API tools faq
paste
Advertisement
anestisb

Untitled

anestisb
Oct 13th, 2014
280
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 2.47 KB | None | 0 0
raw download clone embed print report
  1. anestisb@deephole:[~]: javac cmSSLTest.java
  2. anestisb@deephole:[~]: java cmSSLTest legitimate.com *evil.com*
  3. [-] Validation failed
  4. anestisb@deephole:[~]: java cmSSLTest legitimate.com *.evil.com*
  5. [-] Validation failed
  6. anestisb@deephole:[~]: java cmSSLTest legitimate.com *.mate.com
  7. [-] Validation failed
  8. anestisb@deephole:[~]: java cmSSLTest legitimate.com *mate.com
  9. [+] Validation was successful
  10. anestisb@deephole:[~]:
  11. anestisb@deephole:[~]: cat cmSSLTest.java
  12. import java.util.Locale;
  13.  
  14. public class cmSSLTest {
  15.  
  16. /* Copied from cm-11.0 branch:
  17. * https://github.com/CyanogenMod/android_libcore/blob/cm-11.0/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
  18. */
  19. static private boolean verifyHostName(String hostName, String cn) {
  20. if (hostName == null || hostName.isEmpty() || cn == null || cn.isEmpty()) {
  21. return false;
  22. }
  23.  
  24. cn = cn.toLowerCase(Locale.US);
  25.  
  26. if (!cn.contains("*")) {
  27. return hostName.equals(cn);
  28. }
  29.  
  30. if (cn.startsWith("*.") && hostName.regionMatches(0, cn, 2, cn.length() - 2)) {
  31. return true; // "*.foo.com" matches "foo.com"
  32. }
  33.  
  34. int asterisk = cn.indexOf('*');
  35. int dot = cn.indexOf('.');
  36. if (asterisk > dot) {
  37. return false; // malformed; wildcard must be in the first part of the cn
  38. }
  39.  
  40. if (!hostName.regionMatches(0, cn, 0, asterisk)) {
  41. return false; // prefix before '*' doesn't match
  42. }
  43.  
  44. int suffixLength = cn.length() - (asterisk + 1);
  45. int suffixStart = hostName.length() - suffixLength;
  46. if (hostName.indexOf('.', asterisk) < suffixStart) {
  47. // TODO: remove workaround for *.clients.google.com http://b/5426333
  48. if (!hostName.endsWith(".clients.google.com")) {
  49. return false; // wildcard '*' can't match a '.'
  50. }
  51. }
  52.  
  53. if (!hostName.regionMatches(suffixStart, cn, asterisk + 1, suffixLength)) {
  54. return false; // suffix after '*' doesn't match
  55. }
  56.  
  57. return true;
  58. }
  59.  
  60. public static void main(String[] args) {
  61. if (args.length != 2)
  62. System.out.println("Usage:\n\tjava cmSSLTest <hostname> <cert_cn>");
  63. else
  64. if(verifyHostName(args[0], args[1]))
  65. System.out.println("[+] Validation was successful");
  66. else
  67. System.out.println("[-] Validation failed");
  68. }
  69. }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!