From ba4abcdf6b373b0ecec7bed56eb4910bf51dcbb5 Mon Sep 17 00:00:00 2001
From: Ankit Kumar <ankitjames25@gmail.com>
Date: Fri, 10 Jan 2025 15:50:23 +0530
Subject: [PATCH] update extract `CN` logic to handle entry with `CN` in any
 order

---
 .../internal/identity/TlsClientX509ExtendedKeyManager.java    | 4 ++--
 .../runtime/binding/tls/internal/stream/TlsServerFactory.java | 4 ++--
 2 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/runtime/binding-tls/src/main/java/io/aklivity/zilla/runtime/binding/tls/internal/identity/TlsClientX509ExtendedKeyManager.java b/runtime/binding-tls/src/main/java/io/aklivity/zilla/runtime/binding/tls/internal/identity/TlsClientX509ExtendedKeyManager.java
index f81e42198d..2c06d45864 100644
--- a/runtime/binding-tls/src/main/java/io/aklivity/zilla/runtime/binding/tls/internal/identity/TlsClientX509ExtendedKeyManager.java
+++ b/runtime/binding-tls/src/main/java/io/aklivity/zilla/runtime/binding/tls/internal/identity/TlsClientX509ExtendedKeyManager.java
@@ -36,7 +36,7 @@ public final class TlsClientX509ExtendedKeyManager extends X509ExtendedKeyManage
 {
     public static final String COMMON_NAME_KEY = "common.name";
 
-    private static final Pattern COMMON_NAME_PATTERN = Pattern.compile("CN=(?<cn>[^\\s,]+).*");
+    private static final Pattern COMMON_NAME_PATTERN = Pattern.compile("CN=(?<cn>[^\\s,]+)");
 
     private final Matcher matchCN = COMMON_NAME_PATTERN.matcher("");
 
@@ -116,7 +116,7 @@ else if (keyTypes != null)
                             X500Principal subject = chain[0].getSubjectX500Principal();
 
                             if (subject != null &&
-                                matchCN.reset(subject.getName()).matches() &&
+                                matchCN.reset(subject.getName()).find() &&
                                 subjectCN.equals(matchCN.group("cn")))
                             {
                                 alias = candidate;
diff --git a/runtime/binding-tls/src/main/java/io/aklivity/zilla/runtime/binding/tls/internal/stream/TlsServerFactory.java b/runtime/binding-tls/src/main/java/io/aklivity/zilla/runtime/binding/tls/internal/stream/TlsServerFactory.java
index 47d7c261eb..d67f7751e5 100644
--- a/runtime/binding-tls/src/main/java/io/aklivity/zilla/runtime/binding/tls/internal/stream/TlsServerFactory.java
+++ b/runtime/binding-tls/src/main/java/io/aklivity/zilla/runtime/binding/tls/internal/stream/TlsServerFactory.java
@@ -134,7 +134,7 @@ public final class TlsServerFactory implements TlsStreamFactory
     private final TlsServerDecoder decodeNotHandshakingUnwrapped = this::decodeNotHandshakingUnwrapped;
     private final TlsServerDecoder decodeIgnoreAll = this::decodeIgnoreAll;
 
-    private final Matcher matchCN = Pattern.compile("CN=([^,]*).*").matcher("");
+    private final Matcher matchCN = Pattern.compile("CN=([^,]*)").matcher("");
 
     private final int proxyTypeId;
     private final Signaler signaler;
@@ -2422,7 +2422,7 @@ private String getCommonName(
                 if (peer != null)
                 {
                     String name = peer.getName();
-                    if (matchCN.reset(name).matches())
+                    if (matchCN.reset(name).find())
                     {
                         commonName = matchCN.group(1);
                     }