diff options
Diffstat (limited to 'controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java')
-rw-r--r-- | controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java | 45 |
1 files changed, 34 insertions, 11 deletions
diff --git a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java index 53d807b0139..09120f8cd21 100644 --- a/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java +++ b/controller-api/src/main/java/com/yahoo/vespa/hosted/controller/api/integration/certificates/EndpointCertificate.java @@ -1,4 +1,4 @@ -// Copyright Yahoo. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. +// Copyright Vespa.ai. Licensed under the terms of the Apache 2.0 license. See LICENSE in the project root. package com.yahoo.vespa.hosted.controller.api.integration.certificates; import java.util.List; @@ -13,9 +13,9 @@ public record EndpointCertificate(String keyName, String certName, int version, String rootRequestId, // The id of the first request made for this certificate. Should not change. Optional<String> leafRequestId, // The id of the last known request made for this certificate. Changes on refresh, may be outdated! List<String> requestedDnsSans, String issuer, Optional<Long> expiry, - Optional<Long> lastRefreshed, Optional<String> randomizedId) { + Optional<Long> lastRefreshed, Optional<String> generatedId) { - public EndpointCertificate withRandomizedId(String randomizedId) { + public EndpointCertificate withGeneratedId(String generatedId) { return new EndpointCertificate( this.keyName, this.certName, @@ -27,7 +27,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - Optional.of(randomizedId)); + Optional.of(generatedId)); } public EndpointCertificate withKeyName(String keyName) { @@ -42,7 +42,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - this.randomizedId); + this.generatedId); } public EndpointCertificate withCertName(String certName) { @@ -57,7 +57,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - this.randomizedId); + this.generatedId); } public EndpointCertificate withVersion(int version) { @@ -72,7 +72,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - this.randomizedId); + this.generatedId); } public EndpointCertificate withLastRequested(long lastRequested) { @@ -87,7 +87,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - this.randomizedId); + this.generatedId); } public EndpointCertificate withLastRefreshed(long lastRefreshed) { @@ -102,7 +102,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, Optional.of(lastRefreshed), - this.randomizedId); + this.generatedId); } public EndpointCertificate withRootRequestId(String rootRequestId) { @@ -117,7 +117,7 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - this.randomizedId); + this.generatedId); } public EndpointCertificate withLeafRequestId(Optional<String> leafRequestId) { @@ -132,7 +132,30 @@ public record EndpointCertificate(String keyName, String certName, int version, this.issuer, this.expiry, this.lastRefreshed, - this.randomizedId); + this.generatedId); + } + + /** Returns whether given DNS name matches any of the requested SANs in this */ + public boolean sanMatches(String dnsName) { + return sanMatches(dnsName, requestedDnsSans); + } + + static boolean sanMatches(String dnsName, List<String> sanDnsNames) { + return sanDnsNames.stream().anyMatch(sanDnsName -> sanMatches(dnsName, sanDnsName)); + } + + private static boolean sanMatches(String dnsName, String sanDnsName) { + String[] sanNameParts = sanDnsName.split("\\."); + String[] dnsNameParts = dnsName.split("\\."); + if (sanNameParts.length != dnsNameParts.length || sanNameParts.length == 0) { + return false; + } + for (int i = 0; i < sanNameParts.length; i++) { + if (!sanNameParts[i].equals("*") && !sanNameParts[i].equals(dnsNameParts[i])) { + return false; + } + } + return true; } } |