/** * Lazily registers the protocol with the given id. * * @param id the protocol ID * * @return the lazily registered protocol * * @throws IllegalStateException if the protocol with id is not recognized */ private static Protocol lazyRegisterProtocol(String id) throws IllegalStateException { if ("http".equals(id)) { final Protocol http = new Protocol("http", DefaultProtocolSocketFactory.getSocketFactory(), 80); Protocol.registerProtocol("http", http); return http; } if ("https".equals(id)) { final Protocol https = new Protocol("https", SSLProtocolSocketFactory.getSocketFactory(), 443); Protocol.registerProtocol("https", https); return https; } throw new IllegalStateException("unsupported protocol: '" + id + "'"); }
return createSocket(host, port, localAddress, localPort); } else {
/** * Extract the names from the certificate and tests host matches one of them * @param host * @param cert * @throws SSLException */ private static void verifyHostName(final String host, X509Certificate cert, String hostNameVerifier) throws SSLException { // I'm okay with being case-insensitive when comparing the host we used // to establish the socket to the hostname in the certificate. // Don't trim the CN, though. String cn = getCN(cert); String[] subjectAlts = getDNSSubjectAlts(cert); if (EncodingUtil.STRICT.equals(hostNameVerifier)) { verifyHostName(host, cn, subjectAlts, true); } else if (EncodingUtil.ALLOW_ALL.equals(hostNameVerifier)) { return; } else if (EncodingUtil.DEFAULT_AND_LOCALHOST.equals(hostNameVerifier)) { if (isLocalhost(host)) { return; } verifyHostName(host, cn, subjectAlts, false); } else { verifyHostName(host, cn, subjectAlts, false); } }
final String hostName = normaliseIPv6Address(host.trim().toLowerCase(Locale.US)); boolean match = false; for (final Iterator<String> it = names.iterator(); it.hasNext(); ) { validCountryWildcard(parts) && !InetAddressUtils.isValidIPAddress(host); match = countDots(hostName) == countDots(commonName); match = hostName.equals(normaliseIPv6Address(commonName));
private static String getCN(final X509Certificate cert) { final String subjectPrincipal = cert.getSubjectX500Principal().toString(); try { return extractCN(subjectPrincipal); } catch (SSLException ex) { return null; } }
/** * Lazily registers the protocol with the given id. * * @param id the protocol ID * * @return the lazily registered protocol * * @throws IllegalStateException if the protocol with id is not recognized */ private static Protocol lazyRegisterProtocol(String id) throws IllegalStateException { if ("http".equals(id)) { final Protocol http = new Protocol("http", DefaultProtocolSocketFactory.getSocketFactory(), 80); Protocol.registerProtocol("http", http); return http; } if ("https".equals(id)) { final Protocol https = new Protocol("https", SSLProtocolSocketFactory.getSocketFactory(), 443); Protocol.registerProtocol("https", https); return https; } throw new IllegalStateException("unsupported protocol: '" + id + "'"); }
return createSocket(host, port, localAddress, localPort); } else {
/** * Lazily registers the protocol with the given id. * * @param id the protocol ID * * @return the lazily registered protocol * * @throws IllegalStateException if the protocol with id is not recognized */ private static Protocol lazyRegisterProtocol(String id) throws IllegalStateException { if ("http".equals(id)) { final Protocol http = new Protocol("http", DefaultProtocolSocketFactory.getSocketFactory(), 80); Protocol.registerProtocol("http", http); return http; } if ("https".equals(id)) { final Protocol https = new Protocol("https", SSLProtocolSocketFactory.getSocketFactory(), 443); Protocol.registerProtocol("https", https); return https; } throw new IllegalStateException("unsupported protocol: '" + id + "'"); }
return createSocket(host, port, localAddress, localPort); } else {
/** * Lazily registers the protocol with the given id. * * @param id the protocol ID * * @return the lazily registered protocol * * @throws IllegalStateException if the protocol with id is not recognized */ private static Protocol lazyRegisterProtocol(String id) throws IllegalStateException { if ("http".equals(id)) { final Protocol http = new Protocol("http", DefaultProtocolSocketFactory.getSocketFactory(), 80); Protocol.registerProtocol("http", http); return http; } if ("https".equals(id)) { final Protocol https = new Protocol("https", SSLProtocolSocketFactory.getSocketFactory(), 443); Protocol.registerProtocol("https", https); return https; } throw new IllegalStateException("unsupported protocol: '" + id + "'"); }
return createSocket(host, port, localAddress, localPort); } else {
/** * Lazily registers the protocol with the given id. * * @param id the protocol ID * * @return the lazily registered protocol * * @throws IllegalStateException if the protocol with id is not recognized */ private static Protocol lazyRegisterProtocol(String id) throws IllegalStateException { if ("http".equals(id)) { final Protocol http = new Protocol("http", DefaultProtocolSocketFactory.getSocketFactory(), 80); Protocol.registerProtocol("http", http); return http; } if ("https".equals(id)) { final Protocol https = new Protocol("https", SSLProtocolSocketFactory.getSocketFactory(), 443); Protocol.registerProtocol("https", https); return https; } throw new IllegalStateException("unsupported protocol: '" + id + "'"); }