OpenJDK / jigsaw / jake / jdk
changeset 11920:311c2ac065f2
8065553: Failed Java web start via IPv6 (Java7u71 or later)
Reviewed-by: xuelei
| author | robm |
|---|---|
| date | Tue, 10 Feb 2015 23:32:48 +0000 |
| parents | 48dac9cf76fb |
| children | 7a6030e7c88e |
| files | src/java.base/share/classes/sun/security/util/HostnameChecker.java test/sun/security/util/HostnameMatcher/TestHostnameChecker.java test/sun/security/util/HostnameMatcher/cert5.crt |
| diffstat | 3 files changed, 43 insertions(+), 0 deletions(-) [+] |
line wrap: on
line diff
--- a/src/java.base/share/classes/sun/security/util/HostnameChecker.java Tue Feb 10 11:34:13 2015 -0800 +++ b/src/java.base/share/classes/sun/security/util/HostnameChecker.java Tue Feb 10 23:32:48 2015 +0000 @@ -26,6 +26,8 @@ package sun.security.util; import java.io.IOException; +import java.net.InetAddress; +import java.net.UnknownHostException; import java.util.*; import java.security.Principal; @@ -148,6 +150,17 @@ String ipAddress = (String)next.get(1); if (expectedIP.equalsIgnoreCase(ipAddress)) { return; + } else { + // compare InetAddress objects in order to ensure + // equality between a long IPv6 address and its + // abbreviated form. + try { + if (InetAddress.getByName(expectedIP).equals( + InetAddress.getByName(ipAddress))) { + return; + } + } catch (UnknownHostException e) { + } catch (SecurityException e) {} } } }
--- a/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java Tue Feb 10 11:34:13 2015 -0800 +++ b/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java Tue Feb 10 23:32:48 2015 +0000 @@ -187,6 +187,9 @@ in = new FileInputStream(new File(PATH, "cert4.crt")); X509Certificate cert4 = (X509Certificate)cf.generateCertificate(in); in.close(); + in = new FileInputStream(new File(PATH, "cert5.crt")); + X509Certificate cert5 = (X509Certificate)cf.generateCertificate(in); + in.close(); HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); @@ -202,6 +205,9 @@ check(checker, "5.6.7.8", cert3, true); check(checker, "foo.bar.com", cert4, true); check(checker, "altfoo.bar.com", cert4, true); + check(checker, "2001:db8:3c4d:15::1a2f:1a2b", cert5, true); + check(checker, "2001:0db8:3c4d:0015:0000:0000:1a2f:1a2b", cert5, true); + check(checker, "2002:db8:3c4d:15::1a2f:1a2b", cert5, false); checker = HostnameChecker.getInstance( HostnameChecker.TYPE_LDAP);
--- /dev/null Thu Jan 01 00:00:00 1970 +0000 +++ b/test/sun/security/util/HostnameMatcher/cert5.crt Tue Feb 10 23:32:48 2015 +0000 @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECDCCAvCgAwIBAgIJAJaBmuUlfY8sMA0GCSqGSIb3DQEBBQUAMIGmMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UEBwwJU29tZS1DaXR5 +MSowKAYDVQQKDCFVbmNvbmZpZ3VyZWQgT3BlblNTTCBJbnN0YWxsYXRpb24xEDAO +BgNVBAsMB3NlY3Rpb24xMDAuBgNVBAMMJzIwMDE6MGRiODozYzRkOjAwMTU6MDAw +MDowMDAwOjFhMmY6MWEyYjAeFw0xNTAyMTAxODMzMjBaFw0xNTAzMTIxODMzMjBa +MIGmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UEBwwJ +U29tZS1DaXR5MSowKAYDVQQKDCFVbmNvbmZpZ3VyZWQgT3BlblNTTCBJbnN0YWxs +YXRpb24xEDAOBgNVBAsMB3NlY3Rpb24xMDAuBgNVBAMMJzIwMDE6MGRiODozYzRk +OjAwMTU6MDAwMDowMDAwOjFhMmY6MWEyYjCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMcigWxmeF6Dmo3xAw3y/8d3vB8Th4YsmvwXb9DxwNWV+B3vxJgq +ww6T6VBxrle1bgu/RtZDJwLf5vMhVElxuuE86di2qyurKFbpe29C9xnCxuMlXpje +X2pNknz4ZzOqD4opmIAFjXZ2Xp1kLt+HJX7ABoz7Uga+IbVfDRPPf2KOqYNpBQkp +dgI5VOZDQNVNb+8vdXDwyanMQ0TgPXKL4BQIkGB4RM8sgpPMUvB+tEB7zmUtgSco +2a5M84wIhxv85CmFFoTVSzXsRCDhVAZj0aHRkkmAsMSmzPa4HiPnuVRV740oQjDy +oMGLndaEs2nxIqckUFHOHcSTf0/wmcvPbIsCAwEAAaM3MDUwCQYDVR0TBAIwADAL +BgNVHQ8EBAMCBeAwGwYDVR0RBBQwEocQIAENuDxNABUAAAAAGi8aKzANBgkqhkiG +9w0BAQUFAAOCAQEAtnelRbYPPZRgTd4oxOiPqwc01EE9JgtkFWlooCwVUDChOR2k +us1qlhKsvbN2Tcsm1Ss3p0Uxk/g1o2/mY8rA/dJ8qiN6jbfjpEi8b2MirP5tQSE0 +QNXbVGr5FnLbuUmn+82pB0vBSaq7gxehbV6S7dteyQUnb2imltC5wS9PwYb8wWx7 +IpyXWt0jkYkC8KJEevVYI7qtwpjYhyc1FqwzUiPmdqGz2AFLQ4RgTXJi93SPoyKM +s65oPV+r6/0qwnslScxVfszHxxFn1Yfsc5Oseare1MnlNzH69PmWs523C/fBvnB2 +MsHKLPdoN7uSpBLB7j46g5jQG/ceri/cquZKYA== +-----END CERTIFICATE-----