hc-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From ol...@apache.org
Subject svn commit: r1411705 - in /httpcomponents/httpclient/branches/4.2.x/httpclient/src: main/java/org/apache/http/conn/ssl/AbstractVerifier.java test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
Date Tue, 20 Nov 2012 15:40:13 GMT
Author: olegk
Date: Tue Nov 20 15:40:13 2012
New Revision: 1411705

URL: http://svn.apache.org/viewvc?rev=1411705&view=rev
Log:
Fixed CN extraction from DN of X500 principal

Modified:
    httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
    httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java

Modified: httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java?rev=1411705&r1=1411704&r2=1411705&view=diff
==============================================================================
--- httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
(original)
+++ httpcomponents/httpclient/branches/4.2.x/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
Tue Nov 20 15:40:13 2012
@@ -178,12 +178,12 @@ public abstract class AbstractVerifier i
 
         // We're can be case-insensitive when comparing the host we used to
         // establish the socket to the hostname in the certificate.
-        String hostName = host.trim().toLowerCase(Locale.ENGLISH);
+        String hostName = host.trim().toLowerCase(Locale.US);
         boolean match = false;
         for(Iterator<String> it = names.iterator(); it.hasNext();) {
             // Don't trim the CN, though!
             String cn = it.next();
-            cn = cn.toLowerCase(Locale.ENGLISH);
+            cn = cn.toLowerCase(Locale.US);
             // Store CN in StringBuilder in case we need to report an error.
             buf.append(" <");
             buf.append(cn);
@@ -260,13 +260,15 @@ public abstract class AbstractVerifier i
            Looks like toString() even works with non-ascii domain names!
            I tested it with "&#x82b1;&#x5b50;.co.jp" and it worked fine.
         */
+
         String subjectPrincipal = cert.getSubjectX500Principal().toString();
         StringTokenizer st = new StringTokenizer(subjectPrincipal, ",");
         while(st.hasMoreTokens()) {
-            String tok = st.nextToken();
-            int x = tok.indexOf("CN=");
-            if(x >= 0) {
-                cnList.add(tok.substring(x + 3));
+            String tok = st.nextToken().trim();
+            if (tok.length() > 3) {
+                if (tok.substring(0, 3).equalsIgnoreCase("CN=")) {
+                    cnList.add(tok.substring(3));
+                }
             }
         }
         if(!cnList.isEmpty()) {

Modified: httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java?rev=1411705&r1=1411704&r2=1411705&view=diff
==============================================================================
--- httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
(original)
+++ httpcomponents/httpclient/branches/4.2.x/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
Tue Nov 20 15:40:13 2012
@@ -29,6 +29,7 @@ package org.apache.http.conn.ssl;
 
 import java.io.ByteArrayInputStream;
 import java.io.InputStream;
+import java.security.Principal;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
 import java.util.Arrays;
@@ -37,6 +38,7 @@ import javax.net.ssl.SSLException;
 
 import org.junit.Assert;
 import org.junit.Test;
+import org.mockito.Mockito;
 
 /**
  * Unit tests for {@link X509HostnameVerifier}.
@@ -336,7 +338,7 @@ public class TestHostnameVerifier {
 
     @Test
     // Various checks of 2TLDs
-    public void testacceptableCountryWildcards() {
+    public void testAcceptableCountryWildcards() {
         checkWildcard("*.co.org", true); // Not a 2 character TLD
         checkWildcard("s*.co.org", true); // Not a 2 character TLD
         checkWildcard("*.co.uk", false); // 2 character TLD, invalid 2TLD
@@ -345,4 +347,17 @@ public class TestHostnameVerifier {
         checkWildcard("*.a.co.uk", true); // 2 character TLD, invalid 2TLD, but using subdomain
         checkWildcard("s*.a.co.uk", true); // 2 character TLD, invalid 2TLD, but using subdomain
     }
+
+    public void testGetCNs() {
+        Principal principal = Mockito.mock(Principal.class);
+        X509Certificate cert = Mockito.mock(X509Certificate.class);
+        Mockito.when(cert.getSubjectDN()).thenReturn(principal);
+        Mockito.when(principal.toString()).thenReturn("bla,  bla, blah");
+        Assert.assertArrayEquals(new String[] {}, AbstractVerifier.getCNs(cert));
+        Mockito.when(principal.toString()).thenReturn("Cn=,  Cn=  , CN, OU=CN=");
+        Assert.assertArrayEquals(new String[] {}, AbstractVerifier.getCNs(cert));
+        Mockito.when(principal.toString()).thenReturn("  Cn=blah,  CN= blah , OU=CN=yada");
+        Assert.assertArrayEquals(new String[] {"blah", " blah"}, AbstractVerifier.getCNs(cert));
+    }
+
 }



Mime
View raw message