Revert "Revert "Store original capability (set) names from JSON config in PeerPolicy" MERGEOK"

1 files changed, 6 insertions, 1 deletions

diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java
index d7ea93955af..9252b5619f9 100644
--- a/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java
+++ b/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java
@@ -8,6 +8,7 @@ import java.util.List;
 import java.util.Optional;
 import java.util.Set;
 import java.util.logging.Logger;
+import java.util.stream.Collectors;
 
 import static com.yahoo.security.SubjectAlternativeName.Type.DNS;
 import static com.yahoo.security.SubjectAlternativeName.Type.URI;
@@ -78,10 +79,14 @@ public record ConnectionAuthContext(List<X509Certificate> peerCertificateChain,
         b.append(". Peer ");
         if (peer != null) b.append("'").append(peer).append("' ");
         return b.append("with ").append(peerCertificateString().orElse("<missing-certificate>")).append(". Requires capabilities ")
-                .append(required.toNames()).append(" but peer has ").append(capabilities.toNames())
+                .append(toCapabilityNames(required)).append(" but peer has ").append(toCapabilityNames(capabilities))
                 .append(".").toString();
     }
 
+    private static String toCapabilityNames(CapabilitySet capabilities) {
+        return capabilities.toCapabilityNames().stream().sorted().collect(Collectors.joining(", ", "[", "]"));
+    }
+
     public Optional<X509Certificate> peerCertificate() {
         return peerCertificateChain.isEmpty() ? Optional.empty() : Optional.of(peerCertificateChain.get(0));
     }