8065553: Failed Java web start via IPv6 (Java7u71 or later)jdk8u45-b08

Reviewed-by: xuelei
author: robm <none@none> 2015-02-10 23:32:48 +0000
committer: robm <none@none> 2015-02-10 23:32:48 +0000
commit: 344d32e77a7c4990aad03b7535eeb975249462c2 (patch)
tree: 38a5c5ab24412cfd3e67c166775f3670b2c153f4
parent: f0639f176435fc6383579589008a97fab52b5c51 (diff)
3 files changed, 43 insertions, 0 deletions
diff --git a/src/share/classes/sun/security/util/HostnameChecker.java b/src/share/classes/sun/security/util/HostnameChecker.java
index 77f17f71a..0741b2eda 100644
--- a/src/share/classes/sun/security/util/HostnameChecker.java
+++ b/src/share/classes/sun/security/util/HostnameChecker.java
@@ -26,6 +26,8 @@
 package sun.security.util;
 
 import java.io.IOException;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
 import java.util.*;
 
 import java.security.Principal;
@@ -148,6 +150,17 @@ public class HostnameChecker {
                 String ipAddress = (String)next.get(1);
                 if (expectedIP.equalsIgnoreCase(ipAddress)) {
                     return;
+                } else {
+                    // compare InetAddress objects in order to ensure
+                    // equality between a long IPv6 address and its
+                    // abbreviated form.
+                    try {
+                        if (InetAddress.getByName(expectedIP).equals(
+                                InetAddress.getByName(ipAddress))) {
+                            return;
+                        }
+                    } catch (UnknownHostException e) {
+                    } catch (SecurityException e) {}
                 }
             }
         }
diff --git a/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java b/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java
index 7603a460f..d5ef752f0 100644
--- a/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java
+++ b/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java
@@ -187,6 +187,9 @@ public class TestHostnameChecker {
         in = new FileInputStream(new File(PATH, "cert4.crt"));
         X509Certificate cert4 = (X509Certificate)cf.generateCertificate(in);
         in.close();
+        in = new FileInputStream(new File(PATH, "cert5.crt"));
+        X509Certificate cert5 = (X509Certificate)cf.generateCertificate(in);
+        in.close();
 
         HostnameChecker checker = HostnameChecker.getInstance(
                                         HostnameChecker.TYPE_TLS);
@@ -202,6 +205,9 @@ public class TestHostnameChecker {
         check(checker, "5.6.7.8", cert3, true);
         check(checker, "foo.bar.com", cert4, true);
         check(checker, "altfoo.bar.com", cert4, true);
+        check(checker, "2001:db8:3c4d:15::1a2f:1a2b", cert5, true);
+        check(checker, "2001:0db8:3c4d:0015:0000:0000:1a2f:1a2b", cert5, true);
+        check(checker, "2002:db8:3c4d:15::1a2f:1a2b", cert5, false);
 
         checker = HostnameChecker.getInstance(
                                 HostnameChecker.TYPE_LDAP);
diff --git a/test/sun/security/util/HostnameMatcher/cert5.crt b/test/sun/security/util/HostnameMatcher/cert5.crt
new file mode 100644
index 000000000..6cca37c87
--- /dev/null
+++ b/test/sun/security/util/HostnameMatcher/cert5.crt
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECDCCAvCgAwIBAgIJAJaBmuUlfY8sMA0GCSqGSIb3DQEBBQUAMIGmMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UEBwwJU29tZS1DaXR5
+MSowKAYDVQQKDCFVbmNvbmZpZ3VyZWQgT3BlblNTTCBJbnN0YWxsYXRpb24xEDAO
+BgNVBAsMB3NlY3Rpb24xMDAuBgNVBAMMJzIwMDE6MGRiODozYzRkOjAwMTU6MDAw
+MDowMDAwOjFhMmY6MWEyYjAeFw0xNTAyMTAxODMzMjBaFw0xNTAzMTIxODMzMjBa
+MIGmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UEBwwJ
+U29tZS1DaXR5MSowKAYDVQQKDCFVbmNvbmZpZ3VyZWQgT3BlblNTTCBJbnN0YWxs
+YXRpb24xEDAOBgNVBAsMB3NlY3Rpb24xMDAuBgNVBAMMJzIwMDE6MGRiODozYzRk
+OjAwMTU6MDAwMDowMDAwOjFhMmY6MWEyYjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMcigWxmeF6Dmo3xAw3y/8d3vB8Th4YsmvwXb9DxwNWV+B3vxJgq
+ww6T6VBxrle1bgu/RtZDJwLf5vMhVElxuuE86di2qyurKFbpe29C9xnCxuMlXpje
+X2pNknz4ZzOqD4opmIAFjXZ2Xp1kLt+HJX7ABoz7Uga+IbVfDRPPf2KOqYNpBQkp
+dgI5VOZDQNVNb+8vdXDwyanMQ0TgPXKL4BQIkGB4RM8sgpPMUvB+tEB7zmUtgSco
+2a5M84wIhxv85CmFFoTVSzXsRCDhVAZj0aHRkkmAsMSmzPa4HiPnuVRV740oQjDy
+oMGLndaEs2nxIqckUFHOHcSTf0/wmcvPbIsCAwEAAaM3MDUwCQYDVR0TBAIwADAL
+BgNVHQ8EBAMCBeAwGwYDVR0RBBQwEocQIAENuDxNABUAAAAAGi8aKzANBgkqhkiG
+9w0BAQUFAAOCAQEAtnelRbYPPZRgTd4oxOiPqwc01EE9JgtkFWlooCwVUDChOR2k
+us1qlhKsvbN2Tcsm1Ss3p0Uxk/g1o2/mY8rA/dJ8qiN6jbfjpEi8b2MirP5tQSE0
+QNXbVGr5FnLbuUmn+82pB0vBSaq7gxehbV6S7dteyQUnb2imltC5wS9PwYb8wWx7
+IpyXWt0jkYkC8KJEevVYI7qtwpjYhyc1FqwzUiPmdqGz2AFLQ4RgTXJi93SPoyKM
+s65oPV+r6/0qwnslScxVfszHxxFn1Yfsc5Oseare1MnlNzH69PmWs523C/fBvnB2
+MsHKLPdoN7uSpBLB7j46g5jQG/ceri/cquZKYA==
+-----END CERTIFICATE-----
author	robm <none@none>	2015-02-10 23:32:48 +0000
committer	robm <none@none>	2015-02-10 23:32:48 +0000
commit	344d32e77a7c4990aad03b7535eeb975249462c2 (patch)
tree	38a5c5ab24412cfd3e67c166775f3670b2c153f4
parent	f0639f176435fc6383579589008a97fab52b5c51 (diff)