Skip to content

Commit

Permalink
Hostname verifier for the Jetty connector
Browse files Browse the repository at this point in the history
Signed-off-by: Maxim Nesen <maxim.nesen@oracle.com>
  • Loading branch information
senivam committed Mar 23, 2023
1 parent 4964825 commit 0914c71
Show file tree
Hide file tree
Showing 2 changed files with 24 additions and 11 deletions.
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2013, 2022 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2013, 2023 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
Expand Down Expand Up @@ -154,16 +154,20 @@ class JettyConnector implements Connector {
}
if (httpClient == null) {
final SSLContext sslContext = jaxrsClient.getSslContext();
final SslContextFactory sslContextFactory = new SslContextFactory();
final SslContextFactory.Client sslContextFactory = new SslContextFactory.Client(false);
sslContextFactory.setSslContext(sslContext);
httpClient = new HttpClient(sslContextFactory);
}
this.client = httpClient;

Boolean enableHostnameVerification = (Boolean) config.getProperties()
.get(JettyClientProperties.ENABLE_SSL_HOSTNAME_VERIFICATION);
if (enableHostnameVerification != null && enableHostnameVerification) {
client.getSslContextFactory().setEndpointIdentificationAlgorithm("https");
if (enableHostnameVerification != null) {
final String verificationAlgorithm = enableHostnameVerification ? "HTTPS" : null;
client.getSslContextFactory().setEndpointIdentificationAlgorithm(verificationAlgorithm);
}
if (jaxrsClient.getHostnameVerifier() != null) {
client.getSslContextFactory().setHostnameVerifier(jaxrsClient.getHostnameVerifier());
}

final Object connectTimeout = config.getProperties().get(ClientProperties.CONNECT_TIMEOUT);
Expand Down
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
/*
* Copyright (c) 2015, 2022 Oracle and/or its affiliates. All rights reserved.
* Copyright (c) 2015, 2023 Oracle and/or its affiliates. All rights reserved.
*
* This program and the accompanying materials are made available under the
* terms of the Eclipse Public License v. 2.0, which is available at
Expand Down Expand Up @@ -31,8 +31,9 @@
import org.glassfish.jersey.client.authentication.HttpAuthenticationFeature;
import org.glassfish.jersey.client.spi.ConnectorProvider;
import org.glassfish.jersey.grizzly.connector.GrizzlyConnectorProvider;
import org.glassfish.jersey.jetty.connector.JettyConnectorProvider;
import org.glassfish.jersey.jetty.connector.JettyClientProperties;

import org.glassfish.jersey.jetty.connector.JettyConnectorProvider;
import org.junit.jupiter.params.ParameterizedTest;
import org.junit.jupiter.params.provider.MethodSource;
import static org.junit.jupiter.api.Assertions.assertEquals;
Expand Down Expand Up @@ -66,32 +67,40 @@ protected String clientTrustStore() {
@ParameterizedTest
@MethodSource("testData")
public void testHostnameVerifierApplied(ConnectorProvider connectorProvider) throws Exception {
// Grizzly and Jetty connectors don't support Hostname Verification
if (isExcluded(Arrays.asList(GrizzlyConnectorProvider.class, JettyConnectorProvider.class), connectorProvider)) {
// Grizzly connector does not support Hostname Verification
if (isExcluded(Arrays.asList(GrizzlyConnectorProvider.class), connectorProvider)) {
return;
}

final Client client = ClientBuilder.newBuilder()
.withConfig(new ClientConfig().connectorProvider(connectorProvider))
.withConfig(getClientConfig(JettyConnectorProvider.class.isAssignableFrom(connectorProvider.getClass()))
.connectorProvider(connectorProvider))
.register(HttpAuthenticationFeature.basic("user", "password"))
.hostnameVerifier(new CustomHostnameVerifier())
.sslContext(getSslContext())
.build();

try {
client.target(Server.BASE_URI).request().get(Response.class);
fail("HostnameVerifier was not applied.");
fail("HostnameVerifier was not applied by " + connectorProvider.getClass());
} catch (ProcessingException pex) {
CustomHostnameVerifier.HostnameVerifierException hve = getHVE(pex);

if (hve != null) {
assertEquals(CustomHostnameVerifier.EX_VERIFIER_MESSAGE, hve.getMessage());
} else {
fail("Invalid wrapped exception.");
fail("Invalid wrapped exception.", pex);
}
}
}

private static final ClientConfig getClientConfig(boolean enableSslHostnameVerification) {
final ClientConfig config = new ClientConfig();
return enableSslHostnameVerification ? config
.property(JettyClientProperties.ENABLE_SSL_HOSTNAME_VERIFICATION, Boolean.FALSE)
: config;
}

private boolean isExcluded(List<Class<? extends ConnectorProvider>> excluded, ConnectorProvider connectorProvider) {
for (Class<?> clazz : excluded) {
if (clazz.isAssignableFrom(connectorProvider.getClass())) {
Expand Down

0 comments on commit 0914c71

Please sign in to comment.