add setSSLHostnameVerifier method for fixing issue 38 (#303)

w7849516230 · jpwsutton · commit 176f6fc0b83e · 2017-03-27T10:58:06.000+01:00
Bug:#38 Signed-off-by: shawn <w7849516230@gmail.com>
diff --git a/org.eclipse.paho.client.mqttv3/src/main/java/org/eclipse/paho/client/mqttv3/MqttAsyncClient.java b/org.eclipse.paho.client.mqttv3/src/main/java/org/eclipse/paho/client/mqttv3/MqttAsyncClient.java
@@ -507,6 +507,7 @@ else if ((factory instanceof SSLSocketFactory) == false) {
 			// Create the network module...
 			netModule = new SSLNetworkModule((SSLSocketFactory) factory, host, port, clientId);
 			((SSLNetworkModule)netModule).setSSLhandshakeTimeout(options.getConnectionTimeout());
+			((SSLNetworkModule)netModule).setSSLHostnameVerifier(options.getSSLHostnameVerifier());
 			// Ciphers suites need to be set, if they are available
 			if (factoryFactory != null) {
 				String[] enabledCiphers = factoryFactory.getEnabledCipherSuites(null);
diff --git a/org.eclipse.paho.client.mqttv3/src/main/java/org/eclipse/paho/client/mqttv3/MqttConnectOptions.java b/org.eclipse.paho.client.mqttv3/src/main/java/org/eclipse/paho/client/mqttv3/MqttConnectOptions.java
@@ -20,6 +20,7 @@
 import java.util.Properties;
 
 import javax.net.SocketFactory;
+import javax.net.ssl.HostnameVerifier;
 
 import org.eclipse.paho.client.mqttv3.util.Debug;
 
@@ -73,6 +74,7 @@ public class MqttConnectOptions {
 	private char[] password;
 	private SocketFactory socketFactory;
 	private Properties sslClientProps = null;
+	private HostnameVerifier sslHostnameVerifier = null;
 	private boolean cleanSession = CLEAN_SESSION_DEFAULT;
 	private int connectionTimeout = CONNECTION_TIMEOUT_DEFAULT;
 	private String[] serverURIs = null;
@@ -408,6 +410,26 @@ public void setSSLProperties(Properties props) {
 		this.sslClientProps = props;
 	}
 
+	/**
+     * Returns the HostnameVerifier for the SSL connection.
+     * @return the HostnameVerifier for the SSL connection
+     */
+	public HostnameVerifier getSSLHostnameVerifier() {
+	    return sslHostnameVerifier;
+	}
+
+    /**
+     * Sets the HostnameVerifier for the SSL connection. Note that it will be
+     * used after handshake on a connection and you should do actions by
+     * yourserlf when hostname is verified error.
+     * <p>
+     * There is no default HostnameVerifier
+     * </p>
+     */
+	public void setSSLHostnameVerifier(HostnameVerifier hostnameVerifier) {
+	    this.sslHostnameVerifier = hostnameVerifier;
+	}
+
 	/**
 	 * Returns whether the client and server should remember state for the client across reconnects.
 	 * @return the clean session flag
diff --git a/org.eclipse.paho.client.mqttv3/src/main/java/org/eclipse/paho/client/mqttv3/internal/SSLNetworkModule.java b/org.eclipse.paho.client.mqttv3/src/main/java/org/eclipse/paho/client/mqttv3/internal/SSLNetworkModule.java
@@ -17,6 +17,8 @@
 
 import java.io.IOException;
 
+import javax.net.ssl.HostnameVerifier;
+import javax.net.ssl.SSLSession;
 import javax.net.ssl.SSLSocket;
 import javax.net.ssl.SSLSocketFactory;
 
@@ -33,6 +35,7 @@ public class SSLNetworkModule extends TCPNetworkModule {
 
 	private String[] enabledCiphers;
 	private int handshakeTimeoutSecs;
+	private HostnameVerifier hostnameVerifier;
 	
 	private String host;
 	private int port;
@@ -88,13 +91,25 @@ public void setSSLhandshakeTimeout(int timeout) {
 		this.handshakeTimeoutSecs = timeout;
 	}
 	
+	public HostnameVerifier getSSLHostnameVerifier() {
+	    return hostnameVerifier;
+	}
+
+	public void setSSLHostnameVerifier(HostnameVerifier hostnameVerifier) {
+	    this.hostnameVerifier = hostnameVerifier;
+	}
+
 	public void start() throws IOException, MqttException {
 		super.start();
 		setEnabledCiphers(enabledCiphers);
 		int soTimeout = socket.getSoTimeout();
 		// RTC 765: Set a timeout to avoid the SSL handshake being blocked indefinitely
 		socket.setSoTimeout(this.handshakeTimeoutSecs*1000);
 		((SSLSocket)socket).startHandshake();
+		if (hostnameVerifier != null) {
+		    SSLSession session = ((SSLSocket)socket).getSession();
+		    hostnameVerifier.verify(host, session);
+		}
 		// reset timeout to default value
 		socket.setSoTimeout(soTimeout);   
 	}
