Java Code Examples for sun.security.util.HostnameChecker#getInstance()
The following examples show how to use
sun.security.util.HostnameChecker#getInstance() .
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example 1
Source File: WithRepl.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
public static void main(String[] argv) throws Exception { HostnameChecker hc = HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP); }
Example 2
Source File: HttpsClient.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 3
Source File: HttpsClient.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 4
Source File: HttpsClient.java From jdk8u_jdk with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 5
Source File: HttpsClient.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 6
Source File: HttpsClient.java From openjdk-8-source with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 7
Source File: HttpsClient.java From hottub with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 8
Source File: HttpsClient.java From jdk8u-jdk with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 9
Source File: HttpsClient.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 10
Source File: HttpsClient.java From openjsse with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 11
Source File: Bar.java From openjdk-jdk9 with GNU General Public License v2.0 | 4 votes |
public static void main(String[] argv) throws Exception { HostnameChecker hc = HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP); }
Example 12
Source File: HttpsClient.java From Bytecoder with Apache License 2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 13
Source File: HttpsClient.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 14
Source File: HttpsClient.java From openjdk-jdk8u with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 15
Source File: HttpsClient.java From jdk8u60 with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 16
Source File: HttpsClient.java From TencentKona-8 with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }
Example 17
Source File: HttpsClient.java From dragonwell8_jdk with GNU General Public License v2.0 | 4 votes |
private void checkURLSpoofing(HostnameVerifier hostnameVerifier) throws IOException { // // Get authenticated server name, if any // String host = url.getHost(); // if IPv6 strip off the "[]" if (host != null && host.startsWith("[") && host.endsWith("]")) { host = host.substring(1, host.length()-1); } Certificate[] peerCerts = null; String cipher = session.getCipherSuite(); try { HostnameChecker checker = HostnameChecker.getInstance( HostnameChecker.TYPE_TLS); // Use ciphersuite to determine whether Kerberos is present. if (cipher.startsWith("TLS_KRB5")) { if (!HostnameChecker.match(host, getPeerPrincipal())) { throw new SSLPeerUnverifiedException("Hostname checker" + " failed for Kerberos"); } } else { // X.509 // get the subject's certificate peerCerts = session.getPeerCertificates(); X509Certificate peerCert; if (peerCerts[0] instanceof java.security.cert.X509Certificate) { peerCert = (java.security.cert.X509Certificate)peerCerts[0]; } else { throw new SSLPeerUnverifiedException(""); } checker.match(host, peerCert); } // if it doesn't throw an exception, we passed. Return. return; } catch (SSLPeerUnverifiedException e) { // // client explicitly changed default policy and enabled // anonymous ciphers; we can't check the standard policy // // ignore } catch (java.security.cert.CertificateException cpe) { // ignore } if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) { return; } else if ((hostnameVerifier != null) && (hostnameVerifier.verify(host, session))) { return; } serverSocket.close(); session.invalidate(); throw new IOException("HTTPS hostname wrong: should be <" + url.getHost() + ">"); }