Package com.ning.http.util

Class DefaultHostnameVerifier

java.lang.Object

com.ning.http.util.DefaultHostnameVerifier

All Implemented Interfaces:

HostnameVerifier

public class DefaultHostnameVerifier
extends Object
implements HostnameVerifier

Uses the internal HostnameChecker to verify the server's hostname matches with the certificate. This is a requirement for HTTPS, but the raw SSLEngine does not have this functionality. As such, it has to be added in manually. For a more complete description of hostname verification and why it's important, please read Fixing Hostname Verification.

This code is based on Kevin Locke's guide .

Constructor Summary

Constructors

Constructor	Description
DefaultHostnameVerifier()	A hostname verifier that uses the {{sun.security.util.HostnameChecker}} under the hood.
DefaultHostnameVerifier(HostnameChecker checker)	A hostname verifier that takes an external hostname checker.
DefaultHostnameVerifier(HostnameChecker checker, HostnameVerifier extraHostnameVerifier)	A hostname verifier with a hostname checker, that falls back to another hostname verifier if not found.
DefaultHostnameVerifier(HostnameVerifier extraHostnameVerifier)	A hostname verifier that falls back to another hostname verifier if not found.

Method Summary

Modifier and Type	Method	Description
boolean	verify(String hostname, SSLSession session)	Verifies the hostname against the peer certificates in a session.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Details

DefaultHostnameVerifier

public DefaultHostnameVerifier()

A hostname verifier that uses the {{sun.security.util.HostnameChecker}} under the hood.

DefaultHostnameVerifier

public DefaultHostnameVerifier(HostnameChecker checker)

A hostname verifier that takes an external hostname checker. Useful for testing.

Parameters:

checker - a hostnamechecker.

DefaultHostnameVerifier

public DefaultHostnameVerifier(HostnameVerifier extraHostnameVerifier)

A hostname verifier that falls back to another hostname verifier if not found.

Parameters:

extraHostnameVerifier - another hostname verifier.

DefaultHostnameVerifier

public DefaultHostnameVerifier(HostnameChecker checker,
 HostnameVerifier extraHostnameVerifier)

A hostname verifier with a hostname checker, that falls back to another hostname verifier if not found.

Parameters:

checker - a custom HostnameChecker.

extraHostnameVerifier - another hostname verifier.

Method Details

verify

public boolean verify(String hostname,
 SSLSession session)

Verifies the hostname against the peer certificates in a session. Falls back to extraHostnameVerifier if there is no match.

Specified by:

verify in interface HostnameVerifier

Parameters:

hostname - the IP address or hostname of the expected server.

session - the SSL session containing the certificates with the ACTUAL hostname/ipaddress.

Returns:

true if the hostname matches, false otherwise.