Package org.conscrypt

Class OkHostnameVerifier

java.lang.Object
org.conscrypt.OkHostnameVerifier
All Implemented Interfaces:
ConscryptHostnameVerifier

public final class OkHostnameVerifier extends Object implements ConscryptHostnameVerifier
A HostnameVerifier consistent with RFC 2818.
  • Field Details

    • INSTANCE

      public static final OkHostnameVerifier INSTANCE
    • VERIFY_AS_IP_ADDRESS

      private static final Pattern VERIFY_AS_IP_ADDRESS
      Quick and dirty pattern to differentiate IP addresses from hostnames. This is an approximation of Android's private InetAddress#isNumeric API.

      This matches IPv6 addresses as a hex string containing at least one colon, and possibly including dots after the first colon. It matches IPv4 addresses as strings containing only decimal digits and dots. This pattern matches strings like "a:.23" and "54" that are neither IP addresses nor hostnames; they will be verified as IP addresses (which is a more strict verification).

    • ALT_DNS_NAME

      private static final int ALT_DNS_NAME
      See Also:
    • ALT_IPA_NAME

      private static final int ALT_IPA_NAME
      See Also:
    • strictWildcardMode

      private final boolean strictWildcardMode
  • Constructor Details

    • OkHostnameVerifier

      private OkHostnameVerifier(boolean strictWildcardMode)
  • Method Details

    • strictInstance

      public static OkHostnameVerifier strictInstance()
    • verify

      public boolean verify(X509Certificate[] certs, String host, SSLSession session)
      Description copied from interface: ConscryptHostnameVerifier
      Returns whether the given hostname is allowable given the peer's authentication information from the given session.
      Specified by:
      verify in interface ConscryptHostnameVerifier
    • verify

      public boolean verify(String host, X509Certificate certificate)
    • verifyAsIpAddress

      static boolean verifyAsIpAddress(String host)
    • verifyIpAddress

      private boolean verifyIpAddress(String ipAddress, X509Certificate certificate)
      Returns true if certificate matches ipAddress.
    • verifyHostName

      private boolean verifyHostName(String hostName, X509Certificate certificate)
      Returns true if certificate matches hostName.
    • allSubjectAltNames

      public static List<String> allSubjectAltNames(X509Certificate certificate)
    • getSubjectAltNames

      private static List<String> getSubjectAltNames(X509Certificate certificate, int type)
    • verifyHostName

      private boolean verifyHostName(String hostName, String pattern)
      Returns true iff hostName matches the domain name pattern.
      Parameters:
      hostName - lower-case host name.
      pattern - domain name pattern from certificate. May be a wildcard pattern such as *.android.com.