diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-23 10:51:58 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-03-23 10:51:58 +0100 |
commit | 74ede3d68be322ea5dc7b6379f267aefe5151c33 (patch) | |
tree | 124904d1a7ce2439782cae9aab29623bc9050efd /node-repository | |
parent | 513844e78fb39601f0783ec4286838bee3776b8d (diff) |
Don't fail with 500 when CN is missing
Diffstat (limited to 'node-repository')
-rw-r--r-- | node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java | 13 |
1 files changed, 8 insertions, 5 deletions
diff --git a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java index 4daa9d417dd..12de9aeef30 100644 --- a/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java +++ b/node-repository/src/main/java/com/yahoo/vespa/hosted/provision/restapi/v2/filter/AuthorizationFilter.java @@ -45,9 +45,11 @@ public class AuthorizationFilter implements SecurityRequestFilter { @Override public void filter(DiscFilterRequest request, ResponseHandler handler) { - Optional<X509Certificate> cert = request.getClientCertificateChain().stream().findFirst(); - if (cert.isPresent()) { - if (!authorizer.test(() -> commonName(cert.get()), request.getUri())) { + Optional<String> commonName = request.getClientCertificateChain().stream() + .findFirst() + .flatMap(AuthorizationFilter::commonName); + if (commonName.isPresent()) { + if (!authorizer.test(commonName::get, request.getUri())) { rejectAction.accept(ErrorResponse.forbidden( String.format("%s %s denied for %s: Invalid credentials", request.getMethod(), request.getUri().getPath(), request.getRemoteAddr())), handler @@ -78,8 +80,9 @@ public class AuthorizationFilter implements SecurityRequestFilter { } /** Read common name (CN) from certificate */ - private static String commonName(X509Certificate certificate) { - return X509CertificateUtils.getCommonNames(certificate).get(0); + private static Optional<String> commonName(X509Certificate certificate) { + return X509CertificateUtils.getCommonNames(certificate).stream() + .findFirst(); } } |