diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-21 13:34:35 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-21 15:30:19 +0200 |
commit | d2864cf3be9a93d784ac98b6beee0813dc60b290 (patch) | |
tree | 80fc0014c58553844e9e91af52bce9a5cfdcd290 | |
parent | 0d69bcaca8a9af188e0d93dfb3d4911113558ec9 (diff) |
Use getSubjectCommonName()
3 files changed, 3 insertions, 12 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java index f5dbcb6a699..531a815922b 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java @@ -37,7 +37,6 @@ import java.util.Objects; import java.util.Optional; import java.util.function.Function; import java.util.logging.Level; -import java.util.stream.Stream; /** * REST API for issuing and refreshing node certificates in a hosted Vespa system. @@ -177,9 +176,7 @@ public class CertificateAuthorityApiHandler extends ThreadedHttpRequestHandler { private AthenzService getRequestAthenzService(HttpRequest request) { return getRequestCertificateChain(request).stream() .findFirst() - .map(X509CertificateUtils::getSubjectCommonNames) - .map(List::stream) - .flatMap(Stream::findFirst) + .flatMap(X509CertificateUtils::getSubjectCommonName) .map(AthenzService::new) .orElseThrow(() -> new RuntimeException("No certificate found")); } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java index 5db86fd93bc..44293de6eb7 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java @@ -7,7 +7,6 @@ import com.yahoo.security.X509CertificateUtils; import java.security.cert.X509Certificate; import java.util.HashSet; import java.util.List; -import java.util.Optional; import java.util.Set; import java.util.logging.Logger; @@ -39,7 +38,7 @@ public class PeerAuthorizer { X509Certificate cert = certChain.get(0); Set<String> matchedPolicies = new HashSet<>(); Set<CapabilitySet> grantedCapabilities = new HashSet<>(); - String cn = getCommonName(cert).orElse(null); + String cn = X509CertificateUtils.getSubjectCommonName(cert).orElse(null); List<String> sans = getSubjectAlternativeNames(cert); log.fine(() -> String.format("Subject info from x509 certificate: CN=[%s], 'SAN=%s", cn, sans)); for (PeerPolicy peerPolicy : authorizedPeers.peerPolicies()) { @@ -69,11 +68,6 @@ public class PeerAuthorizer { } } - private static Optional<String> getCommonName(X509Certificate peerCertificate) { - return X509CertificateUtils.getSubjectCommonNames(peerCertificate).stream() - .findFirst(); - } - private static List<String> getSubjectAlternativeNames(X509Certificate peerCertificate) { return X509CertificateUtils.getSubjectAlternativeNames(peerCertificate).stream() .filter(san -> san.getType() == DNS || san.getType() == IP || san.getType() == URI) diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java index 7542e976260..9d47ce79f87 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java @@ -50,7 +50,7 @@ public class AthenzX509CertificateUtils { } public static AthenzRole getRolesFromRoleCertificate(X509Certificate certificate) { - String commonName = com.yahoo.security.X509CertificateUtils.getSubjectCommonNames(certificate).get(0); + String commonName = X509CertificateUtils.getSubjectCommonName(certificate).orElseThrow(); return AthenzRole.fromResourceNameString(commonName); } |