Package org.conscrypt
Class OkHostnameVerifier
- java.lang.Object
-
- org.conscrypt.OkHostnameVerifier
-
- All Implemented Interfaces:
ConscryptHostnameVerifier
public final class OkHostnameVerifier extends java.lang.Object implements ConscryptHostnameVerifier
A HostnameVerifier consistent with RFC 2818.
-
-
Field Summary
Fields Modifier and Type Field Description private static int
ALT_DNS_NAME
private static int
ALT_IPA_NAME
static OkHostnameVerifier
INSTANCE
private boolean
strictWildcardMode
private static java.util.regex.Pattern
VERIFY_AS_IP_ADDRESS
Quick and dirty pattern to differentiate IP addresses from hostnames.
-
Constructor Summary
Constructors Modifier Constructor Description private
OkHostnameVerifier(boolean strictWildcardMode)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static java.util.List<java.lang.String>
allSubjectAltNames(java.security.cert.X509Certificate certificate)
private static java.util.List<java.lang.String>
getSubjectAltNames(java.security.cert.X509Certificate certificate, int type)
static OkHostnameVerifier
strictInstance()
boolean
verify(java.lang.String host, java.security.cert.X509Certificate certificate)
boolean
verify(java.security.cert.X509Certificate[] certs, java.lang.String host, javax.net.ssl.SSLSession session)
Returns whether the given hostname is allowable given the peer's authentication information from the given session.(package private) static boolean
verifyAsIpAddress(java.lang.String host)
private boolean
verifyHostName(java.lang.String hostName, java.lang.String pattern)
Returnstrue
iffhostName
matches the domain namepattern
.private boolean
verifyHostName(java.lang.String hostName, java.security.cert.X509Certificate certificate)
Returns true ifcertificate
matcheshostName
.private boolean
verifyIpAddress(java.lang.String ipAddress, java.security.cert.X509Certificate certificate)
Returns true ifcertificate
matchesipAddress
.
-
-
-
Field Detail
-
INSTANCE
public static final OkHostnameVerifier INSTANCE
-
VERIFY_AS_IP_ADDRESS
private static final java.util.regex.Pattern VERIFY_AS_IP_ADDRESS
Quick and dirty pattern to differentiate IP addresses from hostnames. This is an approximation of Android's private InetAddress#isNumeric API.This matches IPv6 addresses as a hex string containing at least one colon, and possibly including dots after the first colon. It matches IPv4 addresses as strings containing only decimal digits and dots. This pattern matches strings like "a:.23" and "54" that are neither IP addresses nor hostnames; they will be verified as IP addresses (which is a more strict verification).
-
ALT_DNS_NAME
private static final int ALT_DNS_NAME
- See Also:
- Constant Field Values
-
ALT_IPA_NAME
private static final int ALT_IPA_NAME
- See Also:
- Constant Field Values
-
strictWildcardMode
private final boolean strictWildcardMode
-
-
Method Detail
-
strictInstance
public static OkHostnameVerifier strictInstance()
-
verify
public boolean verify(java.security.cert.X509Certificate[] certs, java.lang.String host, javax.net.ssl.SSLSession session)
Description copied from interface:ConscryptHostnameVerifier
Returns whether the given hostname is allowable given the peer's authentication information from the given session.- Specified by:
verify
in interfaceConscryptHostnameVerifier
-
verify
public boolean verify(java.lang.String host, java.security.cert.X509Certificate certificate)
-
verifyAsIpAddress
static boolean verifyAsIpAddress(java.lang.String host)
-
verifyIpAddress
private boolean verifyIpAddress(java.lang.String ipAddress, java.security.cert.X509Certificate certificate)
Returns true ifcertificate
matchesipAddress
.
-
verifyHostName
private boolean verifyHostName(java.lang.String hostName, java.security.cert.X509Certificate certificate)
Returns true ifcertificate
matcheshostName
.
-
allSubjectAltNames
public static java.util.List<java.lang.String> allSubjectAltNames(java.security.cert.X509Certificate certificate)
-
getSubjectAltNames
private static java.util.List<java.lang.String> getSubjectAltNames(java.security.cert.X509Certificate certificate, int type)
-
verifyHostName
private boolean verifyHostName(java.lang.String hostName, java.lang.String pattern)
Returnstrue
iffhostName
matches the domain namepattern
.- Parameters:
hostName
- lower-case host name.pattern
- domain name pattern from certificate. May be a wildcard pattern such as*.android.com
.
-
-