mirror of https://github.com/apache/nifi.git
NIFI-13941 Fix Maximum Length for DNS Certificate SAN from Proxy Hosts (#9462)
NIFI-13941 Fixed Maximum Length for DNS Certificate SAN from Proxy Hosts - Added warning log for invalid host in proxy property
This commit is contained in:
David Handermann
GitHub
parent
90d3b9da31
commit
86ad55e43e
|
|
@ -78,7 +78,8 @@ public class SecurityApplicationPropertyHandler implements ApplicationPropertyHa
|
|||
|
||||
private static final String PROPERTY_SEPARATOR = "=";
|
||||
|
||||
private static final Pattern HOST_PORT_PATTERN = Pattern.compile("^([\\w-.]{1,63}):?\\d{0,5}$");
|
||||
// Maximum address length based on RFC 1035 Section 2.3.4
|
||||
private static final Pattern HOST_PORT_PATTERN = Pattern.compile("^([\\w-.]{1,254}):?\\d{0,5}$");
|
||||
|
||||
private static final int HOST_GROUP = 1;
|
||||
|
||||
|
|
@ -307,6 +308,8 @@ public class SecurityApplicationPropertyHandler implements ApplicationPropertyHa
|
|||
if (hostPortMatcher.matches()) {
|
||||
final String host = hostPortMatcher.group(HOST_GROUP);
|
||||
hosts.add(host);
|
||||
} else {
|
||||
logger.warn("Invalid host [{}] configured for [{}] in nifi.properties", hostPortGroup, SecurityProperty.WEB_PROXY_HOST.getName());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -61,7 +61,7 @@ class SecurityApplicationPropertyHandlerTest {
|
|||
|
||||
private static final int DNS_NAME_TYPE = 2;
|
||||
|
||||
private static final String FIRST_PROXY_HOST = "nifi.apache.org";
|
||||
private static final String FIRST_PROXY_HOST = "maximum.domain.subject.alternative.name.length.greater.than.sixty.four.characters.nifi.apache.org";
|
||||
|
||||
private static final int FIRST_PROXY_HOST_PORT = 443;
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue