Class HostnameVerifier


  • public class HostnameVerifier
    extends java.lang.Object
    SSL host verification
    • Field Summary

      Fields 
      Modifier and Type Field Description
      private static java.util.regex.Pattern IP_V4  
      private static java.util.regex.Pattern IP_V6  
      private static java.util.regex.Pattern IP_V6_COMPRESSED  
      private static Logger logger  
    • Method Summary

      All Methods Static Methods Concrete Methods 
      Modifier and Type Method Description
      private static java.lang.String extractCommonName​(java.lang.String principal)  
      private static HostnameVerifier.SubjectAltNames getSubjectAltNames​(java.security.cert.X509Certificate cert)  
      static boolean isIPv4​(java.lang.String ip)
      check if ip correspond to IPV4
      static boolean isIPv6​(java.lang.String ip)
      check if ip correspond to IPV6
      private static boolean matchDns​(java.lang.String hostname, java.lang.String tlsDnsPattern)
      DNS verification : Matching is performed using the matching rules specified by [RFC2459].
      private static boolean matchWildCards​(boolean hostIsIp, java.lang.String hostnameToken, java.lang.String tlsDnsToken)  
      private static java.lang.String normaliseAddress​(java.lang.String hostname)  
      private static java.lang.String normalizedHostMsg​(java.lang.String normalizedHost)  
      static void verify​(java.lang.String host, java.security.cert.X509Certificate cert, long serverThreadId)
      Verification that throw an exception with a detailed error message in case of error.
      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
    • Field Detail

      • logger

        private static final Logger logger
      • IP_V4

        private static final java.util.regex.Pattern IP_V4
      • IP_V6

        private static final java.util.regex.Pattern IP_V6
      • IP_V6_COMPRESSED

        private static final java.util.regex.Pattern IP_V6_COMPRESSED
    • Constructor Detail

      • HostnameVerifier

        public HostnameVerifier()
    • Method Detail

      • matchDns

        private static boolean matchDns​(java.lang.String hostname,
                                        java.lang.String tlsDnsPattern)
                                 throws javax.net.ssl.SSLException
        DNS verification : Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.
        Parameters:
        hostname - hostname
        tlsDnsPattern - DNS pattern (may contain wildcard)
        Returns:
        true if matching
        Throws:
        javax.net.ssl.SSLException
      • matchWildCards

        private static boolean matchWildCards​(boolean hostIsIp,
                                              java.lang.String hostnameToken,
                                              java.lang.String tlsDnsToken)
                                       throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException
      • extractCommonName

        private static java.lang.String extractCommonName​(java.lang.String principal)
                                                   throws javax.net.ssl.SSLException
        Throws:
        javax.net.ssl.SSLException
      • normaliseAddress

        private static java.lang.String normaliseAddress​(java.lang.String hostname)
      • normalizedHostMsg

        private static java.lang.String normalizedHostMsg​(java.lang.String normalizedHost)
      • isIPv4

        public static boolean isIPv4​(java.lang.String ip)
        check if ip correspond to IPV4
        Parameters:
        ip - ip value
        Returns:
        if ip is using IPV4 format
      • isIPv6

        public static boolean isIPv6​(java.lang.String ip)
        check if ip correspond to IPV6
        Parameters:
        ip - ip value
        Returns:
        if ip is using IPV6 format
      • getSubjectAltNames

        private static HostnameVerifier.SubjectAltNames getSubjectAltNames​(java.security.cert.X509Certificate cert)
                                                                    throws java.security.cert.CertificateParsingException
        Throws:
        java.security.cert.CertificateParsingException
      • verify

        public static void verify​(java.lang.String host,
                                  java.security.cert.X509Certificate cert,
                                  long serverThreadId)
                           throws javax.net.ssl.SSLException
        Verification that throw an exception with a detailed error message in case of error.
        Parameters:
        host - hostname
        cert - certificate
        serverThreadId - server thread Identifier to identify connection in logs
        Throws:
        javax.net.ssl.SSLException - exception