diff options
author | Martin Polden <mpolden@mpolden.no> | 2023-10-04 13:42:55 +0200 |
---|---|---|
committer | Martin Polden <mpolden@mpolden.no> | 2023-10-09 09:43:20 +0200 |
commit | eceedab23b7c943126d76f1c2822d5d0b7f4cbd1 (patch) | |
tree | 151a1776267914fe80d2d056f84b7196ffc3c7d1 /controller-api/src/main | |
parent | 1857991cf335f31fca0a499f72fbaa83cb47dd14 (diff) |
Require that endpoint DNS name is matched by SAN
Diffstat (limited to 'controller-api/src/main')
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java index 6f056edd226..6988da6a0ad 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java @@ -135,4 +135,27 @@ public record EndpointCertificate(String keyName, String certName, int version, this.generatedId); } + /** Returns whether given DNS name matches any of the requested SANs in this */ + public boolean sanMatches(String dnsName) { + return sanMatches(dnsName, requestedDnsSans); + } + + static boolean sanMatches(String dnsName, List<String> sanDnsNames) { + return sanDnsNames.stream().anyMatch(sanDnsName -> sanMatches(dnsName, sanDnsName)); + } + + private static boolean sanMatches(String dnsName, String sanDnsName) { + String[] sanNameParts = sanDnsName.split("\\."); + String[] dnsNameParts = dnsName.split("\\."); + if (sanNameParts.length != dnsNameParts.length || sanNameParts.length == 0) { + return false; + } + for (int i = 0; i < sanNameParts.length; i++) { + if (!sanNameParts[i].equals("*") && !sanNameParts[i].equals(dnsNameParts[i])) { + return false; + } + } + return true; + } + } |