diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-20 13:15:32 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-20 13:56:34 +0200 |
commit | b0a11043f8ac63ae543c9dfc8b1a7e40bf58f19d (patch) | |
tree | 41b8782def3665db66c2b084b737b9aaf9ca6aa9 /athenz-identity-provider-service/src | |
parent | ead5f9f883bce032c13f4615ad98a25ac91fae7d (diff) |
Simplify type definition for subject alternative names
Diffstat (limited to 'athenz-identity-provider-service/src')
4 files changed, 10 insertions, 10 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java index 61dc67bd7d4..df904bf8010 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java @@ -17,7 +17,7 @@ import java.util.Optional; import java.util.stream.Collectors; import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA; -import static com.yahoo.security.SubjectAlternativeName.Type.DNS_NAME; +import static com.yahoo.security.SubjectAlternativeName.Type.DNS; /** * Helper class for creating {@link X509Certificate}s. @@ -66,7 +66,7 @@ public class Certificates { private static Optional<String> getInstanceIdFromSAN(List<SubjectAlternativeName> subjectAlternativeNames) { return subjectAlternativeNames.stream() - .filter(san -> san.getType() == DNS_NAME) + .filter(san -> san.getType() == DNS) .map(SubjectAlternativeName::getValue) .map(Certificates::parseInstanceId) .flatMap(Optional::stream) diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java index 9bd6153f159..f5dbcb6a699 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java @@ -97,8 +97,8 @@ public class CertificateAuthorityApiHandler extends ThreadedHttpRequestHandler { var instanceRegistration = deserializeRequest(request, InstanceSerializer::registrationFromSlime); InstanceConfirmation confirmation = new InstanceConfirmation(instanceRegistration.provider(), instanceRegistration.domain(), instanceRegistration.service(), EntityBindingsMapper.toSignedIdentityDocumentEntity(instanceRegistration.attestationData())); - confirmation.set(InstanceValidator.SAN_IPS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRegistration.csr(), SubjectAlternativeName.Type.IP_ADDRESS)); - confirmation.set(InstanceValidator.SAN_DNS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRegistration.csr(), SubjectAlternativeName.Type.DNS_NAME)); + confirmation.set(InstanceValidator.SAN_IPS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRegistration.csr(), SubjectAlternativeName.Type.IP)); + confirmation.set(InstanceValidator.SAN_DNS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRegistration.csr(), SubjectAlternativeName.Type.DNS)); if (!instanceValidator.isValidInstance(confirmation)) { log.log(Level.INFO, "Invalid instance registration for " + instanceRegistration.toString()); return ErrorResponse.forbidden("Unable to launch service: " +instanceRegistration.service()); @@ -130,8 +130,8 @@ public class CertificateAuthorityApiHandler extends ThreadedHttpRequestHandler { refreshesSameService(instanceRefresh, athenzService); InstanceConfirmation instanceConfirmation = new InstanceConfirmation(provider, athenzService.getDomain().getName(), athenzService.getName(), null); - instanceConfirmation.set(InstanceValidator.SAN_IPS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRefresh.csr(), SubjectAlternativeName.Type.IP_ADDRESS)); - instanceConfirmation.set(InstanceValidator.SAN_DNS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRefresh.csr(), SubjectAlternativeName.Type.DNS_NAME)); + instanceConfirmation.set(InstanceValidator.SAN_IPS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRefresh.csr(), SubjectAlternativeName.Type.IP)); + instanceConfirmation.set(InstanceValidator.SAN_DNS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRefresh.csr(), SubjectAlternativeName.Type.DNS)); if(!instanceValidator.isValidRefresh(instanceConfirmation)) { return ErrorResponse.forbidden("Unable to refresh cert: " + instanceRefresh.csr().getSubject().toString()); } diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificateTester.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificateTester.java index b225cbef21c..4012776949e 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificateTester.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificateTester.java @@ -68,10 +68,10 @@ public class CertificateTester { KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256); var builder = Pkcs10CsrBuilder.fromKeypair(subject, keyPair, SignatureAlgorithm.SHA512_WITH_ECDSA); for (var dnsName : dnsNames) { - builder = builder.addSubjectAlternativeName(SubjectAlternativeName.Type.DNS_NAME, dnsName); + builder = builder.addSubjectAlternativeName(SubjectAlternativeName.Type.DNS, dnsName); } for (var ipAddress : ipAddresses) { - builder = builder.addSubjectAlternativeName(SubjectAlternativeName.Type.IP_ADDRESS, ipAddress); + builder = builder.addSubjectAlternativeName(SubjectAlternativeName.Type.IP, ipAddress); } return builder.build(); } diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificatesTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificatesTest.java index 613ced895e9..19ee3d22330 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificatesTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificatesTest.java @@ -48,9 +48,9 @@ public class CertificatesTest { assertEquals(2, certificate.getSubjectAlternativeNames().size()); var subjectAlternativeNames = List.copyOf(certificate.getSubjectAlternativeNames()); - assertEquals(List.of(SubjectAlternativeName.Type.DNS_NAME.getTag(), dnsName), + assertEquals(List.of(SubjectAlternativeName.Type.DNS.getTag(), dnsName), subjectAlternativeNames.get(0)); - assertEquals(List.of(SubjectAlternativeName.Type.IP_ADDRESS.getTag(), ip), + assertEquals(List.of(SubjectAlternativeName.Type.IP.getTag(), ip), subjectAlternativeNames.get(1)); } |