From fb7197b974f76002c3f89e432b0051ffe23d6e40 Mon Sep 17 00:00:00 2001
From: Tor Brede Vekterli <vekterli@yahooinc.com>
Date: Fri, 9 Dec 2022 11:02:08 +0100
Subject: Allow trailing dots in decryption tool key ID

Makes it easier to include an explicit key version as part of the ID.
---
 .../src/main/java/com/yahoo/vespa/security/tool/crypto/ToolUtils.java   | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

(limited to 'vespaclient-java/src/main/java/com/yahoo')

diff --git a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/ToolUtils.java b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/ToolUtils.java
index 11e227f29b5..fbf0dde0fb2 100644
--- a/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/ToolUtils.java
+++ b/vespaclient-java/src/main/java/com/yahoo/vespa/security/tool/crypto/ToolUtils.java
@@ -26,7 +26,7 @@ public class ToolUtils {
     static final String NO_INTERACTIVE_OPTION   = "no-interactive";
     static final String PRIVATE_KEY_DIR_ENV_VAR = "VESPA_CRYPTO_CLI_PRIVATE_KEY_DIR";
 
-    static final Pattern SAFE_KEY_ID_PATTERN = Pattern.compile("^[a-zA-Z0-9_-]+$");
+    static final Pattern SAFE_KEY_ID_PATTERN = Pattern.compile("^[a-zA-Z0-9_-][a-zA-Z0-9_.-]*$");
 
     static void verifyExpectedKeyId(SealedSharedKey sealedSharedKey, Optional<String> maybeKeyId) {
         if (maybeKeyId.isPresent()) {
-- 
cgit v1.2.3