You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@nifi.apache.org by GitBox <gi...@apache.org> on 2021/01/17 19:08:56 UTC

[GitHub] [nifi] CefBoud commented on a change in pull request #4709: NIFI-7783: Include CA CN as a SAN entry

CefBoud commented on a change in pull request #4709:
URL: https://github.com/apache/nifi/pull/4709#discussion_r559224571



##########
File path: nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java
##########
@@ -469,6 +472,14 @@ public static X509Certificate generateSelfSignedX509Certificate(KeyPair keyPair,
             // (2) extendedKeyUsage extension
             certBuilder.addExtension(Extension.extendedKeyUsage, false, new ExtendedKeyUsage(new KeyPurposeId[]{KeyPurposeId.id_kp_clientAuth, KeyPurposeId.id_kp_serverAuth}));
 
+            // (3) subjectAlternativeName extension. Include CN as a SAN entry.
+            try {
+                final String cn = IETFUtils.valueToString(new X500Name(dn).getRDNs(BCStyle.CN)[0].getFirst().getValue());
+                certBuilder.addExtension(Extension.subjectAlternativeName, false, new GeneralNames(new GeneralName(GeneralName.dNSName, cn)));
+            } catch (Exception e) {

Review comment:
       Creating the `String getCommonName(String dn)` method allowed to avoid having the exception all together by returning null in case the common name is not present in the DN. 




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org