/lib/src/org/apache/http/conn/ssl/StrictHostnameVerifier.java

http://github.com/onedanshow/Screen-Courter · Java · 69 lines · 16 code · 7 blank · 46 comment · 0 complexity · 444c60a3f8390432d10aff684915e110 MD5 · raw file

  1. /*
  2. * ====================================================================
  3. * Licensed to the Apache Software Foundation (ASF) under one
  4. * or more contributor license agreements. See the NOTICE file
  5. * distributed with this work for additional information
  6. * regarding copyright ownership. The ASF licenses this file
  7. * to you under the Apache License, Version 2.0 (the
  8. * "License"); you may not use this file except in compliance
  9. * with the License. You may obtain a copy of the License at
  10. *
  11. * http://www.apache.org/licenses/LICENSE-2.0
  12. *
  13. * Unless required by applicable law or agreed to in writing,
  14. * software distributed under the License is distributed on an
  15. * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
  16. * KIND, either express or implied. See the License for the
  17. * specific language governing permissions and limitations
  18. * under the License.
  19. * ====================================================================
  20. *
  21. * This software consists of voluntary contributions made by many
  22. * individuals on behalf of the Apache Software Foundation. For more
  23. * information on the Apache Software Foundation, please see
  24. * <http://www.apache.org/>.
  25. *
  26. */
  27. package org.apache.http.conn.ssl;
  28. import javax.net.ssl.SSLException;
  29. import org.apache.http.annotation.Immutable;
  30. /**
  31. * The Strict HostnameVerifier works the same way as Sun Java 1.4, Sun
  32. * Java 5, Sun Java 6-rc. It's also pretty close to IE6. This
  33. * implementation appears to be compliant with RFC 2818 for dealing with
  34. * wildcards.
  35. * <p/>
  36. * The hostname must match either the first CN, or any of the subject-alts.
  37. * A wildcard can occur in the CN, and in any of the subject-alts. The
  38. * one divergence from IE6 is how we only check the first CN. IE6 allows
  39. * a match against any of the CNs present. We decided to follow in
  40. * Sun Java 1.4's footsteps and only check the first CN. (If you need
  41. * to check all the CN's, feel free to write your own implementation!).
  42. * <p/>
  43. * A wildcard such as "*.foo.com" matches only subdomains in the same
  44. * level, for example "a.foo.com". It does not match deeper subdomains
  45. * such as "a.b.foo.com".
  46. *
  47. *
  48. * @since 4.0
  49. */
  50. @Immutable
  51. public class StrictHostnameVerifier extends AbstractVerifier {
  52. public final void verify(
  53. final String host,
  54. final String[] cns,
  55. final String[] subjectAlts) throws SSLException {
  56. verify(host, cns, subjectAlts, true);
  57. }
  58. @Override
  59. public final String toString() {
  60. return "STRICT";
  61. }
  62. }