13bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath/* 23bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * $HeadURL: http://svn.apache.org/repos/asf/httpcomponents/httpclient/trunk/module-client/src/main/java/org/apache/http/conn/ssl/StrictHostnameVerifier.java $ 33bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * $Revision: 617642 $ 43bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * $Date: 2008-02-01 12:54:07 -0800 (Fri, 01 Feb 2008) $ 53bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * 63bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * ==================================================================== 73bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * Licensed to the Apache Software Foundation (ASF) under one 83bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * or more contributor license agreements. See the NOTICE file 93bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * distributed with this work for additional information 103bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * regarding copyright ownership. The ASF licenses this file 113bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * to you under the Apache License, Version 2.0 (the 123bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * "License"); you may not use this file except in compliance 133bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * with the License. You may obtain a copy of the License at 143bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * 153bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * http://www.apache.org/licenses/LICENSE-2.0 163bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * 173bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * Unless required by applicable law or agreed to in writing, 183bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * software distributed under the License is distributed on an 193bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY 203bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * KIND, either express or implied. See the License for the 213bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * specific language governing permissions and limitations 223bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * under the License. 233bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * ==================================================================== 243bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * 253bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * This software consists of voluntary contributions made by many 263bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * individuals on behalf of the Apache Software Foundation. For more 273bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * information on the Apache Software Foundation, please see 283bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * <http://www.apache.org/>. 293bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * 303bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath */ 313bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath 323bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamathpackage org.apache.http.conn.ssl; 333bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath 343bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamathimport javax.net.ssl.SSLException; 353bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath 363bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath/** 373bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * The Strict HostnameVerifier works the same way as Sun Java 1.4, Sun 383bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * Java 5, Sun Java 6-rc. It's also pretty close to IE6. This 393bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * implementation appears to be compliant with RFC 2818 for dealing with 403bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * wildcards. 413bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * <p/> 423bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * The hostname must match either the first CN, or any of the subject-alts. 433bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * A wildcard can occur in the CN, and in any of the subject-alts. The 443bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * one divergence from IE6 is how we only check the first CN. IE6 allows 453bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * a match against any of the CNs present. We decided to follow in 463bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * Sun Java 1.4's footsteps and only check the first CN. (If you need 473bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * to check all the CN's, feel free to write your own implementation!). 483bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * <p/> 493bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * A wildcard such as "*.foo.com" matches only subdomains in the same 503bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * level, for example "a.foo.com". It does not match deeper subdomains 513bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * such as "a.b.foo.com". 523bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * 533bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * @author Julius Davies 543bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * 553bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * @deprecated Please use {@link java.net.URL#openConnection} instead. 563bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * Please visit <a href="http://android-developers.blogspot.com/2011/09/androids-http-clients.html">this webpage</a> 573bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath * for further details. 583bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath */ 593bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath@Deprecated 603bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamathpublic class StrictHostnameVerifier extends AbstractVerifier { 613bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath 623bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath public final void verify( 633bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath final String host, 643bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath final String[] cns, 653bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath final String[] subjectAlts) throws SSLException { 663bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath verify(host, cns, subjectAlts, true); 673bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath } 683bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath 693bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath @Override 703bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath public final String toString() { 713bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath return "STRICT"; 723bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath } 733bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath 743bdd327f8532a79b83f575cc62e8eb09a1f93f3dNarayan Kamath} 75