Domain name normalization
This commit is contained in:
parent
4381ea3e47
commit
343ac3d407
|
@ -36,7 +36,6 @@ import java.util.ArrayList;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Locale;
|
|
||||||
import java.util.NoSuchElementException;
|
import java.util.NoSuchElementException;
|
||||||
|
|
||||||
import javax.naming.InvalidNameException;
|
import javax.naming.InvalidNameException;
|
||||||
|
@ -55,6 +54,7 @@ import org.apache.commons.logging.Log;
|
||||||
import org.apache.commons.logging.LogFactory;
|
import org.apache.commons.logging.LogFactory;
|
||||||
import org.apache.http.annotation.Contract;
|
import org.apache.http.annotation.Contract;
|
||||||
import org.apache.http.annotation.ThreadingBehavior;
|
import org.apache.http.annotation.ThreadingBehavior;
|
||||||
|
import org.apache.http.conn.util.DnsUtils;
|
||||||
import org.apache.http.conn.util.DomainType;
|
import org.apache.http.conn.util.DomainType;
|
||||||
import org.apache.http.conn.util.InetAddressUtils;
|
import org.apache.http.conn.util.InetAddressUtils;
|
||||||
import org.apache.http.conn.util.PublicSuffixMatcher;
|
import org.apache.http.conn.util.PublicSuffixMatcher;
|
||||||
|
@ -164,11 +164,11 @@ public final class DefaultHostnameVerifier implements HostnameVerifier {
|
||||||
|
|
||||||
static void matchDNSName(final String host, final List<SubjectName> subjectAlts,
|
static void matchDNSName(final String host, final List<SubjectName> subjectAlts,
|
||||||
final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
|
final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
|
||||||
final String normalizedHost = host.toLowerCase(Locale.ROOT);
|
final String normalizedHost = DnsUtils.normalize(host);
|
||||||
for (int i = 0; i < subjectAlts.size(); i++) {
|
for (int i = 0; i < subjectAlts.size(); i++) {
|
||||||
final SubjectName subjectAlt = subjectAlts.get(i);
|
final SubjectName subjectAlt = subjectAlts.get(i);
|
||||||
if (subjectAlt.getType() == SubjectName.DNS) {
|
if (subjectAlt.getType() == SubjectName.DNS) {
|
||||||
final String normalizedSubjectAlt = subjectAlt.getValue().toLowerCase(Locale.ROOT);
|
final String normalizedSubjectAlt = DnsUtils.normalize(subjectAlt.getValue());
|
||||||
if (matchIdentityStrict(normalizedHost, normalizedSubjectAlt, publicSuffixMatcher, DomainType.ICANN)) {
|
if (matchIdentityStrict(normalizedHost, normalizedSubjectAlt, publicSuffixMatcher, DomainType.ICANN)) {
|
||||||
return;
|
return;
|
||||||
}
|
}
|
||||||
|
@ -180,8 +180,8 @@ public final class DefaultHostnameVerifier implements HostnameVerifier {
|
||||||
|
|
||||||
static void matchCN(final String host, final String cn,
|
static void matchCN(final String host, final String cn,
|
||||||
final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
|
final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
|
||||||
final String normalizedHost = host.toLowerCase(Locale.ROOT);
|
final String normalizedHost = DnsUtils.normalize(host);
|
||||||
final String normalizedCn = cn.toLowerCase(Locale.ROOT);
|
final String normalizedCn = DnsUtils.normalize(cn);
|
||||||
if (!matchIdentityStrict(normalizedHost, normalizedCn, publicSuffixMatcher, DomainType.ICANN)) {
|
if (!matchIdentityStrict(normalizedHost, normalizedCn, publicSuffixMatcher, DomainType.ICANN)) {
|
||||||
throw new SSLPeerUnverifiedException("Certificate for <" + host + "> doesn't match " +
|
throw new SSLPeerUnverifiedException("Certificate for <" + host + "> doesn't match " +
|
||||||
"common name of the certificate subject: " + cn);
|
"common name of the certificate subject: " + cn);
|
||||||
|
|
|
@ -0,0 +1,76 @@
|
||||||
|
/*
|
||||||
|
* ====================================================================
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. The ASF licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
* ====================================================================
|
||||||
|
*
|
||||||
|
* This software consists of voluntary contributions made by many
|
||||||
|
* individuals on behalf of the Apache Software Foundation. For more
|
||||||
|
* information on the Apache Software Foundation, please see
|
||||||
|
* <http://www.apache.org/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.apache.http.conn.util;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* A collection of utilities relating to Domain Name System.
|
||||||
|
*
|
||||||
|
* @since 4.5
|
||||||
|
*/
|
||||||
|
public class DnsUtils {
|
||||||
|
|
||||||
|
private DnsUtils() {
|
||||||
|
}
|
||||||
|
|
||||||
|
private static boolean isUpper(final char c) {
|
||||||
|
return c >= 'A' && c <= 'Z';
|
||||||
|
}
|
||||||
|
|
||||||
|
public static String normalize(final String s) {
|
||||||
|
if (s == null) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
int pos = 0;
|
||||||
|
int remaining = s.length();
|
||||||
|
while (remaining > 0) {
|
||||||
|
if (isUpper(s.charAt(pos))) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
pos++;
|
||||||
|
remaining--;
|
||||||
|
}
|
||||||
|
if (remaining > 0) {
|
||||||
|
final StringBuilder buf = new StringBuilder(s.length());
|
||||||
|
buf.append(s, 0, pos);
|
||||||
|
while (remaining > 0) {
|
||||||
|
final char c = s.charAt(pos);
|
||||||
|
if (isUpper(c)) {
|
||||||
|
buf.append((char) (c + ('a' - 'A')));
|
||||||
|
} else {
|
||||||
|
buf.append(c);
|
||||||
|
}
|
||||||
|
pos++;
|
||||||
|
remaining--;
|
||||||
|
}
|
||||||
|
return buf.toString();
|
||||||
|
} else {
|
||||||
|
return s;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -29,7 +29,6 @@ package org.apache.http.conn.util;
|
||||||
import java.net.IDN;
|
import java.net.IDN;
|
||||||
import java.util.Collection;
|
import java.util.Collection;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Locale;
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.concurrent.ConcurrentHashMap;
|
import java.util.concurrent.ConcurrentHashMap;
|
||||||
|
|
||||||
|
@ -142,7 +141,7 @@ public final class PublicSuffixMatcher {
|
||||||
if (domain.startsWith(".")) {
|
if (domain.startsWith(".")) {
|
||||||
return null;
|
return null;
|
||||||
}
|
}
|
||||||
final String normalized = domain.toLowerCase(Locale.ROOT);
|
final String normalized = DnsUtils.normalize(domain);
|
||||||
String segment = normalized;
|
String segment = normalized;
|
||||||
String result = null;
|
String result = null;
|
||||||
while (segment != null) {
|
while (segment != null) {
|
||||||
|
|
|
@ -0,0 +1,51 @@
|
||||||
|
/*
|
||||||
|
* ====================================================================
|
||||||
|
* Licensed to the Apache Software Foundation (ASF) under one
|
||||||
|
* or more contributor license agreements. See the NOTICE file
|
||||||
|
* distributed with this work for additional information
|
||||||
|
* regarding copyright ownership. The ASF licenses this file
|
||||||
|
* to you under the Apache License, Version 2.0 (the
|
||||||
|
* "License"); you may not use this file except in compliance
|
||||||
|
* with the License. You may obtain a copy of the License at
|
||||||
|
*
|
||||||
|
* http://www.apache.org/licenses/LICENSE-2.0
|
||||||
|
*
|
||||||
|
* Unless required by applicable law or agreed to in writing,
|
||||||
|
* software distributed under the License is distributed on an
|
||||||
|
* "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
|
||||||
|
* KIND, either express or implied. See the License for the
|
||||||
|
* specific language governing permissions and limitations
|
||||||
|
* under the License.
|
||||||
|
* ====================================================================
|
||||||
|
*
|
||||||
|
* This software consists of voluntary contributions made by many
|
||||||
|
* individuals on behalf of the Apache Software Foundation. For more
|
||||||
|
* information on the Apache Software Foundation, please see
|
||||||
|
* <http://www.apache.org/>.
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
|
||||||
|
package org.apache.http.conn.util;
|
||||||
|
|
||||||
|
import org.hamcrest.CoreMatchers;
|
||||||
|
import org.junit.Assert;
|
||||||
|
import org.junit.Test;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Unit tests for DnsUtils.
|
||||||
|
*/
|
||||||
|
public class TesDnsUtils {
|
||||||
|
|
||||||
|
@Test
|
||||||
|
public void testNormalize() {
|
||||||
|
Assert.assertThat(DnsUtils.normalize(null), CoreMatchers.equalTo(null));
|
||||||
|
Assert.assertThat(DnsUtils.normalize(""), CoreMatchers.equalTo(""));
|
||||||
|
Assert.assertThat(DnsUtils.normalize("blah"), CoreMatchers.equalTo("blah"));
|
||||||
|
Assert.assertThat(DnsUtils.normalize("BLAH"), CoreMatchers.equalTo("blah"));
|
||||||
|
Assert.assertThat(DnsUtils.normalize("blAh"), CoreMatchers.equalTo("blah"));
|
||||||
|
Assert.assertThat(DnsUtils.normalize("blaH"), CoreMatchers.equalTo("blah"));
|
||||||
|
Assert.assertThat(DnsUtils.normalize("blaH"), CoreMatchers.equalTo("blah"));
|
||||||
|
Assert.assertThat(DnsUtils.normalize("hac\u212A!!!"), CoreMatchers.equalTo("hac\u212A!!!"));
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
Loading…
Reference in New Issue