diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2017-12-15 13:07:44 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2017-12-18 10:58:34 +0100 |
commit | f139b83f27db5912090868addef4c028d9ce1baa (patch) | |
tree | a9b86b2eaaf0586bae20b4d758bafa73ff8ab3ce /controller-api/src | |
parent | aabc055f423aecdfae04f85e4b3fb9f694b0cb45 (diff) |
Verify that certificate is not a role certificate
Diffstat (limited to 'controller-api/src')
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtils.java | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtils.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtils.java index 6c6bc61f502..04ec0b61614 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtils.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/athenz/AthenzUtils.java @@ -40,7 +40,15 @@ public class AthenzUtils { } public static AthenzIdentity createAthenzIdentity(X509Certificate certificate) { - return createAthenzIdentity(getCommonName(certificate)); + String commonName = getCommonName(certificate); + if (isAthenzRoleIdentity(commonName)) { + throw new IllegalArgumentException("Athenz role certificate not supported"); + } + return createAthenzIdentity(commonName); + } + + private static boolean isAthenzRoleIdentity(String commonName) { + return commonName.contains(":role."); } private static String getCommonName(X509Certificate certificate) { |