Package org.conscrypt
Class OkHostnameVerifier
java.lang.Object
org.conscrypt.OkHostnameVerifier
- All Implemented Interfaces:
ConscryptHostnameVerifier
A HostnameVerifier consistent with RFC 2818.
-
Field Summary
FieldsModifier and TypeFieldDescriptionprivate static final int
private static final int
static final OkHostnameVerifier
private final boolean
private static final Pattern
Quick and dirty pattern to differentiate IP addresses from hostnames. -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionallSubjectAltNames
(X509Certificate certificate) getSubjectAltNames
(X509Certificate certificate, int type) static OkHostnameVerifier
boolean
verify
(String host, X509Certificate certificate) boolean
verify
(X509Certificate[] certs, String host, SSLSession session) Returns whether the given hostname is allowable given the peer's authentication information from the given session.(package private) static boolean
verifyAsIpAddress
(String host) private boolean
verifyHostName
(String hostName, String pattern) Returnstrue
iffhostName
matches the domain namepattern
.private boolean
verifyHostName
(String hostName, X509Certificate certificate) Returns true ifcertificate
matcheshostName
.private boolean
verifyIpAddress
(String ipAddress, X509Certificate certificate) Returns true ifcertificate
matchesipAddress
.
-
Field Details
-
INSTANCE
-
VERIFY_AS_IP_ADDRESS
Quick and dirty pattern to differentiate IP addresses from hostnames. This is an approximation of Android's private InetAddress#isNumeric API.This matches IPv6 addresses as a hex string containing at least one colon, and possibly including dots after the first colon. It matches IPv4 addresses as strings containing only decimal digits and dots. This pattern matches strings like "a:.23" and "54" that are neither IP addresses nor hostnames; they will be verified as IP addresses (which is a more strict verification).
-
ALT_DNS_NAME
private static final int ALT_DNS_NAME- See Also:
-
ALT_IPA_NAME
private static final int ALT_IPA_NAME- See Also:
-
strictWildcardMode
private final boolean strictWildcardMode
-
-
Constructor Details
-
OkHostnameVerifier
private OkHostnameVerifier(boolean strictWildcardMode)
-
-
Method Details
-
strictInstance
-
verify
Description copied from interface:ConscryptHostnameVerifier
Returns whether the given hostname is allowable given the peer's authentication information from the given session.- Specified by:
verify
in interfaceConscryptHostnameVerifier
-
verify
-
verifyAsIpAddress
-
verifyIpAddress
Returns true ifcertificate
matchesipAddress
. -
verifyHostName
Returns true ifcertificate
matcheshostName
. -
allSubjectAltNames
-
getSubjectAltNames
-
verifyHostName
Returnstrue
iffhostName
matches the domain namepattern
.- Parameters:
hostName
- lower-case host name.pattern
- domain name pattern from certificate. May be a wildcard pattern such as*.android.com
.
-