-
Notifications
You must be signed in to change notification settings - Fork 50
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Version 4.4.1 release and documentation
- Loading branch information
Showing
6 changed files
with
509 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
diff --git a/AbstractVerifier.java b/AbstractVerifier2.java | ||
index d7f7e8a..a1e772b 100644 | ||
--- a/AbstractVerifier.java | ||
+++ b/AbstractVerifier2.java | ||
@@ -136,7 +136,7 @@ public abstract class AbstractVerifier implements X509HostnameVerifier { | ||
final int subjectType = ipv4 || ipv6 ? DefaultHostnameVerifier.IP_ADDRESS_TYPE : DefaultHostnameVerifier.DNS_NAME_TYPE; | ||
final List<String> subjectAlts = DefaultHostnameVerifier.extractSubjectAlts(cert, subjectType); | ||
final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); | ||
- final String cn = DefaultHostnameVerifier.extractCN(subjectPrincipal.getName(X500Principal.RFC2253)); | ||
+ final String cn = new DistinguishedNameParser(subjectPrincipal).findMostSpecific("cn"); | ||
verify(host, | ||
cn != null ? new String[] {cn} : null, | ||
subjectAlts != null && !subjectAlts.isEmpty() ? subjectAlts.toArray(new String[subjectAlts.size()]) : null); | ||
@@ -218,13 +218,8 @@ public abstract class AbstractVerifier implements X509HostnameVerifier { | ||
} | ||
|
||
public static String[] getCNs(final X509Certificate cert) { | ||
- final String subjectPrincipal = cert.getSubjectX500Principal().toString(); | ||
- try { | ||
- final String cn = DefaultHostnameVerifier.extractCN(subjectPrincipal); | ||
- return cn != null ? new String[] { cn } : null; | ||
- } catch (SSLException ex) { | ||
- return null; | ||
- } | ||
+ final String cn = new DistinguishedNameParser(cert.getSubjectX500Principal()).findMostSpecific("cn"); | ||
+ return cn != null ? new String[] { cn } : null; | ||
} | ||
|
||
/** |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,48 @@ | ||
diff --git a/DefaultHostnameVerifier.java b/DefaultHostnameVerifier2.java | ||
index 7fe7cb4..b4d0382 100644 | ||
--- a/DefaultHostnameVerifier.java | ||
+++ b/DefaultHostnameVerifier2.java | ||
@@ -111,7 +111,7 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { | ||
// CN matching has been deprecated by rfc2818 and can be used | ||
// as fallback only when no subjectAlts are available | ||
final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); | ||
- final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253)); | ||
+ final String cn = new DistinguishedNameParser(subjectPrincipal).findMostSpecific("cn"); | ||
if (cn == null) { | ||
throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + | ||
"a common name and does not have alternative names"); | ||
@@ -229,34 +229,6 @@ public final class DefaultHostnameVerifier implements HostnameVerifier { | ||
return matchIdentity(host, identity, null, true); | ||
} | ||
|
||
- static String extractCN(final String subjectPrincipal) throws SSLException { | ||
- if (subjectPrincipal == null) { | ||
- return null; | ||
- } | ||
- try { | ||
- final LdapName subjectDN = new LdapName(subjectPrincipal); | ||
- final List<Rdn> rdns = subjectDN.getRdns(); | ||
- for (int i = rdns.size() - 1; i >= 0; i--) { | ||
- final Rdn rds = rdns.get(i); | ||
- final Attributes attributes = rds.toAttributes(); | ||
- final Attribute cn = attributes.get("cn"); | ||
- if (cn != null) { | ||
- try { | ||
- final Object value = cn.get(); | ||
- if (value != null) { | ||
- return value.toString(); | ||
- } | ||
- } catch (NoSuchElementException ignore) { | ||
- } catch (NamingException ignore) { | ||
- } | ||
- } | ||
- } | ||
- return null; | ||
- } catch (InvalidNameException e) { | ||
- throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name"); | ||
- } | ||
- } | ||
- | ||
static List<String> extractSubjectAlts(final X509Certificate cert, final int subjectType) { | ||
Collection<List<?>> c = null; | ||
try { |
Oops, something went wrong.