grpc
diff --git a/‎xds/src/main/java/io/grpc/xds/internal/extauthz/CertificateUtils.java‎
Lines changed: 8 additions & 8 deletions b/‎xds/src/main/java/io/grpc/xds/internal/extauthz/CertificateUtils.java‎
Lines changed: 8 additions & 8 deletions
@@ -36,12 +36,12 @@ public final class CertificateUtils {
   // dNSName (2)
   // iPAddress (7)
   private static final int SAN_TYPE_DNS_NAME = 2;
-  private static final int SAN_TYPE_IP_ADDRESS = 7;
+  private static final int SAN_TYPE_URI = 6;
 
   private CertificateUtils() {}
 
   /**
-   * Gets the principal from a certificate. It returns the cert's first IP Address SAN if set,
+   * Gets the principal from a certificate. It returns the cert's first URI SAN if set,
    * otherwise the cert's first DNS SAN if set, otherwise the subject field of the certificate in
    * RFC 2253 format.
    *
@@ -52,14 +52,14 @@ public static String getPrincipal(X509Certificate cert) {
     try {
       Collection<List<?>> sans = cert.getSubjectAlternativeNames();
       if (sans != null) {
-        // Look for IP Address SAN.
+        // Look for URI SAN (Priority 1).
         for (List<?> san : sans) {
           if (san.size() == 2 && san.get(0) instanceof Integer
-              && (Integer) san.get(0) == SAN_TYPE_IP_ADDRESS) {
+              && (Integer) san.get(0) == SAN_TYPE_URI) {
             return (String) san.get(1);
           }
         }
-        // If no IP Address SAN, look for DNS SAN.
+        // If no URI SAN, look for DNS SAN (Priority 2).
         for (List<?> san : sans) {
           if (san.size() == 2 && san.get(0) instanceof Integer
               && (Integer) san.get(0) == SAN_TYPE_DNS_NAME) {
@@ -68,12 +68,12 @@ public static String getPrincipal(X509Certificate cert) {
         }
       }
     } catch (java.security.cert.CertificateParsingException e) {
-      logger.log(Level.WARNING, "Error parsing certificate SANs. This is not expected, "
-          + "falling back to the subject according to the spec.", e);
+      logger.log(Level.FINE, "Error parsing certificate SANs.", e);
     }
-    return cert.getSubjectX500Principal().getName();
+    return cert.getSubjectX500Principal().getName("RFC2253");
   }
 
+
   /**
    * Gets the URL PEM encoded certificate. It Pem encodes first and then urlencodes.
    *
Original file line number	Diff line number	Diff line change
`@@ -36,12 +36,12 @@ public final class CertificateUtils {`
`36`	`36`	`// dNSName (2)`
`37`	`37`	`// iPAddress (7)`
`38`	`38`	`private static final int SAN_TYPE_DNS_NAME = 2;`
`39`		`- private static final int SAN_TYPE_IP_ADDRESS = 7;`
	`39`	`+ private static final int SAN_TYPE_URI = 6;`
`40`	`40`
`41`	`41`	`private CertificateUtils() {}`
`42`	`42`
`43`	`43`	`/**`
`44`		`- * Gets the principal from a certificate. It returns the cert's first IP Address SAN if set,`
	`44`	`+ * Gets the principal from a certificate. It returns the cert's first URI SAN if set,`
`45`	`45`	`* otherwise the cert's first DNS SAN if set, otherwise the subject field of the certificate in`
`46`	`46`	`* RFC 2253 format.`
`47`	`47`	`*`
`@@ -52,14 +52,14 @@ public static String getPrincipal(X509Certificate cert) {`
`52`	`52`	`try {`
`53`	`53`	`Collection<List<?>> sans = cert.getSubjectAlternativeNames();`
`54`	`54`	`if (sans != null) {`
`55`		`- // Look for IP Address SAN.`
	`55`	`+ // Look for URI SAN (Priority 1).`
`56`	`56`	`for (List<?> san : sans) {`
`57`	`57`	`if (san.size() == 2 && san.get(0) instanceof Integer`
`58`		`- && (Integer) san.get(0) == SAN_TYPE_IP_ADDRESS) {`
	`58`	`+ && (Integer) san.get(0) == SAN_TYPE_URI) {`
`59`	`59`	`return (String) san.get(1);`
`60`	`60`	`}`
`61`	`61`	`}`
`62`		`- // If no IP Address SAN, look for DNS SAN.`
	`62`	`+ // If no URI SAN, look for DNS SAN (Priority 2).`
`63`	`63`	`for (List<?> san : sans) {`
`64`	`64`	`if (san.size() == 2 && san.get(0) instanceof Integer`
`65`	`65`	`&& (Integer) san.get(0) == SAN_TYPE_DNS_NAME) {`
`@@ -68,12 +68,12 @@ public static String getPrincipal(X509Certificate cert) {`
`68`	`68`	`}`
`69`	`69`	`}`
`70`	`70`	`} catch (java.security.cert.CertificateParsingException e) {`
`71`		`- logger.log(Level.WARNING, "Error parsing certificate SANs. This is not expected, "`
`72`		`- + "falling back to the subject according to the spec.", e);`
	`71`	`+ logger.log(Level.FINE, "Error parsing certificate SANs.", e);`
`73`	`72`	`}`
`74`		`- return cert.getSubjectX500Principal().getName();`
	`73`	`+ return cert.getSubjectX500Principal().getName("RFC2253");`
`75`	`74`	`}`
`76`	`75`
	`76`	`+`
`77`	`77`	`/**`
`78`	`78`	`* Gets the URL PEM encoded certificate. It Pem encodes first and then urlencodes.`
`79`	`79`	`*`