(camel) branch main updated: [Camel-22623] Regression: CamelNettySSLClientCertSubjectName changed from readable string representation to obscure RFC2253 format (#19764)

Thu, 30 Oct 2025 06:00:23 -0700 

This is an automated email from the ASF dual-hosted git repository.

davsclaus pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/camel.git


The following commit(s) were added to refs/heads/main by this push:
     new 5fc654835d0f [Camel-22623] Regression: 
CamelNettySSLClientCertSubjectName changed from readable string representation 
to obscure RFC2253 format (#19764)
5fc654835d0f is described below

commit 5fc654835d0f2e9fff2f49ff572fa711090efb41
Author: Björn Beskow <[email protected]>
AuthorDate: Thu Oct 30 14:00:09 2025 +0100

    [Camel-22623] Regression: CamelNettySSLClientCertSubjectName changed from 
readable string representation to obscure RFC2253 format (#19764)
    
    * Extended test data to reproduce the regression defect:
    CamelNettySSLClientCertSubjectName changed from readable string 
representation to obscure RFC2253 format
    
    * Use X500Principal.toString() instead of X500Principal.getName() to return 
DN as a user-friendly string representation.
    
    ---------
    
    Co-authored-by: Bjorn Beskow <[email protected]>
---
 .../camel/component/netty/NettyEndpoint.java       |   4 ++--
 .../netty/NettySSLClientCertHeadersTest.java       |   6 +++---
 .../camel-netty/src/test/resources/keystore.jks    | Bin 1473 -> 3969 bytes
 .../camel-netty/src/test/resources/keystore.txt    |  23 +++++++++++++++++++++
 4 files changed, 28 insertions(+), 5 deletions(-)

diff --git 
a/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyEndpoint.java
 
b/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyEndpoint.java
index 2ddf92415fd4..7ae484fd0f1f 100644
--- 
a/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyEndpoint.java
+++ 
b/components/camel-netty/src/main/java/org/apache/camel/component/netty/NettyEndpoint.java
@@ -160,11 +160,11 @@ public class NettyEndpoint extends DefaultEndpoint 
implements AsyncEndpoint, End
 
                 Principal subject = cert.getSubjectX500Principal();
                 if (subject != null) {
-                    
message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_SUBJECT_NAME, 
subject.getName());
+                    
message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_SUBJECT_NAME, 
subject.toString());
                 }
                 Principal issuer = cert.getIssuerX500Principal();
                 if (issuer != null) {
-                    
message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_ISSUER_NAME, 
issuer.getName());
+                    
message.setHeader(NettyConstants.NETTY_SSL_CLIENT_CERT_ISSUER_NAME, 
issuer.toString());
                 }
                 BigInteger serial = cert.getSerialNumber();
                 if (serial != null) {
diff --git 
a/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLClientCertHeadersTest.java
 
b/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLClientCertHeadersTest.java
index 9bd505c0c060..cdf1b825810a 100644
--- 
a/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLClientCertHeadersTest.java
+++ 
b/components/camel-netty/src/test/java/org/apache/camel/component/netty/NettySSLClientCertHeadersTest.java
@@ -49,10 +49,10 @@ public class NettySSLClientCertHeadersTest extends 
BaseNettyTest {
         getMockEndpoint("mock:input").expectedMessageCount(1);
 
         
getMockEndpoint("mock:input").expectedHeaderReceived(NettyConstants.NETTY_SSL_CLIENT_CERT_SUBJECT_NAME,
-                "CN=arlu15,OU=Sun Java System Application Server,O=Sun 
Microsystems,L=Santa Clara,ST=California,C=US");
+                "SERIALNUMBER=1234567890, CN=CommonName, OU=Unit, O=Org, 
L=Loc, ST=State, C=US");
         
getMockEndpoint("mock:input").expectedHeaderReceived(NettyConstants.NETTY_SSL_CLIENT_CERT_ISSUER_NAME,
-                "CN=arlu15,OU=Sun Java System Application Server,O=Sun 
Microsystems,L=Santa Clara,ST=California,C=US");
-        
getMockEndpoint("mock:input").expectedHeaderReceived(NettyConstants.NETTY_SSL_CLIENT_CERT_SERIAL_NO,
 "1210701502");
+                "SERIALNUMBER=1234567890, CN=CommonName, OU=Unit, O=Org, 
L=Loc, ST=State, C=US");
+        
getMockEndpoint("mock:input").expectedHeaderReceived(NettyConstants.NETTY_SSL_CLIENT_CERT_SERIAL_NO,
 "1234567890");
 
         context.addRoutes(new RouteBuilder() {
             public void configure() {
diff --git a/components/camel-netty/src/test/resources/keystore.jks 
b/components/camel-netty/src/test/resources/keystore.jks
index 78e8571fd300..d036455ebe5f 100644
Binary files a/components/camel-netty/src/test/resources/keystore.jks and 
b/components/camel-netty/src/test/resources/keystore.jks differ
diff --git a/components/camel-netty/src/test/resources/keystore.txt 
b/components/camel-netty/src/test/resources/keystore.txt
new file mode 100644
index 000000000000..2ff3a5a02790
--- /dev/null
+++ b/components/camel-netty/src/test/resources/keystore.txt
@@ -0,0 +1,23 @@
+src/test/resources/keystore.jks was created using the following commands:
+openssl req -x509 \
+ -newkey rsa:4096 \
+ -keyout key.pem \
+ -out cert.pem \
+ -days 3650 \
+ -sha256 \
+ -nodes \
+ -subj 
"/C=US/ST=State/L=Loc/O=Org/OU=Unit/CN=CommonName/serialNumber=1234567890" \
+ -set_serial 1234567890
+openssl pkcs12 -export \
+ -out keystore.p12 \
+ -inkey key.pem \
+ -in cert.pem \
+ -name cert \
+ -passout pass:changeit
+keytool -importkeystore \
+ -srckeystore keystore.p12 \
+ -srcstoretype PKCS12 \
+ -destkeystore keystore.jks \
+ -deststoretype JKS \
+ -srcstorepass changeit \
+ -deststorepass changeit

Reply via email to