(nifi) branch main updated: NIFI-13941 Fix Maximum Length for DNS Certificate SAN from Proxy Hosts (#9462)

Mon, 28 Oct 2024 15:43:53 -0700 

This is an automated email from the ASF dual-hosted git repository.

markap14 pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/nifi.git


The following commit(s) were added to refs/heads/main by this push:
     new 86ad55e43e NIFI-13941 Fix Maximum Length for DNS Certificate SAN from 
Proxy Hosts (#9462)
86ad55e43e is described below

commit 86ad55e43e0dec04f12d7ad62e73550265ef6a3b
Author: David Handermann <[email protected]>
AuthorDate: Mon Oct 28 15:26:16 2024 -0500

    NIFI-13941 Fix Maximum Length for DNS Certificate SAN from Proxy Hosts 
(#9462)
    
    NIFI-13941 Fixed Maximum Length for DNS Certificate SAN from Proxy Hosts
    - Added warning log for invalid host in proxy property
---
 .../nifi/bootstrap/property/SecurityApplicationPropertyHandler.java  | 5 ++++-
 .../bootstrap/property/SecurityApplicationPropertyHandlerTest.java   | 2 +-
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git 
a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/property/SecurityApplicationPropertyHandler.java
 
b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/property/SecurityApplicationPropertyHandler.java
index ea84b4dcf6..7aad4989e7 100644
--- 
a/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/property/SecurityApplicationPropertyHandler.java
+++ 
b/nifi-bootstrap/src/main/java/org/apache/nifi/bootstrap/property/SecurityApplicationPropertyHandler.java
@@ -78,7 +78,8 @@ public class SecurityApplicationPropertyHandler implements 
ApplicationPropertyHa
 
     private static final String PROPERTY_SEPARATOR = "=";
 
-    private static final Pattern HOST_PORT_PATTERN = 
Pattern.compile("^([\\w-.]{1,63}):?\\d{0,5}$");
+    // Maximum address length based on RFC 1035 Section 2.3.4
+    private static final Pattern HOST_PORT_PATTERN = 
Pattern.compile("^([\\w-.]{1,254}):?\\d{0,5}$");
 
     private static final int HOST_GROUP = 1;
 
@@ -307,6 +308,8 @@ public class SecurityApplicationPropertyHandler implements 
ApplicationPropertyHa
                 if (hostPortMatcher.matches()) {
                     final String host = hostPortMatcher.group(HOST_GROUP);
                     hosts.add(host);
+                } else {
+                    logger.warn("Invalid host [{}] configured for [{}] in 
nifi.properties", hostPortGroup, SecurityProperty.WEB_PROXY_HOST.getName());
                 }
             }
         }
diff --git 
a/nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/property/SecurityApplicationPropertyHandlerTest.java
 
b/nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/property/SecurityApplicationPropertyHandlerTest.java
index e038356702..38ec3bdb4f 100644
--- 
a/nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/property/SecurityApplicationPropertyHandlerTest.java
+++ 
b/nifi-bootstrap/src/test/java/org/apache/nifi/bootstrap/property/SecurityApplicationPropertyHandlerTest.java
@@ -61,7 +61,7 @@ class SecurityApplicationPropertyHandlerTest {
 
     private static final int DNS_NAME_TYPE = 2;
 
-    private static final String FIRST_PROXY_HOST = "nifi.apache.org";
+    private static final String FIRST_PROXY_HOST = 
"maximum.domain.subject.alternative.name.length.greater.than.sixty.four.characters.nifi.apache.org";
 
     private static final int FIRST_PROXY_HOST_PORT = 443;

Reply via email to