knox-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lmc...@apache.org
Subject knox git commit: KNOX-1243 - Normalize the required DNs that are Configured in KnoxToken Service
Date Sat, 07 Apr 2018 15:22:04 GMT
Repository: knox
Updated Branches:
  refs/heads/master 4ec9ae4e1 -> 10ad50228


KNOX-1243 - Normalize the required DNs that are Configured in KnoxToken Service

Project: http://git-wip-us.apache.org/repos/asf/knox/repo
Commit: http://git-wip-us.apache.org/repos/asf/knox/commit/10ad5022
Tree: http://git-wip-us.apache.org/repos/asf/knox/tree/10ad5022
Diff: http://git-wip-us.apache.org/repos/asf/knox/diff/10ad5022

Branch: refs/heads/master
Commit: 10ad502285ca410e8a6cfb4414e34b0494f208a7
Parents: 4ec9ae4
Author: Larry McCay <lmccay@hortonworks.com>
Authored: Sat Apr 7 11:21:54 2018 -0400
Committer: Larry McCay <lmccay@hortonworks.com>
Committed: Sat Apr 7 11:21:54 2018 -0400

----------------------------------------------------------------------
 .../org/apache/knox/gateway/service/knoxtoken/TokenResource.java | 4 ++--
 .../knox/gateway/service/knoxtoken/TokenServiceResourceTest.java | 2 +-
 2 files changed, 3 insertions(+), 3 deletions(-)
----------------------------------------------------------------------


http://git-wip-us.apache.org/repos/asf/knox/blob/10ad5022/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
index f8eb124..1514287 100644
--- a/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
+++ b/gateway-service-knoxtoken/src/main/java/org/apache/knox/gateway/service/knoxtoken/TokenResource.java
@@ -97,7 +97,7 @@ public class TokenResource {
     if (principals != null) {
       String[] dns = principals.split(";");
       for (int i = 0; i < dns.length; i++) {
-        allowedDNs.add(dns[i]);
+        allowedDNs.add(dns[i].replaceAll("\\s+",""));
       }
     }
 
@@ -154,7 +154,7 @@ public class TokenResource {
     if (clientCertRequired) {
       X509Certificate cert = extractCertificate(request);
       if (cert != null) {
-        if (!allowedDNs.contains(cert.getSubjectDN().getName())) {
+        if (!allowedDNs.contains(cert.getSubjectDN().getName().replaceAll("\\s+",""))) {
           return Response.status(403).entity("{ \"Unable to get token - untrusted client
cert.\" }").build();
         }
       }

http://git-wip-us.apache.org/repos/asf/knox/blob/10ad5022/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
----------------------------------------------------------------------
diff --git a/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
b/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
index 3753b27..61f5d4a 100644
--- a/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
+++ b/gateway-service-knoxtoken/src/test/java/org/apache/knox/gateway/service/knoxtoken/TokenServiceResourceTest.java
@@ -273,7 +273,7 @@ public class TokenServiceResourceTest {
     HttpServletRequest request = EasyMock.createNiceMock(HttpServletRequest.class);
     EasyMock.expect(request.getServletContext()).andReturn(context).anyTimes();
     X509Certificate trustedCertMock = EasyMock.createMock(X509Certificate.class);
-    EasyMock.expect(trustedCertMock.getSubjectDN()).andReturn(new PrimaryPrincipal("CN=localhost,
OU=Test, O=Hadoop, L=Test, ST=Test, C=US")).anyTimes();
+    EasyMock.expect(trustedCertMock.getSubjectDN()).andReturn(new PrimaryPrincipal("CN=localhost,OU=Test,
O=Hadoop, L=Test, ST=Test, C=US")).anyTimes();
     ArrayList<X509Certificate> certArrayList = new ArrayList<X509Certificate>();
     certArrayList.add(trustedCertMock);
     X509Certificate[] certs = {};


Mime
View raw message