mobile/android/thirdparty/ch/boye/httpclientandroidlib/conn/ssl/X509HostnameVerifier.java@b8a032363ba2 (annotated)
mobile/android/thirdparty/ch/boye/httpclientandroidlib/conn/ssl/X509HostnameVerifier.java
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
| michael@0 | 1 | /* |
| michael@0 | 2 | * ==================================================================== |
| michael@0 | 3 | * Licensed to the Apache Software Foundation (ASF) under one |
| michael@0 | 4 | * or more contributor license agreements. See the NOTICE file |
| michael@0 | 5 | * distributed with this work for additional information |
| michael@0 | 6 | * regarding copyright ownership. The ASF licenses this file |
| michael@0 | 7 | * to you under the Apache License, Version 2.0 (the |
| michael@0 | 8 | * "License"); you may not use this file except in compliance |
| michael@0 | 9 | * with the License. You may obtain a copy of the License at |
| michael@0 | 10 | * |
| michael@0 | 11 | * http://www.apache.org/licenses/LICENSE-2.0 |
| michael@0 | 12 | * |
| michael@0 | 13 | * Unless required by applicable law or agreed to in writing, |
| michael@0 | 14 | * software distributed under the License is distributed on an |
| michael@0 | 15 | * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY |
| michael@0 | 16 | * KIND, either express or implied. See the License for the |
| michael@0 | 17 | * specific language governing permissions and limitations |
| michael@0 | 18 | * under the License. |
| michael@0 | 19 | * ==================================================================== |
| michael@0 | 20 | * |
| michael@0 | 21 | * This software consists of voluntary contributions made by many |
| michael@0 | 22 | * individuals on behalf of the Apache Software Foundation. For more |
| michael@0 | 23 | * information on the Apache Software Foundation, please see |
| michael@0 | 24 | * <http://www.apache.org/>. |
| michael@0 | 25 | * |
| michael@0 | 26 | */ |
| michael@0 | 27 | |
| michael@0 | 28 | package ch.boye.httpclientandroidlib.conn.ssl; |
| michael@0 | 29 | |
| michael@0 | 30 | import javax.net.ssl.HostnameVerifier; |
| michael@0 | 31 | import javax.net.ssl.SSLException; |
| michael@0 | 32 | import javax.net.ssl.SSLSocket; |
| michael@0 | 33 | import java.io.IOException; |
| michael@0 | 34 | import java.security.cert.X509Certificate; |
| michael@0 | 35 | |
| michael@0 | 36 | /** |
| michael@0 | 37 | * Interface for checking if a hostname matches the names stored inside the |
| michael@0 | 38 | * server's X.509 certificate. This interface extends |
| michael@0 | 39 | * {@link javax.net.ssl.HostnameVerifier}, but it is recommended to use |
| michael@0 | 40 | * methods added by X509HostnameVerifier. |
| michael@0 | 41 | * |
| michael@0 | 42 | * @since 4.0 |
| michael@0 | 43 | */ |
| michael@0 | 44 | public interface X509HostnameVerifier extends HostnameVerifier { |
| michael@0 | 45 | |
| michael@0 | 46 | /** |
| michael@0 | 47 | * Verifies that the host name is an acceptable match with the server's |
| michael@0 | 48 | * authentication scheme based on the given {@link SSLSocket}. |
| michael@0 | 49 | * |
| michael@0 | 50 | * @param host the host. |
| michael@0 | 51 | * @param ssl the SSL socket. |
| michael@0 | 52 | * @throws IOException if an I/O error occurs or the verification process |
| michael@0 | 53 | * fails. |
| michael@0 | 54 | */ |
| michael@0 | 55 | void verify(String host, SSLSocket ssl) throws IOException; |
| michael@0 | 56 | |
| michael@0 | 57 | /** |
| michael@0 | 58 | * Verifies that the host name is an acceptable match with the server's |
| michael@0 | 59 | * authentication scheme based on the given {@link X509Certificate}. |
| michael@0 | 60 | * |
| michael@0 | 61 | * @param host the host. |
| michael@0 | 62 | * @param cert the certificate. |
| michael@0 | 63 | * @throws SSLException if the verification process fails. |
| michael@0 | 64 | */ |
| michael@0 | 65 | void verify(String host, X509Certificate cert) throws SSLException; |
| michael@0 | 66 | |
| michael@0 | 67 | /** |
| michael@0 | 68 | * Checks to see if the supplied hostname matches any of the supplied CNs |
| michael@0 | 69 | * or "DNS" Subject-Alts. Most implementations only look at the first CN, |
| michael@0 | 70 | * and ignore any additional CNs. Most implementations do look at all of |
| michael@0 | 71 | * the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards |
| michael@0 | 72 | * according to RFC 2818. |
| michael@0 | 73 | * |
| michael@0 | 74 | * @param cns CN fields, in order, as extracted from the X.509 |
| michael@0 | 75 | * certificate. |
| michael@0 | 76 | * @param subjectAlts Subject-Alt fields of type 2 ("DNS"), as extracted |
| michael@0 | 77 | * from the X.509 certificate. |
| michael@0 | 78 | * @param host The hostname to verify. |
| michael@0 | 79 | * @throws SSLException if the verification process fails. |
| michael@0 | 80 | */ |
| michael@0 | 81 | void verify(String host, String[] cns, String[] subjectAlts) |
| michael@0 | 82 | throws SSLException; |
| michael@0 | 83 | |
| michael@0 | 84 | } |
