You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@hc.apache.org by ol...@apache.org on 2015/01/05 12:54:31 UTC
svn commit: r1649507 - in /httpcomponents/httpclient/trunk/httpclient/src:
main/java/org/apache/http/conn/ssl/ test/java/org/apache/http/conn/ssl/
Author: olegk
Date: Mon Jan 5 11:54:31 2015
New Revision: 1649507
URL: http://svn.apache.org/r1649507
Log:
Improved domain root matching by default HostnameVerifier
Modified:
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java?rev=1649507&r1=1649506&r2=1649507&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/AbstractVerifier.java Mon Jan 5 11:54:31 2015
@@ -256,7 +256,13 @@ public abstract class AbstractVerifier i
* @return number of dots
*/
public static int countDots(final String s) {
- return DefaultHostnameVerifier.countDots(s);
+ int count = 0;
+ for(int i = 0; i < s.length(); i++) {
+ if(s.charAt(i) == '.') {
+ count++;
+ }
+ }
+ return count;
}
}
Modified: httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java?rev=1649507&r1=1649506&r2=1649507&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/main/java/org/apache/http/conn/ssl/DefaultHostnameVerifier.java Mon Jan 5 11:54:31 2015
@@ -166,25 +166,19 @@ public final class DefaultHostnameVerifi
}
}
- private static boolean matchIdentity(final String host, final String identity,
- final PublicSuffixMatcher publicSuffixMatcher,
- final boolean strict) {
- if (host == null) {
+ static boolean matchDomainRoot(final String host, final String domainRoot) {
+ if (domainRoot == null) {
return false;
}
+ return host.endsWith(domainRoot) && (host.length() == domainRoot.length()
+ || host.charAt(host.length() - domainRoot.length() - 1) == '.');
+ }
+ private static boolean matchIdentity(final String host, final String identity,
+ final PublicSuffixMatcher publicSuffixMatcher,
+ final boolean strict) {
if (publicSuffixMatcher != null && host.contains(".")) {
- String domainRoot = publicSuffixMatcher.getDomainRoot(identity);
- if (domainRoot == null) {
- // Public domain
- return false;
- }
- domainRoot = "." + domainRoot;
- if (!host.endsWith(domainRoot)) {
- // Domain root mismatch
- return false;
- }
- if (strict && countDots(identity) != countDots(domainRoot)) {
+ if (!matchDomainRoot(host, publicSuffixMatcher.getDomainRoot(identity))) {
return false;
}
}
@@ -217,16 +211,6 @@ public final class DefaultHostnameVerifi
return host.equalsIgnoreCase(identity);
}
- static int countDots(final String s) {
- int count = 0;
- for(int i = 0; i < s.length(); i++) {
- if(s.charAt(i) == '.') {
- count++;
- }
- }
- return count;
- }
-
static boolean matchIdentity(final String host, final String identity,
final PublicSuffixMatcher publicSuffixMatcher) {
return matchIdentity(host, identity, publicSuffixMatcher, false);
Modified: httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java
URL: http://svn.apache.org/viewvc/httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java?rev=1649507&r1=1649506&r2=1649507&view=diff
==============================================================================
--- httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java (original)
+++ httpcomponents/httpclient/trunk/httpclient/src/test/java/org/apache/http/conn/ssl/TestDefaultHostnameVerifier.java Mon Jan 5 11:54:31 2015
@@ -194,6 +194,16 @@ public class TestDefaultHostnameVerifier
}
@Test
+ public void testDomainRootMatching() {
+
+ Assert.assertFalse(DefaultHostnameVerifier.matchDomainRoot("a.b.c", null));
+ Assert.assertTrue(DefaultHostnameVerifier.matchDomainRoot("a.b.c", "a.b.c"));
+ Assert.assertFalse(DefaultHostnameVerifier.matchDomainRoot("aa.b.c", "a.b.c"));
+ Assert.assertFalse(DefaultHostnameVerifier.matchDomainRoot("a.b.c", "aa.b.c"));
+ Assert.assertTrue(DefaultHostnameVerifier.matchDomainRoot("a.a.b.c", "a.b.c"));
+ }
+
+ @Test
public void testIdentityMatching() {
Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("a.b.c", "*.b.c"));