HTTPCLIENT-2247: Test cases to document present assumptions about the correct handling of public domain suffixes

This commit is contained in:
Oleg Kalnichevski 2022-11-12 16:56:18 +01:00
parent 32228cd4ff
commit 0ca5635898
3 changed files with 39 additions and 1 deletions

View File

@ -72,6 +72,8 @@ public class TestPublicSuffixMatcher {
Assertions.assertEquals("garbage", matcher.getDomainRoot("garbage.garbage")); Assertions.assertEquals("garbage", matcher.getDomainRoot("garbage.garbage"));
Assertions.assertEquals("garbage", matcher.getDomainRoot("*.garbage.garbage")); Assertions.assertEquals("garbage", matcher.getDomainRoot("*.garbage.garbage"));
Assertions.assertEquals("garbage", matcher.getDomainRoot("*.garbage.garbage.garbage")); Assertions.assertEquals("garbage", matcher.getDomainRoot("*.garbage.garbage.garbage"));
Assertions.assertEquals("*.compute-1.amazonaws.com", matcher.getDomainRoot("*.compute-1.amazonaws.com"));
} }
@Test @Test

View File

@ -254,6 +254,18 @@ public class TestDefaultHostnameVerifier {
Assertions.assertFalse(DefaultHostnameVerifier.matchIdentity("a.b.c", "*.*.c")); Assertions.assertFalse(DefaultHostnameVerifier.matchIdentity("a.b.c", "*.*.c"));
Assertions.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.b.c", "*.*.c")); Assertions.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.b.c", "*.*.c"));
Assertions.assertTrue(DefaultHostnameVerifier.matchIdentity("a.b.xxx.uk", "a.b.xxx.uk", publicSuffixMatcher));
Assertions.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("a.b.xxx.uk", "a.b.xxx.uk", publicSuffixMatcher));
Assertions.assertTrue(DefaultHostnameVerifier.matchIdentity("a.b.xxx.uk", "*.b.xxx.uk", publicSuffixMatcher));
Assertions.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("a.b.xxx.uk", "*.b.xxx.uk", publicSuffixMatcher));
Assertions.assertTrue(DefaultHostnameVerifier.matchIdentity("b.xxx.uk", "b.xxx.uk", publicSuffixMatcher));
Assertions.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("b.xxx.uk", "b.xxx.uk", publicSuffixMatcher));
Assertions.assertFalse(DefaultHostnameVerifier.matchIdentity("b.xxx.uk", "*.xxx.uk", publicSuffixMatcher));
Assertions.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("b.xxx.uk", "*.xxx.uk", publicSuffixMatcher));
} }
@Test @Test
@ -426,6 +438,24 @@ public class TestDefaultHostnameVerifier {
"host.domain.com", "host.domain.com",
Collections.singletonList(SubjectName.DNS("some.other.com")), Collections.singletonList(SubjectName.DNS("some.other.com")),
publicSuffixMatcher)); publicSuffixMatcher));
DefaultHostnameVerifier.matchDNSName(
"host.ec2.compute-1.amazonaws.com",
Collections.singletonList(SubjectName.DNS("host.ec2.compute-1.amazonaws.com")),
publicSuffixMatcher);
DefaultHostnameVerifier.matchDNSName(
"host.ec2.compute-1.amazonaws.com",
Collections.singletonList(SubjectName.DNS("*.ec2.compute-1.amazonaws.com")),
publicSuffixMatcher);
DefaultHostnameVerifier.matchDNSName(
"ec2.compute-1.amazonaws.com",
Collections.singletonList(SubjectName.DNS("ec2.compute-1.amazonaws.com")),
publicSuffixMatcher);
Assertions.assertThrows(SSLException.class, () ->
DefaultHostnameVerifier.matchDNSName(
"ec2.compute-1.amazonaws.com",
Collections.singletonList(SubjectName.DNS("*.compute-1.amazonaws.com")),
publicSuffixMatcher));
} }
} }

View File

@ -28,6 +28,12 @@ xx
lan lan
appspot.com appspot.com
s3.eu-central-1.amazonaws.com s3.eu-central-1.amazonaws.com
*.compute.amazonaws.com
*.compute-1.amazonaws.com
*.compute.amazonaws.com.cn
us-east-1.amazonaws.com
*.xxx.uk
// ===END PRIVATE DOMAINS=== // ===END PRIVATE DOMAINS===
// ===BEGIN ICANN DOMAINS=== // ===BEGIN ICANN DOMAINS===