Java 类org.apache.http.conn.util.PublicSuffixMatcher 实例源码

/**
 * Creates a builder containing the default registry entries, using the provided public suffix matcher.
 */
public static RegistryBuilder<CookieSpecProvider> createDefaultBuilder(final PublicSuffixMatcher publicSuffixMatcher) {
    final CookieSpecProvider defaultProvider = new DefaultCookieSpecProvider(publicSuffixMatcher);
    final CookieSpecProvider laxStandardProvider = new RFC6265CookieSpecProvider(
            RFC6265CookieSpecProvider.CompatibilityLevel.RELAXED, publicSuffixMatcher);
    final CookieSpecProvider strictStandardProvider = new RFC6265CookieSpecProvider(
            RFC6265CookieSpecProvider.CompatibilityLevel.STRICT, publicSuffixMatcher);
    return RegistryBuilder.<CookieSpecProvider>create()
            .register(CookieSpecs.DEFAULT, defaultProvider)
            .register("best-match", defaultProvider)
            .register("compatibility", defaultProvider)
            .register(CookieSpecs.STANDARD, laxStandardProvider)
            .register(CookieSpecs.STANDARD_STRICT, strictStandardProvider)
            .register(CookieSpecs.NETSCAPE, new NetscapeDraftSpecProvider())
            .register(CookieSpecs.IGNORE_COOKIES, new IgnoreSpecProvider());
}

public DefaultCookieSpecProvider(
        final CompatibilityLevel compatibilityLevel,
        final PublicSuffixMatcher publicSuffixMatcher,
        final String[] datepatterns,
        final boolean oneHeader) {
    super();
    this.compatibilityLevel = compatibilityLevel != null ? compatibilityLevel : CompatibilityLevel.DEFAULT;
    this.publicSuffixMatcher = publicSuffixMatcher;
    this.datepatterns = datepatterns;
    this.oneHeader = oneHeader;
}

public PublicSuffixDomainFilter(
        final CommonCookieAttributeHandler handler, final PublicSuffixList suffixList) {
    Args.notNull(handler, "Cookie handler");
    Args.notNull(suffixList, "Public suffix list");
    this.handler = handler;
    this.publicSuffixMatcher = new PublicSuffixMatcher(suffixList.getRules(), suffixList.getExceptions());
    this.localDomainMap = createLocalDomainMap();
}

public RFC6265CookieSpecProvider(
        final CompatibilityLevel compatibilityLevel,
        final PublicSuffixMatcher publicSuffixMatcher) {
    super();
    this.compatibilityLevel = compatibilityLevel != null ? compatibilityLevel : CompatibilityLevel.RELAXED;
    this.publicSuffixMatcher = publicSuffixMatcher;
}

static void matchDNSName(final String host, final List<String> subjectAlts,
                         final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
    final String normalizedHost = host.toLowerCase(Locale.ROOT);
    for (int i = 0; i < subjectAlts.size(); i++) {
        final String subjectAlt = subjectAlts.get(i);
        final String normalizedSubjectAlt = subjectAlt.toLowerCase(Locale.ROOT);
        if (matchIdentityStrict(normalizedHost, normalizedSubjectAlt, publicSuffixMatcher)) {
            return;
        }
    }
    throw new SSLException("Certificate for <" + host + "> doesn't match any " +
            "of the subject alternative names: " + subjectAlts);
}

static void matchCN(final String host, final String cn,
             final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
    if (!matchIdentityStrict(host, cn, publicSuffixMatcher)) {
        throw new SSLException("Certificate for <" + host + "> doesn't match " +
                "common name of the certificate subject: " + cn);
    }
}

private static boolean matchIdentity(final String host, final String identity,
                                     final PublicSuffixMatcher publicSuffixMatcher,
                                     final boolean strict) {
    if (publicSuffixMatcher != null && host.contains(".")) {
        if (!matchDomainRoot(host, publicSuffixMatcher.getDomainRoot(identity, DomainType.ICANN))) {
            return false;
        }
    }

    // RFC 2818, 3.1. Server Identity
    // "...Names may contain the wildcard
    // character * which is considered to match any single domain name
    // component or component fragment..."
    // Based on this statement presuming only singular wildcard is legal
    final int asteriskIdx = identity.indexOf('*');
    if (asteriskIdx != -1) {
        final String prefix = identity.substring(0, asteriskIdx);
        final String suffix = identity.substring(asteriskIdx + 1);
        if (!prefix.isEmpty() && !host.startsWith(prefix)) {
            return false;
        }
        if (!suffix.isEmpty() && !host.endsWith(suffix)) {
            return false;
        }
        // Additional sanity checks on content selected by wildcard can be done here
        if (strict) {
            final String remainder = host.substring(
                    prefix.length(), host.length() - suffix.length());
            if (remainder.contains(".")) {
                return false;
            }
        }
        return true;
    }
    return host.equalsIgnoreCase(identity);
}

@Test
public void testPublicSuffixFilter() throws Exception {
    final BasicClientCookie cookie = new BasicClientCookie("name", "value");

    final PublicSuffixMatcher matcher = new PublicSuffixMatcher(DomainType.ICANN, Arrays.asList("co.uk", "com"), null);
    final PublicSuffixDomainFilter h = new PublicSuffixDomainFilter(new RFC2109DomainHandler(), matcher);

    cookie.setDomain(".co.uk");
    Assert.assertFalse(h.match(cookie, new CookieOrigin("apache.co.uk", 80, "/stuff", false)));

    cookie.setDomain("co.uk");
    Assert.assertFalse(h.match(cookie, new CookieOrigin("apache.co.uk", 80, "/stuff", false)));

    cookie.setDomain(".co.com");
    Assert.assertTrue(h.match(cookie, new CookieOrigin("apache.co.com", 80, "/stuff", false)));

    cookie.setDomain("co.com");
    Assert.assertFalse(h.match(cookie, new CookieOrigin("apache.co.com", 80, "/stuff", false)));

    cookie.setDomain(".com");
    Assert.assertFalse(h.match(cookie, new CookieOrigin("apache.com", 80, "/stuff", false)));

    cookie.setDomain("com");
    Assert.assertFalse(h.match(cookie, new CookieOrigin("apache.com", 80, "/stuff", false)));

    cookie.setDomain("apache.com");
    Assert.assertTrue(h.match(cookie, new CookieOrigin("apache.com", 80, "/stuff", false)));

    cookie.setDomain(".apache.com");
    Assert.assertTrue(h.match(cookie, new CookieOrigin("www.apache.com", 80, "/stuff", false)));

    cookie.setDomain("localhost");
    Assert.assertTrue(h.match(cookie, new CookieOrigin("localhost", 80, "/stuff", false)));
}

@Before
public void setUp() throws Exception {
    final ClassLoader classLoader = getClass().getClassLoader();
    final InputStream in = classLoader.getResourceAsStream(SOURCE_FILE);
    Assert.assertNotNull(in);
    final PublicSuffixList suffixList;
    try {
        final org.apache.http.conn.util.PublicSuffixListParser parser = new org.apache.http.conn.util.PublicSuffixListParser();
        suffixList = parser.parse(new InputStreamReader(in, Consts.UTF_8));
    } finally {
        in.close();
    }
    final PublicSuffixMatcher matcher = new PublicSuffixMatcher(suffixList.getRules(), suffixList.getExceptions());
    this.filter = new PublicSuffixDomainFilter(new RFC2109DomainHandler(), matcher);
}

static void matchDNSName(final String host, final List<String> subjectAlts,
                         final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
    final String normalizedHost = host.toLowerCase(Locale.ROOT);
    for (int i = 0; i < subjectAlts.size(); i++) {
        final String subjectAlt = subjectAlts.get(i);
        final String normalizedSubjectAlt = subjectAlt.toLowerCase(Locale.ROOT);
        if (matchIdentityStrict(normalizedHost, normalizedSubjectAlt, publicSuffixMatcher)) {
            return;
        }
    }
    throw new SSLException("Certificate for <" + host + "> doesn't match any " +
            "of the subject alternative names: " + subjectAlts);
}

static void matchCN(final String host, final String cn,
             final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
    if (!matchIdentityStrict(host, cn, publicSuffixMatcher)) {
        throw new SSLException("Certificate for <" + host + "> doesn't match " +
                "common name of the certificate subject: " + cn);
    }
}

private static boolean matchIdentity(final String host, final String identity,
                                     final PublicSuffixMatcher publicSuffixMatcher,
                                     final boolean strict) {
    if (publicSuffixMatcher != null && host.contains(".")) {
        if (!matchDomainRoot(host, publicSuffixMatcher.getDomainRoot(identity, DomainType.ICANN))) {
            return false;
        }
    }

    // RFC 2818, 3.1. Server Identity
    // "...Names may contain the wildcard
    // character * which is considered to match any single domain name
    // component or component fragment..."
    // Based on this statement presuming only singular wildcard is legal
    final int asteriskIdx = identity.indexOf('*');
    if (asteriskIdx != -1) {
        final String prefix = identity.substring(0, asteriskIdx);
        final String suffix = identity.substring(asteriskIdx + 1);
        if (!prefix.isEmpty() && !host.startsWith(prefix)) {
            return false;
        }
        if (!suffix.isEmpty() && !host.endsWith(suffix)) {
            return false;
        }
        // Additional sanity checks on content selected by wildcard can be done here
        if (strict) {
            final String remainder = host.substring(
                    prefix.length(), host.length() - suffix.length());
            if (remainder.contains(".")) {
                return false;
            }
        }
        return true;
    }
    return host.equalsIgnoreCase(identity);
}

static void matchDNSName(final String host, final List<String> subjectAlts,
                         final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
    final String normalizedHost = host.toLowerCase(Locale.ROOT);
    for (int i = 0; i < subjectAlts.size(); i++) {
        final String subjectAlt = subjectAlts.get(i);
        final String normalizedSubjectAlt = subjectAlt.toLowerCase(Locale.ROOT);
        if (matchIdentityStrict(normalizedHost, normalizedSubjectAlt, publicSuffixMatcher)) {
            return;
        }
    }
    throw new SSLException("Certificate for <" + host + "> doesn't match any " +
            "of the subject alternative names: " + subjectAlts);
}

static void matchCN(final String host, final String cn,
             final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
    if (!matchIdentityStrict(host, cn, publicSuffixMatcher)) {
        throw new SSLException("Certificate for <" + host + "> doesn't match " +
                "common name of the certificate subject: " + cn);
    }
}

private static boolean matchIdentity(final String host, final String identity,
                                     final PublicSuffixMatcher publicSuffixMatcher,
                                     final boolean strict) {
    if (publicSuffixMatcher != null && host.contains(".")) {
        if (!matchDomainRoot(host, publicSuffixMatcher.getDomainRoot(identity, DomainType.ICANN))) {
            return false;
        }
    }

    // RFC 2818, 3.1. Server Identity
    // "...Names may contain the wildcard
    // character * which is considered to match any single domain name
    // component or component fragment..."
    // Based on this statement presuming only singular wildcard is legal
    final int asteriskIdx = identity.indexOf('*');
    if (asteriskIdx != -1) {
        final String prefix = identity.substring(0, asteriskIdx);
        final String suffix = identity.substring(asteriskIdx + 1);
        if (!prefix.isEmpty() && !host.startsWith(prefix)) {
            return false;
        }
        if (!suffix.isEmpty() && !host.endsWith(suffix)) {
            return false;
        }
        // Additional sanity checks on content selected by wildcard can be done here
        if (strict) {
            final String remainder = host.substring(
                    prefix.length(), host.length() - suffix.length());
            if (remainder.contains(".")) {
                return false;
            }
        }
        return true;
    }
    return host.equalsIgnoreCase(identity);
}

static void matchDNSName(final String host, final List<String> subjectAlts,
                         final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
    final String normalizedHost = host.toLowerCase(Locale.ROOT);
    for (int i = 0; i < subjectAlts.size(); i++) {
        final String subjectAlt = subjectAlts.get(i);
        final String normalizedSubjectAlt = subjectAlt.toLowerCase(Locale.ROOT);
        if (matchIdentityStrict(normalizedHost, normalizedSubjectAlt, publicSuffixMatcher)) {
            return;
        }
    }
    throw new SSLException("Certificate for <" + host + "> doesn't match any " +
            "of the subject alternative names: " + subjectAlts);
}

static void matchCN(final String host, final String cn,
             final PublicSuffixMatcher publicSuffixMatcher) throws SSLException {
    if (!matchIdentityStrict(host, cn, publicSuffixMatcher)) {
        throw new SSLException("Certificate for <" + host + "> doesn't match " +
                "common name of the certificate subject: " + cn);
    }
}

private static boolean matchIdentity(final String host, final String identity,
                                     final PublicSuffixMatcher publicSuffixMatcher,
                                     final boolean strict) {
    if (publicSuffixMatcher != null && host.contains(".")) {
        if (!matchDomainRoot(host, publicSuffixMatcher.getDomainRoot(identity))) {
            return false;
        }
    }

    // RFC 2818, 3.1. Server Identity
    // "...Names may contain the wildcard
    // character * which is considered to match any single domain name
    // component or component fragment..."
    // Based on this statement presuming only singular wildcard is legal
    final int asteriskIdx = identity.indexOf('*');
    if (asteriskIdx != -1) {
        final String prefix = identity.substring(0, asteriskIdx);
        final String suffix = identity.substring(asteriskIdx + 1);
        if (!prefix.isEmpty() && !host.startsWith(prefix)) {
            return false;
        }
        if (!suffix.isEmpty() && !host.endsWith(suffix)) {
            return false;
        }
        // Additional sanity checks on content selected by wildcard can be done here
        if (strict) {
            final String remainder = host.substring(
                    prefix.length(), host.length() - suffix.length());
            if (remainder.contains(".")) {
                return false;
            }
        }
        return true;
    }
    return host.equalsIgnoreCase(identity);
}

public final static void main(String[] args) throws Exception {

        // Use PublicSuffixMatcherLoader to load public suffix list from a file,
        // resource or from an arbitrary URL
        PublicSuffixMatcher publicSuffixMatcher = PublicSuffixMatcherLoader.load(
                new URL("https://publicsuffix.org/list/effective_tld_names.dat"));

        // Please use the publicsuffix.org URL to download the list no more than once per day !!!
        // Please consider making a local copy !!!

        DefaultHostnameVerifier hostnameVerifier = new DefaultHostnameVerifier(publicSuffixMatcher);

        RFC6265CookieSpecProvider cookieSpecProvider = new RFC6265CookieSpecProvider(publicSuffixMatcher);
        Lookup<CookieSpecProvider> cookieSpecRegistry = RegistryBuilder.<CookieSpecProvider>create()
                .register(CookieSpecs.DEFAULT, cookieSpecProvider)
                .register(CookieSpecs.STANDARD, cookieSpecProvider)
                .register(CookieSpecs.STANDARD_STRICT, cookieSpecProvider)
                .build();

        CloseableHttpClient httpclient = HttpClients.custom()
                .setSSLHostnameVerifier(hostnameVerifier)
                .setDefaultCookieSpecRegistry(cookieSpecRegistry)
                .build();
        try {

            HttpGet httpget = new HttpGet("https://httpbin.org/");

            System.out.println("executing request " + httpget.getRequestLine());

            CloseableHttpResponse response = httpclient.execute(httpget);
            try {
                HttpEntity entity = response.getEntity();

                System.out.println("----------------------------------------");
                System.out.println(response.getStatusLine());
                EntityUtils.consume(entity);
            } finally {
                response.close();
            }
        } finally {
            httpclient.close();
        }
    }

public RFC2109SpecProvider(final PublicSuffixMatcher publicSuffixMatcher, final boolean oneHeader) {
    super();
    this.oneHeader = oneHeader;
    this.publicSuffixMatcher = publicSuffixMatcher;
}

public RFC2109SpecProvider(final PublicSuffixMatcher publicSuffixMatcher) {
    this(publicSuffixMatcher, false);
}

public DefaultCookieSpecProvider(
        final CompatibilityLevel compatibilityLevel,
        final PublicSuffixMatcher publicSuffixMatcher) {
    this(compatibilityLevel, publicSuffixMatcher, null, false);
}

public DefaultCookieSpecProvider(final PublicSuffixMatcher publicSuffixMatcher) {
    this(CompatibilityLevel.DEFAULT, publicSuffixMatcher, null, false);
}

public PublicSuffixDomainFilter(
        final CommonCookieAttributeHandler handler, final PublicSuffixMatcher publicSuffixMatcher) {
    this.handler = Args.notNull(handler, "Cookie handler");
    this.publicSuffixMatcher = Args.notNull(publicSuffixMatcher, "Public suffix matcher");
    this.localDomainMap = createLocalDomainMap();
}

public static CommonCookieAttributeHandler decorate(
        final CommonCookieAttributeHandler handler, final PublicSuffixMatcher publicSuffixMatcher) {
    Args.notNull(handler, "Cookie attribute handler");
    return publicSuffixMatcher != null ? new PublicSuffixDomainFilter(handler, publicSuffixMatcher) : handler;
}

public RFC2965SpecProvider(final PublicSuffixMatcher publicSuffixMatcher, final boolean oneHeader) {
    super();
    this.oneHeader = oneHeader;
    this.publicSuffixMatcher = publicSuffixMatcher;
}

public RFC2965SpecProvider(final PublicSuffixMatcher publicSuffixMatcher) {
    this(publicSuffixMatcher, false);
}

public RFC6265CookieSpecProvider(final PublicSuffixMatcher publicSuffixMatcher) {
    this(CompatibilityLevel.RELAXED, publicSuffixMatcher);
}

/**
 * Creates the default registry with the provided public suffix matcher
 */
public static Lookup<CookieSpecProvider> createDefault(final PublicSuffixMatcher publicSuffixMatcher) {
    return createDefaultBuilder(publicSuffixMatcher).build();
}

public DefaultHostnameVerifier(final PublicSuffixMatcher publicSuffixMatcher) {
    this.publicSuffixMatcher = publicSuffixMatcher;
}

static boolean matchIdentity(final String host, final String identity,
                             final PublicSuffixMatcher publicSuffixMatcher) {
    return matchIdentity(host, identity, publicSuffixMatcher, false);
}

static boolean matchIdentityStrict(final String host, final String identity,
                                   final PublicSuffixMatcher publicSuffixMatcher) {
    return matchIdentity(host, identity, publicSuffixMatcher, true);
}

@Before
public void setup() {
    impl = new DefaultHostnameVerifier();
    publicSuffixMatcher = new PublicSuffixMatcher(DomainType.ICANN, Arrays.asList("com", "co.jp", "gov.uk"), null);
    implWithPublicSuffixCheck = new DefaultHostnameVerifier(publicSuffixMatcher);
}

public AbsDefaultHostnameVerifier(final PublicSuffixMatcher publicSuffixMatcher) {
    this.publicSuffixMatcher = publicSuffixMatcher;
}

static boolean matchIdentity(final String host, final String identity,
                             final PublicSuffixMatcher publicSuffixMatcher) {
    return matchIdentity(host, identity, publicSuffixMatcher, false);
}

static boolean matchIdentityStrict(final String host, final String identity,
                                   final PublicSuffixMatcher publicSuffixMatcher) {
    return matchIdentity(host, identity, publicSuffixMatcher, true);
}

public AbsDefaultHostnameVerifier(final PublicSuffixMatcher publicSuffixMatcher) {
    this.publicSuffixMatcher = publicSuffixMatcher;
}

static boolean matchIdentity(final String host, final String identity,
                             final PublicSuffixMatcher publicSuffixMatcher) {
    return matchIdentity(host, identity, publicSuffixMatcher, false);
}

static boolean matchIdentityStrict(final String host, final String identity,
                                   final PublicSuffixMatcher publicSuffixMatcher) {
    return matchIdentity(host, identity, publicSuffixMatcher, true);
}

public DefaultHostnameVerifier(final PublicSuffixMatcher publicSuffixMatcher) {
    this.publicSuffixMatcher = publicSuffixMatcher;
}