add hostname validation to httpclient 3.1, which is assumed by openSAML 2.x

2 files changed, 9 insertions, 2 deletions

diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
index c0ba1d96d..d5c7d9100 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/metadata/SimpleMOAMetadataProvider.java
@@ -66,13 +66,16 @@ public abstract class SimpleMOAMetadataProvider implements MetadataProvider{
 			
 			if (metadataURL.startsWith("https:")) {
 				try {
+					//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 					MOAHttpProtocolSocketFactory protoSocketFactory = new MOAHttpProtocolSocketFactory(
 							PVPConstants.SSLSOCKETFACTORYNAME, 
 							AuthConfigurationProviderFactory.getInstance().getTrustedCACertificates(),
 							null,
 							AuthConfiguration.DEFAULT_X509_CHAININGMODE, 
 							AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
-							AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder());
+							AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
+							AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+									AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
 					
 					httpClient.setCustomSSLTrustStore(metadataURL, protoSocketFactory);
 
diff --git a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
index 0d1f54249..e02ecb662 100644
--- a/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
+++ b/id/server/idserverlib/src/main/java/at/gv/egovernment/moa/id/protocols/pvp2x/utils/MOASAMLSOAPClient.java
@@ -35,6 +35,7 @@ import org.opensaml.xml.XMLObject;
 import org.opensaml.xml.parse.BasicParserPool;
 import org.opensaml.xml.security.SecurityException;
 
+import at.gv.egovernment.moa.id.commons.api.AuthConfiguration;
 import at.gv.egovernment.moa.id.commons.api.exceptions.ConfigurationException;
 import at.gv.egovernment.moa.id.commons.ex.MOAHttpProtocolSocketFactoryException;
 import at.gv.egovernment.moa.id.commons.utils.MOAHttpProtocolSocketFactory;
@@ -70,6 +71,7 @@ public class MOASAMLSOAPClient {
 		HttpClientBuilder clientBuilder = new HttpClientBuilder();
 		if (destination.startsWith("https")) {
 			try {
+				//FIX: change hostname validation default flag to true when httpClient is updated to > 4.4
 				SecureProtocolSocketFactory sslprotocolsocketfactory = 
 						new MOAHttpProtocolSocketFactory(
 								PVPConstants.SSLSOCKETFACTORYNAME,  
@@ -77,7 +79,9 @@ public class MOASAMLSOAPClient {
 								null,
 								AuthConfigurationProviderFactory.getInstance().getDefaultChainingMode(), 
 								AuthConfigurationProviderFactory.getInstance().isTrustmanagerrevoationchecking(),
-								AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder());
+								AuthConfigurationProviderFactory.getInstance().getRevocationMethodOrder(),
+								AuthConfigurationProviderFactory.getInstance().getBasicMOAIDConfigurationBoolean(
+										AuthConfiguration.PROP_KEY_SSL_HOSTNAME_VALIDATION, false));
 				clientBuilder.setHttpsProtocolSocketFactory(sslprotocolsocketfactory );
 				
 			} catch (MOAHttpProtocolSocketFactoryException e) {