Simplify type definition for subject alternative names

author: Bjørn Christian Seime <bjorncs@yahooinc.com> 2022-07-20 13:15:32 +0200
committer: Bjørn Christian Seime <bjorncs@yahooinc.com> 2022-07-20 13:56:34 +0200
commit: b0a11043f8ac63ae543c9dfc8b1a7e40bf58f19d (patch)
tree: 41b8782def3665db66c2b084b737b9aaf9ca6aa9 /athenz-identity-provider-service
parent: ead5f9f883bce032c13f4615ad98a25ac91fae7d (diff)
4 files changed, 10 insertions, 10 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java
index 61dc67bd7d4..df904bf8010 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/Certificates.java
@@ -17,7 +17,7 @@ import java.util.Optional;
 import java.util.stream.Collectors;
 
 import static com.yahoo.security.SignatureAlgorithm.SHA256_WITH_ECDSA;
-import static com.yahoo.security.SubjectAlternativeName.Type.DNS_NAME;
+import static com.yahoo.security.SubjectAlternativeName.Type.DNS;
 
 /**
  * Helper class for creating {@link X509Certificate}s.
@@ -66,7 +66,7 @@ public class Certificates {
 
     private static Optional<String> getInstanceIdFromSAN(List<SubjectAlternativeName> subjectAlternativeNames) {
         return subjectAlternativeNames.stream()
-                .filter(san -> san.getType() == DNS_NAME)
+                .filter(san -> san.getType() == DNS)
                 .map(SubjectAlternativeName::getValue)
                 .map(Certificates::parseInstanceId)
                 .flatMap(Optional::stream)
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
index 9bd6153f159..f5dbcb6a699 100644
--- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
+++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java
@@ -97,8 +97,8 @@ public class CertificateAuthorityApiHandler extends ThreadedHttpRequestHandler {
         var instanceRegistration = deserializeRequest(request, InstanceSerializer::registrationFromSlime);
 
         InstanceConfirmation confirmation = new InstanceConfirmation(instanceRegistration.provider(), instanceRegistration.domain(), instanceRegistration.service(), EntityBindingsMapper.toSignedIdentityDocumentEntity(instanceRegistration.attestationData()));
-        confirmation.set(InstanceValidator.SAN_IPS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRegistration.csr(), SubjectAlternativeName.Type.IP_ADDRESS));
-        confirmation.set(InstanceValidator.SAN_DNS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRegistration.csr(), SubjectAlternativeName.Type.DNS_NAME));
+        confirmation.set(InstanceValidator.SAN_IPS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRegistration.csr(), SubjectAlternativeName.Type.IP));
+        confirmation.set(InstanceValidator.SAN_DNS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRegistration.csr(), SubjectAlternativeName.Type.DNS));
         if (!instanceValidator.isValidInstance(confirmation)) {
             log.log(Level.INFO, "Invalid instance registration for " + instanceRegistration.toString());
             return ErrorResponse.forbidden("Unable to launch service: " +instanceRegistration.service());
@@ -130,8 +130,8 @@ public class CertificateAuthorityApiHandler extends ThreadedHttpRequestHandler {
         refreshesSameService(instanceRefresh, athenzService);
 
         InstanceConfirmation instanceConfirmation = new InstanceConfirmation(provider, athenzService.getDomain().getName(), athenzService.getName(), null);
-        instanceConfirmation.set(InstanceValidator.SAN_IPS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRefresh.csr(), SubjectAlternativeName.Type.IP_ADDRESS));
-        instanceConfirmation.set(InstanceValidator.SAN_DNS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRefresh.csr(), SubjectAlternativeName.Type.DNS_NAME));
+        instanceConfirmation.set(InstanceValidator.SAN_IPS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRefresh.csr(), SubjectAlternativeName.Type.IP));
+        instanceConfirmation.set(InstanceValidator.SAN_DNS_ATTRNAME, Certificates.getSubjectAlternativeNames(instanceRefresh.csr(), SubjectAlternativeName.Type.DNS));
         if(!instanceValidator.isValidRefresh(instanceConfirmation)) {
             return ErrorResponse.forbidden("Unable to refresh cert: " + instanceRefresh.csr().getSubject().toString());
         }
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificateTester.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificateTester.java
index b225cbef21c..4012776949e 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificateTester.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificateTester.java
@@ -68,10 +68,10 @@ public class CertificateTester {
         KeyPair keyPair = KeyUtils.generateKeypair(KeyAlgorithm.EC, 256);
         var builder = Pkcs10CsrBuilder.fromKeypair(subject, keyPair, SignatureAlgorithm.SHA512_WITH_ECDSA);
         for (var dnsName : dnsNames) {
-            builder = builder.addSubjectAlternativeName(SubjectAlternativeName.Type.DNS_NAME, dnsName);
+            builder = builder.addSubjectAlternativeName(SubjectAlternativeName.Type.DNS, dnsName);
         }
         for (var ipAddress : ipAddresses) {
-            builder = builder.addSubjectAlternativeName(SubjectAlternativeName.Type.IP_ADDRESS, ipAddress);
+            builder = builder.addSubjectAlternativeName(SubjectAlternativeName.Type.IP, ipAddress);
         }
         return builder.build();
     }
diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificatesTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificatesTest.java
index 613ced895e9..19ee3d22330 100644
--- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificatesTest.java
+++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/ca/CertificatesTest.java
@@ -48,9 +48,9 @@ public class CertificatesTest {
         assertEquals(2, certificate.getSubjectAlternativeNames().size());
 
         var subjectAlternativeNames = List.copyOf(certificate.getSubjectAlternativeNames());
-        assertEquals(List.of(SubjectAlternativeName.Type.DNS_NAME.getTag(), dnsName),
+        assertEquals(List.of(SubjectAlternativeName.Type.DNS.getTag(), dnsName),
                      subjectAlternativeNames.get(0));
-        assertEquals(List.of(SubjectAlternativeName.Type.IP_ADDRESS.getTag(), ip),
+        assertEquals(List.of(SubjectAlternativeName.Type.IP.getTag(), ip),
                      subjectAlternativeNames.get(1));
     }
author	Bjørn Christian Seime <bjorncs@yahooinc.com>	2022-07-20 13:15:32 +0200
committer	Bjørn Christian Seime <bjorncs@yahooinc.com>	2022-07-20 13:56:34 +0200
commit	b0a11043f8ac63ae543c9dfc8b1a7e40bf58f19d (patch)
tree	41b8782def3665db66c2b084b737b9aaf9ca6aa9 /athenz-identity-provider-service
parent	ead5f9f883bce032c13f4615ad98a25ac91fae7d (diff)