Home | History | Annotate | Download | only in ssl 
      1 /*
      2  * $HeadURL: http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/StrictHostnameVerifier.java $
      3  * $Revision: 617642 $
      4  * $Date: 2008-02-01 12:54:07 -0800 (Fri, 01 Feb 2008) $
      5  *
      6  * ====================================================================
      7  * Licensed to the Apache Software Foundation (ASF) under one
      8  * or more contributor license agreements.  See the NOTICE file
      9  * distributed with this work for additional information
     10  * regarding copyright ownership.  The ASF licenses this file
     11  * to you under the Apache License, Version 2.0 (the
     12  * "License"); you may not use this file except in compliance
     13  * with the License.  You may obtain a copy of the License at
     14  *
     15  *   http://www.apache.org/licenses/LICENSE-2.0
     16  *
     17  * Unless required by applicable law or agreed to in writing,
     18  * software distributed under the License is distributed on an
     19  * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY
     20  * KIND, either express or implied.  See the License for the
     21  * specific language governing permissions and limitations
     22  * under the License.
     23  * ====================================================================
     24  *
     25  * This software consists of voluntary contributions made by many
     26  * individuals on behalf of the Apache Software Foundation.  For more
     27  * information on the Apache Software Foundation, please see
     28  * <http://www.apache.org/>.
     29  *
     30  */
     31 
     32 package org.apache.http.conn.ssl;
     33 
     34 import javax.net.ssl.SSLException;
     35 
     36 /**
     37  * The Strict HostnameVerifier works the same way as Sun Java 1.4, Sun
     38  * Java 5, Sun Java 6-rc.  It's also pretty close to IE6.  This
     39  * implementation appears to be compliant with RFC 2818 for dealing with
     40  * wildcards.
     41  * <p/>
     42  * The hostname must match either the first CN, or any of the subject-alts.
     43  * A wildcard can occur in the CN, and in any of the subject-alts.  The
     44  * one divergence from IE6 is how we only check the first CN.  IE6 allows
     45  * a match against any of the CNs present.  We decided to follow in
     46  * Sun Java 1.4's footsteps and only check the first CN.  (If you need
     47  * to check all the CN's, feel free to write your own implementation!).
     48  * <p/>
     49  * A wildcard such as "*.foo.com" matches only subdomains in the same
     50  * level, for example "a.foo.com".  It does not match deeper subdomains
     51  * such as "a.b.foo.com".
     52  *
     53  * @author Julius Davies
     54  */
     55 public class StrictHostnameVerifier extends AbstractVerifier {
     56 
     57     public final void verify(
     58             final String host,
     59             final String[] cns,
     60             final String[] subjectAlts) throws SSLException {
     61         verify(host, cns, subjectAlts, true);
     62     }
     63 
     64     @Override
     65     public final String toString() {
     66         return "STRICT";
     67     }
     68 
     69 }
     70