Skip to content
Open
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 10 additions & 0 deletions src/main/java/io/github/mapepire_ibmi/SqlJob.java
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,7 @@
import java.util.stream.Collectors;

import javax.net.ssl.SSLContext;
import javax.net.ssl.SSLParameters;
import javax.net.ssl.SSLSocketFactory;
import javax.net.ssl.TrustManager;
import javax.net.ssl.TrustManagerFactory;
Expand Down Expand Up @@ -283,6 +284,15 @@ public void onMessage(String message) {
}
}

@Override
protected void onSetSSLParameters(SSLParameters sslParameters) {
if (db2Server.getRejectUnauthorized()) {
super.onSetSSLParameters(sslParameters);
} else {
sslParameters.setEndpointIdentificationAlgorithm(null);
}
}

@Override
public void onClose(int code, String reason, boolean remote) {
if (isTracingChannelData) {
Expand Down
39 changes: 39 additions & 0 deletions src/test/java/io/github/mapepire_ibmi/ConnectTest.java
Original file line number Diff line number Diff line change
Expand Up @@ -4,11 +4,15 @@
import static org.junit.jupiter.api.Assertions.assertThrowsExactly;
import static org.junit.jupiter.api.Assertions.assertTrue;

import java.net.InetAddress;
import java.sql.SQLException;
import java.util.concurrent.ExecutionException;

import org.junit.jupiter.api.Assumptions;
import org.junit.jupiter.api.Test;

import io.github.mapepire_ibmi.types.ConnectionResult;
import io.github.mapepire_ibmi.types.DaemonServer;

class ConnectTest extends MapepireTest {
@Test
Expand Down Expand Up @@ -38,6 +42,41 @@ void invalidConnection() throws Exception {
.contains("The application server rejected the connection."));
}

@Test
void rejectUnauthorizedFalseConnectsWhenCertificateDoesNotMatchHost() throws Exception {
DaemonServer creds = MapepireTest.getCreds();
String mismatchedHost = InetAddress.getByName(creds.getHost()).getHostAddress();
Assumptions.assumeTrue(!mismatchedHost.equals(creds.getHost()));
DaemonServer relaxedCreds = new DaemonServer(
mismatchedHost, creds.getPort(), creds.getUser(), creds.getPassword(), false);
SqlJob job = new SqlJob();
ConnectionResult result = job.connect(relaxedCreds).get();
job.close();
assertTrue(result.getSuccess());
assertTrue(result.getJob().contains("QZDASOINIT"));
}

@Test
void rejectUnauthorizedTrueFailsWhenCertificateDoesNotMatchHost() throws Exception {
DaemonServer creds = MapepireTest.getCreds();
String mismatchedHost = InetAddress.getByName(creds.getHost()).getHostAddress();
Assumptions.assumeTrue(!mismatchedHost.equals(creds.getHost()));

DaemonServer strictCreds = new DaemonServer(
mismatchedHost, creds.getPort(), creds.getUser(), creds.getPassword(), true, creds.getCa());

ExecutionException e = assertThrowsExactly(ExecutionException.class, () -> {
SqlJob job = new SqlJob();
try {
job.connect(strictCreds).get();
} finally {
job.close();
}
});

assertTrue(e.getCause().getMessage().contains("No subject alternative"));
}

@Test
void newJobOnSubsequentConnects() throws Exception {
SqlJob job = new SqlJob();
Expand Down