[1/2] cxf git commit: Updating HostnameVerifier as per recent changes in httpclient

2016-01-08 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.0.x-fixes 5c8e6c86e -> 6cdfe4bab


Updating HostnameVerifier as per recent changes in httpclient


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/99276baf
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/99276baf
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/99276baf

Branch: refs/heads/3.0.x-fixes
Commit: 99276baf0a2e6f8aaa08586d21ed905c5cce574e
Parents: 5c8e6c8
Author: Colm O hEigeartaigh 
Authored: Fri Jan 8 16:48:43 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Jan 8 16:50:15 2016 +

--
 .../httpclient/DefaultHostnameVerifier.java |  71 ++---
 .../transport/https/httpclient/DomainType.java  |  37 +++
 .../https/httpclient/PublicSuffixList.java  |  11 +-
 .../httpclient/PublicSuffixListParser.java  | 105 ++-
 .../https/httpclient/PublicSuffixMatcher.java   |  99 ++---
 .../httpclient/DefaultHostnameVerifierTest.java |  14 ++-
 6 files changed, 254 insertions(+), 83 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/99276baf/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java
--
diff --git 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java
 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java
index 8fb067f..5d3287c 100644
--- 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java
+++ 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java
@@ -58,6 +58,8 @@ import org.apache.cxf.common.logging.LogUtils;
  */
 public final class DefaultHostnameVerifier implements HostnameVerifier {
 
+enum TYPE { IPv4, IPv6, DNS };
+
 static final int DNS_NAME_TYPE = 2;
 static final int IP_ADDRESS_TYPE = 7;
 
@@ -90,16 +92,29 @@ public final class DefaultHostnameVerifier implements 
HostnameVerifier {
 
 public void verify(
 final String host, final X509Certificate cert) throws SSLException 
{
-final boolean ipv4 = InetAddressUtils.isIPv4Address(host);
-final boolean ipv6 = InetAddressUtils.isIPv6Address(host);
-final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE;
+TYPE hostFormat = TYPE.DNS;
+if (InetAddressUtils.isIPv4Address(host)) {
+hostFormat = TYPE.IPv4;
+} else {
+String s = host;
+if (s.startsWith("[") && s.endsWith("]")) {
+s = host.substring(1, host.length() - 1);
+}
+if (InetAddressUtils.isIPv6Address(s)) {
+hostFormat = TYPE.IPv6;
+}
+}
+final int subjectType = hostFormat == TYPE.IPv4 || hostFormat == 
TYPE.IPv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE;
 final List subjectAlts = extractSubjectAlts(cert, subjectType);
 if (subjectAlts != null && !subjectAlts.isEmpty()) {
-if (ipv4) {
+switch (hostFormat) {
+case IPv4:
 matchIPAddress(host, subjectAlts);
-} else if (ipv6) {
+break;
+case IPv6:
 matchIPv6Address(host, subjectAlts);
-} else {
+break;
+default:
 matchDNSName(host, subjectAlts, this.publicSuffixMatcher);
 }
 } else {
@@ -108,7 +123,7 @@ public final class DefaultHostnameVerifier implements 
HostnameVerifier {
 final X500Principal subjectPrincipal = 
cert.getSubjectX500Principal();
 final String cn = 
extractCN(subjectPrincipal.getName(X500Principal.RFC2253));
 if (cn == null) {
-throw new SSLException("Certificate subject for <" + host + "> 
doesn't contain " 
+throw new SSLException("Certificate subject for <" + host + "> 
doesn't contain "
 + "a common name and does not have alternative names");
 }
 matchCN(host, cn, this.publicSuffixMatcher);
@@ -160,35 +175,23 @@ public final class DefaultHostnameVerifier implements 
HostnameVerifier {
 + "common name of the certificate subject: " + cn);
 }
 }
+
+static boolean matchDomainRoot(final String host, final String domainRoot) 
{
+if (domainRoot == null) {
+return false;
+}
+return host.endsWith(domainRoot) && (host.length() == 
domainRoot.length()
+|| host.charAt(host.length() - domainRoot.length() - 1) == 
'.');
+}

cxf git commit: Updating HostnameVerifier as per recent changes in httpclient

2016-01-08 Thread coheigea 
Repository: cxf
Updated Branches:
  refs/heads/3.1.x-fixes 69b2098d6 -> 785994070


Updating HostnameVerifier as per recent changes in httpclient


Project: http://git-wip-us.apache.org/repos/asf/cxf/repo
Commit: http://git-wip-us.apache.org/repos/asf/cxf/commit/78599407
Tree: http://git-wip-us.apache.org/repos/asf/cxf/tree/78599407
Diff: http://git-wip-us.apache.org/repos/asf/cxf/diff/78599407

Branch: refs/heads/3.1.x-fixes
Commit: 7859940700f57e2624eafacbe6218a0053d34c78
Parents: 69b2098
Author: Colm O hEigeartaigh 
Authored: Fri Jan 8 16:48:43 2016 +
Committer: Colm O hEigeartaigh 
Committed: Fri Jan 8 16:49:22 2016 +

--
 .../httpclient/DefaultHostnameVerifier.java |  71 ++---
 .../transport/https/httpclient/DomainType.java  |  37 +++
 .../https/httpclient/PublicSuffixList.java  |  11 +-
 .../httpclient/PublicSuffixListParser.java  | 105 ++-
 .../https/httpclient/PublicSuffixMatcher.java   |  99 ++---
 .../httpclient/DefaultHostnameVerifierTest.java |  14 ++-
 6 files changed, 254 insertions(+), 83 deletions(-)
--


http://git-wip-us.apache.org/repos/asf/cxf/blob/78599407/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java
--
diff --git 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java
 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java
index 8fb067f..5d3287c 100644
--- 
a/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java
+++ 
b/rt/transports/http/src/main/java/org/apache/cxf/transport/https/httpclient/DefaultHostnameVerifier.java
@@ -58,6 +58,8 @@ import org.apache.cxf.common.logging.LogUtils;
  */
 public final class DefaultHostnameVerifier implements HostnameVerifier {
 
+enum TYPE { IPv4, IPv6, DNS };
+
 static final int DNS_NAME_TYPE = 2;
 static final int IP_ADDRESS_TYPE = 7;
 
@@ -90,16 +92,29 @@ public final class DefaultHostnameVerifier implements 
HostnameVerifier {
 
 public void verify(
 final String host, final X509Certificate cert) throws SSLException 
{
-final boolean ipv4 = InetAddressUtils.isIPv4Address(host);
-final boolean ipv6 = InetAddressUtils.isIPv6Address(host);
-final int subjectType = ipv4 || ipv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE;
+TYPE hostFormat = TYPE.DNS;
+if (InetAddressUtils.isIPv4Address(host)) {
+hostFormat = TYPE.IPv4;
+} else {
+String s = host;
+if (s.startsWith("[") && s.endsWith("]")) {
+s = host.substring(1, host.length() - 1);
+}
+if (InetAddressUtils.isIPv6Address(s)) {
+hostFormat = TYPE.IPv6;
+}
+}
+final int subjectType = hostFormat == TYPE.IPv4 || hostFormat == 
TYPE.IPv6 ? IP_ADDRESS_TYPE : DNS_NAME_TYPE;
 final List subjectAlts = extractSubjectAlts(cert, subjectType);
 if (subjectAlts != null && !subjectAlts.isEmpty()) {
-if (ipv4) {
+switch (hostFormat) {
+case IPv4:
 matchIPAddress(host, subjectAlts);
-} else if (ipv6) {
+break;
+case IPv6:
 matchIPv6Address(host, subjectAlts);
-} else {
+break;
+default:
 matchDNSName(host, subjectAlts, this.publicSuffixMatcher);
 }
 } else {
@@ -108,7 +123,7 @@ public final class DefaultHostnameVerifier implements 
HostnameVerifier {
 final X500Principal subjectPrincipal = 
cert.getSubjectX500Principal();
 final String cn = 
extractCN(subjectPrincipal.getName(X500Principal.RFC2253));
 if (cn == null) {
-throw new SSLException("Certificate subject for <" + host + "> 
doesn't contain " 
+throw new SSLException("Certificate subject for <" + host + "> 
doesn't contain "
 + "a common name and does not have alternative names");
 }
 matchCN(host, cn, this.publicSuffixMatcher);
@@ -160,35 +175,23 @@ public final class DefaultHostnameVerifier implements 
HostnameVerifier {
 + "common name of the certificate subject: " + cn);
 }
 }
+
+static boolean matchDomainRoot(final String host, final String domainRoot) 
{
+if (domainRoot == null) {
+return false;
+}
+return host.endsWith(domainRoot) && (host.length() == 
domainRoot.length()
+|| host.charAt(host.length() - domainRoot.length() - 1) == 
'.');
+}