This is an automated email from the ASF dual-hosted git repository.
rsivaram pushed a commit to branch trunk
in repository https://gitbox.apache.org/repos/asf/kafka.git
The following commit(s) were added to refs/heads/trunk by this push:
new d8f358facc2 [KAFKA-15117] In TestSslUtils set SubjectAlternativeNames
to null if there are no hostnames (#14440)
d8f358facc2 is described below
commit d8f358facc2a5405d08977f922bc0b1dae8f114e
Author: Purshotam Chauhan <[email protected]>
AuthorDate: Mon Sep 25 22:13:01 2023 +0530
[KAFKA-15117] In TestSslUtils set SubjectAlternativeNames to null if there
are no hostnames (#14440)
We are currently encoding an empty hostNames array to subjectAltName in the
keystore. While parsing the certificates in the test this causes the issue -
Unparseable SubjectAlternativeName extension due to java.io.IOException: No
data available in passed DER encoded value. Up to Java 17, this parsing error
was ignored. This PR assigns subjectAltName to null if hostnames are empty.
Co-authored-by: Ismael Juma <[email protected]>
Reviewers: Rajini Sivaram <[email protected]>
---
.../apache/kafka/common/network/SslTransportLayerTest.java | 3 ---
.../src/test/java/org/apache/kafka/test/TestSslUtils.java | 12 ++++++++----
2 files changed, 8 insertions(+), 7 deletions(-)
diff --git
a/clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
b/clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
index f49bf868a46..26987e30da8 100644
---
a/clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
+++
b/clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
@@ -36,8 +36,6 @@ import org.apache.kafka.common.utils.Utils;
import org.apache.kafka.test.TestSslUtils;
import org.apache.kafka.test.TestUtils;
import org.junit.jupiter.api.AfterEach;
-import org.junit.jupiter.api.condition.DisabledOnJre;
-import org.junit.jupiter.api.condition.JRE;
import org.junit.jupiter.api.extension.ExtensionContext;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
@@ -195,7 +193,6 @@ public class SslTransportLayerTest {
*/
@ParameterizedTest
@ArgumentsSource(SslTransportLayerArgumentsProvider.class)
- @DisabledOnJre(value = {JRE.JAVA_20, JRE.JAVA_21}, disabledReason =
"KAFKA-15117")
public void testValidEndpointIdentificationCN(Args args) throws Exception {
args.serverCertStores = certBuilder(true, "localhost",
args.useInlinePem).build();
args.clientCertStores = certBuilder(false, "localhost",
args.useInlinePem).build();
diff --git a/clients/src/test/java/org/apache/kafka/test/TestSslUtils.java
b/clients/src/test/java/org/apache/kafka/test/TestSslUtils.java
index 6b7c16b0335..1181fc27777 100644
--- a/clients/src/test/java/org/apache/kafka/test/TestSslUtils.java
+++ b/clients/src/test/java/org/apache/kafka/test/TestSslUtils.java
@@ -399,10 +399,14 @@ public class TestSslUtils {
}
public CertificateBuilder sanDnsNames(String... hostNames) throws
IOException {
- GeneralName[] altNames = new GeneralName[hostNames.length];
- for (int i = 0; i < hostNames.length; i++)
- altNames[i] = new GeneralName(GeneralName.dNSName,
hostNames[i]);
- subjectAltName = GeneralNames.getInstance(new
DERSequence(altNames)).getEncoded();
+ if (hostNames.length > 0) {
+ GeneralName[] altNames = new GeneralName[hostNames.length];
+ for (int i = 0; i < hostNames.length; i++)
+ altNames[i] = new GeneralName(GeneralName.dNSName,
hostNames[i]);
+ subjectAltName = GeneralNames.getInstance(new
DERSequence(altNames)).getEncoded();
+ } else {
+ subjectAltName = null;
+ }
return this;
}
