summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAlex Klyubin <klyubin@google.com>2014-07-28 17:14:55 +0000
committerAndroid Git Automerger <android-git-automerger@android.com>2014-07-28 17:14:55 +0000
commitdf55e5b26b6b7cc90f9487cb0489cee1ed430d39 (patch)
tree64e65729c7f3529895cf1fd3d30f4ff5d82be9bd
parent85ed0e10781c3c57343300a02556dd5131c450aa (diff)
parentf7a2b81e12cac8d9c11ddace681816942b6c6921 (diff)
downloadandroid_external_apache-http-df55e5b26b6b7cc90f9487cb0489cee1ed430d39.tar.gz
android_external_apache-http-df55e5b26b6b7cc90f9487cb0489cee1ed430d39.tar.bz2
android_external_apache-http-df55e5b26b6b7cc90f9487cb0489cee1ed430d39.zip
am f7a2b81e: am 6e294b4e: am aeb8a635: am 945aab57: am a8283f02: am b260a116: Stricter subject DN parsing for HTTPS hostname verification.
* commit 'f7a2b81e12cac8d9c11ddace681816942b6c6921': Stricter subject DN parsing for HTTPS hostname verification.
-rw-r--r--src/org/apache/http/conn/ssl/AbstractVerifier.java36
1 files changed, 4 insertions, 32 deletions
diff --git a/src/org/apache/http/conn/ssl/AbstractVerifier.java b/src/org/apache/http/conn/ssl/AbstractVerifier.java
index 723d806..deda1d0 100644
--- a/src/org/apache/http/conn/ssl/AbstractVerifier.java
+++ b/src/org/apache/http/conn/ssl/AbstractVerifier.java
@@ -44,10 +44,10 @@ import java.util.Iterator;
import java.util.LinkedList;
import java.util.List;
import java.util.Locale;
-import java.util.StringTokenizer;
import java.util.logging.Logger;
import java.util.logging.Level;
+import javax.net.ssl.DistinguishedNameParser;
import javax.net.ssl.SSLException;
import javax.net.ssl.SSLSession;
import javax.net.ssl.SSLSocket;
@@ -202,38 +202,10 @@ public abstract class AbstractVerifier implements X509HostnameVerifier {
}
public static String[] getCNs(X509Certificate cert) {
- LinkedList<String> cnList = new LinkedList<String>();
- /*
- Sebastian Hauer's original StrictSSLProtocolSocketFactory used
- getName() and had the following comment:
+ DistinguishedNameParser dnParser =
+ new DistinguishedNameParser(cert.getSubjectX500Principal());
+ List<String> cnList = dnParser.getAllMostSpecificFirst("cn");
- Parses a X.500 distinguished name for the value of the
- "Common Name" field. This is done a bit sloppy right
- now and should probably be done a bit more according to
- <code>RFC 2253</code>.
-
- I've noticed that toString() seems to do a better job than
- getName() on these X500Principal objects, so I'm hoping that
- addresses Sebastian's concern.
-
- For example, getName() gives me this:
- 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d
-
- whereas toString() gives me this:
- EMAILADDRESS=juliusdavies@cucbc.com
-
- Looks like toString() even works with non-ascii domain names!
- I tested it with "&#x82b1;&#x5b50;.co.jp" and it worked fine.
- */
- String subjectPrincipal = cert.getSubjectX500Principal().toString();
- StringTokenizer st = new StringTokenizer(subjectPrincipal, ",");
- while(st.hasMoreTokens()) {
- String tok = st.nextToken();
- int x = tok.indexOf("CN=");
- if(x >= 0) {
- cnList.add(tok.substring(x + 3));
- }
- }
if(!cnList.isEmpty()) {
String[] cns = new String[cnList.size()];
cnList.toArray(cns);