Add methods to convert AthenzRole to and from single string

author: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-01-30 12:43:28 +0100
committer: Bjørn Christian Seime <bjorncs@verizonmedia.com> 2020-01-30 12:43:28 +0100
commit: eb4b7b8fcdc7aa5de13c05872a1fdca4076179b9 (patch)
tree: d72548bd19691b468ade85968580fd7d7f7b8631 /vespa-athenz
parent: 6df641688fed097505d3e675960b49d7162c6828 (diff)
2 files changed, 15 insertions, 4 deletions
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzRole.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzRole.java
index 3a81e4a5e17..a7c9dbff3f8 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzRole.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/api/AthenzRole.java
@@ -7,6 +7,8 @@ import java.util.Objects;
  * @author tokle
  */
 public class AthenzRole {
+    private static final String DOMAIN_ROLE_NAME_DELIMITER = ":role.";
+
     private final AthenzDomain domain;
     private final String roleName;
 
@@ -20,6 +22,16 @@ public class AthenzRole {
         this.roleName = roleName;
     }
 
+    public static AthenzRole fromString(String string) {
+        if (!string.contains(DOMAIN_ROLE_NAME_DELIMITER)) {
+            throw new IllegalArgumentException("Not a valid role: " + string);
+        }
+        int delimiterIndex = string.indexOf(DOMAIN_ROLE_NAME_DELIMITER);
+        String domain = string.substring(0, delimiterIndex);
+        String roleName = string.substring(delimiterIndex + DOMAIN_ROLE_NAME_DELIMITER.length());
+        return new AthenzRole(domain, roleName);
+    }
+
     public AthenzDomain domain() {
         return domain;
     }
@@ -28,6 +40,8 @@ public class AthenzRole {
         return roleName;
     }
 
+    public String asString() { return domain.getName() + DOMAIN_ROLE_NAME_DELIMITER + roleName; }
+
     @Override
     public boolean equals(Object o) {
         if (this == o) return true;
diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java
index 33e5552eaf6..6793d5804c7 100644
--- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java
+++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java
@@ -43,10 +43,7 @@ public class AthenzX509CertificateUtils {
 
     public static AthenzRole getRolesFromRoleCertificate(X509Certificate certificate) {
         String commonName = com.yahoo.security.X509CertificateUtils.getSubjectCommonNames(certificate).get(0);
-        int delimiterIndex = commonName.indexOf(COMMON_NAME_ROLE_DELIMITER);
-        String domain = commonName.substring(0, delimiterIndex);
-        String roleName = commonName.substring(delimiterIndex + COMMON_NAME_ROLE_DELIMITER.length());
-        return new AthenzRole(domain, roleName);
+        return AthenzRole.fromString(commonName);
     }
 
     private static AthenzIdentity getIdentityFromSanEmail(String email) {
author	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-01-30 12:43:28 +0100
committer	Bjørn Christian Seime <bjorncs@verizonmedia.com>	2020-01-30 12:43:28 +0100
commit	eb4b7b8fcdc7aa5de13c05872a1fdca4076179b9 (patch)
tree	d72548bd19691b468ade85968580fd7d7f7b8631 /vespa-athenz
parent	6df641688fed097505d3e675960b49d7162c6828 (diff)