NIFI-8286 Extended CertificateUtils to allow parsing of CNs conforming to RFC5280

[jwoschitz]

Thank you for submitting a contribution to Apache NiFi.

Please provide a short description of the PR here:

Description of PR

This PR addresses the issues described in https://issues.apache.org/jira/browse/NIFI-8286. It enables parsing of subject distinguished names which contain an embedded emailAddress attribute, which is a valid (though legacy) way to define a subject according to RFC5280.

In order to streamline the review of the contribution we ask you
to ensure the following steps have been taken:

For all changes:

• Is there a JIRA ticket associated with this PR? Is it referenced
  in the commit message?

• Does your PR title start with NIFI-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.

• Has your PR been rebased against the latest commit within the target branch (typically main)?

• Is your initial contribution a single, squashed commit? Additional commits in response to PR reviewer feedback should be made on this branch and pushed to allow change tracking. Do not squash or use --force when pushing to allow for clean monitoring of changes.

For code changes:

• Have you ensured that the full suite of tests is executed via mvn -Pcontrib-check clean install at the root nifi folder?
• Have you written or updated unit tests to verify your changes?
• Have you verified that the full build is successful on JDK 8?
• Have you verified that the full build is successful on JDK 11?
• If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?
• If applicable, have you updated the LICENSE file, including the main LICENSE file under nifi-assembly?
• If applicable, have you updated the NOTICE file, including the main NOTICE file found under nifi-assembly?
• If adding new Properties, have you added .displayName in addition to .name (programmatic access) for each of the new properties?

For documentation related changes:

• Have you ensured that format looks appropriate for the output in which it is rendered?

Note:

Please ensure that once the PR is submitted, you check GitHub Actions CI for build issues and submit an update to your PR as soon as possible.

[exceptionfactory]

Thanks for the contribution @jwoschitz! This looks like a straightforward change with a clear associated unit test. See one comment about potentially using a regular expression to simplify the extraction.

[exceptionfactory]

Did you consider using regular expression pattern? That might simplify the approach and the Pattern could be compiled as a static variable.

Suggested change

	final String emailPattern = "/emailAddress=";
	final int index = StringUtils.indexOfIgnoreCase(username, emailPattern);
	if (index >= 0) {
	String[] dnParts = username.split(emailPattern);
	if (dnParts.length > 0) {
	// only use the actual CN
	username = dnParts[0];
	}
	}
	// Replace variable with: private static final Pattern EMAIL_ATTRIBUTE_PATTERN = Pattern.compile("/emailAddress=.+");
	final Pattern emailAttributePattern = Pattern.compile("/emailAddress=.+");
	final Matcher emailMatcher = emailAttributePattern.matcher(username);
	if (emailMatcher.find()) {
	username = emailMatcher.replace(StringUtils.EMPTY);
	}

[jwoschitz]

Yes, I considered it, though as the other logic (see already existing code above the lines added by me) was not using regex for a similar problem, I tried to keep the code consistent by following the same approach.

[exceptionfactory]

Thanks for the reply @jwoschitz, that's a good point. Following the approach of the existing code sounds good.

[exceptionfactory]

Thanks for the work on this @jwoschitz. +1 Merging.