Interface for checking if a hostname matches the names stored inside the server's X.509 certificate. More...
Implements javax.net.ssl.HostnameVerifier, but we don't actually use that interface. Instead we added some methods that take String parameters (instead of javax.net.ssl.HostnameVerifier's SSLSession). JUnit is a lot easier this way! :-)
We provide the HostnameVerifier.DEFAULT, HostnameVerifier.STRICT, and HostnameVerifier.ALLOW_ALL implementations. But feel free to define your own implementation!
Inspired by Sebastian Hauer's original StrictSSLProtocolSocketFactory in the HttpClient "contrib" repository.
The following notice applies to the original API on which this API is based, and to its documentation. The documentation of this API has been revised from the original.
/* * Copyright (C) 2006 The Android Open Source Project * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */
Public Member Functions | |
void | verify (String host, String[] cns, String[] subjectAlts) throws SSLException |
Checks to see if the supplied hostname matches any of the supplied CNs or "DNS" Subject-Alts. More... | |
void verify | ( | String | host, |
String[] | cns, | ||
String[] | subjectAlts | ||
) | throws SSLException |
Most implementations only look at the first CN, and ignore any additional CNs. Most implementations do look at all of the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards according to RFC 2818.
cns | CN fields, in order, as extracted from the X.509 certificate. |
subjectAlts | Subject-Alt fields of type 2 ("DNS"), as extracted from the X.509 certificate. |
host | The hostname to verify. |
SSLException | If verification failed. |
Implemented in StrictHostnameVerifier, BrowserCompatHostnameVerifier, and AllowAllHostnameVerifier.