Fixed test and updated style.

google · Aug 5, 2020 · ab41c26 · ab41c26
1 parent 878f0ce
commit ab41c26
Show file tree

Hide file tree

Showing 2 changed files with 6 additions and 98 deletions.
diff --git a/common/src/main/java/org/conscrypt/Conscrypt.java b/common/src/main/java/org/conscrypt/Conscrypt.java
@@ -788,11 +788,9 @@ public static ConscryptHostnameVerifier getHostnameVerifier(TrustManager trustMa
      * Wraps the HttpsURLConnection.HostnameVerifier into a ConscryptHostnameVerifier
      */
     public static ConscryptHostnameVerifier wrapHostnameVerifier(final HostnameVerifier verifier) {
-        // needed to add final due to : error: local variable verifier is accessed from within inner class; needs to be declared final
-        // Cannot find HttpsURLConnection.HostnameVerifier
         return  new ConscryptHostnameVerifier() {
             @Override
-            public boolean verify(X509Certificate[] certs, String hostname, SSLSession session) {
+            public boolean verify(X509Certificate[] certificates, String hostname, SSLSession session) {
                 return verifier.verify(hostname, session);
             }
         };

diff --git a/common/src/test/java/org/conscrypt/TrustManagerImplTest.java b/common/src/test/java/org/conscrypt/TrustManagerImplTest.java
@@ -122,91 +122,6 @@ public void testGetFullChain() throws Exception {
         assertEquals(Arrays.asList(chain3), certs);
     }
 
-//    @Test
-//    public void testHttpsEndpointIdentification() throws Exception {
-//        TestUtils.assumeExtendedTrustManagerAvailable();
-//
-//        KeyStore.PrivateKeyEntry pke = TestKeyStore.getServerHostname().getPrivateKey("RSA", "RSA");
-//        X509Certificate[] chain = (X509Certificate[]) pke.getCertificateChain();
-//        X509Certificate root = chain[2];
-//        TrustManagerImpl tmi = (TrustManagerImpl) trustManager(root);
-//
-//        String goodHostname = TestKeyStore.CERT_HOSTNAME;
-//        String badHostname = "definitelywrong.nopenopenope";
-//
-//        // The default hostname verifier on OpenJDK rejects all hostnames, so use our own
-//        javax.net.ssl.HostnameVerifier oldDefault = HttpsURLConnection.getDefaultHostnameVerifier();
-//        try {
-//            HttpsURLConnection.setDefaultHostnameVerifier(new TestHostnameVerifier());
-//
-//            SSLParameters params = new SSLParameters();
-//
-//            // Without endpoint identification this should pass despite the mismatched hostname
-//            params.setEndpointIdentificationAlgorithm(null);
-//
-//            List<X509Certificate> certs = tmi.getTrustedChainForServer(chain, "RSA",
-//                new FakeSSLSocket(new FakeSSLSession(badHostname, chain), params));
-//            assertEquals(Arrays.asList(chain), certs);
-//
-//            // Turn on endpoint identification
-//            params.setEndpointIdentificationAlgorithm("HTTPS");
-//
-//            try {
-//                tmi.getTrustedChainForServer(chain, "RSA",
-//                    new FakeSSLSocket(new FakeSSLSession(badHostname, chain), params));
-//                fail();
-//            } catch (CertificateException expected) {
-//            }
-//
-//            certs = tmi.getTrustedChainForServer(chain, "RSA",
-//                new FakeSSLSocket(new FakeSSLSession(goodHostname, chain), params));
-//            assertEquals(Arrays.asList(chain), certs);
-//
-//            // Override the global default hostname verifier with a Conscrypt-specific one that
-//            // always passes.  Both scenarios should pass.
-//            Conscrypt.setDefaultHostnameVerifier(new ConscryptHostnameVerifier() {
-//                @Override public boolean verify(String s, SSLSession sslSession) { return true; }
-//            });
-//
-//            certs = tmi.getTrustedChainForServer(chain, "RSA",
-//                new FakeSSLSocket(new FakeSSLSession(badHostname, chain), params));
-//            assertEquals(Arrays.asList(chain), certs);
-//
-//            certs = tmi.getTrustedChainForServer(chain, "RSA",
-//                new FakeSSLSocket(new FakeSSLSession(goodHostname, chain), params));
-//            assertEquals(Arrays.asList(chain), certs);
-//
-//            // Now set an instance-specific verifier on the trust manager.  The bad hostname should
-//            // fail again.
-//            Conscrypt.setHostnameVerifier(tmi, new TestHostnameVerifier());
-//
-//            try {
-//                tmi.getTrustedChainForServer(chain, "RSA",
-//                    new FakeSSLSocket(new FakeSSLSession(badHostname, chain), params));
-//                fail();
-//            } catch (CertificateException expected) {
-//            }
-//
-//            certs = tmi.getTrustedChainForServer(chain, "RSA",
-//                new FakeSSLSocket(new FakeSSLSession(goodHostname, chain), params));
-//            assertEquals(Arrays.asList(chain), certs);
-//
-//            // Remove the instance-specific verifier, and both should pass again.
-//            Conscrypt.setHostnameVerifier(tmi, null);
-//
-//            certs = tmi.getTrustedChainForServer(chain, "RSA",
-//                new FakeSSLSocket(new FakeSSLSession(badHostname, chain), params));
-//            assertEquals(Arrays.asList(chain), certs);
-//
-//            certs = tmi.getTrustedChainForServer(chain, "RSA",
-//                new FakeSSLSocket(new FakeSSLSession(goodHostname, chain), params));
-//            assertEquals(Arrays.asList(chain), certs);
-//        } finally {
-//            Conscrypt.setDefaultHostnameVerifier(null);
-//            HttpsURLConnection.setDefaultHostnameVerifier(oldDefault);
-//        }
-//    }
-
     @Test
     public void testHttpsEndpointIdentification() throws Exception {
         TestUtils.assumeExtendedTrustManagerAvailable();
@@ -219,8 +134,6 @@ public void testHttpsEndpointIdentification() throws Exception {
         String goodHostname = TestKeyStore.CERT_HOSTNAME;
         String badHostname = "definitelywrong.nopenopenope";
 
-        // The default hostname verifier on OpenJDK no longer rejects all hostnames
-//        javax.net.ssl.HostnameVerifier oldDefault = HttpsURLConnection.getDefaultHostnameVerifier();
         try {
             SSLParameters params = new SSLParameters();
 
@@ -236,16 +149,17 @@ public void testHttpsEndpointIdentification() throws Exception {
 
             try { // this should fail
                 certs = tmi.getTrustedChainForServer(chain, "RSA",
-                    new FakeSSLSocket(new FakeSSLSession(badHostname, chain), params));
-                 assertEquals(Arrays.asList(chain), certs);
+                        new FakeSSLSocket(new FakeSSLSession(badHostname, chain), params));
+                assertEquals(Arrays.asList(chain), certs);
                 fail();
 
             } catch (CertificateException expected) {
             }
             certs = tmi.getTrustedChainForServer(chain, "RSA",
-                        new FakeSSLSocket(new FakeSSLSession(goodHostname, chain), params));
+                    new FakeSSLSocket(new FakeSSLSession(goodHostname, chain), params));
             assertEquals(Arrays.asList(chain), certs);
-        } catch (Exception e) {
+        } finally {
+            Conscrypt.setDefaultHostnameVerifier(null);
         }
     }
 
@@ -516,8 +430,4 @@ public boolean getEnableSessionCreation() {
             throw new UnsupportedOperationException();
         }
     }
-
-//    private static class TestHostnameVerifier
-//        extends org.conscrypt.javax.net.ssl.TestHostnameVerifier
-//        implements ConscryptHostnameVerifier {}
 }