From 7f337ad677bf8253003be9eaa8d6575fd7b970d8 Mon Sep 17 00:00:00 2001
From: jvergara <jvergara@localhost>
Date: Wed, 06 May 2009 09:54:24 +0000
Subject: [PATCH] Fix for issue 3969 (dsconfig does not support correctly certificates with wildcards) Instead of doing a direct String comparison, split the hostname and check for wildcards.

---
 opendj-sdk/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java |   37 +++++++++++++++++++++++++++++++++++--
 1 files changed, 35 insertions(+), 2 deletions(-)

diff --git a/opendj-sdk/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java b/opendj-sdk/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
index 4d9d16b..f213864 100644
--- a/opendj-sdk/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
+++ b/opendj-sdk/opends/src/ads/org/opends/admin/ads/util/ApplicationTrustManager.java
@@ -418,7 +418,8 @@
           new LdapName(chain[0].getSubjectX500Principal().getName());
         Rdn rdn = dn.getRdn(dn.getRdns().size() - 1);
         String value = rdn.getValue().toString();
-        matches = host.equalsIgnoreCase(value);
+        host.equalsIgnoreCase(value);
+        matches = hostMatch(value, host);
         if (!matches)
         {
           LOG.log(Level.WARNING, "Subject DN RDN value is: "+value+
@@ -426,7 +427,7 @@
           // Try with the accepted hosts names
           for (int i =0; i<acceptedHosts.size() && !matches; i++)
           {
-            if (host.equalsIgnoreCase(acceptedHosts.get(i)))
+            if (hostMatch(acceptedHosts.get(i), host))
             {
               X509Certificate[] current = acceptedChains.get(i);
               matches = current.length == chain.length;
@@ -480,4 +481,36 @@
   {
     return lastRefusedChain;
   }
+
+  /**
+   * Checks whether two host names match.  It accepts the use of wildcard in the
+   * host name.
+   * @param host1 the first host name.
+   * @param host2 the second host name.
+   * @return <CODE>true</CODE> if the host match and <CODE>false</CODE>
+   * otherwise.
+   */
+  private boolean hostMatch(String host1, String host2)
+  {
+    if (host1 == null)
+    {
+      throw new IllegalArgumentException("The host1 parameter cannot be null");
+    }
+    if (host2 == null)
+    {
+      throw new IllegalArgumentException("The host2 parameter cannot be null");
+    }
+    String[] h1 = host1.split("\\.");
+    String[] h2 = host2.split("\\.");
+
+    boolean hostMatch = h1.length == h2.length;
+    for (int i=0; i<h1.length && hostMatch; i++)
+    {
+      if (!h1[i].equals("*") && !h2.equals("*"))
+      {
+        hostMatch = h1[i].equalsIgnoreCase(h2[i]);
+      }
+    }
+    return hostMatch;
+  }
 }

--
Gitblit v1.10.0