diff options
3 files changed, 3 insertions, 12 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java index f5dbcb6a699..531a815922b 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/ca/restapi/CertificateAuthorityApiHandler.java @@ -37,7 +37,6 @@ import java.util.Objects; import java.util.Optional; import java.util.function.Function; import java.util.logging.Level; -import java.util.stream.Stream; /** * REST API for issuing and refreshing node certificates in a hosted Vespa system. @@ -177,9 +176,7 @@ public class CertificateAuthorityApiHandler extends ThreadedHttpRequestHandler { private AthenzService getRequestAthenzService(HttpRequest request) { return getRequestCertificateChain(request).stream() .findFirst() - .map(X509CertificateUtils::getSubjectCommonNames) - .map(List::stream) - .flatMap(Stream::findFirst) + .flatMap(X509CertificateUtils::getSubjectCommonName) .map(AthenzService::new) .orElseThrow(() -> new RuntimeException("No certificate found")); } diff --git a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java index 5db86fd93bc..44293de6eb7 100644 --- a/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java +++ b/security-utils/src/main/java/com/yahoo/security/tls/PeerAuthorizer.java @@ -7,7 +7,6 @@ import com.yahoo.security.X509CertificateUtils; import java.security.cert.X509Certificate; import java.util.HashSet; import java.util.List; -import java.util.Optional; import java.util.Set; import java.util.logging.Logger; @@ -39,7 +38,7 @@ public class PeerAuthorizer { X509Certificate cert = certChain.get(0); Set<String> matchedPolicies = new HashSet<>(); Set<CapabilitySet> grantedCapabilities = new HashSet<>(); - String cn = getCommonName(cert).orElse(null); + String cn = X509CertificateUtils.getSubjectCommonName(cert).orElse(null); List<String> sans = getSubjectAlternativeNames(cert); log.fine(() -> String.format("Subject info from x509 certificate: CN=[%s], 'SAN=%s", cn, sans)); for (PeerPolicy peerPolicy : authorizedPeers.peerPolicies()) { @@ -69,11 +68,6 @@ public class PeerAuthorizer { } } - private static Optional<String> getCommonName(X509Certificate peerCertificate) { - return X509CertificateUtils.getSubjectCommonNames(peerCertificate).stream() - .findFirst(); - } - private static List<String> getSubjectAlternativeNames(X509Certificate peerCertificate) { return X509CertificateUtils.getSubjectAlternativeNames(peerCertificate).stream() .filter(san -> san.getType() == DNS || san.getType() == IP || san.getType() == URI) diff --git a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java index 7542e976260..9d47ce79f87 100644 --- a/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java +++ b/vespa-athenz/src/main/java/com/yahoo/vespa/athenz/tls/AthenzX509CertificateUtils.java @@ -50,7 +50,7 @@ public class AthenzX509CertificateUtils { } public static AthenzRole getRolesFromRoleCertificate(X509Certificate certificate) { - String commonName = com.yahoo.security.X509CertificateUtils.getSubjectCommonNames(certificate).get(0); + String commonName = X509CertificateUtils.getSubjectCommonName(certificate).orElseThrow(); return AthenzRole.fromResourceNameString(commonName); } |