[1/2] cxf git commit: Updating HostnameVerifier as per recent changes in httpclient
Repository: cxf Updated Branches: refs/heads/3.0.x-fixes 5c8e6c86e -> 6cdfe4bab Updating HostnameVerifier as per recent changes in httpclient Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/99276baf Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/99276baf Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/99276baf Branch: refs/heads/3.0.x-fixes Commit: 99276baf0a2e6f8aaa08586d21ed905c5cce574e Parents: 5c8e6c8 Author: Colm O hEigeartaighAuthored: Fri Jan 8 16:48:43 2016 + Committer: Colm O hEigeartaigh Committed: Fri Jan 8 16:50:15 2016 + -- .../httpclient/DefaultHostnameVerifier.java | 71 ++--- .../transport/https/httpclient/DomainType.java | 37 +++ .../https/httpclient/PublicSuffixList.java | 11 +- .../httpclient/PublicSuffixListParser.java | 105 ++- .../https/httpclient/PublicSuffixMatcher.java | 99 ++--- .../httpclient/DefaultHostnameVerifierTest.java | 14 ++- 6 files changed, 254 insertions(+), 83 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/99276baf/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java index 8fb067f..5d3287c 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java @@ -58,6 +58,8 @@ import org.apache.cxf.common.logging.LogUtils; */ public final class DefaultHostnameVerifier implements HostnameVerifier { +enum TYPE { IPv4, IPv6, DNS }; + static final int DNS_NAME_TYPE = 2; static final int IP_ADDRESS_TYPE = 7; @@ -90,16 +92,29 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { public void verify( final String host, final X509Certificate cert) throws SSLException { -final boolean ipv4 = InetAddressUtils.isIPv4Address(host); -final boolean ipv6 = InetAddressUtils.isIPv6Address(host); -final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; +TYPE hostFormat = TYPE.DNS; +if (InetAddressUtils.isIPv4Address(host)) { +hostFormat = TYPE.IPv4; +} else { +String s = host; +if (s.startsWith("[") && s.endsWith("]")) { +s = host.substring(1, host.length() - 1); +} +if (InetAddressUtils.isIPv6Address(s)) { +hostFormat = TYPE.IPv6; +} +} +final int subjectType = hostFormat == TYPE.IPv4 || hostFormat == TYPE.IPv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; final List subjectAlts = extractSubjectAlts(cert, subjectType); if (subjectAlts != null && !subjectAlts.isEmpty()) { -if (ipv4) { +switch (hostFormat) { +case IPv4: matchIPAddress(host, subjectAlts); -} else if (ipv6) { +break; +case IPv6: matchIPv6Address(host, subjectAlts); -} else { +break; +default: matchDNSName(host, subjectAlts, this.publicSuffixMatcher); } } else { @@ -108,7 +123,7 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253)); if (cn == null) { -throw new SSLException("Certificate subject for <" + host + "> doesn't contain " +throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names"); } matchCN(host, cn, this.publicSuffixMatcher); @@ -160,35 +175,23 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { + "common name of the certificate subject: " + cn); } } + +static boolean matchDomainRoot(final String host, final String domainRoot) { +if (domainRoot == null) { +return false; +} +return host.endsWith(domainRoot) && (host.length() == domainRoot.length() +|| host.charAt(host.length() - domainRoot.length() - 1) == '.'); +}
cxf git commit: Updating HostnameVerifier as per recent changes in httpclient
Repository: cxf Updated Branches: refs/heads/3.1.x-fixes 69b2098d6 -> 785994070 Updating HostnameVerifier as per recent changes in httpclient Project: http://git-wip-us.apache.org/repos/asf/cxf/repo Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/78599407 Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/78599407 Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/78599407 Branch: refs/heads/3.1.x-fixes Commit: 7859940700f57e2624eafacbe6218a0053d34c78 Parents: 69b2098 Author: Colm O hEigeartaighAuthored: Fri Jan 8 16:48:43 2016 + Committer: Colm O hEigeartaigh Committed: Fri Jan 8 16:49:22 2016 + -- .../httpclient/DefaultHostnameVerifier.java | 71 ++--- .../transport/https/httpclient/DomainType.java | 37 +++ .../https/httpclient/PublicSuffixList.java | 11 +- .../httpclient/PublicSuffixListParser.java | 105 ++- .../https/httpclient/PublicSuffixMatcher.java | 99 ++--- .../httpclient/DefaultHostnameVerifierTest.java | 14 ++- 6 files changed, 254 insertions(+), 83 deletions(-) -- http://git-wip-us.apache.org/repos/asf/cxf/blob/78599407/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java -- diff --git a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java index 8fb067f..5d3287c 100644 --- a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java +++ b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java @@ -58,6 +58,8 @@ import org.apache.cxf.common.logging.LogUtils; */ public final class DefaultHostnameVerifier implements HostnameVerifier { +enum TYPE { IPv4, IPv6, DNS }; + static final int DNS_NAME_TYPE = 2; static final int IP_ADDRESS_TYPE = 7; @@ -90,16 +92,29 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { public void verify( final String host, final X509Certificate cert) throws SSLException { -final boolean ipv4 = InetAddressUtils.isIPv4Address(host); -final boolean ipv6 = InetAddressUtils.isIPv6Address(host); -final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; +TYPE hostFormat = TYPE.DNS; +if (InetAddressUtils.isIPv4Address(host)) { +hostFormat = TYPE.IPv4; +} else { +String s = host; +if (s.startsWith("[") && s.endsWith("]")) { +s = host.substring(1, host.length() - 1); +} +if (InetAddressUtils.isIPv6Address(s)) { +hostFormat = TYPE.IPv6; +} +} +final int subjectType = hostFormat == TYPE.IPv4 || hostFormat == TYPE.IPv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE; final List subjectAlts = extractSubjectAlts(cert, subjectType); if (subjectAlts != null && !subjectAlts.isEmpty()) { -if (ipv4) { +switch (hostFormat) { +case IPv4: matchIPAddress(host, subjectAlts); -} else if (ipv6) { +break; +case IPv6: matchIPv6Address(host, subjectAlts); -} else { +break; +default: matchDNSName(host, subjectAlts, this.publicSuffixMatcher); } } else { @@ -108,7 +123,7 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253)); if (cn == null) { -throw new SSLException("Certificate subject for <" + host + "> doesn't contain " +throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names"); } matchCN(host, cn, this.publicSuffixMatcher); @@ -160,35 +175,23 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { + "common name of the certificate subject: " + cn); } } + +static boolean matchDomainRoot(final String host, final String domainRoot) { +if (domainRoot == null) { +return false; +} +return host.endsWith(domainRoot) && (host.length() == domainRoot.length() +|| host.charAt(host.length() - domainRoot.length() - 1) == '.'); +}