com.sleepycat.je.rep.utilint.net

Class SSLDNHostVerifier

java.lang.Object

com.sleepycat.je.rep.utilint.net.SSLDNHostVerifier

All Implemented Interfaces:

HostnameVerifier

public class SSLDNHostVerifier
extends Object
implements HostnameVerifier

This is an implementation of HostnameVerifier, which is intended to verify that the host to which we are connected is valid. This implementation is designed for the case where it is expected that the server's certificate does not match the host name, but instead, contains a well-known distinguished name (DN). This check verifies that the DN matches expectations.

Matching is done using Java regular expressions against the RFC1779 normalized DN. The regular expression is applied against the entire DN string, but the regular expression could be constructed to treat only a portion of it as relevant.

Constructor Summary

Constructors

Constructor and Description
SSLDNHostVerifier(InstanceParams params) Construct an SSLDNHostVerifier

Method Summary

Modifier and Type	Method and Description
boolean	peerMatches(SSLSession sslSession)
static void	validate(String regex) Verify that the string is a valid pattern.
boolean	verify(String targetHost, SSLSession sslSession) Checks whether an SSL connection has been made to the intended target.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SSLDNHostVerifier

public SSLDNHostVerifier(InstanceParams params)

Construct an SSLDNHostVerifier

Parameters:

params - The parameter for authentication creation. This class requires a Java regular expression to be applied to the subject common name.

Method Detail

verify

public boolean verify(String targetHost,
                      SSLSession sslSession)

Checks whether an SSL connection has been made to the intended target. This should be called only after the SSL handshake has completed.

Specified by:

verify in interface HostnameVerifier

Parameters:

targetHost - the intended target of a network connection This parameter is not used by this implementation.

sslSession - the SSLSession that has been set up for the connection

Returns:

true if sslSession indicates that the connection has been made to the correct host

validate

public static void validate(String regex)
                     throws IllegalArgumentException

Verify that the string is a valid pattern.

Throws:

IllegalArgumentException - if not a valid pattern.

peerMatches

public boolean peerMatches(SSLSession sslSession)