andreacavalli/netty5
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Change asterisk to 'x' in FQDN of SelfSignedCertificate (#11245)

Browse Source 
Motivation:

`SelfSignedCertificate` creates a certificate and private key files and store them in a temporary directory. However, if the certificate uses a wildcard hostname that uses asterisk *, e.g. `*.shieldblaze.com`, it'll throw an error because * is not a valid character in the file system.

Modification:
Replace the asterisk with 'x'

Result:
Fixes #11240
This commit is contained in:
Aayush Atharva 2021-05-12 23:02:31 +05:30 committed by GitHub
parent c443bc40fa
commit 11e6a77fba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 53 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
handler/src/main/java/io/netty/handler/ssl/util/SelfSignedCertificate.java
View File

@ -332,6 +332,9 @@ public final class SelfSignedCertificate {
wrappedBuf.release(); wrappedBuf.release();
} }
// Change all asterisk to 'x' for file name safety.
fqdn = fqdn.replaceAll("[^\\w.-]", "x");
File keyFile = PlatformDependent.createTempFile("keyutil_" + fqdn + '_', ".key", null); File keyFile = PlatformDependent.createTempFile("keyutil_" + fqdn + '_', ".key", null);
keyFile.deleteOnExit(); keyFile.deleteOnExit();

50
handler/src/test/java/io/netty/handler/ssl/util/SelfSignedCertificateTest.java Normal file
View File

@ -0,0 +1,50 @@
/*
* Copyright 2021 The Netty Project
*
* The Netty Project licenses this file to you under the Apache License,
* version 2.0 (the "License"); you may not use this file except in compliance
* with the License. You may obtain a copy of the License at:
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*/
package io.netty.handler.ssl.util;
import org.junit.jupiter.api.Test;
import org.junit.jupiter.api.function.Executable;
import java.security.cert.CertificateException;
import static org.junit.jupiter.api.Assertions.*;
class SelfSignedCertificateTest {
@Test
void fqdnAsteriskDoesNotThrowTest() {
assertDoesNotThrow(new Executable() {
@Override
public void execute() throws Throwable {
new SelfSignedCertificate("*.netty.io", "EC", 256);
}
});
assertDoesNotThrow(new Executable() {
@Override
public void execute() throws Throwable {
new SelfSignedCertificate("*.netty.io", "RSA", 2048);
}
});
}
@Test
void fqdnAsteriskFileNameTest() throws CertificateException {
SelfSignedCertificate ssc = new SelfSignedCertificate("*.netty.io", "EC", 256);
assertFalse(ssc.certificate().getName().contains("*"));
assertFalse(ssc.privateKey().getName().contains("*"));
}
}