Class HostnameVerifierImpl
- java.lang.Object
-
- org.mariadb.jdbc.internal.protocol.tls.HostnameVerifierImpl
-
- All Implemented Interfaces:
javax.net.ssl.HostnameVerifier
public class HostnameVerifierImpl extends java.lang.Object implements javax.net.ssl.HostnameVerifier
-
-
Nested Class Summary
Nested Classes Modifier and Type Class Description private static class
HostnameVerifierImpl.Extension
private class
HostnameVerifierImpl.GeneralName
private class
HostnameVerifierImpl.SubjectAltNames
-
Constructor Summary
Constructors Constructor Description HostnameVerifierImpl()
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description private static java.lang.String
extractCommonName(java.lang.String principal)
private HostnameVerifierImpl.SubjectAltNames
getSubjectAltNames(java.security.cert.X509Certificate cert)
private static boolean
matchDns(java.lang.String hostname, java.lang.String tlsDnsPattern)
DNS verification : Matching is performed using the matching rules specified by [RFC2459].private static boolean
matchWildCards(boolean hostIsIp, java.lang.String hostnameToken, java.lang.String tlsDnsToken)
private static java.lang.String
normaliseAddress(java.lang.String hostname)
private static java.lang.String
normalizedHostMsg(java.lang.String normalizedHost)
void
verify(java.lang.String host, java.security.cert.X509Certificate cert, long serverThreadId)
Verification that throw an exception with a detailed error message in case of error.boolean
verify(java.lang.String host, javax.net.ssl.SSLSession session)
boolean
verify(java.lang.String host, javax.net.ssl.SSLSession session, long serverThreadId)
Verification, like HostnameVerifier.verify() with an additional server thread id to identify connection in logs.
-
-
-
Field Detail
-
logger
private static final Logger logger
-
-
Method Detail
-
matchDns
private static boolean matchDns(java.lang.String hostname, java.lang.String tlsDnsPattern) throws javax.net.ssl.SSLException
DNS verification : Matching is performed using the matching rules specified by [RFC2459]. If more than one identity of a given type is present in the certificate (e.g., more than one dNSName name, a match in any one of the set is considered acceptable.) Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com. f*.com matches foo.com but not bar.com.- Parameters:
hostname
- hostnametlsDnsPattern
- DNS pattern (may contain wildcard)- Returns:
- true if matching
- Throws:
javax.net.ssl.SSLException
-
matchWildCards
private static boolean matchWildCards(boolean hostIsIp, java.lang.String hostnameToken, java.lang.String tlsDnsToken) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
extractCommonName
private static java.lang.String extractCommonName(java.lang.String principal) throws javax.net.ssl.SSLException
- Throws:
javax.net.ssl.SSLException
-
normaliseAddress
private static java.lang.String normaliseAddress(java.lang.String hostname)
-
normalizedHostMsg
private static java.lang.String normalizedHostMsg(java.lang.String normalizedHost)
-
getSubjectAltNames
private HostnameVerifierImpl.SubjectAltNames getSubjectAltNames(java.security.cert.X509Certificate cert) throws java.security.cert.CertificateParsingException
- Throws:
java.security.cert.CertificateParsingException
-
verify
public boolean verify(java.lang.String host, javax.net.ssl.SSLSession session)
- Specified by:
verify
in interfacejavax.net.ssl.HostnameVerifier
-
verify
public boolean verify(java.lang.String host, javax.net.ssl.SSLSession session, long serverThreadId)
Verification, like HostnameVerifier.verify() with an additional server thread id to identify connection in logs.- Parameters:
host
- host to connect (DNS/IP)session
- SSL sessionserverThreadId
- connection id to identify connection in logs- Returns:
- true if valid
-
verify
public void verify(java.lang.String host, java.security.cert.X509Certificate cert, long serverThreadId) throws javax.net.ssl.SSLException
Verification that throw an exception with a detailed error message in case of error.- Parameters:
host
- hostnamecert
- certificateserverThreadId
- server thread Identifier to identify connection in logs- Throws:
javax.net.ssl.SSLException
- exception
-
-