mirror of https://github.com/OpenIdentityPlatform/OpenDJ.git
parent: 96c59163 | patch | commit | ignore whitespace
ian.packer
07.09.2016 82ee520346c40c4fb9437abba0824cf1cb2fec40 
OPENDJ-2846 Fix certificate wildcard validation in the SDK
1 files modified
22 ■■■■ changed files
opendj-core/src/main/java/org/forgerock/opendj/ldap/TrustManagers.java 22 ●●●● patch | view | raw | blame | history 
 opendj-core/src/main/java/org/forgerock/opendj/ldap/TrustManagers.java


@@ -48,11 +48,11 @@




        private final X509TrustManager trustManager;




        private final String hostNamePattern;


        private final String hostName;




        private CheckHostName(final X509TrustManager trustManager, final String hostNamePattern) {


        private CheckHostName(final X509TrustManager trustManager, final String hostName) {


            this.trustManager = trustManager;


            this.hostNamePattern = hostNamePattern;


            this.hostName = hostName;


        }




        @Override


@@ -106,13 +106,13 @@


                final DN dn =


                        DN.valueOf(chain[0].getSubjectX500Principal().getName(), Schema


                                .getCoreSchema());


                final String value =


                final String certSubjectHostName =


                        dn.iterator().next().iterator().next().getAttributeValue().toString();


                if (!hostNameMatchesPattern(value, hostNamePattern)) {


                if (!hostNameMatchesPattern(hostName, certSubjectHostName)) {


                    throw new CertificateException(


                            "The host name contained in the certificate chain subject DN \'"


                                    + chain[0].getSubjectX500Principal()


                                    + "' does not match the host name \'" + hostNamePattern + "'");


                                    + "' does not match the host name \'" + hostName + "'");


                }


            } catch (final Throwable t) {


                LOG.log(Level.WARNING, "Error parsing subject dn: "


@@ -234,8 +234,8 @@


     * match the specified host name pattern. The pattern may contain


     * wild-cards, for example {@code *.example.com}.


     *


     * @param hostNamePattern


     *            A host name pattern which the RDN value contained in


     * @param hostName


     *            A host name which the RDN value contained in


     *            certificate subject DNs must match.


     * @param trustManager


     *            The trust manager to be wrapped.


@@ -244,10 +244,10 @@


     *             If {@code trustManager} or {@code hostNamePattern} was


     *             {@code null}.


     */


    public static X509TrustManager checkHostName(final String hostNamePattern,


    public static X509TrustManager checkHostName(final String hostName,


            final X509TrustManager trustManager) {


        Reject.ifNull(trustManager, hostNamePattern);


        return new CheckHostName(trustManager, hostNamePattern);


        Reject.ifNull(trustManager, hostName);


        return new CheckHostName(trustManager, hostName);


    }




    /**