1 /* 2 * $HeadURL: http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/X509HostnameVerifier.java $ 3 * $Revision: 618365 $ 4 * $Date: 2008-02-04 10:20:08 -0800 (Mon, 04 Feb 2008) $ 5 * 6 * ==================================================================== 7 * Licensed to the Apache Software Foundation (ASF) under one 8 * or more contributor license agreements. See the NOTICE file 9 * distributed with this work for additional information 10 * regarding copyright ownership. The ASF licenses this file 11 * to you under the Apache License, Version 2.0 (the 12 * "License"); you may not use this file except in compliance 13 * with the License. You may obtain a copy of the License at 14 * 15 * http://www.apache.org/licenses/LICENSE-2.0 16 * 17 * Unless required by applicable law or agreed to in writing, 18 * software distributed under the License is distributed on an 19 * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 20 * KIND, either express or implied. See the License for the 21 * specific language governing permissions and limitations 22 * under the License. 23 * ==================================================================== 24 * 25 * This software consists of voluntary contributions made by many 26 * individuals on behalf of the Apache Software Foundation. For more 27 * information on the Apache Software Foundation, please see 28 * <http://www.apache.org/>. 29 * 30 */ 31 32 package org.apache.http.conn.ssl; 33 34 import javax.net.ssl.HostnameVerifier; 35 import javax.net.ssl.SSLException; 36 import javax.net.ssl.SSLSession; 37 import javax.net.ssl.SSLSocket; 38 import java.io.IOException; 39 import java.security.cert.X509Certificate; 40 41 /** 42 * Interface for checking if a hostname matches the names stored inside the 43 * server's X.509 certificate. Implements javax.net.ssl.HostnameVerifier, but 44 * we don't actually use that interface. Instead we added some methods that 45 * take String parameters (instead of javax.net.ssl.HostnameVerifier's 46 * SSLSession). JUnit is a lot easier this way! :-) 47 * <p/> 48 * We provide the HostnameVerifier.DEFAULT, HostnameVerifier.STRICT, and 49 * HostnameVerifier.ALLOW_ALL implementations. But feel free to define 50 * your own implementation! 51 * <p/> 52 * Inspired by Sebastian Hauer's original StrictSSLProtocolSocketFactory in the 53 * HttpClient "contrib" repository. 54 * 55 * @author Julius Davies 56 * @author <a href="mailto:hauer@psicode.com">Sebastian Hauer</a> 57 * 58 * @since 4.0 (8-Dec-2006) 59 */ 60 public interface X509HostnameVerifier extends HostnameVerifier { 61 verify(String host, SSLSession session)62 boolean verify(String host, SSLSession session); 63 verify(String host, SSLSocket ssl)64 void verify(String host, SSLSocket ssl) throws IOException; 65 verify(String host, X509Certificate cert)66 void verify(String host, X509Certificate cert) throws SSLException; 67 68 /** 69 * Checks to see if the supplied hostname matches any of the supplied CNs 70 * or "DNS" Subject-Alts. Most implementations only look at the first CN, 71 * and ignore any additional CNs. Most implementations do look at all of 72 * the "DNS" Subject-Alts. The CNs or Subject-Alts may contain wildcards 73 * according to RFC 2818. 74 * 75 * @param cns CN fields, in order, as extracted from the X.509 76 * certificate. 77 * @param subjectAlts Subject-Alt fields of type 2 ("DNS"), as extracted 78 * from the X.509 certificate. 79 * @param host The hostname to verify. 80 * @throws SSLException If verification failed. 81 */ verify(String host, String[] cns, String[] subjectAlts)82 void verify(String host, String[] cns, String[] subjectAlts) 83 throws SSLException; 84 85 86 } 87