Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- anestisb@deephole:[~]: javac cmSSLTest.java
- anestisb@deephole:[~]: java cmSSLTest legitimate.com *evil.com*
- [-] Validation failed
- anestisb@deephole:[~]: java cmSSLTest legitimate.com *.evil.com*
- [-] Validation failed
- anestisb@deephole:[~]: java cmSSLTest legitimate.com *.mate.com
- [-] Validation failed
- anestisb@deephole:[~]: java cmSSLTest legitimate.com *mate.com
- [+] Validation was successful
- anestisb@deephole:[~]:
- anestisb@deephole:[~]: cat cmSSLTest.java
- import java.util.Locale;
- public class cmSSLTest {
- /* Copied from cm-11.0 branch:
- * https://github.com/CyanogenMod/android_libcore/blob/cm-11.0/luni/src/main/java/javax/net/ssl/DefaultHostnameVerifier.java
- */
- static private boolean verifyHostName(String hostName, String cn) {
- if (hostName == null || hostName.isEmpty() || cn == null || cn.isEmpty()) {
- return false;
- }
- cn = cn.toLowerCase(Locale.US);
- if (!cn.contains("*")) {
- return hostName.equals(cn);
- }
- if (cn.startsWith("*.") && hostName.regionMatches(0, cn, 2, cn.length() - 2)) {
- return true; // "*.foo.com" matches "foo.com"
- }
- int asterisk = cn.indexOf('*');
- int dot = cn.indexOf('.');
- if (asterisk > dot) {
- return false; // malformed; wildcard must be in the first part of the cn
- }
- if (!hostName.regionMatches(0, cn, 0, asterisk)) {
- return false; // prefix before '*' doesn't match
- }
- int suffixLength = cn.length() - (asterisk + 1);
- int suffixStart = hostName.length() - suffixLength;
- if (hostName.indexOf('.', asterisk) < suffixStart) {
- // TODO: remove workaround for *.clients.google.com http://b/5426333
- if (!hostName.endsWith(".clients.google.com")) {
- return false; // wildcard '*' can't match a '.'
- }
- }
- if (!hostName.regionMatches(suffixStart, cn, asterisk + 1, suffixLength)) {
- return false; // suffix after '*' doesn't match
- }
- return true;
- }
- public static void main(String[] args) {
- if (args.length != 2)
- System.out.println("Usage:\n\tjava cmSSLTest <hostname> <cert_cn>");
- else
- if(verifyHostName(args[0], args[1]))
- System.out.println("[+] Validation was successful");
- else
- System.out.println("[-] Validation failed");
- }
- }
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement