Skip to content

Commit

Permalink
Remove getSubjectDN(), which is deprecated in Java 17
Browse files Browse the repository at this point in the history
  • Loading branch information
ejona86 committed Nov 20, 2023
1 parent 0987dc4 commit c6d448e
Show file tree
Hide file tree
Showing 5 changed files with 14 additions and 11 deletions.
Original file line number Diff line number Diff line change
Expand Up @@ -2208,7 +2208,7 @@ protected void assertX500SubjectDn(String tlsInfo) {
X509Certificate x509cert = (X509Certificate) certificates.get(0);

assertEquals(1, certificates.size());
assertEquals(tlsInfo, x509cert.getSubjectDN().toString());
assertEquals(tlsInfo, x509cert.getSubjectX500Principal().toString());
}

protected int operationTimeoutMillis() {
Expand Down
10 changes: 6 additions & 4 deletions netty/src/test/java/io/grpc/netty/AdvancedTlsTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -198,7 +198,7 @@ public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authTy
throw new CertificateException("peerCertChain is empty");
}
X509Certificate leafCert = peerCertChain[0];
if (!leafCert.getSubjectDN().getName().contains("testclient")) {
if (!leafCert.getSubjectX500Principal().getName().contains("testclient")) {
throw new CertificateException("SslSocketAndEnginePeerVerifier failed");
}
}
Expand All @@ -210,7 +210,7 @@ public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authTy
throw new CertificateException("peerCertChain is empty");
}
X509Certificate leafCert = peerCertChain[0];
if (!leafCert.getSubjectDN().getName().contains("testclient")) {
if (!leafCert.getSubjectX500Principal().getName().contains("testclient")) {
throw new CertificateException("SslSocketAndEnginePeerVerifier failed");
}
}
Expand All @@ -237,7 +237,8 @@ public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authTy
throw new CertificateException("peerCertChain is empty");
}
X509Certificate leafCert = peerCertChain[0];
if (!leafCert.getSubjectDN().getName().contains("*.test.google.com.au")) {
if (!leafCert.getSubjectX500Principal().getName()
.contains("*.test.google.com.au")) {
throw new CertificateException("SslSocketAndEnginePeerVerifier failed");
}
}
Expand All @@ -249,7 +250,8 @@ public void verifyPeerCertificate(X509Certificate[] peerCertChain, String authTy
throw new CertificateException("peerCertChain is empty");
}
X509Certificate leafCert = peerCertChain[0];
if (!leafCert.getSubjectDN().getName().contains("*.test.google.com.au")) {
if (!leafCert.getSubjectX500Principal().getName()
.contains("*.test.google.com.au")) {
throw new CertificateException("SslSocketAndEnginePeerVerifier failed");
}
}
Expand Down
4 changes: 2 additions & 2 deletions util/src/test/java/io/grpc/util/CertificateUtilsTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -53,7 +53,7 @@ public void readPemCertFile() throws CertificateException, IOException {
// Checks some information on the test certificate.
assertThat(cert[0].getSerialNumber()).isEqualTo(new BigInteger(
"6c97d344427a93affea089d6855d4ed63dd94f38", 16));
assertThat(cert[0].getSubjectDN().getName()).isEqualTo(
assertThat(cert[0].getSubjectX500Principal().toString()).isEqualTo(
"CN=*.test.google.com.au, O=Internet Widgits Pty Ltd, ST=Some-State, C=AU");
}

Expand All @@ -74,7 +74,7 @@ public void readCaPemFile() throws CertificateException, IOException {
// Checks some information on the test certificate.
assertThat(cert[0].getSerialNumber()).isEqualTo(new BigInteger(
"5ab3f456f1dccbe2cfe94b9836d88bf600610f9a", 16));
assertThat(cert[0].getSubjectDN().getName()).isEqualTo(
assertThat(cert[0].getSubjectX500Principal().toString()).isEqualTo(
"CN=testca, O=Internet Widgits Pty Ltd, ST=Some-State, C=AU");
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -334,10 +334,11 @@ private Collection<String> getPrincipalNames() {
return Collections.unmodifiableCollection(principalNames);
}
}
if (cert.getSubjectDN() == null || cert.getSubjectDN().getName() == null) {
if (cert.getSubjectX500Principal() == null
|| cert.getSubjectX500Principal().getName() == null) {
return Collections.singleton("");
}
return Collections.singleton(cert.getSubjectDN().getName());
return Collections.singleton(cert.getSubjectX500Principal().getName());
} catch (SSLPeerUnverifiedException | CertificateParsingException ex) {
log.log(Level.FINE, "Unexpected getPrincipalNames error.", ex);
return Collections.singleton("");
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -51,13 +51,13 @@
import io.grpc.xds.internal.rbac.engine.GrpcAuthorizationEngine.SourceIpMatcher;
import java.net.InetAddress;
import java.net.InetSocketAddress;
import java.security.Principal;
import java.security.cert.X509Certificate;
import java.util.Arrays;
import java.util.Collections;
import java.util.List;
import javax.net.ssl.SSLPeerUnverifiedException;
import javax.net.ssl.SSLSession;
import javax.security.auth.x500.X500Principal;
import org.junit.Before;
import org.junit.Rule;
import org.junit.Test;
Expand Down Expand Up @@ -279,7 +279,7 @@ public void authenticatedMatcher() throws Exception {
X509Certificate mockCert = mock(X509Certificate.class);
when(sslSession.getPeerCertificates()).thenReturn(new X509Certificate[]{mockCert});
assertThat(engine.evaluate(HEADER, serverCall).decision()).isEqualTo(Action.DENY);
when(mockCert.getSubjectDN()).thenReturn(mock(Principal.class));
when(mockCert.getSubjectX500Principal()).thenReturn(new X500Principal(""));
assertThat(engine.evaluate(HEADER, serverCall).decision()).isEqualTo(Action.DENY);
when(mockCert.getSubjectAlternativeNames()).thenReturn(Arrays.<List<?>>asList(
Arrays.asList(2, "*.test.google.fr")));
Expand Down

0 comments on commit c6d448e

Please sign in to comment.