Fixed CN extraction from DN of X500 principal
git-svn-id: https://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk@1411702 13f79535-47bb-0310-9956-ffa450edef68
This commit is contained in:
parent
529541458b
commit
6e14fc146a
|
@ -178,12 +178,12 @@ public abstract class AbstractVerifier implements X509HostnameVerifier {
|
||||||
|
|
||||||
// We're can be case-insensitive when comparing the host we used to
|
// We're can be case-insensitive when comparing the host we used to
|
||||||
// establish the socket to the hostname in the certificate.
|
// establish the socket to the hostname in the certificate.
|
||||||
String hostName = host.trim().toLowerCase(Locale.ENGLISH);
|
String hostName = host.trim().toLowerCase(Locale.US);
|
||||||
boolean match = false;
|
boolean match = false;
|
||||||
for(Iterator<String> it = names.iterator(); it.hasNext();) {
|
for(Iterator<String> it = names.iterator(); it.hasNext();) {
|
||||||
// Don't trim the CN, though!
|
// Don't trim the CN, though!
|
||||||
String cn = it.next();
|
String cn = it.next();
|
||||||
cn = cn.toLowerCase(Locale.ENGLISH);
|
cn = cn.toLowerCase(Locale.US);
|
||||||
// Store CN in StringBuilder in case we need to report an error.
|
// Store CN in StringBuilder in case we need to report an error.
|
||||||
buf.append(" <");
|
buf.append(" <");
|
||||||
buf.append(cn);
|
buf.append(cn);
|
||||||
|
@ -260,13 +260,15 @@ public abstract class AbstractVerifier implements X509HostnameVerifier {
|
||||||
Looks like toString() even works with non-ascii domain names!
|
Looks like toString() even works with non-ascii domain names!
|
||||||
I tested it with "花子.co.jp" and it worked fine.
|
I tested it with "花子.co.jp" and it worked fine.
|
||||||
*/
|
*/
|
||||||
|
|
||||||
String subjectPrincipal = cert.getSubjectX500Principal().toString();
|
String subjectPrincipal = cert.getSubjectX500Principal().toString();
|
||||||
StringTokenizer st = new StringTokenizer(subjectPrincipal, ",");
|
StringTokenizer st = new StringTokenizer(subjectPrincipal, ",");
|
||||||
while(st.hasMoreTokens()) {
|
while(st.hasMoreTokens()) {
|
||||||
String tok = st.nextToken();
|
String tok = st.nextToken().trim();
|
||||||
int x = tok.indexOf("CN=");
|
if (tok.length() > 3) {
|
||||||
if(x >= 0) {
|
if (tok.substring(0, 3).equalsIgnoreCase("CN=")) {
|
||||||
cnList.add(tok.substring(x + 3));
|
cnList.add(tok.substring(3));
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
if(!cnList.isEmpty()) {
|
if(!cnList.isEmpty()) {
|
||||||
|
|
|
@ -29,6 +29,7 @@ package org.apache.http.conn.ssl;
|
||||||
|
|
||||||
import java.io.ByteArrayInputStream;
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
|
import java.security.Principal;
|
||||||
import java.security.cert.CertificateFactory;
|
import java.security.cert.CertificateFactory;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
import java.util.Arrays;
|
import java.util.Arrays;
|
||||||
|
@ -37,6 +38,7 @@ import javax.net.ssl.SSLException;
|
||||||
|
|
||||||
import org.junit.Assert;
|
import org.junit.Assert;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
|
import org.mockito.Mockito;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Unit tests for {@link X509HostnameVerifier}.
|
* Unit tests for {@link X509HostnameVerifier}.
|
||||||
|
@ -336,7 +338,7 @@ public class TestHostnameVerifier {
|
||||||
|
|
||||||
@Test
|
@Test
|
||||||
// Various checks of 2TLDs
|
// Various checks of 2TLDs
|
||||||
public void testacceptableCountryWildcards() {
|
public void testAcceptableCountryWildcards() {
|
||||||
checkWildcard("*.co.org", true); // Not a 2 character TLD
|
checkWildcard("*.co.org", true); // Not a 2 character TLD
|
||||||
checkWildcard("s*.co.org", true); // Not a 2 character TLD
|
checkWildcard("s*.co.org", true); // Not a 2 character TLD
|
||||||
checkWildcard("*.co.uk", false); // 2 character TLD, invalid 2TLD
|
checkWildcard("*.co.uk", false); // 2 character TLD, invalid 2TLD
|
||||||
|
@ -345,4 +347,17 @@ public class TestHostnameVerifier {
|
||||||
checkWildcard("*.a.co.uk", true); // 2 character TLD, invalid 2TLD, but using subdomain
|
checkWildcard("*.a.co.uk", true); // 2 character TLD, invalid 2TLD, but using subdomain
|
||||||
checkWildcard("s*.a.co.uk", true); // 2 character TLD, invalid 2TLD, but using subdomain
|
checkWildcard("s*.a.co.uk", true); // 2 character TLD, invalid 2TLD, but using subdomain
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public void testGetCNs() {
|
||||||
|
Principal principal = Mockito.mock(Principal.class);
|
||||||
|
X509Certificate cert = Mockito.mock(X509Certificate.class);
|
||||||
|
Mockito.when(cert.getSubjectDN()).thenReturn(principal);
|
||||||
|
Mockito.when(principal.toString()).thenReturn("bla, bla, blah");
|
||||||
|
Assert.assertArrayEquals(new String[] {}, AbstractVerifier.getCNs(cert));
|
||||||
|
Mockito.when(principal.toString()).thenReturn("Cn=, Cn= , CN, OU=CN=");
|
||||||
|
Assert.assertArrayEquals(new String[] {}, AbstractVerifier.getCNs(cert));
|
||||||
|
Mockito.when(principal.toString()).thenReturn(" Cn=blah, CN= blah , OU=CN=yada");
|
||||||
|
Assert.assertArrayEquals(new String[] {"blah", " blah"}, AbstractVerifier.getCNs(cert));
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue