From 11e6a77fba9ec7184a558d869373d0ce506d7236 Mon Sep 17 00:00:00 2001
From: Aayush Atharva <aayush@shieldblaze.com>
Date: Wed, 12 May 2021 23:02:31 +0530
Subject: [PATCH] Change asterisk to 'x' in FQDN of SelfSignedCertificate
 (#11245)

Motivation:

`SelfSignedCertificate` creates a certificate and private key files and store them in a temporary directory. However, if the certificate uses a wildcard hostname that uses asterisk *, e.g. `*.shieldblaze.com`, it'll throw an error because * is not a valid character in the file system.

Modification:
Replace the asterisk with 'x'

Result:
Fixes #11240
---
 .../ssl/util/SelfSignedCertificate.java       |  3 ++
 .../ssl/util/SelfSignedCertificateTest.java   | 50 +++++++++++++++++++
 2 files changed, 53 insertions(+)
 create mode 100644 handler/src/test/java/io/netty/handler/ssl/util/SelfSignedCertificateTest.java

diff --git a/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java b/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
index 46a28d272f..be57cd60ca 100644
--- a/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
+++ b/handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
@@ -332,6 +332,9 @@ public final class SelfSignedCertificate {
             wrappedBuf.release();
         }
 
+        // Change all asterisk to 'x' for file name safety.
+        fqdn = fqdn.replaceAll("[^\\w.-]", "x");
+
         File keyFile = PlatformDependent.createTempFile("keyutil_" + fqdn + '_', ".key", null);
         keyFile.deleteOnExit();
 
diff --git a/handler/src/test/java/io/netty/handler/ssl/util/SelfSignedCertificateTest.java b/handler/src/test/java/io/netty/handler/ssl/util/SelfSignedCertificateTest.java
new file mode 100644
index 0000000000..59ca37635b
--- /dev/null
+++ b/handler/src/test/java/io/netty/handler/ssl/util/SelfSignedCertificateTest.java
@@ -0,0 +1,50 @@
+/*
+ * Copyright 2021 The Netty Project
+ *
+ * The Netty Project licenses this file to you under the Apache License,
+ * version 2.0 (the "License"); you may not use this file except in compliance
+ * with the License. You may obtain a copy of the License at:
+ *
+ *   https://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
+ * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
+ * License for the specific language governing permissions and limitations
+ * under the License.
+ */
+package io.netty.handler.ssl.util;
+
+import org.junit.jupiter.api.Test;
+import org.junit.jupiter.api.function.Executable;
+
+import java.security.cert.CertificateException;
+
+import static org.junit.jupiter.api.Assertions.*;
+
+class SelfSignedCertificateTest {
+
+    @Test
+    void fqdnAsteriskDoesNotThrowTest() {
+        assertDoesNotThrow(new Executable() {
+            @Override
+            public void execute() throws Throwable {
+                new SelfSignedCertificate("*.netty.io", "EC", 256);
+            }
+        });
+
+        assertDoesNotThrow(new Executable() {
+            @Override
+            public void execute() throws Throwable {
+                new SelfSignedCertificate("*.netty.io", "RSA", 2048);
+            }
+        });
+    }
+
+    @Test
+    void fqdnAsteriskFileNameTest() throws CertificateException {
+        SelfSignedCertificate ssc = new SelfSignedCertificate("*.netty.io", "EC", 256);
+        assertFalse(ssc.certificate().getName().contains("*"));
+        assertFalse(ssc.privateKey().getName().contains("*"));
+    }
+}