diff --git a/src/main/kotlin/com/kuvaszuptime/kuvasz/services/SSLValidator.kt b/src/main/kotlin/com/kuvaszuptime/kuvasz/services/SSLValidator.kt index 63c7cd1..9d615ad 100644 --- a/src/main/kotlin/com/kuvaszuptime/kuvasz/services/SSLValidator.kt +++ b/src/main/kotlin/com/kuvaszuptime/kuvasz/services/SSLValidator.kt @@ -5,7 +5,6 @@ import com.kuvaszuptime.kuvasz.models.CertificateInfo import com.kuvaszuptime.kuvasz.models.SSLValidationError import com.kuvaszuptime.kuvasz.util.toOffsetDateTime import java.net.URL -import java.security.cert.Certificate import java.security.cert.X509Certificate import javax.inject.Singleton import javax.net.ssl.HttpsURLConnection @@ -19,26 +18,11 @@ class SSLValidator { val conn = url.openConnection() as HttpsURLConnection conn.connect() - getCertificateForHost(url, conn.serverCertificates)?.let { cert -> + conn.serverCertificates.filterIsInstance().firstOrNull()?.let { cert -> Either.right(CertificateInfo(validTo = cert.notAfter.toOffsetDateTime())) } ?: Either.left(SSLValidationError("There were no matching CN for the given host")) } catch (e: Throwable) { Either.left(SSLValidationError(e.message)) } } - - private fun getCertificateForHost(url: URL, certs: Array): X509Certificate? = - certs.filterIsInstance().firstOrNull { it.cnMatchesWithHost(url) } - - private fun X509Certificate.cnMatchesWithHost(url: URL): Boolean { - val cn = subjectDN.name.split(",").first().trimEnd().removePrefix("CN=") - - return if (cn.startsWith("*.")) { - val cnWithoutWildcard = cn.removePrefix("*.") - val subdomain = url.host.removeSuffix(cnWithoutWildcard) - val subdomainPattern = Regex("^(([A-Za-z0-9](?:[A-Za-z0-9\\-]{0,61}[A-Za-z0-9])?\\.)|(\\S{0}))\$") - - subdomain.matches(subdomainPattern) - } else cn == url.host - } }