mobile/android/thirdparty/ch/boye/httpclientandroidlib/conn/ssl/X509HostnameVerifier.java@b8a032363ba2
mobile/android/thirdparty/ch/boye/httpclientandroidlib/conn/ssl/X509HostnameVerifier.java
Thu, 22 Jan 2015 13:21:57 +0100
- author
- Michael Schloh von Bennewitz <michael@schloh.com>
- date
- Thu, 22 Jan 2015 13:21:57 +0100
- branch
- TOR_BUG_9701
- changeset 15
- b8a032363ba2
- permissions
- -rw-r--r--
Incorporate requested changes from Mozilla in review:
https://bugzilla.mozilla.org/show_bug.cgi?id=1123480#c6
1 /*
2 * ====================================================================
3 * Licensed to the Apache Software Foundation (ASF) under one
4 * or more contributor license agreements. See the NOTICE file
5 * distributed with this work for additional information
6 * regarding copyright ownership. The ASF licenses this file
7 * to you under the Apache License, Version 2.0 (the
8 * "License"); you may not use this file except in compliance
9 * with the License. You may obtain a copy of the License at
10 *
11 * http://www.apache.org/licenses/LICENSE-2.0
12 *
13 * Unless required by applicable law or agreed to in writing,
14 * software distributed under the License is distributed on an
15 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
16 * KIND, either express or implied. See the License for the
17 * specific language governing permissions and limitations
18 * under the License.
19 * ====================================================================
20 *
21 * This software consists of voluntary contributions made by many
22 * individuals on behalf of the Apache Software Foundation. For more
23 * information on the Apache Software Foundation, please see
24 * <http://www.apache.org/>.
25 *
26 */
28 package ch.boye.httpclientandroidlib.conn.ssl;
30 import javax.net.ssl.HostnameVerifier;
31 import javax.net.ssl.SSLException;
32 import javax.net.ssl.SSLSocket;
33 import java.io.IOException;
34 import java.security.cert.X509Certificate;
36 /**
37 * Interface for checking if a hostname matches the names stored inside the
38 * server's X.509 certificate. This interface extends
39 * {@link javax.net.ssl.HostnameVerifier}, but it is recommended to use
40 * methods added by X509HostnameVerifier.
41 *
42 * @since 4.0
43 */
44 public interface X509HostnameVerifier extends HostnameVerifier {
46 /**
47 * Verifies that the host name is an acceptable match with the server's
48 * authentication scheme based on the given {@link SSLSocket}.
49 *
50 * @param host the host.
51 * @param ssl the SSL socket.
52 * @throws IOException if an I/O error occurs or the verification process
53 * fails.
54 */
55 void verify(String host, SSLSocket ssl) throws IOException;
57 /**
58 * Verifies that the host name is an acceptable match with the server's
59 * authentication scheme based on the given {@link X509Certificate}.
60 *
61 * @param host the host.
62 * @param cert the certificate.
63 * @throws SSLException if the verification process fails.
64 */
65 void verify(String host, X509Certificate cert) throws SSLException;
67 /**
68 * Checks to see if the supplied hostname matches any of the supplied CNs
69 * or "DNS" Subject-Alts. Most implementations only look at the first CN,
70 * and ignore any additional CNs. Most implementations do look at all of
71 * the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards
72 * according to RFC 2818.
73 *
74 * @param cns CN fields, in order, as extracted from the X.509
75 * certificate.
76 * @param subjectAlts Subject-Alt fields of type 2 ("DNS"), as extracted
77 * from the X.509 certificate.
78 * @param host The hostname to verify.
79 * @throws SSLException if the verification process fails.
80 */
81 void verify(String host, String[] cns, String[] subjectAlts)
82 throws SSLException;
84 }
