Use getSubjectCommonName()

3 files changed, 3 insertions, 12 deletions

diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
index f5dbcb6a699..531a815922b 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
@@ -37,7 +37,6 @@ import java.util.Objects;
 import java.util.Optional;
 import java.util.function.Function;
 import java.util.logging.Level;
-import java.util.stream.Stream;
 
 /**
  * REST API for issuing and refreshing node certificates in a hosted Vespa system.
@@ -177,9 +176,7 @@ public class CertificateAuthorityApiHandler extends ThreadedHttpRequestHandler {
     private AthenzService getRequestAthenzService(HttpRequest request) {
         return getRequestCertificateChain(request).stream()
                 .findFirst()
-                .map(X509CertificateUtils::getSubjectCommonNames)
-                .map(List::stream)
-                .flatMap(Stream::findFirst)
+                .flatMap(X509CertificateUtils::getSubjectCommonName)
                 .map(AthenzService::new)
                 .orElseThrow(() -> new RuntimeException("No certificate found"));
     }
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java
index 5db86fd93bc..44293de6eb7 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java
@@ -7,7 +7,6 @@ import com.yahoo.security.X509CertificateUtils;
 import java.security.cert.X509Certificate;
 import java.util.HashSet;
 import java.util.List;
-import java.util.Optional;
 import java.util.Set;
 import java.util.logging.Logger;
 
@@ -39,7 +38,7 @@ public class PeerAuthorizer {
         X509Certificate cert = certChain.get(0);
         Set<String> matchedPolicies = new HashSet<>();
         Set<CapabilitySet> grantedCapabilities = new HashSet<>();
-        String cn = getCommonName(cert).orElse(null);
+        String cn = X509CertificateUtils.getSubjectCommonName(cert).orElse(null);
         List<String> sans = getSubjectAlternativeNames(cert);
         log.fine(() -> String.format("Subject info from x509 certificate: CN=[%s], 'SAN=%s", cn, sans));
         for (PeerPolicy peerPolicy : authorizedPeers.peerPolicies()) {
@@ -69,11 +68,6 @@ public class PeerAuthorizer {
         }
     }
 
-    private static Optional<String> getCommonName(X509Certificate peerCertificate) {
-        return X509CertificateUtils.getSubjectCommonNames(peerCertificate).stream()
-                .findFirst();
-    }
-
     private static List<String> getSubjectAlternativeNames(X509Certificate peerCertificate) {
         return X509CertificateUtils.getSubjectAlternativeNames(peerCertificate).stream()
                 .filter(san -> san.getType() == DNS || san.getType() == IP || san.getType() == URI)
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java
index 7542e976260..9d47ce79f87 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java
@@ -50,7 +50,7 @@ public class AthenzX509CertificateUtils {
     }
 
     public static AthenzRole getRolesFromRoleCertificate(X509Certificate certificate) {
-        String commonName = com.yahoo.security.X509CertificateUtils.getSubjectCommonNames(certificate).get(0);
+        String commonName = X509CertificateUtils.getSubjectCommonName(certificate).orElseThrow();
         return AthenzRole.fromResourceNameString(commonName);
     }