Improved domain root matching by default HostnameVerifier

git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1649507 13f79535-47bb-0310-9956-ffa450edef68
2015-01-05 11:54:31 +00:00 · 2015-01-05 11:54:31 +00:00 · 65ebd91590
parent 5f6bdd43f9
commit 65ebd91590
3 changed files with 26 additions and 26 deletions
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
+++ b/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
@ -256,7 +256,13 @@ public abstract class AbstractVerifier implements X509HostnameVerifier {
     * @return  number of dots
     */
    public static int countDots(final String s) {
-        return DefaultHostnameVerifier.countDots(s);
+        int count = 0;
+        for(int i = 0; i < s.length(); i++) {
+            if(s.charAt(i) == '.') {
+                count++;
+            }
+        }
+        return count;
    }

 }
--- a/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
+++ b/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
@ -166,25 +166,19 @@ public final class DefaultHostnameVerifier implements HostnameVerifier {
        }
    }

+    static boolean matchDomainRoot(final String host, final String domainRoot) {
+        if (domainRoot == null) {
+            return false;
+        }
+        return host.endsWith(domainRoot) && (host.length() == domainRoot.length()
+                || host.charAt(host.length() - domainRoot.length() - 1) == '.');
+    }
+
    private static boolean matchIdentity(final String host, final String identity,
                                         final PublicSuffixMatcher publicSuffixMatcher,
                                         final boolean strict) {
-        if (host == null) {
-            return false;
-        }
-
        if (publicSuffixMatcher != null && host.contains(".")) {
-            String domainRoot = publicSuffixMatcher.getDomainRoot(identity);
-            if (domainRoot == null) {
-                // Public domain
-                return false;
-            }
-            domainRoot = "." + domainRoot;
-            if (!host.endsWith(domainRoot)) {
-                // Domain root mismatch
-                return false;
-            }
-            if (strict && countDots(identity) != countDots(domainRoot)) {
+            if (!matchDomainRoot(host, publicSuffixMatcher.getDomainRoot(identity))) {
                return false;
            }
        }
@ -217,16 +211,6 @@ public final class DefaultHostnameVerifier implements HostnameVerifier {
        return host.equalsIgnoreCase(identity);
    }

-    static int countDots(final String s) {
-        int count = 0;
-        for(int i = 0; i < s.length(); i++) {
-            if(s.charAt(i) == '.') {
-                count++;
-            }
-        }
-        return count;
-    }
-
    static boolean matchIdentity(final String host, final String identity,
                                 final PublicSuffixMatcher publicSuffixMatcher) {
        return matchIdentity(host, identity, publicSuffixMatcher, false);
--- a/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
+++ b/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
@ -193,6 +193,16 @@ public class TestDefaultHostnameVerifier {
        }
    }

+    @Test
+    public void testDomainRootMatching() {
+
+        Assert.assertFalse(DefaultHostnameVerifier.matchDomainRoot("a.b.c", null));
+        Assert.assertTrue(DefaultHostnameVerifier.matchDomainRoot("a.b.c", "a.b.c"));
+        Assert.assertFalse(DefaultHostnameVerifier.matchDomainRoot("aa.b.c", "a.b.c"));
+        Assert.assertFalse(DefaultHostnameVerifier.matchDomainRoot("a.b.c", "aa.b.c"));
+        Assert.assertTrue(DefaultHostnameVerifier.matchDomainRoot("a.a.b.c", "a.b.c"));
+    }
+
    @Test
    public void testIdentityMatching() {