diff options
author | robm <none@none> | 2015-02-10 23:32:48 +0000 |
---|---|---|
committer | robm <none@none> | 2015-02-10 23:32:48 +0000 |
commit | 344d32e77a7c4990aad03b7535eeb975249462c2 (patch) | |
tree | 38a5c5ab24412cfd3e67c166775f3670b2c153f4 | |
parent | f0639f176435fc6383579589008a97fab52b5c51 (diff) |
8065553: Failed Java web start via IPv6 (Java7u71 or later)jdk8u45-b08
Reviewed-by: xuelei
3 files changed, 43 insertions, 0 deletions
diff --git a/src/share/classes/sun/security/util/HostnameChecker.java b/src/share/classes/sun/security/util/HostnameChecker.java index 77f17f71a..0741b2eda 100644 --- a/src/share/classes/sun/security/util/HostnameChecker.java +++ b/src/share/classes/sun/security/util/HostnameChecker.java @@ -26,6 +26,8 @@ package sun.security.util; import java.io.IOException; +import java.net.InetAddress; +import java.net.UnknownHostException; import java.util.*; import java.security.Principal; @@ -148,6 +150,17 @@ public class HostnameChecker { String ipAddress = (String)next.get(1); if (expectedIP.equalsIgnoreCase(ipAddress)) { return; + } else { + // compare InetAddress objects in order to ensure + // equality between a long IPv6 address and its + // abbreviated form. + try { + if (InetAddress.getByName(expectedIP).equals( + InetAddress.getByName(ipAddress))) { + return; + } + } catch (UnknownHostException e) { + } catch (SecurityException e) {} } } } diff --git a/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java b/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java index 7603a460f..d5ef752f0 100644 --- a/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java +++ b/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java @@ -187,6 +187,9 @@ public class TestHostnameChecker { in = new FileInputStream(new File(PATH, "cert4.crt")); X509Certificate cert4 = (X509Certificate)cf.generateCertificate(in); in.close(); + in = new FileInputStream(new File(PATH, "cert5.crt")); + X509Certificate cert5 = (X509Certificate)cf.generateCertificate(in); + in.close(); HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); @@ -202,6 +205,9 @@ public class TestHostnameChecker { check(checker, "5.6.7.8", cert3, true); check(checker, "foo.bar.com", cert4, true); check(checker, "altfoo.bar.com", cert4, true); + check(checker, "2001:db8:3c4d:15::1a2f:1a2b", cert5, true); + check(checker, "2001:0db8:3c4d:0015:0000:0000:1a2f:1a2b", cert5, true); + check(checker, "2002:db8:3c4d:15::1a2f:1a2b", cert5, false); checker = HostnameChecker.getInstance( HostnameChecker.TYPE_LDAP); diff --git a/test/sun/security/util/HostnameMatcher/cert5.crt b/test/sun/security/util/HostnameMatcher/cert5.crt new file mode 100644 index 000000000..6cca37c87 --- /dev/null +++ b/test/sun/security/util/HostnameMatcher/cert5.crt @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIECDCCAvCgAwIBAgIJAJaBmuUlfY8sMA0GCSqGSIb3DQEBBQUAMIGmMQswCQYD +VQQGEwJVUzETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UEBwwJU29tZS1DaXR5 +MSowKAYDVQQKDCFVbmNvbmZpZ3VyZWQgT3BlblNTTCBJbnN0YWxsYXRpb24xEDAO +BgNVBAsMB3NlY3Rpb24xMDAuBgNVBAMMJzIwMDE6MGRiODozYzRkOjAwMTU6MDAw +MDowMDAwOjFhMmY6MWEyYjAeFw0xNTAyMTAxODMzMjBaFw0xNTAzMTIxODMzMjBa +MIGmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UEBwwJ +U29tZS1DaXR5MSowKAYDVQQKDCFVbmNvbmZpZ3VyZWQgT3BlblNTTCBJbnN0YWxs +YXRpb24xEDAOBgNVBAsMB3NlY3Rpb24xMDAuBgNVBAMMJzIwMDE6MGRiODozYzRk +OjAwMTU6MDAwMDowMDAwOjFhMmY6MWEyYjCCASIwDQYJKoZIhvcNAQEBBQADggEP +ADCCAQoCggEBAMcigWxmeF6Dmo3xAw3y/8d3vB8Th4YsmvwXb9DxwNWV+B3vxJgq +ww6T6VBxrle1bgu/RtZDJwLf5vMhVElxuuE86di2qyurKFbpe29C9xnCxuMlXpje +X2pNknz4ZzOqD4opmIAFjXZ2Xp1kLt+HJX7ABoz7Uga+IbVfDRPPf2KOqYNpBQkp +dgI5VOZDQNVNb+8vdXDwyanMQ0TgPXKL4BQIkGB4RM8sgpPMUvB+tEB7zmUtgSco +2a5M84wIhxv85CmFFoTVSzXsRCDhVAZj0aHRkkmAsMSmzPa4HiPnuVRV740oQjDy +oMGLndaEs2nxIqckUFHOHcSTf0/wmcvPbIsCAwEAAaM3MDUwCQYDVR0TBAIwADAL +BgNVHQ8EBAMCBeAwGwYDVR0RBBQwEocQIAENuDxNABUAAAAAGi8aKzANBgkqhkiG +9w0BAQUFAAOCAQEAtnelRbYPPZRgTd4oxOiPqwc01EE9JgtkFWlooCwVUDChOR2k +us1qlhKsvbN2Tcsm1Ss3p0Uxk/g1o2/mY8rA/dJ8qiN6jbfjpEi8b2MirP5tQSE0 +QNXbVGr5FnLbuUmn+82pB0vBSaq7gxehbV6S7dteyQUnb2imltC5wS9PwYb8wWx7 +IpyXWt0jkYkC8KJEevVYI7qtwpjYhyc1FqwzUiPmdqGz2AFLQ4RgTXJi93SPoyKM +s65oPV+r6/0qwnslScxVfszHxxFn1Yfsc5Oseare1MnlNzH69PmWs523C/fBvnB2 +MsHKLPdoN7uSpBLB7j46g5jQG/ceri/cquZKYA== +-----END CERTIFICATE----- |