diff options
author | Bjørn Christian Seime <bjorn.christian@seime.no> | 2023-02-23 15:35:25 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-02-23 15:35:25 +0100 |
commit | 7a77b74b488889fde61337568cec37d21652c7a1 (patch) | |
tree | 0cd56696d6ddf0b0a1f00dec47baa85de3b4ad5f /security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java | |
parent | e4c17598c3068c44f46fa98955ca1d4bc63c9425 (diff) |
Revert "Revert "Store original capability (set) names from JSON config in PeerPolicy" MERGEOK"
Diffstat (limited to 'security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java | 7 |
1 files changed, 6 insertions, 1 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java index d7ea93955af..9252b5619f9 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java @@ -8,6 +8,7 @@ import java.util.List; import java.util.Optional; import java.util.Set; import java.util.logging.Logger; +import java.util.stream.Collectors; import static com.yahoo.security.SubjectAlternativeName.Type.DNS; import static com.yahoo.security.SubjectAlternativeName.Type.URI; @@ -78,10 +79,14 @@ public record ConnectionAuthContext(List<X509Certificate> peerCertificateChain, b.append(". Peer "); if (peer != null) b.append("'").append(peer).append("' "); return b.append("with ").append(peerCertificateString().orElse("<missing-certificate>")).append(". Requires capabilities ") - .append(required.toNames()).append(" but peer has ").append(capabilities.toNames()) + .append(toCapabilityNames(required)).append(" but peer has ").append(toCapabilityNames(capabilities)) .append(".").toString(); } + private static String toCapabilityNames(CapabilitySet capabilities) { + return capabilities.toCapabilityNames().stream().sorted().collect(Collectors.joining(", ", "[", "]")); + } + public Optional<X509Certificate> peerCertificate() { return peerCertificateChain.isEmpty() ? Optional.empty() : Optional.of(peerCertificateChain.get(0)); } |