private static boolean matchIdentity(final String host, final String identity, final PublicSuffixMatcher publicSuffixMatcher, final boolean strict) { if (publicSuffixMatcher != null && host.contains(".")) { if (!matchDomainRoot(host, publicSuffixMatcher.getDomainRoot(identity, DomainType.ICANN))) { return false; } } // RFC 2818, 3.1. Server Identity // "...Names may contain the wildcard // character * which is considered to match any single domain name // component or component fragment..." // Based on this statement presuming only singular wildcard is legal final int asteriskIdx = identity.indexOf('*'); if (asteriskIdx != -1) { final String prefix = identity.substring(0, asteriskIdx); final String suffix = identity.substring(asteriskIdx + 1); if (!prefix.isEmpty() && !host.startsWith(prefix)) { return false; } if (!suffix.isEmpty() && !host.endsWith(suffix)) { return false; } // Additional sanity checks on content selected by wildcard can be done here if (strict) { final String remainder = host.substring( prefix.length(), host.length() - suffix.length()); if (remainder.contains(".")) { return false; } } return true; } return host.equalsIgnoreCase(identity); }
@Test public void testPublicSuffixFilter() throws Exception { final BasicClientCookie cookie = new BasicClientCookie("name", "value"); final PublicSuffixMatcher matcher = new PublicSuffixMatcher(DomainType.ICANN, Arrays.asList("co.uk", "com"), null); final PublicSuffixDomainFilter h = new PublicSuffixDomainFilter(new RFC2109DomainHandler(), matcher); cookie.setDomain(".co.uk"); Assert.assertFalse(h.match(cookie, new CookieOrigin("apache.co.uk", 80, "/stuff", false))); cookie.setDomain("co.uk"); Assert.assertFalse(h.match(cookie, new CookieOrigin("apache.co.uk", 80, "/stuff", false))); cookie.setDomain(".co.com"); Assert.assertTrue(h.match(cookie, new CookieOrigin("apache.co.com", 80, "/stuff", false))); cookie.setDomain("co.com"); Assert.assertFalse(h.match(cookie, new CookieOrigin("apache.co.com", 80, "/stuff", false))); cookie.setDomain(".com"); Assert.assertFalse(h.match(cookie, new CookieOrigin("apache.com", 80, "/stuff", false))); cookie.setDomain("com"); Assert.assertFalse(h.match(cookie, new CookieOrigin("apache.com", 80, "/stuff", false))); cookie.setDomain("apache.com"); Assert.assertTrue(h.match(cookie, new CookieOrigin("apache.com", 80, "/stuff", false))); cookie.setDomain(".apache.com"); Assert.assertTrue(h.match(cookie, new CookieOrigin("www.apache.com", 80, "/stuff", false))); cookie.setDomain("localhost"); Assert.assertTrue(h.match(cookie, new CookieOrigin("localhost", 80, "/stuff", false))); }
@Before public void setup() { impl = new DefaultHostnameVerifier(); publicSuffixMatcher = new PublicSuffixMatcher(DomainType.ICANN, Arrays.asList("com", "co.jp", "gov.uk"), null); implWithPublicSuffixCheck = new DefaultHostnameVerifier(publicSuffixMatcher); }
