NIFI-13941 Fix Maximum Length for DNS Certificate SAN from Proxy Hosts (

#9462) NIFI-13941 Fixed Maximum Length for DNS Certificate SAN from Proxy Hosts - Added warning log for invalid host in proxy property
apache · Oct 28, 2024 · 86ad55e · 86ad55e
1 parent 90d3b9d
commit 86ad55e
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 2 deletions.
diff --git a/.../src/main/java/org/apache/nifi/bootstrap/property/SecurityApplicationPropertyHandler.java b/.../src/main/java/org/apache/nifi/bootstrap/property/SecurityApplicationPropertyHandler.java
@@ -78,7 +78,8 @@ public class SecurityApplicationPropertyHandler implements ApplicationPropertyHa
 
     private static final String PROPERTY_SEPARATOR = "=";
 
-    private static final Pattern HOST_PORT_PATTERN = Pattern.compile("^([\\w-.]{1,63}):?\\d{0,5}$");
+    // Maximum address length based on RFC 1035 Section 2.3.4
+    private static final Pattern HOST_PORT_PATTERN = Pattern.compile("^([\\w-.]{1,254}):?\\d{0,5}$");
 
     private static final int HOST_GROUP = 1;
 
@@ -307,6 +308,8 @@ private Set<String> getHosts(final String property) {
                 if (hostPortMatcher.matches()) {
                     final String host = hostPortMatcher.group(HOST_GROUP);
                     hosts.add(host);
+                } else {
+                    logger.warn("Invalid host [{}] configured for [{}] in nifi.properties", hostPortGroup, SecurityProperty.WEB_PROXY_HOST.getName());
                 }
             }
         }

diff --git a/.../test/java/org/apache/nifi/bootstrap/property/SecurityApplicationPropertyHandlerTest.java b/.../test/java/org/apache/nifi/bootstrap/property/SecurityApplicationPropertyHandlerTest.java
@@ -61,7 +61,7 @@ class SecurityApplicationPropertyHandlerTest {
 
     private static final int DNS_NAME_TYPE = 2;
 
-    private static final String FIRST_PROXY_HOST = "nifi.apache.org";
+    private static final String FIRST_PROXY_HOST = "maximum.domain.subject.alternative.name.length.greater.than.sixty.four.characters.nifi.apache.org";
 
     private static final int FIRST_PROXY_HOST_PORT = 443;