[jira] [Commented] (ARTEMIS-5102) TextFileCertificateLoginModule support normalisation of DN property values

Tue, 15 Oct 2024 09:23:03 -0700 


    [ 
https://issues.apache.org/jira/browse/ARTEMIS-5102?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17889748#comment-17889748
 ] 

ASF subversion and git services commented on ARTEMIS-5102:
----------------------------------------------------------

Commit e47698453abb52c46e10700599b3f38a07427a38 in activemq-artemis's branch 
refs/heads/main from Gary Tully
[ https://gitbox.apache.org/repos/asf?p=activemq-artemis.git;h=e47698453a ]

ARTEMIS-5102 normalise option to DN value parsing for the Cert login module


> TextFileCertificateLoginModule support normalisation of DN property values
> --------------------------------------------------------------------------
>
>                 Key: ARTEMIS-5102
>                 URL: https://issues.apache.org/jira/browse/ARTEMIS-5102
>             Project: ActiveMQ Artemis
>          Issue Type: Improvement
>          Components: Configuration, JAAS
>    Affects Versions: 2.37.0
>            Reporter: Gary Tully
>            Assignee: Gary Tully
>            Priority: Major
>             Fix For: 2.38.0
>
>          Time Spent: 20m
>  Remaining Estimate: 0h
>
> The DN format for cert properties is an exact match string. This can lead to 
> tricky dependency on the security provider and implementation.
> In addition if a properties file is generated from code, it needs to use a 
> matching java tool. 
> the DN string format and parsing is defined, so there is no reason we cannot 
> parse and normalise the values, rather than just treating them as plain 
> strings.
> the proposal is to add a normalise option, that will parse and format any DN 
> into the local java x500Name such that it will match what is extracted from 
> the certificate. This allows spaces and quotes and escapes to be respected 
> (and ignored) as necessary.
> it will remove the ambiguity around DN names. However because this validation 
> would potentially flag existing config, it is not enabled by default.



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
For further information, visit: https://activemq.apache.org/contact

Reply via email to