/lib/src/org/apache/http/conn/ssl/StrictHostnameVerifier.java
Java | 69 lines | 16 code | 7 blank | 46 comment | 0 complexity | 444c60a3f8390432d10aff684915e110 MD5 | raw file
Possible License(s): GPL-3.0
1/* 2 * ==================================================================== 3 * Licensed to the Apache Software Foundation (ASF) under one 4 * or more contributor license agreements. See the NOTICE file 5 * distributed with this work for additional information 6 * regarding copyright ownership. The ASF licenses this file 7 * to you under the Apache License, Version 2.0 (the 8 * "License"); you may not use this file except in compliance 9 * with the License. You may obtain a copy of the License at 10 * 11 * http://www.apache.org/licenses/LICENSE-2.0 12 * 13 * Unless required by applicable law or agreed to in writing, 14 * software distributed under the License is distributed on an 15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 16 * KIND, either express or implied. See the License for the 17 * specific language governing permissions and limitations 18 * under the License. 19 * ==================================================================== 20 * 21 * This software consists of voluntary contributions made by many 22 * individuals on behalf of the Apache Software Foundation. For more 23 * information on the Apache Software Foundation, please see 24 * <http://www.apache.org/>. 25 * 26 */ 27 28package org.apache.http.conn.ssl; 29 30import javax.net.ssl.SSLException; 31 32import org.apache.http.annotation.Immutable; 33 34/** 35 * The Strict HostnameVerifier works the same way as Sun Java 1.4, Sun 36 * Java 5, Sun Java 6-rc. It's also pretty close to IE6. This 37 * implementation appears to be compliant with RFC 2818 for dealing with 38 * wildcards. 39 * <p/> 40 * The hostname must match either the first CN, or any of the subject-alts. 41 * A wildcard can occur in the CN, and in any of the subject-alts. The 42 * one divergence from IE6 is how we only check the first CN. IE6 allows 43 * a match against any of the CNs present. We decided to follow in 44 * Sun Java 1.4's footsteps and only check the first CN. (If you need 45 * to check all the CN's, feel free to write your own implementation!). 46 * <p/> 47 * A wildcard such as "*.foo.com" matches only subdomains in the same 48 * level, for example "a.foo.com". It does not match deeper subdomains 49 * such as "a.b.foo.com". 50 * 51 * 52 * @since 4.0 53 */ 54@Immutable 55public class StrictHostnameVerifier extends AbstractVerifier { 56 57 public final void verify( 58 final String host, 59 final String[] cns, 60 final String[] subjectAlts) throws SSLException { 61 verify(host, cns, subjectAlts, true); 62 } 63 64 @Override 65 public final String toString() { 66 return "STRICT"; 67 } 68 69}