diff options
Diffstat (limited to 'luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java')
-rw-r--r-- | luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java | 28 |
1 files changed, 20 insertions, 8 deletions
diff --git a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java index 4b29363..c855c0c 100644 --- a/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java +++ b/luni/src/main/java/org/apache/harmony/xnet/provider/jsse/ClientHandshakeImpl.java @@ -18,14 +18,12 @@ package org.apache.harmony.xnet.provider.jsse; import java.io.IOException; -import java.security.AccessController; import java.security.Key; import java.security.KeyFactory; import java.security.KeyPair; import java.security.KeyPairGenerator; import java.security.NoSuchAlgorithmException; import java.security.PrivateKey; -import java.security.PrivilegedExceptionAction; import java.security.PublicKey; import java.security.cert.CertificateException; import java.security.cert.X509Certificate; @@ -39,6 +37,7 @@ import javax.crypto.spec.DHPublicKeySpec; import javax.crypto.spec.SecretKeySpec; import javax.net.ssl.X509ExtendedKeyManager; import javax.net.ssl.X509KeyManager; +import javax.net.ssl.X509TrustManager; import javax.security.auth.x500.X500Principal; /** @@ -90,7 +89,7 @@ public class ClientHandshakeImpl extends HandshakeProtocol { if (engineOwner != null) { session.setPeer(engineOwner.getPeerHost(), engineOwner.getPeerPort()); } else { - session.setPeer(socketOwner.getInetAddress().getHostName(), socketOwner.getPort()); + session.setPeer(socketOwner.getPeerHostName(), socketOwner.getPeerPort()); } session.protocol = ProtocolVersion.getLatestVersion(parameters.getEnabledProtocols()); recordProtocol.setVersion(session.protocol.version); @@ -111,7 +110,7 @@ public class ClientHandshakeImpl extends HandshakeProtocol { if (engineOwner != null) { session.setPeer(engineOwner.getPeerHost(), engineOwner.getPeerPort()); } else { - session.setPeer(socketOwner.getInetAddress().getHostName(), socketOwner.getPort()); + session.setPeer(socketOwner.getPeerHostName(), socketOwner.getPeerPort()); } session.protocol = ProtocolVersion.getLatestVersion(parameters.getEnabledProtocols()); recordProtocol.setVersion(session.protocol.version); @@ -500,7 +499,7 @@ public class ClientHandshakeImpl extends HandshakeProtocol { // send certificate verify for all certificates except those containing // fixed DH parameters - if (clientCert != null && !clientKeyExchange.isEmpty()) { + if (clientCert != null && clientCert.certs.length > 0 && !clientKeyExchange.isEmpty()) { // Certificate verify String authType = clientKey.getAlgorithm(); DigitalSignature ds = new DigitalSignature(authType); @@ -529,8 +528,21 @@ public class ClientHandshakeImpl extends HandshakeProtocol { if (authType == null) { return; } + String hostname = null; + if (engineOwner != null) { + hostname = engineOwner.getPeerHost(); + } else { + // we don't want to do an inet address lookup here in case we're talking to a proxy + hostname = socketOwner.getWrappedHostName(); + } try { - parameters.getTrustManager().checkServerTrusted(serverCert.certs, authType); + X509TrustManager x509tm = parameters.getTrustManager(); + if (x509tm instanceof TrustManagerImpl) { + TrustManagerImpl tm = (TrustManagerImpl) x509tm; + tm.checkServerTrusted(serverCert.certs, authType, hostname); + } else { + x509tm.checkServerTrusted(serverCert.certs, authType); + } } catch (CertificateException e) { fatalAlert(AlertProtocol.BAD_CERTIFICATE, "Not trusted server certificate", e); return; @@ -561,8 +573,8 @@ public class ClientHandshakeImpl extends HandshakeProtocol { host = engineOwner.getPeerHost(); port = engineOwner.getPeerPort(); } else { - host = socketOwner.getInetAddress().getHostName(); - port = socketOwner.getPort(); + host = socketOwner.getPeerHostName(); + port = socketOwner.getPeerPort(); } if (host == null || port == -1) { return null; // starts new session |