diff options
author | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-20 13:36:27 +0200 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@yahooinc.com> | 2022-07-20 13:56:34 +0200 |
commit | 6c9dcea0e9c3b9dd3a1b8979c84d2d2fe5b17e4c (patch) | |
tree | 0fb4624fb75946cc453a1e6607140f3ffd04f226 /security-utils | |
parent | b0a11043f8ac63ae543c9dfc8b1a7e40bf58f19d (diff) |
Add to-string helper to ConnectionAuthContext
Diffstat (limited to 'security-utils')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java | 39 |
1 files changed, 38 insertions, 1 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java b/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java index 821d41cfabe..e244d5ad23f 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/ConnectionAuthContext.java @@ -1,9 +1,16 @@ package com.yahoo.security.tls; +import com.yahoo.security.SubjectAlternativeName; +import com.yahoo.security.X509CertificateUtils; + import java.security.cert.X509Certificate; import java.util.List; +import java.util.Optional; import java.util.Set; +import static com.yahoo.security.SubjectAlternativeName.Type.DNS; +import static com.yahoo.security.SubjectAlternativeName.Type.URI; + /** * @author bjorncs */ @@ -19,6 +26,36 @@ public record ConnectionAuthContext(List<X509Certificate> peerCertificateChain, public boolean authorized() { return !capabilities.hasNone(); } - public X509Certificate peerCertificate() { return peerCertificateChain.get(0); } + public Optional<X509Certificate> peerCertificate() { + return peerCertificateChain.isEmpty() ? Optional.empty() : Optional.of(peerCertificateChain.get(0)); + } + + public Optional<String> peerCertificateString() { + X509Certificate cert = peerCertificate().orElse(null); + if (cert == null) return Optional.empty(); + StringBuilder b = new StringBuilder("X.509Cert{"); + String cn = X509CertificateUtils.getSubjectCommonName(cert).orElse(null); + if (cn != null) { + b.append("CN='").append(cn).append("'"); + } + var sans = X509CertificateUtils.getSubjectAlternativeNames(cert); + List<String> dnsNames = sans.stream() + .filter(s -> s.getType() == DNS) + .map(SubjectAlternativeName::getValue) + .toList(); + if (!dnsNames.isEmpty()) { + if (cn != null) b.append(", "); + b.append("SAN_DNS=").append(dnsNames); + } + List<String> uris = sans.stream() + .filter(s -> s.getType() == URI) + .map(SubjectAlternativeName::getValue) + .toList(); + if (!uris.isEmpty()) { + if (cn != null || !dnsNames.isEmpty()) b.append(", "); + b.append("SAN_URI=").append(uris); + } + return Optional.of(b.append("}").toString()); + } } |