blob: 52d838d29efabd315057ecde3badff5196d1c66a (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
|
package com.yahoo.security.tls.authz;
import com.yahoo.security.tls.policy.CapabilitySet;
import java.security.cert.X509Certificate;
import java.util.List;
import java.util.SortedSet;
import java.util.TreeSet;
/**
* @author bjorncs
*/
public record ConnectionAuthContext(List<X509Certificate> peerCertificateChain,
CapabilitySet capabilities,
SortedSet<String> matchedPolicies) {
public ConnectionAuthContext {
if (peerCertificateChain.isEmpty()) throw new IllegalArgumentException("Peer certificate chain is empty");
peerCertificateChain = List.copyOf(peerCertificateChain);
if (matchedPolicies.isEmpty() && !CapabilitySet.none().equals(capabilities)) throw new AssertionError();
matchedPolicies = new TreeSet<>(matchedPolicies);
}
public boolean authorized() { return matchedPolicies.size() > 0; }
public X509Certificate peerCertificate() { return peerCertificateChain.get(0); }
}
|