diff options
author | Bjørn Christian Seime <bjorncs@verizonmedia.com> | 2020-02-10 10:05:50 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2020-02-10 10:05:50 +0100 |
commit | 2fb3b11480e049cea184c96824f9ac6ab11e4c46 (patch) | |
tree | ac5c3a0a1cf029a2666012eea78700a82f16df1d /vespa-athenz/src/main | |
parent | 7b5b53d288ab8b3c9ec8e054d4d5ecf2f88f7ff0 (diff) | |
parent | 293994259901b6c5e80f2df20313f88238ce7cdb (diff) |
Merge pull request #12009 from vespa-engine/bjorncs/support-access-token-in-athenz-filter
Bjorncs/support access token in athenz filter
Diffstat (limited to 'vespa-athenz/src/main')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java | 12 |
1 files changed, 0 insertions, 12 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java index 81525918f03..bec21a5b25f 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java @@ -17,20 +17,8 @@ import static com.yahoo.security.SubjectAlternativeName.Type.RFC822_NAME; */ public class AthenzX509CertificateUtils { - private static final String COMMON_NAME_ROLE_DELIMITER = ":role."; - private AthenzX509CertificateUtils() {} - public static boolean isAthenzRoleCertificate(X509Certificate certificate) { - return isAthenzIssuedCertificate(certificate) && - com.yahoo.security.X509CertificateUtils.getSubjectCommonNames(certificate).get(0).contains(COMMON_NAME_ROLE_DELIMITER); - } - - public static boolean isAthenzIssuedCertificate(X509Certificate certificate) { - return com.yahoo.security.X509CertificateUtils.getIssuerCommonNames(certificate).stream() - .anyMatch(cn -> cn.equalsIgnoreCase("Yahoo Athenz CA") || cn.equalsIgnoreCase("Athenz AWS CA")); - } - public static AthenzIdentity getIdentityFromRoleCertificate(X509Certificate certificate) { List<com.yahoo.security.SubjectAlternativeName> sans = com.yahoo.security.X509CertificateUtils.getSubjectAlternativeNames(certificate); return sans.stream() |