From f24ef7dda918c182924f536cf2859a9fa551b575 Mon Sep 17 00:00:00 2001 From: Hugues Bruant Date: Sat, 20 Jun 2015 13:55:43 -0400 Subject: [PATCH] XmppHostnameVerifier: check subject CommonName --- .../smack/java7/XmppHostnameVerifier.java | 22 ++++++++++++++++++- 1 file changed, 21 insertions(+), 1 deletion(-) diff --git a/smack-java7/src/main/java/org/jivesoftware/smack/java7/XmppHostnameVerifier.java b/smack-java7/src/main/java/org/jivesoftware/smack/java7/XmppHostnameVerifier.java index 2935618d3..d9aba87f1 100644 --- a/smack-java7/src/main/java/org/jivesoftware/smack/java7/XmppHostnameVerifier.java +++ b/smack-java7/src/main/java/org/jivesoftware/smack/java7/XmppHostnameVerifier.java @@ -30,6 +30,9 @@ import java.util.Locale; import java.util.logging.Level; import java.util.logging.Logger; +import javax.naming.InvalidNameException; +import javax.naming.ldap.LdapName; +import javax.naming.ldap.Rdn; import javax.net.ssl.HostnameVerifier; import javax.net.ssl.SSLPeerUnverifiedException; import javax.net.ssl.SSLSession; @@ -133,7 +136,24 @@ public class XmppHostnameVerifier implements HostnameVerifier { throw new CertificateException(sb.toString()); } } - // TODO SubjectX500Name + + LdapName dn = null; + try { + dn = new LdapName(cert.getSubjectX500Principal().getName()); + } catch (InvalidNameException e) { + LOGGER.warning("Invalid DN: " + e.getMessage()); + } + if (dn != null) { + for (Rdn rdn : dn.getRdns()) { + if (rdn.getType().equalsIgnoreCase("CN")) { + if (matchesPerRfc2818(name, rdn.getValue().toString())) { + return; + } + break; + } + } + } + throw new CertificateException("No name matching " + name + " found"); }