1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28 package org.apache.hc.client5.http.ssl;
29
30 import org.apache.hc.client5.http.psl.DomainType;
31 import org.apache.hc.client5.http.psl.PublicSuffixList;
32 import org.apache.hc.client5.http.psl.PublicSuffixListParser;
33 import org.apache.hc.client5.http.psl.PublicSuffixMatcher;
34 import org.junit.Assert;
35 import org.junit.Before;
36 import org.junit.Test;
37
38 import javax.net.ssl.SSLException;
39 import java.io.ByteArrayInputStream;
40 import java.io.IOException;
41 import java.io.InputStream;
42 import java.io.InputStreamReader;
43 import java.nio.charset.StandardCharsets;
44 import java.security.cert.CertificateFactory;
45 import java.security.cert.X509Certificate;
46 import java.util.Arrays;
47 import java.util.Collections;
48 import java.util.List;
49
50
51
52
53 public class TestDefaultHostnameVerifier {
54
55 private DefaultHostnameVerifier impl;
56 private PublicSuffixMatcher publicSuffixMatcher;
57 private DefaultHostnameVerifier implWithPublicSuffixCheck;
58
59 private static final String PUBLIC_SUFFIX_MATCHER_SOURCE_FILE = "suffixlistmatcher.txt";
60
61 @Before
62 public void setup() throws IOException {
63 impl = new DefaultHostnameVerifier();
64
65
66 final ClassLoader classLoader = getClass().getClassLoader();
67 final InputStream in = classLoader.getResourceAsStream(PUBLIC_SUFFIX_MATCHER_SOURCE_FILE);
68 Assert.assertNotNull(in);
69 final List<PublicSuffixList> lists = new PublicSuffixListParser().parseByType(
70 new InputStreamReader(in, StandardCharsets.UTF_8));
71 publicSuffixMatcher = new PublicSuffixMatcher(lists);
72
73 implWithPublicSuffixCheck = new DefaultHostnameVerifier(publicSuffixMatcher);
74 }
75
76 @Test
77 public void testVerify() throws Exception {
78 final CertificateFactory cf = CertificateFactory.getInstance("X.509");
79 InputStream in;
80 X509Certificate x509;
81 in = new ByteArrayInputStream(CertificatesToPlayWith.X509_FOO);
82 x509 = (X509Certificate) cf.generateCertificate(in);
83
84 impl.verify("foo.com", x509);
85 exceptionPlease(impl, "a.foo.com", x509);
86 exceptionPlease(impl, "bar.com", x509);
87
88 in = new ByteArrayInputStream(CertificatesToPlayWith.X509_HANAKO);
89 x509 = (X509Certificate) cf.generateCertificate(in);
90 impl.verify("\u82b1\u5b50.co.jp", x509);
91 exceptionPlease(impl, "a.\u82b1\u5b50.co.jp", x509);
92
93 in = new ByteArrayInputStream(CertificatesToPlayWith.X509_FOO_BAR);
94 x509 = (X509Certificate) cf.generateCertificate(in);
95 exceptionPlease(impl, "foo.com", x509);
96 exceptionPlease(impl, "a.foo.com", x509);
97 impl.verify("bar.com", x509);
98 exceptionPlease(impl, "a.bar.com", x509);
99
100 in = new ByteArrayInputStream(CertificatesToPlayWith.X509_FOO_BAR_HANAKO);
101 x509 = (X509Certificate) cf.generateCertificate(in);
102 exceptionPlease(impl, "foo.com", x509);
103 exceptionPlease(impl, "a.foo.com", x509);
104 impl.verify("bar.com", x509);
105 exceptionPlease(impl, "a.bar.com", x509);
106
107
108
109
110
111
112
113 exceptionPlease(impl, "a.\u82b1\u5b50.co.jp", x509);
114
115 in = new ByteArrayInputStream(CertificatesToPlayWith.X509_NO_CNS_FOO);
116 x509 = (X509Certificate) cf.generateCertificate(in);
117 impl.verify("foo.com", x509);
118 exceptionPlease(impl, "a.foo.com", x509);
119
120 in = new ByteArrayInputStream(CertificatesToPlayWith.X509_NO_CNS_FOO);
121 x509 = (X509Certificate) cf.generateCertificate(in);
122 impl.verify("foo.com", x509);
123 exceptionPlease(impl, "a.foo.com", x509);
124
125 in = new ByteArrayInputStream(CertificatesToPlayWith.X509_THREE_CNS_FOO_BAR_HANAKO);
126 x509 = (X509Certificate) cf.generateCertificate(in);
127 exceptionPlease(impl, "foo.com", x509);
128 exceptionPlease(impl, "a.foo.com", x509);
129 exceptionPlease(impl, "bar.com", x509);
130 exceptionPlease(impl, "a.bar.com", x509);
131 impl.verify("\u82b1\u5b50.co.jp", x509);
132 exceptionPlease(impl, "a.\u82b1\u5b50.co.jp", x509);
133
134 in = new ByteArrayInputStream(CertificatesToPlayWith.X509_WILD_FOO);
135 x509 = (X509Certificate) cf.generateCertificate(in);
136 exceptionPlease(impl, "foo.com", x509);
137 impl.verify("www.foo.com", x509);
138 impl.verify("\u82b1\u5b50.foo.com", x509);
139 exceptionPlease(impl, "a.b.foo.com", x509);
140
141 in = new ByteArrayInputStream(CertificatesToPlayWith.X509_WILD_CO_JP);
142 x509 = (X509Certificate) cf.generateCertificate(in);
143
144
145 impl.verify("*.co.jp", x509);
146 impl.verify("foo.co.jp", x509);
147 impl.verify("\u82b1\u5b50.co.jp", x509);
148
149 exceptionPlease(implWithPublicSuffixCheck, "foo.co.jp", x509);
150 exceptionPlease(implWithPublicSuffixCheck, "\u82b1\u5b50.co.jp", x509);
151
152 in = new ByteArrayInputStream(CertificatesToPlayWith.X509_WILD_FOO_BAR_HANAKO);
153 x509 = (X509Certificate) cf.generateCertificate(in);
154
155 exceptionPlease(impl, "foo.com", x509);
156 exceptionPlease(impl, "www.foo.com", x509);
157 exceptionPlease(impl, "\u82b1\u5b50.foo.com", x509);
158 exceptionPlease(impl, "a.b.foo.com", x509);
159
160 exceptionPlease(impl, "bar.com", x509);
161 impl.verify("www.bar.com", x509);
162 impl.verify("\u82b1\u5b50.bar.com", x509);
163 exceptionPlease(impl, "a.b.bar.com", x509);
164
165 in = new ByteArrayInputStream(CertificatesToPlayWith.X509_MULTIPLE_VALUE_AVA);
166 x509 = (X509Certificate) cf.generateCertificate(in);
167 impl.verify("repository.infonotary.com", x509);
168
169 in = new ByteArrayInputStream(CertificatesToPlayWith.S_GOOGLE_COM);
170 x509 = (X509Certificate) cf.generateCertificate(in);
171 impl.verify("*.google.com", x509);
172
173 in = new ByteArrayInputStream(CertificatesToPlayWith.S_GOOGLE_COM);
174 x509 = (X509Certificate) cf.generateCertificate(in);
175 impl.verify("*.Google.com", x509);
176
177 in = new ByteArrayInputStream(CertificatesToPlayWith.IP_1_1_1_1);
178 x509 = (X509Certificate) cf.generateCertificate(in);
179 impl.verify("1.1.1.1", x509);
180 impl.verify("dummy-value.com", x509);
181
182 exceptionPlease(impl, "1.1.1.2", x509);
183 exceptionPlease(impl, "not-the-cn.com", x509);
184
185 in = new ByteArrayInputStream(CertificatesToPlayWith.EMAIL_ALT_SUBJECT_NAME);
186 x509 = (X509Certificate) cf.generateCertificate(in);
187 impl.verify("www.company.com", x509);
188 }
189
190 @Test
191 public void testSubjectAlt() throws Exception {
192 final CertificateFactory cf = CertificateFactory.getInstance("X.509");
193 final InputStream in = new ByteArrayInputStream(CertificatesToPlayWith.X509_MULTIPLE_SUBJECT_ALT);
194 final X509Certificate x509 = (X509Certificate) cf.generateCertificate(in);
195
196 Assert.assertEquals("CN=localhost, OU=Unknown, O=Unknown, L=Unknown, ST=Unknown, C=CH",
197 x509.getSubjectDN().getName());
198
199 impl.verify("localhost.localdomain", x509);
200 impl.verify("127.0.0.1", x509);
201
202 try {
203 impl.verify("localhost", x509);
204 Assert.fail("SSLException should have been thrown");
205 } catch (final SSLException ex) {
206
207 }
208 try {
209 impl.verify("local.host", x509);
210 Assert.fail("SSLException should have been thrown");
211 } catch (final SSLException ex) {
212
213 }
214 try {
215 impl.verify("127.0.0.2", x509);
216 Assert.fail("SSLException should have been thrown");
217 } catch (final SSLException ex) {
218
219 }
220 }
221
222 public void exceptionPlease(final DefaultHostnameVerifier hv, final String host,
223 final X509Certificate x509) {
224 try {
225 hv.verify(host, x509);
226 Assert.fail("HostnameVerifier shouldn't allow [" + host + "]");
227 }
228 catch(final SSLException e) {
229
230 }
231 }
232
233 @Test
234 public void testDomainRootMatching() {
235
236 Assert.assertFalse(DefaultHostnameVerifier.matchDomainRoot("a.b.c", null));
237 Assert.assertTrue(DefaultHostnameVerifier.matchDomainRoot("a.b.c", "a.b.c"));
238 Assert.assertFalse(DefaultHostnameVerifier.matchDomainRoot("aa.b.c", "a.b.c"));
239 Assert.assertFalse(DefaultHostnameVerifier.matchDomainRoot("a.b.c", "aa.b.c"));
240 Assert.assertTrue(DefaultHostnameVerifier.matchDomainRoot("a.a.b.c", "a.b.c"));
241 }
242
243 @Test
244 public void testIdentityMatching() {
245
246 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("a.b.c", "*.b.c"));
247 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("a.b.c", "*.b.c"));
248
249 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("s.a.b.c", "*.b.c"));
250 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("s.a.b.c", "*.b.c"));
251
252 Assert.assertFalse(DefaultHostnameVerifier.matchIdentity("a.gov.uk", "*.gov.uk", publicSuffixMatcher));
253 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.gov.uk", "*.gov.uk", publicSuffixMatcher));
254
255 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("s.a.gov.uk", "*.a.gov.uk", publicSuffixMatcher));
256 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("s.a.gov.uk", "*.a.gov.uk", publicSuffixMatcher));
257
258 Assert.assertFalse(DefaultHostnameVerifier.matchIdentity("s.a.gov.uk", "*.gov.uk", publicSuffixMatcher));
259 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("s.a.gov.uk", "*.gov.uk", publicSuffixMatcher));
260
261 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("a.gov.com", "*.gov.com", publicSuffixMatcher));
262 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("a.gov.com", "*.gov.com", publicSuffixMatcher));
263
264 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("s.a.gov.com", "*.gov.com", publicSuffixMatcher));
265 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("s.a.gov.com", "*.gov.com", publicSuffixMatcher));
266
267 Assert.assertFalse(DefaultHostnameVerifier.matchIdentity("a.gov.uk", "a*.gov.uk", publicSuffixMatcher));
268 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.gov.uk", "a*.gov.uk", publicSuffixMatcher));
269
270 Assert.assertFalse(DefaultHostnameVerifier.matchIdentity("s.a.gov.uk", "a*.gov.uk", publicSuffixMatcher));
271 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("s.a.gov.uk", "a*.gov.uk", publicSuffixMatcher));
272
273 Assert.assertFalse(DefaultHostnameVerifier.matchIdentity("a.b.c", "*.b.*"));
274 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.b.c", "*.b.*"));
275
276 Assert.assertFalse(DefaultHostnameVerifier.matchIdentity("a.b.c", "*.*.c"));
277 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.b.c", "*.*.c"));
278 }
279
280 @Test
281 public void testHTTPCLIENT_1097() {
282 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("a.b.c", "a*.b.c"));
283 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("a.b.c", "a*.b.c"));
284
285 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("a.a.b.c", "a*.b.c"));
286 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict("a.a.b.c", "a*.b.c"));
287 }
288
289 @Test
290 public void testHTTPCLIENT_1255() {
291 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity("mail.a.b.c.com", "m*.a.b.c.com"));
292 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict("mail.a.b.c.com", "m*.a.b.c.com"));
293 }
294
295 @Test
296 public void testHTTPCLIENT_1997_ANY() {
297 String domain;
298
299 domain = "dev.b.cloud.a";
300 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain));
301 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain));
302 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher));
303 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher));
304
305
306 domain = "dev.b.cloud.com";
307 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain));
308 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain));
309 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher));
310 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher));
311
312
313 domain = "dev.b.cloud.lan";
314 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain));
315 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain));
316 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher));
317 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher));
318 }
319
320 @Test
321 public void testHTTPCLIENT_1997_ICANN() {
322 String domain;
323
324 domain = "dev.b.cloud.a";
325 Assert.assertFalse(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.ICANN));
326 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.ICANN));
327
328
329 domain = "dev.b.cloud.com";
330 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.ICANN));
331 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.ICANN));
332
333
334 domain = "dev.b.cloud.lan";
335 Assert.assertFalse(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.ICANN));
336 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.ICANN));
337 }
338
339 @Test
340 public void testHTTPCLIENT_1997_PRIVATE() {
341 String domain;
342
343 domain = "dev.b.cloud.a";
344 Assert.assertFalse(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.PRIVATE));
345 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.PRIVATE));
346
347
348 domain = "dev.b.cloud.com";
349 Assert.assertFalse(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.PRIVATE));
350 Assert.assertFalse(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.PRIVATE));
351
352
353 domain = "dev.b.cloud.lan";
354 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.PRIVATE));
355 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.PRIVATE));
356 }
357
358 @Test
359 public void testHTTPCLIENT_1997_UNKNOWN() {
360 String domain;
361
362 domain = "dev.b.cloud.a";
363 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.UNKNOWN));
364 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.UNKNOWN));
365
366
367 domain = "dev.b.cloud.com";
368 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.UNKNOWN));
369 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.UNKNOWN));
370
371
372 domain = "dev.b.cloud.lan";
373 Assert.assertTrue(DefaultHostnameVerifier.matchIdentity( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.UNKNOWN));
374 Assert.assertTrue(DefaultHostnameVerifier.matchIdentityStrict( "service.apps." + domain, "*.apps." + domain, publicSuffixMatcher, DomainType.UNKNOWN));
375 }
376
377 @Test
378 public void testHTTPCLIENT_1316() throws Exception{
379 final String host1 = "2001:0db8:aaaa:bbbb:cccc:0:0:0001";
380 DefaultHostnameVerifier.matchIPv6Address(host1, Arrays.asList(SubjectName.IP("2001:0db8:aaaa:bbbb:cccc:0:0:0001")));
381 DefaultHostnameVerifier.matchIPv6Address(host1, Arrays.asList(SubjectName.IP("2001:0db8:aaaa:bbbb:cccc::1")));
382 try {
383 DefaultHostnameVerifier.matchIPv6Address(host1, Arrays.asList(SubjectName.IP("2001:0db8:aaaa:bbbb:cccc::10")));
384 Assert.fail("SSLException expected");
385 } catch (final SSLException expected) {
386 }
387 final String host2 = "2001:0db8:aaaa:bbbb:cccc::1";
388 DefaultHostnameVerifier.matchIPv6Address(host2, Arrays.asList(SubjectName.IP("2001:0db8:aaaa:bbbb:cccc:0:0:0001")));
389 DefaultHostnameVerifier.matchIPv6Address(host2, Arrays.asList(SubjectName.IP("2001:0db8:aaaa:bbbb:cccc::1")));
390 try {
391 DefaultHostnameVerifier.matchIPv6Address(host2, Arrays.asList(SubjectName.IP("2001:0db8:aaaa:bbbb:cccc::10")));
392 Assert.fail("SSLException expected");
393 } catch (final SSLException expected) {
394 }
395 }
396
397 @Test
398 public void testHTTPCLIENT_2149() throws Exception {
399 final CertificateFactory cf = CertificateFactory.getInstance("X.509");
400 final InputStream in = new ByteArrayInputStream(CertificatesToPlayWith.SUBJECT_ALT_IP_ONLY);
401 final X509Certificate x509 = (X509Certificate) cf.generateCertificate(in);
402
403 Assert.assertEquals("CN=www.foo.com", x509.getSubjectDN().getName());
404
405 impl.verify("127.0.0.1", x509);
406 impl.verify("www.foo.com", x509);
407
408 exceptionPlease(impl, "127.0.0.2", x509);
409 exceptionPlease(impl, "www.bar.com", x509);
410 }
411
412 @Test
413 public void testExtractCN() throws Exception {
414 Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("cn=blah, ou=blah, o=blah"));
415 Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("cn=blah, cn=yada, cn=booh"));
416 Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("c = pampa , cn = blah , ou = blah , o = blah"));
417 Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("cn=\"blah\", ou=blah, o=blah"));
418 Assert.assertEquals("blah blah", DefaultHostnameVerifier.extractCN("cn=\"blah blah\", ou=blah, o=blah"));
419 Assert.assertEquals("blah, blah", DefaultHostnameVerifier.extractCN("cn=\"blah, blah\", ou=blah, o=blah"));
420 Assert.assertEquals("blah, blah", DefaultHostnameVerifier.extractCN("cn=blah\\, blah, ou=blah, o=blah"));
421 Assert.assertEquals("blah", DefaultHostnameVerifier.extractCN("c = cn=uuh, cn=blah, ou=blah, o=blah"));
422 try {
423 DefaultHostnameVerifier.extractCN("blah,blah");
424 Assert.fail("SSLException expected");
425 } catch (final SSLException expected) {
426 }
427 try {
428 DefaultHostnameVerifier.extractCN("cn,o=blah");
429 Assert.fail("SSLException expected");
430 } catch (final SSLException expected) {
431 }
432 }
433
434 @Test
435 public void testMatchDNSName() throws Exception {
436 DefaultHostnameVerifier.matchDNSName(
437 "host.domain.com",
438 Collections.singletonList(SubjectName.DNS("*.domain.com")),
439 publicSuffixMatcher);
440 DefaultHostnameVerifier.matchDNSName(
441 "host.xx",
442 Collections.singletonList(SubjectName.DNS("*.xx")),
443 publicSuffixMatcher);
444 DefaultHostnameVerifier.matchDNSName(
445 "host.appspot.com",
446 Collections.singletonList(SubjectName.DNS("*.appspot.com")),
447 publicSuffixMatcher);
448 DefaultHostnameVerifier.matchDNSName(
449 "demo-s3-bucket.s3.eu-central-1.amazonaws.com",
450 Collections.singletonList(SubjectName.DNS("*.s3.eu-central-1.amazonaws.com")),
451 publicSuffixMatcher);
452 DefaultHostnameVerifier.matchDNSName(
453 "hostname-workspace-1.local",
454 Collections.singletonList(SubjectName.DNS("hostname-workspace-1.local")),
455 publicSuffixMatcher);
456
457 try {
458 DefaultHostnameVerifier.matchDNSName(
459 "host.domain.com",
460 Collections.singletonList(SubjectName.DNS("some.other.com")),
461 publicSuffixMatcher);
462 Assert.fail("SSLException should have been thrown");
463 } catch (final SSLException ex) {
464
465 }
466 }
467
468 }