tchekai704
/
src-kafka
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

[KAFKA-15117] In TestSslUtils set SubjectAlternativeNames to null if there are no hostnames (#14440) 

We are currently encoding an empty hostNames array to subjectAltName in the keystore. While parsing the certificates in the test this causes the issue - Unparseable SubjectAlternativeName extension due to java.io.IOException: No data available in passed DER encoded value. Up to Java 17, this parsing error was ignored. This PR assigns subjectAltName to null if hostnames are empty.

Co-authored-by: Ismael Juma <ismael@juma.me.uk>
Reviewers: Rajini Sivaram <rajinisivaram@googlemail.com>
pull/14447/head
Purshotam Chauhan 1 year ago committed by GitHub
parent
08aa33127a
commit
d8f358facc
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 8 additions and 7 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 3
      clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
  2. 12
      clients/src/test/java/org/apache/kafka/test/TestSslUtils.java

3
clients/src/test/java/org/apache/kafka/common/network/SslTransportLayerTest.java
Unescape View File

@ -36,8 +36,6 @@ import org.apache.kafka.common.utils.Utils; @@ -36,8 +36,6 @@ import org.apache.kafka.common.utils.Utils;
import org.apache.kafka.test.TestSslUtils;
import org.apache.kafka.test.TestUtils;
import org.junit.jupiter.api.AfterEach;
import org.junit.jupiter.api.condition.DisabledOnJre;
import org.junit.jupiter.api.condition.JRE;
import org.junit.jupiter.api.extension.ExtensionContext;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.Arguments;
@ -195,7 +193,6 @@ public class SslTransportLayerTest { @@ -195,7 +193,6 @@ public class SslTransportLayerTest {
*/
@ParameterizedTest
@ArgumentsSource(SslTransportLayerArgumentsProvider.class)
@DisabledOnJre(value = {JRE.JAVA_20, JRE.JAVA_21}, disabledReason = "KAFKA-15117")
public void testValidEndpointIdentificationCN(Args args) throws Exception {
args.serverCertStores = certBuilder(true, "localhost", args.useInlinePem).build();
args.clientCertStores = certBuilder(false, "localhost", args.useInlinePem).build();

12
clients/src/test/java/org/apache/kafka/test/TestSslUtils.java
Unescape View File

@ -399,10 +399,14 @@ public class TestSslUtils { @@ -399,10 +399,14 @@ public class TestSslUtils {
}
public CertificateBuilder sanDnsNames(String... hostNames) throws IOException {
GeneralName[] altNames = new GeneralName[hostNames.length];
for (int i = 0; i < hostNames.length; i++)
altNames[i] = new GeneralName(GeneralName.dNSName, hostNames[i]);
subjectAltName = GeneralNames.getInstance(new DERSequence(altNames)).getEncoded();
if (hostNames.length > 0) {
GeneralName[] altNames = new GeneralName[hostNames.length];
for (int i = 0; i < hostNames.length; i++)
altNames[i] = new GeneralName(GeneralName.dNSName, hostNames[i]);
subjectAltName = GeneralNames.getInstance(new DERSequence(altNames)).getEncoded();
} else {
subjectAltName = null;
}
return this;
}

Write Preview
Loading…
Cancel
Save