Fixed CN extraction from DN of X500 principal
git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1411702 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
529541458b
commit
6e14fc146a
|
@ -178,12 +178,12 @@ public abstract class AbstractVerifier implements X509HostnameVerifier {
|
|||
|
||||
// We're can be case-insensitive when comparing the host we used to
|
||||
// establish the socket to the hostname in the certificate.
|
||||
String hostName = host.trim().toLowerCase(Locale.ENGLISH);
|
||||
String hostName = host.trim().toLowerCase(Locale.US);
|
||||
boolean match = false;
|
||||
for(Iterator<String> it = names.iterator(); it.hasNext();) {
|
||||
// Don't trim the CN, though!
|
||||
String cn = it.next();
|
||||
cn = cn.toLowerCase(Locale.ENGLISH);
|
||||
cn = cn.toLowerCase(Locale.US);
|
||||
// Store CN in StringBuilder in case we need to report an error.
|
||||
buf.append(" <");
|
||||
buf.append(cn);
|
||||
|
@ -260,13 +260,15 @@ public abstract class AbstractVerifier implements X509HostnameVerifier {
|
|||
Looks like toString() even works with non-ascii domain names!
|
||||
I tested it with "花子.co.jp" and it worked fine.
|
||||
*/
|
||||
|
||||
String subjectPrincipal = cert.getSubjectX500Principal().toString();
|
||||
StringTokenizer st = new StringTokenizer(subjectPrincipal, ",");
|
||||
while(st.hasMoreTokens()) {
|
||||
String tok = st.nextToken();
|
||||
int x = tok.indexOf("CN=");
|
||||
if(x >= 0) {
|
||||
cnList.add(tok.substring(x + 3));
|
||||
String tok = st.nextToken().trim();
|
||||
if (tok.length() > 3) {
|
||||
if (tok.substring(0, 3).equalsIgnoreCase("CN=")) {
|
||||
cnList.add(tok.substring(3));
|
||||
}
|
||||
}
|
||||
}
|
||||
if(!cnList.isEmpty()) {
|
||||
|
|
|
@ -29,6 +29,7 @@ package org.apache.http.conn.ssl;
|
|||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.InputStream;
|
||||
import java.security.Principal;
|
||||
import java.security.cert.CertificateFactory;
|
||||
import java.security.cert.X509Certificate;
|
||||
import java.util.Arrays;
|
||||
|
@ -37,6 +38,7 @@ import javax.net.ssl.SSLException;
|
|||
|
||||
import org.junit.Assert;
|
||||
import org.junit.Test;
|
||||
import org.mockito.Mockito;
|
||||
|
||||
/**
|
||||
* Unit tests for {@link X509HostnameVerifier}.
|
||||
|
@ -336,7 +338,7 @@ public class TestHostnameVerifier {
|
|||
|
||||
@Test
|
||||
// Various checks of 2TLDs
|
||||
public void testacceptableCountryWildcards() {
|
||||
public void testAcceptableCountryWildcards() {
|
||||
checkWildcard("*.co.org", true); // Not a 2 character TLD
|
||||
checkWildcard("s*.co.org", true); // Not a 2 character TLD
|
||||
checkWildcard("*.co.uk", false); // 2 character TLD, invalid 2TLD
|
||||
|
@ -345,4 +347,17 @@ public class TestHostnameVerifier {
|
|||
checkWildcard("*.a.co.uk", true); // 2 character TLD, invalid 2TLD, but using subdomain
|
||||
checkWildcard("s*.a.co.uk", true); // 2 character TLD, invalid 2TLD, but using subdomain
|
||||
}
|
||||
|
||||
public void testGetCNs() {
|
||||
Principal principal = Mockito.mock(Principal.class);
|
||||
X509Certificate cert = Mockito.mock(X509Certificate.class);
|
||||
Mockito.when(cert.getSubjectDN()).thenReturn(principal);
|
||||
Mockito.when(principal.toString()).thenReturn("bla, bla, blah");
|
||||
Assert.assertArrayEquals(new String[] {}, AbstractVerifier.getCNs(cert));
|
||||
Mockito.when(principal.toString()).thenReturn("Cn=, Cn= , CN, OU=CN=");
|
||||
Assert.assertArrayEquals(new String[] {}, AbstractVerifier.getCNs(cert));
|
||||
Mockito.when(principal.toString()).thenReturn(" Cn=blah, CN= blah , OU=CN=yada");
|
||||
Assert.assertArrayEquals(new String[] {"blah", " blah"}, AbstractVerifier.getCNs(cert));
|
||||
}
|
||||
|
||||
}
|
||||
|
|
Loading…
Reference in New Issue