alopresto commented on a change in pull request #3457: NIFI-4247 Support ranges
in `tls-toolkit` SAN cli option.
URL: https://github.com/apache/nifi/pull/3457#discussion_r280649815
##########
File path:
nifi-toolkit/nifi-toolkit-tls/src/main/java/org/apache/nifi/toolkit/tls/standalone/TlsToolkitStandalone.java
##########
@@ -177,6 +184,16 @@ public void
createNifiKeystoresAndTrustStores(StandaloneConfig standaloneConfig)
File keystore = new File(hostDir, "keystore." +
tlsClientConfig.getKeyStoreType().toLowerCase());
File truststore = new File(hostDir, "truststore." +
tlsClientConfig.getTrustStoreType().toLowerCase());
+ // Adjust the SANs when ranges match.
+ if (domainAlternativeNames.size() == 1) {
+
tlsClientConfig.setDomainAlternativeNames(Collections.singletonList(domainAlternativeNames.get(0)));
+ } else if (domainAlternativeNames.size() ==
instanceDefinitions.size()) {
+
tlsClientConfig.setDomainAlternativeNames(Collections.singletonList(domainAlternativeNames.get(instanceIndex)));
+ logger.info("Using alternate name " +
domainAlternativeNames.get(instanceIndex) + " with hostname " + hostname + ".");
+ } else {
+ logger.info("Hostname count does not match given alternate
name count. Verify names in resulting certificate.");
Review comment:
Might want to escalate this to `logger.warn` as it would be an edge case
(not even sure we know how to handle it) when a non-static domain alternative
name pattern is applied but the range does not match the hostname pattern
count.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
With regards,
Apache Git Services
