From 7d845562e1c8028d5273260e79b3127cf3dd0f56 Mon Sep 17 00:00:00 2001 From: Lakith Date: Wed, 29 Nov 2023 14:03:53 +0530 Subject: [PATCH] [Master] Add web socket transport sender hostname verification --- .../transport/WebsocketConnectionFactory.java | 18 ++++++++++++++++-- .../transport/WebsocketConstants.java | 1 + 2 files changed, 17 insertions(+), 2 deletions(-) diff --git a/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConnectionFactory.java b/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConnectionFactory.java index eb5ae6c867c..8e3767c79eb 100644 --- a/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConnectionFactory.java +++ b/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConnectionFactory.java @@ -37,6 +37,7 @@ import io.netty.handler.codec.http.websocketx.WebSocketVersion; import io.netty.handler.ssl.SslContext; import io.netty.handler.ssl.SslContextBuilder; +import io.netty.handler.ssl.SslHandler; import org.apache.axiom.om.OMElement; import org.apache.axis2.AxisFault; import org.apache.axis2.description.Parameter; @@ -47,7 +48,9 @@ import org.wso2.carbon.utils.multitenancy.MultitenantConstants; import org.wso2.carbon.websocket.transport.utils.SSLUtil; +import javax.net.ssl.SSLEngine; import javax.net.ssl.SSLException; +import javax.net.ssl.SSLParameters; import javax.xml.namespace.QName; import java.net.URI; import java.util.Map; @@ -259,8 +262,19 @@ public WebSocketClientHandler cacheNewConnection(final String tenantDomain, protected void initChannel(SocketChannel ch) { ChannelPipeline p = ch.pipeline(); if (sslCtx != null) { - p.addLast(sslCtx.newHandler(ch.alloc(), host, port)); - } + SslHandler sslHandler = sslCtx.newHandler(ch.alloc(), host, port); + Parameter wsEnableHostnameVerification = transportOut + .getParameter(WebsocketConstants.WEBSOCKET_HOSTNAME_VERIFICATION_CONFIG); + if (wsEnableHostnameVerification != null + && wsEnableHostnameVerification.getValue() != null + && !wsEnableHostnameVerification.getValue().toString().isEmpty() + && Boolean.parseBoolean(wsEnableHostnameVerification.getValue().toString())) { + SSLEngine sslEngine = sslHandler.engine(); + SSLParameters sslParams = sslEngine.getSSLParameters(); + sslParams.setEndpointIdentificationAlgorithm("HTTPS"); + sslEngine.setSSLParameters(sslParams); + } + p.addLast(sslHandler); } p.addLast(new HttpClientCodec(), new HttpObjectAggregator(8192), new WebSocketFrameAggregator(Integer.MAX_VALUE), handler); } diff --git a/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConstants.java b/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConstants.java index d25cc88f0db..619af202af6 100644 --- a/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConstants.java +++ b/components/carbon-transports/websocket/org.wso2.carbon.websocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConstants.java @@ -62,6 +62,7 @@ public class WebsocketConstants { public static final String WEBSOCKET_CUSTOM_HEADER_PREFIX = "websocket.custom.header."; public static final String WEBSOCKET_CUSTOM_HEADER_CONFIG = "ws.custom.header"; + public static final String WEBSOCKET_HOSTNAME_VERIFICATION_CONFIG = "ws.client.enable.hostname.verification"; public static final String WEBSOCKET_SUBPROTOCOL = "websocket.subprotocol";