A csr can only contain a single 'extension request' attribute

author: Bjørn Christian Seime <bjorncs@oath.com> 2018-03-21 11:07:41 +0100
committer: Bjørn Christian Seime <bjorncs@oath.com> 2018-03-21 11:07:45 +0100
commit: 8d38ad85f091a88abb8269bae8372ca0444dcabf (patch)
tree: 9c1ac84a69192341bc8c5690e6b76197b7919eac /vespa-athenz
parent: bb6b524f9409020979ab42ad0caf95a56e5175b7 (diff)
1 files changed, 13 insertions, 13 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/Pkcs10Csr.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/Pkcs10Csr.java
index da603f77980..d9cd3141f19 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/Pkcs10Csr.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/Pkcs10Csr.java
@@ -16,10 +16,9 @@ import org.bouncycastle.pkcs.PKCS10CertificationRequest;
 import javax.security.auth.x500.X500Principal;
 import java.util.Arrays;
 import java.util.List;
-import java.util.Objects;
 import java.util.Optional;
-import java.util.stream.Stream;
 
+import static java.util.Collections.emptyList;
 import static java.util.stream.Collectors.toList;
 
 /**
@@ -44,10 +43,10 @@ public class Pkcs10Csr {
     public List<String> getSubjectAlternativeNames() {
         return getExtensions()
                 .map(extensions -> GeneralNames.fromExtensions(extensions, Extension.subjectAlternativeName))
-                .filter(Objects::nonNull)
-                .flatMap(generalNames -> Arrays.stream(generalNames.getNames()))
-                .map(Pkcs10Csr::toString)
-                .collect(toList());
+                .map(generalNames -> Arrays.stream(generalNames.getNames())
+                        .map(Pkcs10Csr::toString)
+                        .collect(toList()))
+                .orElse(emptyList());
     }
 
     /**
@@ -56,21 +55,22 @@ public class Pkcs10Csr {
     public Optional<Boolean> getBasicConstraints() {
         return getExtensions()
                 .map(BasicConstraints::fromExtensions)
-                .findAny()
                 .map(BasicConstraints::isCA);
     }
 
     public List<String> getExtensionOIds() {
         return getExtensions()
-                .flatMap(extensions -> Arrays.stream(extensions.getExtensionOIDs()))
-                .map(ASN1ObjectIdentifier::getId)
-                .collect(toList());
+                .map(extensions -> Arrays.stream(extensions.getExtensionOIDs())
+                        .map(ASN1ObjectIdentifier::getId)
+                        .collect(toList()))
+                .orElse(emptyList());
 
     }
 
-    private Stream<Extensions> getExtensions() {
-        return Arrays
-                .stream(csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest))
+    private Optional<Extensions> getExtensions() {
+        return Optional.of(csr.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest))
+                .filter(attributes -> attributes.length > 0)
+                .map(attributes -> attributes[0])
                 .map(attribute -> Extensions.getInstance(attribute.getAttrValues().getObjectAt(0)));
     }
author	Bjørn Christian Seime <bjorncs@oath.com>	2018-03-21 11:07:41 +0100
committer	Bjørn Christian Seime <bjorncs@oath.com>	2018-03-21 11:07:45 +0100
commit	8d38ad85f091a88abb8269bae8372ca0444dcabf (patch)
tree	9c1ac84a69192341bc8c5690e6b76197b7919eac /vespa-athenz
parent	bb6b524f9409020979ab42ad0caf95a56e5175b7 (diff)