diff options
author | Bjørn Christian Seime <bjorncs@oath.com> | 2018-11-27 14:46:36 +0100 |
---|---|---|
committer | Bjørn Christian Seime <bjorncs@oath.com> | 2018-11-27 14:46:36 +0100 |
commit | 5d7d2add5214413d290b86cdc595d71c1f81f8f9 (patch) | |
tree | e0e762a956ae3d881c12b7e052fc32ac49f9f322 /security-utils | |
parent | e12e2d54042b2aeca632ee630f0d67695dfb2f1b (diff) |
Add debug logging to PeerAuthorizer
Diffstat (limited to 'security-utils')
-rw-r--r-- | security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java b/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java index bead32fe309..a40813be96f 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/authz/PeerAuthorizer.java @@ -13,6 +13,7 @@ import java.util.HashSet; import java.util.List; import java.util.Optional; import java.util.Set; +import java.util.logging.Logger; import static com.yahoo.security.SubjectAlternativeName.Type.DNS_NAME; import static com.yahoo.security.SubjectAlternativeName.Type.IP_ADDRESS; @@ -24,6 +25,9 @@ import static java.util.stream.Collectors.toList; * @author bjorncs */ public class PeerAuthorizer { + + private static final Logger log = Logger.getLogger(PeerAuthorizer.class.getName()); + private final AuthorizedPeers authorizedPeers; public PeerAuthorizer(AuthorizedPeers authorizedPeers) { @@ -35,6 +39,7 @@ public class PeerAuthorizer { Set<String> matchedPolicies = new HashSet<>(); String cn = getCommonName(peerCertificate).orElse(null); List<String> sans = getSubjectAlternativeNames(peerCertificate); + log.fine(() -> String.format("Subject info from x509 certificate: CN=[%s], 'SAN=%s", cn, sans)); for (PeerPolicy peerPolicy : authorizedPeers.peerPolicies()) { if (matchesPolicy(peerPolicy, cn, sans)) { assumedRoles.addAll(peerPolicy.assumedRoles()); |