StrictHostnameVerifier

Class Overview

The Strict HostnameVerifier works the same way as Sun Java 1.4, Sun Java 5, Sun Java 6-rc. It's also pretty close to IE6. This implementation appears to be compliant with RFC 2818 for dealing with wildcards.

The hostname must match either the first CN, or any of the subject-alts. A wildcard can occur in the CN, and in any of the subject-alts. The one divergence from IE6 is how we only check the first CN. IE6 allows a match against any of the CNs present. We decided to follow in Sun Java 1.4's footsteps and only check the first CN. (If you need to check all the CN's, feel free to write your own implementation!).

A wildcard such as "*.foo.com" matches only subdomains in the same level, for example "a.foo.com". It does not match deeper subdomains such as "a.b.foo.com".

Summary

[Expand] Inherited Methods
From class org.apache.http.conn.ssl.AbstractVerifier static boolean acceptableCountryWildcard(String cn) static int countDots(String s) Counts the number of dots "." in a string. static String[] getCNs(X509Certificate cert) static String[] getDNSSubjectAlts(X509Certificate cert) Extracts the array of SubjectAlt DNS names from an X509Certificate. final void verify(String host, String[] cns, String[] subjectAlts, boolean strictWithSubDomains) final boolean verify(String host, SSLSession session) Verifies that the specified hostname is allowed within the specified SSL session. final void verify(String host, X509Certificate cert) final void verify(String host, SSLSocket ssl)
From class java.lang.Object Object clone() Creates and returns a copy of this Object. boolean equals(Object o) Compares this instance with the specified object and indicates if they are equal. void finalize() Invoked when the garbage collector has detected that this instance is no longer reachable. final Class<?> getClass() Returns the unique instance of Class that represents this object's class. int hashCode() Returns an integer hash code for this object. final void notify() Causes a thread which is waiting on this object's monitor (by means of calling one of the wait() methods) to be woken up. final void notifyAll() Causes all threads which are waiting on this object's monitor (by means of calling one of the wait() methods) to be woken up. String toString() Returns a string containing a concise, human-readable description of this object. final void wait() Causes the calling thread to wait until another thread calls the notify() or notifyAll() method of this object. final void wait(long millis, int nanos) Causes the calling thread to wait until another thread calls the notify() or notifyAll() method of this object or until the specified timeout expires. final void wait(long millis) Causes the calling thread to wait until another thread calls the notify() or notifyAll() method of this object or until the specified timeout expires.
From interface javax.net.ssl.HostnameVerifier abstract boolean verify(String hostname, SSLSession session) Verifies that the specified hostname is allowed within the specified SSL session.
From interface org.apache.http.conn.ssl.X509HostnameVerifier abstract boolean verify(String host, SSLSession session) Verifies that the specified hostname is allowed within the specified SSL session. abstract void verify(String host, X509Certificate cert) abstract void verify(String host, SSLSocket ssl) abstract void verify(String host, String[] cns, String[] subjectAlts) Checks to see if the supplied hostname matches any of the supplied CNs or "DNS" Subject-Alts.