Merge "Don't fail GeneralName parsing if the DNS name contains a wildcard."

author: Jesse Wilson <jessewilson@google.com> 2011-11-15 10:34:10 -0800
committer: Android (Google) Code Review <android-gerrit@google.com> 2011-11-15 10:34:10 -0800
commit: 03aaa13a6c9eb7912d903ebbd792f6c303b43757 (patch)
tree: 1faeda638705767fdcfa1da75c67adeaa9ffd853
parent: eb18d3586fe188d67210dd0adf759c84dd4f3c2f (diff)
parent: 8626012f833cada8b06c3d82860d2dbe4107ce7a (diff)
download: libcore-03aaa13a6c9eb7912d903ebbd792f6c303b43757.zip
libcore-03aaa13a6c9eb7912d903ebbd792f6c303b43757.tar.gz
libcore-03aaa13a6c9eb7912d903ebbd792f6c303b43757.tar.bz2
2 files changed, 45 insertions, 9 deletions
diff --git a/luni/src/main/java/org/apache/harmony/security/x509/GeneralName.java b/luni/src/main/java/org/apache/harmony/security/x509/GeneralName.java
index d8188be..e216029 100644
--- a/luni/src/main/java/org/apache/harmony/security/x509/GeneralName.java
+++ b/luni/src/main/java/org/apache/harmony/security/x509/GeneralName.java
@@ -539,9 +539,12 @@ public final class GeneralName {
     }
 
     /**
-     * Checks the correctness of the string representation of DNS name.
-     * The correctness is checked as specified in RFC 1034 p. 10, and modified
-     * by RFC 1123 (section 2.1).
+     * Checks the correctness of the string representation of DNS name as
+     * specified in RFC 1034 p. 10 and RFC 1123 section 2.1.
+     *
+     * <p>This permits a wildcard character '*' anywhere in the name; it is up
+     * to the application to check which wildcards are permitted. See RFC 6125
+     * for recommended wildcard matching rules.
      */
     public static void checkDNS(String dns) throws IOException {
         String string = dns.toLowerCase(Locale.US);
@@ -551,18 +554,14 @@ public final class GeneralName {
         for (int i = 0; i < length; i++) {
             char ch = string.charAt(i);
             if (first_letter) {
-                if ((length > 2) && (ch == '*') && (string.charAt(1) == '.')) {
-                    first_letter = false;
-                    continue;
-                }
-                if ((ch > 'z' || ch < 'a') && (ch < '0' || ch > '9')) {
+                if ((ch > 'z' || ch < 'a') && (ch < '0' || ch > '9') && (ch != '*')) {
                     throw new IOException("DNS name must start with a letter: " + dns);
                 }
                 first_letter = false;
                 continue;
             }
             if (!((ch >= 'a' && ch <= 'z') || (ch >= '0' && ch <= '9')
-                    || (ch == '-') || (ch == '.'))) {
+                    || (ch == '-') || (ch == '.') || (ch == '*'))) {
                 throw new IOException("Incorrect DNS name: " + dns);
             }
             if (ch == '.') {
diff --git a/luni/src/test/java/libcore/javax/security/auth/x500/GeneralNameTest.java b/luni/src/test/java/libcore/javax/security/auth/x500/GeneralNameTest.java
new file mode 100644
index 0000000..aac5e84
--- /dev/null
+++ b/luni/src/test/java/libcore/javax/security/auth/x500/GeneralNameTest.java
@@ -0,0 +1,37 @@
+/*
+ * Copyright (C) 2011 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *      http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package libcore.javax.security.auth.x500;
+
+import org.apache.harmony.security.x509.GeneralName;
+import junit.framework.TestCase;
+
+public final class GeneralNameTest extends TestCase {
+    // http://code.google.com/p/android/issues/detail?id=21311
+    public void testWildcardsInDnsName() throws Exception {
+        // examples of potential DNS wildcard locations from RFC 6125 section 7.2
+        new GeneralName(GeneralName.DNS_NAME, "*.example.com");
+        new GeneralName(GeneralName.DNS_NAME, "fo*.example.com");
+        new GeneralName(GeneralName.DNS_NAME, "f*o.example.com");
+        new GeneralName(GeneralName.DNS_NAME, "*oo.example.com");
+        new GeneralName(GeneralName.DNS_NAME, "www.*.example.com");
+        new GeneralName(GeneralName.DNS_NAME, "www.foo*.example.com");
+        new GeneralName(GeneralName.DNS_NAME, "*.co.uk");
+        new GeneralName(GeneralName.DNS_NAME, "*.com");
+        new GeneralName(GeneralName.DNS_NAME, "f*b*r.example.com");
+        new GeneralName(GeneralName.DNS_NAME, "*.*.example.com");
+    }
+}
author	Jesse Wilson <jessewilson@google.com>	2011-11-15 10:34:10 -0800
committer	Android (Google) Code Review <android-gerrit@google.com>	2011-11-15 10:34:10 -0800
commit	03aaa13a6c9eb7912d903ebbd792f6c303b43757 (patch)
tree	1faeda638705767fdcfa1da75c67adeaa9ffd853
parent	eb18d3586fe188d67210dd0adf759c84dd4f3c2f (diff)
parent	8626012f833cada8b06c3d82860d2dbe4107ce7a (diff)
download	libcore-03aaa13a6c9eb7912d903ebbd792f6c303b43757.zip libcore-03aaa13a6c9eb7912d903ebbd792f6c303b43757.tar.gz libcore-03aaa13a6c9eb7912d903ebbd792f6c303b43757.tar.bz2