From 15883f7486c2140aa91c15eb5323239a14f390f0 Mon Sep 17 00:00:00 2001 From: yndu13 Date: Wed, 8 Feb 2023 18:13:25 +0800 Subject: [PATCH] fix: remove verification when ca is empty --- .../tea/okhttp/OkHttpClientBuilder.java | 6 +++-- .../tea/okhttp/OkHttpClientBuilderTest.java | 24 ++++++++++++++++++- 2 files changed, 27 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/aliyun/tea/okhttp/OkHttpClientBuilder.java b/src/main/java/com/aliyun/tea/okhttp/OkHttpClientBuilder.java index dca7629..dfdd5d7 100644 --- a/src/main/java/com/aliyun/tea/okhttp/OkHttpClientBuilder.java +++ b/src/main/java/com/aliyun/tea/okhttp/OkHttpClientBuilder.java @@ -3,6 +3,7 @@ import com.aliyun.tea.TeaException; import com.aliyun.tea.okhttp.interceptors.SocksProxyAuthInterceptor; +import com.aliyun.tea.utils.StringUtils; import com.aliyun.tea.utils.TrueHostnameVerifier; import com.aliyun.tea.utils.X509TrustManagerImp; import okhttp3.*; @@ -71,10 +72,11 @@ public OkHttpClientBuilder certificate(Map map) { sslContext.init(null, new TrustManager[]{compositeX509TrustManager}, new java.security.SecureRandom()); this.builder.sslSocketFactory(sslContext.getSocketFactory(), compositeX509TrustManager). hostnameVerifier(new TrueHostnameVerifier()); - } else if (map.containsKey("ca")) { + } else if (map.containsKey("ca") && !StringUtils.isEmpty(map.get("ca"))) { SSLContext sslContext = SSLContext.getInstance("TLS"); KeyManagerFactory keyManagerFactory = null; - if (map.containsKey("key") && map.containsKey("cert")) { + if (map.containsKey("key") && !StringUtils.isEmpty(map.get("key")) + && map.containsKey("cert") && !StringUtils.isEmpty(map.get("cert"))) { KeyStore keyStore = KeyStore.getInstance(KeyStore.getDefaultType()); String cert = String.valueOf(map.get("cert")); try (InputStream is = new ByteArrayInputStream(cert.getBytes(charset))) { diff --git a/src/test/java/com/aliyun/tea/okhttp/OkHttpClientBuilderTest.java b/src/test/java/com/aliyun/tea/okhttp/OkHttpClientBuilderTest.java index bef58bd..af440e8 100644 --- a/src/test/java/com/aliyun/tea/okhttp/OkHttpClientBuilderTest.java +++ b/src/test/java/com/aliyun/tea/okhttp/OkHttpClientBuilderTest.java @@ -6,7 +6,6 @@ import org.junit.Assert; import org.junit.Test; import org.mockito.Mockito; -import sun.security.ssl.SSLSocketFactoryImpl; import java.io.IOException; import java.util.HashMap; @@ -63,12 +62,35 @@ public void certificateTest() throws IOException { Assert.assertTrue(e.getMessage().contains("Unable to initialize")); } + map.put("ca", null); + new OkHttpClientBuilder().certificate(map); + map.put("ca", ""); + new OkHttpClientBuilder().certificate(map); + map.put("ca", System.getenv("CA")); OkHttpClientBuilder builder = new OkHttpClientBuilder().certificate(map); OkHttpClient client = builder.buildOkHttpClient(); Assert.assertTrue(client.hostnameVerifier() instanceof TrueHostnameVerifier); Assert.assertNotNull(client.sslSocketFactory()); + + map.put("key", null); + map.put("cert", null); + new OkHttpClientBuilder().certificate(map); + + map.put("key", ""); + map.put("cert", ""); + new OkHttpClientBuilder().certificate(map); + + map.put("ca", "-----BEGIN CERTIFICATE-----\nwrong ca-----END CERTIFICATE-----"); + map.put("key", "wrong key"); + map.put("cert", "-----BEGIN CERTIFICATE-----\nwrong cert-----END CERTIFICATE-----"); + try { + new OkHttpClientBuilder().certificate(map); + Assert.fail(); + } catch (Exception e) { + Assert.assertTrue(e instanceof TeaException); + } } @Test