diff options
Diffstat (limited to 'athenz-identity-provider-service')
2 files changed, 10 insertions, 10 deletions
diff --git a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java index 0806ac6225b..2e00695f2f0 100644 --- a/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java +++ b/athenz-identity-provider-service/src/main/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSigner.java @@ -82,8 +82,8 @@ public class CertificateSigner { * </ul> */ X509Certificate generateX509Certificate(PKCS10CertificationRequest certReq, String remoteHostname) { - assertCertificateCommonName(certReq.getSubject(), remoteHostname); - assertCertificateExtensions(certReq); + verifyCertificateCommonName(certReq.getSubject(), remoteHostname); + verifyCertificateExtensions(certReq); Date notBefore = Date.from(clock.instant()); Date notAfter = Date.from(clock.instant().plus(CERTIFICATE_EXPIRATION)); @@ -107,7 +107,7 @@ public class CertificateSigner { } } - static void assertCertificateCommonName(X500Name subject, String commonName) { + static void verifyCertificateCommonName(X500Name subject, String commonName) { List<AttributeTypeAndValue> attributesAndValues = Arrays.stream(subject.getRDNs()) .flatMap(rdn -> rdn.isMultiValued() ? Stream.of(rdn.getTypesAndValues()) : Stream.of(rdn.getFirst())) @@ -125,7 +125,7 @@ public class CertificateSigner { } @SuppressWarnings("unchecked") - static void assertCertificateExtensions(PKCS10CertificationRequest request) { + static void verifyCertificateExtensions(PKCS10CertificationRequest request) { List<String> illegalExt = Arrays .stream(request.getAttributes(PKCSObjectIdentifiers.pkcs_9_at_extensionRequest)) .map(attribute -> Extensions.getInstance(attribute.getAttrValues().getObjectAt(0))) diff --git a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerTest.java b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerTest.java index cf110608e68..e691da0b2c3 100644 --- a/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerTest.java +++ b/athenz-identity-provider-service/src/test/java/com/yahoo/vespa/hosted/athenz/instanceproviderservice/ca/CertificateSignerTest.java @@ -56,11 +56,11 @@ public class CertificateSignerTest { @Test public void common_name_test() throws Exception { - CertificateSigner.assertCertificateCommonName( + CertificateSigner.verifyCertificateCommonName( new X500Name("CN=" + requestersHostname), requestersHostname); - CertificateSigner.assertCertificateCommonName( + CertificateSigner.verifyCertificateCommonName( new X500Name("C=NO,OU=Vespa,CN=" + requestersHostname), requestersHostname); - CertificateSigner.assertCertificateCommonName( + CertificateSigner.verifyCertificateCommonName( new X500Name("C=NO+OU=org,CN=" + requestersHostname), requestersHostname); assertCertificateCommonNameException("C=NO", "Only 1 common name should be set"); @@ -76,7 +76,7 @@ public class CertificateSignerTest { new GeneralName(GeneralName.dNSName, "some.other.domain.tld")})); PKCS10CertificationRequest request = makeRequest("OU=Vespa", extGen.generate()); - CertificateSigner.assertCertificateExtensions(request); + CertificateSigner.verifyCertificateExtensions(request); } @Test @@ -85,12 +85,12 @@ public class CertificateSignerTest { extGen.addExtension(Extension.certificateIssuer, true, new byte[0]); PKCS10CertificationRequest request = makeRequest("OU=Vespa", extGen.generate()); - CertificateSigner.assertCertificateExtensions(request); + CertificateSigner.verifyCertificateExtensions(request); } private void assertCertificateCommonNameException(String subject, String expectedMessage) { try { - CertificateSigner.assertCertificateCommonName(new X500Name(subject), requestersHostname); + CertificateSigner.verifyCertificateCommonName(new X500Name(subject), requestersHostname); fail("Expected to fail"); } catch (IllegalArgumentException e) { assertEquals(expectedMessage, e.getMessage()); |