Package org.apache.http.conn.ssl

Interface X509HostnameVerifier

All Superinterfaces:
HostnameVerifier
All Known Implementing Classes:
AbstractVerifier, AllowAllHostnameVerifier, BrowserCompatHostnameVerifier, StrictHostnameVerifier
public interface X509HostnameVerifier
extends HostnameVerifier
Interface for checking if a hostname matches the names stored inside the server's X.509 certificate. Implements javax.net.ssl.HostnameVerifier, but we don't actually use that interface. Instead we added some methods that take String parameters (instead of javax.net.ssl.HostnameVerifier's SSLSession). JUnit is a lot easier this way! :-)

We provide the HostnameVerifier.DEFAULT, HostnameVerifier.STRICT, and HostnameVerifier.ALLOW_ALL implementations. But feel free to define your own implementation!

Inspired by Sebastian Hauer's original StrictSSLProtocolSocketFactory in the HttpClient "contrib" repository.

Since:
4.0 (8-Dec-2006)
Author:
Julius Davies, Sebastian Hauer

  • Method Summary

    Modifier and Type Method Description
    void verify​(String host, String[] cns, String[] subjectAlts)
    Checks to see if the supplied hostname matches any of the supplied CNs or "DNS" Subject-Alts.
    void verify​(String host, X509Certificate cert)  
    boolean verify​(String host, SSLSession session)
    Verifies that the specified hostname is allowed within the specified SSL session.
    void verify​(String host, SSLSocket ssl)  

  • Method Details

    • verify

      boolean verify​(String host, SSLSession session)
      Description copied from interface: HostnameVerifier
      Verifies that the specified hostname is allowed within the specified SSL session.
      Specified by:
      verify in interface HostnameVerifier
      Parameters:
      host - the hostname.
      session - the SSL session of the connection.
      Returns:
      true if the specified hostname is allowed, otherwise false.

    • verify

      void verify​(String host, SSLSocket ssl) throws IOException
      Throws:
      IOException

    • verify

      void verify​(String host, X509Certificate cert) throws SSLException
      Throws:
      SSLException

    • verify

      void verify​(String host, String[] cns, String[] subjectAlts) throws SSLException
      Checks to see if the supplied hostname matches any of the supplied CNs or "DNS" Subject-Alts. Most implementations only look at the first CN, and ignore any additional CNs. Most implementations do look at all of the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards according to RFC 2818.
      Parameters:
      cns - CN fields, in order, as extracted from the X.509 certificate.
      subjectAlts - Subject-Alt fields of type 2 ("DNS"), as extracted from the X.509 certificate.
      host - The hostname to verify.
      Throws:
      SSLException - If verification failed.