You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by kr...@apache.org on 2019/07/16 15:21:30 UTC
[knox] branch v1.3.0 updated: KNOX-1922 - Processing a DNSName only
if the hostname starts with a letter (#115)
This is an automated email from the ASF dual-hosted git repository.
krisden pushed a commit to branch v1.3.0
in repository https://gitbox.apache.org/repos/asf/knox.git
The following commit(s) were added to refs/heads/v1.3.0 by this push:
new 97604b5 KNOX-1922 - Processing a DNSName only if the hostname starts with a letter (#115)
97604b5 is described below
commit 97604b5f6252c1e915270e26f62e1fd99c732284
Author: Sandor Molnar <sm...@apache.org>
AuthorDate: Tue Jul 16 17:20:48 2019 +0200
KNOX-1922 - Processing a DNSName only if the hostname starts with a letter (#115)
---
.../provider/federation/AbstractJWTFilterTest.java | 6 +-
.../knox/gateway/util/X509CertificateUtil.java | 94 +++++++++++-----------
2 files changed, 51 insertions(+), 49 deletions(-)
diff --git a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java
index 9fd1e28..562671e 100644
--- a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java
+++ b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java
@@ -83,10 +83,10 @@ public abstract class AbstractJWTFilterTest {
protected abstract String getVerificationPemProperty();
private static String buildDistinguishedName(String hostname) {
- MessageFormat headerFormatter = new MessageFormat(dnTemplate, Locale.ROOT);
+ final String cn = Character.isAlphabetic(hostname.charAt(0)) ? hostname : "localhost";
String[] paramArray = new String[1];
- paramArray[0] = hostname;
- return headerFormatter.format(paramArray);
+ paramArray[0] = cn;
+ return new MessageFormat(dnTemplate, Locale.ROOT).format(paramArray);
}
@BeforeClass
diff --git a/gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java b/gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java
index de0f810..155a402 100644
--- a/gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java
+++ b/gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java
@@ -176,63 +176,65 @@ public class X509CertificateUtil {
Class<?> dnsNameClass = Class.forName(getDNSNameModuleName());
Constructor<?> dnsNameConstr = dnsNameClass.getConstructor(String.class);
+ boolean generalNameAdded = false;
// Pull the hostname out of the DN
String hostname = dn.split(",", 2)[0].split("=", 2)[1];
if("localhost".equals(hostname)) {
// Add short hostname
String detectedHostname = InetAddress.getLocalHost().getHostName();
- // DNSName dnsName = new DNSName(detectedHostname);
- Object dnsNameObject = dnsNameConstr.newInstance(detectedHostname);
+ if (Character.isAlphabetic(detectedHostname.charAt(0))) {
+ // DNSName dnsName = new DNSName(detectedHostname);
+ Object dnsNameObject = dnsNameConstr.newInstance(detectedHostname);
+ // GeneralName generalName = new GeneralName(dnsName);
+ Object generalNameObject = generalNameConstr.newInstance(dnsNameObject);
+ // generalNames.add(generalName);
+ generalNamesAdd.invoke(generalNamesObject, generalNameObject);
+ generalNameAdded = true;
+ }
+
+ // Add fully qualified hostname
+ String detectedFullyQualifiedHostname = InetAddress.getLocalHost().getCanonicalHostName();
+ if (Character.isAlphabetic(detectedFullyQualifiedHostname.charAt(0))) {
+ // DNSName dnsName = new DNSName(detectedFullyQualifiedHostname);
+ Object fullyQualifiedDnsNameObject = dnsNameConstr.newInstance(detectedFullyQualifiedHostname);
+ // GeneralName generalName = new GeneralName(fullyQualifiedDnsNameObject);
+ Object fullyQualifiedGeneralNameObject = generalNameConstr.newInstance(fullyQualifiedDnsNameObject);
+ // generalNames.add(fullyQualifiedGeneralNameObject);
+ generalNamesAdd.invoke(generalNamesObject, fullyQualifiedGeneralNameObject);
+ generalNameAdded = true;
+ }
+ }
+
+ if (Character.isAlphabetic(hostname.charAt(0))) {
+ // DNSName dnsName = new DNSName(hostname);
+ Object dnsNameObject = dnsNameConstr.newInstance(hostname);
// GeneralName generalName = new GeneralName(dnsName);
Object generalNameObject = generalNameConstr.newInstance(dnsNameObject);
// generalNames.add(generalName);
generalNamesAdd.invoke(generalNamesObject, generalNameObject);
-
- // Add fully qualified hostname
- String detectedFullyQualifiedHostname = InetAddress.getLocalHost().getCanonicalHostName();
- // DNSName dnsName = new DNSName(detectedFullyQualifiedHostname);
- Object fullyQualifiedDnsNameObject = dnsNameConstr.newInstance(
- detectedFullyQualifiedHostname);
- // GeneralName generalName = new GeneralName(fullyQualifiedDnsNameObject);
- Object fullyQualifiedGeneralNameObject = generalNameConstr.newInstance(
- fullyQualifiedDnsNameObject);
- // generalNames.add(fullyQualifiedGeneralNameObject);
- generalNamesAdd.invoke(generalNamesObject, fullyQualifiedGeneralNameObject);
+ generalNameAdded = true;
}
- // DNSName dnsName = new DNSName(hostname);
- Object dnsNameObject = dnsNameConstr.newInstance(hostname);
- // GeneralName generalName = new GeneralName(dnsName);
- Object generalNameObject = generalNameConstr.newInstance(dnsNameObject);
- // generalNames.add(generalName);
- generalNamesAdd.invoke(generalNamesObject, generalNameObject);
-
- // SubjectAlternativeNameExtension san = new SubjectAlternativeNameExtension(generalNames);
- Class<?> subjectAlternativeNameExtensionClass = Class.forName(
- getSubjectAlternativeNameExtensionModuleName());
- Constructor<?> subjectAlternativeNameExtensionConstr =
- subjectAlternativeNameExtensionClass.getConstructor(generalNamesClass);
- Object subjectAlternativeNameExtensionObject = subjectAlternativeNameExtensionConstr
- .newInstance(generalNamesObject);
-
- // CertificateExtensions certificateExtensions = new CertificateExtensions();
- Class<?> certificateExtensionsClass = Class.forName(getCertificateExtensionsModuleName());
- Constructor<?> certificateExtensionsConstr = certificateExtensionsClass.getConstructor();
- Object certificateExtensionsObject = certificateExtensionsConstr.newInstance();
-
- // certificateExtensions.set(san.getExtensionId().toString(), san);
- Method getExtensionIdMethod = subjectAlternativeNameExtensionObject.getClass()
- .getMethod("getExtensionId");
- String sanExtensionId = getExtensionIdMethod.invoke(subjectAlternativeNameExtensionObject)
- .toString();
- Method certificateExtensionsSet = certificateExtensionsObject.getClass().getMethod("set",
- String.class, Object.class);
- certificateExtensionsSet.invoke(certificateExtensionsObject, sanExtensionId,
- subjectAlternativeNameExtensionObject);
-
- // info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
- methodSET.invoke(certInfoObject, getSetField(certInfoObject, "EXTENSIONS"),
- certificateExtensionsObject);
+ if (generalNameAdded) {
+ // SubjectAlternativeNameExtension san = new SubjectAlternativeNameExtension(generalNames);
+ Class<?> subjectAlternativeNameExtensionClass = Class.forName(getSubjectAlternativeNameExtensionModuleName());
+ Constructor<?> subjectAlternativeNameExtensionConstr = subjectAlternativeNameExtensionClass.getConstructor(generalNamesClass);
+ Object subjectAlternativeNameExtensionObject = subjectAlternativeNameExtensionConstr.newInstance(generalNamesObject);
+
+ // CertificateExtensions certificateExtensions = new CertificateExtensions();
+ Class<?> certificateExtensionsClass = Class.forName(getCertificateExtensionsModuleName());
+ Constructor<?> certificateExtensionsConstr = certificateExtensionsClass.getConstructor();
+ Object certificateExtensionsObject = certificateExtensionsConstr.newInstance();
+
+ // certificateExtensions.set(san.getExtensionId().toString(), san);
+ Method getExtensionIdMethod = subjectAlternativeNameExtensionObject.getClass().getMethod("getExtensionId");
+ String sanExtensionId = getExtensionIdMethod.invoke(subjectAlternativeNameExtensionObject).toString();
+ Method certificateExtensionsSet = certificateExtensionsObject.getClass().getMethod("set", String.class, Object.class);
+ certificateExtensionsSet.invoke(certificateExtensionsObject, sanExtensionId, subjectAlternativeNameExtensionObject);
+
+ // info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
+ methodSET.invoke(certInfoObject, getSetField(certInfoObject, "EXTENSIONS"), certificateExtensionsObject);
+ }
// Sign the cert to identify the algorithm that's used.
// X509CertImpl cert = new X509CertImpl(info);