8065553: Failed Java web start via IPv6 (Java7u71 or later)
authorrobm
Tue, 10 Feb 2015 23:32:48 +0000
changeset 28865 4729ff15079b
parent 28864 6a1e63fb3fa9
child 28866 7ce02228e8f2
8065553: Failed Java web start via IPv6 (Java7u71 or later) Reviewed-by: xuelei
jdk/src/java.base/share/classes/sun/security/util/HostnameChecker.java
jdk/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java
jdk/test/sun/security/util/HostnameMatcher/cert5.crt
--- a/jdk/src/java.base/share/classes/sun/security/util/HostnameChecker.java	Tue Feb 10 11:34:13 2015 -0800
+++ b/jdk/src/java.base/share/classes/sun/security/util/HostnameChecker.java	Tue Feb 10 23:32:48 2015 +0000
@@ -26,6 +26,8 @@
 package sun.security.util;
 
 import java.io.IOException;
+import java.net.InetAddress;
+import java.net.UnknownHostException;
 import java.util.*;
 
 import java.security.Principal;
@@ -148,6 +150,17 @@
                 String ipAddress = (String)next.get(1);
                 if (expectedIP.equalsIgnoreCase(ipAddress)) {
                     return;
+                } else {
+                    // compare InetAddress objects in order to ensure
+                    // equality between a long IPv6 address and its
+                    // abbreviated form.
+                    try {
+                        if (InetAddress.getByName(expectedIP).equals(
+                                InetAddress.getByName(ipAddress))) {
+                            return;
+                        }
+                    } catch (UnknownHostException e) {
+                    } catch (SecurityException e) {}
                 }
             }
         }
--- a/jdk/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java	Tue Feb 10 11:34:13 2015 -0800
+++ b/jdk/test/sun/security/util/HostnameMatcher/TestHostnameChecker.java	Tue Feb 10 23:32:48 2015 +0000
@@ -187,6 +187,9 @@
         in = new FileInputStream(new File(PATH, "cert4.crt"));
         X509Certificate cert4 = (X509Certificate)cf.generateCertificate(in);
         in.close();
+        in = new FileInputStream(new File(PATH, "cert5.crt"));
+        X509Certificate cert5 = (X509Certificate)cf.generateCertificate(in);
+        in.close();
 
         HostnameChecker checker = HostnameChecker.getInstance(
                                         HostnameChecker.TYPE_TLS);
@@ -202,6 +205,9 @@
         check(checker, "5.6.7.8", cert3, true);
         check(checker, "foo.bar.com", cert4, true);
         check(checker, "altfoo.bar.com", cert4, true);
+        check(checker, "2001:db8:3c4d:15::1a2f:1a2b", cert5, true);
+        check(checker, "2001:0db8:3c4d:0015:0000:0000:1a2f:1a2b", cert5, true);
+        check(checker, "2002:db8:3c4d:15::1a2f:1a2b", cert5, false);
 
         checker = HostnameChecker.getInstance(
                                 HostnameChecker.TYPE_LDAP);
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/jdk/test/sun/security/util/HostnameMatcher/cert5.crt	Tue Feb 10 23:32:48 2015 +0000
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIECDCCAvCgAwIBAgIJAJaBmuUlfY8sMA0GCSqGSIb3DQEBBQUAMIGmMQswCQYD
+VQQGEwJVUzETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UEBwwJU29tZS1DaXR5
+MSowKAYDVQQKDCFVbmNvbmZpZ3VyZWQgT3BlblNTTCBJbnN0YWxsYXRpb24xEDAO
+BgNVBAsMB3NlY3Rpb24xMDAuBgNVBAMMJzIwMDE6MGRiODozYzRkOjAwMTU6MDAw
+MDowMDAwOjFhMmY6MWEyYjAeFw0xNTAyMTAxODMzMjBaFw0xNTAzMTIxODMzMjBa
+MIGmMQswCQYDVQQGEwJVUzETMBEGA1UECAwKU29tZS1TdGF0ZTESMBAGA1UEBwwJ
+U29tZS1DaXR5MSowKAYDVQQKDCFVbmNvbmZpZ3VyZWQgT3BlblNTTCBJbnN0YWxs
+YXRpb24xEDAOBgNVBAsMB3NlY3Rpb24xMDAuBgNVBAMMJzIwMDE6MGRiODozYzRk
+OjAwMTU6MDAwMDowMDAwOjFhMmY6MWEyYjCCASIwDQYJKoZIhvcNAQEBBQADggEP
+ADCCAQoCggEBAMcigWxmeF6Dmo3xAw3y/8d3vB8Th4YsmvwXb9DxwNWV+B3vxJgq
+ww6T6VBxrle1bgu/RtZDJwLf5vMhVElxuuE86di2qyurKFbpe29C9xnCxuMlXpje
+X2pNknz4ZzOqD4opmIAFjXZ2Xp1kLt+HJX7ABoz7Uga+IbVfDRPPf2KOqYNpBQkp
+dgI5VOZDQNVNb+8vdXDwyanMQ0TgPXKL4BQIkGB4RM8sgpPMUvB+tEB7zmUtgSco
+2a5M84wIhxv85CmFFoTVSzXsRCDhVAZj0aHRkkmAsMSmzPa4HiPnuVRV740oQjDy
+oMGLndaEs2nxIqckUFHOHcSTf0/wmcvPbIsCAwEAAaM3MDUwCQYDVR0TBAIwADAL
+BgNVHQ8EBAMCBeAwGwYDVR0RBBQwEocQIAENuDxNABUAAAAAGi8aKzANBgkqhkiG
+9w0BAQUFAAOCAQEAtnelRbYPPZRgTd4oxOiPqwc01EE9JgtkFWlooCwVUDChOR2k
+us1qlhKsvbN2Tcsm1Ss3p0Uxk/g1o2/mY8rA/dJ8qiN6jbfjpEi8b2MirP5tQSE0
+QNXbVGr5FnLbuUmn+82pB0vBSaq7gxehbV6S7dteyQUnb2imltC5wS9PwYb8wWx7
+IpyXWt0jkYkC8KJEevVYI7qtwpjYhyc1FqwzUiPmdqGz2AFLQ4RgTXJi93SPoyKM
+s65oPV+r6/0qwnslScxVfszHxxFn1Yfsc5Oseare1MnlNzH69PmWs523C/fBvnB2
+MsHKLPdoN7uSpBLB7j46g5jQG/ceri/cquZKYA==
+-----END CERTIFICATE-----