Class HostnameVerifierImpl

  • All Implemented Interfaces:
    javax.net.ssl.HostnameVerifier

    public class HostnameVerifierImpl
    extends java.lang.Object
    implements javax.net.ssl.HostnameVerifier
    • Field Summary

      Fields 
      Modifier and Type Field Description
      private static Logger logger  
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      private static java.lang.String extractCommonName​(java.lang.String principal)  
      private HostnameVerifierImpl.SubjectAltNames getSubjectAltNames​(java.security.cert.X509Certificate cert)  
      private static boolean matchDns​(java.lang.String hostname, java.lang.String tlsDnsPattern)
      DNS verification : Matching is performed using the matching rules specified by [RFC2459].
      private static boolean matchWildCards​(boolean hostIsIp, java.lang.String hostnameToken, java.lang.String tlsDnsToken)  
      private static java.lang.String normaliseAddress​(java.lang.String hostname)  
      private static java.lang.String normalizedHostMsg​(java.lang.String normalizedHost)  
      void verify​(java.lang.String host, java.security.cert.X509Certificate cert, long serverThreadId)
      Verification that throw an exception with a detailed error message in case of error.
      boolean verify​(java.lang.String host, javax.net.ssl.SSLSession session)  
      boolean verify​(java.lang.String host, javax.net.ssl.SSLSession session, long serverThreadId)
      Verification, like HostnameVerifier.verify() with an additional server thread id to identify connection in logs.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • logger

        private static final Logger logger
    • Constructor Detail

      • HostnameVerifierImpl

        public HostnameVerifierImpl()
    • Method Detail

      • matchDns

        private static boolean matchDns​(java.lang.String hostname,
                                        java.lang.String tlsDnsPattern)
                                 throws javax.net.ssl.SSLException
        DNS verification : Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.
        Parameters:
        hostname - hostname
        tlsDnsPattern - DNS pattern (may contain wildcard)
        Returns:
        true if matching
        Throws:
        javax.net.ssl.SSLException
      • matchWildCards

        private static boolean matchWildCards​(boolean hostIsIp,
                                              java.lang.String hostnameToken,
                                              java.lang.String tlsDnsToken)
                                       throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException
      • extractCommonName

        private static java.lang.String extractCommonName​(java.lang.String principal)
                                                   throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException
      • normaliseAddress

        private static java.lang.String normaliseAddress​(java.lang.String hostname)
      • normalizedHostMsg

        private static java.lang.String normalizedHostMsg​(java.lang.String normalizedHost)
      • getSubjectAltNames

        private HostnameVerifierImpl.SubjectAltNames getSubjectAltNames​(java.security.cert.X509Certificate cert)
                                                                 throws java.security.cert.CertificateParsingException
        Throws:
        java.security.cert.CertificateParsingException
      • verify

        public boolean verify​(java.lang.String host,
                              javax.net.ssl.SSLSession session)
        Specified by:
        verify in interface javax.net.ssl.HostnameVerifier
      • verify

        public boolean verify​(java.lang.String host,
                              javax.net.ssl.SSLSession session,
                              long serverThreadId)
        Verification, like HostnameVerifier.verify() with an additional server thread id to identify connection in logs.
        Parameters:
        host - host to connect (DNS/IP)
        session - SSL session
        serverThreadId - connection id to identify connection in logs
        Returns:
        true if valid
      • verify

        public void verify​(java.lang.String host,
                           java.security.cert.X509Certificate cert,
                           long serverThreadId)
                    throws javax.net.ssl.SSLException
        Verification that throw an exception with a detailed error message in case of error.
        Parameters:
        host - hostname
        cert - certificate
        serverThreadId - server thread Identifier to identify connection in logs
        Throws:
        javax.net.ssl.SSLException - exception