You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by se...@apache.org on 2011/05/28 15:14:22 UTC
svn commit: r1128637 -
/httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
Author: sebb
Date: Sat May 28 13:14:22 2011
New Revision: 1128637
URL: http://svn.apache.org/viewvc?rev=1128637&view=rev
Log:
HTTPCLIENT-1097 Add a test to check status quo
Also add disabled test for wildcard matching
Modified:
httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
Modified: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java?rev=1128637&r1=1128636&r2=1128637&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java Sat May 28 13:14:22 2011
@@ -31,10 +31,12 @@ import java.io.ByteArrayInputStream;
import java.io.InputStream;
import java.security.cert.CertificateFactory;
import java.security.cert.X509Certificate;
+import java.util.Arrays;
import javax.net.ssl.SSLException;
import org.junit.Assert;
+import org.junit.Ignore;
import org.junit.Test;
/**
@@ -228,4 +230,89 @@ public class TestHostnameVerifier {
}
}
+ // Test helper method
+ private void checkMatching(X509HostnameVerifier hv, String host,
+ String[] cns, String[] alts, boolean shouldFail) {
+ try {
+ hv.verify(host, cns, alts);
+ if (shouldFail) {
+ Assert.fail("HostnameVerifier should not allow [" + host + "] to match "
+ +Arrays.toString(cns)
+ +" or "
+ +Arrays.toString(alts));
+ }
+ }
+ catch(SSLException e) {
+ if (!shouldFail) {
+ Assert.fail("HostnameVerifier should have allowed [" + host + "] to match "
+ +Arrays.toString(cns)
+ +" or "
+ +Arrays.toString(alts));
+ }
+ }
+ }
+
+ @Test
+ // Check standard wildcard matching
+ public void testMatching() {
+ String cns[] = {};
+ String alt[] = {};
+ X509HostnameVerifier bhv = new BrowserCompatHostnameVerifier();
+ X509HostnameVerifier shv = new StrictHostnameVerifier();
+ checkMatching(bhv, "a.b.c", cns, alt, true); // empty
+ checkMatching(shv, "a.b.c", cns, alt, true); // empty
+
+ cns = new String []{"*.b.c"};
+ checkMatching(bhv, "a.b.c", cns, alt, false); // OK
+ checkMatching(shv, "a.b.c", cns, alt, false); // OK
+
+ checkMatching(bhv, "s.a.b.c", cns, alt, false); // OK
+ checkMatching(shv, "s.a.b.c", cns, alt, true); // subdomain not OK
+
+ cns = new String []{};
+ alt = new String []{"dummy", "*.b.c"}; // check matches against all alts
+ checkMatching(bhv, "a.b.c", cns, alt, false); // OK
+ checkMatching(shv, "a.b.c", cns, alt, false); // OK
+
+ checkMatching(bhv, "s.a.b.c", cns, alt, false); // OK
+ checkMatching(shv, "s.a.b.c", cns, alt, true); // subdomain not OK
+
+ alt = new String []{"*.gov.uk"};
+ checkMatching(bhv, "a.gov.uk", cns, alt, true); // Bad 2TLD
+ checkMatching(shv, "a.gov.uk", cns, alt, true); // Bad 2TLD
+
+ checkMatching(bhv, "s.a.gov.uk", cns, alt, true); // Bad 2TLD
+ checkMatching(shv, "s.a.gov.uk", cns, alt, true); // Bad 2TLD/no subdomain allowed
+
+ alt = new String []{"*.gov.com"};
+ checkMatching(bhv, "a.gov.com", cns, alt, false); // OK, gov not 2TLD here
+ checkMatching(shv, "a.gov.com", cns, alt, false); // OK, gov not 2TLD here
+
+ checkMatching(bhv, "s.a.gov.com", cns, alt, false); // OK, gov not 2TLD here
+ checkMatching(shv, "s.a.gov.com", cns, alt, true); // no subdomain allowed
+
+ cns = new String []{"a*.gov.uk"}; // 2TLD check applies to wildcards
+ checkMatching(bhv, "a.gov.uk", cns, alt, true); // Bad 2TLD
+ checkMatching(shv, "a.gov.uk", cns, alt, true); // Bad 2TLD
+
+ checkMatching(bhv, "s.a.gov.uk", cns, alt, true); // Bad 2TLD
+ checkMatching(shv, "s.a.gov.uk", cns, alt, true); // Bad 2TLD/no subdomain allowed
+
+ }
+
+ @Test
+ @Ignore("not yet implemented")
+ public void HTTPCLIENT_1097() {
+ String cns[];
+ String alt[] = {};
+ X509HostnameVerifier bhv = new BrowserCompatHostnameVerifier();
+ X509HostnameVerifier shv = new StrictHostnameVerifier();
+
+ cns = new String []{"a*.b.c"}; // component part
+ checkMatching(bhv, "a.b.c", cns, alt, false); // OK
+ checkMatching(shv, "a.b.c", cns, alt, false); // OK
+
+ checkMatching(bhv, "s.a.b.c", cns, alt, false); // OK
+ checkMatching(shv, "s.a.b.c", cns, alt, true); // subdomain not OK
+ }
}