[JM-1394] More improvements from Corey Wright.

git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10546 b35dd754-fafc-0310-a699-88a17e54d16e

[JM-1394] More improvements from Corey Wright.
git-svn-id: http://svn.igniterealtime.org/svn/repos/openfire/trunk@10546 b35dd754-fafc-0310-a699-88a17e54d16e
e595dd6f · Daniel Henninger · dhenninger · cec7c04c · e595dd6f · e595dd6f
Commit e595dd6f authored Jun 17, 2008 by Daniel Henninger Committed by dhenninger Jun 17, 2008
Showing with 14 additions and 17 deletions

SASLAuthentication.java ...ava/org/jivesoftware/openfire/net/SASLAuthentication.java +6 -1

ServerTrustManager.java ...ava/org/jivesoftware/openfire/net/ServerTrustManager.java +8 -16

No files found.
--- a/src/java/org/jivesoftware/openfire/net/SASLAuthentication.java
+++ b/src/java/org/jivesoftware/openfire/net/SASLAuthentication.java
@@ -460,7 +460,12 @@ public class SASLAuthentication {
            for (Certificate certificate : connection.getPeerCertificates()) {
                for (String identity : CertificateManager.getPeerIdentities((X509Certificate) certificate)) {
-                    if (identity.equals(hostname) || identity.equals("*." + hostname)) {
+                    // Verify that either the identity is the same as the hostname, or for wildcarded
+                    // identities that the hostname ends with .domainspecified or -is- domainspecified.
+                    if ((identity.startsWith("*.")
+                         && (hostname.endsWith(identity.replace("*.", "."))
+                             || hostname.equals(identity.replace("*.", ""))))
+                            || hostname.equals(identity)) {
                        authenticationSuccessful(session, hostname, null);
                        return Status.authenticated;
                    }

--- a/src/java/org/jivesoftware/openfire/net/ServerTrustManager.java
+++ b/src/java/org/jivesoftware/openfire/net/ServerTrustManager.java
@@ -140,23 +140,15 @@ public class ServerTrustManager implements X509TrustManager {
            // a wildcard.
            Boolean found = false;
            for (String identity : peerIdentities) {
-                if (identity.startsWith("*.")) {
+                // Verify that either the identity is the same as the hostname, or for wildcarded
-                    // strip off asterisks, but keep leading dot
+                // identities that the hostname ends with .domainspecified or -is- domainspecified.
-                    // to insure endsWith() only matches a subdomain
+                if ((identity.startsWith("*.")
-                    // of the intended domain
+                        && (server.endsWith(identity.replace("*.", "."))
-                    identity = identity.replace("*.", ".");
+                        || server.equals(identity.replace("*.", ""))))
-                    if (server.endsWith(identity)) {
+                        || server.equals(identity)) {
-                        found = true;
+                    found = true;
-                        break;
+                    break;
-                    }
-                }
-                else {
-                    if (server.equals(identity)) {
-                        found = true;
-                        break;
-                    }
                }
            }
            if (!found) {