[jira] [Commented] (NIFI-11780) Add Client Certificate Subject Alternative Name Attributes in HandleHttpRequest FlowFiles

Tue, 25 Jul 2023 07:10:48 -0700 


    [ 
https://issues.apache.org/jira/browse/NIFI-11780?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17747018#comment-17747018
 ] 

ASF subversion and git services commented on NIFI-11780:
--------------------------------------------------------

Commit 3a078c0c31a487e27c2b93a9b97bd8acf143e931 in nifi's branch 
refs/heads/main from David Handermann
[ https://gitbox.apache.org/repos/asf?p=nifi.git;h=3a078c0c31 ]

NIFI-11780 Added Certificate SAN Attributes to HandleHttpRequest

Signed-off-by: Pierre Villard <[email protected]>

This closes #7521.


> Add Client Certificate Subject Alternative Name Attributes in 
> HandleHttpRequest FlowFiles
> -----------------------------------------------------------------------------------------
>
>                 Key: NIFI-11780
>                 URL: https://issues.apache.org/jira/browse/NIFI-11780
>             Project: Apache NiFi
>          Issue Type: Improvement
>            Reporter: angela estes
>            Assignee: David Handermann
>            Priority: Major
>             Fix For: 1.latest, 2.latest
>
>          Time Spent: 10m
>  Remaining Estimate: 0h
>
> I would love to put in a feature request to extract the subject alternate 
> name rfc822Name in the SSL Context service and put it in an attribute similar 
> to http.subject.dn?
>  
> perhaps http.san.rfc822name ?
>  
> if we could get this added to nifi itself, we think we could get rid of our 
> apache httpd front end proxy
>  
> ironically y'all are doing something similar to this in your nifi toolkit to 
> generate certs just not in NiFi itself
>  
> here is the java refernce:
>  
> [https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/security/cert/X509Certificate.html#getSubjectAlternativeNames()|https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/security/cert/X509Certificate.html#getSubjectAlternativeNames%28%29]
>  
> i don't know how y'all derive the actual nifi attribute names exactly, but we 
> think that part is up to them. we are just suggested http.san.X in case 
> someone wanted to implement the other SAN attributes from that API call
>  
> this is the reference to the nifi security utils:
>  
> [https://www.javadoc.io/doc/org.apache.nifi/nifi-security-utils/1.9.2/org/apache/nifi/security/util/CertificateUtils.html#getSubjectAlternativeNames-java.security.cert.X509Certificate-]
>  
>  
> THANK YOU!



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

Reply via email to