[GitHub] nifi issue #1491: NIFI-3331 - TLS Toolkit - add the possibility to define SA...

[alopresto]

Github user alopresto commented on the issue:

    https://github.com/apache/nifi/pull/1491
  
    I added some unit tests for the certificate issuance with SANs and the CSR 
generation. I also wrote some harness code which executed the CSR generation 
and visually inspected it for the presence of the SANs:
    
    ```
    hw12203:/Users/alopresto/Workspace/scratch (master) alopresto
    🔓 8s @ 21:21:42 $ openssl req -text -noout -in csr.pem
    Certificate Request:
        Data:
            Version: 0 (0x0)
            Subject: CN=testCaHostname, OU=NIFI
            Subject Public Key Info:
                Public Key Algorithm: rsaEncryption
                    Public-Key: (2048 bit)
                    Modulus:
                        00:95:1f:2f:f5:0e:a8:94:27:0e:3e:da:89:eb:e6:
                        8a:7b:9d:54:43:03:eb:5b:dd:fc:3a:39:a3:8b:f5:
                        e3:1f:f7:00:32:d5:4c:f9:55:e6:4c:04:80:97:c5:
                        80:3b:92:22:a4:34:a9:3c:72:18:09:03:56:8f:18:
                        74:f9:f7:5d:0a:7f:37:32:16:6b:8a:84:f3:c8:71:
                        ce:1d:92:9f:e2:06:7d:bf:92:73:c8:11:d9:54:46:
                        e6:3a:4f:4e:6d:90:e3:f6:ee:91:11:6a:66:0c:4c:
                        1f:91:76:96:76:2e:c6:ff:35:e9:c5:1f:51:0c:cb:
                        ba:5d:39:24:b6:dd:67:75:84:35:c2:a5:5e:a0:ad:
                        53:13:ca:ba:67:8f:07:ef:e7:b0:63:65:09:48:d6:
                        c0:77:61:c2:77:8a:b8:f1:f8:2e:1f:41:db:4f:49:
                        55:ca:01:ab:4c:a7:8a:3f:2f:89:23:7c:89:01:e1:
                        56:3b:a9:3a:2b:fe:e2:66:85:2a:4e:8b:9c:5f:ac:
                        7c:45:d3:9b:92:3c:b5:5c:36:83:7c:71:5c:33:83:
                        7d:20:e4:b5:1a:62:94:93:6a:36:5c:cc:38:63:4e:
                        f6:70:58:04:04:62:bd:a5:27:a8:33:1c:c4:a6:50:
                        bd:7b:a5:de:01:6d:8e:70:1b:51:ed:b3:d2:6f:e0:
                        4f:f1
                    Exponent: 65537 (0x10001)
            Attributes:
            Requested Extensions:
                X509v3 Subject Alternative Name:
                    DNS:127.0.0.1, DNS:nifi.nifi.apache.org
        Signature Algorithm: sha256WithRSAEncryption
             2b:aa:b5:d3:a6:97:44:e2:cb:28:26:5e:6d:f6:3b:cc:66:a1:
             5b:c7:46:6d:52:30:da:99:12:a5:9e:04:d9:9c:26:17:a0:07:
             75:e6:53:80:ae:93:fc:9b:3b:f4:e9:b2:94:4e:7b:d2:89:d0:
             ab:c3:9d:03:39:c6:c9:e1:ea:0d:c6:14:72:0d:06:43:4d:64:
             a0:cb:e0:ef:58:d7:d6:69:32:7f:6b:30:1a:03:54:f6:e4:49:
             5e:29:58:d5:e3:e8:17:c2:cc:30:28:e0:4a:85:59:fe:d6:ad:
             e1:4d:62:99:52:99:49:b5:f7:54:b8:7f:eb:b6:50:c8:0d:5c:
             2f:d6:26:28:33:5c:53:b5:50:13:7f:08:5b:35:fb:ef:9a:48:
             b1:fa:fd:39:c6:9f:96:ef:99:37:bc:a8:60:13:09:1f:27:3d:
             67:41:33:dc:5d:48:b4:43:dc:69:9b:0b:93:14:6e:40:07:84:
             22:27:ee:be:6b:07:91:99:e2:20:c5:94:bd:49:d3:3b:3d:56:
             75:b8:bf:1c:bf:56:ff:42:64:04:c0:68:ed:1b:f6:fd:4f:ab:
             89:e1:4e:e0:d8:6b:f1:a2:2b:81:1a:c1:9e:41:18:b9:2c:6d:
             3f:31:c1:bc:70:2a:2a:9a:29:91:3f:d4:94:a5:65:54:2e:03:
             1d:f5:96:83
    ```
    
    All tests pass, contrib-check passes, +1 and merging. 


---
If your project is set up for it, you can reply to this email and have your
reply appear on GitHub as well. If your project does not have this feature
enabled and wishes so, or if the feature is enabled but not working, please
contact infrastructure at infrastruct...@apache.org or file a JIRA ticket
with INFRA.
---