|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface HostnameVerifier
************************************************************************ Copied from the not-yet-commons-ssl project at http://juliusdavies.ca/commons-ssl/ As the above project is accepted into Apache and its JARs become available in the Maven 2 repos, we will have to switch to using the JARs instead ************************************************************************
Interface for checking if a hostname matches the names stored inside the server's X.509 certificate. Correctly implements javax.net.ssl.HostnameVerifier, but that interface is not recommended. Instead we added several check() methods that take SSLSocket, or X509Certificate, or ultimately (they all end up calling this one), String. (It's easier to supply JUnit with Strings instead of mock SSLSession objects!)Our check() methods throw exceptions if the name is invalid, whereas javax.net.ssl.HostnameVerifier just returns true/false.
We provide the HostnameVerifier.DEFAULT, HostnameVerifier.STRICT, and HostnameVerifier.ALLOW_ALL implementations. We also provide the more specialized HostnameVerifier.DEFAULT_AND_LOCALHOST, as well as HostnameVerifier.STRICT_IE6. But feel free to define your own implementations! Inspired by Sebastian Hauer's original StrictSSLProtocolSocketFactory in the HttpClient "contrib" repository.
Nested Class Summary | |
---|---|
static class |
HostnameVerifier.AbstractVerifier
|
static class |
HostnameVerifier.Certificates
|
Field Summary | |
---|---|
static HostnameVerifier |
ALLOW_ALL
The ALLOW_ALL HostnameVerifier essentially turns hostname verification off. |
static HostnameVerifier |
DEFAULT
The DEFAULT HostnameVerifier works the same way as Curl and Firefox. |
static HostnameVerifier |
DEFAULT_AND_LOCALHOST
The DEFAULT_AND_LOCALHOST HostnameVerifier works like the DEFAULT one with one additional relaxation: a host of "localhost", "localhost.localdomain", "127.0.0.1", "::1" will always pass, no matter what is in the server's certificate. |
static HostnameVerifier |
STRICT
The STRICT HostnameVerifier works the same way as java.net.URL in Sun Java 1.4, Sun Java 5, Sun Java 6. |
static HostnameVerifier |
STRICT_IE6
The STRICT_IE6 HostnameVerifier works just like the STRICT one with one minor variation: the hostname can match against any of the CN's in the server's certificate, not just the first one. |
Method Summary | |
---|---|
void |
check(java.lang.String[] hosts,
javax.net.ssl.SSLSocket ssl)
|
void |
check(java.lang.String[] hosts,
java.lang.String[] cns,
java.lang.String[] subjectAlts)
Checks to see if the supplied hostname matches any of the supplied CNs or "DNS" Subject-Alts. |
void |
check(java.lang.String[] hosts,
java.security.cert.X509Certificate cert)
|
void |
check(java.lang.String host,
javax.net.ssl.SSLSocket ssl)
|
void |
check(java.lang.String host,
java.lang.String[] cns,
java.lang.String[] subjectAlts)
|
void |
check(java.lang.String host,
java.security.cert.X509Certificate cert)
|
boolean |
verify(java.lang.String host,
javax.net.ssl.SSLSession session)
|
Field Detail |
---|
static final HostnameVerifier DEFAULT
static final HostnameVerifier DEFAULT_AND_LOCALHOST
static final HostnameVerifier STRICT
static final HostnameVerifier STRICT_IE6
static final HostnameVerifier ALLOW_ALL
Method Detail |
---|
boolean verify(java.lang.String host, javax.net.ssl.SSLSession session)
verify
in interface javax.net.ssl.HostnameVerifier
void check(java.lang.String host, javax.net.ssl.SSLSocket ssl) throws java.io.IOException
java.io.IOException
void check(java.lang.String host, java.security.cert.X509Certificate cert) throws javax.net.ssl.SSLException
javax.net.ssl.SSLException
void check(java.lang.String host, java.lang.String[] cns, java.lang.String[] subjectAlts) throws javax.net.ssl.SSLException
javax.net.ssl.SSLException
void check(java.lang.String[] hosts, javax.net.ssl.SSLSocket ssl) throws java.io.IOException
java.io.IOException
void check(java.lang.String[] hosts, java.security.cert.X509Certificate cert) throws javax.net.ssl.SSLException
javax.net.ssl.SSLException
void check(java.lang.String[] hosts, java.lang.String[] cns, java.lang.String[] subjectAlts) throws javax.net.ssl.SSLException
cns
- CN fields, in order, as extracted from the X.509
certificate.subjectAlts
- Subject-Alt fields of type 2 ("DNS"), as extracted
from the X.509 certificate.hosts
- The array of hostnames to verify.
javax.net.ssl.SSLException
- If verification failed.
|
||||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | |||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |