ARTEMIS-2799 sniHost property not allowed on URLs

2020-06-02 21:28:24 +02:00 · 2020-06-02 21:28:24 +02:00 · ba674fb842
parent 5f60b29683
commit ba674fb842
2 changed files with 21 additions and 0 deletions
--- a/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java
+++ b/artemis-core-client/src/main/java/org/apache/activemq/artemis/core/remoting/impl/netty/TransportConstants.java
@ -380,6 +380,7 @@ public class TransportConstants {
      allowableAcceptorKeys.add(TransportConstants.NEED_CLIENT_AUTH_PROP_NAME);
      allowableAcceptorKeys.add(TransportConstants.WANT_CLIENT_AUTH_PROP_NAME);
      allowableAcceptorKeys.add(TransportConstants.VERIFY_HOST_PROP_NAME);
+      allowableAcceptorKeys.add(TransportConstants.SNIHOST_PROP_NAME);
      allowableAcceptorKeys.add(TransportConstants.TCP_NODELAY_PROPNAME);
      allowableAcceptorKeys.add(TransportConstants.TCP_SENDBUFFER_SIZE_PROPNAME);
      allowableAcceptorKeys.add(TransportConstants.TCP_RECEIVEBUFFER_SIZE_PROPNAME);
@ -445,6 +446,7 @@ public class TransportConstants {
      allowableConnectorKeys.add(TransportConstants.VERIFY_HOST_PROP_NAME);
      allowableConnectorKeys.add(TransportConstants.TRUST_ALL_PROP_NAME);
      allowableConnectorKeys.add(TransportConstants.FORCE_SSL_PARAMETERS);
+      allowableConnectorKeys.add(TransportConstants.SNIHOST_PROP_NAME);
      allowableConnectorKeys.add(TransportConstants.TCP_NODELAY_PROPNAME);
      allowableConnectorKeys.add(TransportConstants.TCP_SENDBUFFER_SIZE_PROPNAME);
      allowableConnectorKeys.add(TransportConstants.TCP_RECEIVEBUFFER_SIZE_PROPNAME);
--- a/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
+++ b/tests/integration-tests/src/test/java/org/apache/activemq/artemis/tests/integration/ssl/CoreClientOverOneWaySSLTest.java
@ -200,6 +200,25 @@ public class CoreClientOverOneWaySSLTest extends ActiveMQTestBase {
      }
   }

+   @Test
+   public void testOneWaySSLwithSNINegativeAndURL() throws Exception {
+      createCustomSslServer("myhost\\.com");
+
+      ServerLocator locator = addServerLocator(ActiveMQClient.createServerLocator("tcp://127.0.0.1:61616?" +
+                                                                                     TransportConstants.SSL_ENABLED_PROP_NAME + "=true;" +
+                                                                                     TransportConstants.TRUSTSTORE_PROVIDER_PROP_NAME + "=" + storeType + ";" +
+                                                                                     TransportConstants.TRUSTSTORE_PATH_PROP_NAME + "=" + CLIENT_SIDE_TRUSTSTORE +";" +
+                                                                                     TransportConstants.TRUSTSTORE_PASSWORD_PROP_NAME + "=" + PASSWORD + ";" +
+                                                                                     TransportConstants.SNIHOST_PROP_NAME + "=badhost.com"));
+
+      try {
+         ClientSessionFactory sf = addSessionFactory(createSessionFactory(locator));
+         fail("Should have failed due to unrecognized SNI host name");
+      } catch (Exception e) {
+         // ignore
+      }
+   }
+
   @Test
   public void testOneWaySSLwithSNIOnlyOnTheClient() throws Exception {
      createCustomSslServer();