Package org.mariadb.jdbc.client.tls
Class HostnameVerifier
- java.lang.Object
-
- org.mariadb.jdbc.client.tls.HostnameVerifier
-
public class HostnameVerifier extends java.lang.Object
SSL host verification
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static class
HostnameVerifier.Extension
private static class
HostnameVerifier.GeneralName
private static class
HostnameVerifier.SubjectAltNames
-
Field Summary
Fields Modifier and Type Field Description private static java.util.regex.Pattern
IP_V4
private static java.util.regex.Pattern
IP_V6
private static java.util.regex.Pattern
IP_V6_COMPRESSED
private static Logger
logger
-
Constructor Summary
Constructors Constructor Description HostnameVerifier()
-
Method Summary
All Methods Static Methods Concrete Methods Modifier and Type Method Description private static java.lang.String
extractCommonName(java.lang.String principal)
private static HostnameVerifier.SubjectAltNames
getSubjectAltNames(java.security.cert.X509Certificate cert)
static boolean
isIPv4(java.lang.String ip)
check if ip correspond to IPV4static boolean
isIPv6(java.lang.String ip)
check if ip correspond to IPV6private static boolean
matchDns(java.lang.String hostname, java.lang.String tlsDnsPattern)
DNS verification : Matching is performed using the matching rules specified by [RFC2459].private static boolean
matchWildCards(boolean hostIsIp, java.lang.String hostnameToken, java.lang.String tlsDnsToken)
private static java.lang.String
normaliseAddress(java.lang.String hostname)
private static java.lang.String
normalizedHostMsg(java.lang.String normalizedHost)
static void
verify(java.lang.String host, java.security.cert.X509Certificate cert, long serverThreadId)
Verification that throw an exception with a detailed error message in case of error.
-
-
-
Field Detail
-
logger
private static final Logger logger
-
IP_V4
private static final java.util.regex.Pattern IP_V4
-
IP_V6
private static final java.util.regex.Pattern IP_V6
-
IP_V6_COMPRESSED
private static final java.util.regex.Pattern IP_V6_COMPRESSED
-
-
Method Detail
-
matchDns
private static boolean matchDns(java.lang.String hostname, java.lang.String tlsDnsPattern) throws javax.net.ssl.SSLException
DNS verification : Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.- Parameters:
hostname
- hostnametlsDnsPattern
- DNS pattern (may contain wildcard)- Returns:
- true if matching
- Throws:
javax.net.ssl.SSLException
-
matchWildCards
private static boolean matchWildCards(boolean hostIsIp, java.lang.String hostnameToken, java.lang.String tlsDnsToken) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
extractCommonName
private static java.lang.String extractCommonName(java.lang.String principal) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
normaliseAddress
private static java.lang.String normaliseAddress(java.lang.String hostname)
-
normalizedHostMsg
private static java.lang.String normalizedHostMsg(java.lang.String normalizedHost)
-
isIPv4
public static boolean isIPv4(java.lang.String ip)
check if ip correspond to IPV4- Parameters:
ip
- ip value- Returns:
- if ip is using IPV4 format
-
isIPv6
public static boolean isIPv6(java.lang.String ip)
check if ip correspond to IPV6- Parameters:
ip
- ip value- Returns:
- if ip is using IPV6 format
-
getSubjectAltNames
private static HostnameVerifier.SubjectAltNames getSubjectAltNames(java.security.cert.X509Certificate cert) throws java.security.cert.CertificateParsingException
- Throws:
java.security.cert.CertificateParsingException
-
verify
public static void verify(java.lang.String host, java.security.cert.X509Certificate cert, long serverThreadId) throws javax.net.ssl.SSLException
Verification that throw an exception with a detailed error message in case of error.- Parameters:
host
- hostnamecert
- certificateserverThreadId
- server thread Identifier to identify connection in logs- Throws:
javax.net.ssl.SSLException
- exception
-
-