Merge pull request #1692 from Lakith-Rambukkanage/vMaster-websocket-h…

…ostname-verification [Master] Add web socket transport sender hostname verification
wso2 · Nov 29, 2023 · c3e8b9a · c3e8b9a
2 parents 6d162cd + 7d84556
commit c3e8b9a
Show file tree

Hide file tree

Showing 2 changed files with 17 additions and 2 deletions.
diff --git a/...ansport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConnectionFactory.java b/...ansport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConnectionFactory.java
@@ -37,6 +37,7 @@
 import io.netty.handler.codec.http.websocketx.WebSocketVersion;
 import io.netty.handler.ssl.SslContext;
 import io.netty.handler.ssl.SslContextBuilder;
+import io.netty.handler.ssl.SslHandler;
 import org.apache.axiom.om.OMElement;
 import org.apache.axis2.AxisFault;
 import org.apache.axis2.description.Parameter;
@@ -47,7 +48,9 @@
 import org.wso2.carbon.utils.multitenancy.MultitenantConstants;
 import org.wso2.carbon.websocket.transport.utils.SSLUtil;
 
+import javax.net.ssl.SSLEngine;
 import javax.net.ssl.SSLException;
+import javax.net.ssl.SSLParameters;
 import javax.xml.namespace.QName;
 import java.net.URI;
 import java.util.Map;
@@ -259,8 +262,19 @@ public WebSocketClientHandler cacheNewConnection(final String tenantDomain,
  protected void initChannel(SocketChannel ch) {
  ChannelPipeline p = ch.pipeline();
  if (sslCtx != null) {
- p.addLast(sslCtx.newHandler(ch.alloc(), host, port));
- }
+ SslHandler sslHandler = sslCtx.newHandler(ch.alloc(), host, port);
+ Parameter wsEnableHostnameVerification = transportOut
+ .getParameter(WebsocketConstants.WEBSOCKET_HOSTNAME_VERIFICATION_CONFIG);
+ if (wsEnableHostnameVerification != null
+ && wsEnableHostnameVerification.getValue() != null
+ && !wsEnableHostnameVerification.getValue().toString().isEmpty()
+ && Boolean.parseBoolean(wsEnableHostnameVerification.getValue().toString())) {
+ SSLEngine sslEngine = sslHandler.engine();
+ SSLParameters sslParams = sslEngine.getSSLParameters();
+ sslParams.setEndpointIdentificationAlgorithm("HTTPS");
+ sslEngine.setSSLParameters(sslParams);
+ }
+ p.addLast(sslHandler); }
  p.addLast(new HttpClientCodec(), new HttpObjectAggregator(8192),
  new WebSocketFrameAggregator(Integer.MAX_VALUE), handler);
  }

diff --git a/...ocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConstants.java b/...ocket.transport/src/main/java/org/wso2/carbon/websocket/transport/WebsocketConstants.java
@@ -62,6 +62,7 @@ public class WebsocketConstants {
 
  public static final String WEBSOCKET_CUSTOM_HEADER_PREFIX = "websocket.custom.header.";
  public static final String WEBSOCKET_CUSTOM_HEADER_CONFIG = "ws.custom.header";
+ public static final String WEBSOCKET_HOSTNAME_VERIFICATION_CONFIG = "ws.client.enable.hostname.verification";
 
  public static final String WEBSOCKET_SUBPROTOCOL = "websocket.subprotocol";