limited commented on a change in pull request #4998:
URL: https://github.com/apache/trafficcontrol/pull/4998#discussion_r493612878
##########
File path:
traffic_router/connector/src/main/java/com/comcast/cdn/traffic_control/traffic_router/secure/CertificateDataConverter.java
##########
@@ -108,19 +109,28 @@ public boolean verifySubject(final X509Certificate
certificate, final String hos
return false;
}
+ @SuppressWarnings({"PMD.CyclomaticComplexity"})
private boolean hostCompare(final String hostAlias, final String
subject) {
if (hostAlias.contains(subject) || subject.contains(hostAlias))
{
return true;
}
- final String[] chopped = subject.split("CN=", 2);
- if (chopped != null && chopped.length > 1) {
- String chop = chopped[1];
- chop = chop.replaceFirst("\\*\\.", ".");
- chop = chop.split(",", 2)[0];
- if (chop.length()>0 && (hostAlias.contains(chop) ||
chop.contains(hostAlias))) {
- return true;
+
+ // Parse subjectName out of Common Name
+ // If no CN= present, then subjectName is a SAN and needs only
wildcard removal
+ String subjectName = subject;
+ if (subjectName.contains("CN=")) {
+ final String[] chopped = subjectName.split("CN=", 2);
+ if (chopped != null && chopped.length > 1) {
+ final String chop = chopped[1];
+ subjectName = chop.split(",", 2)[0];
}
}
+
+ subjectName = subjectName.replaceFirst("\\*\\.", ".");
+ if (subjectName.length() > 0 &&
(hostAlias.contains(subjectName) || subject.contains(subjectName))) {
Review comment:
good catch. I'll fix this and likely add a test to verify
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
