Add HostnameVerifier property (for Java 6)

References #55

Author: acogoluegnes

pom.xml

@@ -43,6 +43,7 @@
   <properties>
     <rabbitmq.version>4.8.1</rabbitmq.version>
     <slf4j-api.version>1.7.25</slf4j-api.version>
+    <httpclient.version>4.5.6</httpclient.version>
     <junit.version>4.12</junit.version>
     <mockito-core.version>2.21.0</mockito-core.version>
     <awaitility.version>3.1.2</awaitility.version>
@@ -118,6 +119,12 @@
       <artifactId>slf4j-api</artifactId>
       <version>${slf4j-api.version}</version>
     </dependency>
+    <dependency>
+      <groupId>org.apache.httpcomponents</groupId>
+      <artifactId>httpclient</artifactId>
+      <version>${httpclient.version}</version>
+      <optional>true</optional>
+    </dependency>
 
     <!-- test scope -->
     <dependency>

src/main/java/com/rabbitmq/jms/admin/RMQConnectionFactory.java

@@ -28,6 +28,7 @@
 import javax.naming.Reference;
 import javax.naming.Referenceable;
 import javax.naming.StringRefAddr;
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.SSLContext;
 import javax.net.ssl.SSLException;
 import java.io.IOException;
@@ -116,6 +117,13 @@ public class RMQConnectionFactory implements ConnectionFactory, Referenceable, S
      */
     private boolean hostnameVerification = false;
 
+    /**
+     * {@link HostnameVerifier} to use when TLS is on.
+     *
+     * @since 1.10.0
+     */
+    private HostnameVerifier hostnameVerifier;
+
 
     /** The maximum number of messages to read on a queue browser, which must be non-negative;
      *  0 means unlimited and is the default; negative values are interpreted as 0. */
@@ -162,8 +170,8 @@ public Connection createConnection(String username, String password) throws JMSE
         com.rabbitmq.client.ConnectionFactory factory = new com.rabbitmq.client.ConnectionFactory();
         setRabbitUri(logger, this, factory, this.getUri());
         maybeEnableTLS(factory);
-        factory.setMetricsCollector(this.metricsCollector);
         maybeEnableHostnameVerification(factory);
+        factory.setMetricsCollector(this.metricsCollector);
         com.rabbitmq.client.Connection rabbitConnection = instantiateNodeConnection(factory);
 
         RMQConnection conn = new RMQConnection(new ConnectionParams()
@@ -189,6 +197,7 @@ public Connection createConnection(String username, String password, List<Addres
         this.password = password;
         com.rabbitmq.client.ConnectionFactory cf = new com.rabbitmq.client.ConnectionFactory();
         maybeEnableTLS(cf);
+        maybeEnableHostnameVerification(cf);
         cf.setMetricsCollector(this.metricsCollector);
         com.rabbitmq.client.Connection rabbitConnection = instantiateNodeConnection(cf, endpoints);
 
@@ -350,9 +359,13 @@ private void maybeEnableTLS(com.rabbitmq.client.ConnectionFactory factory) {
     }
 
     private void maybeEnableHostnameVerification(com.rabbitmq.client.ConnectionFactory factory) {
-        if (hostnameVerification) {
+        if (hostnameVerification || hostnameVerifier != null)  {
             if (this.ssl) {
-                factory.enableHostnameVerification();
+                if (hostnameVerifier == null) {
+                    factory.enableHostnameVerification();
+                } else {
+                    factory.enableHostnameVerification(this.hostnameVerifier);
+                }
             } else {
                 logger.warn("Hostname verification enabled, but not TLS, please enable TLS too.");
             }
@@ -764,14 +777,38 @@ public void setMetricsCollector(MetricsCollector metricsCollector) {
 
     /**
      * Enable or disable hostname verification when TLS is used.
+     * <p>
+     * If using Java 7 and more, the hostname verification will be handled
+     * by the JVM as part of the TLS handshake. If using Java 6,
+     * the hostname verification is performed by the {@link HostnameVerifier}
+     * from the Commons HttpClient project. This implies that Commons HttpClient
+     * and its dependencies are added to the classpath. To use another {@link HostnameVerifier},
+     * use {@link RMQConnectionFactory#setHostnameVerifier(HostnameVerifier)}.
+     *
      *
      * @param hostnameVerification
      * @see com.rabbitmq.client.ConnectionFactory#enableHostnameVerification()
+     * @see com.rabbitmq.client.ConnectionFactory#enableHostnameVerification(HostnameVerifier)
+     * @see #setHostnameVerifier(HostnameVerifier)
      * @since 1.10.0
      */
     public void setHostnameVerification(boolean hostnameVerification) {
         this.hostnameVerification = hostnameVerification;
     }
 
+    /**
+     * Set the {@link HostnameVerifier} to use for the hostname verification.
+     * <p>
+     * Setting an {@link HostnameVerifier} is relevant for Java 6, as the JVM
+     * can perform the hostname verification as of Java 7.
+     *
+     * @param hostnameVerifier
+     * @see #setHostnameVerification(boolean)
+     * @see com.rabbitmq.client.ConnectionFactory#enableHostnameVerification(HostnameVerifier)
+     * @since 1.10.0
+     */
+    public void setHostnameVerifier(HostnameVerifier hostnameVerifier) {
+        this.hostnameVerifier = hostnameVerifier;
+    }
 }
 

src/test/java/com/rabbitmq/integration/tests/SSLHostnameVerificationIT.java

@@ -2,29 +2,89 @@
 package com.rabbitmq.integration.tests;
 
 import com.rabbitmq.jms.admin.RMQConnectionFactory;
+import org.apache.http.conn.ssl.DefaultHostnameVerifier;
 import org.junit.Before;
 import org.junit.BeforeClass;
 import org.junit.Test;
+import org.junit.runner.RunWith;
+import org.junit.runners.Parameterized;
 
 import javax.jms.Connection;
 import javax.jms.JMSException;
 import javax.jms.JMSSecurityException;
+import javax.net.ssl.HostnameVerifier;
 import javax.net.ssl.KeyManagerFactory;
 import javax.net.ssl.SSLContext;
+import javax.net.ssl.SSLSession;
 import javax.net.ssl.TrustManagerFactory;
 import java.io.FileInputStream;
 import java.security.KeyStore;
+import java.util.concurrent.atomic.AtomicInteger;
 
+import static org.junit.Assert.assertEquals;
 import static org.junit.Assert.assertNotNull;
 
 /**
  * Integration test for hostname verification with TLS.
  */
+@RunWith(Parameterized.class)
 public class SSLHostnameVerificationIT {
 
     static SSLContext sslContext;
+    static AtomicInteger hostnameVerifierCalls;
+    @Parameterized.Parameter(0)
+    public ConnectionFactoryCustomizer customizer;
+    @Parameterized.Parameter(1)
+    public Runnable assertion;
     RMQConnectionFactory cf;
 
+    @Parameterized.Parameters
+    public static Object[] data() {
+        return new Object[] {
+            new Object[] { enableHostnameVerification(), expectedCallsOnHostnameVerifierAssertion(0) },
+            new Object[] { useCustomHostnameVerifier(), expectedCallsOnHostnameVerifierAssertion(1) }
+        };
+    }
+
+    private static Runnable expectedCallsOnHostnameVerifierAssertion(final int expectedCount) {
+        return new Runnable() {
+
+            @Override
+            public void run() {
+                assertEquals(expectedCount, hostnameVerifierCalls.get());
+            }
+        };
+    }
+
+    private static ConnectionFactoryCustomizer useCustomHostnameVerifier() {
+        return new ConnectionFactoryCustomizer() {
+
+            @Override
+            public void customize(RMQConnectionFactory connectionFactory) {
+                final DefaultHostnameVerifier delegate = new DefaultHostnameVerifier();
+                HostnameVerifier verifier = new HostnameVerifier() {
+
+                    @Override
+                    public boolean verify(String hostname, SSLSession session) {
+                        hostnameVerifierCalls.incrementAndGet();
+                        return delegate.verify(hostname, session);
+                    }
+                };
+                connectionFactory.setHostnameVerifier(verifier);
+            }
+        };
+    }
+
+    private static ConnectionFactoryCustomizer enableHostnameVerification() {
+        return new ConnectionFactoryCustomizer() {
+
+            @Override
+            public void customize(RMQConnectionFactory connectionFactory) {
+                connectionFactory.setHostnameVerification(true);
+            }
+        };
+    }
+
     @BeforeClass
     public static void initCrypto() throws Exception {
         String keystorePath = System.getProperty("test-keystore.ca");
@@ -59,12 +119,13 @@ public static void initCrypto() throws Exception {
     public void init() {
         cf = new RMQConnectionFactory();
         cf.useSslProtocol(sslContext);
-        cf.setHostnameVerification(true);
+        hostnameVerifierCalls = new AtomicInteger(0);
     }
 
     @Test
     public void hostnameVerificationEnabledShouldPassForLocalhost() throws JMSException {
         cf.setHost("localhost");
+        customizer.customize(cf);
         Connection connection = null;
         try {
             connection = cf.createConnection();
@@ -73,11 +134,18 @@ public void hostnameVerificationEnabledShouldPassForLocalhost() throws JMSExcept
                 connection.close();
             }
         }
+        assertion.run();
     }
 
     @Test(expected = JMSSecurityException.class)
     public void hostnameVerificationEnabledShouldFailForLoopbackInterface() throws JMSException {
         cf.setHost("127.0.0.1");
+        customizer.customize(cf);
         cf.createConnection();
     }
+
+    interface ConnectionFactoryCustomizer {
+
+        void customize(RMQConnectionFactory connectionFactory);
+    }
 }