|
 |
02831b |
diff --git a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
|
|
|
02831b |
index fa0acc7..e6ce513 100644
|
|
|
02831b |
--- a/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
|
|
|
02831b |
+++ b/src/java/org/apache/commons/httpclient/protocol/SSLProtocolSocketFactory.java
|
|
|
02831b |
@@ -44,9 +44,15 @@ import java.util.Iterator;
|
|
|
02831b |
import java.util.LinkedList;
|
|
|
02831b |
import java.util.List;
|
|
|
02831b |
import java.util.Locale;
|
|
|
02831b |
-import java.util.StringTokenizer;
|
|
|
02831b |
+import java.util.NoSuchElementException;
|
|
|
02831b |
import java.util.regex.Pattern;
|
|
|
02831b |
|
|
|
02831b |
+import javax.naming.InvalidNameException;
|
|
|
02831b |
+import javax.naming.NamingException;
|
|
|
02831b |
+import javax.naming.directory.Attribute;
|
|
|
02831b |
+import javax.naming.directory.Attributes;
|
|
|
02831b |
+import javax.naming.ldap.LdapName;
|
|
|
02831b |
+import javax.naming.ldap.Rdn;
|
|
|
02831b |
import javax.net.ssl.SSLException;
|
|
|
02831b |
import javax.net.ssl.SSLSession;
|
|
|
02831b |
import javax.net.ssl.SSLSocket;
|
|
|
02831b |
@@ -424,28 +430,39 @@ public class SSLProtocolSocketFactory implements SecureProtocolSocketFactory {
|
|
|
02831b |
return dots;
|
|
|
02831b |
}
|
|
|
02831b |
|
|
|
02831b |
- private static String getCN(X509Certificate cert) {
|
|
|
02831b |
- // Note: toString() seems to do a better job than getName()
|
|
|
02831b |
- //
|
|
|
02831b |
- // For example, getName() gives me this:
|
|
|
02831b |
- // 1.2.840.113549.1.9.1=#16166a756c6975736461766965734063756362632e636f6d
|
|
|
02831b |
- //
|
|
|
02831b |
- // whereas toString() gives me this:
|
|
|
02831b |
- // EMAILADDRESS=juliusdavies@cucbc.com
|
|
|
02831b |
- String subjectPrincipal = cert.getSubjectX500Principal().toString();
|
|
|
02831b |
-
|
|
|
02831b |
- return getCN(subjectPrincipal);
|
|
|
02831b |
-
|
|
|
02831b |
+ private static String getCN(final X509Certificate cert) {
|
|
|
02831b |
+ final String subjectPrincipal = cert.getSubjectX500Principal().toString();
|
|
|
02831b |
+ try {
|
|
|
02831b |
+ return extractCN(subjectPrincipal);
|
|
|
02831b |
+ } catch (SSLException ex) {
|
|
|
02831b |
+ return null;
|
|
|
02831b |
+ }
|
|
|
02831b |
}
|
|
|
02831b |
- private static String getCN(String subjectPrincipal) {
|
|
|
02831b |
- StringTokenizer st = new StringTokenizer(subjectPrincipal, ",");
|
|
|
02831b |
- while(st.hasMoreTokens()) {
|
|
|
02831b |
- String tok = st.nextToken().trim();
|
|
|
02831b |
- if (tok.length() > 3) {
|
|
|
02831b |
- if (tok.substring(0, 3).equalsIgnoreCase("CN=")) {
|
|
|
02831b |
- return tok.substring(3);
|
|
|
02831b |
+
|
|
|
02831b |
+ private static String extractCN(final String subjectPrincipal) throws SSLException {
|
|
|
02831b |
+ if (subjectPrincipal == null) {
|
|
|
02831b |
+ return null;
|
|
|
02831b |
+ }
|
|
|
02831b |
+ try {
|
|
|
02831b |
+ final LdapName subjectDN = new LdapName(subjectPrincipal);
|
|
|
02831b |
+ final List<Rdn> rdns = subjectDN.getRdns();
|
|
|
02831b |
+ for (int i = rdns.size() - 1; i >= 0; i--) {
|
|
|
02831b |
+ final Rdn rds = rdns.get(i);
|
|
|
02831b |
+ final Attributes attributes = rds.toAttributes();
|
|
|
02831b |
+ final Attribute cn = attributes.get("cn");
|
|
|
02831b |
+ if (cn != null) {
|
|
|
02831b |
+ try {
|
|
|
02831b |
+ final Object value = cn.get();
|
|
|
02831b |
+ if (value != null) {
|
|
|
02831b |
+ return value.toString();
|
|
|
02831b |
+ }
|
|
|
02831b |
+ } catch (NoSuchElementException ignore) {
|
|
|
02831b |
+ } catch (NamingException ignore) {
|
|
|
02831b |
+ }
|
|
|
02831b |
}
|
|
|
02831b |
}
|
|
|
02831b |
+ } catch (InvalidNameException e) {
|
|
|
02831b |
+ throw new SSLException(subjectPrincipal + " is not a valid X500 distinguished name");
|
|
|
02831b |
}
|
|
|
02831b |
return null;
|
|
|
02831b |
}
|