diff options
| author | Alex Klyubin <klyubin@google.com> | 2014-07-28 16:33:49 +0000 |
|---|---|---|
| committer | Android Git Automerger <android-git-automerger@android.com> | 2014-07-28 16:33:49 +0000 |
| commit | a8283f028ecee6bf241fa6c9a8f945a1d9f6f83e (patch) | |
| tree | 6356b08d25c930169a37231e71f39305ecf63137 | |
| parent | 7e523f42e2545ba9664f56ce31afdf5ceeecaaeb (diff) | |
| parent | b260a116b1480df2bad2560986c60a707ea01c4f (diff) | |
| download | android_external_apache-http-a8283f028ecee6bf241fa6c9a8f945a1d9f6f83e.tar.gz android_external_apache-http-a8283f028ecee6bf241fa6c9a8f945a1d9f6f83e.tar.bz2 android_external_apache-http-a8283f028ecee6bf241fa6c9a8f945a1d9f6f83e.zip | |
am b260a116: Stricter subject DN parsing for HTTPS hostname verification.
* commit 'b260a116b1480df2bad2560986c60a707ea01c4f':
Stricter subject DN parsing for HTTPS hostname verification.
| -rw-r--r-- | src/org/apache/http/conn/ssl/AbstractVerifier.java | 36 |
1 files changed, 4 insertions, 32 deletions
diff --git a/src/org/apache/http/conn/ssl/AbstractVerifier.java b/src/org/apache/http/conn/ssl/AbstractVerifier.java index 723d806..deda1d0 100644 --- a/src/org/apache/http/conn/ssl/AbstractVerifier.java +++ b/src/org/apache/http/conn/ssl/AbstractVerifier.java @@ -44,10 +44,10 @@ import java.util.Iterator; import java.util.LinkedList; import java.util.List; import java.util.Locale; -import java.util.StringTokenizer; import java.util.logging.Logger; import java.util.logging.Level; +import javax.net.ssl.DistinguishedNameParser; import javax.net.ssl.SSLException; import javax.net.ssl.SSLSession; import javax.net.ssl.SSLSocket; @@ -202,38 +202,10 @@ public abstract class AbstractVerifier implements X509HostnameVerifier { } public static String[] getCNs(X509Certificate cert) { - LinkedList<String> cnList = new LinkedList<String>(); - /* - Sebastian Hauer's original StrictSSLProtocolSocketFactory used - getName() and had the following comment: + DistinguishedNameParser dnParser = + new DistinguishedNameParser(cert.getSubjectX500Principal()); + List<String> cnList = dnParser.getAllMostSpecificFirst("cn"); - Parses a X.500 distinguished name for the value of the - "Common Name" field. This is done a bit sloppy right - now and should probably be done a bit more according to - <code>RFC 2253</code>. - - I've noticed that toString() seems to do a better job than - getName() on these X500Principal objects, so I'm hoping that - addresses Sebastian's concern. - - For example, getName() gives me this: - 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d - - whereas toString() gives me this: - EMAILADDRESS=juliusdavies@cucbc.com - - Looks like toString() even works with non-ascii domain names! - I tested it with "花子.co.jp" and it worked fine. - */ - String subjectPrincipal = cert.getSubjectX500Principal().toString(); - StringTokenizer st = new StringTokenizer(subjectPrincipal, ","); - while(st.hasMoreTokens()) { - String tok = st.nextToken(); - int x = tok.indexOf("CN="); - if(x >= 0) { - cnList.add(tok.substring(x + 3)); - } - } if(!cnList.isEmpty()) { String[] cns = new String[cnList.size()]; cnList.toArray(cns); |