[knox] branch master updated: KNOX-1915 - X509CertificateUtil SAN should contain fully qualified hostname

krisden Mon, 01 Jul 2019 12:49:02 -0700

This is an automated email from the ASF dual-hosted git repository.

krisden pushed a commit to branch master
in repository https://gitbox.apache.org/repos/asf/knox.git



The following commit(s) were added to refs/heads/master by this push:
     new 24d3bf3  KNOX-1915 - X509CertificateUtil SAN should contain fully 
qualified hostname
24d3bf3 is described below

commit 24d3bf3a3fd6a56dd2dcf167b6193b60eeee1c02
Author: Kevin Risden <[email protected]>
AuthorDate: Mon Jul 1 15:20:47 2019 -0400

    KNOX-1915 - X509CertificateUtil SAN should contain fully qualified hostname
    
    Signed-off-by: Kevin Risden <[email protected]>
---
 .../org/apache/knox/gateway/util/X509CertificateUtil.java    | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git 
a/gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java
 
b/gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java
index 03bd3fa..de0f810 100644
--- 
a/gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java
+++ 
b/gateway-util-common/src/main/java/org/apache/knox/gateway/util/X509CertificateUtil.java
@@ -179,6 +179,7 @@ public class X509CertificateUtil {
       // Pull the hostname out of the DN
       String hostname = dn.split(",", 2)[0].split("=", 2)[1];
       if("localhost".equals(hostname)) {
+        // Add short hostname
         String detectedHostname = InetAddress.getLocalHost().getHostName();
         // DNSName dnsName = new DNSName(detectedHostname);
         Object dnsNameObject = dnsNameConstr.newInstance(detectedHostname);
@@ -186,6 +187,17 @@ public class X509CertificateUtil {
         Object generalNameObject = 
generalNameConstr.newInstance(dnsNameObject);
         // generalNames.add(generalName);
         generalNamesAdd.invoke(generalNamesObject, generalNameObject);
+
+        // Add fully qualified hostname
+        String detectedFullyQualifiedHostname = 
InetAddress.getLocalHost().getCanonicalHostName();
+        // DNSName dnsName = new DNSName(detectedFullyQualifiedHostname);
+        Object fullyQualifiedDnsNameObject = dnsNameConstr.newInstance(
+            detectedFullyQualifiedHostname);
+        // GeneralName generalName = new 
GeneralName(fullyQualifiedDnsNameObject);
+        Object fullyQualifiedGeneralNameObject = generalNameConstr.newInstance(
+            fullyQualifiedDnsNameObject);
+        // generalNames.add(fullyQualifiedGeneralNameObject);
+        generalNamesAdd.invoke(generalNamesObject, 
fullyQualifiedGeneralNameObject);
       }
 
       // DNSName dnsName = new DNSName(hostname);

[knox] branch master updated: KNOX-1915 - X509CertificateUtil SAN should contain fully qualified hostname

Reply via email to