From 0ca56358984a20eb2403b8db30ec074e4db5c77e Mon Sep 17 00:00:00 2001 From: Oleg Kalnichevski Date: Sat, 12 Nov 2022 16:56:18 +0100 Subject: [PATCH] HTTPCLIENT-2247: Test cases to document present assumptions about the correct handling of public domain suffixes --- .../http/psl/TestPublicSuffixMatcher.java | 2 ++ .../http/ssl/TestDefaultHostnameVerifier.java | 32 ++++++++++++++++++- .../src/test/resources/suffixlistmatcher.txt | 6 ++++ 3 files changed, 39 insertions(+), 1 deletion(-) diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/psl/TestPublicSuffixMatcher.java b/httpclient5/src/test/java/org/apache/hc/client5/http/psl/TestPublicSuffixMatcher.java index 03d5b5c86..25ba0f299 100644 --- a/httpclient5/src/test/java/org/apache/hc/client5/http/psl/TestPublicSuffixMatcher.java +++ b/httpclient5/src/test/java/org/apache/hc/client5/http/psl/TestPublicSuffixMatcher.java @@ -72,6 +72,8 @@ public class TestPublicSuffixMatcher { Assertions.assertEquals("garbage", matcher.getDomainRoot("garbage.garbage")); Assertions.assertEquals("garbage", matcher.getDomainRoot("*.garbage.garbage")); Assertions.assertEquals("garbage", matcher.getDomainRoot("*.garbage.garbage.garbage")); + + Assertions.assertEquals("*.compute-1.amazonaws.com", matcher.getDomainRoot("*.compute-1.amazonaws.com")); } @Test diff --git a/httpclient5/src/test/java/org/apache/hc/client5/http/ssl/TestDefaultHostnameVerifier.java b/httpclient5/src/test/java/org/apache/hc/client5/http/ssl/TestDefaultHostnameVerifier.java index 67ae939d3..a38b85f6e 100644 --- a/httpclient5/src/test/java/org/apache/hc/client5/http/ssl/TestDefaultHostnameVerifier.java +++ b/httpclient5/src/test/java/org/apache/hc/client5/http/ssl/TestDefaultHostnameVerifier.java @@ -254,6 +254,18 @@ public class TestDefaultHostnameVerifier { Assertions.assertFalse(DefaultHostnameVerifier.matchIdentity("a.b.c", "*.*.c")); Assertions.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.b.c", "*.*.c")); + + Assertions.assertTrue(DefaultHostnameVerifier.matchIdentity("a.b.xxx.uk", "a.b.xxx.uk", publicSuffixMatcher)); + Assertions.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("a.b.xxx.uk", "a.b.xxx.uk", publicSuffixMatcher)); + + Assertions.assertTrue(DefaultHostnameVerifier.matchIdentity("a.b.xxx.uk", "*.b.xxx.uk", publicSuffixMatcher)); + Assertions.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("a.b.xxx.uk", "*.b.xxx.uk", publicSuffixMatcher)); + + Assertions.assertTrue(DefaultHostnameVerifier.matchIdentity("b.xxx.uk", "b.xxx.uk", publicSuffixMatcher)); + Assertions.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("b.xxx.uk", "b.xxx.uk", publicSuffixMatcher)); + + Assertions.assertFalse(DefaultHostnameVerifier.matchIdentity("b.xxx.uk", "*.xxx.uk", publicSuffixMatcher)); + Assertions.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("b.xxx.uk", "*.xxx.uk", publicSuffixMatcher)); } @Test @@ -426,6 +438,24 @@ public class TestDefaultHostnameVerifier { "host.domain.com", Collections.singletonList(SubjectName.DNS("some.other.com")), publicSuffixMatcher)); + + DefaultHostnameVerifier.matchDNSName( + "host.ec2.compute-1.amazonaws.com", + Collections.singletonList(SubjectName.DNS("host.ec2.compute-1.amazonaws.com")), + publicSuffixMatcher); + DefaultHostnameVerifier.matchDNSName( + "host.ec2.compute-1.amazonaws.com", + Collections.singletonList(SubjectName.DNS("*.ec2.compute-1.amazonaws.com")), + publicSuffixMatcher); + DefaultHostnameVerifier.matchDNSName( + "ec2.compute-1.amazonaws.com", + Collections.singletonList(SubjectName.DNS("ec2.compute-1.amazonaws.com")), + publicSuffixMatcher); + Assertions.assertThrows(SSLException.class, () -> + DefaultHostnameVerifier.matchDNSName( + "ec2.compute-1.amazonaws.com", + Collections.singletonList(SubjectName.DNS("*.compute-1.amazonaws.com")), + publicSuffixMatcher)); } -} +} \ No newline at end of file diff --git a/httpclient5/src/test/resources/suffixlistmatcher.txt b/httpclient5/src/test/resources/suffixlistmatcher.txt index e9377cb5f..5f82ba9a7 100644 --- a/httpclient5/src/test/resources/suffixlistmatcher.txt +++ b/httpclient5/src/test/resources/suffixlistmatcher.txt @@ -28,6 +28,12 @@ xx lan appspot.com s3.eu-central-1.amazonaws.com +*.compute.amazonaws.com +*.compute-1.amazonaws.com +*.compute.amazonaws.com.cn +us-east-1.amazonaws.com +*.xxx.uk + // ===END PRIVATE DOMAINS=== // ===BEGIN ICANN DOMAINS===