VedaKadam commented on a change in pull request #4670:
URL: https://github.com/apache/nifi/pull/4670#discussion_r526351267
##########
File path:
nifi-commons/nifi-security-utils/src/main/java/org/apache/nifi/security/util/CertificateUtils.java
##########
@@ -160,26 +180,33 @@ public static String extractUsername(String dn) {
*/
public static List<String> getSubjectAlternativeNames(final
X509Certificate certificate) throws CertificateParsingException {
- final Collection<List<?>> altNames =
certificate.getSubjectAlternativeNames();
+ /*
+ * generalName has the name type as the first element a String or byte
array for the second element. We return any general names that are String types.
+ *
+ * We don't inspect the numeric name type because some certificates
incorrectly put IPs and DNS names under the wrong name types.
+ */
+
+ ArrayList<String> sanEntries = new
ArrayList<>(getSubjectAlternativeNamesMap(certificate).keySet());
Review comment:
Yes, correcting.
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
