Change return type of getClientCertificateChain() to List<X509Certificate>

3 files changed, 17 insertions, 6 deletions

diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/DiscFilterRequest.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/DiscFilterRequest.java
index 2cb68462005..da76e288a2a 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/DiscFilterRequest.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/DiscFilterRequest.java
@@ -22,7 +22,6 @@ import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
-import java.util.Optional;
 import java.util.concurrent.TimeUnit;
 import java.util.regex.Pattern;
 
@@ -371,7 +370,11 @@ public abstract class DiscFilterRequest {
 
     public abstract void setUserPrincipal(Principal principal);
 
-    public abstract Optional<X509Certificate[]> getClientCertificateChain();
+    /**
+     * @return The client certificate chain in ascending order of trust. The first certificate is the one sent from the client.
+     *         Returns an empty list if the client did not provide a certificate.
+     */
+    public abstract List<X509Certificate> getClientCertificateChain();
 
     public void setUserRoles(String[] roles) {
         this.roles = roles;
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/JdiscFilterRequest.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/JdiscFilterRequest.java
index c161b374e83..f8d9e6b2642 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/JdiscFilterRequest.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/JdiscFilterRequest.java
@@ -9,6 +9,7 @@ import java.net.URI;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
 import java.util.ArrayList;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.List;
@@ -117,8 +118,11 @@ public class JdiscFilterRequest extends DiscFilterRequest {
     }
 
     @Override
-    public Optional<X509Certificate[]> getClientCertificateChain() {
-        return Optional.ofNullable((X509Certificate[]) parent.context().get(ServletRequest.JDISC_REQUEST_X509CERT));
+    public List<X509Certificate> getClientCertificateChain() {
+        return Optional.ofNullable(parent.context().get(ServletRequest.JDISC_REQUEST_X509CERT))
+                .map(X509Certificate[].class::cast)
+                .map(Arrays::asList)
+                .orElse(Collections.emptyList());
     }
 
     @Override
diff --git a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/ServletFilterRequest.java b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/ServletFilterRequest.java
index 6f23f128b4e..5921f0b8e0a 100644
--- a/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/ServletFilterRequest.java
+++ b/jdisc_http_service/src/main/java/com/yahoo/jdisc/http/filter/ServletFilterRequest.java
@@ -8,6 +8,7 @@ import java.io.UnsupportedEncodingException;
 import java.net.URI;
 import java.security.Principal;
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
 import java.util.Collections;
 import java.util.Enumeration;
 import java.util.HashSet;
@@ -141,8 +142,11 @@ class ServletFilterRequest extends DiscFilterRequest {
     }
 
     @Override
-    public Optional<X509Certificate[]> getClientCertificateChain() {
-        return Optional.ofNullable((X509Certificate[]) parent.context().get(ServletRequest.SERVLET_REQUEST_X509CERT));
+    public List<X509Certificate> getClientCertificateChain() {
+        return Optional.ofNullable(parent.context().get(ServletRequest.SERVLET_REQUEST_X509CERT))
+                .map(X509Certificate[].class::cast)
+                .map(Arrays::asList)
+                .orElse(Collections.emptyList());
     }
 
     @Override