Repository: knox Updated Branches: refs/heads/master 4ec9ae4e1 -> 10ad50228
KNOX-1243 - Normalize the required DNs that are Configured in KnoxToken Service Project: http://git-wip-us.apache.org/repos/asf/knox/repo Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/10ad5022 Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/10ad5022 Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/10ad5022 Branch: refs/heads/master Commit: 10ad502285ca410e8a6cfb4414e34b0494f208a7 Parents: 4ec9ae4 Author: Larry McCay <[email protected]> Authored: Sat Apr 7 11:21:54 2018 -0400 Committer: Larry McCay <[email protected]> Committed: Sat Apr 7 11:21:54 2018 -0400 ---------------------------------------------------------------------- .../org/apache/knox/gateway/service/knoxtoken/TokenResource.java | 4 ++-- .../knox/gateway/service/knoxtoken/TokenServiceResourceTest.java | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/knox/blob/10ad5022/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java index f8eb124..1514287 100644 --- a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java +++ b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java @@ -97,7 +97,7 @@ public class TokenResource { if (principals != null) { String[] dns = principals.split(";"); for (int i = 0; i < dns.length; i++) { - allowedDNs.add(dns[i]); + allowedDNs.add(dns[i].replaceAll("\\s+","")); } } @@ -154,7 +154,7 @@ public class TokenResource { if (clientCertRequired) { X509Certificate cert = extractCertificate(request); if (cert != null) { - if (!allowedDNs.contains(cert.getSubjectDN().getName())) { + if (!allowedDNs.contains(cert.getSubjectDN().getName().replaceAll("\\s+",""))) { return Response.status(403).entity("{ \"Unable to get token - untrusted client cert.\" }").build(); } } http://git-wip-us.apache.org/repos/asf/knox/blob/10ad5022/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java ---------------------------------------------------------------------- diff --git a/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java b/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java index 3753b27..61f5d4a 100644 --- a/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java +++ b/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java @@ -273,7 +273,7 @@ public class TokenServiceResourceTest { HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class); EasyMock.expect(request.getServletContext()).andReturn(context).anyTimes(); X509Certificate trustedCertMock = EasyMock.createMock(X509Certificate.class); - EasyMock.expect(trustedCertMock.getSubjectDN()).andReturn(new PrimaryPrincipal("CN=localhost, OU=Test, O=Hadoop, L=Test, ST=Test, C=US")).anyTimes(); + EasyMock.expect(trustedCertMock.getSubjectDN()).andReturn(new PrimaryPrincipal("CN=localhost,OU=Test, O=Hadoop, L=Test, ST=Test, C=US")).anyTimes(); ArrayList<X509Certificate> certArrayList = new ArrayList<X509Certificate>(); certArrayList.add(trustedCertMock); X509Certificate[] certs = {};
