Uploaded image for project: 'Kafka'
  1. Kafka
  2. KAFKA-8860

SslPrincipalMapper should handle distinguished names with spaces

    XMLWordPrintableJSON

Details

    • Bug
    • Status: Resolved
    • Major
    • Resolution: Fixed
    • 2.2.0
    • 2.4.0
    • None
    • None

    Description

      This Jira is to track the issue reported by  tb@teebee.de in PR #7140 

      PR #6099 tried to undo the splitting of the ssl.principal.mapper.rules list on comma with whitespace by sophisticated rejoining of the split list using a comma as separator. However, since possibly surrounding whitespace is not reconstructed this approach fails in general. Consider the following test case:

      @Test
      public void testCommaWithWhitespace() throws Exception \{
          String value = "RULE:^CN=((\\\\, *|\\w)+)(,.*|$)/$1/,DEFAULT";
      
          @SuppressWarnings("unchecked")
          List<String> rules = (List<String>) ConfigDef.parseType("ssl.principal.mapper.rules", value, Type.LIST);
      
          SslPrincipalMapper mapper = SslPrincipalMapper.fromRules(rules);
          assertEquals("Tkac\\, Adam", mapper.getName("CN=Tkac\\, Adam,OU=ITZ,DC=geodis,DC=cz"));
      }
      

      The space after the escaped comma is essential. Unfortunately, it has disappeared after splitting and rejoining.

      Moreover, in joinSplitRules the decision to rejoin list elements is based on local information only which might not be sufficient. It works for 

      "RULE:^CN=([^,ADEFLTU,]+)(,.*|$)/$1/"

        but fails for the equivalent regular expression 

      RULE:^CN=([^,DEFAULT,]+)(,.*|$)/$1/"

      The approach of the current PR is to change the type of the ssl.principal.mapper.rules attribute from LIST to STRING and to delegate the splitting of the rules to the SslPrincipalMapper. It knows about the structure of the rules and can perform the splitting context-based.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              omkreddy Manikumar
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved: