You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by se...@apache.org on 2011/05/28 15:14:22 UTC

svn commit: r1128637 - /httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java

Author: sebb
Date: Sat May 28 13:14:22 2011
New Revision: 1128637

URL: http://svn.apache.org/viewvc?rev=1128637&view=rev
Log:
HTTPCLIENT-1097 Add a test to check status quo
Also add disabled test for wildcard matching

Modified:
    httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java

Modified: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java?rev=1128637&r1=1128636&r2=1128637&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestHostnameVerifier.java Sat May 28 13:14:22 2011
@@ -31,10 +31,12 @@ import java.io.ByteArrayInputStream;
 import java.io.InputStream;
 import java.security.cert.CertificateFactory;
 import java.security.cert.X509Certificate;
+import java.util.Arrays;
 
 import javax.net.ssl.SSLException;
 
 import org.junit.Assert;
+import org.junit.Ignore;
 import org.junit.Test;
 
 /**
@@ -228,4 +230,89 @@ public class TestHostnameVerifier {
         }
     }
 
+    // Test helper method
+    private void checkMatching(X509HostnameVerifier hv, String host,
+            String[] cns, String[] alts, boolean shouldFail) {
+        try {
+            hv.verify(host, cns, alts);
+            if (shouldFail) {
+                Assert.fail("HostnameVerifier should not allow [" + host + "] to match "
+                        +Arrays.toString(cns)
+                        +" or "
+                        +Arrays.toString(alts));
+            }
+        }
+        catch(SSLException e) {
+            if (!shouldFail) {
+                Assert.fail("HostnameVerifier should have allowed [" + host + "] to match "
+                        +Arrays.toString(cns)
+                        +" or "
+                        +Arrays.toString(alts));
+            }
+        }
+    }
+
+    @Test
+    // Check standard wildcard matching
+    public void testMatching() {
+        String cns[] = {};
+        String alt[] = {};
+        X509HostnameVerifier bhv = new BrowserCompatHostnameVerifier();
+        X509HostnameVerifier shv = new StrictHostnameVerifier();
+        checkMatching(bhv, "a.b.c", cns, alt, true); // empty
+        checkMatching(shv, "a.b.c", cns, alt, true); // empty
+
+        cns = new String []{"*.b.c"};
+        checkMatching(bhv, "a.b.c", cns, alt, false); // OK
+        checkMatching(shv, "a.b.c", cns, alt, false); // OK
+
+        checkMatching(bhv, "s.a.b.c", cns, alt, false); // OK
+        checkMatching(shv, "s.a.b.c", cns, alt, true); // subdomain not OK
+        
+        cns = new String []{};
+        alt = new String []{"dummy", "*.b.c"}; // check matches against all alts
+        checkMatching(bhv, "a.b.c", cns, alt, false); // OK
+        checkMatching(shv, "a.b.c", cns, alt, false); // OK
+
+        checkMatching(bhv, "s.a.b.c", cns, alt, false); // OK
+        checkMatching(shv, "s.a.b.c", cns, alt, true); // subdomain not OK
+        
+        alt = new String []{"*.gov.uk"};
+        checkMatching(bhv, "a.gov.uk", cns, alt, true); // Bad 2TLD
+        checkMatching(shv, "a.gov.uk", cns, alt, true); // Bad 2TLD
+
+        checkMatching(bhv, "s.a.gov.uk", cns, alt, true); // Bad 2TLD
+        checkMatching(shv, "s.a.gov.uk", cns, alt, true); // Bad 2TLD/no subdomain allowed
+        
+        alt = new String []{"*.gov.com"};
+        checkMatching(bhv, "a.gov.com", cns, alt, false); // OK, gov not 2TLD here
+        checkMatching(shv, "a.gov.com", cns, alt, false); // OK, gov not 2TLD here
+
+        checkMatching(bhv, "s.a.gov.com", cns, alt, false); // OK, gov not 2TLD here
+        checkMatching(shv, "s.a.gov.com", cns, alt, true); // no subdomain allowed
+        
+        cns = new String []{"a*.gov.uk"}; // 2TLD check applies to wildcards
+        checkMatching(bhv, "a.gov.uk", cns, alt, true); // Bad 2TLD
+        checkMatching(shv, "a.gov.uk", cns, alt, true); // Bad 2TLD
+
+        checkMatching(bhv, "s.a.gov.uk", cns, alt, true); // Bad 2TLD
+        checkMatching(shv, "s.a.gov.uk", cns, alt, true); // Bad 2TLD/no subdomain allowed
+        
+    }
+
+    @Test
+    @Ignore("not yet implemented")
+    public void HTTPCLIENT_1097() {
+        String cns[];
+        String alt[] = {};
+        X509HostnameVerifier bhv = new BrowserCompatHostnameVerifier();
+        X509HostnameVerifier shv = new StrictHostnameVerifier();
+    
+        cns = new String []{"a*.b.c"}; // component part
+        checkMatching(bhv, "a.b.c", cns, alt, false); // OK
+        checkMatching(shv, "a.b.c", cns, alt, false); // OK
+
+        checkMatching(bhv, "s.a.b.c", cns, alt, false); // OK
+        checkMatching(shv, "s.a.b.c", cns, alt, true); // subdomain not OK
+    }
 }