made xmpp domain verifier verify wildcard domains where domain is a sub.sub domain
This commit is contained in:
parent
db2107c093
commit
d4b98c9aff
|
@ -32,6 +32,70 @@ public class XmppDomainVerifier implements DomainHostnameVerifier {
|
||||||
private static final String SRV_NAME = "1.3.6.1.5.5.7.8.7";
|
private static final String SRV_NAME = "1.3.6.1.5.5.7.8.7";
|
||||||
private static final String XMPP_ADDR = "1.3.6.1.5.5.7.8.5";
|
private static final String XMPP_ADDR = "1.3.6.1.5.5.7.8.5";
|
||||||
|
|
||||||
|
private static List<String> getCommonNames(X509Certificate certificate) {
|
||||||
|
List<String> domains = new ArrayList<>();
|
||||||
|
try {
|
||||||
|
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
|
||||||
|
RDN[] rdns = x500name.getRDNs(BCStyle.CN);
|
||||||
|
for (int i = 0; i < rdns.length; ++i) {
|
||||||
|
domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
|
||||||
|
}
|
||||||
|
return domains;
|
||||||
|
} catch (CertificateEncodingException e) {
|
||||||
|
return domains;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static Pair<String, String> parseOtherName(byte[] otherName) {
|
||||||
|
try {
|
||||||
|
ASN1Primitive asn1Primitive = ASN1Primitive.fromByteArray(otherName);
|
||||||
|
if (asn1Primitive instanceof DERTaggedObject) {
|
||||||
|
ASN1Primitive inner = ((DERTaggedObject) asn1Primitive).getObject();
|
||||||
|
if (inner instanceof DLSequence) {
|
||||||
|
DLSequence sequence = (DLSequence) inner;
|
||||||
|
if (sequence.size() >= 2 && sequence.getObjectAt(1) instanceof DERTaggedObject) {
|
||||||
|
String oid = sequence.getObjectAt(0).toString();
|
||||||
|
ASN1Primitive value = ((DERTaggedObject) sequence.getObjectAt(1)).getObject();
|
||||||
|
if (value instanceof DERUTF8String) {
|
||||||
|
return new Pair<>(oid, ((DERUTF8String) value).getString());
|
||||||
|
} else if (value instanceof DERIA5String) {
|
||||||
|
return new Pair<>(oid, ((DERIA5String) value).getString());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
} catch (IOException e) {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
private static boolean matchDomain(String needle, List<String> haystack) {
|
||||||
|
for (String entry : haystack) {
|
||||||
|
if (entry.startsWith("*.")) {
|
||||||
|
int offset = 0;
|
||||||
|
while (offset < needle.length()) {
|
||||||
|
int i = needle.indexOf('.', offset);
|
||||||
|
if (i < 0) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
Log.d(LOGTAG, "comparing " + needle.substring(i) + " and " + entry.substring(1));
|
||||||
|
if (needle.substring(i).equals(entry.substring(1))) {
|
||||||
|
Log.d(LOGTAG, "domain " + needle + " matched " + entry);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
offset = i + 1;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
if (entry.equals(needle)) {
|
||||||
|
Log.d(LOGTAG, "domain " + needle + " matched " + entry);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean verify(String domain, String hostname, SSLSession sslSession) {
|
public boolean verify(String domain, String hostname, SSLSession sslSession) {
|
||||||
try {
|
try {
|
||||||
|
@ -92,63 +156,6 @@ public class XmppDomainVerifier implements DomainHostnameVerifier {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
private static List<String> getCommonNames(X509Certificate certificate) {
|
|
||||||
List<String> domains = new ArrayList<>();
|
|
||||||
try {
|
|
||||||
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
|
|
||||||
RDN[] rdns = x500name.getRDNs(BCStyle.CN);
|
|
||||||
for (int i = 0; i < rdns.length; ++i) {
|
|
||||||
domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
|
|
||||||
}
|
|
||||||
return domains;
|
|
||||||
} catch (CertificateEncodingException e) {
|
|
||||||
return domains;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static Pair<String, String> parseOtherName(byte[] otherName) {
|
|
||||||
try {
|
|
||||||
ASN1Primitive asn1Primitive = ASN1Primitive.fromByteArray(otherName);
|
|
||||||
if (asn1Primitive instanceof DERTaggedObject) {
|
|
||||||
ASN1Primitive inner = ((DERTaggedObject) asn1Primitive).getObject();
|
|
||||||
if (inner instanceof DLSequence) {
|
|
||||||
DLSequence sequence = (DLSequence) inner;
|
|
||||||
if (sequence.size() >= 2 && sequence.getObjectAt(1) instanceof DERTaggedObject) {
|
|
||||||
String oid = sequence.getObjectAt(0).toString();
|
|
||||||
ASN1Primitive value = ((DERTaggedObject) sequence.getObjectAt(1)).getObject();
|
|
||||||
if (value instanceof DERUTF8String) {
|
|
||||||
return new Pair<>(oid, ((DERUTF8String) value).getString());
|
|
||||||
} else if (value instanceof DERIA5String) {
|
|
||||||
return new Pair<>(oid, ((DERIA5String) value).getString());
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return null;
|
|
||||||
} catch (IOException e) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private static boolean matchDomain(String needle, List<String> haystack) {
|
|
||||||
for (String entry : haystack) {
|
|
||||||
if (entry.startsWith("*.")) {
|
|
||||||
int i = needle.indexOf('.');
|
|
||||||
Log.d(LOGTAG, "comparing " + needle.substring(i) + " and " + entry.substring(1));
|
|
||||||
if (i != -1 && needle.substring(i).equals(entry.substring(1))) {
|
|
||||||
Log.d(LOGTAG, "domain " + needle + " matched " + entry);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
} else {
|
|
||||||
if (entry.equals(needle)) {
|
|
||||||
Log.d(LOGTAG, "domain " + needle + " matched " + entry);
|
|
||||||
return true;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
private boolean isSelfSigned(X509Certificate certificate) {
|
private boolean isSelfSigned(X509Certificate certificate) {
|
||||||
try {
|
try {
|
||||||
certificate.verify(certificate.getPublicKey());
|
certificate.verify(certificate.getPublicKey());
|
||||||
|
|
Loading…
Reference in a new issue