diff options
author | Valerij Fredriksen <valerijf@vespa.ai> | 2024-05-15 12:45:17 +0200 |
---|---|---|
committer | Valerij Fredriksen <valerijf@vespa.ai> | 2024-05-15 12:45:17 +0200 |
commit | 3a6ff0dae2cd4d4a1e3bbe2af4976a80ad87b40a (patch) | |
tree | 23bcc07855c08240ff44097e0d07af77b59dd0ab /vespa-athenz | |
parent | 63c765e1e33e02cd28f15f1a7bfad01f5f63fd43 (diff) |
Add method to extract instance name from SANs
Diffstat (limited to 'vespa-athenz')
-rw-r--r-- | vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java index cc4711c2056..f3cebd5256e 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java @@ -68,12 +68,16 @@ public class AthenzX509CertificateUtils { /** @return Athenz unique instance id from the Subject Alternative Name extension */ public static Optional<String> getInstanceId(List<SubjectAlternativeName> sans) { // Prefer instance id from SAN URI over the legacy DNS entry - return getAthenzUniqueInstanceIdFromSanUri(sans) + return getLastSegmentFromSanUri(sans, "athenz://instanceid/") .or(() -> getAthenzUniqueInstanceIdFromSanDns(sans)); } - private static Optional<String> getAthenzUniqueInstanceIdFromSanUri(List<SubjectAlternativeName> sans) { - String uriPrefix = "athenz://instanceid/"; + /** @return Athenz unique instance name from the Subject Alternative Name extension */ + public static Optional<String> getInstanceName(List<SubjectAlternativeName> sans) { + return getLastSegmentFromSanUri(sans, "athenz://instancename/"); + } + + private static Optional<String> getLastSegmentFromSanUri(List<SubjectAlternativeName> sans, String uriPrefix) { return sans.stream() .filter(san -> { if (san.getType() != Type.URI) return false; |