sun.security.util.HostnameChecker Java Examples
The following examples show how to use
sun.security.util.HostnameChecker.
You can vote up the ones you like or vote down the ones you don't like,
and go to the original project or source file by following the links above each example. You may check out the related API usage on the sidebar.
Example #1
| Source File: X509TrustManagerImpl.java From dragonwell8_jdk with GNU General Public License v2.0 | 6 votes |
|
static void checkIdentity(String hostname, X509Certificate cert,
String algorithm) throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #2
| Source File: X509TrustManagerImpl.java From openjdk-jdk9 with GNU General Public License v2.0 | 6 votes |
|
private static void checkIdentity(String hostname, X509Certificate cert,
String algorithm, boolean chainsToPublicCA)
throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert, chainsToPublicCA);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert, chainsToPublicCA);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #3
| Source File: X509TrustManagerImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
static void checkIdentity(String hostname, X509Certificate cert,
String algorithm) throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #4
| Source File: X509TrustManagerImpl.java From hottub with GNU General Public License v2.0 | 6 votes |
|
static void checkIdentity(String hostname, X509Certificate cert,
String algorithm) throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #5
| Source File: X509TrustManagerImpl.java From Bytecoder with Apache License 2.0 | 6 votes |
|
private static void checkIdentity(String hostname, X509Certificate cert,
String algorithm, boolean chainsToPublicCA)
throws CertificateException {
if (algorithm != null && !algorithm.isEmpty()) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert, chainsToPublicCA);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert, chainsToPublicCA);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #6
| Source File: X509TrustManagerImpl.java From openjdk-8-source with GNU General Public License v2.0 | 6 votes |
|
static void checkIdentity(String hostname, X509Certificate cert,
String algorithm) throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #7
| Source File: X509TrustManagerImpl.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 6 votes |
|
static void checkIdentity(String hostname, X509Certificate cert,
String algorithm) throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #8
| Source File: X509TrustManagerImpl.java From openjdk-8 with GNU General Public License v2.0 | 6 votes |
|
static void checkIdentity(String hostname, X509Certificate cert,
String algorithm) throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #9
| Source File: X509TrustManagerImpl.java From openjdk-jdk8u with GNU General Public License v2.0 | 6 votes |
|
static void checkIdentity(String hostname, X509Certificate cert,
String algorithm) throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #10
| Source File: X509TrustManagerImpl.java From jdk8u_jdk with GNU General Public License v2.0 | 6 votes |
|
static void checkIdentity(String hostname, X509Certificate cert,
String algorithm) throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #11
| Source File: X509TrustManagerImpl.java From jdk8u60 with GNU General Public License v2.0 | 6 votes |
|
static void checkIdentity(String hostname, X509Certificate cert,
String algorithm) throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #12
| Source File: X509TrustManagerImpl.java From jdk8u-jdk with GNU General Public License v2.0 | 6 votes |
|
static void checkIdentity(String hostname, X509Certificate cert,
String algorithm) throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #13
| Source File: X509TrustManagerImpl.java From TencentKona-8 with GNU General Public License v2.0 | 6 votes |
|
static void checkIdentity(String hostname, X509Certificate cert,
String algorithm) throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #14
| Source File: X509TrustManagerImpl.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 6 votes |
|
static void checkIdentity(String hostname, X509Certificate cert,
String algorithm) throws CertificateException {
if (algorithm != null && algorithm.length() != 0) {
// if IPv6 strip off the "[]"
if ((hostname != null) && hostname.startsWith("[") &&
hostname.endsWith("]")) {
hostname = hostname.substring(1, hostname.length() - 1);
}
if (algorithm.equalsIgnoreCase("HTTPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_TLS).match(
hostname, cert);
} else if (algorithm.equalsIgnoreCase("LDAP") ||
algorithm.equalsIgnoreCase("LDAPS")) {
HostnameChecker.getInstance(HostnameChecker.TYPE_LDAP).match(
hostname, cert);
} else {
throw new CertificateException(
"Unknown identification algorithm: " + algorithm);
}
}
}
Example #15
| Source File: DelegateHttpsURLConnection.java From openjdk-8 with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #16
| Source File: DelegateHttpsURLConnection.java From openjdk-8-source with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #17
| Source File: DelegateHttpsURLConnection.java From jdk8u_jdk with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #18
| Source File: DelegateHttpsURLConnection.java From hottub with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #19
| Source File: DelegateHttpsURLConnection.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #20
| Source File: DelegateHttpsURLConnection.java From jdk8u-jdk with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #21
| Source File: DelegateHttpsURLConnection.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #22
| Source File: DelegateHttpsURLConnection.java From openjdk-jdk9 with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #23
| Source File: DelegateHttpsURLConnection.java From dragonwell8_jdk with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #24
| Source File: DelegateHttpsURLConnection.java From openjdk-jdk8u-backup with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #25
| Source File: DelegateHttpsURLConnection.java From TencentKona-8 with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #26
| Source File: DelegateHttpsURLConnection.java From openjdk-jdk8u with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #27
| Source File: DelegateHttpsURLConnection.java From jdk8u60 with GNU General Public License v2.0 | 5 votes |
|
public boolean verify(String hostname, javax.net.ssl.SSLSession session) {
try {
String serverName;
// Use ciphersuite to determine whether Kerberos is active.
if (session.getCipherSuite().startsWith("TLS_KRB5")) {
serverName =
HostnameChecker.getServerName(getPeerPrincipal(session));
} else { // X.509
Certificate[] serverChain = session.getPeerCertificates();
if ((serverChain == null) || (serverChain.length == 0)) {
return false;
}
if (serverChain[0] instanceof X509Certificate == false) {
return false;
}
X509Certificate serverCert = (X509Certificate)serverChain[0];
serverName = getServername(serverCert);
}
if (serverName == null) {
return false;
}
return verifier.verify(hostname, serverName);
} catch (javax.net.ssl.SSLPeerUnverifiedException e) {
return false;
}
}
Example #28
| Source File: HttpsClient.java From openjdk-8 with GNU General Public License v2.0 | 4 votes |
|
private void checkURLSpoofing(HostnameVerifier hostnameVerifier)
throws IOException {
//
// Get authenticated server name, if any
//
String host = url.getHost();
// if IPv6 strip off the "[]"
if (host != null && host.startsWith("[") && host.endsWith("]")) {
host = host.substring(1, host.length()-1);
}
Certificate[] peerCerts = null;
String cipher = session.getCipherSuite();
try {
HostnameChecker checker = HostnameChecker.getInstance(
HostnameChecker.TYPE_TLS);
// Use ciphersuite to determine whether Kerberos is present.
if (cipher.startsWith("TLS_KRB5")) {
if (!HostnameChecker.match(host, getPeerPrincipal())) {
throw new SSLPeerUnverifiedException("Hostname checker" +
" failed for Kerberos");
}
} else { // X.509
// get the subject's certificate
peerCerts = session.getPeerCertificates();
X509Certificate peerCert;
if (peerCerts[0] instanceof
java.security.cert.X509Certificate) {
peerCert = (java.security.cert.X509Certificate)peerCerts[0];
} else {
throw new SSLPeerUnverifiedException("");
}
checker.match(host, peerCert);
}
// if it doesn't throw an exception, we passed. Return.
return;
} catch (SSLPeerUnverifiedException e) {
//
// client explicitly changed default policy and enabled
// anonymous ciphers; we can't check the standard policy
//
// ignore
} catch (java.security.cert.CertificateException cpe) {
// ignore
}
if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) {
return;
} else if ((hostnameVerifier != null) &&
(hostnameVerifier.verify(host, session))) {
return;
}
serverSocket.close();
session.invalidate();
throw new IOException("HTTPS hostname wrong: should be <"
+ url.getHost() + ">");
}
Example #29
| Source File: HttpsClient.java From openjsse with GNU General Public License v2.0 | 4 votes |
|
private void checkURLSpoofing(HostnameVerifier hostnameVerifier)
throws IOException {
//
// Get authenticated server name, if any
//
String host = url.getHost();
// if IPv6 strip off the "[]"
if (host != null && host.startsWith("[") && host.endsWith("]")) {
host = host.substring(1, host.length()-1);
}
Certificate[] peerCerts = null;
String cipher = session.getCipherSuite();
try {
HostnameChecker checker = HostnameChecker.getInstance(
HostnameChecker.TYPE_TLS);
// get the subject's certificate
peerCerts = session.getPeerCertificates();
X509Certificate peerCert;
if (peerCerts[0] instanceof
java.security.cert.X509Certificate) {
peerCert = (java.security.cert.X509Certificate)peerCerts[0];
} else {
throw new SSLPeerUnverifiedException("");
}
checker.match(host, peerCert);
// if it doesn't throw an exception, we passed. Return.
return;
} catch (SSLPeerUnverifiedException e) {
//
// client explicitly changed default policy and enabled
// anonymous ciphers; we can't check the standard policy
//
// ignore
} catch (java.security.cert.CertificateException cpe) {
// ignore
}
if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) {
return;
} else if ((hostnameVerifier != null) &&
(hostnameVerifier.verify(host, session))) {
return;
}
serverSocket.close();
session.invalidate();
throw new IOException("HTTPS hostname wrong: should be <"
+ url.getHost() + ">");
}
Example #30
| Source File: HttpsClient.java From jdk8u-dev-jdk with GNU General Public License v2.0 | 4 votes |
|
private void checkURLSpoofing(HostnameVerifier hostnameVerifier)
throws IOException {
//
// Get authenticated server name, if any
//
String host = url.getHost();
// if IPv6 strip off the "[]"
if (host != null && host.startsWith("[") && host.endsWith("]")) {
host = host.substring(1, host.length()-1);
}
Certificate[] peerCerts = null;
String cipher = session.getCipherSuite();
try {
HostnameChecker checker = HostnameChecker.getInstance(
HostnameChecker.TYPE_TLS);
// Use ciphersuite to determine whether Kerberos is present.
if (cipher.startsWith("TLS_KRB5")) {
if (!HostnameChecker.match(host, getPeerPrincipal())) {
throw new SSLPeerUnverifiedException("Hostname checker" +
" failed for Kerberos");
}
} else { // X.509
// get the subject's certificate
peerCerts = session.getPeerCertificates();
X509Certificate peerCert;
if (peerCerts[0] instanceof
java.security.cert.X509Certificate) {
peerCert = (java.security.cert.X509Certificate)peerCerts[0];
} else {
throw new SSLPeerUnverifiedException("");
}
checker.match(host, peerCert);
}
// if it doesn't throw an exception, we passed. Return.
return;
} catch (SSLPeerUnverifiedException e) {
//
// client explicitly changed default policy and enabled
// anonymous ciphers; we can't check the standard policy
//
// ignore
} catch (java.security.cert.CertificateException cpe) {
// ignore
}
if ((cipher != null) && (cipher.indexOf("_anon_") != -1)) {
return;
} else if ((hostnameVerifier != null) &&
(hostnameVerifier.verify(host, session))) {
return;
}
serverSocket.close();
session.invalidate();
throw new IOException("HTTPS hostname wrong: should be <"
+ url.getHost() + ">");
}
