sum7/Conversations
sum7
/
Conversations
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

made xmpp domain verifier verify wildcard domains where domain is a sub.sub domain

This commit is contained in:
Daniel Gultsch 2018-10-01 17:08:23 +02:00
parent db2107c093
commit d4b98c9aff
1 changed files with 135 additions and 128 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

121
src/main/java/eu/siacs/conversations/crypto/XmppDomainVerifier.java
View File

@ -32,6 +32,70 @@ public class XmppDomainVerifier implements DomainHostnameVerifier {
private static final String SRV_NAME = "1.3.6.1.5.5.7.8.7"; private static final String SRV_NAME = "1.3.6.1.5.5.7.8.7";
private static final String XMPP_ADDR = "1.3.6.1.5.5.7.8.5"; private static final String XMPP_ADDR = "1.3.6.1.5.5.7.8.5";
private static List<String> getCommonNames(X509Certificate certificate) {
List<String> domains = new ArrayList<>();
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN[] rdns = x500name.getRDNs(BCStyle.CN);
for (int i = 0; i < rdns.length; ++i) {
domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
}
return domains;
} catch (CertificateEncodingException e) {
return domains;
}
}
private static Pair<String, String> parseOtherName(byte[] otherName) {
try {
ASN1Primitive asn1Primitive = ASN1Primitive.fromByteArray(otherName);
if (asn1Primitive instanceof DERTaggedObject) {
ASN1Primitive inner = ((DERTaggedObject) asn1Primitive).getObject();
if (inner instanceof DLSequence) {
DLSequence sequence = (DLSequence) inner;
if (sequence.size() >= 2 && sequence.getObjectAt(1) instanceof DERTaggedObject) {
String oid = sequence.getObjectAt(0).toString();
ASN1Primitive value = ((DERTaggedObject) sequence.getObjectAt(1)).getObject();
if (value instanceof DERUTF8String) {
return new Pair<>(oid, ((DERUTF8String) value).getString());
} else if (value instanceof DERIA5String) {
return new Pair<>(oid, ((DERIA5String) value).getString());
}
}
}
}
return null;
} catch (IOException e) {
return null;
}
}
private static boolean matchDomain(String needle, List<String> haystack) {
for (String entry : haystack) {
if (entry.startsWith("*.")) {
int offset = 0;
while (offset < needle.length()) {
int i = needle.indexOf('.', offset);
if (i < 0) {
break;
}
Log.d(LOGTAG, "comparing " + needle.substring(i) + " and " + entry.substring(1));
if (needle.substring(i).equals(entry.substring(1))) {
Log.d(LOGTAG, "domain " + needle + " matched " + entry);
return true;
}
offset = i + 1;
}
} else {
if (entry.equals(needle)) {
Log.d(LOGTAG, "domain " + needle + " matched " + entry);
return true;
}
}
}
return false;
}
@Override @Override
public boolean verify(String domain, String hostname, SSLSession sslSession) { public boolean verify(String domain, String hostname, SSLSession sslSession) {
try { try {
@ -92,63 +156,6 @@ public class XmppDomainVerifier implements DomainHostnameVerifier {
} }
} }
private static List<String> getCommonNames(X509Certificate certificate) {
List<String> domains = new ArrayList<>();
try {
X500Name x500name = new JcaX509CertificateHolder(certificate).getSubject();
RDN[] rdns = x500name.getRDNs(BCStyle.CN);
for (int i = 0; i < rdns.length; ++i) {
domains.add(IETFUtils.valueToString(x500name.getRDNs(BCStyle.CN)[i].getFirst().getValue()));
}
return domains;
} catch (CertificateEncodingException e) {
return domains;
}
}
private static Pair<String, String> parseOtherName(byte[] otherName) {
try {
ASN1Primitive asn1Primitive = ASN1Primitive.fromByteArray(otherName);
if (asn1Primitive instanceof DERTaggedObject) {
ASN1Primitive inner = ((DERTaggedObject) asn1Primitive).getObject();
if (inner instanceof DLSequence) {
DLSequence sequence = (DLSequence) inner;
if (sequence.size() >= 2 && sequence.getObjectAt(1) instanceof DERTaggedObject) {
String oid = sequence.getObjectAt(0).toString();
ASN1Primitive value = ((DERTaggedObject) sequence.getObjectAt(1)).getObject();
if (value instanceof DERUTF8String) {
return new Pair<>(oid, ((DERUTF8String) value).getString());
} else if (value instanceof DERIA5String) {
return new Pair<>(oid, ((DERIA5String) value).getString());
}
}
}
}
return null;
} catch (IOException e) {
return null;
}
}
private static boolean matchDomain(String needle, List<String> haystack) {
for (String entry : haystack) {
if (entry.startsWith("*.")) {
int i = needle.indexOf('.');
Log.d(LOGTAG, "comparing " + needle.substring(i) + " and " + entry.substring(1));
if (i != -1 && needle.substring(i).equals(entry.substring(1))) {
Log.d(LOGTAG, "domain " + needle + " matched " + entry);
return true;
}
} else {
if (entry.equals(needle)) {
Log.d(LOGTAG, "domain " + needle + " matched " + entry);
return true;
}
}
}
return false;
}
private boolean isSelfSigned(X509Certificate certificate) { private boolean isSelfSigned(X509Certificate certificate) {
try { try {
certificate.verify(certificate.getPublicKey()); certificate.verify(certificate.getPublicKey());