matchedPolicies);
+        // TODO Pass this through constructor
+        CapabilityMode capabilityMode = TransportSecurityUtils.getCapabilityMode();
+        return new ConnectionAuthContext(
+                certChain, CapabilitySet.unionOf(grantedCapabilities), matchedPolicies, capabilityMode);
     }
 
     private static boolean matchesPolicy(PeerPolicy peerPolicy, String cn, List<String> sans) {
-- 
cgit v1.2.3