You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@knox.apache.org by kr...@apache.org on 2019/07/16 15:20:53 UTC

[knox] branch master updated: KNOX-1922 - Processing a DNSName only if the hostname starts with a letter (#115)

This is an automated email from the ASF dual-hosted git repository.

krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git


The following commit(s) were added to refs/heads/master by this push:
     new a4587b6  KNOX-1922 - Processing a DNSName only if the hostname starts with a letter (#115)
a4587b6 is described below

commit a4587b6a2ba3f03b6742fffb426c05bffc92b092
Author: Sandor Molnar <sm...@apache.org>
AuthorDate: Tue Jul 16 17:20:48 2019 +0200

    KNOX-1922 - Processing a DNSName only if the hostname starts with a letter (#115)
---
 .../provider/federation/AbstractJWTFilterTest.java |  6 +-
 .../knox/gateway/util/X509CertificateUtil.java     | 94 +++++++++++-----------
 2 files changed, 51 insertions(+), 49 deletions(-)

diff --git a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java
index 9fd1e28..562671e 100644
--- a/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java
+++ b/gateway-provider-security-jwt/src/test/java/org/apache/knox/gateway/provider/federation/AbstractJWTFilterTest.java
@@ -83,10 +83,10 @@ public abstract class AbstractJWTFilterTest  {
   protected abstract String getVerificationPemProperty();
 
   private static String buildDistinguishedName(String hostname) {
-    MessageFormat headerFormatter = new MessageFormat(dnTemplate, Locale.ROOT);
+    final String cn = Character.isAlphabetic(hostname.charAt(0)) ? hostname : "localhost";
     String[] paramArray = new String[1];
-    paramArray[0] = hostname;
-    return headerFormatter.format(paramArray);
+    paramArray[0] = cn;
+    return new MessageFormat(dnTemplate, Locale.ROOT).format(paramArray);
   }
 
   @BeforeClass
diff --git a/gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java b/gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java
index de0f810..155a402 100644
--- a/gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java
+++ b/gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java
@@ -176,63 +176,65 @@ public class X509CertificateUtil {
       Class<?> dnsNameClass = Class.forName(getDNSNameModuleName());
       Constructor<?> dnsNameConstr = dnsNameClass.getConstructor(String.class);
 
+      boolean generalNameAdded = false;
       // Pull the hostname out of the DN
       String hostname = dn.split(",", 2)[0].split("=", 2)[1];
       if("localhost".equals(hostname)) {
         // Add short hostname
         String detectedHostname = InetAddress.getLocalHost().getHostName();
-        // DNSName dnsName = new DNSName(detectedHostname);
-        Object dnsNameObject = dnsNameConstr.newInstance(detectedHostname);
+        if (Character.isAlphabetic(detectedHostname.charAt(0))) {
+          // DNSName dnsName = new DNSName(detectedHostname);
+          Object dnsNameObject = dnsNameConstr.newInstance(detectedHostname);
+          // GeneralName generalName = new GeneralName(dnsName);
+          Object generalNameObject = generalNameConstr.newInstance(dnsNameObject);
+          // generalNames.add(generalName);
+          generalNamesAdd.invoke(generalNamesObject, generalNameObject);
+          generalNameAdded = true;
+        }
+
+        // Add fully qualified hostname
+        String detectedFullyQualifiedHostname = InetAddress.getLocalHost().getCanonicalHostName();
+        if (Character.isAlphabetic(detectedFullyQualifiedHostname.charAt(0))) {
+          // DNSName dnsName = new DNSName(detectedFullyQualifiedHostname);
+          Object fullyQualifiedDnsNameObject = dnsNameConstr.newInstance(detectedFullyQualifiedHostname);
+          // GeneralName generalName = new GeneralName(fullyQualifiedDnsNameObject);
+          Object fullyQualifiedGeneralNameObject = generalNameConstr.newInstance(fullyQualifiedDnsNameObject);
+          // generalNames.add(fullyQualifiedGeneralNameObject);
+          generalNamesAdd.invoke(generalNamesObject, fullyQualifiedGeneralNameObject);
+          generalNameAdded = true;
+        }
+      }
+
+      if (Character.isAlphabetic(hostname.charAt(0))) {
+        // DNSName dnsName = new DNSName(hostname);
+        Object dnsNameObject = dnsNameConstr.newInstance(hostname);
         // GeneralName generalName = new GeneralName(dnsName);
         Object generalNameObject = generalNameConstr.newInstance(dnsNameObject);
         // generalNames.add(generalName);
         generalNamesAdd.invoke(generalNamesObject, generalNameObject);
-
-        // Add fully qualified hostname
-        String detectedFullyQualifiedHostname = InetAddress.getLocalHost().getCanonicalHostName();
-        // DNSName dnsName = new DNSName(detectedFullyQualifiedHostname);
-        Object fullyQualifiedDnsNameObject = dnsNameConstr.newInstance(
-            detectedFullyQualifiedHostname);
-        // GeneralName generalName = new GeneralName(fullyQualifiedDnsNameObject);
-        Object fullyQualifiedGeneralNameObject = generalNameConstr.newInstance(
-            fullyQualifiedDnsNameObject);
-        // generalNames.add(fullyQualifiedGeneralNameObject);
-        generalNamesAdd.invoke(generalNamesObject, fullyQualifiedGeneralNameObject);
+        generalNameAdded = true;
       }
 
-      // DNSName dnsName = new DNSName(hostname);
-      Object dnsNameObject = dnsNameConstr.newInstance(hostname);
-      // GeneralName generalName = new GeneralName(dnsName);
-      Object generalNameObject = generalNameConstr.newInstance(dnsNameObject);
-      // generalNames.add(generalName);
-      generalNamesAdd.invoke(generalNamesObject, generalNameObject);
-
-      // SubjectAlternativeNameExtension san = new SubjectAlternativeNameExtension(generalNames);
-      Class<?> subjectAlternativeNameExtensionClass = Class.forName(
-          getSubjectAlternativeNameExtensionModuleName());
-      Constructor<?> subjectAlternativeNameExtensionConstr =
-          subjectAlternativeNameExtensionClass.getConstructor(generalNamesClass);
-      Object subjectAlternativeNameExtensionObject = subjectAlternativeNameExtensionConstr
-                                                         .newInstance(generalNamesObject);
-
-      // CertificateExtensions certificateExtensions = new CertificateExtensions();
-      Class<?> certificateExtensionsClass = Class.forName(getCertificateExtensionsModuleName());
-      Constructor<?> certificateExtensionsConstr = certificateExtensionsClass.getConstructor();
-      Object certificateExtensionsObject = certificateExtensionsConstr.newInstance();
-
-      // certificateExtensions.set(san.getExtensionId().toString(), san);
-      Method getExtensionIdMethod = subjectAlternativeNameExtensionObject.getClass()
-                                        .getMethod("getExtensionId");
-      String sanExtensionId = getExtensionIdMethod.invoke(subjectAlternativeNameExtensionObject)
-                                  .toString();
-      Method certificateExtensionsSet = certificateExtensionsObject.getClass().getMethod("set",
-          String.class, Object.class);
-      certificateExtensionsSet.invoke(certificateExtensionsObject, sanExtensionId,
-          subjectAlternativeNameExtensionObject);
-
-      // info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
-      methodSET.invoke(certInfoObject, getSetField(certInfoObject, "EXTENSIONS"),
-          certificateExtensionsObject);
+      if (generalNameAdded) {
+        // SubjectAlternativeNameExtension san = new SubjectAlternativeNameExtension(generalNames);
+        Class<?> subjectAlternativeNameExtensionClass = Class.forName(getSubjectAlternativeNameExtensionModuleName());
+        Constructor<?> subjectAlternativeNameExtensionConstr = subjectAlternativeNameExtensionClass.getConstructor(generalNamesClass);
+        Object subjectAlternativeNameExtensionObject = subjectAlternativeNameExtensionConstr.newInstance(generalNamesObject);
+
+        // CertificateExtensions certificateExtensions = new CertificateExtensions();
+        Class<?> certificateExtensionsClass = Class.forName(getCertificateExtensionsModuleName());
+        Constructor<?> certificateExtensionsConstr = certificateExtensionsClass.getConstructor();
+        Object certificateExtensionsObject = certificateExtensionsConstr.newInstance();
+
+        // certificateExtensions.set(san.getExtensionId().toString(), san);
+        Method getExtensionIdMethod = subjectAlternativeNameExtensionObject.getClass().getMethod("getExtensionId");
+        String sanExtensionId = getExtensionIdMethod.invoke(subjectAlternativeNameExtensionObject).toString();
+        Method certificateExtensionsSet = certificateExtensionsObject.getClass().getMethod("set", String.class, Object.class);
+        certificateExtensionsSet.invoke(certificateExtensionsObject, sanExtensionId, subjectAlternativeNameExtensionObject);
+
+        // info.set(X509CertInfo.EXTENSIONS, certificateExtensions);
+        methodSET.invoke(certInfoObject, getSetField(certInfoObject, "EXTENSIONS"), certificateExtensionsObject);
+      }
 
       // Sign the cert to identify the algorithm that's used.
       // X509CertImpl cert = new X509CertImpl(info);