Package org.conscrypt
Class OkHostnameVerifier
java.lang.Object
org.conscrypt.OkHostnameVerifier
- All Implemented Interfaces:
ConscryptHostnameVerifier
A HostnameVerifier consistent with RFC 2818.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final intprivate static final intstatic final OkHostnameVerifierprivate final booleanprivate static final PatternQuick and dirty pattern to differentiate IP addresses from hostnames. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionallSubjectAltNames(X509Certificate certificate) getSubjectAltNames(X509Certificate certificate, int type) static OkHostnameVerifierbooleanverify(String host, X509Certificate certificate) booleanverify(X509Certificate[] certs, String host, SSLSession session) Returns whether the given hostname is allowable given the peer's authentication information from the given session.(package private) static booleanverifyAsIpAddress(String host) private booleanverifyHostName(String hostName, String pattern) ReturnstrueiffhostNamematches the domain namepattern.private booleanverifyHostName(String hostName, X509Certificate certificate) Returns true ifcertificatematcheshostName.private booleanverifyIpAddress(String ipAddress, X509Certificate certificate) Returns true ifcertificatematchesipAddress.
-
Field Details
-
INSTANCE
-
VERIFY_AS_IP_ADDRESS
Quick and dirty pattern to differentiate IP addresses from hostnames. This is an approximation of Android's private InetAddress#isNumeric API.This matches IPv6 addresses as a hex string containing at least one colon, and possibly including dots after the first colon. It matches IPv4 addresses as strings containing only decimal digits and dots. This pattern matches strings like "a:.23" and "54" that are neither IP addresses nor hostnames; they will be verified as IP addresses (which is a more strict verification).
-
ALT_DNS_NAME
private static final int ALT_DNS_NAME- See Also:
-
ALT_IPA_NAME
private static final int ALT_IPA_NAME- See Also:
-
strictWildcardMode
private final boolean strictWildcardMode
-
-
Constructor Details
-
OkHostnameVerifier
private OkHostnameVerifier(boolean strictWildcardMode)
-
-
Method Details
-
strictInstance
-
verify
Description copied from interface:ConscryptHostnameVerifierReturns whether the given hostname is allowable given the peer's authentication information from the given session.- Specified by:
verifyin interfaceConscryptHostnameVerifier
-
verify
-
verifyAsIpAddress
-
verifyIpAddress
Returns true ifcertificatematchesipAddress. -
verifyHostName
Returns true ifcertificatematcheshostName. -
allSubjectAltNames
-
getSubjectAltNames
-
verifyHostName
ReturnstrueiffhostNamematches the domain namepattern.- Parameters:
hostName- lower-case host name.pattern- domain name pattern from certificate. May be a wildcard pattern such as*.android.com.
-