You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2017/01/12 10:09:05 UTC

svn commit: r1778412 - in /httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl: DefaultHostnameVerifier.java HttpClientHostnameVerifier.java SSLConnectionSocketFactory.java

Author: olegk
Date: Thu Jan 12 10:09:04 2017
New Revision: 1778412

URL: http://svn.apache.org/viewvc?rev=1778412&view=rev
Log:
Use extended HostnameVerifier interface that propagates detailed exception in case of hostname verification failure when available

Added:
    httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java   (with props)
Modified:
    httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java
    httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactory.java

Modified: httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java?rev=1778412&r1=1778411&r2=1778412&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java (original)
+++ httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java Thu Jan 12 10:09:04 2017
@@ -44,7 +44,6 @@ import javax.naming.directory.Attribute;
 import javax.naming.directory.Attributes;
 import javax.naming.ldap.LdapName;
 import javax.naming.ldap.Rdn;
-import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLException;
 import javax.net.ssl.SSLPeerUnverifiedException;
 import javax.net.ssl.SSLSession;
@@ -64,7 +63,7 @@ import org.apache.logging.log4j.Logger;
  * @since 4.4
  */
 @Contract(threading = ThreadingBehavior.IMMUTABLE_CONDITIONAL)
-public final class DefaultHostnameVerifier implements HostnameVerifier {
+public final class DefaultHostnameVerifier implements HttpClientHostnameVerifier {
 
     enum HostNameType {
 
@@ -105,6 +104,7 @@ public final class DefaultHostnameVerifi
         }
     }
 
+    @Override
     public void verify(
             final String host, final X509Certificate cert) throws SSLException {
         final HostNameType hostType = determineHostFormat(host);

Added: httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java?rev=1778412&view=auto
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java (added)
+++ httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java Thu Jan 12 10:09:04 2017
@@ -0,0 +1,44 @@
+/*
+ * ====================================================================
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing,
+ * software distributed under the License is distributed on an
+ * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
+ * KIND, either express or implied.  See the License for the
+ * specific language governing permissions and limitations
+ * under the License.
+ * ====================================================================
+ *
+ * This software consists of voluntary contributions made by many
+ * individuals on behalf of the Apache Software Foundation.  For more
+ * information on the Apache Software Foundation, please see
+ * <http://www.apache.org/>.
+ *
+ */
+
+package org.apache.hc.client5.http.ssl;
+
+import java.security.cert.X509Certificate;
+
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLException;
+
+/**
+ * Extended {@link HostnameVerifier} interface.
+ *
+ * @since 5.0
+ */
+public interface HttpClientHostnameVerifier extends HostnameVerifier {
+
+    void verify(String host, X509Certificate cert) throws SSLException;
+
+}

Propchange: httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java
------------------------------------------------------------------------------
    svn:eol-style = native

Propchange: httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java
------------------------------------------------------------------------------
    svn:keywords = Date Revision

Propchange: httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/HttpClientHostnameVerifier.java
------------------------------------------------------------------------------
    svn:mime-type = text/plain

Modified: httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactory.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactory.java?rev=1778412&r1=1778411&r2=1778412&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactory.java (original)
+++ httpcomponents/httpclient/trunk/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/SSLConnectionSocketFactory.java Thu Jan 12 10:09:04 2017
@@ -397,7 +397,11 @@ public class SSLConnectionSocketFactory
                 }
             }
 
-            if (!this.hostnameVerifier.verify(hostname, session)) {
+            if (this.hostnameVerifier instanceof HttpClientHostnameVerifier) {
+                final Certificate[] certs = session.getPeerCertificates();
+                final X509Certificate x509 = (X509Certificate) certs[0];
+                ((HttpClientHostnameVerifier) this.hostnameVerifier).verify(hostname, x509);
+            } else if (!this.hostnameVerifier.verify(hostname, session)) {
                 final Certificate[] certs = session.getPeerCertificates();
                 final X509Certificate x509 = (X509Certificate) certs[0];
                 final List<String> subjectAlts = DefaultHostnameVerifier.extractSubjectAlts(hostname, x509);