StrictHostnameVerifier

Class Overview

The Strict HostnameVerifier works the same way as Sun Java 1.4, Sun Java 5, Sun Java 6-rc. It's also pretty close to IE6. This implementation appears to be compliant with RFC 2818 for dealing with wildcards.

The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. The one divergence from IE6 is how we only check the first CN. IE6 allows a match against any of the CNs present. We decided to follow in Sun Java 1.4's footsteps and only check the first CN. (If you need to check all the CN's, feel free to write your own implementation!).

A wildcard such as "*.foo.com" matches only subdomains in the same level, for example "a.foo.com". It does not match deeper subdomains such as "a.b.foo.com".

Summary

[Expand] Inherited Methods
From class org.apache.http.conn.ssl.AbstractVerifier static boolean acceptableCountryWildcard(String cn) static int countDots(String s) Counts the number of dots "." in a string. static String[] getCNs(X509Certificate cert) static String[] getDNSSubjectAlts(X509Certificate cert) Extracts the array of SubjectAlt DNS names from an X509Certificate. final void verify(String host, String[] cns, String[] subjectAlts, boolean strictWithSubDomains) final boolean verify(String host, SSLSession session) final void verify(String host, X509Certificate cert) Verifies that the host name is an acceptable match with the server's authentication scheme based on the given X509Certificate. final void verify(String host, SSLSocket ssl) Verifies that the host name is an acceptable match with the server's authentication scheme based on the given SSLSocket.
From class java.lang.Object Object clone() boolean equals(Object arg0) void finalize() final Class<?> getClass() int hashCode() final void notify() final void notifyAll() String toString() final void wait() final void wait(long arg0, int arg1) final void wait(long arg0)
From interface javax.net.ssl.HostnameVerifier abstract boolean verify(String arg0, SSLSession arg1)
From interface org.apache.http.conn.ssl.X509HostnameVerifier abstract void verify(String host, X509Certificate cert) Verifies that the host name is an acceptable match with the server's authentication scheme based on the given X509Certificate. abstract void verify(String host, SSLSocket ssl) Verifies that the host name is an acceptable match with the server's authentication scheme based on the given SSLSocket. abstract void verify(String host, String[] cns, String[] subjectAlts) Checks to see if the supplied hostname matches any of the supplied CNs or "DNS" Subject-Alts.