[
https://issues.apache.org/jira/browse/NIFI-12272?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17779586#comment-17779586
]
Michael W Moser commented on NIFI-12272:
----------------------------------------
Thanks for finding and resolving this, [~exceptionfactory]. It certainly would
have caused complications upgrading to 2.0.0
I still would like to see NIFI-2517 implemented (I'll put it on my TODO list)
to relax the matching of certificate DNs in the various places in NiFi that
user identities can be configured.
> Add Standard Certificate Principal Formatting
> ---------------------------------------------
>
> Key: NIFI-12272
> URL: https://issues.apache.org/jira/browse/NIFI-12272
> Project: Apache NiFi
> Issue Type: Bug
> Components: Core Framework, Extensions
> Reporter: David Handermann
> Assignee: David Handermann
> Priority: Major
> Fix For: 2.0.0
>
> Time Spent: 10m
> Remaining Estimate: 0h
>
> The {{X509Certificate.getSubjectDN()}} is denigrated in favor of
> {{getSubjectX500Principal()}} and recent improvements to the main branch
> replaced legacy usage.
> The getSubjectDN method returns Distinguished Names formatted according to
> RFC 1779, which includes separating Relative Distinguished Name elements
> using spaces. This impacts configuration properties such as Identity Mapping,
> and also impacts flow designs that evaluate Certificate Subject and Issuer
> attributes.
> The default behavior of {{X500Principal.getName()}} formats Distinguished
> Names according to RFC 2253, which does not use space separators. Passing
> {{X500Principal.RFC1779}} to the {{getName()}} method follows the same
> formatting approach as {{{}getSubjectDN().getName(){}}}.
> Existing behavior should be maintained to avoid unexpected changes when
> upgrading NiFi versions, and a new utility should be introduced to provide
> standardized formatting.
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
