diff --git a/src/main/java/io/github/mapepire_ibmi/SqlJob.java b/src/main/java/io/github/mapepire_ibmi/SqlJob.java index a1f86f7..64c2357 100644 --- a/src/main/java/io/github/mapepire_ibmi/SqlJob.java +++ b/src/main/java/io/github/mapepire_ibmi/SqlJob.java @@ -21,6 +21,7 @@ import java.util.stream.Collectors; import javax.net.ssl.SSLContext; +import javax.net.ssl.SSLParameters; import javax.net.ssl.SSLSocketFactory; import javax.net.ssl.TrustManager; import javax.net.ssl.TrustManagerFactory; @@ -283,6 +284,15 @@ public void onMessage(String message) { } } + @Override + protected void onSetSSLParameters(SSLParameters sslParameters) { + if (db2Server.getRejectUnauthorized()) { + super.onSetSSLParameters(sslParameters); + } else { + sslParameters.setEndpointIdentificationAlgorithm(null); + } + } + @Override public void onClose(int code, String reason, boolean remote) { if (isTracingChannelData) { diff --git a/src/test/java/io/github/mapepire_ibmi/ConnectTest.java b/src/test/java/io/github/mapepire_ibmi/ConnectTest.java index d363b5f..e642efc 100644 --- a/src/test/java/io/github/mapepire_ibmi/ConnectTest.java +++ b/src/test/java/io/github/mapepire_ibmi/ConnectTest.java @@ -4,11 +4,15 @@ import static org.junit.jupiter.api.Assertions.assertThrowsExactly; import static org.junit.jupiter.api.Assertions.assertTrue; +import java.net.InetAddress; import java.sql.SQLException; +import java.util.concurrent.ExecutionException; +import org.junit.jupiter.api.Assumptions; import org.junit.jupiter.api.Test; import io.github.mapepire_ibmi.types.ConnectionResult; +import io.github.mapepire_ibmi.types.DaemonServer; class ConnectTest extends MapepireTest { @Test @@ -38,6 +42,41 @@ void invalidConnection() throws Exception { .contains("The application server rejected the connection.")); } + @Test + void rejectUnauthorizedFalseConnectsWhenCertificateDoesNotMatchHost() throws Exception { + DaemonServer creds = MapepireTest.getCreds(); + String mismatchedHost = InetAddress.getByName(creds.getHost()).getHostAddress(); + Assumptions.assumeTrue(!mismatchedHost.equals(creds.getHost())); + DaemonServer relaxedCreds = new DaemonServer( + mismatchedHost, creds.getPort(), creds.getUser(), creds.getPassword(), false); + SqlJob job = new SqlJob(); + ConnectionResult result = job.connect(relaxedCreds).get(); + job.close(); + assertTrue(result.getSuccess()); + assertTrue(result.getJob().contains("QZDASOINIT")); + } + + @Test + void rejectUnauthorizedTrueFailsWhenCertificateDoesNotMatchHost() throws Exception { + DaemonServer creds = MapepireTest.getCreds(); + String mismatchedHost = InetAddress.getByName(creds.getHost()).getHostAddress(); + Assumptions.assumeTrue(!mismatchedHost.equals(creds.getHost())); + + DaemonServer strictCreds = new DaemonServer( + mismatchedHost, creds.getPort(), creds.getUser(), creds.getPassword(), true, creds.getCa()); + + ExecutionException e = assertThrowsExactly(ExecutionException.class, () -> { + SqlJob job = new SqlJob(); + try { + job.connect(strictCreds).get(); + } finally { + job.close(); + } + }); + + assertTrue(e.getCause().getMessage().contains("No subject alternative")); + } + @Test void newJobOnSubsequentConnects() throws Exception { SqlJob job = new SqlJob();