NIFI-14012 Added UID and DC Formatting for Certificate Principals

- Added Object Identifiers for UID and DC which are not included in the standard set for X500Principal.RFC1779
exceptionfactory · Nov 18, 2024 · 22d769a · 22d769a
1 parent 2173672
commit 22d769a
Show file tree

Hide file tree

Showing 2 changed files with 23 additions and 1 deletion.
diff --git a/...security-cert/src/main/java/org/apache/nifi/security/cert/StandardPrincipalFormatter.java b/...security-cert/src/main/java/org/apache/nifi/security/cert/StandardPrincipalFormatter.java
@@ -18,6 +18,7 @@
 
 import javax.security.auth.x500.X500Principal;
 import java.security.cert.X509Certificate;
+import java.util.Map;
 import java.util.Objects;
 
 /**
@@ -26,6 +27,12 @@
 public class StandardPrincipalFormatter implements PrincipalFormatter {
     private static final PrincipalFormatter INSTANCE = new StandardPrincipalFormatter();
 
+    /** Map of Object Identifiers to Names not included in the standard set from X500Principal.RFC1779 */
+    private static final Map<String, String> OBJECT_IDENTIFIER_NAMES = Map.of(
+            "0.9.2342.19200300.100.1.1", "UID",
+            "0.9.2342.19200300.100.1.25", "DC"
+    );
+
     private StandardPrincipalFormatter() {
 
     }
@@ -64,6 +71,6 @@ public String getIssuer(final X509Certificate certificate) {
     }
 
     private String getFormatted(final X500Principal principal) {
-        return principal.getName(X500Principal.RFC1779);
+        return principal.getName(X500Principal.RFC1779, OBJECT_IDENTIFIER_NAMES);
     }
 }
diff --git a/...rity-cert/src/test/java/org/apache/nifi/security/cert/StandardPrincipalFormatterTest.java b/...rity-cert/src/test/java/org/apache/nifi/security/cert/StandardPrincipalFormatterTest.java
@@ -36,6 +36,12 @@ class StandardPrincipalFormatterTest {
 
     private static final X500Principal SUBJECT_PRINCIPAL = new X500Principal(SUBJECT_CANONICAL);
 
+    private static final String SUBJECT_LDAP_ELEMENTS = "UID=Subject,DC=Apache,DC=NiFi";
+
+    private static final String SUBJECT_LDAP_FORMATTED = "UID=Subject, DC=Apache, DC=NiFi";
+
+    private static final X500Principal SUBJECT_LDAP_PRINCIPAL = new X500Principal(SUBJECT_LDAP_ELEMENTS);
+
     private static final String ISSUER_CANONICAL = "CN=Certificate Authority,O=Organization,C=US";
 
     private static final String ISSUER_FORMATTED = "CN=Certificate Authority, O=Organization, C=US";
@@ -54,6 +60,15 @@ void testGetSubject() {
         assertEquals(SUBJECT_FORMATTED, subject);
     }
 
+    @Test
+    void testGetSubjectLdapElements() {
+        when(certificate.getSubjectX500Principal()).thenReturn(SUBJECT_LDAP_PRINCIPAL);
+
+        final String subject = StandardPrincipalFormatter.getInstance().getSubject(certificate);
+
+        assertEquals(SUBJECT_LDAP_FORMATTED, subject);
+    }
+
     @Test
     void testGetIssuer() {
         when(certificate.getIssuerX500Principal()).thenReturn(ISSUER_PRINCIPAL);