Package org.conscrypt

Class OkHostnameVerifier

    • Constructor Summary

      Constructors 
      Modifier Constructor Description
      private OkHostnameVerifier​(boolean strictWildcardMode)  
    • Method Summary

      All Methods Static Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      static java.util.List<java.lang.String> allSubjectAltNames​(java.security.cert.X509Certificate certificate)  
      private static java.util.List<java.lang.String> getSubjectAltNames​(java.security.cert.X509Certificate certificate, int type)  
      static OkHostnameVerifier strictInstance()  
      boolean verify​(java.lang.String host, java.security.cert.X509Certificate certificate)  
      boolean verify​(java.security.cert.X509Certificate[] certs, java.lang.String host, javax.net.ssl.SSLSession session)
      Returns whether the given hostname is allowable given the peer's authentication information from the given session.
      (package private) static boolean verifyAsIpAddress​(java.lang.String host)  
      private boolean verifyHostName​(java.lang.String hostName, java.lang.String pattern)
      Returns true iff hostName matches the domain name pattern.
      private boolean verifyHostName​(java.lang.String hostName, java.security.cert.X509Certificate certificate)
      Returns true if certificate matches hostName.
      private boolean verifyIpAddress​(java.lang.String ipAddress, java.security.cert.X509Certificate certificate)
      Returns true if certificate matches ipAddress.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • VERIFY_AS_IP_ADDRESS

        private static final java.util.regex.Pattern VERIFY_AS_IP_ADDRESS
        Quick and dirty pattern to differentiate IP addresses from hostnames. This is an approximation of Android's private InetAddress#isNumeric API.

        This matches IPv6 addresses as a hex string containing at least one colon, and possibly including dots after the first colon. It matches IPv4 addresses as strings containing only decimal digits and dots. This pattern matches strings like "a:.23" and "54" that are neither IP addresses nor hostnames; they will be verified as IP addresses (which is a more strict verification).

      • strictWildcardMode

        private final boolean strictWildcardMode
    • Constructor Detail

      • OkHostnameVerifier

        private OkHostnameVerifier​(boolean strictWildcardMode)
    • Method Detail

      • verify

        public boolean verify​(java.security.cert.X509Certificate[] certs,
                              java.lang.String host,
                              javax.net.ssl.SSLSession session)
        Description copied from interface: ConscryptHostnameVerifier
        Returns whether the given hostname is allowable given the peer's authentication information from the given session.
        Specified by:
        verify in interface ConscryptHostnameVerifier
      • verify

        public boolean verify​(java.lang.String host,
                              java.security.cert.X509Certificate certificate)
      • verifyAsIpAddress

        static boolean verifyAsIpAddress​(java.lang.String host)
      • verifyIpAddress

        private boolean verifyIpAddress​(java.lang.String ipAddress,
                                        java.security.cert.X509Certificate certificate)
        Returns true if certificate matches ipAddress.
      • verifyHostName

        private boolean verifyHostName​(java.lang.String hostName,
                                       java.security.cert.X509Certificate certificate)
        Returns true if certificate matches hostName.
      • allSubjectAltNames

        public static java.util.List<java.lang.String> allSubjectAltNames​(java.security.cert.X509Certificate certificate)
      • getSubjectAltNames

        private static java.util.List<java.lang.String> getSubjectAltNames​(java.security.cert.X509Certificate certificate,
                                                                           int type)
      • verifyHostName

        private boolean verifyHostName​(java.lang.String hostName,
                                       java.lang.String pattern)
        Returns true iff hostName matches the domain name pattern.
        Parameters:
        hostName - lower-case host name.
        pattern - domain name pattern from certificate. May be a wildcard pattern such as *.android.com.