public void verify( final String host, final X509Certificate cert) throws SSLException { final HostNameType hostType = determineHostFormat(host); final List<SubjectName> subjectAlts = getSubjectAltNames(cert); if (subjectAlts != null && !subjectAlts.isEmpty()) { switch (hostType) { case IPv4: matchIPAddress(host, subjectAlts); break; case IPv6: matchIPv6Address(host, subjectAlts); break; default: matchDNSName(host, subjectAlts, this.publicSuffixMatcher); } } else { // CN matching has been deprecated by rfc2818 and can be used // as fallback only when no subjectAlts are available final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253)); if (cn == null) { throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names"); } matchCN(host, cn, this.publicSuffixMatcher); } }
public void verify( final String host, final X509Certificate cert) throws SSLException { final HostNameType hostType = determineHostFormat(host); final List<SubjectName> subjectAlts = getSubjectAltNames(cert); if (subjectAlts != null && !subjectAlts.isEmpty()) { switch (hostType) { case IPv4: matchIPAddress(host, subjectAlts); break; case IPv6: matchIPv6Address(host, subjectAlts); break; default: matchDNSName(host, subjectAlts, this.publicSuffixMatcher); } } else { // CN matching has been deprecated by rfc2818 and can be used // as fallback only when no subjectAlts are available final X500Principal subjectPrincipal = cert.getSubjectX500Principal(); final String cn = extractCN(subjectPrincipal.getName(X500Principal.RFC2253)); if (cn == null) { throw new SSLException("Certificate subject for <" + host + "> doesn't contain " + "a common name and does not have alternative names"); } matchCN(host, cn, this.publicSuffixMatcher); } }