[GitHub] [nifi] gresockj commented on a change in pull request #4976: NIFI-3862: Added Issuer DN support to ListenHTTP
gresockj commented on a change in pull request #4976: URL: https://github.com/apache/nifi/pull/4976#discussion_r608586852 ## File path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenHTTP.java ## @@ -298,6 +299,56 @@ public void testSecureTwoWaySslPOSTRequestsReceivedWithoutEL() throws Exception testPOSTRequestsReceived(HttpServletResponse.SC_OK, true, true); } +@Test +public void testSecureTwoWaySslPOSTRequestsReceivedWithAuthorizedSubjectDn() throws Exception { Review comment: Good point, will remove this one. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] gresockj commented on a change in pull request #4976: NIFI-3862: Added Issuer DN support to ListenHTTP
gresockj commented on a change in pull request #4976: URL: https://github.com/apache/nifi/pull/4976#discussion_r608586502 ## File path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/test/java/org/apache/nifi/processors/standard/TestListenHTTP.java ## @@ -298,6 +299,56 @@ public void testSecureTwoWaySslPOSTRequestsReceivedWithoutEL() throws Exception testPOSTRequestsReceived(HttpServletResponse.SC_OK, true, true); } +@Test +public void testSecureTwoWaySslPOSTRequestsReceivedWithAuthorizedSubjectDn() throws Exception { + configureProcessorSslContextService(ListenHTTP.ClientAuthentication.REQUIRED, serverConfiguration); + +runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort)); +runner.setProperty(ListenHTTP.AUTHORIZED_DN_PATTERN, LOCALHOST_DN); +runner.setProperty(ListenHTTP.BASE_PATH, HTTP_BASE_PATH); +runner.assertValid(); + +testPOSTRequestsReceived(HttpServletResponse.SC_OK, true, true); +} + +@Test +public void testSecureTwoWaySslPOSTRequestsReceivedWithUnauthorizedSubjectDn() throws Exception { + configureProcessorSslContextService(ListenHTTP.ClientAuthentication.REQUIRED, serverConfiguration); + +runner.setProperty(ListenHTTP.PORT, Integer.toString(availablePort)); +runner.setProperty(ListenHTTP.AUTHORIZED_DN_PATTERN, "CN=other"); +runner.setProperty(ListenHTTP.BASE_PATH, HTTP_BASE_PATH); +runner.assertValid(); + +testPOSTRequestsReceived(HttpServletResponse.SC_FORBIDDEN, true, true); +} + +@Test +public void testSecureTwoWaySslPOSTRequestsReceivedWithAuthorizedIssuerDn() throws Exception { Review comment: I wanted to show that configuring the subject and issuer DN patterns to something other than .* would actually work if the patterns matched, so I'd like to keep this one. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org
[GitHub] [nifi] gresockj commented on a change in pull request #4976: NIFI-3862: Added Issuer DN support to ListenHTTP
gresockj commented on a change in pull request #4976: URL: https://github.com/apache/nifi/pull/4976#discussion_r608584778 ## File path: nifi-nar-bundles/nifi-standard-bundle/nifi-standard-processors/src/main/java/org/apache/nifi/processors/standard/servlets/ListenHTTPServlet.java ## @@ -335,8 +348,9 @@ public void process(final OutputStream rawOut) throws IOException { } flowFile = session.putAllAttributes(flowFile, attributes); -flowFile = saveRequestDetailsAsAttributes(request, session, foundSubject, flowFile); -session.getProvenanceReporter().receive(flowFile, request.getRequestURL().toString(), sourceSystemFlowFileIdentifier, "Remote DN=" + foundSubject, transferMillis); +flowFile = saveRequestDetailsAsAttributes(request, session, foundSubject, foundIssuer, flowFile); +final String details = String.format("Remote DN=%s, Issuer DN=%s", foundSubject, foundIssuer); +session.getProvenanceReporter().receive(flowFile, request.getRequestURL().toString(), sourceSystemFlowFileIdentifier, details + foundIssuer, transferMillis); Review comment: Yep, certainly a typo. -- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org