use toUnicode instead

apache · Jan 5, 2025 · 078a60c · 078a60c
1 parent 83bdee3
commit 078a60c
Showing 1 changed file with 17 additions and 19 deletions.
diff --git a/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java b/httpclient5/src/main/java/org/apache/hc/client5/http/ssl/DefaultHostnameVerifier.java
@@ -230,45 +230,43 @@ private static boolean matchIdentity(final String host, final String identity,
                                          final DomainType domainType,
                                          final boolean strict) {
 
-        final String punycodeHost;
-        final String punycodeIdentity;
+        final String unicodeIdentity;
         try {
-             punycodeHost = IDN.toASCII(host);
-            punycodeIdentity = IDN.toASCII(identity);
+            unicodeIdentity = IDN.toUnicode(identity);
         } catch (final IllegalArgumentException e) {
             return false;
         }
 
+        // Public suffix check on the Unicode identity
         if (publicSuffixMatcher != null && host.contains(".")) {
-            if (publicSuffixMatcher.getDomainRoot(punycodeIdentity, domainType) == null) {
+            if (publicSuffixMatcher.getDomainRoot(unicodeIdentity, domainType) == null) {
                 return false;
             }
         }
 
-        // RFC 2818, 3.1. Server Identity
-        // "...Names may contain the wildcard
-        // character * which is considered to match any single domain name
-        // component or component fragment..."
-        // Based on this statement presuming only singular wildcard is legal
-        final int asteriskIdx = punycodeIdentity.indexOf('*');
+        // Handle wildcard in the Unicode identity
+        final int asteriskIdx = unicodeIdentity.indexOf('*');
         if (asteriskIdx != -1) {
-            final String prefix = punycodeIdentity.substring(0, asteriskIdx);
-            final String suffix = punycodeIdentity.substring(asteriskIdx + 1);
-            if (!prefix.isEmpty() && !punycodeHost.startsWith(prefix)) {
+            final String prefix = unicodeIdentity.substring(0, asteriskIdx);
+            final String suffix = unicodeIdentity.substring(asteriskIdx + 1);
+
+            if (!prefix.isEmpty() && !host.startsWith(prefix)) {
                 return false;
             }
-            if (!suffix.isEmpty() && !punycodeHost.endsWith(suffix)) {
+            if (!suffix.isEmpty() && !host.endsWith(suffix)) {
                 return false;
             }
-            // Additional sanity checks on content selected by wildcard can be done here
+
+            // Additional sanity checks on the wildcard portion
             if (strict) {
-                final String remainder = punycodeHost.substring(
-                        prefix.length(), punycodeHost.length() - suffix.length());
+                final String remainder = host.substring(prefix.length(), host.length() - suffix.length());
                 return !remainder.contains(".");
             }
             return true;
         }
-        return punycodeHost.equalsIgnoreCase(punycodeIdentity);
+
+        // Direct Unicode comparison
+        return host.equalsIgnoreCase(unicodeIdentity);
     }
 
     static boolean matchIdentity(final String host, final String identity,